CH2 Network security

Ace your homework & exams now with Quizwiz!

explain the two types of keyloggers

As a hardware device, it is inserted between the computer keyboard connection and USB port• Software keyloggers are programs installed on the computer that silently capture information

Manipulating online polls

Because each bot has a unique Internet Protocol (IP) address, each "vote" by a bot will have the same credibility as a vote cast by a real person.

Spamming

Botnets are widely recognized as the primary source of spam email. A botnet consisting of thousands of bots enables an attacker to send massive amounts of spam

Spreading malware

Botnets can be used to spread malware and create new bots and botnets. Bots can download and execute a file sent by the attacker.

Denying services

Botnets can flood a web server with thousands of requests and overwhelm it to the point that it cannot respond to legitimate requests.

viruses

CAMP- Computer virus - malicious computer code that reproduces itself on the same compute Appender infection - virus appends itself to end of a file-Easily detected by virus scanners Macro - a series of instructions that can be grouped together as a single command•Common data file virus is a macro virus that is written in a script known as a macro Program virus - infects an executable program file

useful items retrieved in dumpster diving

Calendars-A calendar can reveal which employees are out of town at a particular time Inexpensive computer hardware, such as USB flash drives or portal hard drives Memos-Seemingly unimportant memos can often provide small bits of useful information for an attacker who is building an impersonation Organizational charts-These identify individuals within the organization who are in positions of authority Phone directories-Can provide the names and telephone numbers of individuals in the organization to target or impersonate Policy manuals-These may reveal the true level of security within the organization System manuals-Can tell an attacker the type of computer system that is being used so that other research can be conducted to pinpoint vulnerabilities

Malware can be classified by

Circulation - spreading rapidly to other systems in order to impact a large number of users Infection - how it embeds itself into a system Concealment - avoid detection by concealing its presence from scanners Payload capabilities - what actions the malware performs

Worms may

Consume resources or•Leave behind a payload to harm infected systems

Examples of worm actions

Deleting computer files•Allowing remote control of a computer by an attacker

Dumpster diving

Digging through trash to find information that can be useful in an attack•An electronic variation of dumpster diving is to use Google's search engine to look for documents and data posted online•Called Google dorking

Malicious software (malware)

Enters a computer system without the owner's knowledge or consent•Uses a threat vector to deliver a malicious "payload" that performs a harmful function once it is invoked

Tailgating

Following behind an authorized individual through an access door•An employee could conspire with an unauthorized person to allow him to walk in with him (called piggybacking)•Watching an authorized user enter a security code on a keypad is known as shoulder surfing

botnet

Groups of zombie computers are gathered into a logical computer network called a botnet under the control of the attacker (bot herder)

A common C&C mechanism

HTTP, which is more difficult to detect and block

Psychological approaches often involve

Impersonation, phishing, spam, hoaxes, and watering hole attacks

command and control (C&C)

Infected zombie computers wait for instructions through a command and control (C&C) structure from bot herders

What is a RAT trojan

Remote access Trojan (RAT) - gives the threat actor unauthorized remote access to the victim's computer by using specially configured communication protocols

Some armored virus infection techniques include

SMS Swiss cheese infection - viruses inject themselves into executable code-Virus code is "scrambled" to make it more difficult to detect Mutation - some viruses can mutate or change-An oligomorphic virus changes its internal code to one of a set of number of predefined mutations whenever executed-A polymorphic virus completely changes from its original form when executed-A metamorphic virus can rewrite its own code and appear different each time it is executed Split infection - virus splits into several parts-Parts placed at random positions in host program-The parts may contain unnecessary "garbage" doe to mask their true purpose

Variations on phishing attacks

Spear phishing - targets specific users•Whaling - targets the "big fish"•Vishing - instead of using email, uses a telephone call instead•About 97% of all attacks start with phishing

Once infected with crypto-malware

The software connects to the threat actor's command and control (C&C) server to receive instructed or updated data•A locking key is generated for the encrypted files and that key is encrypted with another key that has been downloaded from the C&C•Second key is sent to the victims once they pay the ransom

Hoaxes

a false warning, usually claiming to come from the IT department•Attackers try to get victims to change configuration settings on their computers that would allow the attacker to compromise the system•Attackers may also provide a telephone number for the victim to call for help, which will put them in direct contact with the attacker

Watering hole attack

a malicious attack that is directed toward a small group of specific individuals who visit the same website

Social engineering

a means of gathering information for an attack by relying on the weaknesses of individuals Social engineering attacks can involve psychological approaches as well as physical procedures

Crypto-malware

a more malicious form of ransomware where threat actors encrypt all files on the device so that none of them could be opened

Trojan Malware

an executable program that does something other than advertised•Contain hidden code that launches an attack•Sometimes made to appear as data file

Bot or zombie

an infected computer that is under the remote control of an attacker

Keylogger

captures and stores each keystroke that a user types on the computer's keyboard•Attacker searches the captured text for any useful information such as passwords, credit card numbers, or personal information

Logic bomb

computer code that lies dormant until it is triggered by a specific logical event•Difficult to detect before it is triggered•Often embedded in large computer programs that are not routinely scanned

Backdoor

gives access to a computer, program, or service that circumvents normal security to give program access•When installed on a computer, they allow the attacker to return at a later time and bypass security settings

Worm

malicious program that uses a computer network to replicate Sends copies of itself to other network devices Exploits a vulnerability in an application or operating system

Does a worm need a user to spread it

no

does a worm infect a file?

no

Can a virus automatically spread to another computer

no it relies on user action to spread

Ransomware

prevents a user's device from properly operating until a fee is paid A variation of ransomware displays a fictitious warning that a software license has expired or there is a problem and users must purchase additional software online to fix the problem

Adware

program that delivers advertising content in manner unexpected and unwanted by the user •Typically displays advertising banners and pop-up ads•May open new browser windows randomly

Phishing

sending an email claiming to be from legitimate source•Tries to trick user into giving private information•The emails and fake websites are difficult to distinguish from those that are legitimate

Spyware

software that gathers information without user consent•Uses the computer's resources for the purposes of collecting and distributing personal or sensitive information

Rootkits

software tools used by an attacker to hide actions or presence of other types of malicious software

Psychological approaches goal

to persuade the victim to provide information or take action

how are viruses spread

transferring infected files.

Spam

unsolicited e-mail•Primary vehicles for distribution of malware•Sending spam is a lucrative business-Cost spammers very little to send millions of spam messages

Image spam

uses graphical images of text in order to circumvent text-based filters

Examples of virus actions

•Cause a computer to repeatedly crash•Erase files from or reformat hard drive•Turn off computer's security settings

Primary payload capabilities are to:

•Collect data•Delete data•Modify system security settings•Launch attacks

Two of the most common physical procedures are:

•Dumpster diving•Tailgating

Impersonation

•Help desk support technician•Repairperson•IT support•Manager•Trusted third party•Fellow employee

Attackers use a variety of techniques to gain trust without moving quickly

•Provide a reason•Project confidence•Use evasion and diversion•Make them laugh

Different types of malware are designed to collect important data from the user's computer and make it available at the attacker

•Spyware•Adware

Three examples of malware that have the primary trait of infection

•Trojans•Ransomware•Crypto-malware

Viruses perform two actions:

•Unloads a payload to perform a malicious action•Reproduces itself by inserting its code into another file on the same computer

Types of trojans

•User downloads "free calendar program"-Program scans system for credit card numbers and passwords-Transmits information to attacker through network

Two types of malware have the primary traits of circulation:

•Viruses•Worms


Related study sets

Life insurance - Chapter 11 - Retirement Plans

View Set

Organization theory and design Chapter 9 Daft

View Set

Injectable Medication Administration

View Set

Ch. 8 Commercial Property Insurance P&C

View Set