Module 15 Quizlet
Viruses, worms, and Trojan horses.
Examples of malware attacks include:
Spam blocker
Software is installed on an end-user workstation or server to identify and remove unwanted emails.
It is a network device that filters access and traffic coming into a network.
What characteristic describes a firewall appliance?
A Firewall
A security tool that controls traffic to and from a network.
Through Email
How does a phisher typically contact a victim?
Virus
Noah downloaded a file from the internet. Shortly after he opened the file, his hard drive crashed, and he lost all information on his computer. What was he affected by?
Spyware, tracking cookies, adware, and popups.
Not all attacks do damage or prevent legitimate users from having access to resources. Many threats are designed to collect information about users which can be used for advertising, marketing, and research purposes. These include _________________________________________________. While these may not damage a computer, they invade privacy and can be annoying.
Trustworthy employee who picks up a virus or security threat.
Not all internal attacks are intentional. In some cases, an internal threat can come from a __________________________________________________________________________________ while outside the company and unknowingly brings it into the internal network.
Human Behavior
One of the easiest ways for an intruder to gain access, whether internal or external, is by exploiting. . .
Virus Warning
One of the most common types of spam forwarded is a ______ ________. Although some virus warnings sent via email are true, a large number of them are hoaxes and do not really exist. This type of spam can create problems because people warn others of the impending disaster and so flood the email system.
Botnet (or Bot)
One of the ways that spam can be sent is by using a. . .
Shut down the normal operations of a network.
Sometimes the goal of a threat actor is to. . .
SYN (synchronous) flooding & Ping of death
There are several types of DoS attacks. Security administrators need to be aware of the types of DoS attacks that can occur and ensure that their networks are protected. These are two common DoS attacks:
Pop-unders
These open behind the current browser window.
Popups
These open in front of the current browser window.
Pretexting
This is a form of social engineering where an invented scenario (the pretext) is used on a victim in order to get the victim to release information or perform an action. To be effective, the attacker must be able to establish legitimacy with the intended target, or victim. This often requires some prior knowledge or research on the part of the attacker.
False
True or false? A botnet is an individual infected computer that can be controlled by a command-and-control server.
True
True or false? Spyware is a program that gathers personal information from your computer without your permission or knowledge.
Firewall, Patches and updates, Virus protection, Spyware protection, Spam blocker, & Popup blocker
Types of Security Tools or Applications
It is an attack that slows or crashes a device or network service.
What characteristic describes a DoS attack?
It's an attack that slows or crashes a device or network service.
What characteristic describes a DoS attack?
It's malicious software or code running on an end device.
What characteristic describes a Trojan horse?
It is malicious software or code running on an end device.
What characteristic describes a virus?
It's software that is installed on a user device and collects information about the user.
What characteristic describes adware?
It's software that identifies email spam and automatically deletes or places them in a junk folder.
What characteristic describes antispam?
It's applications that protect end devices from becoming infected with malicious software
What characteristic describes antivirus software?
It's applications that protect end devices from becoming infected with malicious software.
What characteristic describes antivirus software?
It is the use of stolen credentials to access private data.
What characteristic describes identity theft?
It is Antivirus Software
What is the primary means for mitigating virus and Trojan horse attacks?
It's Phishing
What is the term used when a malicious party sends a fraudulent email disguised as being from a legitimate, trusted source?
identity theft
What kind of threat is described when a threat actor impersonates another person to obtain credit information about that person?
information theft
What kind of threat is described when a threat actor is stealing the user database of a company?
It's SYN Flooding
What type of DoS attack originates from a malicious host that has an invalid source IP address and that requests a client connection?
It's DoD Denial of Service
What type of attack is the ping of death?
It's Spyware
What type of program installs and gathers personal information, including password and account information, from a computer without permission or knowledge of the user?
It's Antispyware
What type of technology can prevent malicious software from monitoring user activities, collecting personal information, and producing unwanted pop-up ads on a user computer?
It's a Trojan Horse
Which malicious program appears as a legitimate program to deceive the victim, but is in fact an attack tool that can contain malicious code?
Popup Blocker
Which of the following is installed to prevent unwanted advertisements from displaying on your computer?
It's Denial of Service
Which type of attack attempts to overwhelm network links and devices with useless data?
(Tracking) Cookies
________ are a form of spyware but are not always bad. They are used to record information about an internet user when the user visits websites. ________ may be useful or desirable by allowing personalization and other time saving techniques. Many websites require that ________ be enabled in order to allow the user to connect.
Unwanted Bulk Email
Another annoying by-product of our increasing reliance on electronic communications is. . .
Antivirus software, antispam software, and antispyware software.
Antimalware includes a variety of software available to detect and prevent these types of intrusions and infections including. . .
Spyware protection
Antispyware software is installed on an end-user workstation to detect and remove spyware and adware.
Virus protection
Antivirus software is installed on an end-user workstation or server to detect and remove viruses, worms, and Trojan horses from files and email.
virus signatures
Antivirus software relies on known "_____ __________" to find and prevent new viruses from infecting the computer. Virus signatures are patterns within the programs that are common to other malicious programs that have already been identified as harmful. When new virus programs are found on the internet, the signature files for the antivirus are updated with the new information.
Computer starts acting abnormally, Program does not respond to mouse and keystrokes, Programs starting or shutting down on their own, Email program begins sending out large quantities of email, CPU usage is very high, there are unidentifiable processes or a large number of processes running, Computer slows down significantly or crashes, such as the when the Windows, "blue screen of death" (BSoD) appears.
Some of the signs that a virus, worm, or Trojan horse may be present include the following:
Software Vulnerabilities
One of the most common methods that a threat actor uses to gain access to hosts or networks is through. . .
Spam
Sometimes merchants do not want to bother with targeted marketing. They want to send their email advertising to as many end users as possible hoping that someone is interested in their product or service. This widely distributed approach to marketing on the internet is called. . .
Virus-Like Systems
Spyware and adware can also cause ___________ ________. In addition to collecting unauthorized information, they can use important computer resources and affect performance. Antispyware software detects and deletes spyware applications, as well as prevents future installations from occurring. Many antispyware applications also include detection and deletion of cookies and adware. Some antivirus packages include antispyware functionality.
Malware (Malicious Software)
There are other types of attacks launched by malicious software which exploit the vulnerabilities in computer software called. . .
Ping of Death (POD)
This is a common DoS attack where a packet that is greater in size than the maximum allowed by IP (65,535 bytes) is sent to a device. This can cause the receiving system to crash.
Identity theft
This is a form of information theft where personal information is stolen for the purpose of taking over the identity of someone. Using this information, a threat actor can obtain legal documents, apply for credit, and make unauthorized online purchases. This is a growing problem costing billions of dollars per year.
Phishing
This is a form of social engineering where the phisher pretends to represent a legitimate person from another organization. They typically contact the target individual via email, as shown in the figure, or text messaging.
Distributed Denial of Service (DDoS)
This is a more sophisticated and potentially damaging form of the DoS attack. It is designed to saturate and overwhelm network links with useless data. _____ operates on a much larger scale than DoS attacks. Typically, hundreds or thousands of attack points attempt to overwhelm a target simultaneously. The attack points may be unsuspecting computers that have been previously infected by the _____ code. The systems that are infected with the _____ code attack the target site when invoked. This group of infected computers is often called a botnet.
Brute Force
This is a more sophisticated type of attack where a fast computer is used to try to guess passwords or to decipher an encryption code. The attacker tries a large number of possibilities in rapid succession to gain access or crack the code. ______ ______ attacks can cause a denial of service due to excessive traffic to a specific resource, or by locking out user accounts.
It is software that is installed on a user device and collects information about the user.
What characteristic describes spyware?
The attack originates from multiple, coordinated sources, zombies are controlled by a command-and-control server, and a threat actor builds a network of infected hosts, called a botnet.
What describes a DDoS attack?
The attack is relatively simple to conduct even by an unskilled threat actor and a network, host, or application is sent an enormous quantity of data at a rate which it cannot handle.
What describes a DoS attack?
A Spam Filter
What is a software installed on an end-user workstation or server to identify and remove unwanted emails?
A Popup Blocker
What is a software installed on an end-user workstation to prevent an advertisement windows displaying from?
It's an unidentified person claiming to be a technician collecting user information from employees.
What is an example of social engineering?
An Antispyware
What is software installed on an end-user workstation or server to detect, block, or remove malicious software designed to capture information or deliver adware?
Data loss or data manipulation
What kind of threat is described when a threat actor alters data records?
Identity Theft
What kind of threat is described when a threat actor makes illegal online purchases using stolen credit information?
The distribution of service
What kind of threat is described when a threat actor overloads a network to deny other users network access?
Distribution of service
What kind of threat is described when a threat actor prevents legal users from accessing data services?
data loss or manipulation
What kind of threat is described when a threat actor sends you a virus that can reformat your hard drive?
Info Theft
What kind of threat is described when a threat actor steals scientific research data?
Information theft, Data loss or manipulation, Identity theft. Disruption of service
When the threat actor gains access to the network, four types of threat may arise:
An Antivirus
Which is software installed on an end-user workstation or server to detect and remove viruses, worms, and Trojan horses from files and email?
Firewall
Which of the following controls traffic to and from your network?
Patches & Updates
Which of the following is applied to an OS or application to correct a known security vulnerability or add functionality?
Virus Protection
Which of the following is installed on an end-user workstation or server to detect and remove malware from files and email?
Popup Blocking Software
______ _________ _________ can be installed to prevent popups and pop-unders. Many web browsers include a popup blocker feature by default. Note that some programs and web pages create necessary and desirable popups. Most popup blockers offer an override feature for this purpose.
Trojan Horse
Safa was surfing the internet when a program appeared claiming that she had won a prize. When she clicked to see what prize she had won, a program was installed on her computer unknowingly to her. The program that was installed allowed an intruder access to her hard drive and personal information. What was she affected by?
Popup blocker
Software is installed on an end-user workstation to prevent popup and pop-under advertisement windows from displaying.
Patches and updates
Software that is applied to an OS or application to correct a known security vulnerability or add functionality.
Email checking, Resident dynamic scanning, Scheduled scans, & Automatic Updates
Some of the features that can be included in antivirus programs are:
Security Issues
Bot software programs can cause ________ _______ on the infected machines. This is because the installed software may include the ability to log keystrokes, gather passwords, capture and analyze packets, gather financial information, launch DoS attacks, and relay spam.
Time Zones
Bots take advantage of _____ ______, often waking up the zombie systems during the idle times in each time zone. Many users keep their computers always connected to the internet, even when they are away from home or sleeping. This creates the perfect environment for botnet creators to use the bandwidth and processing power of the idle devices.
External threats
This arises from individuals working outside of an organization. They do not have authorized access to the computer systems or network. These types of attackers work their way into a network mainly from the internet through wireless links or dialup access servers.
SYN (synchronous) Flooding
This is a common DoS attack where a flood of packets are sent to a server requesting a client connection. The packets contain invalid source IP addresses. The server becomes occupied trying to respond to these fake requests and therefore cannot respond to legitimate ones.
It's an email pretending to represent a legitimate organization asking for personal information.
What characteristic describes phishing?
Botnet
"Bot" is derived from the word "robot" which describes how the devices act when they are infected. Malicious bot software infects a host, usually through an email or web page link, by downloading and installing a remote-control function. When infected, the "zombie" computer contacts servers managed by the botnet creator. These servers act as a command and control (C&C) center for an entire network of compromised devices, which is called a _______. Infected machines can often pass the software to other unprotected devices in their network, increasing the size of the _______. Some _______s include many thousands of infected devices.
Flood a network, host, or application with traffic to prevent legitimate network traffic from flowing., Disrupt connections between a client and server to prevent access to a service.
A threat actor uses a DoS attack to perform these functions:
Worm
Eliseo opened an email sent to him by his brother, Lomiel. A few hours later, Eliseo received several phone calls from friends saying that they received emails from him that he did not knowingly send. What was she affected by?
- Apply OS and application updates when available. - Run an antivirus program regularly and keep it up to date. - Do not forward suspicious emails. - Do not open email attachments, especially from people you do not know. - Set up rules in your email to delete spam that bypass the antispam software. - Identify sources of spam and report it to a network administrator so it can be blocked. - Report incidents to the governmental agency that deals with abuse by spam.
In addition to using spam blockers, other actions to prevent the spread of spam include the following:
Threat Actors
Intruders who gain access by modifying software or exploiting software vulnerabilities are often called. . .
Vishing / Phone Phishing
This is a new form of social engineering that uses Voice over IP (VoIP). Unsuspecting users are sent a voice mail instructing them to call a number which appears to be a legitimate telephone-banking service. The call is then intercepted by a thief. Bank account numbers or passwords entered over the phone for verification are then stolen. The figure shows a social engineer sending an email message to an unsuspecting customer. The message reads: "Banco Official: Please click on the link below and verify your checking account number and access code for our records. www.bancobogus.com.
Social Engineering
This is a term that refers to the ability of something or someone to influence the behavior of a person or group of people. It is one of the more common methods of exploiting human weaknesses & refers to a collection of techniques used to deceive internal users into performing specific actions or revealing confidential information.
Automatic Updates
This is an antivirus program feature that Hecks for and downloads known virus characteristics and patterns. Can be scheduled to check for updates on a regular basis.
Resident dynamic scanning
This is an antivirus program feature that checks program files and documents when they are accessed.
Email checking
This is an antivirus program feature that scans incoming and outgoing emails and identifies spam and suspicious attachments.
Scheduled scans
This is an antivirus program feature where virus scans can be scheduled to run at regular intervals and check specific drives or the entire computer.
Data loss or manipulation
This is breaking into a computer to destroy or alter data records. An example of this is a threat actor sending a virus that reformats a computer hard drive. Another example of this is breaking into a records system to change information, such as the price of an item.
Information theft
This is breaking into a computer to obtain confidential information. Information can be used or sold for various purposes such as when someone is stealing proprietary information of an organization, like research and development data.
Disruption of service
This is preventing legitimate users from accessing services to which they are entitled. Examples include denial of service (DoS) attacks on servers, network devices, or network communications links.
Internal threats
This occurs when someone has authorized access to the network through a user account or has physical access to the network equipment. These types of attackers know the internal politics and people. They often know what information is both valuable and vulnerable, and how to get to it.
Pretexting, Phishing, and Vishing.
Three of the most common methods threat actors use to obtain information directly from authorized users go by unusual names:
Adware
________ is a form of spyware that is used to collect information about a user based on websites the user visits. That information is then used for targeted advertising. ________ is commonly installed by a user in exchange for a "free" product. When a user opens a browser window, ________ can start new browser instances which attempt to advertise products or services based on the surfing practices of a user. The unwanted browser windows can open repeatedly, and can make surfing the internet very difficult, especially with slow internet connections. ________ can be very difficult to uninstall.
A Trojan horse
________ is a program that is written to appear like a legitimate program, when in fact it is an attack tool. It cannot replicate itself. ________ relies upon its legitimate appearance to deceive the victim into initiating the program. It may be relatively harmless or may contain code that can damage the hard drive content of the computer. ________ can also create a back door into a system that then allows threat actors to gain access.
A virus
________ is a program that spreads by modifying other programs or files. ________ cannot start by itself; it needs to be activated. When activated, ________ may do nothing more than replicate itself and spread. Though simple, even this type of specific malware is dangerous as it can quickly use all available memory and bring a system to a halt. A more serious type of ________ may be programmed to delete or corrupt specific files before spreading. ________ can be transmitted via email, downloaded files, and instant messages, or via CD or USB devices.
Spyware
________ is any program that gathers personal information from your computer without your permission or knowledge. This information is sent to advertisers or others on the internet and can include passwords and account numbers. ________ is usually installed unknowingly when downloading a file, installing another program, or clicking a popup. It can slow down a computer and make changes to internal settings which creates more vulnerabilities for other threats. In addition, ________ can be very difficult to remove.
A worm
________ is similar to a virus, but unlike a virus, it does not need to attach itself to an existing program. ________ uses the network to send copies of itself to any connected hosts. ________ can run independently and spread quickly. They do not necessarily require activation or human intervention. Self-spreading network malware like this can have a much greater impact than a single virus and can infect large parts of the internet quickly.
Antispam Software
_________ _________ protects hosts by identifying spam and performing an action, such as placing it into a junk folder or deleting it. Spam filters can be loaded on individual devices but can also be loaded on email servers.
Antivirus software
__________ _________ can be used as both a preventive tool and as a reactive tool. It prevents infection. It detects and removes viruses, worms, and Trojan horses.
Popups and pop-unders
________________________________ are additional advertising windows that display when a website is visited. Unlike adware, ________________________ are not intended to collect information about the user and are typically associated only with the website being visited. They can be annoying and usually advertise products or services that are not wanted by the user.
Denial of Service (DoS)
__________________________________ attacks are aggressive attacks on an individual computer or groups of computers with the intent to deny services to intended users. ____ attacks can target end user systems, servers, routers, and network links. ____ attacks are relatively simple and can be initiated by an unskilled threat actor.
