fundamentals of information systems security chapter 11
TRANSCRIPT
![Page 1: Fundamentals of Information Systems Security Chapter 11](https://reader033.vdocuments.mx/reader033/viewer/2022051301/5a649f1c7f8b9a70568b4d31/html5/thumbnails/1.jpg)
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Fundamentals of Information
Systems Security
Lesson 11
Malicious Code and Activity
![Page 2: Fundamentals of Information Systems Security Chapter 11](https://reader033.vdocuments.mx/reader033/viewer/2022051301/5a649f1c7f8b9a70568b4d31/html5/thumbnails/2.jpg)
Page 2Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 2Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Learning Objective(s)
Describe how malicious attacks, threats,
and vulnerabilities impact an IT
infrastructure.
![Page 3: Fundamentals of Information Systems Security Chapter 11](https://reader033.vdocuments.mx/reader033/viewer/2022051301/5a649f1c7f8b9a70568b4d31/html5/thumbnails/3.jpg)
Page 3Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 3Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Key Concepts
The impact of malicious code and malware on
systems and organizations
Attackers, hackers, and social engineers
The phases of a computer attack
Tools and techniques to detect and prevent
attacks
![Page 4: Fundamentals of Information Systems Security Chapter 11](https://reader033.vdocuments.mx/reader033/viewer/2022051301/5a649f1c7f8b9a70568b4d31/html5/thumbnails/4.jpg)
Page 4Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 4Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Malicious Code and Activity
Malicious software (malware)
• Any program that carries out actions that you do
not intend
Malicious code attacks all three information
security properties:
• Confidentiality: Malware can disclose your
organization’s private information
• Integrity: Malware can modify database records,
either immediately or over a period of time
• Availability: Malware can erase or overwrite files or
inflict considerable damage to storage media
![Page 5: Fundamentals of Information Systems Security Chapter 11](https://reader033.vdocuments.mx/reader033/viewer/2022051301/5a649f1c7f8b9a70568b4d31/html5/thumbnails/5.jpg)
Page 5Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 5Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Characteristics, Architecture, and
Operations of Malicious Software
An attacker gains administrative control of a
system and uses commands to inflict harm
An attacker sends commands directly to a
system; the system interprets and executes them
An attacker uses software programs that harm a
system or that make the data unusable
An attacker uses legitimate remote administration
tools and security probes to identify and exploit
security vulnerabilities on a network
![Page 6: Fundamentals of Information Systems Security Chapter 11](https://reader033.vdocuments.mx/reader033/viewer/2022051301/5a649f1c7f8b9a70568b4d31/html5/thumbnails/6.jpg)
Page 6Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 6Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
The Main Types of Malware
Viruses
Spam
Worms
Trojan horses
Logic bombs
Active content
vulnerabilities
Malicious add-
ons
Injection
Botnets
Denial of
service attacks
Spyware
Adware
Phishing
Keystroke
loggers
Hoaxes and
myths
Homepage
hijacking
Webpage
defacements
![Page 7: Fundamentals of Information Systems Security Chapter 11](https://reader033.vdocuments.mx/reader033/viewer/2022051301/5a649f1c7f8b9a70568b4d31/html5/thumbnails/7.jpg)
Page 7Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 7Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Viruses
• Target computer hardware and software startup functions
System infectors
• Attack and modify executable programs (COM, EXE, SYS, and DLL files in Microsoft Windows)
File infectors
• (Also called macro infectors) Attack document files containing embedded macro programming capabilities
Data infectors
![Page 8: Fundamentals of Information Systems Security Chapter 11](https://reader033.vdocuments.mx/reader033/viewer/2022051301/5a649f1c7f8b9a70568b4d31/html5/thumbnails/8.jpg)
Page 8Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 8Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Typical Life Cycle of a Computer
Virus
![Page 9: Fundamentals of Information Systems Security Chapter 11](https://reader033.vdocuments.mx/reader033/viewer/2022051301/5a649f1c7f8b9a70568b4d31/html5/thumbnails/9.jpg)
Page 9Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 9Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
How a System Infector Virus Works
![Page 10: Fundamentals of Information Systems Security Chapter 11](https://reader033.vdocuments.mx/reader033/viewer/2022051301/5a649f1c7f8b9a70568b4d31/html5/thumbnails/10.jpg)
Page 10Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 10Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
How a File Infector Virus Works
![Page 11: Fundamentals of Information Systems Security Chapter 11](https://reader033.vdocuments.mx/reader033/viewer/2022051301/5a649f1c7f8b9a70568b4d31/html5/thumbnails/11.jpg)
Page 11Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 11Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
How a Macro Virus Works
![Page 12: Fundamentals of Information Systems Security Chapter 11](https://reader033.vdocuments.mx/reader033/viewer/2022051301/5a649f1c7f8b9a70568b4d31/html5/thumbnails/12.jpg)
Page 12Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 12Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Other Virus Classifications
Polymorphic viruses
Stealth viruses
Slow viruses
Retro viruses
Cross-platform viruses
Multipartite viruses
![Page 13: Fundamentals of Information Systems Security Chapter 11](https://reader033.vdocuments.mx/reader033/viewer/2022051301/5a649f1c7f8b9a70568b4d31/html5/thumbnails/13.jpg)
Page 13Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 13Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
How a Stealth Virus Works
![Page 14: Fundamentals of Information Systems Security Chapter 11](https://reader033.vdocuments.mx/reader033/viewer/2022051301/5a649f1c7f8b9a70568b4d31/html5/thumbnails/14.jpg)
Page 14Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 14Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
How a Slow Virus Works
How a Retro Virus Works
![Page 15: Fundamentals of Information Systems Security Chapter 11](https://reader033.vdocuments.mx/reader033/viewer/2022051301/5a649f1c7f8b9a70568b4d31/html5/thumbnails/15.jpg)
Page 15Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 15Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
How a Multipartite Virus Works
![Page 16: Fundamentals of Information Systems Security Chapter 11](https://reader033.vdocuments.mx/reader033/viewer/2022051301/5a649f1c7f8b9a70568b4d31/html5/thumbnails/16.jpg)
Page 16Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 16Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Rootkits
Type of malware that modifies or replaces one or more existing programs to hide the fact that a computer has been compromised
Modify parts of the operating system to conceal traces of their presence
Provide attackers with access to compromised computers and easy access to launching additional attacks
Difficult to detect and remove
![Page 17: Fundamentals of Information Systems Security Chapter 11](https://reader033.vdocuments.mx/reader033/viewer/2022051301/5a649f1c7f8b9a70568b4d31/html5/thumbnails/17.jpg)
Page 17Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 17Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Ransomware
Attempts to generate funds directly from a computer user
Attacks a computer and limits the user’s ability to access the computer’s data
Encrypts important files or even the entire disk and makes them inaccessible
One of the first ransomware programs was Crypt0L0cker
![Page 18: Fundamentals of Information Systems Security Chapter 11](https://reader033.vdocuments.mx/reader033/viewer/2022051301/5a649f1c7f8b9a70568b4d31/html5/thumbnails/18.jpg)
Page 18Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 18Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Spam
Consumes computing resources bandwidth and CPU
time
Diverts IT personnel from activities more critical to
network security
Is a potential carrier of malicious code
Compromises intermediate systems to facilitate
remailing services
Opt-out (unsubscribe) features in spam messages
can represent a new form of reconnaissance attack to
acquire legitimate target addresses
![Page 19: Fundamentals of Information Systems Security Chapter 11](https://reader033.vdocuments.mx/reader033/viewer/2022051301/5a649f1c7f8b9a70568b4d31/html5/thumbnails/19.jpg)
Page 19Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 19Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Worms
Designed to propagate from one host
machine to another using the host’s own
network communications protocols
Unlike viruses, do not require a host
program to survive and replicate
The term “worm” stems from the fact that
worms are programs with segments,
working on different computers, all
communicating over a network
![Page 20: Fundamentals of Information Systems Security Chapter 11](https://reader033.vdocuments.mx/reader033/viewer/2022051301/5a649f1c7f8b9a70568b4d31/html5/thumbnails/20.jpg)
Page 20Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 20Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Worms (cont.)
![Page 21: Fundamentals of Information Systems Security Chapter 11](https://reader033.vdocuments.mx/reader033/viewer/2022051301/5a649f1c7f8b9a70568b4d31/html5/thumbnails/21.jpg)
Page 21Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 21Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Trojan Horses
Largest class of malware
Any program that masquerades as a useful program while hiding its malicious intent
Relies on social engineering to spread and operate
Spreads through email messages, website downloads, social networking sites, and automated distribution agents (bots)
![Page 22: Fundamentals of Information Systems Security Chapter 11](https://reader033.vdocuments.mx/reader033/viewer/2022051301/5a649f1c7f8b9a70568b4d31/html5/thumbnails/22.jpg)
Page 22Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 22Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Logic Bombs
Programs that execute a malicious
function of some kind when they detect certain conditions
Typically originate with organization insiders because people inside an
organization generally have more detailed knowledge
of the IT infrastructure than
outsiders
![Page 23: Fundamentals of Information Systems Security Chapter 11](https://reader033.vdocuments.mx/reader033/viewer/2022051301/5a649f1c7f8b9a70568b4d31/html5/thumbnails/23.jpg)
Page 23Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 23Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Active Content Vulnerabilities
Active content
• Refers to dynamic objects that do something when the user
opens a webpage (ActiveX, Java, JavaScript, VBScript,
macros, browser plugins, PDF files, and other scripting
languages)
• Has potential weaknesses that malware can exploit
Active content threats are considered mobile code
because these programs run on a wide variety of
computer platforms
Users download bits of mobile code, which gain access to
the hard disk and do things like fill up desktop with
infected file icons
![Page 24: Fundamentals of Information Systems Security Chapter 11](https://reader033.vdocuments.mx/reader033/viewer/2022051301/5a649f1c7f8b9a70568b4d31/html5/thumbnails/24.jpg)
Page 24Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 24Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Malicious Add-Ons
Add-ons are companion programs that extend the web browser; can decrease security
Malicious add-ons are browser add-ons that contain some type of malware that, once installed, perform malicious actions
Only install browser add-ons from sources you trust
![Page 25: Fundamentals of Information Systems Security Chapter 11](https://reader033.vdocuments.mx/reader033/viewer/2022051301/5a649f1c7f8b9a70568b4d31/html5/thumbnails/25.jpg)
Page 25Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 25Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Injection
Cross-site scripting (XSS)
SQL injection
LDAP injection
XML injection
Command injection
![Page 26: Fundamentals of Information Systems Security Chapter 11](https://reader033.vdocuments.mx/reader033/viewer/2022051301/5a649f1c7f8b9a70568b4d31/html5/thumbnails/26.jpg)
Page 26Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 26Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Botnets
Robotically controlled networks
Attackers infect vulnerable machines with agents
that perform various functions at the command of
the bot-herder or controller
Controllers communicate with other members of the
botnet using Internet Relay Chat (IRC) channels
Attackers can use botnets to distribute malware and
spam and to launch DoS attacks against
organizations or even countries
![Page 27: Fundamentals of Information Systems Security Chapter 11](https://reader033.vdocuments.mx/reader033/viewer/2022051301/5a649f1c7f8b9a70568b4d31/html5/thumbnails/27.jpg)
Page 27Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 27Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Denial of Service Attacks
Overwhelm a server or network segment to the point that the server or network becomes unusable
Crash a server or network device or create so much network congestion that authorized users cannot access network resources
Distributed denial of service (DDoS) attack uses intermediary hosts to conduct the attack
![Page 28: Fundamentals of Information Systems Security Chapter 11](https://reader033.vdocuments.mx/reader033/viewer/2022051301/5a649f1c7f8b9a70568b4d31/html5/thumbnails/28.jpg)
Page 28Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 28Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
SYN Flood
Attacker uses IP
spoofing to send
a large number
of packets
requesting
connections to
the victim
computer
![Page 29: Fundamentals of Information Systems Security Chapter 11](https://reader033.vdocuments.mx/reader033/viewer/2022051301/5a649f1c7f8b9a70568b4d31/html5/thumbnails/29.jpg)
Page 29Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 29Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Smurf Attack
Attackers direct forged Internet Control Message Protocol
(ICMP) echo request packets to IP broadcast addresses
from remote locations to generate DoS attacks
![Page 30: Fundamentals of Information Systems Security Chapter 11](https://reader033.vdocuments.mx/reader033/viewer/2022051301/5a649f1c7f8b9a70568b4d31/html5/thumbnails/30.jpg)
Page 30Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 30Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Spyware
Any unsolicited background process that installs itself on a user’s computer and collects information about the
user’s browsing habits and website activities
Affects privacy and confidentiality
Spyware cookies are cookies that share
information across sites
Some cookies are persistent and are stored
on a hard drive indefinitely without user permission
![Page 31: Fundamentals of Information Systems Security Chapter 11](https://reader033.vdocuments.mx/reader033/viewer/2022051301/5a649f1c7f8b9a70568b4d31/html5/thumbnails/31.jpg)
Page 31Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 31Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Adware
Triggers nuisances such as popup ads and banners when user visits certain
websites
Affects productivity and may combine
with active background
activities
Collects and tracks information about
application, website, and Internet activity
![Page 32: Fundamentals of Information Systems Security Chapter 11](https://reader033.vdocuments.mx/reader033/viewer/2022051301/5a649f1c7f8b9a70568b4d31/html5/thumbnails/32.jpg)
Page 32Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 32Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Phishing
Tricks users into providing logon information on what appears to be a legitimate website but is actually a website set up by an attacker to obtain this information
Spear-phishing
• Attacker supplies information about victim that appears to come from a legitimate company
Pharming
• The use of social engineering to obtain access credentials such as usernames and passwords
![Page 33: Fundamentals of Information Systems Security Chapter 11](https://reader033.vdocuments.mx/reader033/viewer/2022051301/5a649f1c7f8b9a70568b4d31/html5/thumbnails/33.jpg)
Page 33Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 33Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Keystroke Loggers
Capture keystrokes or user entries and
forwards information to attacker
Enable the attacker to capture logon
information, banking information, and other
sensitive data
![Page 34: Fundamentals of Information Systems Security Chapter 11](https://reader033.vdocuments.mx/reader033/viewer/2022051301/5a649f1c7f8b9a70568b4d31/html5/thumbnails/34.jpg)
Page 34Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 34Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Guidelines for Recognizing Hoaxes
Did a legitimate entity (computer security expert, vendor, etc.) send the alert?
Is there a request to forward the alert to others?
Are there detailed explanations or technical terminology in the alert?
Does the alert follow the generic format of a chain letter?
![Page 35: Fundamentals of Information Systems Security Chapter 11](https://reader033.vdocuments.mx/reader033/viewer/2022051301/5a649f1c7f8b9a70568b4d31/html5/thumbnails/35.jpg)
Page 35Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 35Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Homepage Hijacking
Exploiting a browser vulnerability to reset the homepage
Covertly installing a browser helper object (BHO) Trojan program
![Page 36: Fundamentals of Information Systems Security Chapter 11](https://reader033.vdocuments.mx/reader033/viewer/2022051301/5a649f1c7f8b9a70568b4d31/html5/thumbnails/36.jpg)
Page 36Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 36Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Webpage Defacements
Someone gaining unauthorized access to a
web server and altering the index page of a
site on the server
The attacker replaces the original pages on
the site with altered versions
![Page 37: Fundamentals of Information Systems Security Chapter 11](https://reader033.vdocuments.mx/reader033/viewer/2022051301/5a649f1c7f8b9a70568b4d31/html5/thumbnails/37.jpg)
Page 37Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 37Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
A Brief History of Malicious Code
Threats1970s and early 1980s academic research and UNIX
1980s: Early PC viruses
1990s: Early LAN viruses
Mid-1990s: Smart applications and the Internet
2000 to present
![Page 38: Fundamentals of Information Systems Security Chapter 11](https://reader033.vdocuments.mx/reader033/viewer/2022051301/5a649f1c7f8b9a70568b4d31/html5/thumbnails/38.jpg)
Page 38Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 38Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Threats to Business Organizations
Attacks against confidentiality and privacy
Attacks against data integrity
Attacks against availability of services and resources
Attacks against productivity and performance
Attacks that create legal liability
Attacks that damage reputation
![Page 39: Fundamentals of Information Systems Security Chapter 11](https://reader033.vdocuments.mx/reader033/viewer/2022051301/5a649f1c7f8b9a70568b4d31/html5/thumbnails/39.jpg)
Page 39Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 39Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Internal Threats from Employees:
Unsafe Computing PracticesExchange of untrusted disks or other media among systems
Installation of unauthorized, unregistered software
Unmonitored download of files from the Internet
Uncontrolled dissemination of email or other messaging application attachments
![Page 40: Fundamentals of Information Systems Security Chapter 11](https://reader033.vdocuments.mx/reader033/viewer/2022051301/5a649f1c7f8b9a70568b4d31/html5/thumbnails/40.jpg)
Page 40Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 40Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Anatomy of an Attack
Phases of an attack
Types of attacks
The purpose
of an attack
What motivates attackers
![Page 41: Fundamentals of Information Systems Security Chapter 11](https://reader033.vdocuments.mx/reader033/viewer/2022051301/5a649f1c7f8b9a70568b4d31/html5/thumbnails/41.jpg)
Page 41Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 41Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
What Motivates Attackers?
Money FamePolitical
beliefs or systems
Revenge
![Page 42: Fundamentals of Information Systems Security Chapter 11](https://reader033.vdocuments.mx/reader033/viewer/2022051301/5a649f1c7f8b9a70568b4d31/html5/thumbnails/42.jpg)
Page 42Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 42Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
The Purpose of an Attack
Denial of availability
Data modification
Data export
Launch point
![Page 43: Fundamentals of Information Systems Security Chapter 11](https://reader033.vdocuments.mx/reader033/viewer/2022051301/5a649f1c7f8b9a70568b4d31/html5/thumbnails/43.jpg)
Page 43Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 43Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Types of Attacks
Unstructured attacks
Structured attacks
Direct attacks
Indirect attacks
![Page 44: Fundamentals of Information Systems Security Chapter 11](https://reader033.vdocuments.mx/reader033/viewer/2022051301/5a649f1c7f8b9a70568b4d31/html5/thumbnails/44.jpg)
Page 44Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 44Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
How a Direct Attack Works
![Page 45: Fundamentals of Information Systems Security Chapter 11](https://reader033.vdocuments.mx/reader033/viewer/2022051301/5a649f1c7f8b9a70568b4d31/html5/thumbnails/45.jpg)
Page 45Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 45Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Phases of an Attack
![Page 46: Fundamentals of Information Systems Security Chapter 11](https://reader033.vdocuments.mx/reader033/viewer/2022051301/5a649f1c7f8b9a70568b4d31/html5/thumbnails/46.jpg)
Page 46Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 46Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Reconnaissance and Probing
Attacker collects all information to conduct
the attack
Tools include:
• DNS and ICMP tools within the TCP/IP
protocol suite
• Standard and customized SNMP tools
• Port scanners and port mappers
• Security probes
![Page 47: Fundamentals of Information Systems Security Chapter 11](https://reader033.vdocuments.mx/reader033/viewer/2022051301/5a649f1c7f8b9a70568b4d31/html5/thumbnails/47.jpg)
Page 47Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 47Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Access and Privilege Escalation
Gain administrative rights to the system
Establish the initial connection to a target host (typically a server platform)
![Page 48: Fundamentals of Information Systems Security Chapter 11](https://reader033.vdocuments.mx/reader033/viewer/2022051301/5a649f1c7f8b9a70568b4d31/html5/thumbnails/48.jpg)
Page 48Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 48Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Covering Traces of the Attack
Remove any traces of the attack
Remove files you may have created and restore as many files to their pre-
attack condition as possible
Remove log file entries that may provide evidence
of the attack
![Page 49: Fundamentals of Information Systems Security Chapter 11](https://reader033.vdocuments.mx/reader033/viewer/2022051301/5a649f1c7f8b9a70568b4d31/html5/thumbnails/49.jpg)
Page 49Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 49Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Attack Prevention Tools and
Techniques
Defense in depth
• The practice of layering defenses into
zones to increase the overall protection
level and provide more reaction time to
respond to incidents
- Application defenses
- Operating system defenses
- Network infrastructure defenses
![Page 50: Fundamentals of Information Systems Security Chapter 11](https://reader033.vdocuments.mx/reader033/viewer/2022051301/5a649f1c7f8b9a70568b4d31/html5/thumbnails/50.jpg)
Page 50Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 50Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Application Defenses
Implementing regular antivirus screening on all host
systems
Ensuring that virus definition files are up to date
Requiring scanning of all removable media
Installing personal firewall and IDS software on hosts
Deploying change detection software and integrity
checking software
Maintaining logs
Implementing email usage controls and ensuring that
email attachments are scanned
![Page 51: Fundamentals of Information Systems Security Chapter 11](https://reader033.vdocuments.mx/reader033/viewer/2022051301/5a649f1c7f8b9a70568b4d31/html5/thumbnails/51.jpg)
Page 51Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 51Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Operating System Defenses
Deploying change detection and integrity checking
software and maintaining logs
Deploying or enabling change detection and integrity
checking software on all servers
Ensuring that operating systems are consistent and
have been patched with the latest updates from
vendors
Ensuring that only trusted sources are used when
installing and upgrading OS code
Disabling unnecessary OS services and processes that
may pose a security vulnerability
![Page 52: Fundamentals of Information Systems Security Chapter 11](https://reader033.vdocuments.mx/reader033/viewer/2022051301/5a649f1c7f8b9a70568b4d31/html5/thumbnails/52.jpg)
Page 52Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 52Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Network Infrastructure Defenses
Creating chokepoints in the network
Using proxy services and bastion hosts to protect critical
services
Using content filtering at chokepoints to screen traffic
Ensuring that only trusted sources are used when
installing and upgrading OS code
Disabling any unnecessary network services and
processes that may pose a security vulnerability
Maintaining up-to-date IDS signature databases
Applying security patches to network devices to ensure
protection against new threats and reduce vulnerabilities
![Page 53: Fundamentals of Information Systems Security Chapter 11](https://reader033.vdocuments.mx/reader033/viewer/2022051301/5a649f1c7f8b9a70568b4d31/html5/thumbnails/53.jpg)
Page 53Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 53Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Safe Recovery Techniques and
PracticesStore OS and data file backup images on external media to ease recovering from potential malware
infection
Scan new and replacement media for malware before reinstalling software
Disable network access to systems during restore procedures or upgrades until you have re-enabled or
installed protection software or services
![Page 54: Fundamentals of Information Systems Security Chapter 11](https://reader033.vdocuments.mx/reader033/viewer/2022051301/5a649f1c7f8b9a70568b4d31/html5/thumbnails/54.jpg)
Page 54Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 54Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Implementing Effective Software
Best Practices
Adopt an acceptable use policy (AUP) for
network services and resources
Adopt standardized software to better
control patches and upgrades and to
ensure that you address vulnerabilities
Consider implementing an ISO/IEC 27002-
compliant security policy
![Page 55: Fundamentals of Information Systems Security Chapter 11](https://reader033.vdocuments.mx/reader033/viewer/2022051301/5a649f1c7f8b9a70568b4d31/html5/thumbnails/55.jpg)
Page 55Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 55Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Incident Detection Tools and
Techniques
Antivirus scanning software
Network monitors and analyzers
Content/context filtering and logging
software
Honeypots and honeynets
![Page 56: Fundamentals of Information Systems Security Chapter 11](https://reader033.vdocuments.mx/reader033/viewer/2022051301/5a649f1c7f8b9a70568b4d31/html5/thumbnails/56.jpg)
Page 56Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 56Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Summary
The impact of malicious code and
malware on systems and organizations
Attackers, hackers, and social
engineers
The phases of a computer attack
Tools and techniques to detect and
prevent attacks