SlideShare une entreprise Scribd logo

9.0 security (2)

Télécharger en tant que PPTX, PDF
F
Frank Victory

This is the slides for my CompTIA A+ class

Technologie
1  sur  28
Security Frank H. Vianzon Community College of Aurora
• A virus is a program that attempts to damage a computer system and replicate itself to other computer systems. A virus has the following characteristics: A virus requires a replication mechanism which is a file that it uses as a host. When the host file is distributed, the virus is also distributed. Viruses typically attach to files with execution capabilities such as .doc, .exe, and .bat extensions. Many viruses are distributed via e-mail and are distributed to everyone in your address book. • The virus only replicates when an activation mechanism is triggered. For example, each time the infected file or program is executed, the virus is activated. • The virus is programmed with an objective, which is usually to destroy, compromise, or corrupt data. • Originally some viruses were created for nuisance Virus
• Win32/Conficker • This virus is a network worm and exploits the RPC sub-system vulnerability present in the Microsoft Windows operating system, allowing an attacker to remotely attack a computer without valid user credentials. Win32/Conficker infects the computer using unsecured folders, removable medium or by making use of Autorun facility enabled by default in windows. This threat contacts other domain names to download additional malicious code. • • • • • • • • Win32/PSW.OnlineGames Win32/Agent Win32/FlyStudio INF/Conflicker INF/Autorun Win32/Pacex.Gen WMA/TrojanDownload.GetCodec Win32/Qhost http://www.techonzo.com/2010/03/9-computer-viruses-you-should-be-awareabout/ *Windows Virus
Virus Scans • • • Trend Micro Norton McAfee • Keep them updated? Daily? Every 4 hours • Look for processes • Task Manager Look for connections • Net Stat Common symptoms of malware on your system include: • • • • • • • • • The browser home page or default search page has changed. Excessive pop-ups or strange messages being displayed. Firewall alerts about programs trying to access the Internet. System errors about corrupt or missing files. File extension associations have changed to open files with a different program. Files that disappear, are renamed, or are corrupt. New icons appear on the desktop or taskbar, or new toolbars show in the browser. The firewall or antivirus software is turned off, or you can't run antivirus scans. The system won't boot. *How to detect • •
Some malicious software can hide itself such that there might not be any obvious signs of its presence. Other symptoms of an infection include: • Slow Internet access. • Excessive network traffic, or traffic during times when no activity should be occurring. • Excessive CPU or disk activity. • Low system memory. • An unusually high volume of outgoing e-mail, or e-mail sent during off hours.
Additional Countermeasures • Install anti-virus scanning software on e-mail servers. Attachments are scanned before e-mail is delivered. You can also block all attachments to prevent any unwanted software, but this can also block needed attachments as well. • Implement spam filters and real-time blacklists. When implementing filters, be sure not to make the filters too broad, otherwise legitimate e-mails will be rejected. • Train users to use caution when downloading software or responding to e-mail. • Train users to update the virus definition files frequently and to scan removable storage devices before copying files. • Disable scripts when previewing or viewing e-mail. • Implement software policies that prevent downloading software from the Internet.
Additional Countermeasures • Keep your operating system files up to date; apply securityrelated hotfixes as they are released. • In highly-secured areas, remove removable drives (such as recordable optical drives and USB drives) to prevent unauthorized software from entering a system. Show full file extensions on all files. Viruses, worms, and Trojans often make use of double file extensions to change the qualities of files that are normally deemed harmless. For example, adding the extension .TXT.EXE to a file will make the file appear as a text file in an attachment, when in reality it is an executable. • Train users about the dangers of downloading software and the importance of anti-malware protections. Teach users to scan files before running them, and make sure they keep the virus protection definition files up to date.
• Computers must meet certain health requirements before they are allowed to connect to the network. These requirements might include having the latest security patches installed, having antivirus software, or having completed a recent antivirus scan. • Computers that meet the health requirements are given access to the network; computers that do not pass the health checks are denied full access. • Remediation for unhealthy computers provides resources to fix the problem. For example, the computer might be given limited network access in order to download and install the required antivirus software. • Network Access Protection (NAP) is Microsoft's implementation of NAC. Additional Countermeasures • Network Access Control (NAC) is a network-based solution that prevents unprotected computers from connecting to the network. With NAC:
Spyware is software that is installed without the user's consent or knowledge, designed to intercept or take partial control over the user's interaction with the computer. • Spyware: Is installed on your machine by visiting a particular Web page or running a particular application. • Can interfere with user control of the computer such as installing additional software, changing computer settings, and redirecting Web browser activity. – Ever Google search and cannot go back? Spyware
• Collects various types of personal information, such as Internet surfing habits and passwords, and sends the information back to its originating source. • Cookies are text files that are stored on a computer to save information about your preferences, browser settings, and Web page preferences. • Cookies are often used for legitimate purposes on ecommerce sites, but can be read or used for malicious purposes by spyware and other software. • Uses tracking cookies to collect and report a user's activities. Spyware
• Grayware is software that might offer a legitimate service, but which also includes features that you aren't aware of or features that could be used for malicious purposes. Grayware is often installed with the user's permission, but without the user fully understanding what they are adding. • Features included with grayware might be identified in the end user license agreement (EULA), or the features could be hidden or undocumented. The main objection to grayware is that the end user cannot easily tell what the application does or what was added with the application. Grayware
• Repair the infection. Repair is possible for true viruses that have attached themselves to valid files. During the repair, the virus is removed and the file is placed back in its original state (if possible). • Quarantine the file. Quarantine moves the infected file to a secure folder where it cannot be opened or run normally. You might quarantine an infected file that cannot be repaired to see if another tool or utility might be able to recover the file at another time. • Delete the file. You should delete files that are malicious files such as worms, Trojan horse programs, or spyware or adware programs. In addition, you should periodically review the quarantine folder and delete any files you do not want to recover. • *System Restore? • *Format and Recover! Remediation • Remediation is the process of correcting any problems that are found. Most antivirus software remediates problems automatically or semi-automatically (i.e. you are prompted to identify the action to take). Possible actions in response to problems are:
• Spam is unwanted and unsolicited e-mail sent to many recipients. Spam: Can be benign as e-mails trying to sell products. • Can be malicious containing phishing scams or malware as attachments. • Wastes bandwidth and could fill the inbox, resulting in a denial of service condition where users can no longer receive e-mails. Spam
• • • • • Dumpster Diving Shoulder Surfing Piggybacking Eavesdropping Masquerading • Phishing – where do you see phishing now?
Countermeasures • • • • • • • Train employees to demand proof of identity over the phone and in person. Define values for types of information, such as dial-in numbers, user names, passwords, network addresses, etc. The greater the value, the higher the security around those items should be maintained. If someone requests privileged information, have employees find out why they want it and whether they are authorized to obtain it. Verify information contained in e-mails and use bookmarked links instead of links in emails to go to company Web sites. Dispose of sensitive documents securely, such as shredding or incinerating. Dispose of disks and devices securely by shredding floppy disks or overwriting disks with all 1's, all 0's, then all random characters. Verify information from suspicious e-mails by visiting two or more well-known malicious code threat management Web sites. These sites can be your antivirus vendor or a well-known and well-regarded Internet security watch group.
• Phishing uses an e-mail and a spoofed Web site to gain sensitive information. In a phishing attack: A fraudulent message that appears to be legitimate is sent to a target. • The message requests the target to visit a Web site which also appears to be legitimate. • The fraudulent Web site requests the victim to provide sensitive information such as the account number and password. Phishing
• Hoax virus information e-mails is a form of a phishing attack. This type of attack preys on e-mail recipients who are fearful and will believe most information if it is presented in a professional manner. All too often, the victims of these attacks fail to double check the information or instructions with a reputable third party antivirus software vendor before implementing the recommendations. Usually these hoax messages instruct the reader to delete key system files or download Trojan horses. Phishing with Hoax Virus
• New scam involving text messages • Call the bank because your card has been cancelled *Phishing with Text
• Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. Spear phishing attempts are not typically initiated by "random hackers" but are more likely to be conducted by perpetrators out for financial gain, trade secrets or military information • • • • • Facebook LinkedIn eBay/Paypal Click here to see your grade Other social media So why have a facebook at all? *Spear Phishing
Depends on three things 1. The apparent source must appear to be a known and trusted individual, 2. there is information within the message that supports its validity 3. the request the individual makes seems to have a logical basis. Combine with Social Engineering *Spear Phishing
Countermeasures The most effective countermeasure for social engineering is employee awareness training on how to recognize social engineering schemes and how to respond appropriately. Specific countermeasures include: • Train employees to demand proof of identity over the phone and in person. • Define values for types of information, such as dial-in numbers, user names, passwords, network addresses, etc. The greater the value, the higher the security around those items should be maintained. • If someone requests privileged information, have employees find out why they want it and whether they are authorized to obtain it. • Verify information contained in e-mails and use bookmarked links instead of links in e-mails to go to company Web sites.
Counter Measures • Dispose of sensitive documents securely, such as shredding or incinerating. • Dispose of disks and devices securely by shredding floppy disks or overwriting disks with all 1's, all 0's, then all random characters. • Verify information from suspicious e-mails by visiting two or more well-known malicious code threat management Web sites. These sites can be your antivirus vendor or a well-known and well-regarded Internet security watch group.
BIOS Security BIOS Passwords Chassis Intrusion Detection Hard Disk Password TPM
• You cannot read the passwords from the disk. • You cannot move the drive to another system to access the disk without the password (the password moves with the disk). • You cannot format the disk to remove the passwords. Hard Disk Password • Some portable computers allow you to set a password on a hard disk. When set, the password must be given at system startup or the disk cannot be used. • Hard disk passwords are part of the ATA specifications so they are not dependent upon a specific disk manufacturer. • There are two different passwords: user and master. • Set the password(s) by using the CMOS program. Some programs do not allow you to set a password, only let you set the user password, or let you set both a user and a master password. • Passwords are saved on the hard disk.
Hard Disk Password • If you forget the user password, use the master password to access the drive. If you do not know either password, you cannot access any data on the drive. • Most drives allow a limited number of incorrect password attempts. After that time, you must restart the system to try entering additional passwords. You can try as long as you want, but constantly restarting the system makes guessing the password a tedious job. • Drives might ship with a default master password. However, these passwords (if they exist) are not publicly available and cannot be obtained from disk manufacturers. • Setting a hard disk password is sometimes referred to as locking the hard disk.
Trusted Platform Module (TPM) • A TPM is a special chip on the motherboard that generates and stores cryptographic keys. Use the CMOS program to initialize the TPM. • During initialization, you set a TPM owner password. The TPM password is required to manage TPM settings. • The TPM includes a unique key on the chip that can be used for hardware system identification. • The TPM can generate a cryptographic key or hash based on the hardware in the system, and use this key value to verify that the hardware has not changed. This value can be used to prevent the system from booting if the hardware has changed. • The TPM can be used by applications to generate and save keys that are used with encryption.
Trusted Platform Module (TPM) • *Protects encrypted keys • *Together with the BIOS, the TPM forms a Root of Trust: The TPM contains several PCRs (Platform Configuration Registers) that allow a secure storage and reporting of security relevant metrics. These metrics can be used to detect changes to previous configurations and derive decisions how to proceed. A good example can be found in Microsoft's BitLocker Drive Encryption (see below). • *Therefore the BIOS and the Operating System have the primary responsibility to utilize the TPM to assure platform integrity. Only then applications and users running on that platform can rely on its security characteristics such as secure I/O "what you see is what you get", uncompromised keyboard entries, memory and storage operations.

Recommandé

Attack on computer
Attack on computerAttack on computer
Attack on computer
Rabail khan
 
Viruses andthreats@dharmesh
Viruses andthreats@dharmeshViruses andthreats@dharmesh
Viruses andthreats@dharmesh
Dharmesh Kumar Sharma
 
Types of malicious software and remedies
Types of malicious software and remediesTypes of malicious software and remedies
Types of malicious software and remedies
Manish Kumar
 
Virus and malware presentation
Virus and malware presentationVirus and malware presentation
Virus and malware presentation
Amjad Bhutto
 
Information Technology - System Threats
Information Technology - System ThreatsInformation Technology - System Threats
Information Technology - System Threats
Drishti Bhalla
 
Malicious software
Malicious softwareMalicious software
Malicious software
Dr.Florence Dayana
 
Malicious Software
Malicious SoftwareMalicious Software
Malicious Software
Hamza Muhammad
 
4.2.1 computer security risks
4.2.1 computer security risks4.2.1 computer security risks
4.2.1 computer security risks
hazirma
 

Recommandé

Attack on computer
Attack on computerAttack on computer
Attack on computer
Rabail khan
 
Viruses andthreats@dharmesh
Viruses andthreats@dharmeshViruses andthreats@dharmesh
Viruses andthreats@dharmesh
Dharmesh Kumar Sharma
 
Types of malicious software and remedies
Types of malicious software and remediesTypes of malicious software and remedies
Types of malicious software and remedies
Manish Kumar
 
Virus and malware presentation
Virus and malware presentationVirus and malware presentation
Virus and malware presentation
Amjad Bhutto
 
Information Technology - System Threats
Information Technology - System ThreatsInformation Technology - System Threats
Information Technology - System Threats
Drishti Bhalla
 
Malicious software
Malicious softwareMalicious software
Malicious software
Dr.Florence Dayana
 
Malicious Software
Malicious SoftwareMalicious Software
Malicious Software
Hamza Muhammad
 
4.2.1 computer security risks
4.2.1 computer security risks4.2.1 computer security risks
4.2.1 computer security risks
hazirma
 
Malicious software and software security
Malicious software and software securityMalicious software and software security
Malicious software and software security
G Prachi
 
Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5
AfiqEfendy Zaen
 
Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch
Pruthvi Monarch
 
3.2.1 computer security risks
3.2.1 computer security risks3.2.1 computer security risks
3.2.1 computer security risks
hazirma
 
Malicious
MaliciousMalicious
Malicious
Khyati Rajput
 
Program security
Program securityProgram security
Program security
G Prachi
 
Computer virus-and-antivirus
Computer virus-and-antivirusComputer virus-and-antivirus
Computer virus-and-antivirus
VishwarajYadav
 
Computer security risks
Computer security risksComputer security risks
Computer security risks
Aasim Mushtaq
 
Introduction to Malware
Introduction to MalwareIntroduction to Malware
Introduction to Malware
amiable_indian
 
Complete notes security
Complete notes securityComplete notes security
Complete notes security
Kitkat Emoo
 
Virus & Computer security threats
Virus & Computer security threatsVirus & Computer security threats
Virus & Computer security threats
Azri Abdin
 
Lecture 12 malicious software
Lecture 12 malicious software Lecture 12 malicious software
Lecture 12 malicious software
rajakhurram
 
Malicious software
Malicious softwareMalicious software
Malicious software
CAS
 
Network security and viruses
Network security and virusesNetwork security and viruses
Network security and viruses
Aamlan Saswat Mishra
 
Sophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security ThreatsSophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security Threats
Connecting Up
 
Program security chapter 3
Program security chapter 3Program security chapter 3
Program security chapter 3
Education
 
Viruses & security threats
Viruses & security threatsViruses & security threats
Viruses & security threats
wardjo
 
Antivirus software
Antivirus softwareAntivirus software
Antivirus software
khalid umer
 
Chapter 2 program-security
Chapter 2 program-securityChapter 2 program-security
Chapter 2 program-security
Vamsee Krishna Kiran
 
CyberSecurity Series Malware slides
CyberSecurity Series Malware slidesCyberSecurity Series Malware slides
CyberSecurity Series Malware slides
Jim Kaplan CIA CFE
 
Operating System and Virus (Introduction).pptx
Operating System and Virus (Introduction).pptxOperating System and Virus (Introduction).pptx
Operating System and Virus (Introduction).pptx
DondonGoles
 
anti_virus
anti_virusanti_virus
anti_virus
sharq university
 

Contenu connexe

Tendances

Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5
AfiqEfendy Zaen
 
3.2.1 computer security risks
3.2.1 computer security risks3.2.1 computer security risks
3.2.1 computer security risks
hazirma
 
Computer virus-and-antivirus
Computer virus-and-antivirusComputer virus-and-antivirus
Computer virus-and-antivirus
VishwarajYadav
 
Complete notes security
Complete notes securityComplete notes security
Complete notes security
Kitkat Emoo
 
Virus & Computer security threats
Virus & Computer security threatsVirus & Computer security threats
Virus & Computer security threats
Azri Abdin
 
Sophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security ThreatsSophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security Threats
Connecting Up
 
Viruses & security threats
Viruses & security threatsViruses & security threats
Viruses & security threats
wardjo
 

Tendances (20)

Malicious software and software security
Malicious software and software securityMalicious software and software security
Malicious software and software security
 
Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5
 
Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch
 
3.2.1 computer security risks
3.2.1 computer security risks3.2.1 computer security risks
3.2.1 computer security risks
 
Malicious
MaliciousMalicious
Malicious
 
Program security
Program securityProgram security
Program security
 
Computer virus-and-antivirus
Computer virus-and-antivirusComputer virus-and-antivirus
Computer virus-and-antivirus
 
Computer security risks
Computer security risksComputer security risks
Computer security risks
 
Introduction to Malware
Introduction to MalwareIntroduction to Malware
Introduction to Malware
 
Complete notes security
Complete notes securityComplete notes security
Complete notes security
 
Virus & Computer security threats
Virus & Computer security threatsVirus & Computer security threats
Virus & Computer security threats
 
Lecture 12 malicious software
Lecture 12 malicious software Lecture 12 malicious software
Lecture 12 malicious software
 
Malicious software
Malicious softwareMalicious software
Malicious software
 
Network security and viruses
Network security and virusesNetwork security and viruses
Network security and viruses
 
Sophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security ThreatsSophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security Threats
 
Program security chapter 3
Program security chapter 3Program security chapter 3
Program security chapter 3
 
Viruses & security threats
Viruses & security threatsViruses & security threats
Viruses & security threats
 
Antivirus software
Antivirus softwareAntivirus software
Antivirus software
 
Chapter 2 program-security
Chapter 2 program-securityChapter 2 program-security
Chapter 2 program-security
 
CyberSecurity Series Malware slides
CyberSecurity Series Malware slidesCyberSecurity Series Malware slides
CyberSecurity Series Malware slides
 

Similaire à 9.0 security (2)

Operating System and Virus (Introduction).pptx
Operating System and Virus (Introduction).pptxOperating System and Virus (Introduction).pptx
Operating System and Virus (Introduction).pptx
DondonGoles
 
COMPUTER VIRUS-WPS Office.pptx
COMPUTER VIRUS-WPS Office.pptxCOMPUTER VIRUS-WPS Office.pptx
COMPUTER VIRUS-WPS Office.pptx
T Tanujha
 
BAIT1003 Chapter 11
BAIT1003 Chapter 11BAIT1003 Chapter 11
BAIT1003 Chapter 11
limsh
 
Computervirus 110705112128-phpapp02
Computervirus 110705112128-phpapp02Computervirus 110705112128-phpapp02
Computervirus 110705112128-phpapp02
hiiraa
 
Application'sand security
Application'sand securityApplication'sand security
Application'sand security
arun nalam
 
Computer security ethics_and_privacy
Computer security ethics_and_privacyComputer security ethics_and_privacy
Computer security ethics_and_privacy
Ardit Meti
 

Similaire à 9.0 security (2) (20)

Operating System and Virus (Introduction).pptx
Operating System and Virus (Introduction).pptxOperating System and Virus (Introduction).pptx
Operating System and Virus (Introduction).pptx
 
anti_virus
anti_virusanti_virus
anti_virus
 
COMPUTER VIRUS-WPS Office.pptx
COMPUTER VIRUS-WPS Office.pptxCOMPUTER VIRUS-WPS Office.pptx
COMPUTER VIRUS-WPS Office.pptx
 
LESSON_3_Maintain_Computer_Equipment_and_Systems.pptx
LESSON_3_Maintain_Computer_Equipment_and_Systems.pptxLESSON_3_Maintain_Computer_Equipment_and_Systems.pptx
LESSON_3_Maintain_Computer_Equipment_and_Systems.pptx
 
Basic Computer Security for Doctors
Basic Computer Security for DoctorsBasic Computer Security for Doctors
Basic Computer Security for Doctors
 
How To Protect From Malware
How To Protect From MalwareHow To Protect From Malware
How To Protect From Malware
 
Information Security (Malicious Software)
Information Security (Malicious Software)Information Security (Malicious Software)
Information Security (Malicious Software)
 
Tools and methods used in cybercrime
Tools and methods used in cybercrimeTools and methods used in cybercrime
Tools and methods used in cybercrime
 
BAIT1003 Chapter 11
BAIT1003 Chapter 11BAIT1003 Chapter 11
BAIT1003 Chapter 11
 
Information security
Information securityInformation security
Information security
 
Preventive measures. Blog. pptx
Preventive measures. Blog. pptxPreventive measures. Blog. pptx
Preventive measures. Blog. pptx
 
Virus and Anti Virus - Types of Virus and Anti Virus
Virus and Anti Virus - Types of Virus and Anti VirusVirus and Anti Virus - Types of Virus and Anti Virus
Virus and Anti Virus - Types of Virus and Anti Virus
 
Virussss.pdf
Virussss.pdfVirussss.pdf
Virussss.pdf
 
IS100 Week 11
IS100 Week 11IS100 Week 11
IS100 Week 11
 
Computervirus 110705112128-phpapp02
Computervirus 110705112128-phpapp02Computervirus 110705112128-phpapp02
Computervirus 110705112128-phpapp02
 
Online access and computer security.pptx_S.Gautham
Online access and computer security.pptx_S.GauthamOnline access and computer security.pptx_S.Gautham
Online access and computer security.pptx_S.Gautham
 
Application'sand security
Application'sand securityApplication'sand security
Application'sand security
 
Malware part 2
Malware part 2Malware part 2
Malware part 2
 
Security threats and safety measures
Security threats and safety measuresSecurity threats and safety measures
Security threats and safety measures
 
Computer security ethics_and_privacy
Computer security ethics_and_privacyComputer security ethics_and_privacy
Computer security ethics_and_privacy
 

Plus de Frank Victory

Kealy OWASP interactive_artifacts
Kealy OWASP interactive_artifactsKealy OWASP interactive_artifacts
Kealy OWASP interactive_artifacts
Frank Victory
 
Lesson 6 web based attacks
Lesson 6 web based attacksLesson 6 web based attacks
Lesson 6 web based attacks
Frank Victory
 

Plus de Frank Victory (12)

Container security Familiar problems in new technology
Container security Familiar problems in new technologyContainer security Familiar problems in new technology
Container security Familiar problems in new technology
 
Kealy OWASP interactive_artifacts
Kealy OWASP interactive_artifactsKealy OWASP interactive_artifacts
Kealy OWASP interactive_artifacts
 
Automation and open source turning the tide on the attackers
Automation and open source turning the tide on the attackersAutomation and open source turning the tide on the attackers
Automation and open source turning the tide on the attackers
 
CNG 256 cloud computing
CNG 256 cloud computingCNG 256 cloud computing
CNG 256 cloud computing
 
CNG 256 wireless wi-fi and bluetooth
CNG 256 wireless wi-fi and bluetoothCNG 256 wireless wi-fi and bluetooth
CNG 256 wireless wi-fi and bluetooth
 
Differential learning SnowFROC 2017
Differential learning SnowFROC 2017Differential learning SnowFROC 2017
Differential learning SnowFROC 2017
 
Phishing Forensics - SnowFROC - Denver Chapter of OWASP
Phishing Forensics - SnowFROC - Denver Chapter of OWASP Phishing Forensics - SnowFROC - Denver Chapter of OWASP
Phishing Forensics - SnowFROC - Denver Chapter of OWASP
 
Active defensecombo clean
Active defensecombo cleanActive defensecombo clean
Active defensecombo clean
 
Dns security threats and solutions
Dns security threats and solutionsDns security threats and solutions
Dns security threats and solutions
 
Cng 125 – chapter 12 network policies
Cng 125 – chapter 12 network policiesCng 125 – chapter 12 network policies
Cng 125 – chapter 12 network policies
 
Authentication vs authorization
Authentication vs authorizationAuthentication vs authorization
Authentication vs authorization
 
Lesson 6 web based attacks
Lesson 6 web based attacksLesson 6 web based attacks
Lesson 6 web based attacks
 

Dernier

The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 

Dernier (20)

Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 

9.0 security (2)

  • 2. • A virus is a program that attempts to damage a computer system and replicate itself to other computer systems. A virus has the following characteristics: A virus requires a replication mechanism which is a file that it uses as a host. When the host file is distributed, the virus is also distributed. Viruses typically attach to files with execution capabilities such as .doc, .exe, and .bat extensions. Many viruses are distributed via e-mail and are distributed to everyone in your address book. • The virus only replicates when an activation mechanism is triggered. For example, each time the infected file or program is executed, the virus is activated. • The virus is programmed with an objective, which is usually to destroy, compromise, or corrupt data. • Originally some viruses were created for nuisance Virus
  • 3. • Win32/Conficker • This virus is a network worm and exploits the RPC sub-system vulnerability present in the Microsoft Windows operating system, allowing an attacker to remotely attack a computer without valid user credentials. Win32/Conficker infects the computer using unsecured folders, removable medium or by making use of Autorun facility enabled by default in windows. This threat contacts other domain names to download additional malicious code. • • • • • • • • Win32/PSW.OnlineGames Win32/Agent Win32/FlyStudio INF/Conflicker INF/Autorun Win32/Pacex.Gen WMA/TrojanDownload.GetCodec Win32/Qhost http://www.techonzo.com/2010/03/9-computer-viruses-you-should-be-awareabout/ *Windows Virus
  • 4. Virus Scans • • • Trend Micro Norton McAfee • Keep them updated? Daily? Every 4 hours • Look for processes • Task Manager Look for connections • Net Stat Common symptoms of malware on your system include: • • • • • • • • • The browser home page or default search page has changed. Excessive pop-ups or strange messages being displayed. Firewall alerts about programs trying to access the Internet. System errors about corrupt or missing files. File extension associations have changed to open files with a different program. Files that disappear, are renamed, or are corrupt. New icons appear on the desktop or taskbar, or new toolbars show in the browser. The firewall or antivirus software is turned off, or you can't run antivirus scans. The system won't boot. *How to detect • •
  • 5. Some malicious software can hide itself such that there might not be any obvious signs of its presence. Other symptoms of an infection include: • Slow Internet access. • Excessive network traffic, or traffic during times when no activity should be occurring. • Excessive CPU or disk activity. • Low system memory. • An unusually high volume of outgoing e-mail, or e-mail sent during off hours.
  • 6. Additional Countermeasures • Install anti-virus scanning software on e-mail servers. Attachments are scanned before e-mail is delivered. You can also block all attachments to prevent any unwanted software, but this can also block needed attachments as well. • Implement spam filters and real-time blacklists. When implementing filters, be sure not to make the filters too broad, otherwise legitimate e-mails will be rejected. • Train users to use caution when downloading software or responding to e-mail. • Train users to update the virus definition files frequently and to scan removable storage devices before copying files. • Disable scripts when previewing or viewing e-mail. • Implement software policies that prevent downloading software from the Internet.
  • 7. Additional Countermeasures • Keep your operating system files up to date; apply securityrelated hotfixes as they are released. • In highly-secured areas, remove removable drives (such as recordable optical drives and USB drives) to prevent unauthorized software from entering a system. Show full file extensions on all files. Viruses, worms, and Trojans often make use of double file extensions to change the qualities of files that are normally deemed harmless. For example, adding the extension .TXT.EXE to a file will make the file appear as a text file in an attachment, when in reality it is an executable. • Train users about the dangers of downloading software and the importance of anti-malware protections. Teach users to scan files before running them, and make sure they keep the virus protection definition files up to date.
  • 8. • Computers must meet certain health requirements before they are allowed to connect to the network. These requirements might include having the latest security patches installed, having antivirus software, or having completed a recent antivirus scan. • Computers that meet the health requirements are given access to the network; computers that do not pass the health checks are denied full access. • Remediation for unhealthy computers provides resources to fix the problem. For example, the computer might be given limited network access in order to download and install the required antivirus software. • Network Access Protection (NAP) is Microsoft's implementation of NAC. Additional Countermeasures • Network Access Control (NAC) is a network-based solution that prevents unprotected computers from connecting to the network. With NAC:
  • 9. Spyware is software that is installed without the user's consent or knowledge, designed to intercept or take partial control over the user's interaction with the computer. • Spyware: Is installed on your machine by visiting a particular Web page or running a particular application. • Can interfere with user control of the computer such as installing additional software, changing computer settings, and redirecting Web browser activity. – Ever Google search and cannot go back? Spyware
  • 10. • Collects various types of personal information, such as Internet surfing habits and passwords, and sends the information back to its originating source. • Cookies are text files that are stored on a computer to save information about your preferences, browser settings, and Web page preferences. • Cookies are often used for legitimate purposes on ecommerce sites, but can be read or used for malicious purposes by spyware and other software. • Uses tracking cookies to collect and report a user's activities. Spyware
  • 11. • Grayware is software that might offer a legitimate service, but which also includes features that you aren't aware of or features that could be used for malicious purposes. Grayware is often installed with the user's permission, but without the user fully understanding what they are adding. • Features included with grayware might be identified in the end user license agreement (EULA), or the features could be hidden or undocumented. The main objection to grayware is that the end user cannot easily tell what the application does or what was added with the application. Grayware
  • 12. • Repair the infection. Repair is possible for true viruses that have attached themselves to valid files. During the repair, the virus is removed and the file is placed back in its original state (if possible). • Quarantine the file. Quarantine moves the infected file to a secure folder where it cannot be opened or run normally. You might quarantine an infected file that cannot be repaired to see if another tool or utility might be able to recover the file at another time. • Delete the file. You should delete files that are malicious files such as worms, Trojan horse programs, or spyware or adware programs. In addition, you should periodically review the quarantine folder and delete any files you do not want to recover. • *System Restore? • *Format and Recover! Remediation • Remediation is the process of correcting any problems that are found. Most antivirus software remediates problems automatically or semi-automatically (i.e. you are prompted to identify the action to take). Possible actions in response to problems are:
  • 13. • Spam is unwanted and unsolicited e-mail sent to many recipients. Spam: Can be benign as e-mails trying to sell products. • Can be malicious containing phishing scams or malware as attachments. • Wastes bandwidth and could fill the inbox, resulting in a denial of service condition where users can no longer receive e-mails. Spam
  • 15. Countermeasures • • • • • • • Train employees to demand proof of identity over the phone and in person. Define values for types of information, such as dial-in numbers, user names, passwords, network addresses, etc. The greater the value, the higher the security around those items should be maintained. If someone requests privileged information, have employees find out why they want it and whether they are authorized to obtain it. Verify information contained in e-mails and use bookmarked links instead of links in emails to go to company Web sites. Dispose of sensitive documents securely, such as shredding or incinerating. Dispose of disks and devices securely by shredding floppy disks or overwriting disks with all 1's, all 0's, then all random characters. Verify information from suspicious e-mails by visiting two or more well-known malicious code threat management Web sites. These sites can be your antivirus vendor or a well-known and well-regarded Internet security watch group.
  • 16. • Phishing uses an e-mail and a spoofed Web site to gain sensitive information. In a phishing attack: A fraudulent message that appears to be legitimate is sent to a target. • The message requests the target to visit a Web site which also appears to be legitimate. • The fraudulent Web site requests the victim to provide sensitive information such as the account number and password. Phishing
  • 17.
  • 18. • Hoax virus information e-mails is a form of a phishing attack. This type of attack preys on e-mail recipients who are fearful and will believe most information if it is presented in a professional manner. All too often, the victims of these attacks fail to double check the information or instructions with a reputable third party antivirus software vendor before implementing the recommendations. Usually these hoax messages instruct the reader to delete key system files or download Trojan horses. Phishing with Hoax Virus
  • 19. • New scam involving text messages • Call the bank because your card has been cancelled *Phishing with Text
  • 20. • Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. Spear phishing attempts are not typically initiated by "random hackers" but are more likely to be conducted by perpetrators out for financial gain, trade secrets or military information • • • • • Facebook LinkedIn eBay/Paypal Click here to see your grade Other social media So why have a facebook at all? *Spear Phishing
  • 21. Depends on three things 1. The apparent source must appear to be a known and trusted individual, 2. there is information within the message that supports its validity 3. the request the individual makes seems to have a logical basis. Combine with Social Engineering *Spear Phishing
  • 22. Countermeasures The most effective countermeasure for social engineering is employee awareness training on how to recognize social engineering schemes and how to respond appropriately. Specific countermeasures include: • Train employees to demand proof of identity over the phone and in person. • Define values for types of information, such as dial-in numbers, user names, passwords, network addresses, etc. The greater the value, the higher the security around those items should be maintained. • If someone requests privileged information, have employees find out why they want it and whether they are authorized to obtain it. • Verify information contained in e-mails and use bookmarked links instead of links in e-mails to go to company Web sites.
  • 23. Counter Measures • Dispose of sensitive documents securely, such as shredding or incinerating. • Dispose of disks and devices securely by shredding floppy disks or overwriting disks with all 1's, all 0's, then all random characters. • Verify information from suspicious e-mails by visiting two or more well-known malicious code threat management Web sites. These sites can be your antivirus vendor or a well-known and well-regarded Internet security watch group.
  • 24. BIOS Security BIOS Passwords Chassis Intrusion Detection Hard Disk Password TPM
  • 25. • You cannot read the passwords from the disk. • You cannot move the drive to another system to access the disk without the password (the password moves with the disk). • You cannot format the disk to remove the passwords. Hard Disk Password • Some portable computers allow you to set a password on a hard disk. When set, the password must be given at system startup or the disk cannot be used. • Hard disk passwords are part of the ATA specifications so they are not dependent upon a specific disk manufacturer. • There are two different passwords: user and master. • Set the password(s) by using the CMOS program. Some programs do not allow you to set a password, only let you set the user password, or let you set both a user and a master password. • Passwords are saved on the hard disk.
  • 26. Hard Disk Password • If you forget the user password, use the master password to access the drive. If you do not know either password, you cannot access any data on the drive. • Most drives allow a limited number of incorrect password attempts. After that time, you must restart the system to try entering additional passwords. You can try as long as you want, but constantly restarting the system makes guessing the password a tedious job. • Drives might ship with a default master password. However, these passwords (if they exist) are not publicly available and cannot be obtained from disk manufacturers. • Setting a hard disk password is sometimes referred to as locking the hard disk.
  • 27. Trusted Platform Module (TPM) • A TPM is a special chip on the motherboard that generates and stores cryptographic keys. Use the CMOS program to initialize the TPM. • During initialization, you set a TPM owner password. The TPM password is required to manage TPM settings. • The TPM includes a unique key on the chip that can be used for hardware system identification. • The TPM can generate a cryptographic key or hash based on the hardware in the system, and use this key value to verify that the hardware has not changed. This value can be used to prevent the system from booting if the hardware has changed. • The TPM can be used by applications to generate and save keys that are used with encryption.
  • 28. Trusted Platform Module (TPM) • *Protects encrypted keys • *Together with the BIOS, the TPM forms a Root of Trust: The TPM contains several PCRs (Platform Configuration Registers) that allow a secure storage and reporting of security relevant metrics. These metrics can be used to detect changes to previous configurations and derive decisions how to proceed. A good example can be found in Microsoft's BitLocker Drive Encryption (see below). • *Therefore the BIOS and the Operating System have the primary responsibility to utilize the TPM to assure platform integrity. Only then applications and users running on that platform can rely on its security characteristics such as secure I/O "what you see is what you get", uncompromised keyboard entries, memory and storage operations.