. Differentiate among various systems’ security threats: Privilege escalation Virus Worm ...
-
Upload
edmund-bradford -
Category
Documents
-
view
244 -
download
0
Transcript of . Differentiate among various systems’ security threats: Privilege escalation Virus Worm ...
![Page 1: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/1.jpg)
![Page 2: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/2.jpg)
Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets Logic bomb
![Page 3: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/3.jpg)
Implement security applications. Differentiate between the different ports and protocols, their
respective threats and mitigation techniques. Antiquated protocols TCP/IP hijacking Null sessions Spoofing Man-in-the-middle Replay DoS DDoS Domain Name Kiting DNS poisoning
![Page 4: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/4.jpg)
Explain the vulnerabilities and mitigations associated with network devices. Privilege escalation Weak passwords Back doors DoS
Carry out vulnerability assessments using common tools. Vulnerability scanners Password crackers
![Page 5: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/5.jpg)
Attack Strategies Recognizing Common Attacks Identifying TCP/IP Security Concerns Understanding Software Exploitation Surviving Malicious Code Other Attacks and Frauds
![Page 6: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/6.jpg)
Access attack, someone who should not be able to wants to access your resources. Its purpose is to gain access to information that the attacker isn’t authorized to have
Modification and repudiation attack, someone wants to modify information in your systems
Denial-of-service (DoS) attack
![Page 7: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/7.jpg)
Eavesdropping Eavesdropping is the process of listening in on or overhearing
parts of a conversation, including listening in on your network traffic
This type of attack is generally passive
Snooping Occurs when someone looks through your files hoping to find
something interesting The files may be either electronic or on paper
![Page 8: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/8.jpg)
Interception can be either an active or a passive process Intercept (v): to stop something or someone that is going from
one place to another before they get there In a networked environment, a passive interception would
involve someone who routinely monitors network traffic. Active interception might include putting a computer system
between the sender and receiver to capture information as it’s sent. The process is usually covert.
Intercept missions can occur for years without the knowledge of the parties being monitored.
![Page 9: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/9.jpg)
Modification attacks involve the deletion, insertion, or alteration of information in an unauthorized manner that is intended to appear genuine to the user
They’re similar to access attacks in that the attacker must first get to the data on the servers, but they differ from that point on.
The motivation for this type of attack may be to plant information, change grades in a class, fraudulently alter credit card records, or something similar.
Website defacements are a common form of modification attack.
![Page 10: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/10.jpg)
Repudiation attack is a variation of modification attacks repudiate / rɪpjudieɪt /
to refuse to accept or continue with something to state or show that something is not true or correct
Repudiation attacks make data or information appear to be invalid or misleading.
Repudiation attacks are fairly easy to accomplish because most e-mail systems don’t check outbound mail for validity.
Repudiation attacks, like modification attacks, usually begin as access attacks.
![Page 11: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/11.jpg)
Denial-of-Service DoS attacks prevent access to resources by users
authorized to use those resources Most simple DoS attacks occur from a single system Types of DoS attacks:
ping of death buffer overflow
![Page 12: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/12.jpg)
![Page 13: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/13.jpg)
Requires a powerful transmitter
![Page 14: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/14.jpg)
![Page 15: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/15.jpg)
Distributed Denial-of-Service Attacks Multiple computer systems used to conduct the attack Zombies Botnet: the malicious software running on a zombie
![Page 16: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/16.jpg)
![Page 17: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/17.jpg)
How to face with Denial attacks?
![Page 18: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/18.jpg)
Attack Strategies Recognizing Common Attacks Identifying TCP/IP Security Concerns Understanding Software Exploitation Surviving Malicious Code Other Attacks and Frauds
![Page 19: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/19.jpg)
Back doors?
![Page 20: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/20.jpg)
A spoofing attack is an attempt by someone or something to masquerade as someone else.
IP spoofing and DNS spoofing
![Page 21: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/21.jpg)
This type of attack is also an access attack, but it can be used as the starting point for a modification attack
Places a piece of software between a server and the user.
![Page 22: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/22.jpg)
The attacker captures the information and replay it later. The information can be username, passwords,
certificates from authentication systems such as Kerboros.
![Page 23: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/23.jpg)
Captured passwords projected on the wall at DEFCON
![Page 24: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/24.jpg)
Solutions: Certificates usually contain a unique session identifier and a time stamp.
![Page 25: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/25.jpg)
Records cookies and replays them This technique breaks into Gmail accounts Technical name: Cross Site Request Forgery Almost all social networking sites are vulnerable to this
attack Facebook, MySpace, Yahoo, etc.
![Page 26: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/26.jpg)
Brute-force attack. Dictionary attack Hybrids: mixing the two above techniques
![Page 27: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/27.jpg)
Privilege escalation can be the result of an error on an administrator’s part in assigning too high a permission set to a user, but it’s more often associated with bugs left in software.
Cheat codes in video games.
![Page 28: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/28.jpg)
Attack Strategies Recognizing Common Attacks Identifying TCP/IP Security Concerns Understanding Software Exploitation Surviving Malicious Code Other Attacks and Frauds
![Page 29: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/29.jpg)
![Page 30: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/30.jpg)
Network Access = OSI layers 1 & 2, defines LAN communication, what do I mean by that?
Network = OSI layer 3 – defines addressing and routing Transport/Host to Host = OSI layer 4, 5 – defines a
communication session between two applications on one or two hosts
Application = OSI layers 6,7 the application data that is being sent across a network
![Page 31: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/31.jpg)
Maps to Layer 1 and 2 of the OSI model The Level that a Network Interface Card Works on Source and Destination MAC addresses are used
defining communications endpoints Protocols include
Ethernet Token Ring FDDI
![Page 32: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/32.jpg)
Routing, IP addressing, and packaging Internet Protocol (IP) is a routable protocol, and it’s
responsible for: IP addressing. fragments and reassembles message packets only routes information; doesn’t verify it for accuracy(Accuracy
checking is the responsibility of TCP)
![Page 33: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/33.jpg)
Maps to layer 4 and 5 of the OSI model Concerned with establishing sessions between two
applications Source and destination endpoints are defined by port
numbers The two transport protocols in TCP/IP are TCP and UDP
![Page 34: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/34.jpg)
Connection oriented “guaranteed” delivery. Advantages
Easier to program with Truly implements a “session” Adds security
Disadvantages More overhead / slower
![Page 35: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/35.jpg)
Connectionless, non-guaranteed delivery (best effort) Advantages
Fast / low overhead
Disadvantages Harder to program with No true sessions Less security A pain to firewall (due to no connections)
![Page 36: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/36.jpg)
Most programs, such as web browsers, interface with TCP/IP at this level
Protocols: Hypertext Transfer Protocol (HTTP) File Transfer Protocol (FTP) Simple Mail Transfer Protocol (SMTP) Telnet Domain Name Service (DNS) Routing Information Protocol (RIP) Post Office Protocol (POP3)
![Page 37: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/37.jpg)
Encapsulate to express or show something in a short way to completely cover something with something else, especially in
order to prevent a substance getting out
![Page 38: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/38.jpg)
To change data from a form to another AM (Amplitude Modulation) FM (Frequency Modulation) PM (Phase Modulation)
Keying methods Current State Keying
ASKFSK
State Transition KeyingPhase Shift Keying (PSK)
Modulation and Demodulation Used in modems and in transfering data units among
OSI layers
![Page 39: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/39.jpg)
Port Mirroring Sniffing the Network TCP Attacks
![Page 40: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/40.jpg)
![Page 41: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/41.jpg)
A device that captures and displays network traffic
![Page 42: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/42.jpg)
![Page 43: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/43.jpg)
![Page 44: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/44.jpg)
TCP sequence number attacks occur when an attacker takes control of one end of a TCP session Each time a TCP message is sent, either the client or the server
generates a sequence number The attacker intercepts and then responds with a sequence
number similar to the one used in the original session Disrupt or hijack a valid session
![Page 45: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/45.jpg)
Rogue access points Rogue: not behaving in the usual or accepted way and often
causing trouble Employees often set up home wireless routers for convenience
at work This allows attackers to bypass all of the network security and
opens the entire network and all users to direct attacks An attacker who can access the network through a rogue access
point is behind the company's firewallCan directly attack all devices on the network
![Page 46: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/46.jpg)
![Page 47: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/47.jpg)
War driving Beaconing
At regular intervals, a wireless AP sends a beacon frame to announce its presence and to provide the necessary information for devices that want to join the network
ScanningEach wireless device looks for those beacon frames
Unapproved wireless devices can likewise pick up the beaconing RF transmission
Formally known as wireless location mapping
![Page 48: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/48.jpg)
Bluetooth A wireless technology that uses short-range RF transmissions Provides for rapid “on the fly” and ad hoc connections between
devices
Bluesnarfing Stealing data through a Bluetooth connection E-mails, calendars, contact lists, and cell phone pictures and
videos, …
![Page 49: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/49.jpg)
Attack Strategies Recognizing Common Attacks Identifying TCP/IP Security Concerns Understanding Software Exploitation Surviving Malicious Code Other Attacks and Frauds
![Page 50: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/50.jpg)
Database exploitation If a client session can be hijacked or spoofed, the attacker can
formulate queries against the database that disclose unauthorized information.
Application exploitation E-mail exploitation Spyware
Rather than self-replicating, like viruses and worms, spyware is spread to machines by users who inadvertently ask for it
Rootkits Enables continued privileged access to a computer, while actively
hiding its presence from administrators by subverting standard operating system functionality or other applications
![Page 51: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/51.jpg)
Attack Strategies Recognizing Common Attacks Identifying TCP/IP Security Concerns Understanding Software Exploitation Surviving Malicious Code Other Attacks and Frauds
![Page 52: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/52.jpg)
Armored Virus designed to make itself difficult to detect or analyze
Companion Virus A companion virus attaches itself to legitimate programs and
then creates a program with a different filename extension
Macro Virus a set of programming instructions in a language such as
VBScript that commands an application to perform illicit actions
![Page 53: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/53.jpg)
Multipartite Virus: attacks the system in multiple ways
![Page 54: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/54.jpg)
Phage Virus Modifies and alters other programs and database The only way to remove this virus is to reinstall the programs
that are infected
Polymorphic Virus Change form in order to avoid detection Frequently, the virus will encrypt parts of itself to avoid detection
![Page 55: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/55.jpg)
Stealth Virus Attempts to avoid detection by masking itself from applications
![Page 56: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/56.jpg)
Logic bombs are programs or snippets of code that execute when a certain predefined event occurs.
![Page 57: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/57.jpg)
Attack Strategies Recognizing Common Attacks Identifying TCP/IP Security Concerns Understanding Software Exploitation Surviving Malicious Code Other Attacks and Frauds
![Page 58: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/58.jpg)
Connections to a Microsoft Windows 2000 or Windows NT computer with a blank username and password
Attacker can collect a lot of data from a vulnerable system
Cannot be fixed by patches to the operating systems Much less of a problem with modern Windows versions,
Win XP SP2, Vista, or Windows 7
![Page 59: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/59.jpg)
Check kiting A type of fraud that involves the unlawful use of checking
accounts to gain additional time before the fraud is detected
Domain Name Kiting Registrars are organizations that are approved by ICANN to sell
and register Internet domain names A five-day Add Grade Period (AGP) permits registrars to delete
any newly registered Internet domain names and receive a full refund of the registration fee
![Page 60: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/60.jpg)
Unscrupulous registrars register thousands of Internet domain names and then delete them
Recently expired domain names are indexed by search engines
Visitors are directed to a re-registered site Which is usually a single page Web with paid advertisement
links
Visitors who click on these links generate money for the registrar
![Page 61: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/61.jpg)
Used to manage switches, routers, and other network devices
Early versions did not encrypt passwords, and had other security flaws
But the old versions are still commonly used
![Page 62: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/62.jpg)
DNS is used to resolve domain names like www.ccsf.edu to IP addresses like 147.144.1.254
DNS has many vulnerabilities It was never designed to be secure
![Page 63: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/63.jpg)
![Page 64: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/64.jpg)
Put false entries into the Hosts file C:\Windows\System32\Drivers\etc\hosts
![Page 65: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/65.jpg)
Attacker sends many spoofed DNS responses Target just accepts the first one it gets
![Page 66: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/66.jpg)
![Page 67: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/67.jpg)
Intended to let a new DNS server copy the records from an existing one
Can be used by attackers to get a list of all the machines in a company, like a network diagram Usually blocked by modern DNS servers
![Page 68: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/68.jpg)
Antispyware software will warn you when the hosts file is modified
Using updated versions of DNS server software prevents older DNS attacks against the server
But many DNS flaws cannot be patched Eventually: Switch to DNSSEC (Domain Name System
Security Extensions) But DNSSEC is not widely deployed yet, and it has its own
problems
![Page 69: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/69.jpg)
ARP is used to convert IP addresses like 147.144.1.254 into MAC addresses like 00-30-48-82-11-34
![Page 70: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/70.jpg)
Attacker sends many spoofed ARP responses Target just accepts the first one it gets
![Page 71: . Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets.](https://reader035.fdocuments.net/reader035/viewer/2022062322/56649eac5503460f94bb1de0/html5/thumbnails/71.jpg)