Logical Security threats. Logical security Protects computer-based data from software-based and...
-
Upload
stella-warren -
Category
Documents
-
view
217 -
download
1
Transcript of Logical Security threats. Logical security Protects computer-based data from software-based and...
![Page 1: Logical Security threats. Logical security Protects computer-based data from software-based and communications- based threats.](https://reader038.fdocuments.net/reader038/viewer/2022110401/56649ddf5503460f94ad864b/html5/thumbnails/1.jpg)
Logical Security threats
![Page 2: Logical Security threats. Logical security Protects computer-based data from software-based and communications- based threats.](https://reader038.fdocuments.net/reader038/viewer/2022110401/56649ddf5503460f94ad864b/html5/thumbnails/2.jpg)
Logical security
Protects computer-based data from software-based and communications-based threats.
![Page 3: Logical Security threats. Logical security Protects computer-based data from software-based and communications- based threats.](https://reader038.fdocuments.net/reader038/viewer/2022110401/56649ddf5503460f94ad864b/html5/thumbnails/3.jpg)
Activity Least some of the logical security
threats that you know ?
Viruse , backdoors, bombs , Worms, Bots, Trojians’ , spywares……
Generally , known as Malicious
Software
![Page 4: Logical Security threats. Logical security Protects computer-based data from software-based and communications- based threats.](https://reader038.fdocuments.net/reader038/viewer/2022110401/56649ddf5503460f94ad864b/html5/thumbnails/4.jpg)
Malicious Software
programs exploiting system vulnerabilities.
Also known as malware. Types:
◦program fragments that need a host program e.g. viruses, logic bombs, and backdoors
◦independent self-contained programs e.g. worms, bots
◦replicating or notsophisticated threat to computer
systems !
![Page 5: Logical Security threats. Logical security Protects computer-based data from software-based and communications- based threats.](https://reader038.fdocuments.net/reader038/viewer/2022110401/56649ddf5503460f94ad864b/html5/thumbnails/5.jpg)
You must know !In 1983, graduate student Fred
Cohen first used the term virus in a paper describing a program that can spread by infecting other computers with copies of itself !
In 1986, The Brain virus was the first virus designed to infect personal computer systems. ◦by infecting floppy disks !
![Page 6: Logical Security threats. Logical security Protects computer-based data from software-based and communications- based threats.](https://reader038.fdocuments.net/reader038/viewer/2022110401/56649ddf5503460f94ad864b/html5/thumbnails/6.jpg)
Viruses: intro.piece of software that infects
programs(host)◦ modifying them to include a copy of the virus◦ so it executes secretly when host program is run
Usually specific to operating system◦ taking advantage of their details and weaknesses
a typical virus goes through phases of:◦Dormant: idle (not found in all virus) ◦Propagation: copy itself into other
programs/disk areas ◦Triggering: activated ( date, file, disk limit) ◦Execution: perform the intended
function(message, damage..
![Page 7: Logical Security threats. Logical security Protects computer-based data from software-based and communications- based threats.](https://reader038.fdocuments.net/reader038/viewer/2022110401/56649ddf5503460f94ad864b/html5/thumbnails/7.jpg)
Activity Is their any similarity between computer and
biological virus ? A biological virus is a shell filled with genetic
material that injects into a living cell, infecting it. The cell then starts manufacturing copies of the virus.
A computer virus behaves similarly. It injects its contents, which is a short computer program, into a host computer, thereby infecting it. When the computer executes the virus code, it replicates the code, and also performs a task, normally damaging files or another software component of the computer
![Page 8: Logical Security threats. Logical security Protects computer-based data from software-based and communications- based threats.](https://reader038.fdocuments.net/reader038/viewer/2022110401/56649ddf5503460f94ad864b/html5/thumbnails/8.jpg)
Virus Structurecomponents:
◦Infect - enables replication◦Trigger - event that makes payload
activate◦Payload - what it does
prepended / postpended / embedded
when infected program invoked, executes virus code then original program code
![Page 9: Logical Security threats. Logical security Protects computer-based data from software-based and communications- based threats.](https://reader038.fdocuments.net/reader038/viewer/2022110401/56649ddf5503460f94ad864b/html5/thumbnails/9.jpg)
Virus Structure: pseudo-code
![Page 10: Logical Security threats. Logical security Protects computer-based data from software-based and communications- based threats.](https://reader038.fdocuments.net/reader038/viewer/2022110401/56649ddf5503460f94ad864b/html5/thumbnails/10.jpg)
Virus Structure…Signatures –sequence of bits
that can be used to accurately identify the presence of a particular virus.
The code consists of three stages,◦activation/trigger , ◦replication/infect , and ◦Operation/payload
![Page 11: Logical Security threats. Logical security Protects computer-based data from software-based and communications- based threats.](https://reader038.fdocuments.net/reader038/viewer/2022110401/56649ddf5503460f94ad864b/html5/thumbnails/11.jpg)
Virus Payloadmalicious “task” of a virus. performed when the triggering
condition is satisfied. types :
◦display a message, such as “Gotcha,” a political slogan, or a commercial advertisement
◦read a certain sensitive or private file. Such a virus is in fact spyware.
◦slow the computer down by monopolizing and exhausting limited resources.
◦ completely deny any services to the user.
![Page 12: Logical Security threats. Logical security Protects computer-based data from software-based and communications- based threats.](https://reader038.fdocuments.net/reader038/viewer/2022110401/56649ddf5503460f94ad864b/html5/thumbnails/12.jpg)
Virus Payload…erase all the files on the host computerselect some files at random and change
several bits in each file, also at random. ◦referred to as data diddling, may be more
serious, because it results in problems that seem to be caused by hardware failures, not by a virus.
One step beyond data diddling is random deletion of files
random change of permissions.Produce sounds, animation.
![Page 13: Logical Security threats. Logical security Protects computer-based data from software-based and communications- based threats.](https://reader038.fdocuments.net/reader038/viewer/2022110401/56649ddf5503460f94ad864b/html5/thumbnails/13.jpg)
Infection strategies two types :Nonresident viruses:
◦ search for other hosts that can be infected, ◦ infect those targets, ◦ transfers control to the infected program
Resident viruses◦do not search for hosts when they are
started. Instead, it loads itself into memory on execution and transfers control to the host program.
◦The virus stays active in the background and infects new hosts when those files are accessed by other programs or the operating system itself
![Page 14: Logical Security threats. Logical security Protects computer-based data from software-based and communications- based threats.](https://reader038.fdocuments.net/reader038/viewer/2022110401/56649ddf5503460f94ad864b/html5/thumbnails/14.jpg)
Trigger Date or timeNumber of bootsGeneration counter of the virusNumber of keypresses on the keyboardAmount of free space on the hard driveAmount of minutes the machine has
been idleName of an executed programBasically any event it the PC can be
used as a trigger by a virus !.
![Page 15: Logical Security threats. Logical security Protects computer-based data from software-based and communications- based threats.](https://reader038.fdocuments.net/reader038/viewer/2022110401/56649ddf5503460f94ad864b/html5/thumbnails/15.jpg)
Virus ClassificationBy targetboot sector: Infects a master boot
record or boot record and spreads when a system is booted from the disk containing the virus.
file infector: Infects executable files
macro virus: Infects files with macro code that is interpreted by an application.
![Page 16: Logical Security threats. Logical security Protects computer-based data from software-based and communications- based threats.](https://reader038.fdocuments.net/reader038/viewer/2022110401/56649ddf5503460f94ad864b/html5/thumbnails/16.jpg)
File infector :two types
![Page 17: Logical Security threats. Logical security Protects computer-based data from software-based and communications- based threats.](https://reader038.fdocuments.net/reader038/viewer/2022110401/56649ddf5503460f94ad864b/html5/thumbnails/17.jpg)
Virus ClassificationBy Hiding Methodsencrypted virus: creates a random
encryption key, stored with the virus, and encrypts the remainder of the virus. Then, the virus uses the stored random key to decrypt the virus . virus replicates, a different random key is selected.
stealth virus: designed to hide itself from detection by antivirus software.
By restoring the size, modification date, and checksum of the infected file
![Page 18: Logical Security threats. Logical security Protects computer-based data from software-based and communications- based threats.](https://reader038.fdocuments.net/reader038/viewer/2022110401/56649ddf5503460f94ad864b/html5/thumbnails/18.jpg)
encrypted virus
![Page 19: Logical Security threats. Logical security Protects computer-based data from software-based and communications- based threats.](https://reader038.fdocuments.net/reader038/viewer/2022110401/56649ddf5503460f94ad864b/html5/thumbnails/19.jpg)
stealth virus
![Page 20: Logical Security threats. Logical security Protects computer-based data from software-based and communications- based threats.](https://reader038.fdocuments.net/reader038/viewer/2022110401/56649ddf5503460f94ad864b/html5/thumbnails/20.jpg)
Virus Classification….Polymorphic virus: mutates and
infects each new file as a different string of bits making detection by the “signature” of the virus impossible.
Metamorphic virus: As with a polymorphic virus ,a metamorphic virus mutates with every infection.
The difference is that a metamorphic virus rewrites itself completely at each iteration, increasing the difficulty of detection
![Page 21: Logical Security threats. Logical security Protects computer-based data from software-based and communications- based threats.](https://reader038.fdocuments.net/reader038/viewer/2022110401/56649ddf5503460f94ad864b/html5/thumbnails/21.jpg)
Virus Classification….A virus can modify itself and
become a different string of bits simply by inserting several nop instructions in its code.
A nop (no operation) is an instruction that does nothing.
![Page 22: Logical Security threats. Logical security Protects computer-based data from software-based and communications- based threats.](https://reader038.fdocuments.net/reader038/viewer/2022110401/56649ddf5503460f94ad864b/html5/thumbnails/22.jpg)
Virus Classification….Compression virus: In addition
to mutating, a virus may hide itself in a compressed file in such a way that the bits with the virus part depend on the rest of the infected file and are therefore always different.
![Page 23: Logical Security threats. Logical security Protects computer-based data from software-based and communications- based threats.](https://reader038.fdocuments.net/reader038/viewer/2022110401/56649ddf5503460f94ad864b/html5/thumbnails/23.jpg)
Compression Virus
![Page 24: Logical Security threats. Logical security Protects computer-based data from software-based and communications- based threats.](https://reader038.fdocuments.net/reader038/viewer/2022110401/56649ddf5503460f94ad864b/html5/thumbnails/24.jpg)
E-Mail Virusesmore recent developmente.g. Melissa
◦exploits MS Word macro in attached doc
◦if attachment opened, macro activates
◦sends email to all on users address list
◦and does local damagethen saw versions triggered
reading emailhence much faster propagation
![Page 25: Logical Security threats. Logical security Protects computer-based data from software-based and communications- based threats.](https://reader038.fdocuments.net/reader038/viewer/2022110401/56649ddf5503460f94ad864b/html5/thumbnails/25.jpg)
Virus CountermeasuresAnti-virusprevention - ideal solution but
difficultrealistically need:
◦detection◦identification◦removal
if detect but can’t identify or remove, must discard and replace infected program
![Page 26: Logical Security threats. Logical security Protects computer-based data from software-based and communications- based threats.](https://reader038.fdocuments.net/reader038/viewer/2022110401/56649ddf5503460f94ad864b/html5/thumbnails/26.jpg)
Tail chasing effect
The conclusion is that as many active processes as possible should be stopped before any attempt is made to clean viruses from a computer
![Page 27: Logical Security threats. Logical security Protects computer-based data from software-based and communications- based threats.](https://reader038.fdocuments.net/reader038/viewer/2022110401/56649ddf5503460f94ad864b/html5/thumbnails/27.jpg)
Anti-Virus Evolutionvirus & antivirus tech have both
evolvedearly viruses simple code, easily
removedas become more complex, so
must the countermeasuresgenerations
◦first - signature scanners◦second – heuristics rule (structure)◦third - identify actions◦fourth - combination packages
![Page 28: Logical Security threats. Logical security Protects computer-based data from software-based and communications- based threats.](https://reader038.fdocuments.net/reader038/viewer/2022110401/56649ddf5503460f94ad864b/html5/thumbnails/28.jpg)
Propagation Using infected programs. the virus is
executed every time the program is executed.Using interrupts that occurs each time an
external disk drive or a DVD is inserted into a USB port. Once this interrupt occurs, the virus is executed as part of the interrupt-handling routine and it tries to infect the newly inserted volume.
As an email attachment.Through infected softwares. useful program
(a calculator, a nice clock, or a beautiful screen saver), embed a virus or a Trojan horse in it.
![Page 29: Logical Security threats. Logical security Protects computer-based data from software-based and communications- based threats.](https://reader038.fdocuments.net/reader038/viewer/2022110401/56649ddf5503460f94ad864b/html5/thumbnails/29.jpg)
Usually Sharing: Each time users share a computing resource such as a disk, a file, or a library routine, there is the risk of infection
![Page 30: Logical Security threats. Logical security Protects computer-based data from software-based and communications- based threats.](https://reader038.fdocuments.net/reader038/viewer/2022110401/56649ddf5503460f94ad864b/html5/thumbnails/30.jpg)
Worms, Trojans,…
![Page 31: Logical Security threats. Logical security Protects computer-based data from software-based and communications- based threats.](https://reader038.fdocuments.net/reader038/viewer/2022110401/56649ddf5503460f94ad864b/html5/thumbnails/31.jpg)
Worms Self-replicating program, similar to
virus, but is self-contained.Usually propagates over network.
◦ using email, remote exec, remote login by exploiting service
vulnerabilities.It often creates denial of service
![Page 32: Logical Security threats. Logical security Protects computer-based data from software-based and communications- based threats.](https://reader038.fdocuments.net/reader038/viewer/2022110401/56649ddf5503460f94ad864b/html5/thumbnails/32.jpg)
Worms …has phases like a virus:
◦dormant, propagation, triggering, execution
◦propagation phase: searches for other systems, connects to it, copies self to it and runs
1st implemented by Xerox Palo Alto labs in 1980’s◦search for idle systems to use to run
a computationally intensive task.
![Page 33: Logical Security threats. Logical security Protects computer-based data from software-based and communications- based threats.](https://reader038.fdocuments.net/reader038/viewer/2022110401/56649ddf5503460f94ad864b/html5/thumbnails/33.jpg)
What makes it different ?A virus propagates when users send email, launch programs, or carry storage media between computers.
A worm propagates itself throughout the Internet by exploiting security weaknesses in applications and protocols we all use.
Has the highest speed of propagation.
![Page 34: Logical Security threats. Logical security Protects computer-based data from software-based and communications- based threats.](https://reader038.fdocuments.net/reader038/viewer/2022110401/56649ddf5503460f94ad864b/html5/thumbnails/34.jpg)
Worm Propagation Model
![Page 35: Logical Security threats. Logical security Protects computer-based data from software-based and communications- based threats.](https://reader038.fdocuments.net/reader038/viewer/2022110401/56649ddf5503460f94ad864b/html5/thumbnails/35.jpg)
![Page 36: Logical Security threats. Logical security Protects computer-based data from software-based and communications- based threats.](https://reader038.fdocuments.net/reader038/viewer/2022110401/56649ddf5503460f94ad864b/html5/thumbnails/36.jpg)
Worm damages
future worms may pose a threat to the Internet, to E-commerce, and to computer communications and this threat may be much greater and much more dangerous than that posed by other types of malicious software.
![Page 37: Logical Security threats. Logical security Protects computer-based data from software-based and communications- based threats.](https://reader038.fdocuments.net/reader038/viewer/2022110401/56649ddf5503460f94ad864b/html5/thumbnails/37.jpg)
Worm damage scenariosWorm that has infected several million computers on the Internet may have the potential for a global catastrophe.◦could launch vast DoS attacks .
That can bring down not only E-commerce sites, but sensitive military sites or the root domain name servers of the Internet.
![Page 38: Logical Security threats. Logical security Protects computer-based data from software-based and communications- based threats.](https://reader038.fdocuments.net/reader038/viewer/2022110401/56649ddf5503460f94ad864b/html5/thumbnails/38.jpg)
Morris Wormone of best know wormsreleased by Robert Morris in 1988various attacks on UNIX systems
◦discover other hosts◦cracking password file to use
login/password to logon to other systems◦exploiting a bug in the finger protocol◦exploiting a bug in sendmail.
if succeed have remote shell access◦sent bootstrap program to copy worm
over
![Page 39: Logical Security threats. Logical security Protects computer-based data from software-based and communications- based threats.](https://reader038.fdocuments.net/reader038/viewer/2022110401/56649ddf5503460f94ad864b/html5/thumbnails/39.jpg)
Other Worm Attacks
Code Red: July 2001◦ exploiting Microsoft Internet Information
Server (IIS) bug to penetrate and spread◦probes random IP address◦does DDoS attack ◦activities and reactivates periodically◦consumes significant net capacity when
active◦infected nearly 360,000 servers in 14 hours
Code Red II variant includes backdoor◦allowing a hacker to direct activities of
victim computers
![Page 40: Logical Security threats. Logical security Protects computer-based data from software-based and communications- based threats.](https://reader038.fdocuments.net/reader038/viewer/2022110401/56649ddf5503460f94ad864b/html5/thumbnails/40.jpg)
Other Worm AttacksSQL Slammer: early 2003
◦attacks MS SQL Server◦compact and very rapid spread
Mydoom: 2004◦mass-mailing e-mail worm◦installed remote access backdoor in infected systems
◦flooded the Internet with 100 million infected messages in 36hrs
![Page 41: Logical Security threats. Logical security Protects computer-based data from software-based and communications- based threats.](https://reader038.fdocuments.net/reader038/viewer/2022110401/56649ddf5503460f94ad864b/html5/thumbnails/41.jpg)
Mobile Phone Wormsfirst appeared on mobile phones
in 2004◦target smartphone which can install
softwarethey communicate via Bluetooth
or MMSdisable phone, delete data on
phone, or send premium-priced messages
E.g. CommWarrior, launched in 2005◦replicates using Bluetooth to nearby
phones◦and via MMS using address-book
numbers◦copies itself to the removable memory card
![Page 42: Logical Security threats. Logical security Protects computer-based data from software-based and communications- based threats.](https://reader038.fdocuments.net/reader038/viewer/2022110401/56649ddf5503460f94ad864b/html5/thumbnails/42.jpg)
Recent Malware attack
![Page 43: Logical Security threats. Logical security Protects computer-based data from software-based and communications- based threats.](https://reader038.fdocuments.net/reader038/viewer/2022110401/56649ddf5503460f94ad864b/html5/thumbnails/43.jpg)
Worm TechnologyPresent highest level of development
Multiplatform: not only windowsmulti-exploit: browsers, e-mail, serversultrafast spreading: prior Internet IP scan Polymorphic: different codes per attackMetamorphic: different behavior patternstransport vehicles: for other malwareszero-day exploit : unknown vulnerability
![Page 44: Logical Security threats. Logical security Protects computer-based data from software-based and communications- based threats.](https://reader038.fdocuments.net/reader038/viewer/2022110401/56649ddf5503460f94ad864b/html5/thumbnails/44.jpg)
Worm Countermeasuresanti-virusworms also cause significant net activityworm defense approaches include:
◦ signature-based worm scan filtering◦ filter-based worm containment: content/code◦ payload-classification-based worm containment examine packets using anomaly detection techniques
◦ threshold random walk scan detection exploits randomness in picking destinations to connect
◦ rate limiting and rate halting limits the rate of scanlike traffic from an infected host immediately blocks outgoing traffic when a threshold is
exceeded
![Page 45: Logical Security threats. Logical security Protects computer-based data from software-based and communications- based threats.](https://reader038.fdocuments.net/reader038/viewer/2022110401/56649ddf5503460f94ad864b/html5/thumbnails/45.jpg)
Trojan Horseapparently useful , program with hidden
side-effects which is usually superficially attractive
◦ E.g. game, software upgrade, screen saver etc
when run performs some additional tasks
Usually designed primarily to give hackers access to system
often used to propagate a virus/worm or install a backdoor
or simply to destroy data
![Page 46: Logical Security threats. Logical security Protects computer-based data from software-based and communications- based threats.](https://reader038.fdocuments.net/reader038/viewer/2022110401/56649ddf5503460f94ad864b/html5/thumbnails/46.jpg)
![Page 47: Logical Security threats. Logical security Protects computer-based data from software-based and communications- based threats.](https://reader038.fdocuments.net/reader038/viewer/2022110401/56649ddf5503460f94ad864b/html5/thumbnails/47.jpg)
Damages Download files to the infected
computer.Make registry changes to the infected
computer. Delete files on the infected computer. Disable a keyboard, mouse, or other
peripherals. Shut down or reboot the infected
computer. Run selected applications or terminate
open applications. Disable virus protection or other
computer security software
![Page 48: Logical Security threats. Logical security Protects computer-based data from software-based and communications- based threats.](https://reader038.fdocuments.net/reader038/viewer/2022110401/56649ddf5503460f94ad864b/html5/thumbnails/48.jpg)
48
Other types
Back doors/Trap doors◦ It is a program that allows attackers to access a
system, bypassing the normal authentication mechanisms
Bomb◦ It is a program which lies dormant until a
particulate date/time or a program logic is activated
◦ Logic bomb or Time bomb
![Page 49: Logical Security threats. Logical security Protects computer-based data from software-based and communications- based threats.](https://reader038.fdocuments.net/reader038/viewer/2022110401/56649ddf5503460f94ad864b/html5/thumbnails/49.jpg)
49
Types of Malware…
Spywares◦are programs, cookies, or registry entries that
track your activity and send that data off to someone who collects this data for their own purposes
◦The type of information stolen varies considerably email login details IP and DNS addresses of the computer users’ Internet habits bank details used to access accounts or make online
purchases etc…
![Page 50: Logical Security threats. Logical security Protects computer-based data from software-based and communications- based threats.](https://reader038.fdocuments.net/reader038/viewer/2022110401/56649ddf5503460f94ad864b/html5/thumbnails/50.jpg)
50
Types of Malware…
Adware◦ is software that is installed on your computer to show
you advertisements ◦ These may be in the form of pop-ups, pop-unders,
advertisements embedded in programs, or placed on top of ads in web sites, etc
Key logger◦ is a program that captures and records user keystrokes◦ E.g. whenever a user enters a password, bank account
numbers, credit card number, or other information, the program logs the keystroke
◦ The keystrokes are often sent over the Internet to the hacker
![Page 51: Logical Security threats. Logical security Protects computer-based data from software-based and communications- based threats.](https://reader038.fdocuments.net/reader038/viewer/2022110401/56649ddf5503460f94ad864b/html5/thumbnails/51.jpg)
51
Types of Malware…
Dialers◦ are programs that set up your modem connection to
connect to the Internet often to charge illicit phone usage fees
◦ are targeted to users of dial up internet servicesSpam
◦ is unsolicited bulk e-mail which is sent in massive quantities to unsuspecting Internet email users.
◦ Most spam tries to Sell products and services.
◦ A more dangerous category of spam tries to Convince the recipient to share their bank account numbers,
credit card numbers, or logins & passwords to their online banking systems/services
◦ It is also used for phishing and to spread malicious code
![Page 52: Logical Security threats. Logical security Protects computer-based data from software-based and communications- based threats.](https://reader038.fdocuments.net/reader038/viewer/2022110401/56649ddf5503460f94ad864b/html5/thumbnails/52.jpg)
52
Types of Malware…
Rootkit ◦ is a set of tools and utilities that a hacker can use to
maintain access once they have hacked a system. ◦ The rootkit tools allow them conceal their actions
by hiding their files and processes and erasing their activity
Bot/Zombie◦ These are small programs that are inserted on
computers by attackers to allow them to control the system remotely without the user’s consent or knowledge
◦ Botnets :groups of computers infected by bots and controlled remotely by the owner of the bots
◦ Computers that are infected with a bot are generally referred to as zombies
![Page 53: Logical Security threats. Logical security Protects computer-based data from software-based and communications- based threats.](https://reader038.fdocuments.net/reader038/viewer/2022110401/56649ddf5503460f94ad864b/html5/thumbnails/53.jpg)
53
Types of Malware…
Exploit◦ it a piece of software, a command, or a
methodology that attacks particular security vulnerability
◦ takes advantage of a particular weakness e.g. OS, application programs
Phishing◦ is not an application. It's the process of
attempting to acquire sensitive user information with fake websites.
◦ It's an example of social engineering techniques used to fool users
◦ Common targets for phishing Online payment systems such as e-bank, e-
commerce are
![Page 54: Logical Security threats. Logical security Protects computer-based data from software-based and communications- based threats.](https://reader038.fdocuments.net/reader038/viewer/2022110401/56649ddf5503460f94ad864b/html5/thumbnails/54.jpg)
Home workRead about the following topics :
◦Famous virus attacks◦Virus writers ◦Self replicating programs (Quines)◦Different types of virus naming.◦CPU interrupts ◦Multiple-threat malwares◦Registry files◦GD Scanners