Presentation on theme: "Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks."— Presentation transcript:
Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks
Attacks Software Based Attackes Malware – Malicious software – damaging or annoying software. Viruses or worms. Hardware Based Attacks Bios, USB devices, NAS, Cell phones Attacks on Virtualized Systems
Software based attacks: Viruses Attaches to a legitimate software (carrier, a program or document) and then replicates through other programs, devices, emails, instant messaging, etc. Computer crashes, destruction of HD, fill up HD, Reduce security settings allowing others to come in, reformat HD, etc. File infecting virus attaches to executables (such as cascade virus), resident virus loaded into RAM (such as Randex, Meve, MrKlunky), Boot virus infects MBR (Polyboot.B, AntiEXE), companion virus adds program to OS replacing legitimate OS programs (Stator, Asimove.1539), Macro virus written in any macro scripting (Melissa.A, Bablas.Pc). Polymorphic virus changes itself to avoid detection
Worms Stand alone programs Takes advantage of the OS/application vulnerabilities. Worms uses networks to send copies of itself slowing down networks. While virus requires user action to start an infected program, worms do not (can start executing itself). Worms as they travel through internet can leave a payload behind on each system which can delete files or allow remote controlling of the system.
Trojan Horse Installed with the knowledge of the user. A program advertised as a utility but actually does something else (screen saver, calendar, player, etc.). These programs may do a legitimate activity, but also might capture credit card info, etc and send it.
Rootkits Programs installed on computers that takes control of certain aspects of the computer by replacing OS utilities. Sony installed a program on their CDs (2005) preventing copying of the CD by operating system routines. Others used this idea and created their own, or added features to Sony’s program. Rootkits do not spread themselves. Very difficult to remove from HD. Boot from another device and see if problems disappear.
Logic Bombs Lies Dormant until triggered by an event such as a date, person fired, etc. Usually done by employees. Very difficult to discover before triggered. Embedded in large programs.
Privilege Escalation Either change own privilege to higher level, or use another employees higher privilege. Done by exploiting vulnerabilities of OS.
Malware for profit Spam, spyware and botnets Spam Waste of time, checking and deleting. Email lists are sold by many ISPs, and other sites.
Spyware Tracking software installed without the knowledge of the user. Advertises and Collects and distributes personal information. Harder to detect and remove than viruses. Causes the computer to slow down, freezes up, new browser toolbars or menus installed, hijacked homepage and increased popups. Adware – a software that delivers advertising for gambling sites or pornography. Keeps track of browsing behavior and reports to give specific pop-ups for merchandize. Keyloggers. A small hardware attached to the keyboard interface or a resident software that monitors and logs each keystroke.
Botnets Programs that render your computer to be controlled remotely. The computer is called a zombie. Thousands of zombie computers under the control of a single attacker is called a botnet. Attackers use internet relay chat (IRC) to remotely control the zombies. Zombies are used for spamming, spreading malware, denying services, etc.
Hardware based attacks BIOS BIOS can be flashed with viruses or rootkits. Flashing the bios can render the computer useless until it is replaced. You can write protect BIOS to prevent this from happening. USB devices NAS and SANs can get all malware discussed. Cell phones – infected messages, launch attacks, make calls, etc.
Attacks on Virtualized systems Operating system virtualization with virtual machine Storage virtualization Multiple os on the same machine. However, existing anti virus/spam software do not work. Additional concern – one existing virtual machine may infect another. Protection approaches: Hypervisor-runs on the physical machine and manages the virtual machines. Run security software such as a firewall on the physical machine