Security Awareness Chapter 2 Desktop Security

After completing this chapter, you should be able to do the following:  Describe the different types of software and hardware attacks  List types of desktop defenses  Explain how to recover from an attack Security Awareness, 3 rd Edition2

 Most attacks fall into two categories  Malicious software attacks  Attacks on hardware Security Awareness, 3 rd Edition3

 Malware  Wide variety of damaging or annoying attack software  Enters a computer system without the owner’s knowledge or consent  Primary objectives of malware  Infect a computer system with destructive software  Conceal a malicious action Security Awareness, 3 rd Edition4

 Viruses  Malicious program that needs a ‘‘carrier’’ to survive  Two carriers  Program or document  User Security Awareness, 3 rd Edition5

 Viruses have performed the following functions:  Caused a computer to crash repeatedly  Erased files from a hard drive  Installed hidden programs, such as stolen software, which is then secretly distributed from the computer  Made multiple copies of itself and consumed all of the free space in a hard drive  Reduced security settings and allowed intruders to remotely access the computer  Reformatted the hard disk drive Security Awareness, 3rd Edition6

 Types of computer viruses  File infector  Resident  Boot  Companion  Macro  Polymorphic Security Awareness, 3 rd Edition7

 Worms  Take advantage of a vulnerability in an application or an operating system  Enter a system  Deposit its payload  Immediately searches for another computer that has the same vulnerabiliy Security Awareness, 3 rd Edition8

 Different from a virus  Does not require program or user  Actions that worms have performed include  Deleting files on the computer  Allowing the computer to be remote-controlled by an attacker Security Awareness, 3 rd Edition9

 Trojan horse (or just Trojan)  Program advertised as performing one activity but actually does something else  Typically executable programs that contain hidden code that attacks the computer system Security Awareness, 3 rd Edition10

 Rootkit  Set of software tools  Used to break into a computer, obtain special privileges to perform unauthorized functions  Goal is not to damage a computer directly  Go to great lengths to ensure that they are not detected and removed  Replace operating system commands with modified versions that are specifically designed to ignore malicious activity  Detecting a rootkit can be difficult Security Awareness, 3 rd Edition11

 Logic bomb  Computer program or a part of a program that lies dormant until it is triggered by a specific logical event  Once triggered, performs malicious activities  Extremely difficult to detect before they are triggered Security Awareness, 3 rd Edition12

Table 2-1 Famous logic bombs Security Awareness, 3 rd Edition13 Course Technology/Cengage Learning

 Zombie  Infected ‘‘robot’’ computer  Botnet  Hundreds, thousands, or tens of thousands of zombies  Internet Relay Chat (IRC)  Used to remotely control the zombies  Number of zombies and botnets is staggering Security Awareness, 3 rd Edition14

Table 2-2 Uses of botnets Security Awareness, 3 rd Edition15 Course Technology/Cengage Learning

 Types of hardware that is targeted includes  BIOS  USB devices  Cell phones  Physical theft of laptop computers and information Security Awareness, 3 rd Edition16

 Basic Input/Output System (BIOS)  Coded program embedded on the processor chip  Recognizes and controls different devices on the computer system  Read Only Memory (ROM) chip  Older systems  PROM (Programmable Read Only Memory) chip  Newer computers  Flashing the BIOS  Reprogramming Security Awareness, 3 rd Edition17

 USB (universal serial bus)  Small, lightweight, removable, and contain rewritable storage  Common types  USB flash memory  MP3 players  Primary targets of attacks to spread malware  Allow spies or disgruntled employees to copy and steal sensitive corporate data Security Awareness, 3 rd Edition18

 Reduce the risk introduced by USB devices  Prohibit by written policy  Disable with technology  Disable the USB in hardware  Disable the USB through the operating system  Use third-party software Security Awareness, 3 rd Edition19

 Portable communication devices  Rapidly replacing wired telephones  Types of attacks  Lure users to malicious Web sites  Infect a cell phone  Launch attacks on other cell phones  Access account information  Abuse the cell phone service Security Awareness, 3 rd Edition20

 Portable laptop computers are particularly vulnerable to theft  Data can be retrieved from a hard drive by an attacker even after its file has been deleted Security Awareness, 3 rd Edition21

 Defenses include:  Managing patches  Installing antivirus software  Using buffer overflow protection  Protecting against theft  Creating data backups Security Awareness, 3 rd Edition22

 Patch  Software security update intended to cover vulnerabilities that have been discovered after the program was released Security Awareness, 3 rd Edition23

 Automatic update configuration options for most operating systems  Install updates automatically  Download updates but let me choose when to install them  Check for updates but let me choose whether to download and install them  Never check for updates Security Awareness, 3 rd Edition24

 Scan a computer’s hard drive for infections  Monitor computer activity  Examine all new documents that might contain a virus  Drawback of AV software  Must be continuously updated to recognize new viruses  Should be configured to constantly monitor for viruses and automatically check for updated signature files Security Awareness, 3 rd Edition25

 Buffer overflow  Occurs when a computer process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer  May cause computer to stop functioning  Windows-based system protection  Data Execution Prevention (DEP)  Address Space Layout Randomization (ASLR) Security Awareness, 3 rd Edition26

Figure 2-4 Buffer overflow attack Security Awareness, 3 rd Edition27 Course Technology/Cengage Learning

 Applies to laptops especially  Device lock  Steel cable and a lock  Software tracking system Security Awareness, 3 rd Edition28

 Copying data from a computer’s hard drive onto other digital media  Then storing it in a secure location  Sophisticated hardware and software can back up data on a regular schedule  Personal computer users  Operating system functions  Third-party software Security Awareness, 3 rd Edition29

 What information to back up  Back up only user files  Back up all files  Frequency of backups  Regular schedule  RAID (Redundant Array of Independent Drives)  Uses multiple hard disk drives for increased reliability  Several RAID configurations  Called levels Security Awareness, 3 rd Edition30

Table 2-3 Types of data backups Security Awareness, 3 rd Edition31 Course Technology/Cengage Learning

 Backup storage media  Temporary media should not be used  Alternatives  Portable USB hard drives  Network Attached Storage (NAS)  Internet services  Disc storage Security Awareness, 3 rd Edition32

 Location of backup storage  Protect against not only virus attacks but also against hardware malfunctions, user error, software corruption, and natural disasters  Backups ideally should be stored in a location away from the device that contains the information Security Awareness, 3 rd Edition33

 Basic steps to perform  Disconnect  Identify  Disinfect  Recheck  Reinstall  Analyze Security Awareness, 3 rd Edition34

 Malicious software (malware)  Enters a computer system without the owner’s knowledge or consent  Includes a wide variety of damaging or annoying software  Infecting malware  Concealing malware  Hardware is also the target of attackers  Tactics for defending desktop systems  Basic steps to disinfect and restore a computer Security Awareness, 3 rd Edition35