95-752:8-1 Application Security. 95-752:8-2 Malicious Code Vulnerable Software Hacker toolkits Back/Trapdoors Greedy Programs / Logic bombs Salami Attacks.

Slides:



Advertisements
Similar presentations
Higher Computing Computer Systems S. McCrossan Higher Grade Computing Studies 8. Supporting Software 1 Software Compatibility Whether you are doing a fresh.
Advertisements

Lecture: Malicious Code CIS 3360 Ratan K. Guha. Malicious Code2 Overview and Reading Assignments Defining malicious logic Types Action by Viruses Reading.
Lecturer: Fadwa Tlaelan
Chapter 3 (Part 1) Network Security
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Unit 18 Data Security 1.
Computer Viruses.
Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.
________________ CS3235, Nov 2002 Viruses Adapted from Pfleeger[Chap 5]. A virus is a program [fragment] that can pass on malicious code [usually itself]
Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,
1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Computer Viruses By Patsy Speer What is a Virus? Malicious programs that cause damage to your computer, files and information They slow down the internet.
Done By:Salha Mohammed Obaid AL-kaabi ID:
Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden
Video Following is a video of what can happen if you don’t update your security settings! security.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
Desktop Security After completing this lesson, you should be able to do the following: Describe the different types of software and hardware attacks List.
Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.
The Utility Programs: The system programs which perform the general system support and maintenance tasks are known as utility programs. Tasks performed.
Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.
CMSC 414 Computer (and Network) Security Lecture 14 Jonathan Katz.
Lecture 14 Overview. Program Flaws Taxonomy of flaws: – how (genesis) – when (time) – where (location) the flaw was introduced into the system 2 CS 450/650.
Computer Security. 2 Computer Crime and Cybercrime Computer crimes occur when intruders gain unauthorized access to computer systems Cybercrime is crime.
Terminology Worm –A computer program that duplicates itself over computer networks. Virus –A computer program that inspects it’s environment and copies.
Computer Threats Cybercrimes are criminal acts conducted through the use of computers by cybercriminals. © 2009 Prentice-Hall, Inc. 1.
1.2 Security. Computer security is a branch of technology known as information security, it is applied to computers and networks. It is used to protect.
1 Chapter 19: Malicious Software Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Modified by Prof. M. Singhal, U of Kentucky)
1 Higher Computing Topic 8: Supporting Software Updated
1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
Viruses, Trojans and Worms The commonest computer threats are viruses. Virus A virus is a computer program which changes the way in which the computer.
Administrative: Objective: –Tutorial on Risks –Phoenix recovery Outline for today.
Computer Crimes 8 8 Chapter. The act of using a computer to commit an illegal act Authorized and unauthorized computer access. Examples- o Stealing time.
Chapter 10 Malicious software. Viruses and ” Malicious Programs Computer “ Viruses ” and related programs have the ability to replicate themselves on.
Trojan Horses on the Web. Definition: A Trojan horse a piece of software that allows the user think that it does a certain task, while actually does an.
CIS 442: Chapter 2 Viruses. Malewares Maleware classifications and types Viruses Logical and time bombs Trojan horses and backdoors Worms Spam Spyware.
We are here to help you… Fight something like this Brownies !
Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.
What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.
Malicious Logic and Defenses. Malicious Logic Trojan Horse – A Trojan horse is a program with an overt (documented or known) effect and covert (undocumented.
BY FIOLA CARVALHO TE COMP. CONTENTS  Malicious Software-Definition  Malicious Programs Backdoor Logic Bomb Trojan Horse Mobile Code Multiple-Threat.
Programmed Threats Richard Newman. What is a Programmed Threat? Potential source of harm from computer code May be in form of - Executable program - Executable.
Viruses a piece of self-replicating code attached to some other code – cf biological virus both propagates itself & carries a payload – carries code to.
Computer Virus: “A program that can infect other programs by modifying them to include a version of itself” -- Dr Fred Cohen Compare to an office clerk.
Malicious Software.
Chapter 19 – Malicious Software What is the concept of defense: The parrying of a blow. What is its characteristic feature: Awaiting the blow. —On War,
Computer Security Threats CLICKTECHSOLUTION.COM. Computer Security Confidentiality –Data confidentiality –Privacy Integrity –Data integrity –System integrity.
14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Protection.
Understand Malware LESSON Security Fundamentals.
W elcome to our Presentation. Presentation Topic Virus.
Types of Computer Malware. The first macro virus was written for Microsoft Word and was discovered in August Today, there are thousands of macro.
MALICIOUS SOFTWARE Rishu sihotra TE Computer
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
COMPUTER VIRUSES ….! Presented by: BSCS-I Maheen Zofishan Saba Naz Numan Sheikh Javaria Munawar Aisha Fatima.
Information Systems CS-507 Lecture 32. Physical Intrusion The intruder could physically enter an organization to steal information system assets or carry.
Antivirus Software Technology By Mitchell Zell. Intro  Computers are vulnerable to attack  Most common type of attack is Malware  Short for malicious.
Security on the Internet Norman White ©2001. Security What is it? Confidentiality – Can my information be stolen? Integrity – Can it be changed? Availability.
MALWARE.
Operating Systems Services provided on internet
Viruses and Other Malicious Content
Chap 10 Malicious Software.
UNIT 18 Data Security 1.
Chapter 22: Malicious Logic
Chap 10 Malicious Software.
Computer Security.
Test 3 review FTP & Cybersecurity
Malicious Program and Protection
Presentation transcript:

95-752:8-1 Application Security

95-752:8-2 Malicious Code Vulnerable Software Hacker toolkits Back/Trapdoors Greedy Programs / Logic bombs Salami Attacks Trapdoors Worms/Viruses Bot Networks

95-752:8-3 Vulnerable Software Buffer overflows Insecure running environment Insecure temporary files Insecure program calls Weak encryption Poor programming “If people built buildings the way that programmers write software, the first woodpecker to come along would destroy civilization.”

95-752:8-4 Handling Vulnerabilities Locating Dealing with vendors Applying patches Disabling services Reconfiguring software/services

95-752:8-5 Hacker Toolkits Programs that automatically scan for security problems on systems – Useful for system administrators to find problems for fixing – Useful for hackers to find problems for exploitation Examples: – SATAN – COPS – ISS Countermeasure: Detection Software

95-752:8-6 Back/Trapdoors Pieces of code written into applications of operating systems to grant programmers easy access Useful for debugging and monitoring Too often, not removed Examples: –Dennis Richie’s loging/compiler hack –Sendmail DEBUG mode Countermeasures –Sandboxing –Code Reviews

95-752:8-7 Logic Bombs Pieces of code to cause undesired effects when event occurs Used to enforce licenses (time-outs) Used for revenge by disgruntled Can be hard to determine malicious Examples –British accounting firm logic bomb –British bank hack Countermeasures –Personnel security

95-752:8-8 Viruses Pieces of code that attach to existing programs Not distinct program No beneficial use – VERY destructive Examples: –Michelangelo –Love letter Countermeasures –Virus detection/disinfection software

95-752:8-9 Structure of a Virus Marker: determine if a potential carrier program has been previously infected Infector: Seeks out potential carriers and infects Trigger check: Establishes if current conditions are sufficient for manipulation Manipulation: Carry out malicious task

95-752:8-10 Types of Viruses Memory-resident Hardware Buffered Hide-and-seek Live-and-die Boot segment Macro

95-752:8-11 Worms Stand-alone programs that copy themselves from system to system Some use in network computation Examples: –Dolphin worm (Xerox PARC) –Code Red (2001, $12B cost) –Morris Worm (1988, $20M cost) Countermeasures –Sandboxing –Quick patching: fix holes, stop worm

95-752:8-12 Trojan Horses Programs that have malicious covert purpose Have been used for license enforcement Examples: –FIX2001 –AOL4FREE –RIDBO Countermeasures –Sandboxing –Code reviews

95-752:8-13 Greedy Programs Programs that copy themselves Core wars Have been used in destructive web pages, standalone programs Can be very difficult to show deliberate usage Countermeasures: – CPU quotas on process families – Process quotas – Review of imported software & web pages

95-752:8-14 Bot Networks Collections of compromised machines Typically, compromised by scripts Respond to commands, perhaps encrypted Examples: Leaves Code Red II Countermeasures: Vul patching, Integrity checks

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.