Copyright © 2006, Idea Group Inc. 1 Chapter IV Malware and Antivirus Deployment for Enterprise Security By: Raj Sharman,K. Pramod Krishna, H. Raghov Rao.

Slides:



Advertisements
Similar presentations
Thank you to IT Training at Indiana University Computer Malware.
Advertisements

Adware and Spyware. Objectives u Define terms, scope, and motivation u Discuss impact (personal and business) u Review basic technical aspects u Provide.
Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,
What are computer viruses and its types? Computer Viruses are malicious software programs that damage computer program entering into the computer without.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
Introducing Kaspersky OpenSpace TM Security Introducing Kaspersky ® OpenSpace TM Security Available February 15, 2007.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.
Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.
Chapter Nine Maintaining a Computer Part III: Malware.
Internet Safety By Megan Wilkinson. Viruses If your computer haves a viruses on it, it will show one of them or a different one. All commuters have different.
R. FRANK NIMS MIDDLE SCHOOL A BRIEF INTRODUCTION TO VIRUSES.
Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.
Protecting People and Information: Threats and Safeguards
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.
Unit 2 - Hardware Computer Security.
Hacker Zombie Computer Reflectors Target.
Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.
 We all know we need to stay safe while using the Internet, but we may not know just how to do that. In the past, Internet safety was mostly about.
Windows Vista Security Center Chapter 5(WV): Protecting Your Computer 9/17/20151Instructor: Shilpa Phanse.
Network Security Introduction Some of these slides have been modified from slides of Michael I. Shamos COPYRIGHT © 2003 MICHAEL I. SHAMOS.
Spyware and Viruses Group 6 Magen Price, Candice Fitzgerald, & Brittnee Breze.
Introduction of Internet security Sui Wang IS300.
Chapter 8 Safeguarding the Internet. Firewalls Firewalls: hardware & software that are built using routers, servers and other software A point between.
1.2 Security. Computer security is a branch of technology known as information security, it is applied to computers and networks. It is used to protect.
A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.
Virus Detection Mechanisms Final Year Project by Chaitanya kumar CH K.S. Karthik.
ANTIVIRUS SOFTWARE.  Antivirus software is the most widespread mechanism for defending individual hosts against threats associated with malicious software,
Return to the PC Security web page Lesson 5: Dealing with Malware.
Recent Internet Viruses & Worms By Doppalapudi Raghu.
Virus and anti virus. Intro too anti virus Microsoft Anti-Virus (MSAV) was an antivirus program introduced by Microsoft for its MS-DOS operating system.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Internet Safety Piotr Hasior Introduction Internet Safety Internet safety, or online safety, is the knowledge of maximizing the user's personal safety.
Topic 5: Basic Security.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Internet security  Definition  Types of internet security  Firewalls  Anti spyware  Buffer overflow attack  Phishing  Summary.
Malicious Software.
Computer Skills and Applications Computer Security.
n Just as a human virus is passed from person from person, a computer virus is passed from computer to computer. n A virus can be attached to any file.
Computer Systems Viruses. Virus A virus is a program which can destroy or cause damage to data stored on a computer. It’s a program that must be run in.
IT Computer Security JEOPARDY RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.
Internet safety By Suman Nazir
Computer Security By Duncan Hall.
Understand Malware LESSON Security Fundamentals.
W elcome to our Presentation. Presentation Topic Virus.
Bay Ridge Security Consulting (BRSC). Importance in Securing System  If don’t keep up with security issues or fixes Exploitation of root access Installation.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
Adware and Browser Hijacker – Symptoms and Preventions /killmalware /u/2/b/ /alexwaston14/viru s-removal/ /channel/UC90JNmv0 nAvomcLim5bUmnA.
CIW Lesson 8 Part B. Malicious Software application that installs hidden services on systems term for software whose specific intent is to harm computer.
Detected by, M.Nitin kumar ( ) Sagar kumar sahu ( )
PCs ENVIRONMENT and PERIPHERALS Lecture 10. Computer Threats: - Computer threats: - It means anything that has the potential to cause serious harm to.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Cosc 4765 Antivirus Approaches. In a Perfect world The best solution to viruses and worms to prevent infected the system –Generally considered impossible.
Chapter 40 Internet Security.
Instructor Materials Chapter 7 Network Security
Security in Networking
Security.
Operating System Concepts
Test 3 review FTP & Cybersecurity
Introduction to Internet Worm
Presentation transcript:

Copyright © 2006, Idea Group Inc. 1 Chapter IV Malware and Antivirus Deployment for Enterprise Security By: Raj Sharman,K. Pramod Krishna, H. Raghov Rao & Shambhu Upadhyaya Presented by: Abdallah Rasheed Spring 08

Copyright © 2006, Idea Group Inc. 2 Outline Types Malware. Approach to antivirus S/W implementation. Mechanism of virus/antivirus.

Copyright © 2006, Idea Group Inc. 3 Malware “short for malicious software and is typically used as a catch-all term to refer to the class of software designed to cause damage to any device”. Ex: – a virus, a worm, a Trojan, spyware, or backdoor.

Copyright © 2006, Idea Group Inc. 4 Malware impact Increases business risk. Reduces productivity. Loss of customer confidence. Time consuming. Cost of antivirus / firewalls.

Copyright © 2006, Idea Group Inc. 5 Malware history 1986, “Pakistani Brain” virus. 1987, “ Merry Christmas” worm. 1988, “Morris worm”. 1990s, more complex viruses. – OS executable. – Network/protocol worms.

Copyright © 2006, Idea Group Inc. 6 Antivirus Solution: The Layered Approach: – Layer 1: Gateway and content security – Layer 2: Intranet servers – Layer 3: Desktops and user community Figure 1. Three-layer defense in enterprise network

Copyright © 2006, Idea Group Inc. 7 Layer 1 — Gateway Security and Content Security Deals with the internet visible servers & “Demilitarized Zone “DMZ. – Gateway Traffic: Firewall filters. – Content Scanning: attachment. Scan s for a text. Spam s.

Copyright © 2006, Idea Group Inc. 8 Layer 2 — Intranet Servers servers – Virtual Private Network (VPN) – Remote Access Server (RAS) Proxy servers. File servers. – Risk minimizing. – Increasing of storage space.

Copyright © 2006, Idea Group Inc. 9 Layer 3 — Desktop and User Community Sources of virus infection: – The use of Webmail. – Instant messaging tools. – peer-to-peer file sharing – downloads from the Internet. Administrator privileges Automated scan. Educating user.

Copyright © 2006, Idea Group Inc. 10 Antispyware in Enterprise Network Symptoms of spyware: – unauthorized pop-up advertisements making Web browsing difficult; – sudden change in the performance of the computer slowing it down considerably. – appearance of new and unwanted toolbar on the browser without installation. – increased crashing of operating systems, Web browsers.

Copyright © 2006, Idea Group Inc. 11 Why Antispyware Increased IT support costs. Theft of intellectual property; Privacy violations. Information disclosure. loss of credibility and damage to the organization.

Copyright © 2006, Idea Group Inc. 12 Antivirus detection techniques Pattern Recognition – examines key suspect areas and uses the virus pattern file to compare and detect viruses. Integrity Checking – Initial records of the status of all files on HDD. – Check summing programs to detect changes. – Possibility of virus; – Otherwise; False alarms.

Copyright © 2006, Idea Group Inc. 13 Cont. Techniques X-Raying – See the picture of a virus body – Based on the encryption algorithm 32-Bit Viruses and PE File Infectors – Windows 95 that uses 32-bit OS. – PE file infector run themselves each time the host file is executed.

Copyright © 2006, Idea Group Inc. 14 Cont. Techniques Entry Point Obscuring (EPO) – Places “ Jump-to-Virus” Instruction in the code. – Insert a viral code in un used space in the file. – Detection is more complex. Encrypted Virus – Has virus decryption body routine & the encrypted body. – Decryption of the virus body.

Copyright © 2006, Idea Group Inc. 15 Cont. Techniques Polymorphic Viruses – A mutation engine generates randomized decryption techniques each time the virus infects a new program. – No fixed signature and no fixed decryption routine. – Decryption routine is time consuming.

Copyright © 2006, Idea Group Inc. 16 Polymorphic Detection Generic decryption. “A scanner loads the file being scanned into a self- contained virtual container created in the RAM” – When an infected file is executed, the decryption routine executes. – The virus decrypts itself, exposing the virus body to the scanner. – The scanner Identify the virus signature.

Copyright © 2006, Idea Group Inc. 17 Heuristic-Based Generic Decryption – a generic set of rules that helps differentiate non- virus from virus behavior. – Inconsistencies may led to the presence of an infected file – Running for long period, exposes the virus body.

Copyright © 2006, Idea Group Inc. 18 Anti-Emulation Emulation is to allow the virus to run inside a virtual computer to decrypt itself and reveal its code. anti-emulation systems are incorporated into the decryptor of a virus so that it does not decrypt properly and hence will not reveal its code.

Copyright © 2006, Idea Group Inc. 19 Retrovirus Tries to bypass the antivirus by: – modifying the code of an antivirus program file – stopping the execution of the program – using methods in the virus code that cause problems for antivirus. – exploiting a specific weakness or a backdoor in an antivirus.

Copyright © 2006, Idea Group Inc. 20 Backdoor “ Trojan allows access to computer resources using network connection” Hackers download scripts onto PCs, essentially hijacking them, and then use them to launch a denial-of service attack. Those PCs become slave computers.

Copyright © 2006, Idea Group Inc. 21 Virus Infection Cycle of W32/Gobi PE virus, written in assembly. Infects (.exe) files in windows directory. Changing the registry file. – Once the registry hook is done, Gobi infects programs launched from Windows Explorer before letting them run.

Copyright © 2006, Idea Group Inc. 22 Conclusions Malicious code and Internet-based attacks keep increasing, some of the future forecasts regarding malware are: – Spam mails, phishing will continue to be a major concern in usage. – Social engineering is emerging as one of the biggest challenges, as there is no technical defense against the exploitation of human weaknesses. – The time between vulnerability disclosure and release of malware exploiting the vulnerability continues to get shorter, requiring more proactive assessment tools.

Copyright © 2006, Idea Group Inc. 23 References Enterprise Information Systems Assurance and System Security: Managerial and Technical Issues, by Merrill Warkentin and Rayford Vaughn, Idea Group Inc. Argaez, E. D. (2004). How to prevent the online invasion of spyware and adware. March 25, 2008,

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.