Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Awareness Chapter 2 Desktop Security. Objectives After completing this chapter, you should be able to do the following: Describe the different.

Published byLambert Sutton Modified over 9 years ago

Similar presentations

Presentation on theme: "Security Awareness Chapter 2 Desktop Security. Objectives After completing this chapter, you should be able to do the following: Describe the different."— Presentation transcript:

1 Security Awareness Chapter 2 Desktop Security

2 Objectives After completing this chapter, you should be able to do the following: Describe the different types of software and hardware attacks List types of desktop defenses Explain how to recover from an attack Security Awareness, 3 rd Edition2

3 Attacks on Desktop Computers Most attacks fall into two categories –Malicious software attacks –Attacks on hardware Security Awareness, 3 rd Edition3

4 Malicious Software Attacks Malware –Wide variety of damaging or annoying attack software –Enters a computer system without the owner’s knowledge or consent Primary objectives of malware –Infect a computer system with destructive software –Conceal a malicious action Security Awareness, 3 rd Edition4

5 Infecting Malware Viruses –Malicious program that needs a ‘‘carrier’’ to survive –Two carriers Program or document User Security Awareness, 3 rd Edition5

6 Infecting Malware (cont’d.) Viruses have performed the following functions: –Caused a computer to crash repeatedly –Erased files from a hard drive –Installed hidden programs, such as stolen software, which is then secretly distributed from the computer –Made multiple copies of itself and consumed all of the free space in a hard drive –Reduced security settings and allowed intruders to remotely access the computer –Reformatted the hard disk drive Security Awareness, 3rd Edition6

7 Infecting Malware (cont’d.) Types of computer viruses –File infector –Resident –Boot –Companion –Macro –Polymorphic Security Awareness, 3 rd Edition7

8 Infecting Malware (cont’d.) Worms –Take advantage of a vulnerability in an application or an operating system –Enter a system –Deposit its payload –Immediately searches for another computer that has the same vulnerabiliy Security Awareness, 3 rd Edition8

9 Infecting Malware (cont’d.) Different from a virus –Does not require program or user Actions that worms have performed include –Deleting files on the computer –Allowing the computer to be remote-controlled by an attacker Security Awareness, 3 rd Edition9

10 Concealing Malware Trojan horse (or just Trojan) –Program advertised as performing one activity but actually does something else –Typically executable programs that contain hidden code that attacks the computer system Security Awareness, 3 rd Edition10

11 Concealing Malware (cont’d.) Rootkit –Set of software tools –Used to break into a computer, obtain special privileges to perform unauthorized functions –Goal is not to damage a computer directly –Go to great lengths to ensure that they are not detected and removed –Replace operating system commands with modified versions that are specifically designed to ignore malicious activity –Detecting a rootkit can be difficult Security Awareness, 3 rd Edition11

12 Concealing Malware (cont’d.) Logic bomb –Computer program or a part of a program that lies dormant until it is triggered by a specific logical event –Once triggered, performs malicious activities –Extremely difficult to detect before they are triggered Security Awareness, 3 rd Edition12

13 Concealing Malware (cont’d.) Table 2-1 Famous logic bombs Security Awareness, 3 rd Edition13 Course Technology/Cengage Learning

14 Concealing Malware (cont’d.) Zombie –Infected ‘‘robot’’ computer Botnet –Hundreds, thousands, or tens of thousands of zombies Internet Relay Chat (IRC) –Used to remotely control the zombies Number of zombies and botnets is staggering Security Awareness, 3 rd Edition14

15 Concealing Malware (cont’d.) Table 2-2 Uses of botnets Security Awareness, 3 rd Edition15 Course Technology/Cengage Learning

16 Hardware Attacks Types of hardware that is targeted includes –BIOS –USB devices –Cell phones –Physical theft of laptop computers and information Security Awareness, 3 rd Edition16

17 BIOS Basic Input/Output System (BIOS) –Coded program embedded on the processor chip –Recognizes and controls different devices on the computer system Read Only Memory (ROM) chip –Older systems PROM (Programmable Read Only Memory) chip –Newer computers –Flashing the BIOS Reprogramming Security Awareness, 3 rd Edition17

18 USB Devices USB (universal serial bus) Small, lightweight, removable, and contain rewritable storage Common types –USB flash memory –MP3 players Primary targets of attacks to spread malware Allow spies or disgruntled employees to copy and steal sensitive corporate data Security Awareness, 3 rd Edition18

19 USB Devices (cont’d.) Reduce the risk introduced by USB devices –Prohibit by written policy –Disable with technology Disable the USB in hardware Disable the USB through the operating system Use third-party software Security Awareness, 3 rd Edition19

20 Cell Phones Portable communication devices Rapidly replacing wired telephones Types of attacks –Lure users to malicious Web sites –Infect a cell phone –Launch attacks on other cell phones –Access account information –Abuse the cell phone service Security Awareness, 3 rd Edition20

21 Physical Theft Portable laptop computers are particularly vulnerable to theft Data can be retrieved from a hard drive by an attacker even after its file has been deleted Security Awareness, 3 rd Edition21

22 Desktop Defenses Defenses include: –Managing patches –Installing antivirus software –Using buffer overflow protection –Protecting against theft –Creating data backups Security Awareness, 3 rd Edition22

23 Managing Patches Patch –Software security update intended to cover vulnerabilities that have been discovered after the program was released Security Awareness, 3 rd Edition23

24 Managing Patches (cont’d.) Automatic update configuration options for most operating systems –Install updates automatically –Download updates but let me choose when to install them –Check for updates but let me choose whether to download and install them –Never check for updates Security Awareness, 3 rd Edition24

25 Antivirus Software Scan a computer’s hard drive for infections Monitor computer activity Examine all new documents that might contain a virus Drawback of AV software –Must be continuously updated to recognize new viruses Should be configured to constantly monitor for viruses and automatically check for updated signature files Security Awareness, 3 rd Edition25

26 Buffer Overflow Protection Buffer overflow –Occurs when a computer process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer –May cause computer to stop functioning Windows-based system protection –Data Execution Prevention (DEP) –Address Space Layout Randomization (ASLR) Security Awareness, 3 rd Edition26

27 Buffer Overflow Protection (cont’d.) Figure 2-4 Buffer overflow attack Security Awareness, 3 rd Edition27 Course Technology/Cengage Learning

28 Protecting Against Theft Applies to laptops especially Device lock –Steel cable and a lock Software tracking system Security Awareness, 3 rd Edition28

29 Creating Data Backups Copying data from a computer’s hard drive onto other digital media –Then storing it in a secure location Sophisticated hardware and software can back up data on a regular schedule Personal computer users –Operating system functions –Third-party software Security Awareness, 3 rd Edition29

30 Creating Data Backups (cont’d.) What information to back up –Back up only user files –Back up all files Frequency of backups –Regular schedule RAID (Redundant Array of Independent Drives) –Uses multiple hard disk drives for increased reliability –Several RAID configurations Called levels Security Awareness, 3 rd Edition30

31 Creating Data Backups (cont’d.) Table 2-3 Types of data backups Security Awareness, 3 rd Edition31 Course Technology/Cengage Learning

32 Creating Data Backups (cont’d.) Backup storage media –Temporary media should not be used –Alternatives Portable USB hard drives Network Attached Storage (NAS) Internet services Disc storage Security Awareness, 3 rd Edition32

33 Creating Data Backups (cont’d.) Location of backup storage –Protect against not only virus attacks but also against hardware malfunctions, user error, software corruption, and natural disasters –Backups ideally should be stored in a location away from the device that contains the information Security Awareness, 3 rd Edition33

34 Recovering from an Attack Basic steps to perform –Disconnect –Identify –Disinfect –Recheck –Reinstall –Analyze Security Awareness, 3 rd Edition34

35 Summary Malicious software (malware) –Enters a computer system without the owner’s knowledge or consent –Includes a wide variety of damaging or annoying software –Infecting malware –Concealing malware Hardware is also the target of attackers Tactics for defending desktop systems Basic steps to disinfect and restore a computer Security Awareness, 3 rd Edition35

Download ppt "Security Awareness Chapter 2 Desktop Security. Objectives After completing this chapter, you should be able to do the following: Describe the different."

Similar presentations

Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
Protect your PC virus, worm, Trojan horse, phishing, spam, botnet and zombies, spoofing, social engineering, identity theft, spyware, rootkits Click.

Protect your PC virus, worm, Trojan horse, phishing, spam, botnet and zombies, spoofing, social engineering, identity theft, spyware, rootkits Click.
September,2012 Managing Files and Folders 4/23/2015 Compiled By:- Solomon W. Demissie 1.

September,2012 Managing Files and Folders 4/23/2015 Compiled By:- Solomon W. Demissie 1.
 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.

 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.

Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.

CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
Security+ Guide to Network Security Fundamentals, Third Edition

Security+ Guide to Network Security Fundamentals, Third Edition
Security Awareness Chapter 2 Desktop Security. After completing this chapter, you should be able to do the following:  Describe the different types of.

Security Awareness Chapter 2 Desktop Security. After completing this chapter, you should be able to do the following:  Describe the different types of.
Computer Viruses.

Computer Viruses.
Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,

Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,
Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.

Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.
Security+ Guide to Network Security Fundamentals, Third Edition

Security+ Guide to Network Security Fundamentals, Third Edition
Chapter 2 Desktop Security

Chapter 2 Desktop Security
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
INTERNET THREATS AND HOW TO PROTECT YOUR COMPUTER -BRIAN ARENDT.

INTERNET THREATS AND HOW TO PROTECT YOUR COMPUTER -BRIAN ARENDT.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.

Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.
Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

Similar presentations

Ads by Google