Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSCE 201 Attacks on Desktop Computers: Malicious Code Hardware attacks.

Published byJanel Gibson Modified over 8 years ago

Similar presentations

Presentation on theme: "CSCE 201 Attacks on Desktop Computers: Malicious Code Hardware attacks."— Presentation transcript:

1 CSCE 201 Attacks on Desktop Computers: Malicious Code Hardware attacks

2 CSCE 201 - Farkas2 Reading list: – M. Ciampa, Security Awareness: Chapter 2 – Malicious Codes in Depth, http://www.securitydocs.com/library/2742 http://www.securitydocs.com/library/2742 – USC Computer Services – Virus Information Center http://www.uts.sc.edu/itsecurity/antivirus.shtml http://www.uts.sc.edu/itsecurity/antivirus.shtml

3 CSCE 201 - Farkas3 Program Flaws Taxonomy of flaws: – how (genesis) – when (time) – where (location) the flaw was introduced into the system

4 CSCE 201 - Farkas4 Security Flaws by Genesis Genesis – Intentional Malicious: Trojan Horse, Trapdoor, Logic Bomb, Rootkits, Botnets, Covert channels Non-malicious – Inadvertent Validation error Domain error Serialization error Identification/authentication error Other error

5 CSCE 201 - Farkas5 Kinds of Malicious Codes Virus: a program that attaches copies of itself into other programs. Propagates and performs some unwanted function. Rabbit (Bacteria): program that consumes system resources by replicating itself.

6 CSCE 201 - Farkas6 Kinds of Malicious Code Worm: a program that propagates copies of itself through the network. Usually performs some unwanted function. – Does not attach to other programs Trojan Horse: secret, undocumented routine embedded within a useful program. Execution of the program results in execution of secret code.

7 CSCE 201 - Farkas7 Kinds of Malicious Code Logic bomb, time bomb: logic embedded in a program that checks for a certain set of conditions to be present in the system. When these conditions are present, some malicious code is executed. Trapdoor: secret, undocumented entry point into a program, used to grant access without normal methods of access authentication.

8 Kinds of Malicious Code Rootkits: aims to hide the presence of itself and other malicious code on the computer by corrupting detection capabilities. Usually limited to the corrupted computer. Zombies and Botnets: computers under the control of a remote entity. Attackers goals: spreading virus, attacking internet communications, stealing personal data, manipulating online polls, DOS. CSCE 201 - Farkas8

9 9 Virus Virus lifecycle: 1. Dormant phase: the virus is idle. (not all viruses have this stage) 2. Propagation phase: the virus places an identical copy of itself into other programs of into certain system areas. 3. Triggering phase: the virus is activated to perform the function for which it was created. 4. Execution phase: the function is performed. The function may be harmless or damaging.

10 CSCE 201 - Farkas10 Virus Types Transient (parasitic) virus: most common form. Attaches itself to a file and replicates when the infected program is executed. Memory resident virus: lodged in main memory as part of a resident system program. Virus may infect every program that executes.

11 CSCE 201 - Farkas11 Virus Types Boot Sector Viruses: – Infects the boot record and spreads when system is booted. – Gains control of machine before the virus detection tools. – Very hard to notice – Carrier files: AUTOEXEC.BAT, CONFIG.SYS,IO.SYS

12 CSCE 201 - Farkas12 Virus Types Stealth virus: a form of virus explicitly designed to hide from detection by antivirus software. Polymorphic virus: a virus that mutates with every infection making detection by the “signature” of the virus difficult.

13 CSCE 201 - Farkas13 How Viruses Append Original program virus Original program virus Virus appended to program +=

14 CSCE 201 - Farkas14 How Viruses Append Original program virus Original program Virus-1 Virus surrounding a program += Virus-2

15 CSCE 201 - Farkas15 How Viruses Append Original program virus Original program Virus-1 Virus integrated into program += Virus-2 Virus-3 Virus-4

16 CSCE 201 - Farkas16 High Risk Viruses Properties – Hard to detect – Hard to destroy – Spread infection widely – Can re-infect – Easy to create – Machine independent

17 CSCE 201 - Farkas17 Virus Signatures Storage pattern – Code always located on a specific address – Increased file size Execution pattern Transmission pattern Polymorphic Viruses

18 CSCE 201 - Farkas18 Antivirus Approaches Detection: determine infection and locate the virus. Identification: identify the specific virus. Removal: remove the virus from all infected systems, so the disease cannot spread further. Recovery: restore the system to its original state.

19 CSCE 201 - Farkas19 Preventing Virus Infection Prevention: Good source of software installed Isolated testing phase Use virus detectors Limit damage: Make bootable diskette Make and retain backup copies important resources

20 CSCE 201 - Farkas20 Worm Self-replicating (like virus) Objective: system penetration (intruder) Phases: dormant, propagation, triggering, and execution Propagation: – Searches for other systems to infect (e.g., host tables) – Establishes connection with remote system – Copies itself to remote system – Execute

21 Hardware Attacks Basic Input/Output System (BIOS) USB Devices Cell Phones Physical Theft CSCE 201 - Farkas21

22 BIOS Attacks BIOS: – Recognizes and controls different devices on the computer system – Executed when the computer is turned on Old computers: Read Only Memory (ROM) New computers: Programmable Read Only Memory (PROM) – Flashing the BIOS  can disable the computer completely CSCE 201 - Farkas22

23 USB Devices Universal Serial Bus(USB) Small, light weight, removable, rewriteable NO SECURITY Control: – Organizational policy – Disable USB in hardware – Disable USB in software – Use third party software CSCE 201 - Farkas23

24 How to Prevent USB Attacks? USBDetect 3.0 – Developed by the NSA – Monitors USB ports on PCs attached to a network – Automatically reports back any unauthorized activity, including flash or hard disks, and external CD or DVD drives Not available for general public CSCE 201 - Farkas24

25 Cell Phones Extended phone capabilities Risk associated with cell phones – US CERT, Defending Cell Phones and PDAs Against Attack, http://www.us-cert.gov/cas/tips/ST06-007.htmlhttp://www.us-cert.gov/cas/tips/ST06-007.html – M. Murray, Can Cell Phones Compromise Your Network?, April 2010, http://www.businessweek.com/technology/content/apr2006/t c20060413_027470.htm http://www.businessweek.com/technology/content/apr2006/t c20060413_027470.htm – M. Zetlin, Cell Phones: A Security Risk to Your Business?, March 2010, http://www.inc.com/telecom/articles/201003/cellphone.html http://www.inc.com/telecom/articles/201003/cellphone.html CSCE 201 - Farkas25

26 US-CERT Security Risk of Cell Phones and PDAs Abuse your service: e.g., extra charges, download malicious code Lure you to a malicious web site: e.g., phishing using text messages, visit phishing web sites, etc. Use your cell phone or PDA in an attack: e.g., attackers compromise device and use it as the origin of attack Gain access to account information: e.g., access to all personal data stored on the device CSCE 201 - Farkas26

27 How to Protect Cell Phones/PDAs? Follow general guidelines for protecting portable devices Be careful about posting your cell phone number and email address Do not follow links sent in email or text messages Be wary of downloadable software Evaluate your security settings CSCE 201 - Farkas27

28 Protection of Portable Devices Use passwords correctly Consider storing important data separately Encrypt files Install and maintain anti-virus software Install and maintain a firewall Back up your data CSCE 201 - Farkas28

29 Physical Theft See previous lectures on physical security and protecting laptops (08/27, 2010) CSCE 201 - Farkas29

30 CSCE 201 - Farkas30 Next Class Defending personal comuters – Overview M. Ciampa, Security Awareness, Chapter 2

Download ppt "CSCE 201 Attacks on Desktop Computers: Malicious Code Hardware attacks."

Similar presentations

Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,

Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
30/04/2015Tim S Roberts 20081 COIT13152 Operating Systems T1, 2008 Tim S Roberts.

30/04/2015Tim S Roberts COIT13152 Operating Systems T1, 2008 Tim S Roberts.
 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.

 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.

Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.
Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.

Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.
Chapter 3 (Part 1) Network Security

Chapter 3 (Part 1) Network Security
Security Awareness Chapter 2 Desktop Security. Objectives After completing this chapter, you should be able to do the following: Describe the different.

Security Awareness Chapter 2 Desktop Security. Objectives After completing this chapter, you should be able to do the following: Describe the different.
Security Awareness Chapter 2 Desktop Security. After completing this chapter, you should be able to do the following:  Describe the different types of.

Security Awareness Chapter 2 Desktop Security. After completing this chapter, you should be able to do the following:  Describe the different types of.
ITMS- 3153 Information Systems Security 1. Malicious Code Malicious code or rogue program is the general name for unanticipated or undesired effects in.

ITMS Information Systems Security 1. Malicious Code Malicious code or rogue program is the general name for unanticipated or undesired effects in.
________________ CS3235, Nov 2002 Viruses Adapted from Pfleeger[Chap 5]. A virus is a program [fragment] that can pass on malicious code [usually itself]

________________ CS3235, Nov 2002 Viruses Adapted from Pfleeger[Chap 5]. A virus is a program [fragment] that can pass on malicious code [usually itself]
Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,

Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,
1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Lecture 15 Overview. Kinds of Malicious Codes Virus: a program that attaches copies of itself into other programs. – Propagates and performs some unwanted.

Lecture 15 Overview. Kinds of Malicious Codes Virus: a program that attaches copies of itself into other programs. – Propagates and performs some unwanted.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
1 Computer Viruses (and other “Malicious Programs) Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.

1 Computer Viruses (and other “Malicious Programs) Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
Summary Notes TERM TWO BASIC SEVEN 7 Prepared by Sir Lexis Oppong Prepared by Sir Lexis Oppong ACADEMIC YEAR 2013/2014 ACADEMIC YEAR 2013/2014.

Summary Notes TERM TWO BASIC SEVEN 7 Prepared by Sir Lexis Oppong Prepared by Sir Lexis Oppong ACADEMIC YEAR 2013/2014 ACADEMIC YEAR 2013/2014.
Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden
Video Following is a video of what can happen if you don’t update your security settings! security.

Video Following is a video of what can happen if you don’t update your security settings! security.

Similar presentations

Ads by Google