1 / 53

CIT 616 Fundamentals of Computer Security

CIT 616 Fundamentals of Computer Security. Mohammed A. Saleh http://ifm.ac.tz/staff/msaleh/CIT616.html. Malware. Malware is also referred to as malicious code, which can be in terms of viruses, worms, trojans, backdoors and other malicious software

meris
Télécharger la présentation

CIT 616 Fundamentals of Computer Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CIT 616Fundamentals of Computer Security Mohammed A. Saleh http://ifm.ac.tz/staff/msaleh/CIT616.html

  2. Malware • Malware is also referred to as malicious code, which can be in terms of viruses, worms, trojans, backdoors and other malicious software • Famous attacks such as Melissa, ExploreZip, MiniZip, Code Red, NIMDA, BubbleBoy, I LoveYou, NewLove, KillerResume, Kournikova, NakedWife, or Klez • A virus or worm could even be active in your machine right now, lying dormant until some trigger activates it.

  3. Scenario

  4. Scenario

  5. Malicious Programs Needs Host Program Independent Trapdoors Logic Bombs Trojan Horses Viruses Worms Zombies Rootkits Replicate A Malware Taxonomy

  6. Terminologies • Denial of service attack (DoS) • Denial of service (DoS) attack attempts to make a server or other network device unavailable by flooding it with requests • After a short time, the server runs out of resources and can no longer function • Attacks originate from a single computer to a targeted system • Distributed DoS attack (DDoS) • Instead of using one computer, DDoS attack is launched from many different computers. • Attacks sent from hundreds or thousands of computers • Exploit • Malware that capitalizes on known or undiscovered vulnerabilities, which are bugs or weakness in software applications or operating systems.

  7. Cont … • Rootkit • Malware, usually a small suite of programs, that install a new account or steal an existing one, and then elevate the security level of that account to the highest degree • So that attackers can do their will without obstruction. • Script • File containing specific instructions of the attacker and commands to make them occur. • Sniffer • An attack, usually a Trojan horse, that monitors computer transactions or keystrokes. A keystroke logger, for instance, detects sensitive information by monitoring the user's keystrokes.

  8. Cont … • Trojan horse • Malware named for its method of getting past computer defenses by pretending to be something useful. • Zombie • A corrupted computer that is waiting for instructions and commands from its master, the attacker.

  9. Viruses

  10. Symptoms of Virus-Like Attacks

  11. Virus Hoax

  12. Terminologies

  13. How is a worm different?

  14. Indications of a Virus Attack

  15. Virus History

  16. Virus Damage

  17. Effects of Virus on Business

  18. Access Methods of a Virus

  19. Mode of Virus Infection

  20. Lifecycle of a Virus

  21. Virus Classification

  22. What does a Virus Infect?

  23. How does a Virus Infect?

  24. Cont … • Polymorphic Virus • Viruses that change themselves or change their codes in the cause of hiding from an anti-virus • Stealth Virus • Run undetected • Fast and Slow Virus • Nature of infection • Sparse Virus • These are files which will not necessary infect with every execution, could after running the program for five time or so. • Armored Virus • Protect themselves from anti-virus programs, they may even disable an anti virus program • Multipartite – they usually have multiple parts that affect both the boot sectors of different machines as well as the executables • Cavity (Space filler) – Take up the empty space at the end of files, for instance the host file, they do this so they remain undetected within the file itself • Tunnelling – Work at the lower levels of the OS, may be beneath the OS at the kernel level or even at the device driver level • Camouflage – Make themselves as legitimate files or programs

  25. Cont … • Multipartite Virus • They usually have multiple parts that affect both the boot sectors of different machines as well as the executables • Cavity (Space filler) Virus • Take up the empty space at the end of files, for instance the host file, they do this so they remain undetected within the file itself • Tunneling Virus • Work at the lower levels of the OS, may be beneath the OS at the kernel level or even at the device driver level • Camouflage Virus • Make themselves as legitimate files or programs

  26. Famous Viruses and WormsW32.CIH.Spacefiller

  27. Win 32 Explore.Zip Virus

  28. I Love You Virus

  29. Melissa Virus

  30. Pretty Park

  31. Code Red Worm

  32. W32/Klez

  33. Bug Bear

  34. SirCam

  35. Nimda

  36. SQL Slammer Worm

  37. Writing a Simple Virus Program

  38. Virus Detection Methods

  39. Virus Incident Response

  40. Prevention is Better than Cure

  41. Remedies • There are many programs that can help you keep viruses • Known as virus protection programs • These products, and the system administration procedures that go along with them, have two overlapping goals: • they don't let you run a program that's infected • they keep infected programs from damaging your system.

  42. Firewalls • A firewall is hardware, software, or a combination of both that is used to prevent unauthorized programs or Internet users from accessing a private network and/or a single computer • Unwanted programs are the malware; viruses and worms • Hardware Firewalls • Protect an entire network • Implemented on the router level • Usually more expensive, harder to configure • Software Firewalls • Protect a single computer • Usually less expensive, easier to configure

  43. How does a software firewall work? • Inspects each individual “packet” of data as it arrives at either side of the firewall • A packet is a message containing the source address (sender address) and destination address (recipient address). • Inbound to or outbound from your computer • Determines whether it should be allowed to pass through or if it should be blocked

  44. Firewall Rules • Allow – traffic that flows automatically because it has been deemed as “safe” (Ex. Meeting Maker, Eudora, etc.) • Block – traffic that is blocked because it has been deemed dangerous to your computer • Ask – asks the user whether or not the traffic is allowed to pass through • Examples of personal firewalls • ZoneAlarm <www.zonelabs.com> • BlackICE Defender <http://blackice.iss.net> • Tiny Personal Firewall <www.tinysoftware.com> • Norton Personal Firewall www.symantec.com ***Please be sure to read the license agreement carefully to verify that the firewall can be legally used at home and/or the office.

  45. Anti-virus • This a software used to prevent, detect and remove malware, including viruses, worms and Trojan horses • Virus protection software uses two main techniques • Signature-based detection • It hides in the background watching files come and go until it detects a pattern that aligns with one of its stored signatures • And then it sounds the alarm and maybe isolates or quarantines the code • Removes known viruses • Heuristic-based detection • One that periodically scan the various disks and memories of the computer • Identifies unknown viruses • detecting and reporting suspicious code segments, and placing them in quarantine.

  46. Anti-virus (cont…) Problems with Signature-based Virus Protection Programs • They require a constant flow of new signatures in response to evolving attacks • Their publishers stay alert for new viruses, determine the signatures and make them available as updated virus definition tables to their users. • As the number of viruses increases he tables get progressively larger • This is particularly a problem in the case of memory-limited devices such as palm-top computers or intelligent cell phones • Zero Day problem • Occurs when a user trips over a new virus before the publisher discovers it and can issue an updated signature

  47. Drawbacks Anti-virus • Antivirus software can degrade computer performance if it is not designed efficiently • Inexperienced users may have trouble understanding the prompts and decisions that antivirus software presents them with • The success of heuristic-based detection depends on whether it achieves the right balance between false positives and false negative • In one case, a faulty virus signature issued by Symantec mistakenly removed essential operating system files, leaving thousands of PCs unable to boot

  48. Effectiveness • Studies in December 2007 have shown that the effectiveness of antivirus software has decreased in recent years, particularly against unknown or zero day attacks. • Detection rates for these threats had dropped from 40-50% in 2006 to 20-30% in 2007. [from the German computer magazine] • At the time, the only exception was the NOD32 antivirus, which managed a detection rate of 68%

  49. Online Detection • Some antivirus vendors maintain websites with free online scanning capability of the entire computer, critical areas only, local disks, folders or files. • Examples include • Kaspersky Online Scanner • ESET Online Scanner • Some other online sites provide only scanning of files uploaded by users. • These online sites use multiple virus scanners and provide a report to the user about the uploaded file. e.g. • Jotti’s malware scan • COMODO Automated Analysis System • Virustotal.com

  50. Popular Antivirus Packages

More Related