Security Awareness Chapter 2 Desktop Security. After completing this chapter, you should be able to do the following: Describe the different types of

Security Awareness

Chapter 2Desktop Security

After completing this chapter, you should be able to do the following:Describe the different types of software and hardware attacksList types of desktop defensesExplain how to recover from an attack

Security Awareness, 3rd Edition2

Most attacks fall into two categories Malicious software attacks Attacks on hardware


Malware Wide variety of damaging or annoying

attack software Enters a computer system without the

owner’s knowledge or consent Primary objectives of malware

Infect a computer system with destructive software

Conceal a malicious action


Viruses Malicious program that needs a

‘‘carrier’’ to survive Two carriers

Program or document User


Viruses have performed the following functions: Caused a computer to crash repeatedly Erased files from a hard drive Installed hidden programs, such as stolen software,

which is then secretly distributed from the computer

Made multiple copies of itself and consumed all of the free space in a hard drive

Reduced security settings and allowed intruders to remotely access the computer

Reformatted the hard disk drive


Types of computer viruses File infector Resident Boot Companion Macro Polymorphic


Worms Take advantage of a vulnerability in an

application or an operating system Enter a system Deposit its payload Immediately searches for another

computer that has the same vulnerabiliy


Different from a virus Does not require program or user

Actions that worms have performed include Deleting files on the computer Allowing the computer to be remote-

controlled by an attacker


Trojan horse (or just Trojan) Program advertised as performing one

activity but actually does something else

Typically executable programs that contain hidden code that attacks the computer system


Rootkit Set of software tools Used to break into a computer, obtain special

privileges to perform unauthorized functions Goal is not to damage a computer directly Go to great lengths to ensure that they are

not detected and removed Replace operating system commands with

modified versions that are specifically designed to ignore malicious activity

Detecting a rootkit can be difficult


Logic bomb Computer program or a part of a

program that lies dormant until it is triggered by a specific logical event

Once triggered, performs malicious activities

Extremely difficult to detect before they are triggered


Table 2-1 Famous logic bombs


Course Technology/Cengage Learning

Zombie Infected ‘‘robot’’ computer

Botnet Hundreds, thousands, or tens of

thousands of zombies Internet Relay Chat (IRC)

Used to remotely control the zombies Number of zombies and botnets is

staggeringSecurity Awareness, 3rd Edition14

Table 2-2 Uses of botnets



Types of hardware that is targeted includes BIOS USB devices Cell phones Physical theft of laptop computers and

information


Basic Input/Output System (BIOS) Coded program embedded on the

processor chip Recognizes and controls different devices

on the computer system Read Only Memory (ROM) chip

Older systems PROM (Programmable Read Only

Memory) chip Newer computers Flashing the BIOS

Reprogramming


USB (universal serial bus) Small, lightweight, removable, and

contain rewritable storage Common types

USB flash memory MP3 players

Primary targets of attacks to spread malware

Allow spies or disgruntled employees to copy and steal sensitive corporate data


Reduce the risk introduced by USB devices Prohibit by written policy Disable with technology

Disable the USB in hardware Disable the USB through the operating

system Use third-party software


Portable communication devices Rapidly replacing wired telephones Types of attacks

Lure users to malicious Web sites Infect a cell phone Launch attacks on other cell phones Access account information Abuse the cell phone service


Portable laptop computers are particularly vulnerable to theft

Data can be retrieved from a hard drive by an attacker even after its file has been deleted


Defenses include: Managing patches Installing antivirus software Using buffer overflow protection Protecting against theft Creating data backups


Patch Software security update intended to

cover vulnerabilities that have been discovered after the program was released


Automatic update configuration options for most operating systems Install updates automatically Download updates but let me choose

when to install them Check for updates but let me choose

whether to download and install them Never check for updates


Scan a computer’s hard drive for infections

Monitor computer activity Examine all new documents that might

contain a virus Drawback of AV software

Must be continuously updated to recognize new viruses

Should be configured to constantly monitor for viruses and automatically check for updated signature files


Buffer overflow Occurs when a computer process

attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer

May cause computer to stop functioning Windows-based system protection

Data Execution Prevention (DEP) Address Space Layout Randomization

(ASLR)Security Awareness, 3rd Edition26

Figure 2-4 Buffer overflow attack



Applies to laptops especially Device lock

Steel cable and a lock Software tracking system


Copying data from a computer’s hard drive onto other digital media Then storing it in a secure location

Sophisticated hardware and software can back up data on a regular schedule

Personal computer users Operating system functions Third-party software


What information to back up Back up only user files Back up all files

Frequency of backups Regular schedule

RAID (Redundant Array of Independent Drives) Uses multiple hard disk drives for increased

reliability Several RAID configurations

Called levels


Table 2-3 Types of data backups



Backup storage media Temporary media should not be used Alternatives

Portable USB hard drives Network Attached Storage (NAS) Internet services Disc storage


Location of backup storage Protect against not only virus attacks

but also against hardware malfunctions, user error, software corruption, and natural disasters

Backups ideally should be stored in a location away from the device that contains the information


Basic steps to perform Disconnect Identify Disinfect Recheck Reinstall Analyze


Malicious software (malware) Enters a computer system without the

owner’s knowledge or consent Includes a wide variety of damaging or

annoying software Infecting malware Concealing malware

Hardware is also the target of attackers Tactics for defending desktop systems Basic steps to disinfect and restore a

computerSecurity Awareness, 3rd Edition35

Documents

Security Awareness Chapter 2 Desktop Security. After completing this chapter, you should be able to do the following: Describe the different types of