2) Security Part 2

Question 1

Malware: Ransomware

Answer 1

Locks all files and requests money in order to unlock.
In some cases, it doesn’t lock anything.
Can sometimes be removed with anti-malware

Crypto-Malware (Latest Ransomware)
Encrypts all files and requires payment in order to decrypt.
Very powerful encryption. The only way to decrypt is to send them money.
Keep offline version of backup to avoid issues.

Question 2

Malware: Trojan Horse

Answer 2

Malware disguised as software.
Doesn't care about replicating.
Can circumvent existing security.
Some trojans can disable anti-malware.
Can install other types of malware.

Question 3

Malware: Keylogger

Answer 3

Captures all keystrokes in order to acquire valuable personal information.
Logins, emails, URLs, passwords
Circumvents encryption because it records they keyboard directly.

Clipboard logging, screen logging, instant messaging, search engine queries

Question 4

Malware: Rootkit

Answer 4

Originally a UNIX technique “root user”

Modifies core system files (part of the kernel)
Has complete control over OS
Can be invisible to system & anti-malware/virus

Question 5

Malware: Virus

Answer 5

Generic term for malware that spreads/reproduces
Requires you to execute a program

Reproduces through file systems or networks

Some are invisible, some are annoying
Very common, thousands created every week

Program Virus - part of application
Boot Sector Virus - hides in boot sector
Script Virus - OS & browser-based
Macro Virus - Common in Microsoft Office

Question 6

Malware: Botnet

Answer 6

Robot networks
Once your machine is infected, it becomes a bot/zombie
Can be installed with worms/trojans/viruses
Waits for third-party instructions
Third party can send out emails, perform DDoS, etc

Question 7

Malware: Worm

Answer 7

Malware that self-replicates quickly
Requires no human intervention
Uses network as transmission medium

Firewalls & IDS/IPS can mitigate/prevent many worm infestations

Question 8

Malware: Spyware

Answer 8

Malware that spies on you.
Advertising, identity theft, affiliate fraud
May come from a trojan.

Watches browsing habits
Sometimes uses keyloggers

Question 9

Anti-Virus/Anti-Malware

Answer 9

You need both of these.
Real-time options (not just on-demand)

Modern anti-malware recognizes malicious activity
Doesn’t require specific set of signatures

Question 10

Recovery Console

Answer 10

WinRE = Very Powerful/Dangerous - Last Resort
Gives complete control of OS
May need to repair boot sectors or file systems

Question 11

Backup/Restore

Answer 11

Always have a backup
Image backup built into Windows 7/8/10
The only way to be 100% sure malware is removed

Question 12

End User Education

Answer 12

One-on-one & personal training
Posters & signs to remind users
Message board posting
Login message (invisible over time)
Intranet Page

Question 13

Software Firewalls

Answer 13

Monitor the local computer
Alert on unknown/unauthorized network communication

Prevent malware communication
Windows Defender Firewall
or Third Party
Should be running by default

Question 14

DNS Configuration

Answer 14

Secure DNS Services
External/Hosted DNS Service
Real-time domain blocking
Sites with malware unresolvable
Constantly updated with known bad sites

Runs on secure platform
Avoids DNS cache poisoning attacks

Question 15

Social Engineering: Phishing

Answer 15

Social engineering with a touch of spoofing.
Often done by spam, IM, etc
Check the URL
Usually something is not quite right

Vishing (Voice Phishing)
“I’m from IRS, need money, get gift cards”

Question 16

Social Engineering: Spear Phishing

Answer 16

Phishing with inside information.
Makes attack more believable
Specified targets
Spear phishing CEO is “whaling”

Question 17

Social Engineering: Impersonation

Answer 17

Pretending to be someone they aren’t
Use details from online resources or trash to seem legitimate

Calls from someone “higher up”
Throwing technical details around

Question 18

Social Engineering: Shoulder Surfing

Answer 18

Someone looking over your shoulder to see information on screen (easy)

Question 19

Social Engineering: Tailgating

Answer 19

Using someone else to gain access to a building.

Can simply follow someone into a building.

Question 20

Social Engineering: Dumpster Diving

Answer 20

Using a dumpster/garbage to gather information.

Can be used to gather details for a different attack.
Names, phone numbers, etc

Question 21

DDoS

Answer 21

Distributed Denial of Service
Launching an army of computers to bring down a service.
Botnets can be used for this
Attackers are “zombie” computers

ISP may have anti-DDoS systems
Can help “turn down” the DDoS volume

Question 22

DoS

Answer 22

Denial of Service
Forcing a service to fail (commonly overloading)
Can take advantage of a vulnerability
Can send a packet causing service to be unavailable

Can be a smokescreen for another exploit
Doesn’t have to be complicated
Even turning off the power to a building

Unintentional DoS
Network DoS (Layer 2 loop without STP)
Bandwidth DoS (Downloading large files over DSL line)

Question 23

Zero-Day

Answer 23

The vulnerability has not yet been detected or published yet.

Many applications have vulnerabilities
They just haven’t been found yet

White Hat: Reports vulnerability to developer
Black Hat: Exploits or sells vulnerability

Question 24

MITM

Answer 24

Man-In-The-Middle
Redirects network traffic and then passes it on to the destination.
You never know your traffic was redirected.

ARP Poisoning (Spoofing)
Attacker sits in middle, and pretends to be a certain IP address, sending it's MAC address to be stored in the ARP cache.

Mitigate: Use encrypted protocols (HTTPS, SSH)
Client-based VPN
Encrypted wireless networks

Question 25

Brute Force

Answer 25

Passwords are hashed and stored
1-way cryptographic process, cannot reverse

Online:
Attempting every possible iteration of a password.
Keeps trying to login with different password combos.
Most accounts will lock out.

Offline:
Obtain the list of users/hashes
Calculate password hash & compare to stored hash
Large computational resource requirement

Question 26

Dictionary

Answer 26

A type of brute force attack.

Goes through popular password terms (a dictionary)
Common wordlists available on the internet
Catches users who use simple passwords

Question 27

Rainbow Table

Answer 27

An optimized, pre-built set of hashes
Doesn't need to contain every hash
The calculations are already done
You search through the calculated hashes
A simple search through a database

Need different tables for different hashing methods
Ex: Windows is different from MySQL

Won’t work with salted hashes
Salted hashes add additional random value added to original hash

Question 28

Spoofing

Answer 28

Pretending to be something you aren’t.
Ex: Fake web server, DNS server, etc
Email address spoofing
Caller ID spoofing

MITM attacks
MAC Spoofing:
Many network drivers allow you to change MAC addresses (has legitimate uses)
Circumvent MAC-based ACLs
Very difficult to detect

IP Spoofing
Can be legit: Load balancing/testing
May not: ARP poisoning, DNS amplification/DDoS
Easier to identify than MAC spoofing

Question 29

Non-Compliant System

Answer 29

It can be a challenge to constantly manage a device and make sure it’s in compliance.

SOE (Standard Operating Environments)
A set of tested/approved hardware/software
Standard OS image (usually)

OS & App Updates
Must have patches to be in compliance
OS updates, anti-virus signatures

Protecting against:
OS Control, Monitor network application traffic
Perform periodic scans
Require correction before giving access