ch 2 malicous actvity Flashcards
macro virus
Usually placed in documents and e-mailed to users in the hopes that
the users will open the document, thus executing the virus.
Polymorphic
Can change every time it is executed in an attempt to avoid antivirus
detection.
Armored:
tricking the program
into thinking that it is located in a different place from where it actually resides.
Multipartite:
hybrid of boot and program viruses
virus
code that runs on a computer without the user’s knowledge; it infects
the computer when the code is accessed and execute
worm
program that self replicates itself
rootkit
gain administrator w/o user knowledge
BIOS, boot loader, kernel, and more
threat vector .
threat uses to access a target
attack vector .
attacker gains access to a computer in order to deliver
malicious software
botnet
group of compromised computers,
individual compromised computers in
the botnet are called zombies
Privilege escalation
bugging a pc to gain resources .
logic bomb
code that has, in some way, been inserted into software
meant to do malicious stuff
Security Applications
host-based
intrusion detection system (HIDS
installed directly within an operating system, so it is NOT considered to be an
“INLINE” device,
ADV HIDS
interpret encrypted traffic.
DIS HIDS
price, storage, amount resources and something happens to computer thae database is UNAVA
NIDS):
can be loaded or stand alone
checks packets for more than 1 pc
INLINE device
adv nids
cheaper, less resources,
dis nids
cannot monitor for
things that happen within an operating system
IDS mopnitoring Statistical anomaly:
establishes a performance baseline if dont match up it sends an alarm to admin
IDS mopnitoring Signature-based
Network traffic is analyzed for predetermined attack patterns,
False positive:
dentifies legitimate activity as something malicious.
ex good would be bad traffic
False negative:
identifies an attack as legitimate activity
common if it dont have an updated attack signature’
content filtering
block external files that use JavaScript or images
Securing the BIOS
BIOS PASSWORD
FLASH THE BIOS (UPDATING IT)
CHANGE THE BIOS ORDER