Ch.16 - Protecting Information Assets Flashcards
What is Malicious Software?
- Software that: • Causes damage • Escalates security privileges • Divulges private data • Modifies or deletes data
Malicious Software (malware)
Any program that carries out actions that you do not intend
Malicious Code and Activity
- Malicious code attacks all three information security properties:
o Confidentiality: Disclose your org’s private info
o Integrity: Modify database records – immediately or over period of time
o Availability: Erase/overwrite files or inflict considerable damage to storage media
Virus
Attaches itself to or copies itself into another program on computer
• Tricks computer into following instructions not intended by original program developer
• Infects host program and may cause that host program to replicate itself to other computers
• User who runs infected program authenticates the virus
Trojan Horse
Malware that masquerades as useful program
• Hide programs that collect sensitive information
• Open backdoors into computers
• Actively upload and download files
Rootkit
Modifies/replaces one or more existing programs to hide traces of attacks
• Many different types of rootkits
• Conceals its existence once installed
• Is difficult to detect and remove
Spyware
Type of malware that specifically threatens confidentiality of info
• Monitors keystrokes
• Scans files on the hard drive
• Snoops other applications
• Installs other spyware programs
• Reads cookies
• Changes default homepage on the web browser
Ransomware
Attempts to generate funds directly from computer user
• Attacks a computer and limits the user’s ability to access the computer’s data
• Encrypts important files or even the entire disk and makes them inaccessible
• One of the first ransomware programs was Crypt0L0cker
Spam
Mass mailing of identical messages to large number of users
• Consumes computing resources bandwidth and CPU time
• Diverts IT personnel from activities more critical to network security
• Is potential carrier of malicious code
• Compromises intermediate systems to facilitate remailing services
• Opt-out (unsubscribe) features in spam messages can represent new form of reconnaissance attack to acquire legitimate target addresses
Worms
Designed to propagate from one host machine to another using host’s own network
communications protocols
• Unlike viruses, do not require host program to survive and replicate
• Term “worm” stems from the fact that worms are programs with segments, working on
different computers, all communicating over a network
Logic Bombs
Programs that execute malicious function of some kind when detect certain conditions
• Typically originate with org insiders because people inside org generally have more detailed knowledge of IT infrastructure than outsiders
Injection
Insert into computer/program • Cross-site scripting (XSS) • SQL injection • LDAP injection • XML injection • Command injection
XSS and SQL Injection
Attack public-facing servers
Cross-site scripting (XSS)
Programming technique enabling one website, such as a shopping cart, to drive another website
• Shopping cart sends approval msg to different website – Provides access or file to download
o It’s how Digital River, Microsoft online sales, Apple iTunes, eBay, PayPal, and all airline ticket sales operate
• Most cross‐site scripting implementations are poorly executed, use ineffective homegrown programming, or lack cryptographic authentication that is always required
SQL injection
One of the most fundamental techniques for integrating different computer programs is
remote data submission – Entire computing world depends on info kept in database
• Data requests sent from untrusted sources can use command-line instructions to read database,
modify data using insert/delete, or change shopping cart price from $195.00 to $1.95 (ex)