Common Security Threats Flashcards
1
Q
Malware
A
- Malicious so ware - gather information, keystrokes
- Unwilling participation in a group, such as a controlled botnet
- Extortion for big money
- Viruses and worms can ruin your day
2
Q
Spyware
A
- Malware that spies on you - Advertising, identity theft, affiliate fraud
- Can trick you into installing - Peer to peer, fake security software
- Browser monitoring - Capture surfing habits
- Keyloggers - Capture every keystroke, send it back to the mothership
3
Q
Viruses
A
- Malware that can reproduce itself -
- Reproduces through file systems or the network
- Running a program can spread a virus
- Some viruses are invisible, some are annoying
- Anti-virus is very common - Thousands of new viruses every week
4
Q
Worms
A
- Malware that self-replicates - doesn’t need you to do anything
- Uses the network as a transmission medium
- Can take over many PCs very quickly
- Worms can do good things - Nachi tried to patch your computer
- Firewalls and IDS/IPS can mitigate many worm infestations
5
Q
Trojan horse
A
- Software that pretends to be something else
- Circumvents your existing security - Anti-virus may catch it
- The better trojans are built to avoid and disable AV
- Once it’s inside it has free reign, and it may open the gates
6
Q
Rootkits
A
- Originally a Unix technique - The “root” in rootkit
- Modifies core system files - Part of the kernel
- Can be invisible to the operating system or hides in the OS
- Also invisible to traditional anti-virus utilities
7
Q
Ransomware
A
- Your data is held hostage until your provide cash
- Malware encrypts your data files - Pictures, documents, music, movies, etc.
- You must pay the bad guys to obtain the decryption key
- An unfortunate use of public-key cryptography
8
Q
Phishing
A
- Social engineering with a touch of spoofing
- Often delivered by spam, IM, etc.
- Don’t be fooled, Check the URL
- Spear phishing - Targeted and sophisticated phishing
9
Q
Spoofing
A
- Pretend to be someone you aren’t
- Modify your MAC or IP address - Change in driver configuration
- Fundamental with many DDoS attack types
10
Q
Social engineering
A
- Major threat - Electronically undetectable
- Don’t give any information over the telephone
- Look out for unattended persons, look for badges
11
Q
Zero-day attacks
A
- Many applications have vulnerabilities
- Someone is working hard to find the next big vulnerability
- Bad guys keep these yet-to-be-discovered holes to themselves
- Zero-day - The vulnerability has not been detected or published
12
Q
Distributed Denial of Service (DDoS)
A
- Launch an army of computers to bring down a service
- Use all the bandwidth or resources - traffic spike
- A botnet can have millions of computers at your command
- Many people have no idea they are participating in a bonnet
13
Q
Brute force
A
- The password is the key - secret phrase, stored hash
- Online - Brute force attacks - very slow
- Offline - Brute force the hash
- Large computational resource requirement
14
Q
Non-compliant systems
A
- A constant challenge - There are always changes and updates
- Standard operating environments (SOE) are a set of tested and approved hardware/software systems
- Must have OS and application patches to be in compliance
15
Q
Violations of security best practices
A
- There are many security best practices
- DLP, encryption, spam filters, patches, firewalls, education, etc.
- Constant audits are required
- Each missed practice is an opportunity
