Comp Security- Week 6 Flashcards
What is a backdoor/trap door?
A set of instructions designed to bypass the normal authentication mechanism and allow access to the system to anyone who knows it exists
Backdoors are classified in two..
Passive malicious: Intentionally left for testing
Active malicious: left for malicious purposes
What is spyware?
A malicious program that collects users information without their knowledge
Installed by misleading or exploiting vulnerabilities
Can monitor key strokers, messages, websites visited, take screenshots etc.
What is rootkits and what is the two main parts?
- A method for gaining unauthorized root/administration privligies on a machine usually done by exploiting some flaw in the system owner failed to correct
- A way to hide its own existence- stealth capabilities clean up log messages and modify commands like ls and ps
What is botnets
A malware that can cause distributed DOS
The attacker is called botmaster and control vulnerable devices called zombies/slaves. the idea isnt to harm your device but to use it as a zombie in the army of botnet
Use them with one command to launch an attack on a specific destination
Static analysis:
Tools that are useful to see API code that has thousands of lines of code and check for security flaws like buffer overflows and printf vulnerabilities
ex change strcopy to strncopy since n must be smaller than buffer size
code review
have people other than the code author look at code and try to find flaws
fuzz testing:
Supply completley random data to the object and if it crashes then we know this is a violation to availability and can indicate more serious underlying issues
Reverse engineering:
To understand executable file and its functionalities
Gives overview of how it works
Have executable file to get to source file need reverse engineering
How do we look for malware?
signature based protection
behavior based protection
checksum
Checksum
A way to validate integrity of file and detect change by comparing checksum
Signature based protection:
For each virus in list store some signature for it like the infection or payload code
To be able to find signature for malware you find it after malware succeeded but you make a signature to protect your device from future attacks
Behavior based protection
looks for suspicious patterns of behavior rather than specific code fragments
only useful post infection
false negative and false positive
false neg; fail to identify a threat that is present
false pos; claim a threat is present when its not
intrusion detection
monitoring the system or network by looking at events occurring and analyzing these events searching for intrusions