Lecture 2 Flashcards
What are the 2 types of threats?
- Malicious software known as “Malware”
- Intruder is known as “Attacker”
What is Adware?
Displays popups of advertising downloads when the user is online
What is an Attack kit?
A set of tools that generates new malware automatically using a **variety of propagation **
What is a Auto-rooter?
Used to break into new machines remotely – to the highest root to gain full access
What is Backdoor?
Bypass a normal security check via a compromised system such as using a password
What are Downloaders?
Code that installs other items on the machine that is under attack. It is normally included in the malware code which is placed in a compromised system
What is Drive-by Download?
Uses a code to compromise a website to exploit a browser vulnerability to attack a client system the website is viewed
What is Flooders?
Generating a volume of data to attack a networked computer system by applying DOS attack
What is Keyloggers?
captures keystrokes in a compromised system
What is a Logic bomb?
A program that is timed to cause harm at a certain point of time. It stays inactive until the time comes.
What is a Marco Virus?
- Uses a set of macro commands used by other programs to perform a sequence of actions automatically.
- Typically embedded in a document and triggered when it is viewed or run or replicate itself into other documents
What is a Mobile code?
A code transferred between systems/across a network in an email, document, file or a website which is executed via a network or a storage device
What is Rootkit?
A set of hacker tools used after the attacker had broken into a computer and gained root-access
What is Spyware?
- Monitors the user’s activity of your computer
- Aims to gather information about a person or company
- Sent it to another computer.
- Scans the computer for files containing sensitive information
What is a Trojan horse?
- Harmless by accessing a user’s computer but secretly infects the computer
Classification of Malware
Independent, self-contained = Worms, Trojans and bots
Malware DOES NOT replicate = Trojans and Spam emails
Replicates viruses and worms
Propagation mechanisms
- Infection of existing content by **viruses **
- Exploit of software vulnerabilities by malware replication from worms or drive-by-downloads
- Social Enginnering to encourage users to bypass security to Install Trojans to respond to phishing attack
What is a Virus?
- Malicious software that replicates itself
- Easily spread through other environments
- When it is attached to an executable program, the virus can secretly execute when the program is run
Finding weakness in OS and Hardware
Worm
- Self-replicates itself via networks rapidly to find sensitive data and converting them into ‘bots’
- Exploits client/server programs
- Spread through storage devices (USB, HDDs)
What are the 3 Intruder classes?
- Masquerader: OUTSIDER An ‘unauthorised’ user that pretends to be an identity/legit user to perform such act
- Misfeasor: INSIDER Legit user that misuse the privileges
- Clandestine user: EITHER OUTSIDER or INSIDER
Surpasses control to evade auditing and access controls to surpass audit collection
Give Examples of intrusion
- Compromise the root remotely
- Damages Web server
- Guess/crack passwords
- Copy database containing credit card details
- Viewing sensitive data without authorisation
- Use unsecured modem to access internal network
- **Use unattended workstation **
What is a hacker?
- Motivated to gain access
- Hacking community has been very ‘Strong’ and ‘popular’
- Status is determined by level of competence
- Intruders consume resources and slow performance for legit users
- Uses Virtual Private Network (VPN)
What are the attacker motivations?
- Hobbyists: Crackers and experts whose main motivation is the intellectual challenge of breaking into a system
- Financial gain
- Political: Nation state
- Military/Strategy: nation state actors
- Psychological: Causing doubt in population
Examples of Attacks
DOS
Distributed denial of service
Cross side scripting attacks
Buffer over flow attacks
What is a Denial of Service?
- Interruption that floods the traffic of the network that prevent legit users from accessing information and services
- Blocks users from the websites they visit regularly: email, online accounts, online banking and other websites
What are the types of resources in by DOS attacks?
- Network bandwidth: The speed + capacity of a network connection that is consumed
- System resource: Aims to crash or overload the handling software
- Application resources: Involves a number of valid requests each consumes significant resources and limit the ability of the server to respond to requests for users
Source Address Spoofing
- Uses forged source addresses
- Makes attacking systems harder to identify
- Generates large volumes of packets that have the target system as the destination address
- Congests the router to lower capacity of the link ->
- Network engineers need to query the flow of information
What is SYN Spooling?
- Common DOS attack
- Attacks the ability of the server to damage the future connection requests
- Legit users denied access to the server
What is Flooding Attack?
**Overloads **the capacity of the server of:
- ICMP flood
- UDP (PORT number on target system)
- TCP SYN
What are the broad categories of pay loads?
- Corruption of the system or data
- Theft of service to make the system a zombie agent of attack
- **Theft of information **from the system
- **Hiding **the presence of the system
