Operations System Security

Question 1

Operating Systems Security

Answer 1

The protections of computer systems from the theft or damage to their hardware, software or information as well from disruption or misdirection of the services they provide

Security is about protecting our assets

Prevention

Detection

Reaction (recovery of assets)

Question 2

Dimensions of Security

Answer 2

Integrity – The ability to ensure that information being displayed transmitted or received has not been altered in any way by an unauthorised party

Authenticity – the ability to verify the identity of a person or entity which whom you are dealing with

Confidentiality – The ability to ensure that messages and data are available only to those who authorised to view them

Privacy – The ability to control the use of information about oneself

Availability – The ability to ensure that a system/service continues to function as intended

Question 3

Some of threats - Malicious Code

Answer 3

Aka Malware

Includes a variety of threats – e.g. viruses, worms, Trojan horses, ransomware and bots

Malware delivers the infected payload on a computer when the user:

Open the infected file

Runs an infected program

Boots the computer with infected removable media inserted

Connects to an unprotected computer or network

When a certain condition or event is triggered

Question 4

Computer Viruses

Answer 4

A computer program that has the ability to replicate or make copies of itself and spread to other files

Usually loaded onto a computer without the user’s knowledge

May be highly destructive destroying files, formatting a computer hard drive causing programs to run improperly, etc.

All computer viruses are man-made

A worm is a special type of virus.

Instead of spreading from file to file it is designed to spread from computer to computer

Question 5

Trojan

Answer 5

A destructive program that masquerades as a begin application

E.g. Trojan masquerades as a game but actually hide a program to steal your passwords and email to another person

Trojan horses do not replicate themselves, but they can be just as destructive

Types of Trojans:

Remote access

Data Sending

Destructive

Proxy

FTP

Security Software disabler

Denial-of-service attack (DOS)

Question 6

Ransomware & Backdoors

Answer 6

Ransomware – Malware that prevents you from accessing your computer files and demands that you pay a fine

Backdoor –

Backdoor is an undocumented way of gaining access to a program, online service or an entire computer system

A backdoor will bypass normal authentication mechanisms

It is written by the programmer who creates the code for the program and is often only known by the programmer and is a potential security risk

Also called a trapdoor

Some malware install backdoors

Question 7

Bots and Botnets

Answer 7

Bot (short for robto)

Malicious code that can be covertly installed on a computer when connected to the internet

Once installed, the bot responds to external commands sent by the attacker

Your computer becomes a “zombie” and is able to be controlled by an external third party

Botnet –

Collections of captured computers

Usually for malicious activities such as sending spam, participating in DDoS attacks, stealing information from computers, storing network traffic for later analysis

Social Bot –
An agent that communicates more or less autonomously on social media.
Aim at influencing the course if discussion and/or the opinions of its readers

Question 8

Zombie/ Zombie ants

Answer 8

A zombie computer has been implanted with a software that puts it under the control of a malicious hacker without the knowledge of the computer owner

Usually used to launch DoS attacks

The hacker sends commands to the zombie through an open port

Compared to viruses or worms that can eradicate or steal information, zombies are relatively benign as they temporarily cripple web sites by flooding them with information and do not compromise the site’s data

Question 9

Parasites

Answer 9

Programs install themselves on a computer, typically without the user’s informed consent

Increasingly found on social media and user-generated content sites. Users fooled into downloading them

Adware :

Programs typically used to call for pop-up ads to display when the user visits certain sites

Annoying but not typically used for criminal activities

Spyware:

Program used to obtain information such as user keystrokes, e-mail, instant messages, even take screenshots

i.e. intended to capture passwords and confidential data

Question 10

Phishing

Answer 10

Social Engineering

Relies on human curiosity. Exploiting fallibility and gullibility in order to trick people into taking an action that will result in the downloading of malware

Phishing – Any deceptive, online attempt by a third party to obtain confidential information for financial gain

Typically, do not involve malicious code. Instead rely on straightforward misrepresentation and fraud

The most popular approach is e-mail scam

Question 11

Hacking

Answer 11

A hacker is an individual who intends to gain unauthorised access to a computer system

The term cracker is sometimes used to denote a hacker with criminal intent

When there is a malicious intention to disrupt, deface or destroy sites it is know as an act of cybervandalism

Especially when the intention is to steal personal or corporate information for financial gain

Hacktivism adds a political twist: cybervandalism and data theft for political purposes

Question 12

Denial Of Service

Answer 12

Denial of service attack (DOS)

A type of attack on a network that is designed to bring the network to its knees by flooding it with useless traffic

Distributed Denial of Service

DOS attack where multiple compromised systems which are often infected with a Trojan are used to target a single system causing a Denial of Service attack

Victims of DDoS Attack consists of both the end targeted system and all systems maliciously used and controlled by the hacker in the distributed attack

Question 13

Spoof

Answer 13

To fool

In networking the term is used to describe a variety of ways in which hardware and software can be fooled

IP spoofing involves trickery that makes a message appear as if it came from an authorised IP address

Email spoofing

Website spoofing

Question 14

Mostly through email

Answer 14

Although a vital communication tool, email is also one of the prime sources of disruption for end users and organisations

Disruption can range from spam to more dangerous threats such as the propagation of ransomware or phishing campaigns

Over half of all emails 53% are spam a growing proportion of that spam contains malware

Email-borne malware driven largely by a professional of malware spamming operations

Malware authors can outsource their spam campaigns to specialised groups who conduct major spam campaigns.

The sheer scale of email malware operations indicated that attackers are making considerable profits from these kinds of attacks

Email is likely to continue to be one of the main avenues of attack in the coming years

Question 15

The scope of the problem

Answer 15

Email malware rate on the increase:

From 1 in 2020 emails sent containing malware in 2015, to 1 in 131 emails in 2016

Increase driven by botnets used to deliver massive spam campaigns related to threats such as Locky, Dridex and TeslaCrypt

Targeted spear-phishing campaigns, especially in the form of Business Email Compromise scams, rather than the mass-mailing phishing campaigns of old are now favoured by attackers

Major email threat groups are relying primarily on the use of first-stage downloaders to install their final payload, typically ransomware.