Security Threats

Question 1

Malware

Answer 1

-Malicious software

• Gather information
  
  • Keystrokes
• Participate in a group (controlled botnet)
• Extortion
• Viruses & worms

Question 2

Spyware

Answer 2

• Malware that spies on you
  
  • Advertising , identify theft , affiliate fraud
• Can trick you into installing
  
  • Peer-to-Peer , fake security software
• Browsing monitoring
  - Capture surfing habits
• Keyloggers
  
  • Capture every keystroke & Report back

Question 3

Viruses

Answer 3

• Malware that can reproduce itself
  
  • It needs you to execute a program
• Reproduces through file systems or the network
  
  • Just running programs can spread a virus
• May or may not cause problems
  
  • Some viruses are invisible , some are annoying
• Anti-virus is common
  
  • Thousands of new ones everyday

Question 4

Worm

Answer 4

• Malware that self-replicate
  
  • Doesn’t need you to do anything
  • Uses the network as a transmission medium

-Can take over system very quickly

• Worms can also do good things
  
  • Nachi tried to patch your computer to protect from blaster worm
• Firewalls & IDS / IPS can migrate many worms
  
  • Doesn’t help once worm is inside

Question 5

Trojan Horse

Answer 5

• A digital wooden horse
• Software that pretends to be something else
• Circumvents your existing security
  
  • Anti-virus may catch it when it rains
  • Trojans are built to avoid & disable Anti-virus
• Once inside it has free reign
  
  • may open gates to let in other programs

Question 6

Rootkits

Answer 6

• Originally a Unix technique
  
  • The “root” in rootkit
• Can be invisible to the operating system
• Modifies core system files (part of the kernel)
• Also invisible to traditional anti-virus utilities
• Hide in the OS \Windows\System (800MB 2,000 Files)
  
  • Name a similar to a legit system file (run32dl1.dll)

Question 7

Ransomware

Answer 7

• Data is held hostage
  
  • Data provided after payment
• Malware encrypts your data files
  
  • Pictures , documents , music , movies , etc
  • OS remains available
  • they want you running, but not working
• Must pay to receive encryption key
  
  • Untraceable payment system

Question 8

Phishing

Answer 8

• Social engineering with a touch of spoofing
  
  • Often delivered via spam , IM , etc
• Don’t be fooled
  
  • Check URL
• Usually something not quite right
  
  • Spelling , fonts , graphics
• Spear phishing
  
  • Targeted & sophisticated phishing

Question 9

Spoofing

Answer 9

• Pretending to be a someone you aren’t
  
  • A technological chameleon
• Modify your MAC address
  
  • Change in hardware / driver configuration
• Use different IP Address
  
  • Make a request ; The response goes to real IP Addy
• Fundamental with many DDoS attack types
  
  • Always a challenge to protect against

Question 10

Social Engineering

Answer 10

• Major threat
  
  • Electronically undetectable

-Suspicious telephone call

• Look out for unattended person
  
  • Badges
  • Processes

-Know how to handle a possible threat

Question 11

Shoulder Surfing

Answer 11

• You have access to important information
  
  • Curiosity , industrial espionage , competitive advantage
• Very Easy
  
  • Airports / Flights
  • Hallway-facing monitors
  • Coffee shops
• Surf from afar
  
  • Binoculars / telescopes
  • Webcam monitoring

Question 12

Zero-day Attacks

Answer 12

-Many applications have vulnerability

• Someone is working hard to find new vulnerabilities
  
  • Good people share with developer
  • Bad guys keep to themselves & exploit
• Zero-day
  
  • Vulnerabilities that haven’t been discovered or published

Question 13

Distributed Denial of Service

DDoS

Answer 13

• Launch on army of computers to bring down a service
  
  • Use all the bandwidth or resource - traffic spike
• Why bad guys have botnets
  
  • Thousand or millions of computers at your command
  • Zues botnets infected over 3.6 million PCs
  • Coordinated attack
• The attackers are zombies
  
  • Many people have no idea they’re participating

Question 14

Brute Force

Answer 14

• The password is the key
  
  • Secret phrase
  • Stored hash
• Online - Brute force attacks
  
  • Keep trying the login process (very slow)
  • Most account lockout after a certain amount of attemps
• Offline - Brute force the hash
  
  • Obtain the list of users & hashes
  • Calculate a password hash , compare it to stored hash

Question 15

Dictionary Attack

Answer 15

• People use common words as passwords
  
  • Can find them in the dictionary

-If using Brute Force , start with the easy ones

• Common wordlists available online
  
  • Some customized by language or line of work
• This will catch low hanging fruit
  
  • Smart attacks need for smart people

Question 16

Non-compliant System

Answer 16

• A constant challenge
  
  • Always challenges & updates
• Standard Operating Environment (SOE)
  
  • A set of approval hardware / software system
  • Often a standard operating system image
• Operating System & Application updates
  
  • Must have patches to be in compliance
  • OS updates , anti-virus signatures
  • Can be checked & verified before access is given

Question 17

Violation of Security Best Practices

Answer 17

-DLP , encryption , spam filters , patches , firewall , etc

• Constant audits are required
  
  • Very few organization have resources for this

-Each missed practice is an opportunity

Question 18

Tailgating

Answer 18

Uses someone else to gain access to a building
-Not an accident

• Johnny Long / No tech hacking
  
  • Blend in with clothing
  • 3rd-party with legitimate reason
• Once inside , little to stop you
  
  • Most security stops at the front door

Question 19

Man-in-the-Middle

Answer 19

• Redirect your traffic
  
  • Then passes it on the destination
  • You never know your traffic was redirected
• ARP poisoning
  
  • APR has no security

-Encrypt your data