System Vulnerabilities, Threats and Countermeasures

Question 1

Emanations - Often Electromagnetic Emanations.

Answer 1

Information that can be disseminated from the electrical changes from a system or a wire.
 It is possible to log a user’s keystrokes on a smart phone using the motion sensor.
 It is unintentional information-bearing signals, which - if intercepted and analyzed - can lead to a compromise.
 We can protect against Electromagnetic Emanations with heavy metals, but we would have 80 lbs. (40 kg.) laptops.

Question 2

Covert Channels

Answer 2

– Creates the capability to transfer information using channels not intended to do so.

Question 3

Covert Timing Channels

Answer 3

Operations that affect the “real response time observed” by the receiver.
Most common is username/password - wrong username takes 100ms to confirm, wrong password takes 600ms to confirm, you get the “Wrong
username or password” error, but an attacker can tell when they use a correct username because of the delay difference.

Question 4

Covert Storage Channels:

Answer 4

Hidden information through the modification of a stored object.
 Certain file sizes have a certain meaning.
 Attackers can add data in payload if outbound ICMP packets (Unless we need it, block outbound ICMP packets).

Question 5

Steganography

Answer 5

Hiding a message within another media (invisible ink and the hidden clues in da Vinci’s paintings).
 The messages can be hidden in anything really; most common are images and soundtracks.
 On images like this one, the program changes the shading of some of the pixels of the image. To the naked eye, it is not noticeable, but a lot of information can be hidden in the images this way.
 Hidden in the bottom image is the first chapter of Great Expectations (Charles Dickens, 1867 Edition - 4 pages at font size 11 , 1827 words, 7731 characters).

Question 6

Digital Watermarks encode data into a file.

Answer 6

• The watermark may be hidden, using steganography, or visible watermarks.
• Often used to fingerprint files (the file is identified as yours).

Question 7

Worms

Answer 7

• spread through self propagation - they need no human interaction, they do
  both the payload damage and replicate through aggressive network use (also makes
  them easier to spot).

Question 8

Trojans

Answer 8

malicious code embedded in a program that is normal. This can be games, attachments, website clicks, etc. …

Question 9

Rootkits

Answer 9

• Replace some of the OS/Kernel with a malicious payload. User rootkits work on Ring 3 and Kernel rootkits on Ring 0.

Question 10

Logic Bombs

Answer 10

• Malicious code that executes at a certain time or event - they are
  dormant until the event (IF/THEN).
   IF Bob is not getting an annual bonus over $10,000, THEN execute malicious code.
   IF date and time 5/15/18 00:02:12, THEN execute malicious code.

Question 11

Packers

Answer 11

Programs to compress *.exe files, which can be used to hide malware in an executable, neutral technology.

Question 12

Antivirus Software

Answer 12

tries to protect us against malware.
 Signature based - looks for known malware signatures - MUST be updated constantly.
 Heuristic (Behavioral) based - looks for abnormal behavior - can result in a lot of false positives.