Home Rookkit

Rookkit

Describe in your own words what a rootkit is along with how you can detect and remove it.

An initial post must be between 250-300 words and is due by Thursday

not urgenttwo days

Fundamentals of Information Systems Security

Lesson 3

Malicious Attacks,

Threat

s, and Vulnerabilities

8 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

Page ‹#›

Fundamentals of Information Systems Security

www.jblearning.com
All rights reserved.
1

Learning Objective(s)

Describe how malicious attacks, threats, and vulnerabilities impact an IT infrastructure.

Key Concepts

Malicious software

and countermeasures

Common attacks and countermeasures

Social engineering and how to reduce risks

Threats and types of attacks on wireless networks

Threats and types of attacks on web applications

Malicious Activity on the Rise

Examples of the malicious attacks are everywhere

Data breaches occur in both public and private sectors

In 2013, China was top country of origin for cyberattacks, at 41 percent

United States was second at 10 percent

What Are You Trying to Protect?

Customer data

IT and network infrastructure

Intellectual property

Finances and financial data

Service availability and productivity

Reputation

What Are You Trying to Protect?

Black-hat

hacker: Tries to break IT security and gain access to systems with no authorization in order to prove technical prowess. Black-hat hackers generally develop and use special software tools to exploit vulnerabilities. May exploit holes in systems but generally do not attempt to disclose vulnerabilities they find to the administrators of those systems.

White-hat

hacker: Also called an ethical hacker, is an information systems security professional who has authorization to identify vulnerabilities and perform penetration testing. Difference between white-hat hackers and black-hat hackers is that white-hat hackers will identify weaknesses for the purpose of fixing them, and black-hat hackers find weaknesses just for the fun of it or to exploit them.

Gray-hat

hackers: A hacker who will identify but not exploit discovered vulnerabilities, yet may still expect a reward for not disclosing the vulnerability openly.
Cracker: Has a hostile intent, possesses sophisticated skills, and may be interested in financial gain. Crackers represent the greatest threat to networks and information resources.
9/3/2019
(c) ITT Educational Services, Inc.
7

Hackers

Black-hat

White-hat

Gray-hat

Attack Tools
Protocol analyzers (sniffers)
Port scanners
OS fingerprint scanners

Vulnerability

scanners
Exploit software
Wardialers
Password crackers
Keystroke loggers

9/3/2019
(c) ITT Educational Services, Inc.
8

What Is a Security Breach?
Any event that results in a violation of any of the C-I-A security tenets
Some security breaches disrupt system services on purpose
Some are accidental and may result from hardware or software failures

9/3/2019
(c) ITT Educational Services, Inc.
9

Activities that Cause Security Breaches

9/3/2019
(c) ITT Educational Services, Inc.
10

Denial of service (DoS) attacks

Distributed denial of service (DDoS) attacks

Unacceptable web-browsing behavior

Wiretapping

Use of a backdoor to access resources

Accidental data modifications

Denial of Service Attack
A coordinated attempt to deny service by occupying a computer to perform large amounts of unnecessary tasks
Logic attacks
Flooding attacks
Protect using
Intrusion prevention system (IPS)
Intrusion detection system (IDS)
Attacks launched using
SYN flood
Smurfing

Overloads computers and prevents legitimate users from gaining access

More difficult to stop than a

DoS attack

because DDoS originates from different sources

Unacceptable Web Browsing
Define acceptable web browsing in an acceptable use policy (AUP)
Unacceptable use can include:
Unauthorized users searching files or storage directories
Users visiting prohibited websites

Between-the-lines wiretapping

: This type of wiretapping does not alter the messages sent by the legitimate user but inserts additional messages into the communication line when the legitimate user pauses.

Piggyback-entry wiretapping

: This type of wiretapping intercepts and modifies the original message by breaking the communications line and routing the message
to another computer that acts as a host.
9/3/2019
(c) ITT Educational Services, Inc.
14

Active

Between-the-lines wiretapping

Piggyback-entry wiretapping

Passive

Also called sniffing

Backdoors
Hidden access included by developers
Attackers can use them to gain access
Data

Modifications

Data that is:
Purposely or accidentally modified
Incomplete
Truncated

Spam and spim

Hoax

Risk

s, Threats, Vulnerabilities

Page ‹#›
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page ‹#›
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Threats exploit vulnerabilities, which creates risk.
You cannot eliminate risk.
You can minimize the impact of threats.
You can reduce the number of vulnerabilities.
Minimizing threats and reducing vulnerabilities lessens overall risk.
Threats, risks, and vulnerabilities negatively impact the CIA triad.
9/3/2019
(c) ITT Educational Services, Inc.
17

Risk

Probability that something bad is going to happen to an asset

Threat

Any action that can damage or compromise an asset

Vulnerability

An inherent weakness that may enable threats to harm system or networks

Most Common Threats

Page ‹#›
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page ‹#›
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Vulnerability covers a wide range of system and network weaknesses.
Insecure servers or services include outdated packages, poorly programmed software, and cleartext protocols where encrypted protocols should be used.
Exploitable applications and protocols include programming flaws that can be manipulated by attackers.
Unprotected systems or network resources include development servers left in the open.
Traffic interception and eavesdropping reveals private communications to snooping eyes.
Lack of preventive or protective measures allows malware to infiltrate the network.
9/3/2019
(c) ITT Educational Services, Inc.
18

Malicious software

Hardware or software failure

Internal attacker

Equipment theft

External attacker

Natural disaster

Industrial espionage

Terrorism

Threat Types

9/3/2019
(c) ITT Educational Services, Inc.
19

Disclosure threats

Sabotage

Espionage

Alteration threats

Denial or destruction threats

DoS attack

Unauthorized changes

What Is a Malicious Attack?

Fabrications

: Fabrications involve the creation of some deception in order to trick unsuspecting users.

Interceptions

: An interception involves eavesdropping on transmissions and redirecting them for unauthorized use.

Interruptions

: An interruption causes a break in a communication channel, which blocks the transmission of data.
Modifications: A modification is the alteration of data contained in transmissions or files.
9/3/2019
(c) ITT Educational Services, Inc.
20

Four categories of attacks

Fabrications

Interceptions

Interruptions

Modifications

Types of Active Threats
Birthday attacks
Brute-force password attacks
Dictionary password attacks
IP address spoofing
Hijacking

Replay attacks

Man-in-the-middle attacks
Masquerading
Social engineering
Phishing
Phreaking
Pharming

9/3/2019
(c) ITT Educational Services, Inc.
21

What Is Malicious Software?

Software that:

Causes damage

Escalates security privileges

Divulges private data

Modifies or deletes data

Virus
Attaches itself to or copies itself into another program on a computer
Tricks the computer into following instructions not intended by the original program developer
Infects a host program and may cause that host program to replicate itself to other computers
User who runs infected program authenticates the virus

Modifies or replaces one or more existing programs to hide traces of attacks

Many different types of rootkits

Conceals its existence once installed

Is difficult to detect and remove

Spyware

Type of malware that specifically threatens the confidentiality of information

Monitors keystrokes

Scans files on the hard drive

Snoops other applications

Installs other spyware programs

Reads cookies

Changes default homepage on the web browser

What Are Common Types of Attacks?

Attacks on availability

: These attacks impact access or uptime to a critical system, application, or data.

Attacks on people

: These attacks involve using coercion or deception to get another human to divulge information or to perform an action (e.g., clicking on a suspicious URL link or opening an email attachment from an unknown email address).

Attacks on IT assets

: These attacks include penetration testing, unauthorized access, privileged escalation, stolen passwords, deletion of data, or performing a data breach.
9/3/2019
(c) ITT Educational Services, Inc.
28

Attacks on availability

Attacks on people

Attacks on IT assets

Social Engineering Attacks

Authority

: Using a position of authority to coerce or persuade an individual to divulge information.
Consensus/social proof: Using a position that “everyone else has been doing it” as proof that it is okay or acceptable to do.

Dumpster diving

: Finding unshredded pieces of paper that may contain sensitive data or private data for identity theft.
Familiarity/liking: Interacting with the victim in a frequent way that creates a comfort and familiarity and liking for an individual (e.g., a delivery person may become familiar to office workers over time) that might encourage the victim to want to help the familiar person.
Hoax: Creating a con or a false perception in order to get an individual to do something or divulge information.

Impersonation

: Pretending to be someone else (e.g., an IT help desk support person, a delivery person, a bank representative).
Intimidation: Using force to extort or pressure an individual into doing something or divulging information.
Trust: Building a human trust bond over time and then using that trust to get the individual to do something or divulge information.
Scarcity: Pressuring another individual into doing something or divulging information for fear of not having something or losing access to something.

Shoulder surfing

: Looking over the shoulder of a person typing into a computer screen.
Tailgating: Following an individual closely enough to sneak past a secure door or access area.
Urgency: Using urgency or an emergency stress situation to get someone to do something or divulge information (e.g., claiming that there’s a fire in the hallway might get the front desk security guard to leave their her desk).

Vishing

: Performing a phishing attack by telephone in order to elicit personal information; using verbal coercion and persuasion (“sweet talking”) the individual under attack.

Whaling

: Targeting the executive user or most valuable employees, otherwise considered the “whale” or “big fish” (often called spear phishing).
9/3/2019
(c) ITT Educational Services, Inc.
29

Authority

Dumpster diving

Hoax

Impersonation

Shoulder surfing

Vishing

Whaling

Wireless Network Attacks

Bluejacking

: Hacking and gaining control of the Bluetooth wireless communication link between a user’s earphone and smartphone device.
Bluesnarfing: Packet sniffing communications traffic between Bluetooth devices.

Evil twin

: Faking an open or public wireless network to use a packet sniffer on any user who connects to it.

IV attack

: Modifying the initialization vector of an encrypted IP packet in transmission in hopes of decrypting a common encryption key over time.
Jamming/Interference: Sending radio frequencies in the same frequency as wireless network access points to jam and interfere with wireless communications and disrupting availability for legitimate users.
Near field communication attack: Intercepting, at close range (a few inches), communications between two mobile operating system devices.
Packet sniffing: Capturing IP packets off a wireless network and analyzing the TCP/IP packet data using a tool such as Wireshark.
Replay attacks: Replaying an IP packet stream to fool a server into thinking you are authenticating to it.
Rogue access points: Using an unauthorized network device to offer wireless availability to unsuspecting users.
War chalking: Creating a map of the physical or geographic location of any wireless access points and networks.

War driving

: Physically driving around neighborhoods or business complexes looking for wireless access points and networks that broadcast an open or public network connection.
9/3/2019
(c) ITT Educational Services, Inc.
30

Bluejacking

Evil twin

IV attack

Packing sniffing

Replay attacks

War chalking

War driving

Web Application Attacks

Buffer overflow

: Attempting to push more data than the buffer can handle, thus creating a condition where further compromise might be possible.

Client-side attack

: Using malware on a user’s workstation or laptop, within an internal network, acting in tandem with a malicious server or application on the Internet (outside the protected network).
Cookies and attachments: Using cookies or other attachments (or the information they contain) to compromise security.
Cross-site scripting (XSS): Injecting scripts into a web application server to redirect attacks back to the client. This is not an attack on the web application but rather on users of the server to launch attacks on other computers that access it.
Directory traversal /command injection: Exploiting a web application server, gaining root file directory access from outside the protected network, and executing commands, including data dumps.

Header manipulation

: Stealing cookies and browser URL information and manipulating the header with invalid or false commands to create an insecure communication or action.
Integer overflow: Creating a mathematical overflow which exceeds the maximum size allowed. This can cause a financial or mathematical application to freeze or create a vulnerability and opening.

Lightweight Directory Access Protocol (LDAP) injection

: Creating fake or bogus ID and authentication LDAP commands and packets to falsely ID and authenticate to a web application.
Local shared objects (LSO): Using Flash cookies (named after the Adobe Flash player), which cannot be deleted through the browser’s normal configuration settings. Flash cookies can also be used to reinstate regular cookies that a user has deleted or blocked.
•

Malicious add-ons

: Using software plug-ins or add-ons that run additional malicious software on legitimate programs or applications.
•

SQL injection

: Injecting Structured Query Language (SQL) commands to obtain information and data in the back-end SQL database.
• Watering-hole attack: Luring a targeted user to a commonly visited website on which has been planted the malicious code or malware, in hopes that the user will trigger the attack with a unknowing click.
•

XML injection

: Injecting XML tags and data into a database in an attempt to retrieve data.
• Zero-day: Exploiting a new vulnerability or software bug for which no specific defenses yet exist.
9/3/2019
(c) ITT Educational Services, Inc.
31

Buffer overflow

Header manipulation

Lightweight Directory Access Protocol (LDAP) injection

Malicious add-ons

SQL injection

XML injection

Client-side attack

What Is a Countermeasure?

Countermeasures

Detect vulnerabilities

Prevent attacks

Respond to the effects of successful attacks

Get help from

Law enforcement agencies

Forensic experts

Security consultants

Security incident response teams (SIRTs)

Countering Malware
Create a user education program
Post regular bulletins about malware problems
Never transfer files from an unknown or untrusted source (unless anti-malware is installed)
Test new programs or open suspect files on a quarantine computer
Install anti-malware software, make sure it remains current, and schedule regular malware scans
Use a secure logon and authentication process

Firewall

Program or dedicated hardware device

Denies or permits traffic based on a set of rules

Inspects network traffic passing
through it

Summary
Malicious software and countermeasures
Common attacks and countermeasures
Social engineering and how to reduce risks
Threats and types of attacks on wireless networks
Threats and types of attacks on web applications

Turn in your highest-quality paper
Get a qualified writer to help you with

“ Rookkit ”

Get high-quality paper

NEW! AI matching with writer

Hire a Writer

Client Reviews

4.9

Sitejabber

4.6

Trustpilot

4.8

Our Guarantees

100% Confidentiality

Information about customers is confidential and never disclosed to third parties.

Original Writing

We complete all papers from scratch. You can get a plagiarism report.

Timely Delivery

No missed deadlines – 97% of assignments are completed in time.

Money Back

If you're confident that a writer didn't follow your order details, ask for a refund.

New to Your Trusted Assignment Help Service? Sign up & Save

Calculate the price of your order

Type of paper needed:

Pages:

You will get a personal manager and a discount.

Academic level:

We'll send you the first draft for approval by at

Total price:

$0.00

Power up Your Academic Success with the
Team of Professionals. We’ve Got Your Back.

Power up Your Study Success with Experts We’ve Got Your Back.

Order Now Order Now