380 likes | 844 Views
Fundamentals of Information Systems Security Chapter 11 Malicious Code and Activity. Learning Objective. Explain the means attackers use to compromise systems and networks and defenses used by organizations. Key Concepts.
E N D
Fundamentals of Information Systems Security Chapter 11 Malicious Code and Activity
Learning Objective • Explain the means attackers use to compromise systems and networks and defenses used by organizations.
Key Concepts • Impact of malicious code and malware on public- and private-sector organizations • Profiling attackers and hackers • Phases of a computer attack • Security awareness training to harden User domain and teach correct use of IT assets
History of Malware • 1971: “Creeper virus” spreads to Advanced Research Projects Agency Network (ARPANET). Other experimental viruses emerge throughout the 1970s with varying exposure. • 1981: “Elk cloner” becomes the first computer virus to appear in the wild or outside of a computer lab. • 1982: The first worm is jointly developed at Xerox’s Palo Alto Research Center. Used for distributed calculations, a logic error caused uncontrollable replication that crippled computers.
Forms of Malware • Viruses, worms, Trojans, backdoors, rootkits, and others • Active content and botnets aremodern examples • Phishing and pharmingattacks represent modern threats
Discussion Points • Motivations for attacks • Types of attackers • Goals of attackers
Discussion Point • Discuss the impact of malicious code and malware on businesses and organizations.
Defending Against Network Attacks • Set up protective mechanisms at every domain and layer. • Establish checkpoints at every network layer and domain category and monitor regularly. • Use intrusion detection system/intrusion prevention system (IDS/IPS) and firewall control lists to filter network-driven attacks. • Sandbox application-level attacks and scan with antivirus or anti-malware products. • Back up data regularly.
End-User Awareness Training • It helps prevent incidentsand reduce risk. • End-users are weakest link insecurity chain. • Security is a specialmindset. • Consistent applicationrequires good habits.
Summary • Malware encompasses a variety of malicious code. • Methods for attack progress and new trends emerge as technology improves. • Motivations explain why criminals commit acts; motivations vary but personalities generally recur. • Computer and network attacks occur in phases. • Security awareness training can reduce incidents of attacks.