1 / 12

Info Security

Learn about rootkits, stealthy tools that can infiltrate operating systems, compromising security. Explore types, examples, and implications in this comprehensive guide.

lesliecox
Download Presentation

Info Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Writing and Rootkits. Info Security

  2. Admin • Papers • Topic • Main: Phil • Backup: John • One from me • http://www.geek.com/news/geeknews/2005Nov/gee20051122033430.htm • Class times and finals schedule.

  3. Papers • Section headings • Longer paper, use section headings. • Look at the assignment, several sections required. • For related work section • Start new paragraph for each complete experiment that you describe. • When describing work • Use names, not “a journalist” or “a person”, “a magazine” • Instead • “Sam Smith showed...” “Chavez at security.com did an...”

  4. Mass vs Count again • Most modifies • Plural nouns or mass nouns • The most chickens • The most money • Largest • Singular nouns • Largest chicken • Largest amount. • Largest portion.

  5. Reminders • A few repeat reminders • Avoid the passive!! • Sometimes it can't be helped, but a half dozen times in a paper this short should raise alarm bells. • Subject verb agreement • Make sure antecedents of all pronouns are clear • ';' separates two closely related sentences • Be careful of simile and metaphor • A outscored B • No feelings • Rarely does it matter what you feel, but what you believe

  6. Next Draft • Have a section for each of the sections listed in the assignment. (first person ok) • Intro • Talk about spam, where it comes from its problems etc. • Related work • Describe at least two other experiments (with two citations) • Experiment • Describe the experiment setup. (not the results) • Use past tense next time (you did this already) • Results • Talk about the spam you received and where and when

  7. Next Draft II • Discuss results • Analyze what it means • What does it mean that email address 3 got more spam? • Conclusion • Summarize, why is spam bad, results and implications for experiment • Any future work that seems immediately indicated. • I've made copies so improve your work.

  8. Rootkits • Definition: • Trojan horse backdoor tools that modify existing operating system software so that an attacker can hide on a machine and keep access to it. (skoudis) • Note difference from everything that we've looked at thus far: • Other software inserts itself in addition to existing software • Rootkits replace parts.

  9. Rootkits • Disguised to look like normal parts of the system • Replace dir command from dos for example. • Generally new version do not write to log files • Most administrative actions logged • Network connections logged too. • Two types: • Usermode (replace programs that users use) • Kernal mode (modifies the heart of the operating system) • Don't give admin access • hide the fact that attacker has it

  10. MSWindows RootKit • Example • FakeGINA • User mode rootkit • Used to logon to windows • Intercepts username, domain, password from winNT/200 machines • http://ntsecurity.nu/toolbox/fakegina/

  11. Windows File protection • Replaces any modified versions of a system program • Does so transparently • What are the implications? • Why is fakeGina not affected?

  12. More Next Monday • Have a good Thanksgiving.

More Related