1 / 30

CSCE 201 Attacks on Desktop Computers: Malicious Code Hardware attacks

Explore the different types of malicious code and hardware attacks that can affect desktop computers, their characteristics and prevention methods. Enhance your security awareness with this comprehensive reading list.

rearick
Download Presentation

CSCE 201 Attacks on Desktop Computers: Malicious Code Hardware attacks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CSCE 201Attacks on Desktop Computers:Malicious Code Hardware attacks

  2. Reading list: • M. Ciampa, Security Awareness: Chapter 2 • Malicious Codes in Depth, http://www.securitydocs.com/library/2742 • USC Computer Services – Virus Information Center http://www.uts.sc.edu/itsecurity/antivirus.shtml

  3. Program Flaws Taxonomy of flaws: • how (genesis) • when (time) • where (location) the flaw was introduced into the system

  4. Security Flaws by Genesis • Genesis • Intentional • Malicious: Trojan Horse, Trapdoor, Logic Bomb, Rootkits, Botnets, Covert channels • Non-malicious • Inadvertent • Validation error • Domain error • Serialization error • Identification/authentication error • Other error

  5. Kinds of Malicious Codes • Virus: a program that attaches copies of itself into other programs. Propagates and performs some unwanted function. • Rabbit (Bacteria): program that consumes system resources by replicating itself.

  6. Kinds of Malicious Code • Worm: a program that propagates copies of itself through the network. Usually performs some unwanted function. • Does not attach to other programs • Trojan Horse: secret, undocumented routine embedded within a useful program. Execution of the program results in execution of secret code.

  7. Kinds of Malicious Code • Logic bomb, time bomb: logic embedded in a program that checks for a certain set of conditions to be present in the system. When these conditions are present, some malicious code is executed. • Trapdoor: secret, undocumented entry point into a program, used to grant access without normal methods of access authentication.

  8. Kinds of Malicious Code Rootkits: aims to hide the presence of itself and other malicious code on the computer by corrupting detection capabilities. Usually limited to the corrupted computer. Zombies and Botnets: computers under the control of a remote entity. Attackers goals: spreading virus, attacking internet communications, stealing personal data, manipulating online polls, DOS.

  9. Virus Virus lifecycle: • Dormant phase: the virus is idle. (not all viruses have this stage) • Propagation phase: the virus places an identical copy of itself into other programs of into certain system areas. • Triggering phase: the virus is activated to perform the function for which it was created. • Execution phase: the function is performed. The function may be harmless or damaging.

  10. Virus Types • Transient (parasitic) virus: most common form. Attaches itself to a file and replicates when the infected program is executed. • Memory resident virus: lodged in main memory as part of a resident system program. Virus may infect every program that executes.

  11. Virus Types • Boot Sector Viruses: • Infects the boot record and spreads when system is booted. • Gains control of machine before the virus detection tools. • Very hard to notice • Carrier files: AUTOEXEC.BAT, CONFIG.SYS,IO.SYS

  12. Virus Types • Stealth virus: a form of virus explicitly designed to hide from detection by antivirus software. • Polymorphic virus: a virus that mutates with every infection making detection by the “signature” of the virus difficult.

  13. How Viruses Append + = virus virus Original program Original program Virus appended to program

  14. How Viruses Append + = Virus-1 virus Original program Original program Virus-2 Virus surrounding a program

  15. Virus-1 Virus-2 Virus-3 Virus-4 How Viruses Append + = virus Original program Original program Virus integrated into program

  16. High Risk Viruses Properties • Hard to detect • Hard to destroy • Spread infection widely • Can re-infect • Easy to create • Machine independent

  17. Virus Signatures • Storage pattern • Code always located on a specific address • Increased file size • Execution pattern • Transmission pattern • Polymorphic Viruses

  18. Antivirus Approaches • Detection: determine infection and locate the virus. • Identification: identify the specific virus. • Removal: remove the virus from all infected systems, so the disease cannot spread further. • Recovery: restore the system to its original state.

  19. Preventing Virus Infection Prevention: • Good source of software installed • Isolated testing phase • Use virus detectors Limit damage: • Make bootable diskette • Make and retain backup copies important resources

  20. Worm • Self-replicating (like virus) • Objective: system penetration (intruder) • Phases: dormant, propagation, triggering, and execution • Propagation: • Searches for other systems to infect (e.g., host tables) • Establishes connection with remote system • Copies itself to remote system • Execute

  21. Hardware Attacks Basic Input/Output System (BIOS) USB Devices Cell Phones Physical Theft

  22. BIOS Attacks • BIOS: • Recognizes and controls different devices on the computer system • Executed when the computer is turned on • Old computers: Read Only Memory (ROM) • New computers: Programmable Read Only Memory (PROM) • Flashing the BIOS  can disable the computer completely

  23. USB Devices • Universal Serial Bus(USB) • Small, light weight, removable, rewriteable • NO SECURITY • Control: • Organizational policy • Disable USB in hardware • Disable USB in software • Use third party software

  24. How to Prevent USB Attacks? • USBDetect 3.0 • Developed by the NSA • Monitors USB ports on PCs attached to a network • Automatically reports back any unauthorized activity, including flash or hard disks, and external CD or DVD drives • Not available for general public

  25. Cell Phones • Extended phone capabilities • Risk associated with cell phones • US CERT, Defending Cell Phones and PDAs Against Attack, http://www.us-cert.gov/cas/tips/ST06-007.html • M. Murray, Can Cell Phones Compromise Your Network?, April 2010, http://www.businessweek.com/technology/content/apr2006/tc20060413_027470.htm • M. Zetlin, Cell Phones: A Security Risk to Your Business?, March 2010, http://www.inc.com/telecom/articles/201003/cellphone.html

  26. US-CERT Security Risk of Cell Phones and PDAs Abuse your service: e.g., extra charges, download malicious code Lure you to a malicious web site: e.g., phishing using text messages, visit phishing web sites, etc. Use your cell phone or PDA in an attack: e.g., attackers compromise device and use it as the origin of attack Gain access to account information: e.g., access to all personal data stored on the device

  27. How to Protect Cell Phones/PDAs? Follow general guidelines for protecting portable devices Be careful about posting your cell phone number and email address Do not follow links sent in email or text messages Be wary of downloadable software Evaluate your security settings

  28. Protection of Portable Devices Use passwords correctly Consider storing important data separately Encrypt files Install and maintain anti-virus software Install and maintain a firewall Back up your data

  29. Physical Theft See previous lectures on physical security and protecting laptops (08/27, 2010)

  30. Next Class • Defending personal comuters – Overview M. Ciampa, Security Awareness, Chapter 2

More Related