Mike PruettInformation Technologympruett@istavision.com
   Definitions   Anatomy of an Operating System   Anatomy of an Antivirus Program   Anatomy of a Security Threat   An...
   Malware - short for malicious software, is    software designed to infiltrate a computer    system without the owners ...
   Botnet – a jargon term for a collection of software    robots, or bots, that run autonomously and    automatically   ...
   Vulnerability – a term for weakness which allows an attacker to    reduce a systems security.   Exploit – a piece of ...
A computer program that can copyitself and infect a computer.
A self-replicating computer program.It uses a network to send copies of itselfto other computers, usually without anyuser ...
A piece of code that uses a polymorphic engine to mutate whilekeeping the original algorithm intact. That is, the code cha...
A derogatory term used to describe thosewho use scripts or programs developed byother to attack computer systems.
Applications        Processes                          NetworkCOM API     System API                     Services         ...
Applications        Processes                            NetworkCOM API     System API                     Services       ...
On-Demand           Real-Time           HeuristicsScan Engine        Scan Engine          Database          Applications  ...
   http://www.symantec.com/security_response    /writeup.jsp?docid=2008-112203-2408-    99&tabid=2   http://www.conficke...
   Check the Security Logs   Check the Event Viewer   Use the Diagnostics Tool   Use Reset Agent Tool
Upcoming SlideShare
Loading in …5
×

Cisco Security Agent - Theory, Practice, and Policy

1,063 views

Published on

This was a Presentation I gave a few years ago on how Cisco Security Agent works, and what the current landscape of threats it prevented. This was from 2009, and presented to a room of Helpdesk Technicians.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,063
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
8
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Cisco Security Agent - Theory, Practice, and Policy

  1. 1. Mike PruettInformation Technologympruett@istavision.com
  2. 2.  Definitions Anatomy of an Operating System Anatomy of an Antivirus Program Anatomy of a Security Threat Analysis
  3. 3.  Malware - short for malicious software, is software designed to infiltrate a computer system without the owners informed consent. Spam- junk email that involves nearly identical messages sent to numerous recipients by email. Distributed Denial-of-Service (DDoS) – occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers.
  4. 4.  Botnet – a jargon term for a collection of software robots, or bots, that run autonomously and automatically Zombie – a computer attached to the internet that has been compromised by some form of threat. Generally, a compromised machine is only one of many in a botnet, and will be used to perform malicious tasks of one sort or another under remote direction. Intrusion Detection System (IDS) – is a device (or application) that monitors network and/or system activities for malicious activities or policy violations. Intrusion Prevention System (IPS) – like a IDS, but the device can react, in real-time, to block or prevent the unwanted activity.
  5. 5.  Vulnerability – a term for weakness which allows an attacker to reduce a systems security. Exploit – a piece of software, a chunk of data, or sequence of commands that take advantage of a bug, glitch, or vulnerability in order to cause unintended or unanticipated behavior to occur on computer systems. Zero Day Threat – a computer threat that tries to exploit computer application vulnerabilities that are unknown to others, undisclosed to the software vendor, or for which no security fix is available. Black Hat Hacker– are hackers who specialize in unauthorized penetration of computer networks. They may use computers to attack systems for profit, for fun, or for political motivations or as a part of a social cause. White Hat Hacker – also known an ethical hackers, or white knights, are computer security experts, who specialize in penetration testing, and other testing methodologies, to ensure that a companies information systems are secure.
  6. 6. A computer program that can copyitself and infect a computer.
  7. 7. A self-replicating computer program.It uses a network to send copies of itselfto other computers, usually without anyuser intervention.
  8. 8. A piece of code that uses a polymorphic engine to mutate whilekeeping the original algorithm intact. That is, the code changesitself each time it runs, but the function of the code in whole willnot change at all.
  9. 9. A derogatory term used to describe thosewho use scripts or programs developed byother to attack computer systems.
  10. 10. Applications Processes NetworkCOM API System API Services Stack KERNEL CPU MEMORY FILE I/O DEVICE I/O
  11. 11. Applications Processes NetworkCOM API System API Services Stack KERNEL CPU MEMORY FILE I/O DEVICE I/O = Cisco Security Agent “Shim”
  12. 12. On-Demand Real-Time HeuristicsScan Engine Scan Engine Database Applications Processes
  13. 13.  http://www.symantec.com/security_response /writeup.jsp?docid=2008-112203-2408- 99&tabid=2 http://www.confickerworkinggroup.org/wiki/ pmwiki.php/ANY/Timeline http://www.confickerworkinggroup.org/wiki/ pmwiki.php/ANY/FAQ
  14. 14.  Check the Security Logs Check the Event Viewer Use the Diagnostics Tool Use Reset Agent Tool

×