More Related Content
Similar to Funsec3e ppt ch11
Similar to Funsec3e ppt ch11 (20)
More from Skillspire LLC (20)
Funsec3e ppt ch11
- 1. © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Fundamentals of Information
Systems Security
Lesson 11
Malicious Code and Activity
- 2. Page 2
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 2
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Learning Objective(s)
 Describe how malicious attacks, threats,
and vulnerabilities impact an IT
infrastructure.
- 3. Page 3
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 3
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Key Concepts
 The impact of malicious code and malware on
systems and organizations
 Attackers, hackers, and social engineers
 The phases of a computer attack
 Tools and techniques to detect and prevent
attacks
- 4. Page 4
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 4
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Malicious Code and Activity
 Malicious software (malware)
• Any program that carries out actions that you do
not intend
 Malicious code attacks all three information
security properties:
• Confidentiality: Malware can disclose your
organization’s private information
• Integrity: Malware can modify database records,
either immediately or over a period of time
• Availability: Malware can erase or overwrite files or
inflict considerable damage to storage media
- 5. Page 5
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 5
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Characteristics, Architecture, and
Operations of Malicious Software
 An attacker gains administrative control of a
system and uses commands to inflict harm
 An attacker sends commands directly to a
system; the system interprets and executes them
 An attacker uses software programs that harm a
system or that make the data unusable
 An attacker uses legitimate remote administration
tools and security probes to identify and exploit
security vulnerabilities on a network
- 6. Page 6
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 6
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
The Main Types of Malware
 Viruses
 Spam
 Worms
 Trojan horses
 Logic bombs
 Active content
vulnerabilities
 Malicious add-
ons
 Injection
 Botnets
 Denial of
service attacks
 Spyware
 Adware
 Phishing
 Keystroke
loggers
 Hoaxes and
myths
 Homepage
hijacking
 Webpage
defacements
- 7. Page 7
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 7
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Viruses
• Target computer hardware and
software startup functions
System
infectors
• Attack and modify executable
programs (COM, EXE, SYS, and DLL
files in Microsoft Windows)
File infectors
• (Also called macro infectors) Attack
document files containing embedded
macro programming capabilities
Data infectors
- 8. Page 8
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 8
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Typical Life Cycle of a Computer
Virus
- 9. Page 9
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 9
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
How a System Infector Virus Works
- 10. Page 10
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 10
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
How a File Infector Virus Works
- 11. Page 11
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 11
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
How a Macro Virus Works
- 12. Page 12
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 12
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Other Virus Classifications
Polymorphic viruses
Stealth viruses
Slow viruses
Retro viruses
Cross-platform viruses
Multipartite viruses
- 13. Page 13
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 13
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
How a Stealth Virus Works
- 14. Page 14
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 14
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
How a Slow Virus Works
How a Retro Virus Works
- 15. Page 15
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 15
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
How a Multipartite Virus Works
- 16. Page 16
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 16
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Rootkits
Type of malware that modifies or replaces one or more
existing programs to hide the fact that a computer has
been compromised
Modify parts of the operating system to conceal traces of
their presence
Provide attackers with access to compromised computers
and easy access to launching additional attacks
Difficult to detect and remove
- 17. Page 17
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 17
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Ransomware
Attempts to generate funds directly from a
computer user
Attacks a computer and limits the user’s ability to
access the computer’s data
Encrypts important files or even the entire disk
and makes them inaccessible
One of the first ransomware programs was
Crypt0L0cker
- 18. Page 18
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 18
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Spam
 Consumes computing resources bandwidth and CPU
time
 Diverts IT personnel from activities more critical to
network security
 Is a potential carrier of malicious code
 Compromises intermediate systems to facilitate
remailing services
 Opt-out (unsubscribe) features in spam messages
can represent a new form of reconnaissance attack to
acquire legitimate target addresses
- 19. Page 19
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 19
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Worms
Designed to propagate from one host
machine to another using the host’s own
network communications protocols
Unlike viruses, do not require a host
program to survive and replicate
The term “worm” stems from the fact that
worms are programs with segments,
working on different computers, all
communicating over a network
- 20. Page 20
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 20
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Worms (cont.)
- 21. Page 21
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 21
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Trojan Horses
Largest class of malware
Any program that masquerades as a useful
program while hiding its malicious intent
Relies on social engineering to spread and operate
Spreads through email messages, website
downloads, social networking sites, and automated
distribution agents (bots)
- 22. Page 22
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 22
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Logic Bombs
Programs that
execute a malicious
function of some kind
when they detect
certain conditions
Typically originate
with organization
insiders because
people inside an
organization
generally have more
detailed knowledge
of the IT
infrastructure than
outsiders
- 23. Page 23
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 23
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Active Content Vulnerabilities
 Active content
• Refers to dynamic objects that do something when the user
opens a webpage (ActiveX, Java, JavaScript, VBScript,
macros, browser plugins, PDF files, and other scripting
languages)
• Has potential weaknesses that malware can exploit
 Active content threats are considered mobile code
because these programs run on a wide variety of
computer platforms
 Users download bits of mobile code, which gain access to
the hard disk and do things like fill up desktop with
infected file icons
- 24. Page 24
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 24
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Malicious Add-Ons
Add-ons are companion programs that extend the web
browser; can decrease security
Malicious add-ons are browser add-ons that contain some
type of malware that, once installed, perform malicious
actions
Only install browser add-ons from sources you trust
- 25. Page 25
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 25
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Injection
Cross-site scripting (XSS)
SQL injection
LDAP injection
XML injection
Command injection
- 26. Page 26
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 26
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Botnets
 Robotically controlled networks
 Attackers infect vulnerable machines with agents
that perform various functions at the command of
the bot-herder or controller
 Controllers communicate with other members of the
botnet using Internet Relay Chat (IRC) channels
 Attackers can use botnets to distribute malware and
spam and to launch DoS attacks against
organizations or even countries
- 27. Page 27
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 27
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Denial of Service Attacks
Overwhelm a server or network segment to the point
that the server or network becomes unusable
Crash a server or network device or create so much
network congestion that authorized users cannot
access network resources
Distributed denial of service (DDoS) attack uses
intermediary hosts to conduct the attack
- 28. Page 28
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 28
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
SYN Flood
 Attacker uses IP
spoofing to send
a large number
of packets
requesting
connections to
the victim
computer
- 29. Page 29
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 29
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Smurf Attack
 Attackers direct forged Internet Control Message Protocol
(ICMP) echo request packets to IP broadcast addresses
from remote locations to generate DoS attacks
- 30. Page 30
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 30
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Spyware
Any unsolicited
background process that
installs itself on a user’s
computer and collects
information about the
user’s browsing habits and
website activities
Affects privacy and
confidentiality
Spyware cookies are
cookies that share
information across sites
Some cookies are
persistent and are stored
on a hard drive indefinitely
without user permission
- 31. Page 31
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 31
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Adware
Triggers nuisances
such as popup ads
and banners when
user visits certain
websites
Affects productivity
and may combine
with active
background
activities
Collects and tracks
information about
application, website,
and Internet activity
- 32. Page 32
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 32
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Phishing
Tricks users into providing logon information on what appears to
be a legitimate website but is actually a website set up by an
attacker to obtain this information
Spear-phishing
• Attacker supplies information about victim that appears
to come from a legitimate company
Pharming
• The use of social engineering to obtain access
credentials such as usernames and passwords
- 33. Page 33
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 33
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Keystroke Loggers
Capture keystrokes
or user entries and
forwards information
to attacker
Enable the attacker to
capture logon
information, banking
information, and other
sensitive data
- 34. Page 34
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 34
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Guidelines for Recognizing Hoaxes
Did a legitimate entity (computer security expert,
vendor, etc.) send the alert?
Is there a request to forward the alert to others?
Are there detailed explanations or technical
terminology in the alert?
Does the alert follow the generic format of a chain
letter?
- 35. Page 35
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 35
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Homepage Hijacking
Exploiting a browser vulnerability to reset
the homepage
Covertly installing a browser helper object
(BHO) Trojan program
- 36. Page 36
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 36
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Webpage Defacements
Someone gaining unauthorized access to a
web server and altering the index page of a
site on the server
The attacker replaces the original pages on
the site with altered versions
- 37. Page 37
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 37
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
A Brief History of Malicious Code
Threats
1970s and early 1980s academic research
and UNIX
1980s: Early PC viruses
1990s: Early LAN viruses
Mid-1990s: Smart applications and the
Internet
2000 to present
- 38. Page 38
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 38
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Threats to Business Organizations
Attacks against confidentiality and privacy
Attacks against data integrity
Attacks against availability of services and resources
Attacks against productivity and performance
Attacks that create legal liability
Attacks that damage reputation
- 39. Page 39
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 39
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Internal Threats from Employees:
Unsafe Computing Practices
Exchange of untrusted disks or other
media among systems
Installation of unauthorized, unregistered
software
Unmonitored download of files from the
Internet
Uncontrolled dissemination of email or
other messaging application attachments
- 40. Page 40
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 40
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Anatomy of an Attack
Phases
of an
attack
Types of
attacks
The
purpose
of an
attack
What
motivates
attackers
- 41. Page 41
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 41
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
What Motivates Attackers?
Money Fame
Political
beliefs or
systems
Revenge
- 42. Page 42
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 42
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
The Purpose of an Attack
Denial of availability
Data modification
Data export
Launch point
- 43. Page 43
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 43
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Types of Attacks
Unstructured attacks
Structured attacks
Direct attacks
Indirect attacks
- 44. Page 44
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 44
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
How a Direct Attack Works
- 45. Page 45
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 45
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Phases of an Attack
- 46. Page 46
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 46
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Reconnaissance and Probing
Attacker collects all information to conduct
the attack
Tools include:
• DNS and ICMP tools within the TCP/IP
protocol suite
• Standard and customized SNMP tools
• Port scanners and port mappers
• Security probes
- 47. Page 47
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 47
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Access and Privilege Escalation
Gain administrative rights to the system
Establish the initial connection to a
target host (typically a server platform)
- 48. Page 48
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 48
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Covering Traces of the Attack
Remove any traces of the attack
Remove files you may
have created and restore
as many files to their pre-
attack condition as
possible
Remove log file entries
that may provide evidence
of the attack
- 49. Page 49
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 49
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Attack Prevention Tools and
Techniques
Defense in depth
• The practice of layering defenses into
zones to increase the overall protection
level and provide more reaction time to
respond to incidents
- Application defenses
- Operating system defenses
- Network infrastructure defenses
- 50. Page 50
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 50
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Application Defenses
 Implementing regular antivirus screening on all host
systems
 Ensuring that virus definition files are up to date
 Requiring scanning of all removable media
 Installing personal firewall and IDS software on hosts
 Deploying change detection software and integrity
checking software
 Maintaining logs
 Implementing email usage controls and ensuring that
email attachments are scanned
- 51. Page 51
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 51
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Operating System Defenses
 Deploying change detection and integrity checking
software and maintaining logs
 Deploying or enabling change detection and integrity
checking software on all servers
 Ensuring that operating systems are consistent and
have been patched with the latest updates from
vendors
 Ensuring that only trusted sources are used when
installing and upgrading OS code
 Disabling unnecessary OS services and processes that
may pose a security vulnerability
- 52. Page 52
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 52
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Network Infrastructure Defenses
 Creating chokepoints in the network
 Using proxy services and bastion hosts to protect critical
services
 Using content filtering at chokepoints to screen traffic
 Ensuring that only trusted sources are used when
installing and upgrading OS code
 Disabling any unnecessary network services and
processes that may pose a security vulnerability
 Maintaining up-to-date IDS signature databases
 Applying security patches to network devices to ensure
protection against new threats and reduce vulnerabilities
- 53. Page 53
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 53
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Safe Recovery Techniques and
Practices
Store OS and data file backup images on external
media to ease recovering from potential malware
infection
Scan new and replacement media for malware before
reinstalling software
Disable network access to systems during restore
procedures or upgrades until you have re-enabled or
installed protection software or services
- 54. Page 54
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 54
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Implementing Effective Software
Best Practices
Adopt an acceptable use policy (AUP) for
network services and resources
Adopt standardized software to better
control patches and upgrades and to
ensure that you address vulnerabilities
Consider implementing an ISO/IEC 27002-
compliant security policy
- 55. Page 55
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 55
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Incident Detection Tools and
Techniques
Antivirus scanning software
Network monitors and analyzers
Content/context filtering and logging
software
Honeypots and honeynets
- 56. Page 56
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 56
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Summary
The impact of malicious code and
malware on systems and organizations
Attackers, hackers, and social
engineers
The phases of a computer attack
Tools and techniques to detect and
prevent attacks