CIS 425 Guo

What are the critical assets

a) information

b) custom business software

c) system software

d) physical items

e) Services

a & b | Everything else is easily replaced

define threat

Events or actions that represent a danger to information assets.

By itself does not mean that security has been compromised; means that the potential for creating a loss is real

delay in information being transmitted is a what

threat

Threat Actor

A person or element that has the power to carry out a threat.

A force of nature can be classified as a:

Threat Actor. The result of a hurricane could destroy computer equipment and its information

Vulnerability

A flaw or weakness that allows a threat actor to bypass security.

If a threat actor can exploit a system through a hole (vulnerability)

Exploiting the vulnerability through an attack vector

attack vector

means by which an attack can occur

Attack Surface

The sum of all attack vectors. The smaller the attack surface, the more secure is the network.

Risk

situation that involves exposure to some type of danger

Four levels to deal with risk:

Accept

Transfer

Avoid

Mitigate

Accept

Risk acknowledged, no steps taken to address it

Transfer

Shift the risk to a third party

Avoid

The risk is acknowledged, but making the decision not to partake in the activity

Mitigate

An attempt to lower the severity of the risk

risk deterrence

The understanding of something about the "enemy," and letting "them" know the harm that can come their way if they cause harm to you

Sign in parking lot that says "Trespassers will be punished to the full extent of the law" is an example of what

Risk deterrence

Script Kiddies

find hacking code on the internet and click-and-point their way into systems to cause damage or spread viruses

No Skills

Hactivist

Strongly motivated by ideology or retaliatory

Not well organized/defined

can be motivated to attack governments

Nation State Actors

Well-resourced and highly trained attackers

target highly sensitive economic, proprietary or national security information

Advanced Persistent Threat

Use innovative tools and once system is infect it silently extracts data over an extended period

Most commonly associated with nation state actors

Insiders

Most serious threat. can be employees, contractors, and business partners.

Accounted for 58% of breaches in an enterprise

insiders

Cyberterrorism

the use of computer and networking technologies against persons or property to intimidate or coerce governments, individuals, or any segment of society to attain political, religious, or ideological goals

Organized Crime

Moving from traditional criminal activities to more rewarding and less risky online attacks

Layering (Defense in Depth)

Provides the most comprehensive protection by creating layers of protection

Limiting (least privilege)

Only allow access to a minimum. Allow users to see what they need and no more.

Diversity

Works hand in hand with layering. The idea of having different devices at different layers to ensure that is a layer is compromised, the whole system is not compromised.

Can be achieved by using different types of devices, different vendors, and even different groups that distribute access and those that protect the access.

Obscurity

Blinding the world to what is inside.

Not revealing the operating system, hardware brand, or software brand

Simplicity

Keep systems simple on the inside and complex from the outside

LLDOS

Layering

Limiting

Diversity

Obscurity

Simplicity

Malware

software that is intended to damage or disable computers and computer systems.

Five classifications of malware

Circulation

infection

concealment

payload capabilities

What two malware have the primary trait of circulation

viruses and worms

What two things does a virus need

A file to attach to

Human to transport it to other computers

If a virus is attached to an executable file it is called a

Program file

If a virus attaches to a data file it is called a

Macro virus

Appender Infection

Virus appends itself to end of a file and inserts a jump statement to trigger the virus code to execute

Armored Virus

A virus that goes to great lengths in order to avoid detection.

Swiss Cheese Virus

Virus is scrambled (encrypted)

Decryption engine divided and placed into different places

Tied together at execution

Split Injection

Split the virus into several bodies

Pieces placed randomly in the code

Mutation virus

able to change itself

Oligomorphic Virus

changes its internal code to one of a set number of predefined mutations whenever executed

Polymorphic Virus

completely changes from its original form when executed

Metamorphic Virus

can rewrite its own code and appear different each time it is executed

T/F A virus can spread to other computers without a human

False

T/F a virus must enter their host passively

True; A virus depends on the action of an outside agent

What is the primary purpose of both a virus and a worm

Their purpose is to spread

Another name for a worm is

Network Virus

T/F: A worm is designed to enter a computer through the network

True

What is the biggest difference between a virus and worm

A virus can only replicate on the host computer, while a work can self replicate between computers

Does a worm infect a file?

No

Does there need to be a user action to spread a worm?

No

How does a virus spread to other computers

User transfers infected files to other devices

How does a virus infect?

Inserts malicious code into a program or datafile

How does a worm infect

Exploits a vulnerability in an application or operating system

Trojan Horse

a program that appears desirable but actually contains something harmful

Remote Access Trojan (RAT)

A Trojan that also gives the threat agent unauthorized remote access to the victim's computer by using specially configured communication protocols.

Ransomware

a type of malicious software designed to block access to a computer system until a sum of money is paid.

Ransomware Pricing

Small enough so victim will pay

Large enough so attacker makes money

Goals of ransomware

Instill fear

Immediate solution

Crypto-malware

A type of ransomware that encrypts the user's data until a fine is paid.

What two enhancements to crypto-malware make it even more of a concern

Instead of encrypting files only on the user's local hard drive, it now encrypts all files on any network or attached device that is connected to that computer

Using Crypto-malware to infect mobile devices such as smartphones and tablets

What is the process for Crypto-malware

once infected malware connects with C&C

1) Locking key generated (encrypts all files on computer)

2) Locking key encrypted from a downloaded key from C&C Server

Downfall of Crypto-malware

If server address is known, it can be blocked and prevent communication with C&C

Solution Hardcode key into malware: --> Resulted in victims being able to send the decryption key to others infected

Rootkit

Can hide the presence of other malware (viruses) on the computer by accessing lower layers of the operating system or by using undocumented functions to make alterations.

What malware does this:

Hides malicious files and prevents scanning software from being able to detect it

Rootkit

What're the primary payload capabilities

Collect and delete data

Modify System Security

Launch Attacks

Spyware

A type of Malware that monitors and saves data from users without them knowing about it.

A keylogger belongs to what malware classification

Payload Capabilities + Collect data

Keylogger

a malicious program that records keystrokes.

T/F a keylogger can turn on a victims camera

True

T/F a keylogger can be installed remotely

True | Done from a virus or trojan

Adware

A software program that delivers advertising content in a manner that is unexpected and unwanted by the user.

Logic Bombs

A malware that is frequently used to delete data.

Added to a legit program but lies dormant until a psecific event triggers it.

backdoor

Software code that gives access to a program or a service that circumvents normal security protections.

Allows an attacker to leave and come back bypassing all security measures

Bot/Zombie

an infected computer that is remotely controlled by a hacker

Social Engineering

A means of gathering information for an attack by relying on the weaknesses of individuals.

Phishing

An attack that sends an email or displays a Web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information

spear phishing

a phishing expedition in which the emails are carefully designed to target a particular person or organization

Whaling

A phishing attack that targets only wealthy individuals.

vishing

a phone scam that attempts to defraud people by asking them to call a bogus telephone number to confirm their account information

Hoax

is an email chain letter that warns of impending viruses and tries to scare users into forwarding and continuing the hoax email.

Change security settings

Tailgating

When an unauthorized individual enters a restricted-access building by following an authorized user.

Shoulder surfing

Gaining compromising information through observation (as in looking over someone's shoulder).

Cryptography

The practice of transforming information so that it is secure and cannot be accessed by unauthorized persons.

How does Cryptography accomplish security

Scrambling the information in such a way that only approved recipients can access it

Steganography

A field within cryptography; uses images metadata to hide data.

Encryption

Changing original text into a secret message using cryptography

Plaintext

Unencrypted data that is input for encryption or is the output of decryption

Cipher Text

Data that has been encrypted.

Cleartext

Data stored or transmitted without encryption

Cipher

the generic term for a technique (or algorithm) that performs encryption

Key

A mathematical value entered into a cryptographic algorithm to produce encrypted data.

ROT13

A substitution cipher that uses a key of 13. To encrypt a message, you would rotate each letter 13 spaces. To decrypt a message, you would rotate each letter 13 spaces.

XOR cipher

An encryption algorithm based on the binary operation eXclusive OR that compares two bits.

Involves a combinator

If two bits are the same / different using XOR cipher what would the output be for each

Match = 0

Different = 1

If the strength of a cryptographic algorithm depends on formulas what do formulas depend on ?

Quality of random numbers

T/F a past number can predict a future number in cryptography

False

T/F Computers can generate random numbers

False | They are not truly random