Types of Viruses.
Boot Sector- Initialy loads into the first sector of the hard drive; when the computer boots, the virus then loads into the memory.
Macro- Usually placed in documents and e-mailed to users in the hopes that the user will open the document, thus executing the virus.
Program- Infects executable files.
Polymorphic- Can change every time it is executed in an attempt to avaoid antivirus detection.
Stealh- Uses various techniques to go unnoticed by antivirus programs.
Armored- These protect themselves from antivirus programs by tricking the program into thinking that it's located in a different place from where it actually resides.
Multipartite- A hybrid of boot and program viruses that attacks the boot sector or system files first and then attacks the other.
Code that runs on a computer without the users knowledge; it infects the computer when the code is accessed and executed.
Code that runs on a computer without the user's knowledge; they self-replicate, whereas a virus does not. Worms take advantage of backdoors and security holes in OS and applications.
Applications that appear to perform desired functions but are actually performing malicious functions behind the scenes. They can be transferred by using flash drives or other removable devices.
Remote Access Trojans (RATs) are the most common type of Trojan.
A type of malicious software either downloaded unwittingly from a website, or installed from a third-party software. Spyware collects information on sites the user visits, or goes as far as recording your keystrokes from the users keyboard.
A type of software designed to gain admin level control over a computer system without being detected. Rootkits can target the BIOS, boot loader and kernal.
The abuse of electronic messaging systems such as e-mail, broadcast media, and instant messaging.
The most common type is e-mail spam. E-mail spam can clog up resorces, it can also mislead users in an attempt at social engineering.
The act of exploiting a bug or design flaw in a software or firmware application to gain access to resorces that normally would've been protected from an application or user.
Code that has, in some way, been inserted into software; it is meant to initiate some type of malicious function when specific criteria are met. They are intended to activate viruses, worms, or Tojans at a specfic time.
A group of compromised computers used to distibute malware across the internet; the members are called zombies.
Zombie- The individual compromised computers in a botnet.
Intrusion Dection System (IDS)
A piece of software that monitors and analyzes the system in an attempt to detect malicious activities.
Host-Based Intrusion Detection System (HIDS)
Loaded on an individual computer, it analyzes and monitors what happens inside that computer.
Advantage- can interpret encrypted traffic.
Disadvantage- exspensive and resource-intensive.
Network Intrusion Dectection System (NIDS)
Can be loaded on the computer, or can be a standalone appliance, but it checks all the packets that pass through the network interfaces, enabling it to "see" more than just one computer.
Advantage- less expensive, less resource intensive.
Disadvantage- cannot monitor things that happens on the OS.
Two main types of IDS monitoring.
Statistical anomaly- Establishes a performance baseline based on normal network traffic evaluations.
Signature-based- Network traffic is analyzed for predetermined attack patterns, which are known as signatures.
When a system denies a user who actually should be allowed access to the system.
When a system authenticates a user who should not be allowed access to the system.
Ways of blocking and filtering out unwanted advertisments; pop-up blockers and content filters are considered to be ad filtering methods,
Data Loss Prevention (DLP)
Systems that are designed to protect data by way of content inspection. They are meant to stop the leakage of confidential data.
DLP systems can be software or hardware-based solutions in three varieties:
Endpoint DLP systems- Individual computers, usually software based. Monitor data in use, such as e-mail.
Network DLP systems- Both software and hardware, often installed on the perimeter of the network. They ispect data in motion.
Storage DLP systems- Typically installed in data centers or server rooms as software that inspects data at rest.
Hardware Security Module (HSM)
A physical device that deals with the encryption of authentication processes, digital signings, and payment processes.
Sending of unsolicited messages to Bluetooth-enabled devies such as mobile phones and PDAs.
The unauthorized access of information from a wireless device through a Bluetooth connection.
Software designed to infiltrate a computer system and possibly damage it without the users knowledge or consent.
Types of spyware that pops up advertisments based on what it has learned about the user.
A general term used to describe applications that are behaving improperly buy without serious consequences; often describes types of spyware.
Trojans set off on a certain time.
Normally includes a computer between the sender and the receiver in an effort to capture and possibly modify information.
Open Mail Relay
Also known as SMTP open relay; it enables anyone on the Internet to send e-mail through an SMTP server.
Hardware and software based. Protect computer (s) from unwanted Internet traffic, by way of rules and policies.
Used in computer programs to bypass normal authentication and other security that is set in place.