-
Confidentiality
Preventing the disclosure of information to unauthorized persons
-
Integrity
Means that data has not been tampered with or modified
-
Availability
Means that data is obtainable regardless of how it is stored/accessed/protected
-
AAA of Computer Security
- Authentication
- Authorization
- Accounting
-
Authentication
Person's identity is established with proof and confirmed by a system
-
Authorization
- When a user is given access to certain data or areas
- Happens after authentication
-
Accounting
Tracking of data, computer usage, and network resources
-
5 Categories of Authentication
- Something the user knows
- Something the user has
- Something the user is
- Something the user does
- Somewhere the user is
-
Gray Hats
Have no affiliation with a company, break into it, and then notify the administrator
-
Blue Hats
Asked by an organization to hack into a system, but are not employed by the organization
-
Virus
- Runs on a computer without the user's knowledge
- Infects the computer when code is accessed and executed
- Cannot reproduce by itself without being opened
-
Malware
Software designed to infiltrate a computer system and possibly damage it without the user's knowledge or consent
-
Worm
Like a virus, but can self-replicate
-
Trojan Horse
Appears to perform wanted functions but actually performs malicious functions behind the scenes
-
Type of malware that restricts access to a system and demands a ransom be paid
Ransomware
-
Spyware
Collects information about about the user without their consent
-
Adware
Pops up ads based on what it has learned from spying on the user
-
Rootkit
Designed to gain admin-level control of a computer without being detected
-
The method that a threat uses to access a target
Threat Vector
-
The means by which an attacker gains access to a computer in order to deliver malware
Attack Vector
-
Active Interception
- A computer placed between the sender and the receiver.
- Examples include: session theft, man in the middle
-
Tools to detect a rootkit
- Use removable media to boot the computer
- GMER, TDSSKiller, chkrootkit
- Or re-image the computer
-
Virus Prevention Techniques
- Run/update AV software
- Scan entire system periodically
- Update OS
- Use a firewall
-
Worm Prevention Techniques
- Run/update AV software
- Scan entire system periodically
-
Trojan Horse Prevention Techniques
- Run/update AV software
- Scan entire system periodically
- Run trojan scan periodically
-
Spyware Prevention Techniques
- Run/update anti-spyware software
- Scan entire system periodically
- Adjust web browser settings
- Consider technologies that discourage spyware (i.e. virtualization)
-
Rootkit Prevention Techniques
- Run/update antivirus software
- Use rootkit detector programs
-
Spam Prevention Techniques
- Use a spam filter
- Configure white/blacklists
- Close open mail relays
- Train your users
-
Personal Firewall
- Applications that protect individual computers from unwanted traffic
- Uses rules and policies
- examples: Windows Firewall, ipfirewall, iptables (linux)
-
Loaded on an individual computer, analyzes and monitors what happens inside that computer
HIDS
-
Checks all packets passing through network interfaces, enabling it to "see" more than one computer
- NIDS
- Can be loaded onto a computer or as a standalone appliance
-
2 Types of Monitoring IDS can carry out
- Statistical Anomaly
- Signature Based
-
Statistical Anomaly
IDS establishes a performance baseline based on normal network traffic, compares current traffic to baseline
-
Signature-Based Detection
IDS analyzes network traffic for pre-determined attack patterns (signatures)
-
Examples of HIDS
- OSSEC (free)
- Verisys, Tripwire
-
DLP Systems
perform content inspection to prevent unauthorized use/leakage of data
-
-
Endpoint DLP Systems
- Run on a computer
- Monitor data in use (i.e. e-mail)
- Can be used to inspect USB devices
-
Network DLP Systems
- Often installed on perimeter of the network
- Inspects data in motion
-
Storage DLP Systems
- Installed in data centers or server rooms
- Inspects data at rest
-
Methods of securing the BIOS
- Use a BIOS password
- Flash the BIOS to latest version
- Configure BIOS (disable removable media, change boot order, etc)
-
Drawbacks to using a HIDS instead of a NIDS?
- HIDS tend to use a lot of resources, can cause latency
- HIDS cannot detect network attacks
|
|