Презентация Malicious Software. Chapter 6. Computer Security: Principles and Practice онлайн
На нашем сайте вы можете скачать и просмотреть онлайн доклад-презентацию на тему Malicious Software. Chapter 6. Computer Security: Principles and Practice абсолютно бесплатно. Урок-презентация на эту тему содержит всего 37 слайдов. Все материалы созданы в программе PowerPoint и имеют формат ppt или же pptx. Материалы и темы для презентаций взяты из открытых источников и загружены их авторами, за качество и достоверность информации в них администрация сайта не отвечает, все права принадлежат их создателям. Если вы нашли то, что искали, отблагодарите авторов - поделитесь ссылкой в социальных сетях, а наш сайт добавьте в закладки.
Презентации » Устройства и комплектующие » Malicious Software. Chapter 6. Computer Security: Principles and Practice
Оцените!
Оцените презентацию от 1 до 5 баллов!
- Тип файла:ppt / pptx (powerpoint)
- Всего слайдов:37 слайдов
- Для класса:1,2,3,4,5,6,7,8,9,10,11
- Размер файла:733.50 kB
- Просмотров:88
- Скачиваний:0
- Автор:неизвестен
Слайды и текст к этой презентации:
№3 слайд
Содержание слайда: Malicious software
Programs exploiting system vulnerabilities
Known as malicious software or malware
program fragments that need a host program
e.g. viruses, logic bombs, and backdoors
independent self-contained programs
e.g. worms, bots
replicating or not
Sophisticated threat to computer systems
№4 слайд
Содержание слайда: Malware Terminology
Payload: actions of the malware
Virus: attaches itself to a program
Worm: propagates copies of itself to other computers
Logic bomb: “explodes” when a condition occurs
Trojan horse: fakes/contains additional functionality
Backdoor (trapdoor): allows unauthorized access to functionality
Mobile code: moves unchanged to heterogeneous platforms
Auto-rooter Kit (virus generator): malicious code (virus) generators
Spammer and flooder programs: large volume of unwanted “pkts”
Keyloggers: capture keystrokes
Rootkit: sophisticated hacker tools to gain root-level access
Zombie: software on infected computers that launch attack on others (aka bot)
Crimeware: kits for building malware; include propagation and payload mechanisms (Zeus, Sakura, Blackhole, Phoenix)
№5 слайд
Содержание слайда: Viruses
Piece of software that infects programs
modifying them to include a copy of the virus
so it executes secretly when host program is run
Specific to operating system and hardware
taking advantage of their details and weaknesses
A typical virus goes through phases of:
dormant: idle
propagation: copies itself to other program
triggering: activated to perform functions
execution: the function is performed
№6 слайд
Содержание слайда: Virus structure
Components:
infection mechanism: enables replication
trigger: event that makes payload activate
payload: what it does, malicious or benign
Prepended/postpended/embedded
When infected program invoked, executes virus code then original program code
Can block initial infection (difficult) or propagation (with access controls)
№8 слайд
Содержание слайда: A virus such as the one just described is easily detected because an infected version of a program is longer than the corresponding uninfected one.
A way to thwart such a simple means of detecting a virus is to compress the executable file so that both the infected and uninfected versions are of identical length.
№10 слайд
Содержание слайда: Virus classification
By target
boot sector: infect a master boot record
file infector: infects executable OS files
macro virus: infects files to be used by an app
multipartite: infects multiple ways
By concealment
encrypted virus: encrypted; key stored in virus
stealth virus: hides itself (e.g., compression)
polymorphic virus: recreates with diff “signature”
metamorphic virus: recreates with diff signature and behavior
№11 слайд
Содержание слайда: Macro and scripting viruses
Became very common in mid-1990s since
platform independent
infect documents
easily spread
Exploit macro capability of Office apps
executable program embedded in office doc
often a form of Basic
More recent releases include protection
Recognized by many anti-virus programs
№13 слайд
Содержание слайда: Virus countermeasures
Prevention: ideal solution but difficult
Realistically need:
detection: determine what occurred
identification: identify the specific virus
removal: remove all traces
If detected but can’t identify or remove, must discard and replace infected program
№14 слайд
Содержание слайда: Anti-virus evolution
Virus & antivirus tech have both evolved
Early viruses simple code, easily removed
As viruses become more complex, so did the countermeasures
Generations
first - signature scanners (bit patterns all the same)
second – heuristics (integrity checks; checksums)
third - identify actions (find by actions they do)
fourth - combination packages
№15 слайд
Содержание слайда: Generic decryption (GD)
Runs executable files through GD scanner:
CPU emulator to interpret instructions
virus scanner to check known virus signatures
emulation control module to manage process
Lets virus decrypt itself in interpreter
Periodically scan for virus signatures
Let virus do the work for an antivirus program by exposing it in a controlled environment
№18 слайд
Содержание слайда: Worms
Replicating program that propagates over net
using email, remote exec, remote login
Has phases like a virus:
dormant, propagation, triggering, execution
propagation phase: searches for other systems, connects to it, copies self to it and runs
May disguise itself as a system process
Concept seen in Brunner’s novel “Shockwave Rider”
Implemented by Xerox Palo Alto labs in 1980’s, but to search idle systems to run a computationally intensive task.
№20 слайд
Содержание слайда: Morris worm
One of best known worms
Released by Robert Morris in 1988
Affected 6,000 computers; cost $10-$100 M
Various attacks on UNIX systems
cracking password file to use login/password to logon to other systems
exploiting a bug in the finger protocol
exploiting a bug in sendmail
If succeed to have remote shell access
sent bootstrap program to copy worm over
№21 слайд
Содержание слайда: More recent worm attacks
Melissa
1998: exploiting Microsoft Word macro embedded in an attachment.
1999: could be activated merely by opening an e-mail that contains the virus, rather than by opening an attachment.
100.000 computers in 3 days
Code Red
July 2001 exploiting MS Internet Information Server (IIS) bug
probes random IP address, does DDoS attack
consumes significant net capacity when active
360,000 servers in 14 hours
Code Red II variant includes backdoor: hacker controls the worm
SQL Slammer (exploited buffer-overflow vulnerability)
early 2003, attacks MS SQL Server
compact and very rapid spread
Mydoom (100 M infected email messages in 36 hours)
mass-mailing e-mail worm that appeared in 2004
installed remote access backdoor in infected systems
№22 слайд
Содержание слайда: State of worm technology
Multiplatform: not limited to Windows
Multi-exploit: Web servers, emails, file sharing …
Ultrafast spreading: do a scan to find vulnerable hosts
Polymorphic: each copy has a new code
Metamorphic: change appearance/behavior
Transport vehicles (e.g., for DDoS)
Zero-day exploit of unknown vulnerability (to achieve max surprise/distribution)
№23 слайд
Содержание слайда: Worm countermeasures
Overlaps with anti-virus techniques
Once worm on system A/V can detect
Worms also cause significant net activity
Worm defense approaches include:
signature-based worm scan filtering: define signatures
filter-based worm containment (focus on contents)
payload-classification-based worm containment (examine packets for anomalies)
threshold random walk scan detection (limit the rate of scan-like traffic)
rate limiting and rate halting (limit outgoing traffic when a threshold is met)
№25 слайд
Содержание слайда: Mobile code
Scripts, macros or other portable instructions
Popular ones: JavaScript, ActiveX, VBScript
Heterogeneous platforms
From a remote system to a local system
Can act as an agent for viruses, worms, and Trojan horses
Mobile phone worms: communicate through the Bluetooth connections (e.g., CommWarrior on Symbian but attempts also on Android and iPhone)
№27 слайд
Содержание слайда: Social engineering, spam, email, Trojans
“Tricking” users to assist in the compromise of their own systems or personal information.
Spam e-mail may account for 90% or more of all e-mail sent. Spam is:
Advertising
Attached documents with malware
Attached Trojan horse program
Phishing attack
Trojan horse: looks like a useful tool but contains hidden code
№29 слайд
Содержание слайда: Payload attack agents: bots (zombie/drone)
Program taking over other computers and launch attacks
hard to trace attacks
If coordinated form a botnet
Characteristics:
remote control facility (distinguishing factor from worm)
via IRC/HTTP etc
spreading mechanism
attack software, vulnerability, scanning strategy
Various counter-measures applicable (IDS, honeypots, …)
№32 слайд
Содержание слайда: A backdoor is a secret entry point into a program to gain access without going through the usual security access procedures.
A backdoor is a secret entry point into a program to gain access without going through the usual security access procedures.
Usually implemented as a network service listening on some non-standard port.
Security measures must focus on the program development and software update activities, and on programs that wish to offer a network service.
№33 слайд
Содержание слайда: Payload: backdoor and rootkits
A rootkit is a set of programs installed for admin access
It determines a malicious and stealthy changes to host O/S
May hide its existence
subverting report mechanisms on processes, files, registry entries etc
May be persistent (survives reboot) or memory-based
Do not rely on vulnerabilities
installed via Trojan
installed via hackers
№35 слайд
Содержание слайда: Countermeasures for Malware
Prevention:
Ensure all systems are as current as possible, with all patches applied
Set appropriate access controls on the applications and data stored on the system, to reduce the number of files that any user can access
Use appropriate user awareness and training
№36 слайд
Содержание слайда: Countermeasures for Malware
If prevention fails, use technical mechanisms to support the following threat mitigation options:
Detection, identification, removal
Requirements
Generality
Timeliness
Resiliency
Minimal DoS costs
Transparency
Global/local coverage (inside and outside attackers)
Скачать все slide презентации Malicious Software. Chapter 6. Computer Security: Principles and Practice одним архивом:
-
Intrusion Detection. Chapter 8. Computer Security: Principles and Practice
-
Programming Logic and Design Seventh Edition. Chapter 1. An Overview of Computers and Programming
-
5B070500 «Mathematical and Computer Modeling» Образовательные программы
-
Software Development Life Cycle and Methodologies
-
Chapter 4 Computation
-
Internet and Java Foundations, Programming and Practice
-
Prolog. A general-purpose logic programming language associated with artificial intelligence and computational linguistics
-
Green technologies use in computer science and programming
-
Computational and Problem Solving(SDP1)
-
HTML and CSS. Site layout. Best practices