- •Минобрнауки россии
- •305040, Г.Курск, ул. 50 лет Октября, 94. Unit 1
- •Introduction to information technology
- •Information system
- •Information
- •Information as records
- •Unit 2 blogs
- •Unit 3 the social network
- •Unit 4 piracy
- •Unit 5 web design
- •Inheritance
- •Unit 7 operating systems
- •Introduction to the Network
- •Ip Addressing
- •Unit 9 Certifications
- •It Certifications.
- •Unit 10 malicious code attacks
- •Implementation bug:
Implementation bug:
Software is programmed usually by human beings who are error prone. Software can contain million lines of code which can contain bugs that an attacker can exploit to gain unauthorized access to a computer system. Some examples of software bugs are buffer overflows, race condition, format string errors, SQL injection, and mishandle of temporary files.
Abuse of feature:
Some legitimate actions can lead to system failures if they are put to the extreme. Examples include opening hundreds of telnet connections to a machine to fill its process table, or filling up a mail spool with junk e-mail.
System misconfiguration:
Many attacks are exploited through misconfiguration of systems and/or services. The network administrator forgets to shut down services that are not in use on a server such as Simple Network Management Protocol (SNMP), Network Virtual Terminal Protocol (Telnet), and File Transfer Protocol (FTP), etcetera. The default configuration of some systems includes a "guest" account that is not protected with a password. Access Control Lists (ACL) is in the security policies, but the router is not configured for it.
Masquerading:
In some cases, it is possible to fool a system into giving access by misrepresenting oneself. An example is sending a Transmission Control Protocol/Internet Protocol (TCP/IP) packet that has a forged source address (IP spoofing) that makes the packet appear to come from a trusted host. Another example of masquerading is an attacker can put up a fake bank website and entices user to that website. User types in his/her password, and the attacker in turn uses it to access the bank's real website. Done right, the user will never realize that he/she is not at the bank's website. Then the attacker can disconnect the user and make any fraudulent transactions he/she wants, or passes along the user's banking transactions while making his/her own transactions at the same time. This type of masquerading is called fishing and is getting more and more popular for attackers every day.
Questions:
What are examples of computer/network attacks?
What is ultimate goal for an attacker?
What is Social engineering?
Give examples of software bugs.
What type of masquerading is called fishing and is getting more and more popular for attackers every day?
TROJANS AND OTHER BACKDOORS
Read and memorize the following words:
the siege of Troy – осада Трои
a set of commands – набор команд
to give hackers access to system files – дать хакерам доступ к системе файлов
to log keystrokes of the computer user – блокировать нажатие клавиш пользователя
to disable a keyboard – выводить из строя клавиатуру.
The wooden horse that the Greeks reputedly used during the siege of Troy has been applied to malicious code that allows its creator to execute an unauthorized command or set of commands on a computer infected by the code. It is also interesting to note that a woman, Cassandra, urged the soldiers of Troy not to take the wooden horse into the city. The soldiers obviously did not listen. Ironically perhaps, a contemporary computer security project was named for Cassandra. Hopefully this time, the soldiers will heed the warning.
Trojan horses are both problematic and a basic type of malicious code designed primarily to give hackers access to system files. This gives hackers the ability to change file settings, steal files or passwords, damage files, or monitor user activities on other computers on a network. Examples of what Trojans allow remote users controlling the Trojan to do include the following:
Remove files from the infected computer.
Download files to the infected computer.
Make registry changes to the infected computer.
Delete files on the infected computer.
Steal passwords and other confidential information.
Log keystrokes of the computer user.
Rename files on the infected computer.
Disable a keyboard, mouse, or other peripherals.
Shut down or reboot the infected computer.
Run selected applications or terminate open applications.
Disable virus protection or other computer security software.
Worms.
A worm is a malicious program that originates on a single computer and searches for other computers connected through a local area network (LAN) or Internet connection. When a worm finds another computer, it replicates itself onto that computer and continues to look for other connected computers on which to replicate. A worm continues to attempt to replicate itself indefinitely or until a self-timing mechanism halts the process.
Questions:
What has been applied to malicious code that allows its creator to execute an unauthorized command or set of commands on a computer infected by the code?
Give examples of what Trojans can do with computers.
What is a worm? Can it replicate itself?
HUMAN ERROR AND FOOLISHNESS
Read and memorize the following words:
unknown sender –неизвестный отправитель
be infected with worms –быть зараженными « червями»
floppy disk-гибкий диск;
desktop computer –настольный компьютер
to handle events –трактовать события
to design – конструировать, проектировать
to damage a system – повреждать систему
to commit crimes – совершать преступления
to help avert an attack – помочь предотвратить атаку
In addition to falling victim to social engineering tricks of attackers, computer users can do a wide variety of things to unknowingly or unwittingly enable a malicious code attack. Common mistakes include opening e-mail attachments from unknown senders, visiting Web sites that are infected with worms, and loading documents from floppy disks that result in malicious code being transferred to desktop computers.
Most people do not understand their computers well enough to tell when an anomaly is occurring. When things start going wrong with their computers, most users do not know how to react. In most cases, computer problems are just technical in nature. However, when a worm or virus has damaged a system, errors or events that appear to be unknown technical problems can occur.
Employees can take several steps to help avert an attack. However, employees cannot be held responsible for these types of mistakes unless adequate training and documented policies and procedures have been provided for handling events that enable an attack.
Action steps to combat malicious code attacks.
The material in this chapter shows that malicious code attacks have been and will continue to be a problem that organizations need to address. As steps are taken to defend against malicious code attacks, managers, planners, and technical staff should understand the following rudiments:
Malicious code attacks have caused considerable damage and disruption and will grow in intensity in the future.
The vulnerabilities in technology and flaws in software continue to grow rapidly, which requires ongoing diligence by IT staff responsible for countermeasures.
The number and types of individuals who can use and may be motivated to use malicious code attacks as forms of protest or to commit crimes is growing.
In addition to vulnerabilities in computer and networking technology, social engineering, а human error, and a lack of knowledge on the part of computer users all help enable malicious code attack.
Questions:
What are common mistakes of users?
Are computer problems just technical in nature in most cases?
Саn employees be responsible for malicious code attack?