-Differentiate Among Various Systems Security Threats
-Explain System Hardware and Peripheral Risks
securing sensitive data against unauthorized access and protecting its integrity and existence from malicious users and software.
a computer program that replicates itself within the affected system without the knowledge of the user and can be passed from system to system. (e.g. e-mail, IM, discs, removable media)
infects the boot sector of partition table of a disk, commonly finding its way through an infected disk or removable media.
Boot Sector Virus
used by the computer to determine what operating systems (OS) are present on the system to boot.
is to boot the sytem using an anti-virus/emergency recovery boot disk/CD which allows you to start up the computer with basic startup files bypassing the boot sector and then run the anti-virus program on the CD.
The best way to remove a boot-sector virus from a system
disguises itself as a legitimate program, using the name of a legitimate program but with a legitimate extension. (e.g. instead of program.exe it will use program.com)
generally infect files that have the extensions .com or .exe and sometimes destroys the program it infects by overwriting the original code.
File Infector Virus
an instruction that carries out program commands automatically within an application. Uses the internal workings of an application to perform malicious operations for examples infecting program templates. Everytime a file is created with the default template the virus is copied to the new file.
stays in system memory and infects other files that are run at tthe same time.
Memory Resident Virus
is a virus that changes itself with each infection. Designed to confuse virus-scanning programs and are difficult to detect because each copy looks different from previous copies.
is a virus that recompiles itself into a new form and the code keeps changing from generation to generation.
hides itself from virus protection software by encrypting its code. Takes over the system function that reads files or system sectors and reports back original files even though its no longer there.
hides on your computer system until called upon to perform a certain task. Runs a service and opens a port on the system to which the attacker can be connected when they run the control application from a remote location and can have full access.
a program that will not activate until a specific trigger (e.g. date) is set off.
is a self-contained program/s that can spread full copies/segments of itslef to other computer systems via network connections, e-mail, or IM.
potential software threat that is not always considered a security threat. Typically used to embed advertisements in applications. Can be used to send user's personal information back to the advertiser.
typicall tracks the user's habits while using an application such as a music player that relays the user's musical preferences back to the application vendor.
is a type of back-door program that is inserted into application software and allows a remote user administrator access to the system without permission.
any type of computer system that is attached to a network whose security has been compromised and that runs malicious software completely unknown to system users. Typically used for distributed denial-of-service (DDoS) attacks.
Robot Network aka "Botnet"
Slow responsiveness and large amounts of network packets being sent from the infected system.
What are symptoms of being a part of a Botnet?
an error in a program that hinders or alters its ability to function properly.
when an unauthorized user exploits software bugs to gain more privileged access to a computer system by bypassing the application and perform commands with escalated privilege access.
a situation when a potential threat due to a vulnerability in an application of operating system has become known to the general publis, enabling malicious hackers to create code to exploit the vulnerability.
A network administrator should disable/rename/create alternative with equal access rights instead of using this.
an attempt to break a password or encryption scheme through simple repetition of attempts.
set a limit on login attempts.
The best way to prevent brute-force attack is to
a special program that compare an encrypted password file with login name and passwords with a list of common, dictionary-based passwords.
a combination dictionary and brute-force attack that checks for variations on passwords.
An unauthorized person who casts a casual glance over the shoulder of an employee.
uses nontechnical methods to attempt to gain unauthorized access to a system or network.
an e-mail or web security scan that tricks an unsuspecting user into visiting a webite or replying to an e-mail with confidential personal information.
a type of storage subsytem device that can be attached to a network for sharing and storing files.
Network Attached Storage (NAS)
in the event a hardware device fails, an additional device in the systen can automatically take over to avoid any down time.
a method of using multiple hard disks to improve redundancy and reliability in the event one of the disks fails.
Redundant Array of Inexpensive Disks (RAID)
a technology that enables sytem devices such as hard drives to be removed and added while the system is still operating.
Install the latest updates and patched for the software application.
What is the best method for protecting against software exploitaion and privilege escalation types of software-based threats?
Reinstall the operating system
A computer system is suspected of carrying a rootkit. What is the most efficient mothod of removing the rootkit?
Which of the following is the best method for protecting the privacy of data on a USB key?
Install the latest service pack
Which of the following is the best way to protect against security vulnerabilities within OS software?
Boot the laptop with an anti-virus disc
A user has brought a virus-infected laptop into the facility. It contains no anti-virus protection software and hasn't been hooked up to the network yet. What's the best way to fix the laptop?
Five failed login attempts on an admin account
During an audit of a server system log, which of the following entries would be considered a possible security threat?