Please enable JavaScript.
Coggle requires JavaScript to display documents.
CHAPTER 2 : INTRODUCTION VULNERABILITIES, THREAT AND ATTACK (MALICIOUS…
CHAPTER 2 : INTRODUCTION VULNERABILITIES, THREAT AND ATTACK
MALICIOUS CODE
- Inserted onto a host todamage a system; corrupt a system; replicate itself; or deny services or access to networks, systems or services.
- they can also allow sensitive information to be copied or echoed to other systems. Trojan horses can be used to ask the user to enter sensitive information in a commonly trusted screen
Example : an attacker might log in to a Window box and run a program that looks like the true Window logon screen, prompting a user to type his username and password
MALICIOUS CODE ATTACK
The primary vulnerabilities for end-user workstations are worm,virus and Trojan horse attacks.
Trojan horse
- An application written to look like something else that in fact is an attack tool
1) A Trojan horse differs only in that the entire application was written to look like something else, when in fact it is an attack tool.
-
Worm
- An application that executes arbitrary code and installs copies of itself in the memory of the infected computer, which then infects other hosts
1) Self-contained programs that attack a system and try to exploit a specific vulnerability in the target
2) Upon successful exploitation of the vulnerability, the worm copies its program from the attacking host to the newly exploited system to begin the cycle again.
Virus
- Malicious software that is attached to another program to execute a particular unwanted function on the user workstation
1) Viruses are malicious software that is attached to another program to execute a particular unwanted function on a user's workstation.
Example : a program that is attached to command.com (thae primary interpreter for Windows systems) that deletes certain files and infects any other versions of command.com that it can find
POLICY IDENTIFICATION
-
- Organizations that need a high level of security assurance will require defense-in-depth mechanisms to be deployed to avoid single points of failure.
- The result of policy analysis will be as follows:
-
2) Identification of possible policy improvements, which need to be made before the security implementation stage.
PASSWORD POLICY
- Its very important to use passwords like this for almost everything. Passwords are very easy to crack these days so here is a few suggestions for creating a strong password.
WEAK PASSWORD
-
- Contains your user name, real name, or company name
- Contains a complete dictionary word. example: PASSWORD, passw0rd, pa$$word
-