computer systems security part i
DESCRIPTION
Computer Systems Security Part I. ET4085 Keamanan Jaringan Telekomunikasi Tutun Juhana School of Electrical Engineering and Informatics Institut Teknologi Bandung. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Computer Systems Security Part I](https://reader036.vdocuments.net/reader036/viewer/2022070501/56816931550346895de07fd2/html5/thumbnails/1.jpg)
Computer Systems SecurityPart I
ET4085 Keamanan Jaringan TelekomunikasiTutun Juhana
School of Electrical Engineering and InformaticsInstitut Teknologi Bandung
![Page 2: Computer Systems Security Part I](https://reader036.vdocuments.net/reader036/viewer/2022070501/56816931550346895de07fd2/html5/thumbnails/2.jpg)
2
Computer systems security is all about the security threats that can compromise an operating system
and the data held within
Threats: viruses, Trojans, and spyware are
![Page 3: Computer Systems Security Part I](https://reader036.vdocuments.net/reader036/viewer/2022070501/56816931550346895de07fd2/html5/thumbnails/3.jpg)
3
COMPUTER SYSTEMS SECURITY THREATS
![Page 4: Computer Systems Security Part I](https://reader036.vdocuments.net/reader036/viewer/2022070501/56816931550346895de07fd2/html5/thumbnails/4.jpg)
4
Malicious Software
• Malicious software, or malware, is software designed to infiltrate a computer system and possibly damage it without the user’s knowledge or consent– Viruses– Worms– Trojan horses– Spyware– Rootkits– Adware– and other types of undesirable software.
![Page 5: Computer Systems Security Part I](https://reader036.vdocuments.net/reader036/viewer/2022070501/56816931550346895de07fd2/html5/thumbnails/5.jpg)
5
Viruses• A virus is code that runs on a computer without the user’s
knowledge; it infects the computer when the code is accessed and executed
• For viruses to do their dirty work, they first need to be executed by the user in some way– A virus needs some sort of carrier
• A virus also has reproductive capability and can spread copies of itself throughout the computer if it is first executed by the user
• By infecting files accessed by other computers, the virus can spread to those other systems as well
![Page 6: Computer Systems Security Part I](https://reader036.vdocuments.net/reader036/viewer/2022070501/56816931550346895de07fd2/html5/thumbnails/6.jpg)
6
• Viruses types– Boot sector - Initially loads into the first sector of
the hard drive; when the computer boots, the virus then loads into memory.
– Macro - Usually placed in documents and e-mailed to users in the hopes that the user will open the document, thus executing the virus.
– Program - Infects executable files
![Page 7: Computer Systems Security Part I](https://reader036.vdocuments.net/reader036/viewer/2022070501/56816931550346895de07fd2/html5/thumbnails/7.jpg)
7
• Viruses types (2)– Polymorphic - Can change every time is it executed in an attempt
to avoid antivirus detection.– Stealth - Uses various techniques to go unnoticed by antivirus
programs.– Armored - These protect themselves from antivirus programs by
tricking the program into thinking that it is located in a different place from where it actually resides • Essentially, it has a layer of protection that it can use against the person
who tries to analyze it; it will thwart attempts by analysts to examine its code.
– Multipartite - A hybrid of boot and program viruses that attacks the boot sector or system files first and then attacks the other
![Page 8: Computer Systems Security Part I](https://reader036.vdocuments.net/reader036/viewer/2022070501/56816931550346895de07fd2/html5/thumbnails/8.jpg)
8
Worms• Worms are much like viruses
except they self-replicate whereas a virus does not
• With worms, the user doesn’t need to access and execute the malware
• Worms take advantage of backdoors and security holes in operating systems and applications– They look for other systems on the
network or through the Internet that are running the same applications and replicate to those other systems
![Page 9: Computer Systems Security Part I](https://reader036.vdocuments.net/reader036/viewer/2022070501/56816931550346895de07fd2/html5/thumbnails/9.jpg)
9
Trojan Horses
![Page 10: Computer Systems Security Part I](https://reader036.vdocuments.net/reader036/viewer/2022070501/56816931550346895de07fd2/html5/thumbnails/10.jpg)
10
• Trojan horses, or simply Trojans, appear to perform wanted functions but are actually performing malicious functions behind the scenes
• These are not technically viruses and can easily be downloaded without noticing them
![Page 11: Computer Systems Security Part I](https://reader036.vdocuments.net/reader036/viewer/2022070501/56816931550346895de07fd2/html5/thumbnails/11.jpg)
11
• Remote access Trojans (RATs) are the most common type of Trojan (ex: Back Orifice or NetBus)– their capability to allow an attacker
higher administration privileges than the owner
• When a target computer is controlled by an attacker, it could easily become a robot (or simply a bot), carrying out the plans of the attackers at their command
![Page 12: Computer Systems Security Part I](https://reader036.vdocuments.net/reader036/viewer/2022070501/56816931550346895de07fd2/html5/thumbnails/12.jpg)
12
Spyware• Spyware is a type of malicious software either
downloaded unwittingly from a website or installed along with some other third-party software
• Usually, this malware collects information about the user without the user’s consent.
• Spyware is also associated with advertising (those pop-ups that just won’t go away!) and could possibly change the computer configuration – Adware usually falls into the realm of spyware because it
pops up advertisements based on what it has learned from spying on the user
• Grayware is another general term that describes applications that are behaving improperly but without serious consequences– It is associated with spyware, adware, and joke programs
![Page 13: Computer Systems Security Part I](https://reader036.vdocuments.net/reader036/viewer/2022070501/56816931550346895de07fd2/html5/thumbnails/13.jpg)
13
Rootkits
• A rootkit is a type of software designed to gain administrator-level control over a computer system without being detected– The term is a combination of the words “root” (meaning
the root user in a UNIX/Linux system or administrator in a Windows system) and “kit” (meaning software kit)
– Usually, the purpose is to perform malicious operations on a target computer at a later date without the knowledge of the administrators or users of that computer
![Page 14: Computer Systems Security Part I](https://reader036.vdocuments.net/reader036/viewer/2022070501/56816931550346895de07fd2/html5/thumbnails/14.jpg)
14
• Rootkits are difficult to detect because they are activated before the operating system has fully booted
• A rootkit might install hidden files, processes, and hidden user accounts.
• Because rootkits can be installed in hardware or software, they can intercept data from network connections, keyboards, and so on
![Page 15: Computer Systems Security Part I](https://reader036.vdocuments.net/reader036/viewer/2022070501/56816931550346895de07fd2/html5/thumbnails/15.jpg)
15
• Rootkits can target the BIOS, boot loader, kernel, and more
• Example: Evil Maid
![Page 16: Computer Systems Security Part I](https://reader036.vdocuments.net/reader036/viewer/2022070501/56816931550346895de07fd2/html5/thumbnails/16.jpg)
16
Spam• Spam is the abuse of electronic
messaging systems such as e-mail, broadcast media, instant messaging, and so on
• Spammers send unsolicited bulk messages indiscriminately, usually without benefit to the actual spammer, because the majority of spam is either deflected or ignored
• The bulk of network-based viruses are transferred through spam e-mails
![Page 17: Computer Systems Security Part I](https://reader036.vdocuments.net/reader036/viewer/2022070501/56816931550346895de07fd2/html5/thumbnails/17.jpg)
17
Summary of Malware Threats
![Page 18: Computer Systems Security Part I](https://reader036.vdocuments.net/reader036/viewer/2022070501/56816931550346895de07fd2/html5/thumbnails/18.jpg)
18
WAYS TO DELIVER MALICIOUS SOFTWARE
![Page 19: Computer Systems Security Part I](https://reader036.vdocuments.net/reader036/viewer/2022070501/56816931550346895de07fd2/html5/thumbnails/19.jpg)
19
• Malware is not sentient (...not yet) and can’t just appear out of thin air
• it needs to be transported and delivered to a computer or installed on a computer system in some manner
![Page 20: Computer Systems Security Part I](https://reader036.vdocuments.net/reader036/viewer/2022070501/56816931550346895de07fd2/html5/thumbnails/20.jpg)
20
Malware transportation– Direct physical access– Via Software, Messaging, and Media– Active Interception– Privilege Escalation– Backdoors– Logic Bombs– Botnets and Zombies
![Page 21: Computer Systems Security Part I](https://reader036.vdocuments.net/reader036/viewer/2022070501/56816931550346895de07fd2/html5/thumbnails/21.jpg)
21 Direct physical access
![Page 22: Computer Systems Security Part I](https://reader036.vdocuments.net/reader036/viewer/2022070501/56816931550346895de07fd2/html5/thumbnails/22.jpg)
22 Via Software, Messaging, and Media
![Page 23: Computer Systems Security Part I](https://reader036.vdocuments.net/reader036/viewer/2022070501/56816931550346895de07fd2/html5/thumbnails/23.jpg)
23 Active Interception (inception)
![Page 24: Computer Systems Security Part I](https://reader036.vdocuments.net/reader036/viewer/2022070501/56816931550346895de07fd2/html5/thumbnails/24.jpg)
24 Privilege Escalation
the act of exploiting a bug or design flaw in a software or firmware application to gain access to resources that normally would’ve been protected from an application or user
![Page 25: Computer Systems Security Part I](https://reader036.vdocuments.net/reader036/viewer/2022070501/56816931550346895de07fd2/html5/thumbnails/25.jpg)
25 Backdoors
Backdoors are used in computer programs to bypass normal authentication andother security mechanisms in placeOriginally, backdoors were used by developers as a legitimate way of accessing an application, but soon after they were implemented by attackers who would use backdoors to make changes to operating systems, websites, and network devicesQuite often, it is installed via a Trojan horse
Example: Back Orifice (completely new application that would act as a backdoor), which enables a user to control a Windows computer from a remote location.
![Page 26: Computer Systems Security Part I](https://reader036.vdocuments.net/reader036/viewer/2022070501/56816931550346895de07fd2/html5/thumbnails/26.jpg)
26 Logic Bombs
Logic bombs are code that has, in some way, been inserted into software to initiate one of many types of malicious functions when specific criteria are met
malware
malware delivery system
![Page 27: Computer Systems Security Part I](https://reader036.vdocuments.net/reader036/viewer/2022070501/56816931550346895de07fd2/html5/thumbnails/27.jpg)
27 Botnets and Zombies
malware can be distributed throughout the Internet by a group of compromised computers known as a botnet (controlled by a master computer (where the attacker resides))The individual compromised computers in the botnet are called zombies
Leads to distributed
denial of service (DDoS)
![Page 28: Computer Systems Security Part I](https://reader036.vdocuments.net/reader036/viewer/2022070501/56816931550346895de07fd2/html5/thumbnails/28.jpg)
28
Columbo is an American detective mystery television film series, starring Peter Falk as Columbo, a homicide detective with the LAPD (wikipedia)