Department of Communication and Operating Systems

Computer and Network Security |

Lecturer : M.Younis Popal

Contact : [email protected]

Sunday, July 29, 2018 Lec02 ( Basic Security Concept)

1
2
Content

 Review Vulnerability
 Malware
 Virus
 Worm
 Trojan
 Malicious activity
 Backdoor
 Logic boom

2
3
Introduction

Threats
 A threat, in the context of computer security, refers to anything that has the potential to
cause serious harm to a computer system.
 A threat is something that may or may not happen, but has the potential to cause serious
damage
 Threats can lead to attacks on computer systems, networks and more.

Vulnerability
 Vulnerability is a cyber-security term that refers to a flaw in a system that can leave it open
to attack.
 A vulnerability may also refer to any type of weakness in a computer system itself, in a set
of procedures, or in anything that leaves information security exposed to a threat.

3
4
Network Attacks

 An attack is a specific technique used to exploit a vulnerability.

 There are two general categories of attacks.
 Passive
 Passive attacks are very difficult to detect, because there is no overt activity that can
be monitored or detected.
 Example: packet sniffing or traffic analysis.
 Active
 Employ more overt actions on the network or system
 They can be easier to detect, As a result, they can be easier to detect, but at the same
time they can be much more devastating to a network.
 Example
 Denial of Service (DoS) attack
 Man-In-The-Middle (MITM) attack
 DNS poisoning
 SQL Injection Attacks
4
5
Threat | Vulnerability | Attacks

 Attack : is ping of death

 Threat: is the denial of service
 Vulnerability : is related to ICMP Protocol
 Command: ping –t –l 65000 target (Windows)
 Command: ping –l 65000 target (linux)

5
6
Malware (Malicious Software)

Software designed and written to::

 Annoy computer users
 Steal information from a computer
 Spy on a computer user
 Gain control of a computer
 Destroy or corrupt information or computer software
 Categorized by type (how the malware spreads) and by the malicious activity performed

6
7
Virus

A computer virus is a type of malicious software that, when executed, replicates itself by
modifying other programs and inserting its own code. When this replication succeeds, the affected
areas are then said to be "infected" with a computer virus.

7
8
Known Viruses

 CryptoLocker
 Released in September 2013
 CryptoLocker spread through email attachments and encrypted the user’s files so that they
couldn’t access them.
 Storm Worm
 Storm Worm was a particularly vicious virus that made the rounds in 2006
 Sasser
 Infected more than 1 million computers
 Shut down satellite communications for some French news agencies
 Impacted government offices

8
9
How Do You Get Infected?

 Email attachment
 Malicious website or link
 Downloaded or shared program, media, or Document file

9
10
Assignment #1

Create a virus to eat your system space (Windows & Linux) and
run whenever your system is started

Note: no need for documentation but have it in you computer I will evaluate next session

10
11
Worm

 A worm is a self-contained and independent program that is usually designed to propagate or

spawn itself on infected systems and to seek other systems via available networks.
 The main difference between a virus and a worm is that a virus is not an independent program
 One of the first and perhaps the most famous worms was the Internet Worm created and released
by Robert Morris In 1986
 The worm was designed to simply reproduce and infect other systems

11
12
Trojans

 A Trojan horse is a program or code fragment that hides inside a program and performs a
disguised function.
 A Trojan horse program hides within another program or disguises itself as a legitimate program.
 This can be accomplished by modifying the existing program or by simply replacing the
existing program with a new one.
 The Trojan horse program functions much the same way as the legitimate program, but usually it
also performs some other function, such as recording sensitive information or providing a trap
door
 Example: password grabber program

12
13
Malicious Activity

 Many different kinds of malicious activity

 Some malware simply destroys information while others allow the attacker access to information
 Backdoor/trapdoor
 Logic/Time bomb
 Keylogger
 Spyware

13
14
Backdoor (Trapdoor)

 “A ‘back door’ is an entry point into a program that the programmer leaves himself in order to
gain quick access without having to go through all the normal, built-in security checks.
Or!
 A back door is generally considered to be a program that has been placed on a computer that
allows a remote user to gain and maintain complete administrative control
 Example mentioned in book (Fundamental Network Security)

14
15
Logic Boom (Time Boom)

 A logic bomb is a program or subsection of a program designed with malevolent intent.

 It is referred to as a logic bomb, because the program is triggered when certain logical conditions
are met.
 This type of attack is almost always perpetrated by an insider with privileged access to the
network.
 Example mentioned in book (Fundamental Network Security)

15
16
Keylogger

 “Keyloggers are applications that monitor a user’s keystrokes and then send this information back
to the malicious user.
 This can happen via email or to a malicious user’s server somewhere on the Internet.
 A keylogger recorder can record instant messages, e-mail, and any information you type at any
time using your keyboard
 Following are list of keylogger tools:
 Actual keylogger
 Free keylogger
 Refog free keylogger
 Revealer Keylogger Free

16
17
Other Uses For Keyloggers

 System Administrators
 Keylogger will help you to find out what took place on the system in your absence
 Office Managers
 Monitor actions performed by your employees in the office hours on the Laptop
or Desktop PCs.
 Parental Monitoring
 Using parental control software you will be able to find out what your children
surf on the net and kind of website logged by them.
 Personal User
 Internet cafe

17
18
Question

18
19
Next

Next Session

Network Scanning & Network Attacks

19