© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Fundamentals of Information Systems Security Lesson 11 Malicious Code and Activity
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Fundamentals of Information
Systems Security
Lesson 11
Malicious Code and Activity
Page 2Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 2Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Learning Objective(s)
Describe how malicious attacks, threats,
and vulnerabilities impact an IT
infrastructure.
Page 3Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 3Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Key Concepts
The impact of malicious code and malware on
systems and organizations
Attackers, hackers, and social engineers
The phases of a computer attack
Tools and techniques to detect and prevent
attacks
Page 4Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 4Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Malicious Code and Activity
Malicious software (malware)
• Any program that carries out actions that you do
not intend
Malicious code attacks all three information
security properties:
• Confidentiality: Malware can disclose your
organization’s private information
• Integrity: Malware can modify database records,
either immediately or over a period of time
• Availability: Malware can erase or overwrite files or
inflict considerable damage to storage media
Page 5Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 5Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Characteristics, Architecture, and
Operations of Malicious Software
An attacker gains administrative control of a
system and uses commands to inflict harm
An attacker sends commands directly to a
system; the system interprets and executes them
An attacker uses software programs that harm a
system or that make the data unusable
An attacker uses legitimate remote administration
tools and security probes to identify and exploit
security vulnerabilities on a network
Page 6Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 6Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
The Main Types of Malware
Viruses
Spam
Worms
Trojan horses
Logic bombs
Active content
vulnerabilities
Malicious add-
ons
Injection
Botnets
Denial of
service attacks
Spyware
Adware
Phishing
Keystroke
loggers
Hoaxes and
myths
Homepage
hijacking
Webpage
defacements
Page 7Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 7Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Viruses
• Target computer hardware and software startup functions
System infectors
• Attack and modify executable programs (COM, EXE, SYS, and DLL files in Microsoft Windows)
File infectors
• (Also called macro infectors) Attack document files containing embedded macro programming capabilities
Data infectors
Page 8Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 8Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Typical Life Cycle of a Computer
Virus
Page 9Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 9Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
How a System Infector Virus Works
Page 10Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 10Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
How a File Infector Virus Works
Page 11Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 11Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
How a Macro Virus Works
Page 12Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 12Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Other Virus Classifications
Polymorphic viruses
Stealth viruses
Slow viruses
Retro viruses
Cross-platform viruses
Multipartite viruses
Page 13Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 13Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
How a Stealth Virus Works
Page 14Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 14Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
How a Slow Virus Works
How a Retro Virus Works
Page 15Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 15Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
How a Multipartite Virus Works
Page 16Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 16Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Rootkits
Type of malware that modifies or replaces one or more existing programs to hide the fact that a computer has been compromised
Modify parts of the operating system to conceal traces of their presence
Provide attackers with access to compromised computers and easy access to launching additional attacks
Difficult to detect and remove
Page 17Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 17Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Ransomware
Attempts to generate funds directly from a computer user
Attacks a computer and limits the user’s ability to access the computer’s data
Encrypts important files or even the entire disk and makes them inaccessible
One of the first ransomware programs was Crypt0L0cker
Page 18Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 18Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Spam
Consumes computing resources bandwidth and CPU
time
Diverts IT personnel from activities more critical to
network security
Is a potential carrier of malicious code
Compromises intermediate systems to facilitate
remailing services
Opt-out (unsubscribe) features in spam messages
can represent a new form of reconnaissance attack to
acquire legitimate target addresses
Page 19Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 19Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Worms
Designed to propagate from one host
machine to another using the host’s own
network communications protocols
Unlike viruses, do not require a host
program to survive and replicate
The term “worm” stems from the fact that
worms are programs with segments,
working on different computers, all
communicating over a network
Page 20Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 20Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Worms (cont.)
Page 21Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 21Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Trojan Horses
Largest class of malware
Any program that masquerades as a useful program while hiding its malicious intent
Relies on social engineering to spread and operate
Spreads through email messages, website downloads, social networking sites, and automated distribution agents (bots)
Page 22Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 22Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Logic Bombs
Programs that execute a malicious
function of some kind when they detect certain conditions
Typically originate with organization insiders because people inside an
organization generally have more detailed knowledge
of the IT infrastructure than
outsiders
Page 23Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 23Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Active Content Vulnerabilities
Active content
• Refers to dynamic objects that do something when the user
opens a webpage (ActiveX, Java, JavaScript, VBScript,
macros, browser plugins, PDF files, and other scripting
languages)
• Has potential weaknesses that malware can exploit
Active content threats are considered mobile code
because these programs run on a wide variety of
computer platforms
Users download bits of mobile code, which gain access to
the hard disk and do things like fill up desktop with
infected file icons
Page 24Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 24Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Malicious Add-Ons
Add-ons are companion programs that extend the web browser; can decrease security
Malicious add-ons are browser add-ons that contain some type of malware that, once installed, perform malicious actions
Only install browser add-ons from sources you trust
Page 25Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 25Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Injection
Cross-site scripting (XSS)
SQL injection
LDAP injection
XML injection
Command injection
Page 26Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 26Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Botnets
Robotically controlled networks
Attackers infect vulnerable machines with agents
that perform various functions at the command of
the bot-herder or controller
Controllers communicate with other members of the
botnet using Internet Relay Chat (IRC) channels
Attackers can use botnets to distribute malware and
spam and to launch DoS attacks against
organizations or even countries
Page 27Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 27Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Denial of Service Attacks
Overwhelm a server or network segment to the point that the server or network becomes unusable
Crash a server or network device or create so much network congestion that authorized users cannot access network resources
Distributed denial of service (DDoS) attack uses intermediary hosts to conduct the attack
Page 28Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 28Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
SYN Flood
Attacker uses IP
spoofing to send
a large number
of packets
requesting
connections to
the victim
computer
Page 29Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 29Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Smurf Attack
Attackers direct forged Internet Control Message Protocol
(ICMP) echo request packets to IP broadcast addresses
from remote locations to generate DoS attacks
Page 30Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 30Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Spyware
Any unsolicited background process that installs itself on a user’s computer and collects information about the
user’s browsing habits and website activities
Affects privacy and confidentiality
Spyware cookies are cookies that share
information across sites
Some cookies are persistent and are stored
on a hard drive indefinitely without user permission
Page 31Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 31Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Adware
Triggers nuisances such as popup ads and banners when user visits certain
websites
Affects productivity and may combine
with active background
activities
Collects and tracks information about
application, website, and Internet activity
Page 32Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 32Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Phishing
Tricks users into providing logon information on what appears to be a legitimate website but is actually a website set up by an attacker to obtain this information
Spear-phishing
• Attacker supplies information about victim that appears to come from a legitimate company
Pharming
• The use of social engineering to obtain access credentials such as usernames and passwords
Page 33Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 33Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Keystroke Loggers
Capture keystrokes or user entries and
forwards information to attacker
Enable the attacker to capture logon
information, banking information, and other
sensitive data
Page 34Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 34Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Guidelines for Recognizing Hoaxes
Did a legitimate entity (computer security expert, vendor, etc.) send the alert?
Is there a request to forward the alert to others?
Are there detailed explanations or technical terminology in the alert?
Does the alert follow the generic format of a chain letter?
Page 35Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 35Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Homepage Hijacking
Exploiting a browser vulnerability to reset the homepage
Covertly installing a browser helper object (BHO) Trojan program
Page 36Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 36Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Webpage Defacements
Someone gaining unauthorized access to a
web server and altering the index page of a
site on the server
The attacker replaces the original pages on
the site with altered versions
Page 37Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 37Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
A Brief History of Malicious Code
Threats1970s and early 1980s academic research and UNIX
1980s: Early PC viruses
1990s: Early LAN viruses
Mid-1990s: Smart applications and the Internet
2000 to present
Page 38Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 38Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Threats to Business Organizations
Attacks against confidentiality and privacy
Attacks against data integrity
Attacks against availability of services and resources
Attacks against productivity and performance
Attacks that create legal liability
Attacks that damage reputation
Page 39Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 39Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Internal Threats from Employees:
Unsafe Computing PracticesExchange of untrusted disks or other media among systems
Installation of unauthorized, unregistered software
Unmonitored download of files from the Internet
Uncontrolled dissemination of email or other messaging application attachments
Page 40Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 40Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Anatomy of an Attack
Phases of an attack
Types of attacks
The purpose
of an attack
What motivates attackers
Page 41Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 41Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
What Motivates Attackers?
Money FamePolitical
beliefs or systems
Revenge
Page 42Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 42Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
The Purpose of an Attack
Denial of availability
Data modification
Data export
Launch point
Page 43Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 43Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Types of Attacks
Unstructured attacks
Structured attacks
Direct attacks
Indirect attacks
Page 44Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 44Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
How a Direct Attack Works
Page 45Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 45Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Phases of an Attack
Page 46Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 46Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Reconnaissance and Probing
Attacker collects all information to conduct
the attack
Tools include:
• DNS and ICMP tools within the TCP/IP
protocol suite
• Standard and customized SNMP tools
• Port scanners and port mappers
• Security probes
Page 47Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 47Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Access and Privilege Escalation
Gain administrative rights to the system
Establish the initial connection to a target host (typically a server platform)
Page 48Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 48Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Covering Traces of the Attack
Remove any traces of the attack
Remove files you may have created and restore as many files to their pre-
attack condition as possible
Remove log file entries that may provide evidence
of the attack
Page 49Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 49Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Attack Prevention Tools and
Techniques
Defense in depth
• The practice of layering defenses into
zones to increase the overall protection
level and provide more reaction time to
respond to incidents
- Application defenses
- Operating system defenses
- Network infrastructure defenses
Page 50Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 50Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Application Defenses
Implementing regular antivirus screening on all host
systems
Ensuring that virus definition files are up to date
Requiring scanning of all removable media
Installing personal firewall and IDS software on hosts
Deploying change detection software and integrity
checking software
Maintaining logs
Implementing email usage controls and ensuring that
email attachments are scanned
Page 51Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 51Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Operating System Defenses
Deploying change detection and integrity checking
software and maintaining logs
Deploying or enabling change detection and integrity
checking software on all servers
Ensuring that operating systems are consistent and
have been patched with the latest updates from
vendors
Ensuring that only trusted sources are used when
installing and upgrading OS code
Disabling unnecessary OS services and processes that
may pose a security vulnerability
Page 52Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 52Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Network Infrastructure Defenses
Creating chokepoints in the network
Using proxy services and bastion hosts to protect critical
services
Using content filtering at chokepoints to screen traffic
Ensuring that only trusted sources are used when
installing and upgrading OS code
Disabling any unnecessary network services and
processes that may pose a security vulnerability
Maintaining up-to-date IDS signature databases
Applying security patches to network devices to ensure
protection against new threats and reduce vulnerabilities
Page 53Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 53Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Safe Recovery Techniques and
PracticesStore OS and data file backup images on external media to ease recovering from potential malware
infection
Scan new and replacement media for malware before reinstalling software
Disable network access to systems during restore procedures or upgrades until you have re-enabled or
installed protection software or services
Page 54Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 54Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Implementing Effective Software
Best Practices
Adopt an acceptable use policy (AUP) for
network services and resources
Adopt standardized software to better
control patches and upgrades and to
ensure that you address vulnerabilities
Consider implementing an ISO/IEC 27002-
compliant security policy
Page 55Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 55Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Incident Detection Tools and
Techniques
Antivirus scanning software
Network monitors and analyzers
Content/context filtering and logging
software
Honeypots and honeynets
Page 56Fundamentals of Information Systems Security© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.Page 56Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Summary
The impact of malicious code and
malware on systems and organizations
Attackers, hackers, and social
engineers
The phases of a computer attack
Tools and techniques to detect and
prevent attacks