Operation Security Malicious Software

Содержание

Слайд 2

Understand the core of Operations Security (OPSEC)
Define & identify targets and threats
Establish

Understand the core of Operations Security (OPSEC) Define & identify targets and
countermeasures
Identify the Critical Information Commandments
Decipher the value of information

Objective

Слайд 3

What is Operation Security…?

Have you ever taken precautions against Someone…
…breaking into

What is Operation Security…? Have you ever taken precautions against Someone… …breaking
your house while you’re on vacation?
…stealing your purse?
…stealing packages from your car while your shopping?
…fraudulently using your credit card?
Then you have used OPSEC!

Слайд 4

OPSEC is a risk management instrument that enables a manager or commander

OPSEC is a risk management instrument that enables a manager or commander
to view an operation or activity from the perspective of an adversary. It is a process of identifying, analyzing and controlling critical information.

What is Operation Security …?

Слайд 5

Identify Critical Information
Analyze Threats
Discover Vulnerabilities
Assess Risks
Develop Countermeasures

What is Operation Security …?

Identify Critical Information Analyze Threats Discover Vulnerabilities Assess Risks Develop Countermeasures What is Operation Security …?

Слайд 6

Identify Critical Information:
Credit card numbers, travel dates, passwords, patterns, changes in patterns,

Identify Critical Information: Credit card numbers, travel dates, passwords, patterns, changes in
inspection results, information base systems, etc..
Analyze Threat:
Adversaries, Intelligence agencies – Open source information, corporate/state sponsored spies, eavesdropping, photographing, etc…

What is Operation Security …?

Слайд 7

Discover Vulnerabilities:
Flow of information, operations, timing of events, how an adversary would

Discover Vulnerabilities: Flow of information, operations, timing of events, how an adversary
acquire the information, etc…
How would the loss of such data impact the organization?
Assess Risks:
Estimated loss $ x impact of risk x likelihood of risk = $

What is Operation Security …?

Слайд 8

Develop Countermeasures:
are based on the vulnerabilities and inherent risks.

What is Operation Security

Develop Countermeasures: are based on the vulnerabilities and inherent risks. What is Operation Security …?
…?

Слайд 9

Viruses and Other Malicious Content

computer viruses have got a lot of publicity

Viruses and Other Malicious Content computer viruses have got a lot of

one of a family of malicious software
effects usually obvious
have figured in news reports, fiction, movies
getting more attention than deserve
are a concern though

Слайд 10

The Most Common Types Of Program To Be Infected by A Virus

exe
com
vbs

The Most Common Types Of Program To Be Infected by A Virus

Mp3
bin
script files
macros

Слайд 11

Malicious Software

Malicious Software

Слайд 12

Trapdoors

secret entry point into a program
allows those who know access bypassing usual

Trapdoors secret entry point into a program allows those who know access
security procedures
have been commonly used by developers
a threat when left in production programs allowing exploited by attackers
very hard to block in O/S
requires good s/w development & update

Слайд 13

Logic Bomb

one of oldest types of malicious software
code embedded in legitimate program
activated

Logic Bomb one of oldest types of malicious software code embedded in
when specified conditions met
eg presence/absence of some file
particular date/time
particular user
when triggered typically damage system
modify/delete files/disks

Слайд 14

Trojan Horse

program with hidden side-effects
which is usually superficially attractive
eg game, s/w

Trojan Horse program with hidden side-effects which is usually superficially attractive eg
upgrade etc
when run performs some additional tasks
allows attacker to indirectly gain access they do not have directly
often used to propagate a virus/worm or install a backdoor
or simply to destroy data

Слайд 15

Zombie

program which secretly takes over another networked computer
then uses it to indirectly

Zombie program which secretly takes over another networked computer then uses it
launch attacks
often used to launch distributed denial of service (DDoS) attacks
exploits known flaws in network systems

Слайд 16

Viruses

a piece of self-replicating code attached to some other code
propagates itself &

Viruses a piece of self-replicating code attached to some other code propagates
carries a payload
carries code to make copies of itself
as well as code to perform some covert task

Слайд 17

Virus Operation

virus phases:
dormant – waiting on trigger event
propagation – replicating to programs/disks
triggering

Virus Operation virus phases: dormant – waiting on trigger event propagation –
– by event to execute payload
execution – of payload

Слайд 18

Types of Viruses

- can classify on basis of how they attack
parasitic

Types of Viruses - can classify on basis of how they attack
virus
memory-resident virus
boot sector virus
stealth
polymorphic virus
macro virus

Слайд 19

Macro Virus

macro code attached to some data file
interpreted by program using

Macro Virus macro code attached to some data file interpreted by program
file
eg Word/Excel macros
esp. using auto command & command macros

Слайд 20

Email Virus

spread using email with attachment containing a macro virus
triggered when user

Email Virus spread using email with attachment containing a macro virus triggered
opens attachment
or worse even when mail viewed by using scripting features in mail agent
usually targeted at Microsoft Outlook mail agent & Word/Excel documents

Слайд 21

Worms

replicating but not infecting program
typically spreads over a network
using users

Worms replicating but not infecting program typically spreads over a network using
distributed privileges or by exploiting system vulnerabilities
widely used by hackers to create zombie PC's, subsequently used for further attacks, esp DoS
major issue is lack of security of permanently connected systems, esp PC's

Слайд 22

Worm Operation

worm phases like those of viruses:
dormant
propagation
search for other systems to infect
establish

Worm Operation worm phases like those of viruses: dormant propagation search for
connection to target remote system
replicate self onto remote system
triggering
execution

Слайд 23

Virus Countermeasures

viral attacks exploit lack of integrity control on systems
to defend

Virus Countermeasures viral attacks exploit lack of integrity control on systems to
need to add such controls
typically by one or more of:
prevention - block virus infection mechanism
detection - of viruses in infected system
reaction - restoring system to clean state

Слайд 24

Summary

have considered:
various malicious programs
trapdoor, logic bomb, trojan horse, zombie
viruses
worms
countermeasures

Summary have considered: various malicious programs trapdoor, logic bomb, trojan horse, zombie viruses worms countermeasures

Слайд 25

Public Key Cryptosystem

Essential steps of public key cryptosystem
Each end generates a pair

Public Key Cryptosystem Essential steps of public key cryptosystem Each end generates
of keys
One for encryption and one for decryption
Each system publishes one key, called public key, and the companion key is kept secret
It A wants to send message to B
Encrypt it using B’s public key
When B receives the encrypted message
It decrypt it using its own private key

Слайд 26

RSA (public key encryption)

Alice wants Bob to send her a message. She:

RSA (public key encryption) Alice wants Bob to send her a message.

selects two (large) primes p, q, TOP SECRET,
computes n = pq and φ(n) = (p-1)(q-1), φ(n) also TOP SECRET,
selects an integer e, 1 < e < φ(n), such that gcd(e, φ(n)) = 1,
computes d, such that de ≡ 1 (mod φ(n)), d also TOP SECRET,
gives public key (e, n), keeps private key (d, p, q).

Слайд 27

RSA Example

Select primes: p=17 & q=11
Compute n = pq =17×11=187
Compute φ(n)=(p–1)(q-1)=16×10=160
Select e

RSA Example Select primes: p=17 & q=11 Compute n = pq =17×11=187
: gcd(e,160)=1; choose e=7
Determine d: de=1 mod 160 and d < 160 Value is d=23 since 23×7=161= 10×160+1
Publish public key KU={7,187}
Keep secret private key KR={23,17,11}

Слайд 28

RSA Example cont

sample RSA encryption/decryption is:
given message M = 88 (nb.

RSA Example cont sample RSA encryption/decryption is: given message M = 88
88<187)
encryption:
C = 887 mod 187 = 11
decryption:
M = 1123 mod 187 = 88
Имя файла: Operation-Security-Malicious-Software.pptx
Количество просмотров: 192
Количество скачиваний: 0