Computer Security: Threats and Attacks

Questions and Answers

Which of the following best describes a computer security threat?

• A software designed to steal personal information
• The act of gaining unauthorized access to a system
• A potential violation of security that poses a danger to computer security/privacy (correct)
• An action that always results in a security breach

A violation must actually occur for there to be a computer security threat.

False (B)

What term describes individuals who execute actions that cause a security violation, or cause such actions to be executed?

attackers

Unathorized access to information is also called ______ or interception.

snooping

Match the following security threats with their corresponding descriptions:

Disclosure = Unauthorized access to information Deception = Acceptance of false data Disruption = Interruption or prevention of correct operation Usurpation = Unauthorized control of part of a system

Which category of security threats includes modification, spoofing, and repudiation of origin?

Deception (B)

An attack can only threaten the confidentiality of information.

False (B)

What is the security goal that is threatened by denial of service attacks?

availability

______ refers to gaining information by monitoring traffic.

traffic analysis

Match the following security attacks with the security goal they threaten:

Snooping = Confidentiality Modification = Integrity Denial of service = Availability

Which of the following is a key difference between passive and active attacks?

Passive attacks do not affect system resources while active attacks do. (D)

Passive attacks are easy to detect, but difficult to prevent.

False (B)

What is the goal of a 'release of message contents' attack, and what broader category does it fall under?

To prevent an opponent from learning the contents of transmissions, passive attack

Pretending to be a different user or entity is called ______.

masquerade

Match each active attack category to its corresponding description:

Spoofing = Falsifying data to impersonate another entity Modification = Unauthorized alteration of information Delay = Temporarily inhibiting a service Denial of Service = Overwhelming resources to prevent legitimate access

Which type of attack involves making resources unavailable to legitimate traffic by overwhelming the system with bogus traffic?

Denial of Service (B)

Active attacks are difficult to detect but easyto prevent.

False (B)

What security principle is most directly compromised by masquerading?

authenticity

A form of modification where data moving across a network is altered is known as active ______.

wiretapping

Match the following active attacks with the security goal they primarily target:

Modification = Integrity Denial of Service = Availability Spoofing = Authenticity

Which of the following activities is considered a physical attack?

Stealing a company laptop (B)

Hacking always involves malicious intent.

False (B)

What general term is used for software that has a malicious purpose?

malware

A skilled computer expert who uses technical knowledge to overcome a problem is known as a(n) ______.

hacker

Match the different types of hackers with their descriptions:

Ethical Hacker (White hat) = Gains access to systems to fix identified weaknesses Cracker (Black hat) = Gains unauthorized access for personal gain or malicious purposes Grey hat = Breaks into systems to identify weaknesses, then reveals them to the system owner

Which of the following best describes the function of a computer virus?

A program fragment that replicates and hides itself inside other programs. (D)

A Trojan horse replicates and spreads by itself, like a virus.

False (B)

What type of malware is defined as software that spies on what you do on your computer?

spyware

A piece of spyware that downloads to your PC when you visit certain websites and saturates your machine with unwanted ads is called ______.

adware

Match the following types of malware with their respective descriptions:

Virus = Replicates and hides itself inside other programs Worm = Independent program that reproduces by copying itself Trojan Horse = Appears benign but may contain hidden malware Spyware = Spies on user activity

Which of the following mechanisms describes how a virus initially spreads (infection)?

Writing on the boot sector or scanning for network connections (D)

The term 'virulent' refers to how difficult it is to remove a virus once it has infected a system.

False (B)

What is the term for the action a virus performs once it has infected a system (e.g., deleting files)?

payload

Generic anti-virus solutions use ______ checking, while virus-specific solutions look for known viruses.

integrity

Match each type of anti-virus countermeasure with its corresponding function:

Scanners = Look for a signature that matches a known virus Activity monitors = Track behavior consistent with virus activity Change detection software = Detect unauthorized modifications

Which function is not performed by anti-virus software?

Encryption of sensitive data (B)

Committing Internet fraud requires the same level of technical expertise as hacking or virus creation.

False (B)

What is the name for sending an unsolicited email promising a large sum of money with minimal investment?

scam

______ is when one person takes on the identity of another.

identity theft

Match the internet fraud with their descriptions:

Scam = Sending out an email that suggests that you can make an outrageous sum of money with a very minimal investment Identity theft = For one person to take on the identity of another Phishing = Trying to induce the target to provide you with personal information

Flashcards

What is a Threat?

A potential violation of security that poses a danger to computer security or privacy.

What are Attacks?

An action that could cause a violation to occur; guarded against or prepared for.

Who are Attackers?

Individuals who execute threats or cause them to be executed.

What is Disclosure?

Unauthorized access to information.

What is Snooping?

Interception of information.

What is Deception?

Acceptance of false data.

What is Modification?

Unauthorized change of information.

What is Disruption?

Interruption or prevention of correct operation.

What defines an Attack?

An attempt to obtain, alter, destroy, remove, or reveal information without authorization.

What does Snooping Threaten?

Threatens confidentiality, such as snooping.

What is Traffic Analysis?

Obtaining information by monitoring online traffic.

What is Modification?

Intercepting a message and changing it.

What is Masquerading/Spoofing?

When an attacker impersonates someone else.

What is Replaying?

Attacker replays a copy of a message sent by a user.

What is Repudiation?

Sender denies sending a message; receiver denies receiving it.

What is DOS?

A very common attack that slows down or interrupts a system's service.

What is Passive Attack?

Attempts to learn or make use of information without affecting system resources.

What is Active Attack?

Attempts to alter system resources or affect their operation.

What is Traffic Analysis?

Determining communicating hosts' location and observing message frequency/length.

What is Spoofing/Masquerading?

Also called fabrication. It is an attack on authenticity.

What is Modification/Alteration?

Attack on integrity, which is an unauthorized change of information.

What is delay?

Attack on availability, causing a temporary inhibition of service

What is DOS (Denial of Service)

Attack on availability; resources are made unavailable to legitimate traffic by overwhelming with bogus traffic.

What is a Hacker?

Any skilled computer expert that uses their technical knowledge to overcome a problem.

Who is a Cracker?

A hacker who gains unauthorized access to a computer system for personal gain.

Who is a Grey Hat?

A hacker with both ethical and unethical qualities; breaks into systems without authority and reveals weaknesses.

What is Malware?

Generic term for software that has malicious purpose

What is Hacking?

Attempt to intrude or gain unauthorized access to a system via some operating system flaw or other means.

What is a Virus?

A program fragment that replicates and hides itself inside other programs.

What is a Worm?

An independent program that reproduces by copying itself from one computer to another, through networks.

What is a Trojan Horse?

Appearing to be benign, it secretly downloads a virus or malware.

What is Spyware?

Software that spies on computer activity

What is Adware?

Spyware that Causes no direct harm, but is annoying as it saturates a machine with ads.

What is a Logic Bomb?

Software that lays dormant until a specific condition is met, then performs some malicious action.

What is a Bacteria/Rabbit?

A program that absorbs all of some class of resource.

What is a Nonvirus Virus/Hoax?

Spreading false alert about a virus to get people to send or delete safe file.

What is infection step in virus?

First, the virus should search for and detect objects to infect.

What are Trigger Mechanisms?

Date, number of infections, or First use.

Effects (Payload)?

Displaying a message and deleting files.

Study Notes

Computer Security Threats and Attacks

• A threat is a potential violation of security, posing a danger to computer security or privacy through a person, act, or object.
• Actions taken to cause a violation are called attacks, and those who execute them are attackers.

Types of Threats

• Disclosure involves unauthorized access to information, sometimes called snooping or interception.
• Deception involves acceptance of false data through modification, spoofing, repudiation of origin, or denial of receipt.
• Disruption involves interruption or prevention of correct operation.
• Usurpation involves unauthorized control of a system part.

Attacks

• An attack is a security threat aimed at obtaining, altering, destroying, removing, implanting, or revealing information without permission, affecting individuals and organizations.
• Security attacks can threaten goals such as confidentiality, integrity, availability, and authentication.
• Taxonomy of attacks relative to security goals:
  • Snooping and traffic analysis threaten confidentiality.
  • Modification, masquerading, replaying, and repudiation threaten integrity.
  • Denial of service threatens availability.
• Snooping is unauthorized data access, while traffic analysis obtains information by monitoring online traffic.
• Modification involves intercepting and changing messages, whereas masquerading or spoofing impersonates someone else.
• Replaying reuses a captured message, and repudiation involves message senders or receivers denying having sent or received a message.
• Denial of Service (DoS) attacks are common and can slow down or interrupt a system's service.

Types of Attacks: Passive vs. Active

• Categorization involves classifying attacks as either passive or active.
• Passive attacks aim to learn or use information without affecting system resources.
• There are two types of passive attacks: release of message contents (sniffing) and traffic analysis.
• Release of message contents involves an opponent learning the contents of transmissions, also known as interception.
• Traffic analysis determines the location, identity, frequency, and length of exchanged messages.

Active Attacks

• An active attack alters system resources or operations, involving online actions where the intruder controls transmitted data.
• The attacker can modify, extend, delete, or replay data, masquerade as a different entity, modify messages in transit, add or delete messages, or cause a denial of service.
• Categories of active attacks:
  • Spoofing or masquerading (fabrication) attacks authenticity.
  • Modification or alteration attacks integrity.
  • Delay affects availability.
  • Denial of Service (DoS) degrades or interrupts service, affecting availability.
• Spoofing or Masquerading:
  • Involves impersonation by falsifying data to gain illegitimate advantage.
  • It lures a victim into believing they communicate with a different entity.
• Modification or Alteration:
  • It consists if an unauthorized change of information
  • Encompasses deception, disruption, and usurpation if modified data is relied upon or controls system operation.
  • Active wiretapping alters network data.

Types of Active Attacks

• Delay:
  • Involves a temporary inhibition of a service.
  • Can be a form of usurpation.
  • Attackers manipulate system control structures to delay message delivery.
• Denial of Service (DOS):
  • Attackers overwhelm resources, making them unavailable to legitimate traffic.
  • This includes blocking legitimate user access.
  • It's considered a form of usurpation.

Summary of Attacks by Category

• Snooping, traffic analysis, and message content release are passive attacks, threatening confidentiality.
• Modification, masquerading, replaying, and repudiation are active attacks, threatening integrity.
• Denial of Service and delay are active attacks, threatening availability.

Types of Threats/Attacks

• Physical attacks involve stealing, breaking, or damaging computing devices.
• Denial of Service (DoS) attacks.
• Malware attacks are a generic term for software with malicious purposes.
• Hacking (intrusion) attacks are attempts gaining unauthorized system access, possibly malicious.
• Hackers:
  • They are skilled computer experts.
  • They gain unauthorized access to computers -There are three types:
    • Ethical hackers (White hat): They gain access to fix weaknesses, perform testing, and assess vulnerabilities.
    • Cracker (black hat): They gain unauthorized access for personal gain, often stealing data.
    • Grey hat (both): They break into systems without authority to identify and reveal weaknesses to the owner.

Malware Attacks

• Examples are viruses, worms, Trojan horses, spyware, and logic bombs.
• Virus:
  • Replicates itself inside other programs, usually without knowledge.
  • Similar to a biological, and spreads on its own.
  • Varies damage depending on the intention of the writer.
• Worm:
  • It is an independent program that duplicates itself across computers, usually on networks.
  • Classified has virus or worms.
  • It can creates of denial of service.
• Trojan Horse:
  • Is benign appearing software that downloads a virus or malware.

More Malware Attacks

• Spyware: It spies on computer activity.
  • Tracking cookies save data, which allows tracking Internet browser history.
  • Keyloggers record keystrokes to capture usernames and passwords.
  • Legal uses of spyware involve employer monitoring of employee tech use, parental monitoring of home computers and protecting children from online predators.
• Adware: Downloads to PCs when visiting websites.
  • It causes no harm to files or gathers sensitive information from a PC, but saturates with adds.
  • Counter exploitation website (www.cexx.org) provides a list of spyware and how to remove it.
  • The Spyware Guide ((www.spywareguide.com) lists spyware that can be gotten from the Internet.

How Malware Attack Affects you

• Logic bomb lays dormant until a specific condition is met, and performs a malicious act like deleting files.
• Bacterium or Rabbit.
  • Absorbs all of some class of resource
• Nonvirus or a hoax.
  • Perpetrators send an email, and instructs people to delete some file when it is really a virus.
• Software attacks viruses/worms:
  • First, the Virus should search for and detect objects to infect.

How to Deal with Infections

• Installation into the infectable object:
  • Writing on the boots sector
  • Scan computer or connections for connections

Effects:

• Virus Term virulent mean to spread rapidly or infects new targets.
• General infection process:
  • Read your email ad nauseum
  • Add some for all executable or auto-executable programs
  • Write a macro on all programs
  • Includes triggering mechanisms like dates, number of infections, or first use.
  • Payloads can do anything a legitimate program can, including displaying messages, deleting files, formatting the hard disk, overloading memory or changing system settings.
• Virus Writers: Adolescents. -Ethically average w/ above intelligence
  • College Students not normal and express writing viruses as not “wrong” -- Adult Virus creators: Ethically writing virus software.
• Three Methods for virus prevention are scanners activity monitoring and change detection

Anti-Virus

• Generic integrity checking and virus specific solutions are available for most computer systems.
  • Scanner checks matching signatures activity monitors if a program is behaving in a consistent way, and change detection software Three categories

Preventing Virus Infection

• Identification of known viruses, detections of viruses being used
• If the virus is blocked/ deleted this means it has been disinfected.
• For additional safety the object can be overridden of rewritten completely.
• Use a virus scanner.
• Do not open un known emails from unknown people
• Do not click "Security Alerts" as Microsoft does nit send out these

Internet Fraud

• Internet fraud does not require technical experience, and takes 3 forms.
• The amount of commerce online allows endless possibilities form scammers

Scams

• This includes outrageous sums of money with minimal investment
• Sending email that suggest that one can make an outrageous sum of money with a minimal investment.

Identity Theft

• One person takes the others identity.
• Attempt is usually to make purchases otherwise its obtaining credit cards and getting credit in another person's name.
• Phishing is one of the most common ways of identity theft, by getting others to provide you with personal information.
• An example is sending an email from the bank, where they must verify account from clicking a link, but the link is a set up by the attacker.