Cisco Academy Chapter 2: Attacks, Concepts, and Techniques PDF

CHAPTER 2 ATTACKS, CONCEPTS AND TECHNIQUES CISCO ACADEMY FINDING SECURITY VULNERABILITIES Security vulnerabilities are any kind of software or hardware defect. After gaining knowledge of a vulnerability, malicious users attempt to exploit it. An exploit is the term used to describe a program written to take advantage of a known vulnerability. The act of using an exploit against a vulnerability is referred to as an attack. SOFTWARE VULNERABILITIES Software vulnerabilities are usually introduced by errors in the operating system or application code. Microsoft, Apple, and other operating systems release patches and updates almost every day. SOFTWARE VULNERABILITIES In 2015, a major vulnerability, called SYNful Knock, was discovered in Cisco IOS. allowed attackers to gain control of routers. could monitor all network communication and had the ability to infect other network devices. This vulnerability showed up when a new version of IOS was installed. To avoid this, always verify the integrity of the downloaded IOS image (copy) and limit the physical access of the equipment to authorized personnel only. SOFTWARE VULNERABILITIES The goal of software updates is to stay current and avoid exploitation of vulnerabilities. Some companies have security researchers also specialize in finding vulnerabilities in software. Google’s Project Zero is a great example of such practice. Google formed a permanent team dedicated to finding software vulnerabilities. Google Security Research can be found here. HARDWARE VULNERABILITIES Hardware vulnerabilities are often introduced by hardware design flaws. RAM memory for example, it has capacitors installed very close to one another. Changes applied to one of these capacitors could influence neighbor capacitors. Based on that design flaw, an exploit called Rowhammer was created. Hardware vulnerabilities are specific to device models Hardware exploits are more common in highly targeted attacks CATEGORIZING SECURITY VULNERABILITIES Software security vulnerabilities categories: 1- Buffer overflow This vulnerability occurs when data is written beyond the limits of a buffer. Buffers are memory areas allocated to an application. By changing data beyond the boundaries of a buffer, the application accesses memory allocated to other processes. This can lead to a system crash, data compromise, or provide escalation of privileges. CATEGORIZING SECURITY VULNERABILITIES 2- Non-validated input Programs often work with data input. This data coming into the program could have malicious content Consider a program that receives an image for processing. A malicious user could craft an image file with invalid image dimensions. The maliciously crafted dimensions could force the program to allocate buffers of incorrect and unexpected sizes. CATEGORIZING SECURITY VULNERABILITIES 3- Race conditions This vulnerability is when the output of an event depends on ordered or timed outputs. It occurs when the required ordered or timed events do not occur in the correct order or proper timing. CATEGORIZING SECURITY VULNERABILITIES 4- Weaknesses in security practices Do not attempt to create your own security algorithms because it will likely introduce vulnerabilities. Use security libraries that have already created, tested, and verified. CATEGORIZING SECURITY VULNERABILITIES 5- Access-control problems Manage physical access to equipment Dictates who has access to a resource For example, no matter what you set a file’s permissions to, the operating system cannot prevent reading the data directly off the disk. To protect the machine and the data it contains, physical access must be restricted and encryption techniques must be used to protect data. TYPES OF MALWARE Short for Malicious Software Malware is any code that can be used to steal data, bypass access controls, or cause harm to, or compromise a system. Below are a few common types of malware: 1- Spyware 2- Adware TYPES OF MALWARE 3- Bot From the word robot. Malicious bots are botnets. Bots quietly wait for commands provided by the attacker. Usually performs when it is online TYPES OF MALWARE 4- Ransomware Hold a computer system or the data captive until a payment is made. Works by encrypting data in the computer with a key unknown to the user. Sometimes it can take advantage of a system vulnerability to lock down the system. It is spread by a downloaded file or some software vulnerability. TYPES OF MALWARE 5- Scareware Persuade the user to take a specific action based on fear. Forges pop-up windows that resemble operating system dialogue windows and messages. These messages state that the system is at risk and needs a specific program to return to normal operation. If the user agrees, his or her system will be infected with malware. TYPES OF MALWARE 6- Rootkits Create a backdoor. Give access to the attackers to the computer remotely. Take advantage of software vulnerabilities. It modifies a system forensics and monitoring tools making them very hard to detect. A computer infected by a rootkit must be wiped and reinstalled. TYPES OF MALWARE 7- Virus Attached to other executable files Require end-user activation and/ or can activate at a specific time or date. They can be harmless or they can be destructive Viruses can also be programmed to mutate to avoid detection. spread by USB drives, optical disks, network shares, or email. TYPES OF MALWARE 8- Trojan horse A disguised malware Trojans are found in image files, audio files or games. It binds itself to non-executable files. TYPES OF MALWARE 9- Worms Replicate themselves. Slow down networks. Can run by themselves. They spread very quickly over the network. Responsible for some of the most devastating attacks on the Internet. TYPES OF MALWARE 10- Man-In-The-Middle (MitM) Take control over a device without the user’s knowledge. attacker can capture user information before relaying it to its intended destination. MitM attacks are widely used to steal financial information. Many malware and techniques exist to provide attackers with MitM capabilities. TYPES OF MALWARE 11- Man-In-The-Mobile (MitMo) A variation of man-in-middle, Take control over a mobile device. When infected, the mobile device can be instructed to exfiltrate user-sensitive information and send it to the attackers. ZeuS, an example, allows attackers quietly to capture 2-step verification SMS messages sent to users. SYMPTOMS OF MALWARE Increase in CPU usage. Decrease in computer speed. The computer freezes or crashes often. There is a decrease in Web browsing speed. There are unexplainable problems with network connections. Files are modified. Files are deleted. There is a presence of unknown files, programs, or desktop icons. There are unknown processes running. Programs are turning off or reconfiguring themselves. Email is being sent without the user’s knowledge or consent.

Cisco Academy Chapter 2: Attacks, Concepts, and Techniques PDF

Document Details

Tags

Related

Summary

Full Transcript