Securing Computers27 PDF
Document Details
Uploaded by SeasonedJoy1900
Kennesaw State University
Tags
Summary
This document analyzes various computer security threats and vulnerabilities, covering topics such as malicious actors, unauthorized access, and social engineering. It also discusses data destruction, administrative access risks, and physical theft. It includes different computer security techniques.
Full Transcript
Securing Computers27 **Analyzing Threats and Vulnerabilities** Understanding the various threats to data and computer systems is crucial for effective safeguarding. 1\. **Malicious Actors** Definition: Individuals or entities with malicious intent exploiting vulnerabilities. **Examples:** -...
Securing Computers27 **Analyzing Threats and Vulnerabilities** Understanding the various threats to data and computer systems is crucial for effective safeguarding. 1\. **Malicious Actors** Definition: Individuals or entities with malicious intent exploiting vulnerabilities. **Examples:** - **External Hackers:** Unauthorized access from outside the organization. - **Internal Threats:** Disgruntled employees or contractors misusing access. - **Phishing Scams:** Deceptive emails to gain sensitive information. - **Zero-Day Exploits**. **2. Unauthorized Access** - **Methods:** - **Brute Force Attacks**. - **Credential Stuffing**: Reusing stolen credentials across services. **3. Social Engineering** - **Definition:** Manipulative tactics to obtain confidential information. - **Examples:** - **Pretexting:** Creating a false scenario to solicit information. - **Baiting:** Offering something enticing in exchange for information. 4\. **Insider Threats** - **Definition:** Risks posed by individuals with inside knowledge. - **Detection and Prevention:** - Implement behavior monitoring systems. - Ensure revocation of access upon employee separation. **5. Data Destruction** - **Nature:** Data loss can be accidental or intentional. - **Preventive Strategies:** - Perform regular backups. - Use data integrity tools (checksums, hashes) to detect changes. 6\. **Administrative Access** - **Risks: **Compromise of admin accounts can lead to significant control loss. **7. System Crashes/Hardware Failures** - **Impact:** Can cause data loss and system downtime. 8**. Physical Theft** 9\. **Malware** - **Definition:** Malicious software designed to exploit systems. - **Types:** - **Viruses:** Programs that replicate and infect files. - **Ransomware:** Encrypts data and demands ransom. **10. Spam** - **Definition:** Unsolicited emails potentially carrying threats. **Cyber Threats and Attack Techniques** **Zero-Day Attack** - **Definition:** A zero-day attack targets a vulnerability in software that is not yet known to the developers, allowing attackers to exploit it before a fix is developed. This term signifies that developers have had \"zero days\" to address the vulnerability**.** **Spoofing** - **Definition:** Spoofing involves falsifying identity information in data packets, making it appear as though the data is coming from a legitimate source. - **Common Types:** - **IP and MAC Address Spoofing:** Attackers may change their IP and MAC addresses to manipulate or bypass network security measures. - **Email Spoofing:** Altering the sender\'s email address to deceive recipients into trusting the message\'s authenticity. - **Web Address Spoofing:** Redirecting users to fraudulent websites that mimic legitimate sites, often to steal credentials. **On-Path Attack (Man-in-the-Middle)** - **Definition:** An on-path attack, often referred to as a man-in-the-middle attack, occurs when an attacker intercepts and potentially alters communications between two parties without their knowledge**.** - **Examples:** - **Wireless Network Attack:** An attacker impersonates a legitimate access point, enabling them to intercept user communications and credentials. - **Use of Tools:** Attackers may utilize special software to capture and manipulate traffic flowing over insecure networks. - **Protection:** - **End-to-End Encryption:** Ensuring communications are encrypted with SSL/TLS to protect data during transmission. - **Secure Network Protocols**: Promote the use of secure protocols to maintain confidentiality and integrity in communications. **Session Hijacking** - **Definition:** Session hijacking involves stealing session credentials to take control of a user's session, usually obtained through interception techniques**.** - **Differences from On-Path Attacks:** Unlike on-path attacks that primarily eavesdrop on communication, session hijacking is focused on obtaining authentication data to gain unauthorized access. - **Prevention:** - **Secure Cookies:** Use secure, HTTP-only cookies to limit access from malicious scripts. - **Multi-Factor Authentication:** Implementing MFA to enhance security, making it more challenging for attackers to gain access even if they manage to hijack a session. **Brute-Force Attack** - **Definition:** A brute-force attack is a method in which a threat actor attempts to guess a password by trying multiple combinations until the correct one is found. - **Characteristics:** - **Dictionary Attacks:** A specific type of brute-force approach that involves using a list of commonly used passwords or leaked passwords from previous breaches. - **Rainbow Tables:** Precomputed tables for reversing cryptographic hash functions, helping to quickly identify passwords from their hashes. - **Countermeasures:** - **Account Lockout Mechanisms:** Implement limits on login attempts to deter attackers. - **Strong Password Policies:** Encourage complex passwords and the use of password managers to boost security. **Denial of Service (DoS)** - **Definition:** A DoS attack aims to make a service unavailable by overwhelming it with excessive traffic or resource demands. - **Types:** - **Distributed Denial of Service (DDoS):** Involves multiple systems, often part of a botnet, targeting a single system simultaneously to cause disruption**.** - **Defense Strategies:** - **Traffic Filtering:** Use firewalls and intrusion detection systems to filter malicious traffic. - **DDoS Mitigation Services:** Employ specialized services capable of absorbing and redirecting malicious traffic. **Cross-Site Scripting (XSS)** - **Definition:** XSS is a type of attack where the attacker injects malicious scripts into a web application, which are then executed by the browsers of users interacting with the site. - **Variants:** - **Stored XSS**: Malicious scripts are stored on the server and presented to users, affecting anyone who accesses the affected page. - **Reflected XSS:** Scripts are embedded in URLs that, when visited, execute in the user's browser without being stored on the server**.** - **Mitigation:** - **Input Validation:** Ensure all user inputs are sanitized and validated to eliminate the risk of script injection. - **Content Security Policy (CSP):** Implement CSP to enforce rules about loading content and executing scripts on a page. **SQL Injection** - **Definition: SQL** injection involves attackers inserting malicious SQL code into an input field of a web application, allowing them to manipulate the database behind the application. - **Risks:** - **Data Breach:** Attackers may gain unauthorized access to sensitive data stored in databases. - **Data Manipulation:** SQL injections can lead to the alteration or deletion of critical data. - **Prevention:** - **Parameterized Queries:** Employ parameterized queries or stored procedures to safeguard against SQL injection. - **Input Sanitization:** Regularly validate and sanitize user inputs to ensure that only expected data is processed. **Social Engineering** **Social engineering exploits human psychology rather than technical vulnerabilities to gain unauthorized access to systems or sensitive information.** **Common Social Engineering Techniques:** **1. Impersonation and Infiltration:** - **Impersonation: Attackers disguise themselves as legitimate personnel such as IT staff or delivery personnel to physically infiltrate an organization.** - **Tailgating: Gaining entry by following an authorized person through a secured entry point, often exploiting social norms of politeness.** - **Defensive Measures: Install security checkpoints like access control vestibules (mantraps), employ security personnel, and enforce strict identification badge policies.** **2. Information Gathering:** - **Dumpster Diving: Searching through discarded documents or devices that have not been properly sanitized to find confidential information such as financial records, personal details, or passwords.** - **Shoulder Surfing: Gaining unauthorized information such as login credentials by directly observing someone's screen or keyboard inputs in a public or unsecured private space.** - **Security Practices: Promote document shredding and screen privacy filters to decrease the risk of data leakage.** **3. Communication-based Attacks:** - **Vishing (Voice Phishing): Attackers call individuals posing as trusted internal contacts or authorities to elicit sensitive information or gain access to systems.** - **Phishing: Deceptive electronic communications designed to trick recipients into revealing personal information or credentials. This might include fake emails or websites providing a façade of legitimacy.** - **Spear Phishing: Highly targeted attempts with personalized messages aimed at specific individuals.** - **Whaling: Targets high-profile individuals like executives with tailored attacks that exploit their positions.** - **Evil Twin: Set up rogue wireless access points that mimic legitimate networks to intercept data traffic, potentially capturing user credentials and sensitive data.** **Data Destruction** Data destruction goes beyond simply erasing or corrupting files; it involves unauthorized actions that misuse data or systems. **Nature of Data Destruction:** **1. Intentional Destruction:** - **Malicious Acts:** An attacker gaining unauthorized access can delete or alter critical data, leading to significant disruptions. - **Examples:** Deleting financial records, corrupting databases, or destroying backup files to incapacitate recovery efforts. **2. Unintentional Misuse:** - **Access Misconfiguration:** Authorized users might unintentionally cause damage due to unclear or excessive permissions. - **Illustration:** A user with legitimate access to product description data discovers the ability to change product prices, resulting in unintended modifications. **Spam** Spam, while often an annoyance, can also introduce serious security threats. **1. Potential Dangers:** - **Phishing:** Spam emails may contain phishing attempts that lure users into divulging personal information**.** - **Malicious Attachments**: Emails might carry attachments that install malware when opened. **Vulnerabilities** are exploit pathways used by threats to compromise systems. They can be present in hardware, software, network configurations, and organizational policies. **1. Unpatched Systems:** - **Description:** Systems missing critical updates or patches are vulnerable to exploits leveraging known security weaknesses. - **Risks:** Attackers frequently exploit such vulnerabilities to gain unauthorized access or control over systems. - **Mitigation:** Implement an automated patch management process to ensure regular updates for all operating systems and applications. **2. End-of-Life (EOL) Software:** - **Concerns:** Software and operating systems that are no longer supported by the vendor do not receive security updates, leaving them open to newly discovered vulnerabilities. **3. Bring Your Own Device (BYOD):** - **Security Challenges:** Personal devices may have inconsistent security measures and can introduce vulnerabilities to the corporate network. - **Risks:** Unmanaged devices can be exploited to bypass network defenses, introduce malware, or expose sensitive data. - **Solutions**: Establish clear BYOD policies, use mobile device management (MDM) solutions, and enforce security standards on all devices accessing corporate resources. **4. Weak Network Configurations:** - **Issues:** Improperly configured firewalls, routers, and wireless networks can leave open ports or weak encryption that attackers can exploit. - **Preventive Measures:** Regularly audit network configurations, employ strong encryption protocols, and follow best practices for secure network setup. - **Human Error:** **Security Concepts and Technologies** Once you\'ve assessed threats to your computers and networks, you need to protect those valuable resources. **Network Security** **Internet-Borne Attacks and Security Measures** **Malicious Software (Malware)** Malware refers to any program or code designed to perform harmful actions on a computer system or network. Understanding its types and behaviors is crucial for preventing and mitigating threats: 1\. **Types of Malware:** - **Virus:** A program that replicates by attaching itself to other applications or boot sectors. Requires human action to spread to other systems. - **Worm:** Similar to a virus, but can replicate and spread autonomously across networks without attaching to other programs. - **Trojan Horse:** Disguised as legitimate software, performs malicious activities without replicating. - **Keylogger:** Records keystrokes to capture sensitive information such as passwords. Often used in conjunction with other malware. - **Rootkit:** Hides within the system at a low level, gaining privileged access and evading detection by anti-malware tools. - **Crypto miner:** Uses compromised systems\' resources to mine cryptocurrency, often unnoticed except for high GPU or CPU usage. - **Spyware:** Collects data from the user\'s system without their knowledge, often bundled with legitimate software. - **Ransomware:** Encrypts data and demands a ransom for decryption, sometimes on a timer for added pressure. 2\. **Botnet:** - A network of infected computers controlled remotely to perform tasks like sending spam or launching DDoS attacks, all without the owners\' knowledge. **Malware Signs and Symptoms** Detecting malware early involves recognizing specific symptoms that suggest its presence. Here are key signs and their implications: 1\. **Performance Issues:** - **Slowdowns:** A drastic reduction in system speed or responsiveness can indicate resource-heavy malware operating in the background, using CPU and memory for unauthorized tasks like cryptomining. - **Frequent Crashes:** If applications or the system itself crashes repeatedly without a clear source, malware could be deliberately corrupting files or system components to destabilize operations. 2\. **Unusual Behavior**: - **Unauthorized Emails**: If your email account is sending spam or phishing emails without your knowledge, malware or compromised credentials might be involved, potentially damaging your reputation and security. - **Unexpected Pop-ups and Alerts:** adware follows your every step and sends you targeted ads in an effort to entice yu to click on them and spend your money. - **Browser Redirection:** Being redirected to illicit or unexpected sites often points to DNS alterations or edited hosts files by malware, steering traffic for the perpetrator's gain, such as phishing sites. 3\. **Access Issues:** - **System Tool Failures**: Tools such as Task Manager or System Restore not functioning can be symptomatic of malware disabling these utilities to hinder detection and removal. - **Internet Connectivity Loss:** Altering network settings to block connectivity may prevent your system from downloading updates or removing malware, isolating it for ongoing exploitation. 4\. **Defensive Behavior**: - **Antivirus/Anti-Malware Disablement:** If security software fails to launch or settings revert inexplicably, malware may be blocking these defenses to avoid removal attempts. **Malware Prevention and Recovery** Preventive strategies and robust recovery procedures are essential to combat malware threats effectively: **1. Antivirus and Anti-Malware Programs:** - **Active and Passive Protection**: Antivirus software should provide both real-time scanning to immediately block detected threats and passive monitoring to identify suspicious activity patterns. - **Regular Updates:** Keep virus definitions and software versions current to ensure new strains of malware are promptly identified and neutralized. 2\. **User Awareness and Training:** - **Education:** Users need to learn to spot phishing scams, the risks of unauthorized downloads, and avoid engaging with speculative pop-ups. Consider regular training sessions or interactive simulations to enhance recognition skills. - **Security Policies:** Clear, organization-wide policies for identifying and responding to potential cybersecurity threats should be established and continuously reinforced. 3\. **Patch Management:** - Implement a structured patch management process to ensure all software and systems are up-to-date with the latest security patches, eliminating vulnerabilities malware could exploit. 4\. **Remediation Strategies**: - **Incident Response:** Develop a step-by-step incident response plan detailing notification protocols, isolation procedures, and post-infection recovery efforts to manage threats efficiently. - **Restore Systems:** Conduct regular backups and maintain an archive of clean system images to expedite system restoration processes. **Advanced Malware Tactics** 1\. **Polymorphic Viruses:** - These viruses actively change their code to evade detection, necessitating advanced detection techniques focusing on behavior and characteristics rather than static signatures. 2\. **Stealth Techniques**: - Stealth malware may use rootkit technology to hide on systems by integrating deeply with the operating system, making detection and removal challenging without specialized tools. **Tools and Practices** - **Malwarebytes** and similar comprehensive anti-malware solutions are crucial in identifying and removing various forms of malware, including adware, spyware, and Trojans. - **Regular Backups:** Perform routine data backups to safeguard against data loss due to malware attacks, ensuring that data can be restored efficiently and accurately. - **Security Software:** Rely on well-reviewed and reliable security software to decrease the risk of downloading rogue applications that masquerade as legitimate software. **Malware Recovery Tips** Follow structured procedures to effectively remove malware and restore systems: **1. Identify and Quarantine:** - Utilize automated monitoring tools such as intrusion detection systems (IDS) to alert on suspicious activities in real-time. - Manually validate alerts and isolate systems physically if automation triggers quarantine protocols. **2. Disable System Restore:** - During serious outbreaks, consider network-wide disablement of System Restore to prevent the reinfection of multiple machines by shared restore points. **3. Scan and Remediate:** - Use a variety of anti-malware tools to cross-verify findings and ensure comprehensive removal, recognizing that no single tool catches all threats. - Document findings and actions taken for post-incident analysis and process improvement. **4. Recovery and Education:** - Schedule periodic refresher training for users after an incident to incorporate lessons learned and reinforce secure behaviors. - Ensure that all employees understand the updated security procedures or policy changes resulting from the incident. **Additional Considerations** **1. OS Reinstallation:** - Establish criteria and a decision-making protocol for when OS reinstallation becomes necessary, considering factors such as infection severity and recovery speed. - Prepare a detailed guide for users on data backup processes, emphasizing what to preserve before an OS reinstall. - **Comprehensive Backup Strategy:** - Explore and implement both on-site and cloud-based backup solutions to provide multiple recovery options and redundancy. - Conduct regular backup integrity tests to confirm that backups are complete and viable, ensuring quick restoration when needed. **Remediate Malware Infections** Remediation involves repairing the damage caused by malware to ensure system stability and security: **1. System Repair:** - After a malware infection, crucial files, such as Windows Registry keys or startup files, may be corrupted. Remediation involves replacing or fixing these components to restore functionality. - If Windows fails to boot post-scan, utilize the Windows Preinstallation Environment (WinPE) and Windows Recovery Environment (WinRE). This gives access to essential tools like Startup Repair, System Restore, and Command Prompt. **2. Windows Recovery Tools:** - **Startup Repair:** Automatically fixes issues preventing Windows from starting**.** - **System Restore:** Reverts system files and settings to a previous state without affecting personal files. - **System Image Recovery:** Restores your computer by using a system image you created earlier. - **Command Prompt:** Provides command-line access for more advanced recovery options. **3. Post-Remediation Steps:** - Re-enable System Restore and create new restore points after successful remediation to capture the clean state of the system. This ensures recovery options are available for future incidents. **Firewalls** Firewalls are instrumental in protecting a network from unauthorized access: **1. Hardware Firewalls:** - Typically found in routers, hardware firewalls filter packets before they reach internal devices, using Stateful Packet Inspection (SPI) to analyze incoming traffic and ensure that only legitimate responses to outgoing requests are allowed. - Configure settings such as port forwarding and port triggering to manage network traffic. For example, port forwarding allows external access to a service within the network, like a web server. **2. Software Firewalls:** - Windows Defender Firewall provides robust protection on individual machines, handling port blocking, security logging, and more. It can be configured via the Control Panel or Windows Security app for granular security settings. - Define exceptions for specific programs that need network access, and manage the firewall rules through Windows Defender Firewall with Advanced Security for detailed control over inbound and outbound traffic. **3. Firewall and Network Types:** - Implement separate firewall rules for different network types (Domain, Private, Public) to adapt security measures based on the level of trust and exposure. For instance, a Public network has stricter rules compared to a Private network. - Upon connecting to a new network, users should choose the appropriate type (Private for home and office, Public for unknown connections) to enforce correct sharing and discovery settings. **4. Advanced Firewall Configuration:** - Use Windows Defender Firewall with Advanced Security to create custom inbound and outbound rules, specifying program behaviors, remote/local ports, and IP address filtering. - Establish groups for easier management of rules, allowing quick adjustments to security policies as needed. **Internet Appliances** **Intrusion Detection System (IDS)** - **Functionality:** IDS inspects network packets for signs of active intrusions that traditional firewalls might miss. It is designed to identify threats such as viruses, illegal logon attempts, and internal attacks (e.g., from a rogue vulnerability scanner). - **Alerts:** IDS typically logs attacks and can notify administrators via pop-ups, emails, or text messages. Although it doesn\'t directly stop attacks, it can coordinate with other security devices to mitigate threats. **Intrusion Prevention System (IPS)** - **Active Monitoring:** Unlike IDS, an IPS is placed in-line with network traffic and actively monitors it. This allows an IPS to stop attacks as they occur without needing assistance from other devices. - **Bandwidth and Latency:** The placement of an IPS can affect network bandwidth and latency. If an IPS fails, it might also disrupt the network link it monitors. - **Packet Handling:** IPS can block or modify packets on-the-fly based on criteria like IP address, port number, or application type, providing immediate threat mitigation. **Network Tap** - **Monitoring Tool:** Network taps are hardware devices (or software options) that passively monitor network traffic by copying it for analysis. They do not interfere with network operations, allowing normal traffic flow while capturing data for inspection. - **Flexibility:** Network taps can be used in both physical and virtual networks, offering flexible placement options without risking network disruptions. **Unified Threat Management (UTM)** - **Comprehensive Security**: UTM devices combine multiple security functions, wrapping traditional firewall capabilities with additional services like IPS, VPN, antivirus, load balancing, and more. - **Integrated Protection:** By integrating these services into a single platform, UTMs provide robust, layered security, helping protect critical data across networks. **Authentication and Encryption** **Network Security Tools and Concepts** 1\. **Intrusion Detection Systems (IDS):** - An IDS is a security mechanism that inspects network packets for suspicious activities, such as viruses and illegal logon attempts. It serves as an internal watchman for threats that bypass the perimeter firewall. - IDS primarily acts as an alert system, notifying network administrators through logs, pop-ups, emails, or text messages of any detected intrusion. While it can\'t stop an attack, it can prompt other devices, like firewalls, to take action. 2\. **Intrusion Prevention Systems (IPS):** - Similar to IDS, an IPS is positioned within network traffic flows and actively blocks threats as they are detected. It adds an immediate response element to network security, capable of blocking malicious packets based on predetermined criteria. - Deploying an IPS can impact network bandwidth and latency. Additionally, if an IPS fails, it can disrupt the network link it monitors. 3\. **Network Taps:** - Network taps are devices or software solutions that passively monitor and copy network traffic for analysis, allowing the traffic to remain uninterrupted while capturing data for threat detection purposes. - Virtual network taps offer flexibility by integrating into network infrastructures without needing physical installations. 4\. **Unified Threat Management (UTM):** - UTM integrates multiple security services---such as firewalls, IPS, VPNs, antivirus, load balancing, and more---into a single platform. This approach provides comprehensive security coverage and simplifies the management of network defenses. **Authentication and Encryption** 1\. **Network Authentication:** - Authentication processes verify users\' identities within networked environments, typically using standard protocols like Kerberos. These systems ensure that username and password exchanges are securely handled across different platforms and devices. 2\. **Data Encryption:** - Encryption renders data unreadable to unauthorized entities by transforming it into an encoded format, crucial for protecting sensitive information during transmission across networks. - IPsec is commonly used for encrypting data in WAN connections, ensuring data confidentiality between networks or within a VPN. 3\. **Application Encryption:** - Protocols like Transport Layer Security (TLS) secure communications in applications like web browsers, ensuring that data exchanges via HTTPS are protected through encrypted connections verified by digital certificates from trusted authorities. **Wireless Security Considerations** 1\. **Wireless Encryption:** - Implement strong encryption protocols like WPA3 for wireless networks to secure data transmitted over the air. Adjust client settings to support these encryption standards for maximum security. 2\. **Access Control:** - Configure DHCP settings to limit address assignment, reducing the risk of unauthorized device connectivity. Alternatively, use static IP addresses to enhance control over connected devices. - Utilize filtering techniques via MAC or IP addresses to limit network access to known devices only, thereby bolstering security against unknown entities. 3\. **General Wireless Security Tips:** - Change default SSID, username, and passwords to prevent unauthorized access. - Regularly update the firmware of wireless access points (WAPs) and associated devices to patch vulnerabilities. - Activate WAP firewall settings and consider deploying content filtering to monitor and control access. 4\. **Physical Security:** - Ensure routers and WAPs are secured physically to prevent tampering or physical access by unauthorized individuals.
