Академический Документы
Профессиональный Документы
Культура Документы
Risk Analysis
Threat Identification
Threat Identification
Threat Identification
THREAT VECTORS
Threat vector describes where the threat originates and the
path it takes to reach a target.
Example of it is an E-Mail message sent from outside the
organization to an inside employee, containing irresistible
subject line along with executable attachment that happens
to be a Trojan program, which will compromise the
recipients computer if opened.
A good way to identify threat vectors is to create a table
containing the list of threats you are concerned about, along
with sources and targets.
It is important to understand threat vectors and consider
them when designing security controls, to ensure possible
routes of attack for the various threats receive appropriate
scrutiny.
THREAT VECTORS
01-10-17
Threat Identification
Threat Identification
Threat Identification
Threat Identification
01-10-17
Threat Identification
Threat Identification
TYPES OF ATTACKS
Any computer that is accessible from the Internet will be
attacked.
If you dont keep up with patches and take appropriate
countermeasures, your computer will be surely be
compromised within a short period of time.
Whatever system is popular and is used by a majority of
people will be hacked.
Changing OS from one another may delay attackers for a
brief while, but then exploits and hacks will appear.
Hacking, worms, and viruses existed long before Microsoft
arrived in the computer world, and they will be around after
Microsoft is gone.
The key is to make a habit of applying patches and taking
appropriate security countermeasures on a consistent basis.
TYPES OF ATTACKS
Attacks can take the form of automated, malicious, or
mobile code traveling along networks looking for exploit
opportunities, or they can take the form of manual attempts
by an attacker.
An attacker may even use an automated program to find
vulnerable hosts and then manually attack the victim.
The most successful attacks, in terms of numbers, of
compromised computers, are always from completely
automated programs.
A single automated attack, exploiting a single system
vulnerability, can compromise millions of computers in less
than a minute.
10
11
Threat Identification
Threat Identification
13
01-10-17
Threat Identification
Threat Identification
Computer Worms
A computer worm uses its own coding to replicate, although
it may rely on the existence of other code to do so.
The key to a worm is that it does not directly modify other
host to replicate.
A worm may travel the Internet trying one or more exploits
to compromise a computer, and if successful, it writes itself
to the computer and begins replicating again.
E-Mail worms are a curious intersection of social engineering
and automation.
They appear in peoples inboxes as messages and file
attachments from friends, strangers, and companies.
They pose as pornography, cute games, official patches
from Microsoft, or unofficial applications found in the digital
marketplace.
Computer Worms
A worm may travel the Internet trying one or more exploits
to compromise a computer, and if successful, it writes itself
to the computer and begins replicating again.
E-Mail worms are a curious intersection of social engineering
and automation.
They appear in peoples inboxes as messages and file
attachments from friends, strangers, and companies.
They pose as pornography, cute games, official patches
from Microsoft, or unofficial applications found in the digital
marketplace.
Internet e-mail worms are very popular with attackers
because they can be very hard to track.
14
15
Threat Identification
Threat Identification
TROJANS
Trojan horse programs or Trojans, work by posing as
legitimate programs that are activated by unsuspecting user.
After execution, the Trojan may attempt to continue to pose
as the legitimate program (such as screensaver) while doing
its malicious actions in the background.
Many people are infected by Trojans for months and years
without realizing it.
Trojan simply starts its malicious actions and doesnt pretend
to be a legitimate program, its called direct-action Trojan.
Direct-action Trojans dont spread well because the victims
notice the compromise and are unlikely, or unable to spread
the program to other unsuspecting users.
16
17
01-10-17
Threat Identification
Threat Identification
18
19
Threat Identification
Threat Identification
MALICIOUS HTML
The Internet allows for many different types of attacks, many
of which are HTML-based.
Malicious HTML has often been used to access files on local
PCs too. Specially crafted HTML links can download files from
the users workstation, retrieve passwords, and delete data.
HTML coding often includes JavaScript and VBScript, can
easily access local resources without a problem.
Most e-mail worms are coded with VBScript. Active content
includes ActiveX controls, Java applets, and media files.
ActiveX controls and Java applets can be almost any type of
hostile program, including Trojans and viruses.
Both ActiveX and Java security models have suffered dozens
of exploits over the years.
20
21