Security+ - Software Exploitation, Malicious Code and Social Engineering
Previous | Table of Contents | Next |
An Overview of IT Security Threats and Attacks | Identifying Common and Nonessential Services |
Purchase and download the full PDF and ePub versions of this Security+ eBook for only $8.99 |
In this chapter of Security+ Essentials we will be looking at the the use of software exploitations, viruses and social engineering as mechanisms to violate the security of systems and networks
Software Exploitation
Software applications and the operating systems on which they run are vastly complex entities which are designed and implemented by human being using programming languages. Humans are fallible and no matter how carefully written and thoroughly tested a piece of software is it will still contain bugs. One of the most common bugs involves buffer overflows where an area of memory has been allocated by the programmer to store a specific amount of data. When the volume of data written to the storage area exceeds the space allocated a buffer overflow occurs causing part or all of the system to crash, potentially leaving it open for an intruder to take over.
Whilst it is impossible to completely eliminate the risk of software exploitations the threat can be reduced by keeping operating systems and applications patched with the latest vendor updates and to develop applications using programming languages such as C# and Java which provide managed environments which reduce the risk of some exploitations.
Malicious Code
Software exploitations take advantage of unintended weaknesses in the code of operating systems and applications. Malicious code attacks, on the other hand, involve the use of software written for the specific purpose of performing unauthorized and malicious activity on a computer system. Malicious code falls into a number of categories, namely viruses, trojan horses, logic bombs and worms.
Viruses
- Macro Virus - A macro virus is inserted into Microsoft Office documents and uses the Office macro scripting capabilities to compromise the system. The document is then emailed to a user who opens the document to read it thereby unleashing the virus.
- Boot Sector Virus - A boot sector virus is written to the boot record of a computer's system hard drive such that when the user reboots the system the virus starts up.
- Polymorphic Virus - A polymorphic virus is designed specifically to avoid detection by anti-virus software. Most anti-virus solutions detect viruses by scanning for a particular signature. This usually involves looking for a sequence of bytes that are known to comprise part of the virus code. A polymorphic virus constantly changes its code sequence in an attempt to avoid presenting an identifiable signature to the anti-virus scanner.
The best ways to avoid virus infection are as follows:
- Install an anti-virus solution and keep it up to date.
- Never open suspicious email attachments.
- Keep operating systems patched with the latest updates.
Trojan Horses
A trojan horse is a program which appears to serve a useful purpose but actually contains malicious code which executes when the user runs the application. Trojan horses are typically used to open a back door to the system on which they are executed allowing an intruder to subsequently gain access. It is always best to proceed with caution before downloading and installing any kind of free software downloaded from the internet. It also pays to frequently scan the ports on your system to ensure that a trojan horse is not lurking behind a port which would not normally respond to a port scan.
Logic Bombs
Logic bombs are usually used by disgruntled employees to destroy data after they have left a company. They involve installing a hidden program on a system that is designed to activate at a pre-defined date and time. Once activated, they can wreak havoc on entire networks.
Frequent auditing of system activity and the use of third party consultants to review code are the only ways to effectively prevent the possibility of a logic bomb being planted by an employee. The use of activity logging will also be essential when performing forensics after a logic bomb has detonated and is also invaluable when prosecuting the offender in court.
Worms
A worm is a form of virus that is able to replicate itself between machines on a network. For example, a worm will find its way onto one system and then exploit known security holes to propagate copies of itself to any other systems it can find. Because worms replicate so effectively they can be difficult to eradicate. After the worm has been removed from a system on a network it is simply replaced by the in instance of the worm on another system on the network.
Social Engineering
Social engineering exploits human nature, rather than computer code, to achieve its objectives and usually involves some form of interaction with a user or employee, either via email, phone or in person. Such attacks usually use empathy, urgency and a hint of believability in gaining the trust of the victim. Other attacks can work on the inquisitive nature of human beings.
Such an attack might involve calling an employee and pretending to be an authoritative figure in an organization who has forgotten their password. Another social engineering attack that actually occurred involved the placement of USB thumb drives in an office parking lot. Unsuspecting employees picked these up on arrival at work and, assuming they belonged to fellow employees, plugged them into their computers in an effort to identify the owner so that they could be returned. In browsing the files on the storage devices viruses were unleashed on the computer systems.
The only sure way to prevent social engineering attacks is through employee education.
<google>BUY_SECURITYPLUS_PLUS</google>
Previous | Table of Contents | Next |
An Overview of IT Security Threats and Attacks | Identifying Common and Nonessential Services |