Security+ - Software Exploitation, Malicious Code and Social Engineering

From Techotopia
Revision as of 14:51, 15 February 2008 by Neil (Talk | contribs) (New page: In this chapter of Security+ Essentials we will be looking at the the use of software exploitations, viruses and social engineering as mechanisms to violate the security of systems and...)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

In this chapter of Security+ Essentials we will be looking at the the use of software exploitations, viruses and social engineering as mechanisms to violate the security of systems and networks


Contents

Software Exploitation

Software applications and the operating systems on which they run are vastly complex entities which are designed and implemented by human being using programming languages. Humans are fallible and no matter how carefully written and thoroughly tested a piece of software is it will still contain bugs. One of the most common bugs involves buffer overflows where an area of memory has been allocated by the programmer to store a specific amount of data. When the volume of data written to the storage area exceeds the space allocated a buffer overflow occurs causing the system to creash, leaving it open for an intruder to take over.

Whilst it is impossible to completely eliminate the risk of software exploitations the threat can be reduced by keeping operating systems and applications patched with the latest vendor updates and to develop applications using programming languages such as C# and Java which provide managed environments which reduce the risk of some exploitations.

Malicious Code

Software exploitations take advantage of unintended weaknesses in the code of operating systems and applications. Malicious code attacks, on the other hand, involve the use of software written for the specific purpose of performing unauthorized and malicious activity on a computer system. Malicious code falls into a number of categories, namely viruses, trojan horses, logic bombs and worms.


Viruses

A virus is a piece of code that executes on a computer system without the knowledge of the computer's owner. Viruses replicate themselves, attach themselves to executable files and are often able to spread to other system on a network. A virus usually arrives on a computer attached to an executable program as a payload. When the user executes the program, the virus starts up and begins to work. A common way for a virus to gain access to a system is via email attachments. Viruses can be categorized as follows:

  • Macro Virus - A macro virus is inserted into Microsoft Office documents and uses the Office macro scripting capabilities to compromise the system. The document is then emailed to a user who opens the document to rad it thereby unleashing the virus.
  • Boot Sector Virus - A boot sector virus is written to the boot record of computers system hard drive such that when the user reboots the system the virus starts up.
  • Polymorphic Virus - A polymorphic virus is designed specifically to avoid detection by anti-virus software. Most anti-virus solutions detect viruses by scanning for a particular signature. This usually involves looked for a sequence of bytes that are known to comprise part of the virus code. A polymorphic virus constantly changes its code sequence in an attempts to avoid presenting an identifiable signature to the anti-virus scanner.

The best ways to avoid virus infection are as follows:

  • Install an anti-virus solution and keep it up to date.
  • Never open suspicious email attachments.
  • Keep operating systems patched with the latest updates.

Trojan Horses

Retrieved from "https://www.techotopia.com/index.php?title=Security%2B_-_Software_Exploitation,_Malicious_Code_and_Social_Engineering&oldid=5147"