...Today we will come to understand how to find, interpret, and explain the materials released by major antivirus vendors about new malware threats. In addition we will show how you will be able to document the malware lifecycle; in addition to explaining the threats that the malware creates both at the current time and how they may change. One of the sites that we have taken a look at is McAfee.com, the portion of information we are looking at today is the virus definition, what it is a how it will affect you the consumer. One virus we will be looking at will be RDN/BackDoor-FBSA!a!EFA0D651938C. This is a Trojan detection. Unlike viruses, Trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include e-mail, malicious or hacked Web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc. The indication of having this infection would mean your machine would have the files, registry, and network communication referenced in the characteristics section. However not to worry the following is a plan of attack as per instructions of McAfee: Please use the following instructions for all supported versions of Windows: 1. Disable Windows System Restore. For instructions, please refer to: http://www.mcafee.com/us/downloads/free-tools/disabling-system-restore...
Words: 772 - Pages: 4
...IS4560 Hacking and Countermeasures I was assigned the task of reviewing top malware threats reported by the McAfee Anti-Virus Corporation. The purpose of investigation reporting is to understand the typical lifecycle of new malware and how the threat presented by malware can change over time. Malware Capabilities and Description Virus Profile: FakeAlertAVSoft This Binary is Trojan fake alert, as the name, this Trojan gives fake alerts to the compromised user system. This creates a mirage as if the user system is severely affected when it isn’t and then it will give fake balloon tips when clicked. Afterwards it will ask the compromised user to buy fake antivirus software. FakeAlert-AVSoft will silently install and run a virus scan on the system. It will falsely claim that it found viruses and will require the user to register the product to clean the system. The malware attacks and makes registry modification and tricks the user and prompts them to buy the fake antivirus software. Threats The FakeAlert-AVsoft upon execution creates the following registry keys HKEY_CURRENT_USER\Software\AvScan and the following are added to registry. [HKEY_CURRENT_USER\Software\Microsoft\InternetExplorer\Download"RunInvalidSignatures”], also registry values are modified. The following registry keys are deleted in the system.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Windows "AppInit_DLLs". The user is prevented from running any executables and the following...
Words: 513 - Pages: 3
...threats. According to Vert, Gonen and Brown (2014), these kinds of attacks are known of being sophisticated and slow moving over a long period of time. Advanced persistent threats are computer network attacks in which unauthorized individuals gain access to network systems or its resources and continues to use the resources without detection for a long period of time. By definition, advanced persistent threats are highly sophisticated networked entity, typical of organized groups of attackers, which conduct hostile cyber-attacks against a computer system. As described in the scenario, the western interconnection power grid faces such a challenge. Adversaries intend to use malwares to gain access to the network system at the power grid. A. Analysis of the problem and Safeguards against the problem The lifecycle of an advanced persistent threat follows a six step process as shown in the diagram that follows. The first phase, the information collect, involves the attackers collecting all the necessary information and deciding which of these information is applicable to achieve his/her objectives. In the second phase, the initial compromise, the adversary designs and plans the attack. This occurs through the application of...
Words: 1247 - Pages: 5
...Week 3 Lab Part 1: Web and Database Attacks & Malware and Malicious Software Learning Objectives and Outcomes Upon completing this lab, students will be able to: * Identify web application and web server backend database vulnerabilities as viable attack vectors * Develop an attack plan to compromise and exploit a web site using cross-site scripting (XSS) against sample vulnerable web applications * Conduct a manual Cross-site Scripting (XSS) attack against sample vulnerable web applications * Perform SQL injection attacks against sample vulnerable web applications with e-commerce data entry fields * Mitigate known web application and web server vulnerabilities with security countermeasures to eliminate risk from compromise and exploitation Overview This Lab will demonstrate a Cross-site Scripting (XSS) exploit and an SQL Injection attack on the test bed web application and web server using the Damn Vulnerable Web App (DVWA) loaded on an Apache Web Server on “TargetUbuntu01” Linux VM server. They will first identify the IP target host, identify known vulnerabilities and exploits, and then attack the web application and web server using XSS and an SQL Injection to exploit the web application using a web browser and some simple command strings. Assignment Requirements Watch the Demo Lab in Learning Space Unit 5 and then answer questions 1-10 below. Lab Assessment Questions & Answers 1. Why is it critical...
Words: 1054 - Pages: 5
...the Defense Spectrum Organization (DSO), ought to take a gander at as fundamental zones for safeguard and care: stock of approved and unapproved gadgets and programming, secure arrangements for equipment and programming on cell phones, portable PCs, workstations and servers, malware protections, and applications programming security. With regards to stock of approved and unapproved gadgets and programming devise a rundown of approved programming that is required in the undertaking for every sort of framework, including servers, workstations, and portable PCs of different sorts and employments. There are a lot of work requirements that go into this. The DSO will initially need to recognize the sorts of advantages they have, then they should make a rundown of programming for each of those sorts. The level of granularity will probably be controlled by the measure of the DSO. Establishing, safeguarding, enforcing and assessing a secure OS configuration is one of the most important security controls for the DSO to thwart targeted hacking attacks and widespread malware infections. According to the System...
Words: 646 - Pages: 3
...are at odd with the United States government. Even though the metro DC area is in a technology heavy area, the country is slowly coming out a recession and the job market can be very competitive. Finding and keeping experienced and educated support staff to cover the work queues is needed to keep the Service Level Agreement within the confines of the contract. Likewise many of the certifications are expensive to procure and the Department of Defense requires continuing education to keep the certification up to date. For the third risk identified, hardware failure, could be caused by many different scenarios, there is really not one source of the issue. The primary one is a system that is out of warranty or is toward the end of its lifecycle, another could be a faulty piece of hardware, or a system cannot handle the demands of the end user. Other possible causes are general wear and tear, accidents and...
Words: 2227 - Pages: 9
...Study Guide for Windows Security Final IS3340 1. Many current operating systems actually implement microkernel architecture. Microkernel only implements the minimal required. Processes generally run in either user mode or supervisor mode. 2. The process of providing and denying access is called access control. Access control is multi step process starting with Identification and authentication. Three authentication types are type I, II, and III 3. User rights define the tasks that user is permitted to carry out, such as take ownership of objects or shutdown the computer. Permissions define what a user can do to a specific object such as read or delete the object. 4. This functionality has matured into a core Windows feature called, Active Directory this allows users and groups to be defined once and shared among multiple computers. 5. The main feature of Microsoft Active Directory is the ability to define identity and Authorization permission that can be shared among multiple computers within one or more domains. 6. The principal of providing the just the necessary access required to carry out a task is called the principal of least privilege or LUAs. 7. Access Models: Identification, Authentication, Authorization, ACL’s and Security Access Token (SAT). 8. Access Control List (ACL), Discretionary Access Control List (DACL), and Access Control Entry (ACE). 9. Access Models: Identification, Authentication, Authorization, ACL’s and Security Access Token (SAT). 10. cacls...
Words: 1195 - Pages: 5
...How to Secure Your Systems Networking Security Fundamentals CIS 333 July 28, 2012 How to Secure Your Systems When we think about technology we think of all the capabilities it gives us and also the headaches it brings. In today's technological world there are many vulnerabilities to the computer networks that we have. If there is a malicious attacker exposes these vulnerabilities can affect the company in many ways. We know that your business could be interrupted causing you thousands of dollars in damage. Not only could you lose business by your network going down, but you can also lose consumer confidence, and ensure the possible penalties imposed on you by the government for not properly securing your customers imperative information. This is why we will be looking at different measures that we can take to be proactive and prevent this from happening. There are several methods or should we say concepts available to the network administrators to help them in securing the networks or should we say the concept of defense-in depth, which is a concept that uses multiple defense strategies. This is a concept that all network administrators and security personnel should practice. Using this method will add several layers of security to your network. Two of those concepts or solutions are DMZ’s (Demilitarized Zones) and IDS’s (Intrusion Detection Systems). DMZ is a physical or logical sub-network that contains and exposes an organization’s external services to a larger untrusted...
Words: 1667 - Pages: 7
...Week 10: Term Paper: Mobile Computing & Social Networks Week 10: Mobile Computing & Social Networks Professor Gregory Hart Information System Decision-Making CIS500 September 9, 2012 Abstract In my paper I will talk about Mobile Computing and Social Networks and how they all work. I will assess the effectiveness and efficiency mobile-based applications provide to capture geolocation data and customer data, and quickly upload to a processing server without users having to use a desktop system. I will evaluate benefits realized by consumers because of the ability to gain access to their own data via mobile applications. Examine the challenges of developing applications that run on mobile devices because of the small screen size. Describe the methods that can be used to decide which platform to support, i. e., iPhone, iPad, Windows Phone, or Android. I will also talk about Mobile applications require high availability because end users need to have continuous access to IT and IS systems. I will discuss ways of providing high availability. Finally I will discuss mobile devices are subjected to hacking at a higher rate that non-mobile devices and discuss methods of making mobile devices more secure. Table of Contents Abstract ………………………………………………………………………………....... 2 Contents ………………………………………………………………………………….. 3 Effectiveness & Efficiency mobile-based applications to capture Geolocation data ……. 4 Benefits realized by consumers to access their own data...
Words: 2905 - Pages: 12
...Stuxnet Virus According to counterterrorism czar Richard Clarke, Stuxnet was a weaponized malware computer worm. Stuxnet was launched in mid-2009, it did major damage to Iran’s nuclear program in 2010 and then spread to computers all over the world (Clarke, 2012). Type of Breach The Stuxnet is a computer worm, “it is a digital ghost with countless lines of code… it was able to worm its way into Iran’s nuclear fuel enrichment facility in Natanz, Iran” (Clarke, 2012). A worm is a program that spreads copies of itself through a network and a worm can also spread copies of itself as a stand-alone program (Pfleeger & Pfleeger, 2007). How the Breach Occurred On June 17, 2010, Sergey Ulasen, head of a small computer security firm called VirusBlokAda, was going his through e-mail when a report caught his attention. A computer belonging to an Iranian customer was caught in a reboot loop; it was “shutting down and restarting repeatedly despite efforts by operators to take control of it. It appeared the machine was infected with a virus” (Zetter, 2011). Ulasen’s research team got hold of the virus infecting their client’s computers. They realized it was using a “zero-day” exploit to spread (Zetter, 2011). Zero-days are the hacking world’s most potent weapons: The virus exploits vulnerabilities in software that are not yet known to the software maker or antivirus vendors. They’re also exceedingly rare; it takes considerable skill and persistence to find such vulnerabilities and...
Words: 1195 - Pages: 5
...Table of Contents: Question 1A------------------------- Page 3 Question 1B----------------------- Page 5 What is Quality Audit? The principles of Quality Audit, in the sense we mean it here, are based on the style of quality standards used in several formal national and international standards such as the ISO-900x international quality standards. These standards do not in themselves create quality. The logic is as follows. Every organization should define comprehensive procedures by which their products or services can be delivered consistently to the desired level of quality. As was discussed in the section on Quality Management, maximum quality is rarely the desired objective since it can cost too much and take too long. The average product or service provides a sensible compromise between quality and cost. There is also a legitimate market for products that are low cost and low quality. Standards authorities do not seek to make that business judgment and enforce it upon businesses, except where certain minimum standards must be met (eg all cars must have seat belts that meet minimum safety standards, but there is no attempt to define how elegant or comfortable they are). The principle is that each organization should create thorough, controlled procedures for each of its processes. Those procedures should deliver the quality that is sought. The Quality Audit, therefore, only needs to ensure that procedures have been defined, controlled, communicated and used. Processes...
Words: 911 - Pages: 4
...Enterprise Security Plan CMGT/430 Enterprise Security Plan This Enterprise Security Plan (ESP) for Riordan Manufacturing employees the levels of security required to protect the network and resources utilized to communicate. It is intended purpose is to formulate a means to counterattack against security risk from potential threat. The ESP servers as a way to identify risks and to ensure a contingency plan is in place to protect the availability, integrity, and confidentiality of the Riordan organization's information technology (IT) system. The ESP benefits all employees however it is most beneficial to information resource managers, computer security officials, and administrators as it is a good tool to use for establishing computer security policies. The ESP in its basic form is a systematic approach to addressing the company’s network, its capability, the threats it is susceptible to and a mitigation strategy that addresses those threats if and should they occur. In addition to addressing the threats the ESP will also make provisions for establishing contingency plans in case of a disaster. The information covered by this plan includes all information systems, IT resources, and networks throughout the Riordan global organization owned or operated by employees in the performance of their job duties, whether written, oral, or electronic. Further it establishes an effective set of security policies and controls required to identify and mitigate vulnerabilities that...
Words: 2085 - Pages: 9
...Security and Compliance Office 365 Published: May 2014 For the latest information, please visit the Office 365 Trust Center at http://trust.office365.com Introduction 1 Service-Level Security 2 Physical layer—facility and network security 4 Logical layer—host, application, admin user 5 Data layer—data 7 Data integrity and encryption 7 Protection from security threats 8 Security monitoring and response 9 Independent verification 9 Security Customer Controls 10 Secure end-user access 12 Privacy by Design 14 Privacy Customer Controls 15 Service Compliance 16 Customer Compliance Controls 18 Conclusion 21 Introduction Information security is an essential consideration for all IT organizations around the world. In addition to the prevalence of information technology, the complexity of delivering access to services from a growing number of devices, platforms, and places than ever before forces information security to be a paramount matter. Multi-device access benefits your users, especially with the consumerization of IT, but broader access represents another potential attack surface. At the same time, organizations face ever-evolving cyber-threats from around the world that target users who may accidentally lose or compromise sensitive data. When you consider moving your organization to cloud services to store your data and various productivity services, the security concerns add another layer of consideration. That consideration is one...
Words: 6737 - Pages: 27
...In regards to the issue of how effective and efficient mobile-based applications are at capturing customer data and tools that utilize geolocation technology, we will begin with the current state of smartphone app usage and specific processes made in correlation with mobile devices. Experts predict that by 2020 there will be more than three billion mobile devices making 450 billion mobile transactions. (Chordas, 2012) This key set of projections made by experts concerning future trends in the mobile space, have many companies taking notes and preparing to use mobile based apps using tools like geolocation and customer data usage to their advantage. For example, in the insurance sector, companies like State Farm are creating apps that allow young drivers and parents to study driving trends, utilizing young drivers’ smartphones with mechanisms like accelerometers. State Farm just released its Driver Feedback app for use on Android devices. (Chordas, 2012) State Farm did not just focus on the Android smartphone platform for publishing their apps, the Apple iPhone was also part of the focus regarding their market expansion. State Farm published this unique app for Apple iPhones to engage broader smartphone markets. In 2011, the carrier launched an application for iOS devices that tracks driving behavior. This app as Chordas reports, offers teen drivers and their parents access to nonbiased feedback so families can have constructive conversations about safe driving. (2012) When...
Words: 3229 - Pages: 13
...EXECUTIVE SUMMARY This paper details the importance of cyber security in the face of evolving cyber threats and the ever-increasing attacks on government and businesses alike. We live in a globally connected world and globally distributed cyber threats. Not restricted by geographical boundaries these threats target all technologies, service providers, and consumers. The threats are at an all-time high, in terms of sophistication and volume, and continue to trend upwards. WHAT IS CYBERSECURITY? Twenty years ago businesses did not think twice about cyber security. In a world of mainframes and dumb terminals with no connectivity to anything outside, viruses, malware, and hacking was unheard of, however, with the introduction of the Internet things have now changed. The term cyber security is getting more and more mixed usage lately, so much so that it is almost as ambiguous as the term "cloud". Cyber security, referred to as information technology security, is the focus on protecting computers, networks, programs, and data from unintended or unauthorized access, change, or destruction. Cyber security also encompasses ten different security domains. The following domains provide a foundation for security practices and principles: • Access Control - to maintain information confidentiality, integrity, and availability, it is important to control access to information. Access controls prevent unauthorized users from retrieving, using, or altering information. They are...
Words: 1611 - Pages: 7
