Ebook Information security management principles (second edition, Volume 6): Part 2
➤ Gửi thông báo lỗi ⚠️ Báo cáo tài liệu vi phạmNội dung chi tiết: Ebook Information security management principles (second edition, Volume 6): Part 2
Ebook Information security management principles (second edition, Volume 6): Part 2
5 TECHNICAL SECURITY CONTROLSIn this chapter we discuss in more detail the technical controls that are implemented to provide protection against secur Ebook Information security management principles (second edition, Volume 6): Part 2 rity incidents. This includes the detection, prevention and mitigation of such incidents.There are three main types of control:•physical, for example locks on doors and secure cabinets:•procedural, for example checking references for job applicants;•product and technical controls, for example passwo Ebook Information security management principles (second edition, Volume 6): Part 2 rds or encryption.Of these, the product and technical controls are perhaps the most important in terms of information security since they are often thEbook Information security management principles (second edition, Volume 6): Part 2
e last barrier to illegal or unauthorized activity. As mentioned in Chapter 4. we deal here with mainly generic controls because the more detailed inf5 TECHNICAL SECURITY CONTROLSIn this chapter we discuss in more detail the technical controls that are implemented to provide protection against secur Ebook Information security management principles (second edition, Volume 6): Part 2 tion is to provide the reader with the basic knowledge needed to put in place effective controls to manage the risks from malicious software. Once completed, the reader should have an understanding of each of the following concepts.Types of malicious softwareThe topic of malicious software is very l Ebook Information security management principles (second edition, Volume 6): Part 2 arge and could easily fill a book of its own. In this section the barest basics are described and enough information is given to allow the reader to cEbook Information security management principles (second edition, Volume 6): Part 2
ontinue their studies elsewhere if they so wish. Malware (from MALicious softWARE), as it is often known, is one of the largest threats to the users a5 TECHNICAL SECURITY CONTROLSIn this chapter we discuss in more detail the technical controls that are implemented to provide protection against secur Ebook Information security management principles (second edition, Volume 6): Part 2 counter that threat, are essential for most information assurance practitioners.A simple definition of malware would be something like:An unauthorised piece of code that installs and runs itself on a computer without the knowledge or permission of the owner. It then conducts data processing and othe Ebook Information security management principles (second edition, Volume 6): Part 2 r operations that benefit the originator, usually at the expense of the system users or the recipient of the output from the malware.The traditional iEbook Information security management principles (second edition, Volume 6): Part 2
dea of malware is the virus that infects your computer, attempts to spread itself to others, then trashes the contents of your hard disk or displays a5 TECHNICAL SECURITY CONTROLSIn this chapter we discuss in more detail the technical controls that are implemented to provide protection against secur Ebook Information security management principles (second edition, Volume 6): Part 2 in emphasis now is not on ‘spreading chaos while gaining kudos’, it is about money. The FBI announced that, for the first time ever in 2006, organised crime gangs in America made more money from cybercrime than they did from dealing in drugs. It is big business in many pans of eastern Europe and the Ebook Information security management principles (second edition, Volume 6): Part 2 far east too. The chances of being caught are much lower than for drugs operations and the sentences, if convicted, lend to be much shorter.The old mEbook Information security management principles (second edition, Volume 6): Part 2
alware writers wanted you to know that they had succeeded in infecting your machine; now it is changed round completely. The vast majority of modern w5 TECHNICAL SECURITY CONTROLSIn this chapter we discuss in more detail the technical controls that are implemented to provide protection against secur Ebook Information security management principles (second edition, Volume 6): Part 2 wing major categories depending on their payload.Viruses. These cannot spread on their own. The}' need to be attached to another piece of data or program to reach and infect another computer. They are often triggered by opening an email attachment or executable or received by email or on removable m Ebook Information security management principles (second edition, Volume 6): Part 2 edia such as CD or USB stick.Worms. The difference between a worm and a virus is that worms contain the code needed to spread themselves without any uEbook Information security management principles (second edition, Volume 6): Part 2
ser action. They will seek out other computers on any networks the}’ can find and can spread very quickly. It is estimated that the Slammer worm infec5 TECHNICAL SECURITY CONTROLSIn this chapter we discuss in more detail the technical controls that are implemented to provide protection against secur Ebook Information security management principles (second edition, Volume 6): Part 2 operating system and attempt to make themselves invisible both to the user and to the software designed to find and remove malware. They are insidious in that they still perform dll tasks that the user requests, but they often make copies of sensitive data such as passwords, account details and logi Ebook Information security management principles (second edition, Volume 6): Part 2 ns and then send them to another computer, often to enable financial fraud such as identity theft.Back doors. The idea of the back door is to do justEbook Information security management principles (second edition, Volume 6): Part 2
as it says. It provides a means tor a third part}- to access the computer and use it for their own purposes without having to carry out the normal aut5 TECHNICAL SECURITY CONTROLSIn this chapter we discuss in more detail the technical controls that are implemented to provide protection against secur Ebook Information security management principles (second edition, Volume 6): Part 2 C - Internet Relay Chat - channels) of the attacker. It can then be used to distribute spam or act as part of a distributed Denial of Service attack on a third parly that cannot easily or quickly be traced back to the attacker.Spyware. A common example of this is the use of cookies by websites. Some Ebook Information security management principles (second edition, Volume 6): Part 2 are designed to be permanent and to track and report the web usage back to a third pally without the knowledge of the user. They can also log keystroEbook Information security management principles (second edition, Volume 6): Part 2
kes and look for specific information such as bank account or auction site login credentials. They have been known to install diallers that call premi5 TECHNICAL SECURITY CONTROLSIn this chapter we discuss in more detail the technical controls that are implemented to provide protection against secur Ebook Information security management principles (second edition, Volume 6): Part 2 imate service, and freeware is often offered as a means of gelling a user to install spy ware.Trojans. The Trojan is the hackers’ ‘weapon of choice’ today. Far more successful attacks use Trojans than any other attack vector. These arc often disguised as another piece of software or are hidden insid Ebook Information security management principles (second edition, Volume 6): Part 2 e compromised copies or other programs that users arc lured into downloading and running. They often successfully avoid security countermeasures becauEbook Information security management principles (second edition, Volume 6): Part 2
se users lend to have accounts with administrator privileges that allow the Trojan to run.Another very successful infection route is through compromis5 TECHNICAL SECURITY CONTROLSIn this chapter we discuss in more detail the technical controls that are implemented to provide protection against secur Ebook Information security management principles (second edition, Volume 6): Part 2 k on any buttons or links on the page. Simply going to an infected web page can be enough. More and more groups, criminal and otherwise, are writing increasingly sophisticated Trojans to attack computers in order to extract data, particularly via web protocols, where the malware scanning technology Ebook Information security management principles (second edition, Volume 6): Part 2 is often much weaker than the emailcountermeasures.Active content. This is the means by which a Trojan is often downloaded to a computer running the vEbook Information security management principles (second edition, Volume 6): Part 2
iewing browser. Modern web applications use active code such as Flash. Java, ActiveX and even mime headers to perform complex tasks within the web pag5 TECHNICAL SECURITY CONTROLSIn this chapter we discuss in more detail the technical controls that are implemented to provide protection against secur Ebook Information security management principles (second edition, Volume 6): Part 2 er. If the right level of security is not set in the browser policies, the compromised code will install and run itself on the target without the user having any knowledge of it happening. A typical attack is where a banner advert runs on a well-respected and heavily used website, with the code for Ebook Information security management principles (second edition, Volume 6): Part 2 the banner being supplied by a third-party advertiser. The attacker subverts the third party and adds the Trojan into the banner code. People view theEbook Information security management principles (second edition, Volume 6): Part 2
website, thinking it trustworthy because of the reputation of the organisation, little realising that the advertising hosted there is busy trying to 5 TECHNICAL SECURITY CONTROLSIn this chapter we discuss in more detail the technical controls that are implemented to provide protection against secur Ebook Information security management principles (second edition, Volume 6): Part 2 ng a piece of malware on a computer is a cause for concern and should be investigated without delay. It should also be noted that malware is actively and very widely spread: it is not a case of if you receive some malware, but when and how often. It is almost inevitable.Zero day exploitsNo matter ho Ebook Information security management principles (second edition, Volume 6): Part 2 w good and comprehensive the defences that are in place, there is always a possibility that a new form of attack can get through them.Hackers talk aboEbook Information security management principles (second edition, Volume 6): Part 2
ut ‘zero day exploits’. These are ones that have yet to come to the attention of the companies selling anti-virus and firewall products, so they have 5 TECHNICAL SECURITY CONTROLSIn this chapter we discuss in more detail the technical controls that are implemented to provide protection against secur Ebook Information security management principles (second edition, Volume 6): Part 2 t the updates contain. Some products are better than others in spotting types of behaviour and their analytical tools can identify many new versions of malware because they exhibit behaviour that is known to be unacceptable or has similar code to that found in other known malware. There is even a tr Ebook Information security management principles (second edition, Volume 6): Part 2 ade in zero dayexploits, with hackers selling the knowledge to others. Some zero day exploits for the latest version of a very well-known PC operatingEbook Information security management principles (second edition, Volume 6): Part 2
system were on sale for US$400 not long after the beta version was released.Routes of infectionMost of the routes have already been mentioned in passGọi ngay
Chat zalo
Facebook