Add to collection(s) Add to saved
  1. No category
Uploaded by Anthony Debs

study viewer

advertisement 
Professor Messer’s
SY0-601 CompTIA
Security+ Course Notes
James “Professor” Messer
hƩp://www.ProfessorMesser.com
Professor Messer’s SY0-601 CompTIA Security+ Course Notes
WriƩen by James “Professor” Messer
Copyright © 2020 by Messer Studios, LLC
hƩp://www.ProfessorMesser.com
All rights reserved. No part of this book may be reproduced or transmiƩed in any form or by any means,
electronic or mechanical, including photocopying, recording, or by any informaƟon storage and retrieval
system, without wriƩen permission from the publisher.
First EdiƟon: November 2020
This is version 1.05
Trademark Acknowledgments
All product names and trademarks are the property of their respecƟve owners,
and are in no way associated or aĸliated with Messer Studios, LLC.
“Professor Messer” is a registered trademark of Messer Studios LLC.
“CompTIA” and “Security+” are registered trademarks of CompTIA, Inc.
Warning and Disclaimer
This book is designed to provide informaƟon about the CompTIA SY0-601 Security+ cerƟĮcaƟon exam.
However, there may be typographical and/or content errors. Therefore, this book should serve only as a
general guide and not as the ulƟmate source of subject informaƟon. The author shall have no liability or
responsibility to any person or enƟty regarding any loss or damage incurred, or alleged to have incurred,
directly or indirectly, by the informaƟon contained in this book.
Contents
1.0 - AƩacks, Threats, and VulnerabiliƟes
1.1 - Phishing
1.1 - ImpersonaƟon
1.1 - Dumpster Diving
1.1 - Shoulder SurĮng
1.1 - Hoaxes
1.1 - Watering Hole AƩacks
1.1 - Spam
1.1 - InŇuence Campaigns
1.1 - Other Social Engineering AƩacks
1.1 - Principles of Social Engineering
1.2 - An Overview of Malware
1.2 - Viruses and Worms
1.2 - Ransomware and Crypto-malware
1.2 - Trojans and RATs
1.2 - Rootkits
1.2 - Spyware
1.2 - Bots and Botnets
1.2 - Logic Bombs
1.2 - Password AƩacks
1.2 - Physical AƩacks
1.2 - Adversarial ArƟĮcial Intelligence
1.2 - Supply Chain AƩacks
1.2 - Cloud-based vs. On-Premises AƩacks
1.2 - Cryptographic AƩacks
1.3 - Privilege escalaƟon
1.3 - Cross-site ScripƟng
1.3 - InjecƟon AƩacks
1.3 - Buīer OverŇows
1.3 - Replay AƩacks
1.3 - Request Forgeries
1.3 - Driver ManipulaƟon
1.3 - SSL Stripping
1.3 - Race CondiƟons
1.3 - Other ApplicaƟon AƩacks
1.4 - Rogue Access Points and Evil Twins
1.4 - Bluejacking and BluesnarĮng
1.4 - Wireless DisassociaƟon AƩacks
1.4 - Wireless Jamming
1.4 - RFID and NFC AƩacks
1.4 - Randomizing Cryptography
1.4 - On-Path AƩacks
1.4 - MAC Flooding and Cloning
1.4 - DNS AƩacks
1.4 - Denial of Service
1
1
1
2
2
3
3
3
4
4
5
5
6
7
7
8
8
8
9
9
10
11
11
12
12
12
13
13
14
14
15
16
17
17
18
19
19
19
20
20
20
21
21
21
22
1.4 - Malicious Scripts
1.5 - Threat Actors
1.5 - AƩack Vectors
1.5 - Threat Intelligence
1.5 - Threat Research
1.6 - Vulnerability Types
1.6 - Third-party Risks
1.6 - Vulnerability Impacts
1.7 - Threat HunƟng
1.7 - Vulnerability Scans
1.7 - Security InformaƟon and Event Management
1.8 - PenetraƟon TesƟng
1.8 - Reconnaissance
1.8 - Security Teams
2.0 - Architecture and Design
2.1 - ConĮguraƟon Management
2.1 - ProtecƟng Data
2.1 - Data Loss PrevenƟon
2.1 - Managing Security
2.1 - Site Resiliency
2.1 - Honeypots and DecepƟon
2.2 - Cloud Models
2.2 - Edge and Fog CompuƟng
2.2 - Designing the Cloud
2.2 - Infrastructure as Code
2.2 - VirtualizaƟon Security
2.3 - Secure Deployments
2.3 - Provisioning and Deprovisioning
2.3 - Secure Coding Techniques
2.3 - SoŌware Diversity
2.3 - AutomaƟon and ScripƟng
2.4 - AuthenƟcaƟon Methods
2.4 - Biometrics
2.4 - MulƟ-factor AuthenƟcaƟon
2.5 - Disk Redundancy
2.5 - Network Redundancy
2.5 - Power Redundancy
2.5 - ReplicaƟon
2.5 - Backup Types
2.5 - Resiliency
2.6 - Embedded Systems
2.6 - Embedded Systems CommunicaƟon
2.6 - Embedded Systems Constraints
2.7 - Physical Security Controls
2.7 - Secure Areas
23
23
24
25
26
27
28
29
30
30
31
32
32
33
33
33
34
35
35
36
37
37
38
39
40
41
41
42
42
43
44
44
45
46
47
47
47
48
48
49
50
51
52
52
54
2.7 - Secure Data DestrucƟon
2.8 - Cryptography Concepts
2.8 - Symmetric and Asymmetric Cryptography
2.8 - Hashing and Digital Signatures
2.8 - Cryptographic Keys
2.8 - Steganography
2.8 - Quantum CompuƟng
2.8 - Stream and Block Ciphers
2.8 - Blockchain Technology
2.8 - Cryptography Use Cases
2.8 - Cryptography LimitaƟons
3.0 - ImplementaƟon
3.1 - Secure Protocols
3.2 - Endpoint ProtecƟon
3.2 - Boot Integrity
3.2 - Database Security
3.2 - ApplicaƟon Security
3.2 - ApplicaƟon Hardening
3.3 - Load Balancing
3.3 - Network SegmentaƟon
3.3 - Virtual Private Networks
3.3 - Port Security
3.3 - Secure Networking
3.3 - Firewalls
3.3 - Network Access Control
3.3 - Proxies
3.3 - Intrusion PrevenƟon
3.3 - Other Network Appliances
3.4 - Wireless Cryptography
3.4 - Wireless AuthenƟcaƟon Methods
3.4 - Wireless AuthenƟcaƟon Protocols
3.4 - Installing Wireless Networks
3.5 - Mobile Networks
3.5 - Mobile Device Management
3.5 - Mobile Device Security
3.5 - Mobile Device Enforcement
3.5 - Mobile Deployment Models
3.6 - Cloud Security Controls
3.6 - Securing Cloud Storage
3.6 - Securing Cloud Networks
3.6 - Securing Compute Clouds
3.6 - Cloud Security SoluƟons
3.7 - IdenƟty Controls
3.7 - Account Types
3.7 - Account Policies
55
55
56
57
58
59
59
60
61
62
63
63
63
65
65
66
67
68
69
69
70
73
74
75
76
76
77
78
79
79
80
81
82
83
84
85
86
86
87
87
88
88
89
89
90
3.8 - AuthenƟcaƟon Management
3.8 - PAP and CHAP
3.8 - IdenƟty and Access Services
3.8 - Federated IdenƟƟes
3.8 - Access Control
3.9 - Public Key Infrastructure
3.9 - CerƟĮcates
3.9 - CerƟĮcate Formats
3.9 - CerƟĮcate Concepts
4.0 - OperaƟons and Incident Response
4.1 - Reconnaissance Tools
4.1 - File ManipulaƟon Tools
4.1 - Shell and Script Environments
4.1 - Packet Tools
4.1 - Forensic Tools
4.2 - Incident Response Process
4.2 - Incident Response Planning
4.2 - AƩack Frameworks
4.3 - Vulnerability Scan Output
4.3 - SIEM Dashboards
4.3 - Log Įles
4.3 - Log Management
4.4 - Endpoint Security ConĮguraƟon
4.4 - Security ConĮguraƟons
4.5 - Digital Forensics
4.5 - Forensics Data AcquisiƟon
4.5 - On-Premises vs. Cloud Forensics
4.5 - Managing Evidence
5.0 - Governance, Risk, and Compliance
5.1 - Security Controls
5.2 - Security RegulaƟons and Standards
5.2 - Security Frameworks
5.2 - Secure ConĮguraƟons
5.3 - Personnel Security
5.3 - Third-party Risk Management
5.3 - Managing Data
5.3 - CredenƟal Policies
5.3 - OrganizaƟonal Policies
5.4 - Risk Management Types
5.4 - Risk Analysis
5.4 - Business Impact Analysis
5.5 - Privacy and Data Breaches
5.5 - Data ClassiĮcaƟons
5.5 - Enhancing privacy
5.5 - Data Roles and ResponsibiliƟes
91
91
92
93
93
94
95
96
97
98
98
99
100
100
101
101
103
104
104
105
105
106
107
107
108
109
110
111
111
111
112
112
113
114
115
116
116
117
117
118
119
119
120
120
121
IntroducƟon
InformaƟon technology security is a signiĮcant concern for every IT specialist. Our systems are under
constant aƩack, and the next generaƟon of security professionals will be at the forefront of keeping our
criƟcal informaƟon safe.
CompTIA’s Security+ exam tests you on the speciĮcs of network security, vulnerabiliƟes and threats,
cryptography, and much more. I’ve created these Course Notes to help you through the details that you need
to know for the exam. Best of luck with your studies!
- Professor Messer
The CompTIA Security+ cerƟĮcaƟon
To earn the Security+ cerƟĮcaƟon, you must pass a single SY0-601 cerƟĮcaƟon exam. The exam is 90 minutes
in duraƟon and includes both mulƟple choice quesƟons and performance-based quesƟons. Performancebased quesƟons can include Įll-in-the-blank, matching, sorƟng, and simulated operaƟonal environments.
You will need to be very familiar with the exam topics to have the best possible exam results.
Here’s the breakdown of each technology secƟon and the percentage of each topic on the SY0-601 exam:
SecƟon 1.0 - AƩacks, Threats, and VulnerabiliƟes - 24%
SecƟon 2.0 - Architecture and Design - 21%
SecƟon 3.0 - ImplementaƟon - 25%
SecƟon 4.0 - OperaƟons and Incident Response - 16%
SecƟon 5.0 - Governance, Risk, and Compliance - 14%
CompTIA provides a detailed set of exam objecƟves that provide a list of everything you need to know before
you take your exam. You can Įnd a link to the exam objecƟves here:
hƩps://professormesser.com/objecƟves/
How to use this book
Once you’re comfortable with all of the secƟons in the oĸcial CompTIA SY0-601 exam objecƟves, you can
use these notes as a consolidated summary of the most important topics. These Course Notes follow the
same format and numbering scheme as the exam objecƟves, so it should be easy to cross reference these
notes with the Professor Messer video series and all of your other study materials. The CompTIA Security+
video training series can be found on the Professor Messer website at hƩps://ProfessorMesser.com.
Professor Messer’s
CompTIA Security+
SY0-601 Course Notes
hƩp://www.ProfessorMesser.com
1.1 - Phishing
Phishing
• Social engineering with a touch of spooĮng
– OŌen delivered by email, text, etc.
– Very remarkable when well done
• Don’t be fooled
– Check the URL
• Usually there’s something not quite right
– Spelling, fonts, graphics
Tricks and misdirecƟon
• How are they so successful?
– Digital slight of hand - it fools the best of us
• Typosquaƫng
– A type of URL hijacking - hƩps://professormessor.com
– Prepending: hƩps://pprofessormesser.com
• PretexƟng
– Lying to get informaƟon
– AƩacker is a character in a situaƟon they create
– Hi, we’re calling from Visa regarding an automated
payment to your uƟlity service…
Pharming
• Redirect a legit website to a bogus site
– Poisoned DNS server or client vulnerabiliƟes
• Combine pharming with phishing
– Pharming - Harvest large groups of people
– Phishing - Collect access credenƟals
• Diĸcult for anƟ-malware soŌware to stop
– Everything appears legiƟmate to the user
Phishing with diīerent bait
• Vishing (Voice phishing) is done
over the phone or voicemail
– Caller ID spooĮng is common
– Fake security checks or bank updates
• Smishing (SMS phishing) is done by text message
– SpooĮng is a problem here as well
– Forwards links or asks for personal informaƟon
• VariaƟons on a theme
– The fake check scam, phone veriĮcaƟon code scam,
– Boss/CEO scam, advance-fee scam
– Some great summaries on
hƩps://reddit.com/r/Scams
Finding the best spot to phish
• Reconnaissance
– Gather informaƟon on the vicƟm
• Background informaƟon
– Lead generaƟon sites
– LinkedIn, TwiƩer, Facebook, Instagram
– Corporate web site
• AƩacker builds a believable pretext
– Where you work
– Where you bank
– Recent Įnancial transacƟons
– Family and friends
Spear phishing
• Targeted phishing with inside informaƟon
– Makes the aƩack more believable
• Spear phishing the CEO is “whaling”
– Targeted phishing with the possibility of a large catch
– The CFO (Chief Financial Oĸcer) is commonly speared
• These execuƟves have direct access to
the corporate bank account
– The aƩackers would love to have those credenƟals
1.1 - ImpersonaƟon
The pretext
• Before the aƩack, the trap is set
– There’s an actor and a story
• “Hello sir, my name is Wendy and I’m from MicrosoŌ
Windows. This is an urgent check up call for your
computer as we have found several problems with it.”
• Voice mail: “This is an enforcement acƟon executed by
the US Treasury intending your serious aƩenƟon.”
• “CongratulaƟons on your excellent payment history! You
now qualify for 0% interest rates on all of your credit
card accounts.”
© 2020 Messer Studios, LLC
ImpersonaƟon
• AƩackers pretend to be someone they aren’t
– Halloween for the fraudsters
• Use some of those details from reconnaissance
– You can trust me, I’m with your help desk
• AƩack the vicƟm as someone higher in rank
– Oĸce of the Vice President for Scamming
• Throw tons of technical details around
– Catastrophic feedback due to the
depolarizaƟon of the diīerenƟal magnetometer
• Be a buddy
– How about those Cubs?
Professor Messer’s CompTIA SY0-601 Security+ Course Notes - Page 1
Ʃp
Profe orMe er.com
1.1 - ImpersonaƟon (conƟnued)
EliciƟng informaƟon
• ExtracƟng informaƟon from the vicƟm
– The vicƟm doesn’t even realize this is happening
– Hacking the human
• OŌen seen with vishing (Voice Phishing)
– Can be easier to get this informaƟon over the phone
• These are well-documented psychological techniques
– They can’t just ask, “So, what’s your password?”
IdenƟty fraud
• Your idenƟty can be used by others
– Keep your personal informaƟon safe!
• Credit card fraud
– Open an account in your name, or use your credit card informaƟon
• Bank fraud
– AƩacker gains access to your account or opens a new account
• Loan fraud
– Your informaƟon is used for a loan or lease
• Government beneĮts fraud
– AƩacker obtains beneĮts on your behalf
Protect against impersonaƟon
• Never volunteer informaƟon
– My password is 12345
• Don’t disclose personal details
– The bad guys are tricky
• Always verify before revealing info
– Call back, verify through 3rd parƟes
• VeriĮcaƟon should be encouraged
– Especially if your organizaƟon owns
valuable informaƟon
1.1 - Dumpster Diving
Dumpster diving
• Mobile garbage bin
– United States brand name “Dumpster”
– Similar to a rubbish skip
• Important informaƟon thrown out with the trash
– Thanks for bagging your garbage for me!
• Gather details that can be used for a diīerent aƩack
– Impersonate names, use phone numbers
• Timing is important
– Just aŌer end of month, end of quarter
– Based on pickup schedule
Is it legal to dive in a dumpster?
• I am not a lawyer.
– In the United States, it’s legal
– Unless there’s a local restricƟon
• If it’s in the trash, it’s open season
– Nobody owns it
• Dumpsters on private property or “No Trespassing”
signs may be restricted
– You can’t break the law to get to the rubbish
• QuesƟons? Talk to a legal professional.
Protect your rubbish
• Secure your garbage
– Fence and a lock
• Shred your documents
– This will only go so far
– Governments burn the good stuī
• Go look at your trash
– What’s in there?
1.1 - Shoulder SurĮng
Shoulder surĮng
• You have access to important informaƟon
– Many people want to see
– Curiosity, industrial espionage, compeƟƟve advantage
• This is surprisingly easy
– Airports / Flights
– Hallway-facing monitors
– Coīee shops
• Surf from afar
– Binoculars / Telescopes
– Easy in the big city
– Webcam monitoring
© 2020 Messer Studios, LLC
• PrevenƟng shoulder surĮng
• Control your input
– Be aware of your surroundings
• Use privacy Įlters
– It’s amazing how well they work
• Keep your monitor out of sight
– Away from windows and hallways
• Don’t sit in front of me on your Ňight
– I can’t help myself
Professor Messer’s CompTIA SY0-601 Security+ Course Notes - Page 2
Ʃp
Profe orMe er.com
1.1 - Hoaxes
Computer hoaxes
• A threat that doesn’t actually exist
– But they seem like they COULD be real
• SƟll oŌen consume lots of resources
– Forwarded email messages, printed memorandums, wasted Ɵme
• OŌen an email
– Or Facebook wall post, or tweet, or...
• Some hoaxes will take your money
– But not through electronic means
• A hoax about a virus can waste as much Ɵme as a regular virus
De-hoaxing
• It’s the Internet. Believe no one.
– Consider the source
• Cross reference
– hƩp://www.hoax-slayer.net
– hƩp://www.snopes.com
• Spam Įlters can help
– There are so many other ways...
• If it sounds too good to be true...
– So many sad stories
1.1 - Watering Hole AƩacks
Watering Hole AƩack
• What if your network was really secure?
– You didn’t even plug in that USB key
from the parking lot
• The aƩackers can’t get in
– Not responding to phishing emails
– Not opening any email aƩachments
• Have the mountain come to you
– Go where the mountain hangs out
– The watering hole
– This requires a bit of research
ExecuƟng the watering hole aƩack
• Determine which website the vicƟm group uses
– Educated guess - Local coīee or sandwich shop
– Industry-related sites
• Infect one of these third-party sites
– Site vulnerability
– Email aƩachments
• Infect all visitors
– But you’re just looking for speciĮc vicƟms
– Now you’re in!
Because that’s where the money is
• January 2017
• Polish Financial Supervision Authority, NaƟonal Banking
and Stock Commission of Mexico, State-owned
bank in Uruguay
– The watering hole was suĸciently poisoned
• VisiƟng the site would download malicious JavaScript Įles
– But only to IP addresses matching banks and
other Įnancial insƟtuƟons
• Did the aƩack work?
– We sƟll don’t know
Watching the watering hole
• Defense-in-depth
– Layered defense
– It’s never one thing
• Firewalls and IPS
– Stop the network traĸc before things get bad
• AnƟ-virus / AnƟ-malware signature updates
– The Polish Financial Supervision Authority aƩack code
was recognized and stopped by generic signatures in
Symantec’s anƟ-virus soŌware
1.1 - Spam
Spam
• Unsolicited messages
– Email, forums, etc.
– Spam over Instant Messaging (SPIM)
• Various content
– Commercial adverƟsing
– Non-commercial proselyƟzing
– Phishing aƩempts
• SigniĮcant technology issue
– Security concerns
– Resource uƟlizaƟon
– Storage costs
– Managing the spam
© 2020 Messer Studios, LLC
Mail gateways
• Unsolicited email
– Stop it at the gateway before it reaches the user
– On-site or cloud-based
IdenƟfying spam
• Allowed list
– Only receive email from trusted senders
• SMTP standards checking
– Block anything that doesn’t follow RFC standards
• rDNS - Reverse DNS
– Block email where the sender’s domain doesn’t match the IP
address
• Tarpiƫng
– IntenƟonally slow down the server conversaƟon
• Recipient Įltering
– Block all email not addressed to a valid recipient email address
Professor Messer’s CompTIA SY0-601 Security+ Course Notes - Page 3
Ʃp
Profe orMe er.com
1.1 - InŇuence Campaigns
Hacking public opinion
• InŇuence campaigns
– Sway public opinion on poliƟcal and social issues
• NaƟon-state actors
– Divide, distract, and persuade
• AdverƟsing is an opƟon
– Buy a voice for your opinion
• Enabled through Social media
– CreaƟng, sharing, liking
– AmpliĮcaƟon
Hybrid warfare
• Military strategy
– A broad descripƟon of the techniques
– Wage war non-tradiƟonally
• Not a new concept
– The Internet adds new methods
• Cyberwarfare
– AƩack an enƟty with technology
• InŇuence with a military spin
– InŇuencing foreign elecƟons
– “Fake news”
1.1 - Other Social Engineering AƩacks
TailgaƟng
• Use an authorized person to gain unauthorized
access to a building
– Not an accident
• Johnny Long / No Tech Hacking
– Blend in with clothing
– 3rd-party with a legiƟmate reason
– Temporarily take up smoking
– I sƟll prefer bringing doughnuts
• Once inside, there’s liƩle to stop you
– Most security stops at the border
Watching for tailgaƟng
• Policy for visitors
– You should be able to idenƟfy anyone
• One scan, one person
– A maƩer of policy or mechanically required
• Mantrap / Airlock
– You don’t have a choice
• Don’t be afraid to ask
– Who are you and why are you here?
© 2020 Messer Studios, LLC
Invoice scams
• Starts with a bit of spear phishing
– AƩacker knows who pays the bills
• AƩacker sends a fake invoice
– Domain renewal, toner cartridges, etc.
– From: address is a spoofed version of the CEO
• AccounƟng pays the invoice
– It was from the CEO, aŌer all
• Might also include a link to pay
– Now the aƩacker has payment details
CredenƟal harvesƟng
• Also called password harvesƟng
– AƩackers collect login credenƟals
• There are a lot of stored credenƟals on your computer
– The aƩacker would like those
– Chrome, Firefox, Outlook, Windows CredenƟal Manager, etc.
• User receives an email with a malicious MicrosoŌ Word doc
– Opening the document runs a macro
– The macro downloads credenƟal-harvesƟng malware
• User has no idea
– Everything happens in the background
Professor Messer’s CompTIA SY0-601 Security+ Course Notes - Page 4
Ʃp
Profe orMe er.com
1.1 - Principles of Social Engineering
EīecƟve social engineering
• Constantly changing
– You never know what they’ll use next
• May involve mulƟple people
– And mulƟple organizaƟons
– There are Ɵes connecƟng many organizaƟons
• May be in person or electronic
– Phone calls from aggressive “customers”
– Emailed funeral noƟĮcaƟons of a friend or associate
Social engineering principles
• Authority
– The social engineer is in charge
– I’m calling from the help desk/oĸce of the CEO/police
• InƟmidaƟon
– There will be bad things if you don’t help
– If you don’t help me, the payroll checks
won’t be processed
• Consensus / Social proof
– Convince based on what’s normally expected
– Your co-worker Jill did this for me last week
• Scarcity
– The situaƟon will not be this way for long
– Must make the change before Ɵme expires
• Urgency
– Works alongside scarcity
– Act quickly, don’t think
• Familiarity / Liking
– Someone you know, we have common friends
• Trust
– Someone who is safe
– I’m from IT, and I’m here to help
How I Lost My $50,000 TwiƩer Username
• Naoki Hiroshima - @N
– hƩps://professormesser.link/twiƩername
• AƩacker calls PayPal and uses social engineering to get
the last four digits of the credit card on Įle
• AƩacker calls GoDaddy and tells them he lost the card,
so he can’t properly validate. But he has the last four,
does that help?
– GoDaddy let the bad guy guess the Įrst
two digits of the card
– He was allowed to keep guessing unƟl he got it right
– Social engineering done really, really well
How to steal a $50,000 TwiƩer name
• AƩacker is now in control of every domain name
– And there were some good ones
• AƩacker extorts a swap
– Domain control for @N
– Owner agrees
• TwiƩer reviewed the case for a month
– Eventually restored access to @N
• How I Lost My $50,000 TwiƩer Username
– hƩps://professormesser.link/twiƩername
1.2 - An Overview of Malware
Malware
• Malicious soŌware
– These can be very bad
• Gather informaƟon
– Keystrokes
• ParƟcipate in a group
– Controlled over the ‘net
• Show you adverƟsing
– Big money
• Viruses and worms
– Encrypt your data
– Ruin your day
Malware Types and Methods
• Viruses
• Crypto-malware
• Ransomware
• Worms
• Trojan Horse
© 2020 Messer Studios, LLC
• Rootkit
• Keylogger
• Adware/Spyware
• Botnet
How you get malware
• These all work together
– A worm takes advantage of a vulnerability
– Installs malware that includes a remote access
backdoor
– Bot may be installed later
• Your computer must run a program
– Email link - Don’t click links
– Web page pop-up
– Drive-by download
– Worm
• Your computer is vulnerable
– OperaƟng system - Keep your OS updated!
– ApplicaƟons - Check with the publisher
Professor Messer’s CompTIA SY0-601 Security+ Course Notes - Page 5
Ʃp
Profe orMe er.com
1.2 - Viruses and Worms
Virus
• Malware that can reproduce itself
– It needs you to execute a program
• Reproduces through Įle systems or the network
– Just running a program can spread a virus
• May or may not cause problems
– Some viruses are invisible, some are annoying
• AnƟ-virus is very common
– Thousands of new viruses every week
– Is your signature Įle updated?
Virus types
• Program viruses
– It’s part of the applicaƟon
• Boot sector viruses
– Who needs an OS?
• Script viruses
– OperaƟng system and browser-based
• Macro viruses
– Common in MicrosoŌ Oĸce
Fileless virus
• A stealth aƩack
– Does a good job of avoiding anƟ-virus detecƟon
• Operates in memory
– But never installed in a Įle or applicaƟon
Fileless virus
infecƟon process
Worms
• Malware that self-replicates
– Doesn’t need you to do anything
– Uses the network as a transmission medium
– Self-propagates and spreads quickly
1
• Worms are preƩy bad things
– Can take over many systems very quickly
• Firewalls and IDS/IPS can miƟgate
many worm infestaƟons
– Doesn’t help much once the worm gets inside
2
Infected computer
searches for
vulnerable system
Vulnerable
computer
is exploited
3
© 2020 Messer Studios, LLC
Professor Messer’s CompTIA SY0-601 Security+ Course Notes - Page 6
Ʃp
Backdoor is
installed and
downloads worm
Profe orMe er.com
1.2 - Ransomware and Crypto-malware
Your data is valuable
• Personal data
– Family pictures and videos
– Important documents
• OrganizaƟon data
– Planning documents
– Employee personally idenƟĮable informaƟon (PII)
– Financial informaƟon
– Company private data
• How much is it worth?
– There’s a number
Ransomware
• The aƩackers want your money
– They’ll take your computer in the meanƟme
• May be a fake ransom
– Locks your computer “by the police”
• The ransom may be avoided
– A security professional may be able to remove
these kinds of malware
Crypto-malware
• A newer generaƟon of ransomware
– Your data is unavailable unƟl you provide cash
• Malware encrypts your data Įles
– Pictures, documents, music, movies, etc.
– Your OS remains available
– They want you running, but not working
• You must pay the bad guys to obtain the decrypƟon key
– Untraceable payment system
– An unfortunate use of public-key cryptography
ProtecƟng against ransomware
• Always have a backup
– An oŋine backup, ideally
• Keep your operaƟng system up to date
– Patch those vulnerabiliƟes
• Keep your applicaƟons up to date
– Security patches
• Keep your anƟ-virus/anƟ-malware signatures up to date
– New aƩacks every hour
• Keep everything up to date
1.2 - Trojans and RATs
Trojan horse
• Used by the Greeks to capture
– Troy from the Trojans
– A digital wooden horse
• SoŌware that pretends to be something else
– So it can conquer your computer
– Doesn’t really care much about replicaƟng
• Circumvents your exisƟng security
– AnƟ-virus may catch it when it runs
– The beƩer Trojans are built to avoid and disable AV
• Once it’s inside it has free reign
– And it may open the gates for other programs
PotenƟally Unwanted Program (PUP)
• IdenƟĮed by anƟ-virus/anƟ-malware
– PotenƟally undesirable soŌware
– OŌen installed along with other soŌware
• Overly aggressive browser toolbar
• A backup uƟlity that displays ads
• Browser search engine hijacker
Backdoors
• Why go through normal authenƟcaƟon methods?
– Just walk in the back door
• OŌen placed on your computer through malware
– Some malware soŌware can take advantage of
backdoors created by other malware
• Some soŌware includes a backdoor (oops)
– Old Linux kernel included a backdoor
– Bad soŌware can have a backdoor as part of the app
© 2020 Messer Studios, LLC
Remote Access Trojans (RATs)
• Remote AdministraƟon Tool
– The ulƟmate backdoor
– AdministraƟve control of a device
• Malware installs the server/service/host
– AƩacker connects with the client soŌware
• Control a device
– Key logging
– Screen recording /screenshots
– Copy Įles
– Embed more malware
ProtecƟng against Trojans and RATs
• Don’t run unknown soŌware
– Consider the consequences
• Keep anƟ-virus/anƟ-malware signatures updated
– There are always new aƩacks
• Always have a backup
– You may need to quickly recover
Professor Messer’s CompTIA SY0-601 Security+ Course Notes - Page 7
Ʃp
Profe orMe er.com
1.2 - Rootkits
Rootkits
• Originally a Unix technique
– The “root” in rootkit
• ModiĮes core system Įles
– Part of the kernel
• Can be invisible to the operaƟng system
– Won’t see it in Task Manager
• Also invisible to tradiƟonal anƟ-virus uƟliƟes
– If you can’t see it, you can’t stop it
Kernel drivers
• Zeus/Zbot malware
– Famous for cleaning out bank accounts
• Now combined with Necurs rootkit
– Necurs is a kernel-level driver
• Necurs makes sure you can’t delete Zbot
– Access denied
• Trying to stop the Windows process?
– Error terminaƟng process: Access denied
Finding and removing rootkits
• Look for the unusual
– AnƟ-malware scans
• Use a remover speciĮc to the rootkit
– Usually built aŌer the rootkit is discovered
• Secure boot with UEFI
– Security in the BIOS
1.2 - Spyware
Adware
• Your computer is one big adverƟsement
– Pop-ups with pop-ups
• May cause performance issues
– Especially over the network
• Installed accidentally
– May be included with other soŌware
• Be careful of soŌware that claims to remove adware
– Especially if you learned about it from a pop-up
Spyware
• Malware that spies on you
– AdverƟsing, idenƟty theŌ, aĸliate fraud
• Can trick you into installing
– Peer to peer, fake security soŌware
• Browser monitoring
– Capture surĮng habits
• Keyloggers - Capture every keystroke
– Send it back to the mother ship
Why is there so much adware and spyware?
• Money
– Your eyeballs are incredibly valuable
• Money
– Your computer Ɵme and bandwidth
is incredibly valuable
• Money
– Your bank account is incredibly valuable
– Yes, even your bank account
ProtecƟng against adware/spyware
• Maintain your anƟ-virus / anƟ-malware
– Always have the latest signatures
• Always know what you’re installing
– And watch your opƟons during the installaƟon
• Where’s your backup?
– You might need it someday
– Cleaning adware isn’t easy
• Run some scans - Malwarebytes
1.2 - Bots and Botnets
Bots (Robots)
• Once your machine is infected, it becomes a bot
– You may not even know
• How does it get on your computer?
– Trojan Horse (I just saw a funny video of you! Click here.) or...
– You run a program or click an ad you THOUGHT was legit,
but...
– OS or applicaƟon vulnerability
• A day in the life of a bot
– Sit around. Check in with the Command and Control (C&C)
server. Wait for instrucƟons.
© 2020 Messer Studios, LLC
Botnets
• A group of bots working together
– Nothing good can come from this
• Distributed Denial of service (DDoS)
– The power of many
• Relay spam, proxy network traĸc,
distributed compuƟng tasks
• Botnets are for sale
– Rent Ɵme from the botnet owner
– Not a long-term business proposiƟon
Professor Messer’s CompTIA SY0-601 Security+ Course Notes - Page 8
Ʃp
Profe orMe er.com
Related documents
COMPTIA EXAM INFO http://certification.comptia.org/getCertified
COMPTIA EXAM INFO http://certification.comptia.org/getCertified
prova
prova
Prof M Sec+ Course Notes
Prof M Sec+ Course Notes
Download
advertisement
Study collections