Eleventh Hour Security+: Exam SY0-201 Study Guide
()
About this ebook
- The only book keyed to the new SY0-201 objectives that has been crafted for last minute cramming
- Easy to find, essential material with no fluff – this book does not talk about security in general, just how it applies to the test
- Includes review of five toughest questions by topic - sure to improve your score
Ido Dubrawsky
Ido Dubrawsky (CISSP, CCNA, CCDA) is the Chief Security Advisor for Microsoft’s Communication Sector North America, a division of the Mobile and Embedded Devices Group. Prior to working at Microsoft, Ido was the acting Security Consulting Practice Lead at AT&T’s Callisma subsidiary and a Senior Security Consultant. Before joining AT&T, Ido was a Network Security Architect for Cisco Systems, Inc., SAFE Architecture Team. He has worked in the systems and network administration field for almost 20 years in a variety of environments from government to academia to private enterprise. He has a wide range of experience in various networks, from small to large and relatively simple to complex. Ido is the primary author of three major SAFE white papers and has written, and spoken, extensively on security topics. He is a regular contributor to the SecurityFocus website on a variety of topics covering security issues. Previously, he worked in Cisco Systems, Inc. Secure Consulting Group, providing network security posture assessments and consulting services for a wide range of clients. In addition to providing penetration-testing consultation, he also conducted security architecture reviews and policy and process reviews. He holds a B.Sc. and a M.Sc. in Aerospace Engineering from the University of Texas at Austin.
Read more from Ido Dubrawsky
CompTIA Security+ Certification Study Guide: Exam SY0-201 3E Rating: 0 out of 5 stars0 ratingsSecurity+ Study Guide Rating: 0 out of 5 stars0 ratingsHow to Cheat at Securing Your Network Rating: 0 out of 5 stars0 ratings
Related to Eleventh Hour Security+
Related ebooks
Security Engineering: CISSP, #3 Rating: 0 out of 5 stars0 ratingsSoftware Development Security: CISSP, #8 Rating: 0 out of 5 stars0 ratingsSecurity Assessment and Testing: CISSP, #6 Rating: 2 out of 5 stars2/5The Cloud Security Ecosystem: Technical, Legal, Business and Management Issues Rating: 0 out of 5 stars0 ratingsCyber Essentials: A Pocket Guide Rating: 5 out of 5 stars5/5CISSP in 21 Days - Second Edition Rating: 3 out of 5 stars3/5Enterprise Security: A Data-Centric Approach to Securing the Enterprise Rating: 0 out of 5 stars0 ratingsCISSP® Study Guide Rating: 3 out of 5 stars3/5CISSP Exam Study Guide: NIST Framework, Digital Forensics & Cybersecurity Governance Rating: 5 out of 5 stars5/5The Official (ISC)2 CCSP CBK Reference Rating: 0 out of 5 stars0 ratingsThe Information Systems Security Officer's Guide: Establishing and Managing a Cyber Security Program Rating: 0 out of 5 stars0 ratingsComputer Incident Response and Forensics Team Management: Conducting a Successful Incident Response Rating: 4 out of 5 stars4/5Building a Practical Information Security Program Rating: 5 out of 5 stars5/5Cyber Security: Essential principles to secure your organisation Rating: 0 out of 5 stars0 ratingsPCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance Rating: 5 out of 5 stars5/5Application Security in the ISO27001 Environment Rating: 0 out of 5 stars0 ratings(ISC)2 CCSP Certified Cloud Security Professional Official Study Guide Rating: 0 out of 5 stars0 ratingsFISMA and the Risk Management Framework: The New Practice of Federal Cyber Security Rating: 0 out of 5 stars0 ratingsThe Cyber Security Handbook – Prepare for, respond to and recover from cyber attacks Rating: 0 out of 5 stars0 ratingsFISMA Compliance Handbook: Second Edition Rating: 5 out of 5 stars5/5Techno Security's Guide to Securing SCADA: A Comprehensive Handbook On Protecting The Critical Infrastructure Rating: 0 out of 5 stars0 ratingsCybersecurity for Beginners : Learn the Fundamentals of Cybersecurity in an Easy, Step-by-Step Guide: 1 Rating: 0 out of 5 stars0 ratingsCompTIA Cloud+ Study Guide: Exam CV0-002 Rating: 0 out of 5 stars0 ratingsCISSP Study Guide Rating: 0 out of 5 stars0 ratingsCCISO A Complete Guide - 2021 Edition Rating: 1 out of 5 stars1/5PCI DSS: An Integrated Data Security Standard Guide Rating: 0 out of 5 stars0 ratingsPKI A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsSecurity and Risk Management: CISSP, #1 Rating: 5 out of 5 stars5/5NIST Cybersecurity Framework: A pocket guide Rating: 0 out of 5 stars0 ratings
Teaching Methods & Materials For You
Lies My Teacher Told Me: Everything Your American History Textbook Got Wrong Rating: 4 out of 5 stars4/5Jack Reacher Reading Order: The Complete Lee Child’s Reading List Of Jack Reacher Series Rating: 4 out of 5 stars4/5Dumbing Us Down - 25th Anniversary Edition: The Hidden Curriculum of Compulsory Schooling Rating: 4 out of 5 stars4/5Grit: The Power of Passion and Perseverance Rating: 4 out of 5 stars4/5Principles: Life and Work Rating: 4 out of 5 stars4/5Speed Reading: Learn to Read a 200+ Page Book in 1 Hour: Mind Hack, #1 Rating: 5 out of 5 stars5/5The Lost Tools of Learning Rating: 5 out of 5 stars5/5The Three Bears Rating: 5 out of 5 stars5/5The 5 Love Languages of Children: The Secret to Loving Children Effectively Rating: 4 out of 5 stars4/5Fluent in 3 Months: How Anyone at Any Age Can Learn to Speak Any Language from Anywhere in the World Rating: 3 out of 5 stars3/5Weapons of Mass Instruction: A Schoolteacher's Journey Through the Dark World of Compulsory Schooling Rating: 4 out of 5 stars4/5Inside American Education Rating: 4 out of 5 stars4/5Personal Finance for Beginners - A Simple Guide to Take Control of Your Financial Situation Rating: 5 out of 5 stars5/5Closing of the American Mind Rating: 4 out of 5 stars4/5Becoming Cliterate: Why Orgasm Equality Matters--And How to Get It Rating: 4 out of 5 stars4/5How to Take Smart Notes. One Simple Technique to Boost Writing, Learning and Thinking Rating: 4 out of 5 stars4/5Speed Reading: How to Read a Book a Day - Simple Tricks to Explode Your Reading Speed and Comprehension Rating: 4 out of 5 stars4/5A study guide for Frank Herbert's "Dune" Rating: 3 out of 5 stars3/5Financial Feminist: Overcome the Patriarchy's Bullsh*t to Master Your Money and Build a Life You Love Rating: 5 out of 5 stars5/5A Failure of Nerve: Leadership in the Age of the Quick Fix (10th Anniversary, Revised Edition) Rating: 4 out of 5 stars4/5The Chicago Guide to Grammar, Usage, and Punctuation Rating: 5 out of 5 stars5/5How To Be Hilarious and Quick-Witted in Everyday Conversation Rating: 5 out of 5 stars5/5Raising Human Beings: Creating a Collaborative Partnership with Your Child Rating: 4 out of 5 stars4/5Easy Spanish Stories For Beginners: 5 Spanish Short Stories For Beginners (With Audio) Rating: 3 out of 5 stars3/5The Call of the Wild and Free: Reclaiming the Wonder in Your Child's Education, A New Way to Homeschool Rating: 4 out of 5 stars4/5
Reviews for Eleventh Hour Security+
0 ratings0 reviews
Book preview
Eleventh Hour Security+ - Ido Dubrawsky
Dubrawsky
Brief Table of Contents
Copyright
About the Authors
Chapter 1. Systems Security
Chapter 2. OS Hardening
Chapter 3. Application Security
Chapter 4. Virtualization Technologies
Chapter 5. Network Security
Chapter 6. Wireless Networks
Chapter 7. Network Access
Chapter 8. Network Authentication
Chapter 9. Risk Assessment and Risk Mitigation
Chapter 10. General Cryptographic Concepts
Chapter 11. Public Key Infrastructure
Chapter 12. Redundancy Planning
Chapter 13. Controls and Procedures
Chapter 14. Legislation and Organizational Policies
Table of Contents
Copyright
About the Authors
Chapter 1. Systems Security
Systems Security Threats
Privilege escalation
Viruses and worms
Trojan
Spyware and adware
Rootkits and botnets
Logic bombs
Host Intrusion Detection System
Behavior-based vs. signature-based IDS characteristics
Anti-SPAM
Pop-Up Blockers
Hardware and Peripheral Security Risks
BIOS
USB devices
Cell phones
Removable storage devices
Network attached storage
Summary of Exam Objectives
Top Five Toughest Questions
Answers
Chapter 2. OS Hardening
General OS Hardening
Services
File system
Removing unnecessary programs
Hotfixes/patches
Service packs/maintenance updates
Patch management
Windows group policies
Security templates
Configuration baselines
Server OS Hardening
Enabling and disabling services and protocols
FTP servers
DNS servers
NNTP servers
File and print servers
DHCP servers
Data repositories
Workstation OS
User rights and groups
Summary of Exam Objectives
Top Five Toughest Questions
Answers
Chapter 3. Application Security
Threats are Moving Up the Stack
Rationale
Threat modeling
Application Security Threats
Browser
Buffer overflows
Packet Sniffers and Instant Messaging
Instant messaging
Peer-to-peer
SMTP open relays
Summary of Exam Objectives
Top Five Toughest Questions
Answers
Chapter 4. Virtualization Technologies
The Purpose of Virtualization
Benefits of Virtualization
Types of virtualization
Designing a virtual environment
System Virtualization
Management of virtual servers
Application Virtualization
Application streaming
Summary of Exam Objectives
Top Five Toughest Questions
Answers
Chapter 5. Network Security
General Network Security
Network services and risks associated with them
Network design elements
Network security tools
Network Ports, Services, and Threats
Network ports and protocols
Network threats
Network Design Elements and Components
Firewalls
What is a DMZ?
VLANs
Network Address Translation
Network access control/network access protection
Telephony
Network Security Tools
Intrusion detection and preventions systems
Honeypots
Content filters
Protocol analyzers
Summary of Exam Objectives
Top Five Toughest Questions
Answers
Chapter 6. Wireless Networks
Wireless Network Design
Wireless communications
Spread spectrum technology
Wireless network architecture
CSMA/CD and CSMA/CA
Service Set ID Broadcast
Wireless Security Standards
The failure of WEP
WPA and WPA2
WAP
WTLS
Authentication
Rogue Access Points
Data Emanation
Bluetooth
Summary of Exam Objectives
Top Five Toughest Questions
Answers
Chapter 7. Network Access
General Network Access
Access control
Access control models
Authentication models and components
Identity
Access Control Methods and Models
Separation of duties
Least privilege
Job rotation
Mandatory access control
Discretionary access control
Role- and rule-based access control
Access Control Organization
Security groups
Security controls
Logical Access Control Methods
Access control lists
Group policies
Domain policies
Time of day restrictions
Account expiration
Logical tokens
Physical Access Security Methods
Access lists and logs
Hardware locks
ID badges
Door access systems
Man-trap
Video surveillance
Summary of Exam Objectives
Top Five Toughest Questions
Answers
Chapter 8. Network Authentication
Authentication Methods
Access control
Authentication
Auditing
Authentication Methods
One-factor
Two-factor
Three-factor
Single sign-on
Authentication Systems
Remote access policies and authentication
Biometrics
Summary of Exam Objectives
Top Five Toughest Questions
Answers
Chapter 9. Risk Assessment and Risk Mitigation
Conduct Risk Assessments and Implement Risk Mitigation
Vulnerability assessment tools
Password crackers
Network mapping tools
Use Monitoring Tools on Systems and Networks
Workstations
Intrusion Detection Systems
Logging and Auditing
Auditing systems
System Logs
Performance Logs
Access Logs
Audits
Summary of Exam Objectives
Top Five Toughest Questions
Answers
Chapter 10. General Cryptographic Concepts
General Cryptography
Symmetric key cryptography
Asymmetric key cryptography
Hashes and applications
Digital signatures
Certificates
CIA—For all your security needs
Non-repudiation
Key management
Encryption Algorithms
DES
3DES
RSA
AES
Elliptic curve cryptography
One-time pads
Transmission encryption
WEP
TKIP
Protocols
SSL/TLS
HTTP vs. HTTPS vs. SHTTP
Other protocols with TLS
S/MIME
SSH
IPSec
PPTP
L2TP
Cryptography in Operating Systems
File and folder encryption
Whole disk encryption
Trusted platform module
Summary of Exam Objectives
Top Five Toughest Questions
Answers
Chapter 11. Public Key Infrastructure
PKI Overview
PKI encryption
PKI standards
PKI solutions
Components of PKI
Digital certificates
Certification authority
Certificate revocation list
Recovery agents
Certificate authority
Certificate revocation list
Key escrow
Registration
Recovery Agents
Implementation
Certificate Management
Summary of Exam Objectives
Top Five Toughest Questions
Answers
Chapter 12. Redundancy Planning
Alternate Sites
Hot site
Warm site
Cold site
Redundant Systems
Servers
Connections
ISP
RAID
Spare Parts
Backup Generator
UPS
Summary of Exam Objectives
Top Five Toughest Questions
Answers
Chapter 13. Controls and Procedures
Environmental Controls
Fire suppression
HVAC
Shielding
Implementing Disaster Recovery and Incident Response Procedures
Disaster recovery
Incident response
Defending against social engineering
Summary of Exam Objectives
Top Five Toughest Questions
Answers
Chapter 14. Legislation and Organizational Policies
Secure Disposal of Systems
Retention/storage
Destruction
Acceptable Use Policies
Password Complexity
Strong passwords
Password changes and restrictions
Administrator accounts
Change Management
Information Classification
Vacations
Separation of duties
Personally Identifiable Information
Privacy
Due Care
Due Process
Due Diligence
SLAs
User Education and Awareness Training
Communication
User awareness
Education
Online resources
Security-Related HR Policies
Code of Ethics
Summary of Exam Objectives
Top Five Toughest Questions
Answers
Copyright
Syngress is an imprint of Elsevier
30 Corporate Drive, Suite 400, Burlington, MA 01803, USA
Linacre House, Jordan Hill, Oxford OX2 8DP, UK
Eleventh Hour Security+ Exam SY0-201 Study Guide
© 2010 Elsevier Inc. All rights reserved.
No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publisher’s permissions policies and our arrangements with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website: www.elsevier.com/permissions.
This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein).
Notices
Knowledge and best practice in this field are constantly changing. As new research and experience broaden our understanding, changes in research methods, professional practices, or medical treatment may become necessary.
Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information, methods, compounds, or experiments described herein. In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility.
To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions, or ideas contained in the material herein.
Library of Congress Cataloging-in-Publication Data
Application submitted
British Library Cataloguing-in-Publication Data
A catalogue record for this book is available from the British Library.
ISBN: 978-1-59749-427-4
Printed in the United States of America
09 10 11 12 13 10 9 8 7 6 5 4 3 2 1
Elsevier Inc., the author(s), and any person or firm involved in the writing, editing, or production (collectively Makers
) of this book (the Work
) do not guarantee or warrant the results to be obtained from the Work.
For information on rights, translations, and bulk sales, contact Matt Pedersen, Commercial Sales Director and Rights; email m.pedersen@elsevier.com
For information on all Syngress publications, visit our Web site at www.syngress.com
About the Authors
Author
Ido Dubrawsky (CISSP, Security+, CCNA) is the Chief Security Advisor for Microsoft’s Communication Sector Americas division. His responsibilities include providing subject matter expertise on a wide range of technologies with customers as well as discussions on policy, regulatory concerns, and governance. Prior to working at Microsoft, Ido was the acting Security Consulting Practice Lead and a Senior Security Consultant at AT&T’s Callisma subsidiary where he was tasked with helping to rebuild the practice. Ido has held a wide range of previous roles, including Network Security Architect for Cisco Systems, Inc. on the SAFE Architecture Team. He has worked in the systems and network administration field for almost 20 years in a variety of environments from government to academia to private enterprise and has a wide range of experience in various networks, from small to large and relatively simple to complex. Ido is the primary author of three major SAFE white papers and has written, and spoken, extensively on security topics. He has been a regular contributor to the SecurityFocus Web site on a variety of topics covering security issues. He holds a BSc and an MSc in Aerospace Engineering from the University of Texas at Austin.
Technical Editor
Michael Cross (MCSE, MCP+I, CNA, Network+) is an Internet specialist/programmer with the Niagara Regional Police Service. In addition to designing and maintaining the Niagara Regional Police’s Web site (www.nrps.com) and intranet, he has also provided support and worked in the areas of programming, hardware, database administration, graphic design, and network administration. In 2007, he was awarded a Police Commendation for work he did in developing a system to track high-risk offenders and sexual offenders in the Niagara Region. As part of an information technology team that provides support to a user base of over 1,000 civilian and uniformed users, his theory is that when the users carry guns, you tend to be more motivated in solving their problems.
Michael was the first computer forensic analyst in the Niagara Regional Police Service’s history, and for 5 years he performed computer forensic examinations on computers involved in criminal investigations. The computers he examined for evidence were involved in a wide range of crimes, inclusive to homicides, fraud, and possession of child pornography. In addition to this, he successfully tracked numerous individuals electronically, as in cases involving threatening e-mail. He has consulted and assisted in numerous cases dealing with computer-related/Internet crimes and served as an expert witness on computers for criminal trials.
Michael has previously taught as an instructor for IT training courses on the Internet, Web development, programming, networking, and hardware repair. He is also seasoned in providing and assisting in presentations on Internet safety and other topics related to computers and the Internet. Despite this experience as a speaker, he still finds his wife won’t listen to him.
Michael also owns KnightWare, which provides computer-related services like Web page design, and Bookworms, which provides online sales of merchandise. He has been a freelance writer for over a decade and has been published over three dozen times in numerous books and anthologies. When he isn’t writing or otherwise attached to a computer, he spends as much time as possible with the joys of his life: his lovely wife, Jennifer; darling daughter Sara; adorable daughter Emily; charming son Jason; and beautiful and talented daughter Alicia
Chapter 1. Systems Security
Exam objectives in this chapter:
Systems Security Threats
Host Intrusion Detection System
Personal Software Firewall
Anti-Virus
Anti-SPAM
Pop-Up Blockers
Hardware and Peripheral Security Risks
Systems Security Threats
There are security risks to almost any system. Any computer, network or device that can communicate with other technologies, allows software to be installed, or is accessible to groups of people faces any number of potential threats. The system may be at risk of unauthorized access, disclosure of information, destruction or modification of data, code attacks through malicious software, or any number of other risks discussed in this book.
Some of the most common threats to systems come in the form of malicious software, which is commonly referred to as malware. Malware is carefully crafted software written by attackers and designed to compromise security and/or do damage. These programs are written to be independent and do not always require user intervention or for the attacker to be present for their damage to be done. Among the many types of malware we will look at in this chapter are viruses, worms, Trojan horses, spyware, adware, logic bombs, and rootkits.
Privilege escalation
Privilege escalation occurs when a user acquires greater permissions and rights than he or she was intended to receive.
Privilege escalation can be a legitimate action.
Users can also gain elevated privileges by exploiting vulnerabilities in software (bugs or backdoors) or system misconfigurations. Bugs are errors in software, causing the program to function in a manner that wasn’t intended.
Backdoors are methods of accessing a system in a manner that bypasses normal authentication methods.
System misconfigurations include such items as adding a user to a privileged group (such as the Administrator group in Active Directory) or leaving the root password blank or easily guessable.
Viruses and worms
Malicious software has appeared in many forms over the decades, but the problem has increased substantially as more computers and devices are able to communicate with one another.
Before networks were commonplace, a person transferring data needed to physically transport software between machines, often using floppy diskettes or other removable media.
To infect additional machines, the malicious software would have to write itself to the media without the user’s knowledge.
With the widespread use of networking, exploitable vulnerabilities, file sharing, and e-mail attachments made it much easier for malware to disseminate.
There are many different types of malicious code that are written with the intention of causing damage to systems, software, and data—two of the most common forms are viruses and worms.
VIRUSES
A computer virus is defined as a self-replicating computer program that interferes with a computer’s hardware, software, or OS.
A virus’s primary purpose is to create a copy of itself.
Viruses contain enough information to replicate and perform other damage, such as deleting or corrupting important files on your system.
A virus must be executed to function (it must be loaded into the computer’s memory) and then the computer must follow the virus’s instructions.
The instructions of the virus constitute its payload. The payload may disrupt or change data files, display a message, or cause the OS to malfunction.
A virus can replicate by writing itself to removable media, hard drives, legitimate computer programs, across the local network, or even throughout the Internet.
WORMS
Worms are another common type of malicious code, and are often confused with viruses.
A worm is a self-replicating program that does not alter files but resides in active memory and duplicates itself by means of computer networks.
Worms can travel across a network from one computer to another, and in some cases different parts of a worm run on different computers.
Some worms are not only self-replicating but also contain a malicious payload.
DIFFERENCE BETWEEN VIRUSES AND WORMS
Over time the distinction between viruses and worms has become blurred. The differences include:
Viruses require a host application to transport itself; worms are self-contained and can replicate from system to system without requiring an external application.
Viruses are intended to cause damage to a system and its files; worms are intended to consume the resources of a system.
DEFENDING AGAINST VIRUSES AND WORMS
Protection against viruses, worms, and other malicious code usually includes up-to-date anti-virus software, a good user education program, and diligently applying the software patches provided by vendors.
Tip
If you’re really pressed for time, focus on the general characteristics of viruses and worms as they still represent some of the most challenging problems for enterprise network and security administrators.
Anti-virus software is an application that is designed to detect viruses, worms, and other malware on a computer system. These programs may monitor the system for suspicious activity that indicates the presence of malware, but more often will detect viruses using signature files. Signature files are files that contain information on known viruses, and are used by anti-virus software to identify viruses on a system.
User education is an important factor in preventing viruses from being executed and infecting a system. As viruses require user interaction to load, it is important that users are aware that they shouldn’t open attached files that have executable code (such as files with the extension .com, .exe, and .vbs), and avoid opening attachments from people they don’t know.
Updating systems and applying the latest patches and updates is another important factor in protecting against viruses and worms.
When researchers discover a flaw or vulnerability, they report it to the software vendor, who typically works on quickly developing a fix to the flaw.
A zero-day attack is an attack where a vulnerability in a software program or operating system is exploited before a patch has been made available by the software vendor.
You can prepare for an infection by a virus or worm by creating backups of legitimate original software and data files on a regular basis. These backups will help to restore your system, should that ever be necessary.
Trojan
A Trojan horse is a program in which malicious code is contained inside what appears to be harmless data or programming, and is most often disguised as something fun, such as a game or other application. The malicious program is hidden, and when called to perform its functionality, can actually ruin your hard disk.
Spyware and adware
Spyware and adware are two other types of programs that can be a nuisance or malicious software. Both of these may be used to gather information about your computer, or other information that you may not want to share with other parties.
SPYWARE
Spyware is a type of program that is used to track user activities and spy on their machines.
Spyware programs can scan systems, gather personal information (with or without the user’s permission), and relay that information to other computers on the Internet.
Spyware has become such a pervasive problem that dozens of anti-spyware programs have been created.
Some spyware will hijack browser settings, changing your home page, or redirect your browser to sites you didn’t intend to visit. Some are even used for criminal purposes, stealing passwords and credit card numbers and sending it to the spyware’s creator.
Spyware usually does not self-replicate, meaning that the program needs to be installed in each target computer.
Some spyware programs are well behaved and even legal, with many spyware programs taking the form of browser toolbars.
ADWARE
Adware is software that displays advertising while the product is being used, allowing software developers to finance the distribution of their product as freeware (software you don’t have to pay for to use). However, some types of adware can be a nuisance and display pop-up advertisements (such as through an Internet browser), or be used to install and run other programs without your permission.
Adware can cause performance issues.
DIFFERENCE BETWEEN SPYWARE AND ADWARE
Adware and spyware are two distinctively different types of programs.
Adware is a legitimate way for developers to make money from their programs.
Spyware is an insidious security risk.
Adware displays what someone wants to say; spyware monitors and shares what you do.
Adware may incorporate some elements that track information, but this should only be with the user’s permission. Spyware will send information whether the user likes it or not.
DEFENDING AGAINST SPYWARE AND ADWARE
Preventing spyware and adware from being installed on a computer can be difficult as a person will give or be tricked into giving permission for the program to install on a machine. Users need to be careful in the programs they install on a machine and should do the following:
Read the End User License Agreement (EULA), as a trustworthy freeware program that uses advertising to make money will specifically say it’s adware. If it says it is and you don’t want adware, don’t install it.
Avoid installing file-sharing software as these are commonly used to disseminate adware/spyware.
Install and/or use a pop-up blocker on your machine such as the one available with Google Toolbar, MSN Toolbar, or the pop-up blocking feature available in Internet Explorer running on Windows XP SP2 or higher. The pop-up blocker prevents browser windows from opening and displaying Web pages that display ads or may be used to push spyware to a computer.
Be careful when using your Web browser and clicking on links. If you see a dialog box asking you to download and install an ActiveX control or another program, make sure that it’s something you want to install and that it’s from a reliable source. If you’re unsure, do not install it.
Use tools that scan for spyware and adware, and can remove any that’s found on a machine.
Rootkits and botnets
Botnets and rootkits are tools used to exploit vulnerabilities in operating systems and other software.
Rootkits are software that can be hidden on systems and can provide elevated privileges to hackers.
A rootkit is a collection of tools used to gain high levels of access to computers (such as that of an administrator).
Rootkits try to conceal their presence from the OS and anti-virus programs in a computer.
Rootkits can make it easy for hackers to install remote control programs or software that can cause significant damage.
A bot is a type of program that runs automatically as robots performing specific tasks without the need for user intervention.
Bots have been developed and used by Google, Yahoo, and MSN to seek out Web pages and return information about each page for use in their search engines. This is a legitimate use for bots, and do not pose a threat to machines.
Botnets are one of the biggest and best-hidden threats on the Internet.
The botnet controller is referred to as the bot herder, and he or she can send commands to the bots and receive data (such as passwords or access to other resources) from them.
Bots can be used to store files on other people’s machines, instruct them to send simultaneous requests to a single site in a DoS attack, or for sending out SPAM mail.
A Web server or IRC server is typically used as the Command and Control (C&C) server for a group of bots or a botnet.
Logic bombs
A logic bomb is a type of malware that can be compared to a time bomb.
Designed to execute and do damage after a certain condition is met, such as the passing of a certain date or time, or other actions like a command being sent or a specific user account being deleted.
Attackers will leave a logic bomb behind when they’ve entered a system to try to destroy any evidence that system administrators might find.
Host Intrusion Detection System
Intrusion detection is an important piece of security in that it acts as a detective control. An intrusion detection system (IDS) is a specialized device that can read and interpret the contents of log files from sensors placed on the network as well as monitor traffic in the network and compare activity patterns against a database of known attack signatures. Upon detection of a suspected