Exam Essentials: Chapter 21

Posted byChrisPosted inUncategorized

Chapter 21: Malicious Code & Application Attacks

Understand the propagation techniques used by viruses

  • Viruses use four main propagation techniques to penetrate systems and spread their malicious payloads:
    • file infection
    • service injection
    • boot sector infection
    • macro infection
  • You need to understand these techniques to effectively protect systems on your network from malicious code.

Know how anti-virus software packages detect known viruses

  • Most AV programs use signature-based detection algorithms to look for telltale patterns of known viruses.
  • This makes it essential to periodically update virus definition files in order to maintain protection against newly authored viruses as they emerge.
  • Behaviour-based detection is also becoming increasingly common, with AV software monitoring target systems for unusual activity and either blocking it or flagging it for investigation, even if the software does not match a known malware signature.

Explain the techniques that attackers use to compromise password security

  • Passwords are the most common access control mechanism in use today, and it is essential that you understand how to protect against attackers who seek to undermine their security.
  • Know how password crackers, dictionary attacks & social engineering attacks, such as phishing, can be be used to defeat password security.

Be familiar with the varius types of application attacks

  • Application attacks are one of the greatest threats to modern computing.
  • Attackers exploit buffer overflows, back doors, TOC/TOU vulnerabilities & rootkits to gain illegitimate access to a system.
  • Security professionals must have a clear understanding of each of these attacks and their associated countermeasures.

Understand common web application vulnerabilities & countermeasures

  • As many applications move to the web, developers & security professionals must understand the new types of attacks that exist in this environment and how to protect against them.
  • The two most common examples are cross-site scripting (XSS) and SQL injection attacks.

Know the network reconnaissance techniques used by attackers preparing to attack a network

  • Before launching an attack, attackers use IP sweeps to search out active hosts on a network. These hosts are then subjected to port scans and other vulnerability probes to locate weak spots that might be attacked in an attempt to compromise the network.
  • You should understand these attacks to help protect your network against them, limiting the amount of information attackers may gain.

Leave a comment

Design a site like this with WordPress.com
Get started