Free Certification Practice Tests and Study Guides
Join Us! | Login | Help




A+ Study Guide: Domain 6.0: Security - Security Threats


:: Return to the Index ::

Contents:
Introduction
Spam
Viruses, Worms, and Trojans
Spyware, Adware, and Grayware
Social Engineering
Hacking
Internal Threats

Introduction:
Previous versions of the A+ exams contained very little about security, however, the new exam gives it a weighting of 11%. This is because the incedence and sophistication of attacks continues to increase and may be responsible for many of the issues that a technician deals with. There are a wide variety of security threats out there from hacking to disgruntled employees to poor internal security design. In this section, we will take a look at some of the various threats.

Spam:
If you don't know what spam is, you haven't spent enough time with computers to be considering taking this exam. The amount of spam users are receiving continues to grow every year. It costs businesses dearly in employee labor hours, network bandwidth, not to mention the costs if malicious payload is executed.

Viruses:
The most common computer infestation, viruses rely on other programs such as an email client to replicate themselves. There are several different categories of viruses as follows:
  • File infector viruses - File infector viruses infect executable program files such as .com and .exe files. They can infect other files when an infected program is run from floppy, hard drive, or from the network.
  • Boot sector viruses - Boot sector viruses infect the system area of a disk known as the boot record.
  • Master boot record viruses - Master boot record viruses are memory resident viruses that infect disks in the same manner as boot sector viruses. The difference between these two virus types is where the viral code is located. These can often be fixed by using FDISK /MBR.
  • Multi-partite viruses - Infect both boot records and program files.
  • Macro viruses: These types of viruses infect data files and are the most common. With the advent of Visual Basic in Microsoft's Office 97, a macro virus can be written that not only infects data files, but also can infect other files as well.
There are 2 other types of attacks that are common via the use of Trojans and Worms as described below:
  • Trojan Horse - A Trojan is a type of file that appears to do one thing, but in reality does another. A Trojan can be a file that operates in an expected way, but also has a secret operation that subverts security. Once a Trojan is installed, it can perform a wide variety of destructive tasks and/or provide secure information to the attacker.
  • Worms - Worms are stand alone programs that do not need other programs in order to replicate themselves like a virus which relies on users to inadvertently spread it.
Most viruses are spread via email and the internet, but can also be spread via removable media (i.e. floppies) or across a network.

Spyware, Adware, and Grayware:
Spyware is software that is installed on your system without you knowing about it and is used to collect sensitive information about you. It is often piggybacked to software that appears to offer a valuable service. This software may often even be free. Spyware can also be installed without the user's knowledge when visiting certain web pages.

Adware can cause a wide range of problems including excessive popup windows and other forms of unwanted advertising which often causes system problems. Like spyware, Adware can either be piggybacked to software that you download and seems legitimate or installed by visiting some web sites.

Grayware is comprised of applications that may be absolutely harmless in some environments, but cause problems in others. For example, a peer-to-peer file sharing program might not cause any problems in a home environment, but cause bandwidth issues in a corporate one (particularly if a large number of people are using it).

Social Engineering:
This type of threat is the practice of obtaining confidential information (such as passwords, credit cards, confidential information) by manipulation of legitimate users. A social engineer will commonly use the telephone or Internet to trick people into revealing sensitive information or getting them to do something that is against typical policies. By this method, social engineers exploit the natural tendency of a person to trust his or her word, rather than exploiting computer security holes.

A very common form of Social Engineering seen today is called Phishing. The most common form of this involves the exploiter sending you an email pretending to be a legitimate service such as eBay, PayPal, your bank, etc. The email will instruct you to click on a link in the email to perform a necessary function such as updating your account. After clicking on the link, you will be taken to a web site that looks exactly like the real thing, however, you will notice that the URL isn't right. On this page it typically a form where you need to enter personal information such as your credit card number. This information is submitted directly to the exploiter who will likely go on a shopping spree or commit identity theft.

Hacking:
Hacking is a broad term that refers to a variety of different methods used to attempt to gain unauthorized access to a network or system. This can include Denial of Service (DoS) attacks, Brute Force attacks, Man-in-the-Middle attach, etc. You do not need to know what each of these types of attacks are, just know what hacking generally is and how to combat it (covered in another section).

Internal Threats:
One of the largest security risks comes from internal employees, particularly disgruntled ones. They can steal data, steal equipment, destroy data, destroy equipment, etc. Internal threats, however, don't just encompass malicious acts. An employee unknowingly disposing of sensitive company data in the garbage or recycling old hard drives without removing data can be just as damaging.