Entries from September 2010 ↓

Security+ Objective 1.2 Explain the security risks pertaining to system hardware and peripherals – BIOS

BIOS (Basic Input/Output System) is built onto the motherboard of a system.  It is the first code run when you power on your computer.  It finds all the hardware and typically tells your computer to boot to the operating system on your hard drive.  If a bad guy wants to bypass the security features of your operating system, they just need to alter the boot order and tell BIOS to boot to their CD or USB drive first.  They can have an operating system of their own with all their hacker tools, where they are the administrator of the system with full rights to everything.

The main way to prevent someone from changing the boot order is to password protect the BIOS.  If the bad guy doesn’t know your BIOS password, they can’t get in there to make alterations.  For the test, just remember “BIOS Password” and you should be able to answer those questions.

Real World Note: on most computers the BIOS password can be cleared or bypassed fairly easily, so physically securing your system is really the best way to keep the bad guys from altering the BIOS.

Go back to the Exam Objectives list

Security+ Objective 1.1 – Differentiate among various systems security threats – Logic Bomb

Logic Bomb sketchA logic bomb is malicious code that lays dormant until triggered by a specific event, usually a date and time. For example:
• a virus that executes on April fool’s day or Friday the 13th
• a programmer who inserts malicious code into an application that will run if his termination paperwork is processed
• code that does it’s damage if a certain program is run
That’s it, malicious code that runs at a specific time, or when some other event triggers it.

Go back to the Exam Objectives list

Security+ Objective 1.1 – Differentiate among various systems security threats – Botnets

botnet sketchA Botnet is a collection of computers on a network that can be controlled by a bad guy. Bot is short for robot, because each system will do as it is told. Another common term for a bot is zombie. To create a network of bots/zombies the bad guy infects systems with agent software. That agent software acts as a zombie slave and is programmed to receive commands from the zombie master. The zombie master acts as a command and control center. All of the slaves will routinely send out packets to the master letting the bad guy know that they are ready to receive commands.

Typically the bad guy uses Internet Relay Chat (IRC) to “chat” with the bots and send commands. With an army of bots at his command the bad guy will usually run Distributed Denial of Service attacks (DDoS) that can take down web servers that are designed to handle massive amounts of traffic. He never would have had enough power to do this with just his own PC.

Go back to the Exam Objectives list

Security+ Objective 1.1 – Differentiate among various systems security threats – Rootkits

A rootkit is a particularly dangerous kind of malware. The “root” account in Unix and Linux is the all powerful administrative account that controls the entire operating system.  So a rootkit embeds itself into an operating system (including Windows) and can control what the OS does.  It can be running, but tell the OS to hide processes, files and registry entries, so you’ll never know it.  The bad guys can now hide all their bad stuff.  This makes it difficult to detect because even anti-virus programs go through the OS to know what files and processes to scan (even in safe mode). 

Although some malware scanners can detect certain rootkits, there are more sure ways to approach this problem.  You can boot to a known clean OS on a USB drive or CD in order to scan the infected OS.  The rootkit isn’t in control of the known clean OS, so it can’t hide itself.  If you really want to be safe you can format the entire hard disk and reinstall the OS from the original media.

Side Note: To try to protect its copyright material Sony BMG included copy protection software on some of their CDs in 2005.  It became a huge scandal because it was essentially a rootkit.

Go back to the Exam Objectives list

Security+ Objective 1.1 – Differentiate among various systems security threats – Adware

Adware is software that delivers ads to your computer, usually in the form of pop-ups.  If you are constantly getting pop-ups that aren’t tied to the websites that you are visiting, chances are you have some adware installed on your system.  It sometimes doesn’t fall under the scope of your anti-virus software, so alternate scanning software may be needed to prevent adware.

Go back to the Exam Objectives list

Security+ Objective 1.1 – Differentiate among various systems security threats – Spam

Spam is unwanted email that is forced upon you without your consent.  Its name comes from a “Monty Python” skit about the prepackaged meat called “Spam”.  You don’t need to know that for the exam, but if you search for the skit on YouTube you will see that it is a very fitting depiction.

Spam is very effective because it uses the standard e-mail port 25, which we leave open on the firewall because it is required for the good email to get through (more on “ports” later).

If someone is getting a lot of email from unknown sources like online vendors and pharmacies, that’s spam.  It can generate a lot of traffic that wastes company bandwidth even before you can delete it.  A huge majority of all email sent today is spam.

Note: Spam may be malicious sometimes, but it isn’t software. It’s just junk e-mail, so it doesn’t fit in the category of malware.

Go back to the Exam Objectives list