Contents 1 Antivirus software 1 1.1 History ................................................ 1 1.1.1 1949-1980 period (pre-antivirus days) ............................ 1 1.1.2 1980-1990 period (early days) ................................ 2 1.1.3 1990-2000 period (emergence of the antivirus industry) ................... 2 1.1.4 2000-2005 period ...................................... 3 1.1.5 2005 to present ........................................ 3 1.2 Identification methods ........................................ 4 1.2.1 Signature-based detection .................................. 4 1.2.2 Heuristics ........................................... 4 1.2.3 Rootkit detection ....................................... 5 1.2.4 Real-time protection ..................................... 5 1.3 Issues of concern ........................................... 5 1.3.1 Unexpected renewal costs ................................... 5 1.3.2 Rogue security applications .................................. 5 1.3.3 Problems caused by false positives .............................. 5 1.3.4 System and interoperability related issues ........................... 6 1.3.5 Effectiveness ......................................... 6 1.3.6 New viruses .......................................... 6 1.3.7 Rootkits ............................................ 6 1.3.8 Damaged files ......................................... 6 1.3.9 Firmware issues ........................................ 7 1.4 Performance and other drawbacks .................................. 7 1.5 Alternative solutions ......................................... 7 1.5.1 Hardware and network Firewall ............................... 7 1.5.2 Cloud antivirus ........................................ 7 1.5.3 Online scanning ....................................... 8 1.5.4 Specialist tools ........................................ 8 1.6 Usage and risks ............................................ 8 1.7 See also ................................................ 8 1.8 References ............................................... 8 1.9 Bibliography .............................................. 11 i ii CONTENTS 1.10 External links ............................................. 12 2 Application security 13 2.1 Methodology ............................................. 13 2.2 Threats, Attacks, Vulnerabilities, and Countermeasures ....................... 13 2.3 Application Threats / Attacks ..................................... 13 2.4 Mobile application security ...................................... 13 2.5 Security testing for applications .................................... 14 2.6 Security certifications ......................................... 15 2.7 Security standards and regulations ................................... 15 2.8 See also ................................................ 16 2.9 References ............................................... 16 2.10 External links ............................................. 16 3 Backdoor (computing) 17 3.1 Overview ............................................... 17 3.1.1 Examples ........................................... 17 3.1.2 Object code backdoors .................................... 18 3.1.3 Asymmetric backdoors .................................... 18 3.2 Compiler backdoors .......................................... 18 3.2.1 Occurrences .......................................... 19 3.2.2 Countermeasures ....................................... 19 3.3 List of known backdoors ....................................... 19 3.4 References .............................................. 20 3.5 External links ............................................. 20 4 Black hat 21 4.1 References ............................................... 21 4.2 See also ................................................ 21 5 Black Hat Briefings 22 5.1 History ................................................. 22 5.2 The conference ............................................ 22 5.3 Conference’s topics .......................................... 22 5.4 New conference goals ......................................... 22 5.5 Antics and disclosures ......................................... 22 5.6 See also ................................................ 23 5.7 References ............................................... 23 5.8 External links ............................................. 23 6 Botnet 24 6.1 Types of botnets ............................................ 24 6.1.1 Legal botnets ......................................... 24 CONTENTS iii 6.1.2 Illegal botnets ......................................... 24 6.2 Recruitment .............................................. 24 6.3 Organization .............................................. 24 6.4 Formation ............................................... 25 6.5 Types of attacks ............................................ 25 6.6 Countermeasures ........................................... 26 6.7 Historical list of botnets ........................................ 26 6.8 Trivia ................................................. 26 6.9 See also ................................................ 26 6.10 References .............................................. 27 6.11 External links ............................................. 28 7 Computer crime 29 7.1 Classification ............................................. 29 7.1.1 Fraud and financial crimes .................................. 29 7.1.2 Cyberterrorism ........................................ 29 7.1.3 Cyberextortion ........................................ 30 7.1.4 Cyberwarfare ......................................... 30 7.1.5 Computer as a target ..................................... 30 7.1.6 Computer as a tool ...................................... 30 7.2 Documented cases ........................................... 32 7.3 Combating computer crime ...................................... 33 7.3.1 Diffusion of Cybercrime ................................... 33 7.3.2 Investigation ......................................... 33 7.3.3 Legislation .......................................... 33 7.3.4 Penalties ........................................... 33 7.4 See also ................................................ 33 7.5 References ............................................... 34 7.6 Further reading ............................................ 35 7.7 External links ............................................. 36 7.7.1 Government resources .................................... 36 8 Computer security 37 8.1 Vulnerabilities ............................................. 37 8.1.1 Backdoors ........................................... 37 8.1.2 Denial-of-service attack .................................... 38 8.1.3 Direct-access attacks ..................................... 38 8.1.4 Eavesdropping ........................................ 38 8.1.5 Spoofing ............................................ 38 8.1.6 Tampering .......................................... 38 8.1.7 Repudiation ......................................... 38 8.1.8 Information disclosure .................................... 38 iv CONTENTS 8.1.9 Privilege escalation ...................................... 39 8.1.10 Exploits ............................................ 39 8.1.11 Social engineering and trojans ................................ 39 8.1.12 Indirect attacks ........................................ 39 8.1.13 Computer crime ....................................... 39 8.2 Vulnerable areas ........................................... 39 8.2.1 Financial systems ....................................... 39 8.2.2 Utilities and industrial equipment ............................... 39 8.2.3 Aviation ........................................... 39 8.2.4 Consumer devices ....................................... 40 8.2.5 Large corporations ...................................... 40 8.2.6 Automobiles ......................................... 40 8.2.7 Government .......................................... 40 8.3 Financial cost of security breaches .................................. 40 8.3.1 Reasons ............................................ 41 8.4 Computer protection (countermeasures) ............................... 41 8.4.1 Security and systems design .................................. 41 8.4.2 Security measures ....................................... 41 8.4.3 Reducing vulnerabilities ................................... 42 8.4.4 Security by design ...................................... 43 8.4.5 Security architecture ..................................... 43 8.4.6 Hardware protection mechanisms .............................. 43 8.4.7 Secure operating systems ................................... 44 8.4.8 Secure coding ........................................ 45 8.4.9 Capabilities and access control lists ............................. 45 8.4.10 Hacking back ......................................... 45 8.5 Notable computer security attacks and breaches ............................ 45 8.5.1 Robert Morris and the first computer worm ......................... 46 8.5.2 Rome Laboratory ....................................... 46 8.5.3 TJX loses 45.7m customer credit card details ......................... 46 8.5.4 Stuxnet attack ......................................... 46 8.5.5 Global surveillance disclosures ................................ 46 8.5.6 Target And Home Depot Breaches by Rescator ........................ 46 8.6 Legal issues and global regulation ................................... 46 8.7 Government .............................................. 47 8.7.1 Public–private cooperation .................................
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages204 Page
-
File Size-