SlideShare uma empresa Scribd logo

Digital Immunity -The Myths and Reality

A
amiable_indian

Digital Immunity -The Myths and Reality From Christine M. Orshesky

Tecnologia
1 de 39
Digital Immunity The Myths and Reality Cornell University 27 June 2002 Christine M. Orshesky, CISSP, CQA
Topics for Discussion ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
What is Malware? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Virus – Defined ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Virus Infection Process Ensures virus executes before original executable Pre-pend Append PE Infector Overwrite
Types of Viruses ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Virus - Example ,[object Object],[object Object],[object Object],[object Object]
Worm - Defined ,[object Object],[object Object],[object Object],[object Object],[object Object]
Worm - Example ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Trojan horse – Defined ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Trojan horse - Examples ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Joke Program – Defined ,[object Object],[object Object],[object Object]
Joke Program – Example ,[object Object],[object Object],[object Object],[object Object]
Hoax – Defined ,[object Object],[object Object],[object Object],[object Object]
Hoax - Example ,[object Object],[object Object],[object Object]
Logic Bomb – Defined ,[object Object],[object Object],[object Object]
Logic Bomb – Example ,[object Object],[object Object]
Internet Threats ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Exposures ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Propagation Requirements ,[object Object],- Fred Cohen Short Course on Computer Viruses, 2 nd Edition
Propagation Requirements ,[object Object],[object Object],[object Object],[object Object]
Propagation ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
How Fast Do They Spread? Source: ICSA/TruSecure 22 minutes 2001 E-mail enabled script NIMDA 5 hours 2000 E-mail enabled script LoveLetter 4 days 1999 E-mail enabled word macro Melissa 4 months 1995 Word Macro Concept 3 years 1990 Boot Sector Form Time to #1 Year Type Malware
Concealment Techniques ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Impact and Effects ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Impact and Effects (concluded) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Incident Management Model ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Response Team Members ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Incident Management Model (continued) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Tools ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Techniques ,[object Object],[object Object],[object Object]
Sample Message Header From: stranger <stranger@yahoo.com> To: bluminx @hotmail.com Subject: Worm Klez.E immunity Date: Thu, 13 Jun 2002 09:39:56 -0400 MIME-Version: 1.0 Received: from [63.117.44.150] by hotmail.com (3.2) with ESMTP id MHotMailBED1EBAB002B400431923F752C9606970; Thu, 13 Jun 2002 06:39:59 -0700 Received: from Zkprhj [216.54.110.216] by mail.atel.net  (SMTPD32-6.06) id A08E53F007E; Thu, 13 Jun 2002 09:39:26 -0400 From [email_address] Thu, 13 Jun 2002 06:41:03 -0700 Message-Id: <200206130939556.SM02700@Zkprhj>
Incident Management Model (continued) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Incident Management Model (concluded) ,[object Object],[object Object],[object Object],[object Object],[object Object]
Demonstration ,[object Object],[object Object],[object Object]
Summary ,[object Object],[object Object],[object Object],[object Object]
Some Information Resources ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Additional Resources ,[object Object],[object Object],[object Object],[object Object],[object Object]
End of Presentation ,[object Object]

Recomendados

Virtualization
VirtualizationVirtualization
Virtualization
Srisailam Reddy Kanapuram
 
Firewall ppt
Firewall pptFirewall ppt
Firewall ppt
OECLIB Odisha Electronics Control Library
 
Cloud Mashup
Cloud MashupCloud Mashup
Cloud Mashup
Vasco Elvas
 
Wireless networks ppt
Wireless networks pptWireless networks ppt
Wireless networks ppt
Jennifer Christy
 
Introduction to AWS Cloud Computing
Introduction to AWS Cloud ComputingIntroduction to AWS Cloud Computing
Introduction to AWS Cloud Computing
Amazon Web Services
 
Virtualization in cloud computing
Virtualization in cloud computingVirtualization in cloud computing
Virtualization in cloud computing
Mohammad Ilyas Malik
 
Access Controls
Access ControlsAccess Controls
Access Controls
primeteacher32
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber security
Self-employed
 

Recomendados

Virtualization
VirtualizationVirtualization
Virtualization
Srisailam Reddy Kanapuram
 
Firewall ppt
Firewall pptFirewall ppt
Firewall ppt
OECLIB Odisha Electronics Control Library
 
Cloud Mashup
Cloud MashupCloud Mashup
Cloud Mashup
Vasco Elvas
 
Wireless networks ppt
Wireless networks pptWireless networks ppt
Wireless networks ppt
Jennifer Christy
 
Introduction to AWS Cloud Computing
Introduction to AWS Cloud ComputingIntroduction to AWS Cloud Computing
Introduction to AWS Cloud Computing
Amazon Web Services
 
Virtualization in cloud computing
Virtualization in cloud computingVirtualization in cloud computing
Virtualization in cloud computing
Mohammad Ilyas Malik
 
Access Controls
Access ControlsAccess Controls
Access Controls
primeteacher32
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber security
Self-employed
 
Network Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and TechniquesNetwork Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and Techniques
waqasahmad1995
 
Mobile Computing
Mobile ComputingMobile Computing
Mobile Computing
gaurav koriya
 
Computer Security | Types of Computer Security | Cybersecurity Course | Edureka
Computer Security | Types of Computer Security | Cybersecurity Course | EdurekaComputer Security | Types of Computer Security | Cybersecurity Course | Edureka
Computer Security | Types of Computer Security | Cybersecurity Course | Edureka
Edureka!
 
cloud computing ppt
cloud computing pptcloud computing ppt
cloud computing ppt
himanshuawasthi2109
 
Network security
Network security Network security
Network security
Madhumithah Ilango
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system ppt
Sheetal Verma
 
Wireless network security
Wireless network securityWireless network security
Wireless network security
Vishal Agarwal
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud security
Raj Sarode
 
Virtualization security
Virtualization securityVirtualization security
Virtualization security
Ahmed Nour
 
Network security ppt
Network security pptNetwork security ppt
Network security ppt
OECLIB Odisha Electronics Control Library
 
Virtualization security threats in cloud computing
Virtualization security threats in cloud computingVirtualization security threats in cloud computing
Virtualization security threats in cloud computing
Nitish Awasthi (anitish_225)
 
Cloud computing and service models
Cloud computing and service modelsCloud computing and service models
Cloud computing and service models
Prateek Soni
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
Fabiha Shahzad
 
Network Security
Network SecurityNetwork Security
Network Security
Manoj Singh
 
Cyber security ppt
Cyber security pptCyber security ppt
Cyber security ppt
DebrajKarmakar
 
Introduction to Microsoft Azure 101
Introduction to Microsoft Azure 101Introduction to Microsoft Azure 101
Introduction to Microsoft Azure 101
R M Shahidul Islam Shahed
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
Nezar Alazzabi
 
Authentication techniques
Authentication techniquesAuthentication techniques
Authentication techniques
IGZ Software house
 
Cloud Computing Architecture
Cloud Computing ArchitectureCloud Computing Architecture
Cloud Computing Architecture
Animesh Chaturvedi
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
Stephen Lahanas
 
Malware, Trojans and Slurpware
Malware, Trojans and SlurpwareMalware, Trojans and Slurpware
Malware, Trojans and Slurpware
Varun Arora
 
Security
Security Security
Security
chian417
 

Mais conteúdo relacionado

Mais procurados

Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system ppt
Sheetal Verma
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
Stephen Lahanas
 

Mais procurados (20)

Network Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and TechniquesNetwork Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and Techniques
 
Mobile Computing
Mobile ComputingMobile Computing
Mobile Computing
 
Computer Security | Types of Computer Security | Cybersecurity Course | Edureka
Computer Security | Types of Computer Security | Cybersecurity Course | EdurekaComputer Security | Types of Computer Security | Cybersecurity Course | Edureka
Computer Security | Types of Computer Security | Cybersecurity Course | Edureka
 
cloud computing ppt
cloud computing pptcloud computing ppt
cloud computing ppt
 
Network security
Network security Network security
Network security
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system ppt
 
Wireless network security
Wireless network securityWireless network security
Wireless network security
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud security
 
Virtualization security
Virtualization securityVirtualization security
Virtualization security
 
Network security ppt
Network security pptNetwork security ppt
Network security ppt
 
Virtualization security threats in cloud computing
Virtualization security threats in cloud computingVirtualization security threats in cloud computing
Virtualization security threats in cloud computing
 
Cloud computing and service models
Cloud computing and service modelsCloud computing and service models
Cloud computing and service models
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
 
Network Security
Network SecurityNetwork Security
Network Security
 
Cyber security ppt
Cyber security pptCyber security ppt
Cyber security ppt
 
Introduction to Microsoft Azure 101
Introduction to Microsoft Azure 101Introduction to Microsoft Azure 101
Introduction to Microsoft Azure 101
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
 
Authentication techniques
Authentication techniquesAuthentication techniques
Authentication techniques
 
Cloud Computing Architecture
Cloud Computing ArchitectureCloud Computing Architecture
Cloud Computing Architecture
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
 

Destaque

Data security in data communication
Data security in data communicationData security in data communication
Data security in data communication
Mohd Arif
 
1 security goals
1 security goals1 security goals
1 security goals
drewz lin
 
Congestion Control in Networks
Congestion Control in NetworksCongestion Control in Networks
Congestion Control in Networks
rapatil
 
Ftp (file transfer protocol)
Ftp (file transfer protocol)Ftp (file transfer protocol)
Ftp (file transfer protocol)
Raghu nath
 

Destaque (20)

Malware, Trojans and Slurpware
Malware, Trojans and SlurpwareMalware, Trojans and Slurpware
Malware, Trojans and Slurpware
 
Security
Security Security
Security
 
Trojan virus & backdoors
Trojan virus & backdoorsTrojan virus & backdoors
Trojan virus & backdoors
 
Unit 2
Unit 2Unit 2
Unit 2
 
Data security in data communication
Data security in data communicationData security in data communication
Data security in data communication
 
Security in Data Communication and Networking
Security in Data Communication and NetworkingSecurity in Data Communication and Networking
Security in Data Communication and Networking
 
Trojans and backdoors
Trojans and backdoorsTrojans and backdoors
Trojans and backdoors
 
1 security goals
1 security goals1 security goals
1 security goals
 
Anti virus
Anti virusAnti virus
Anti virus
 
File Transfer Protocol
File Transfer ProtocolFile Transfer Protocol
File Transfer Protocol
 
Congestion Control in Networks
Congestion Control in NetworksCongestion Control in Networks
Congestion Control in Networks
 
Types of attacks and threads
Types of attacks and threadsTypes of attacks and threads
Types of attacks and threads
 
What is Next-Generation Antivirus?
What is Next-Generation Antivirus?What is Next-Generation Antivirus?
What is Next-Generation Antivirus?
 
Tcp Congestion Avoidance
Tcp Congestion AvoidanceTcp Congestion Avoidance
Tcp Congestion Avoidance
 
Telnet
TelnetTelnet
Telnet
 
TelNet
TelNetTelNet
TelNet
 
Congestion Control
Congestion ControlCongestion Control
Congestion Control
 
Protocolo SMTP (Simple Mail Transfer Protocol)
Protocolo SMTP (Simple Mail Transfer Protocol)Protocolo SMTP (Simple Mail Transfer Protocol)
Protocolo SMTP (Simple Mail Transfer Protocol)
 
Ftp (file transfer protocol)
Ftp (file transfer protocol)Ftp (file transfer protocol)
Ftp (file transfer protocol)
 
Congestion control
Congestion controlCongestion control
Congestion control
 

Semelhante a Digital Immunity -The Myths and Reality

Ne Course Part One
Ne Course Part OneNe Course Part One
Ne Course Part One
backdoor
 
Malicious software
Malicious softwareMalicious software
Malicious software
msdeepika
 
Presentation2
Presentation2Presentation2
Presentation2
Jeslynn
 
4 threatsandvulnerabilities
4 threatsandvulnerabilities4 threatsandvulnerabilities
4 threatsandvulnerabilities
richarddxd
 

Semelhante a Digital Immunity -The Myths and Reality (20)

NetWitness
NetWitnessNetWitness
NetWitness
 
(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code
 
Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)
 
Ch19
Ch19Ch19
Ch19
 
Unit - 5.ppt
Unit - 5.pptUnit - 5.ppt
Unit - 5.ppt
 
Mitppt
MitpptMitppt
Mitppt
 
Network Attacks
Network AttacksNetwork Attacks
Network Attacks
 
Computer security threats & prevention
Computer security threats & preventionComputer security threats & prevention
Computer security threats & prevention
 
Ne Course Part One
Ne Course Part OneNe Course Part One
Ne Course Part One
 
Final malacious softwares
Final malacious softwaresFinal malacious softwares
Final malacious softwares
 
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric VanderburgEthical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
 
Computer crimes
Computer crimesComputer crimes
Computer crimes
 
Malicious software
Malicious softwareMalicious software
Malicious software
 
Introduction to Computer Virus
Introduction to Computer VirusIntroduction to Computer Virus
Introduction to Computer Virus
 
It's Your Move: The Changing Game of Endpoint Security
It's Your Move: The Changing Game of Endpoint SecurityIt's Your Move: The Changing Game of Endpoint Security
It's Your Move: The Changing Game of Endpoint Security
 
Malware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyMalware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny Czarny
 
Presentation2
Presentation2Presentation2
Presentation2
 
4 threatsandvulnerabilities
4 threatsandvulnerabilities4 threatsandvulnerabilities
4 threatsandvulnerabilities
 
How to Protect your PC from Malware
How to Protect your PC from MalwareHow to Protect your PC from Malware
How to Protect your PC from Malware
 
Types of malicious software and remedies
Types of malicious software and remediesTypes of malicious software and remedies
Types of malicious software and remedies
 

Mais de amiable_indian

Phishing As Tragedy of the Commons
Phishing As Tragedy of the CommonsPhishing As Tragedy of the Commons
Phishing As Tragedy of the Commons
amiable_indian
 
Cisco IOS Attack & Defense - The State of the Art
Cisco IOS Attack & Defense - The State of the Art Cisco IOS Attack & Defense - The State of the Art
Cisco IOS Attack & Defense - The State of the Art
amiable_indian
 
Secrets of Top Pentesters
Secrets of Top PentestersSecrets of Top Pentesters
Secrets of Top Pentesters
amiable_indian
 
Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Security
amiable_indian
 
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
amiable_indian
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CD
amiable_indian
 
Reverse Engineering for exploit writers
Reverse Engineering for exploit writersReverse Engineering for exploit writers
Reverse Engineering for exploit writers
amiable_indian
 
State of Cyber Law in India
State of Cyber Law in IndiaState of Cyber Law in India
State of Cyber Law in India
amiable_indian
 
AntiSpam - Understanding the good, the bad and the ugly
AntiSpam - Understanding the good, the bad and the uglyAntiSpam - Understanding the good, the bad and the ugly
AntiSpam - Understanding the good, the bad and the ugly
amiable_indian
 
Reverse Engineering v/s Secure Coding
Reverse Engineering v/s Secure CodingReverse Engineering v/s Secure Coding
Reverse Engineering v/s Secure Coding
amiable_indian
 
Network Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons LearnedNetwork Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons Learned
amiable_indian
 
Economic offenses through Credit Card Frauds Dissected
Economic offenses through Credit Card Frauds DissectedEconomic offenses through Credit Card Frauds Dissected
Economic offenses through Credit Card Frauds Dissected
amiable_indian
 
Immune IT: Moving from Security to Immunity
Immune IT: Moving from Security to ImmunityImmune IT: Moving from Security to Immunity
Immune IT: Moving from Security to Immunity
amiable_indian
 
Reverse Engineering for exploit writers
Reverse Engineering for exploit writersReverse Engineering for exploit writers
Reverse Engineering for exploit writers
amiable_indian
 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecurities
amiable_indian
 
Web Exploit Finder Presentation
Web Exploit Finder PresentationWeb Exploit Finder Presentation
Web Exploit Finder Presentation
amiable_indian
 

Mais de amiable_indian (20)

Phishing As Tragedy of the Commons
Phishing As Tragedy of the CommonsPhishing As Tragedy of the Commons
Phishing As Tragedy of the Commons
 
Cisco IOS Attack & Defense - The State of the Art
Cisco IOS Attack & Defense - The State of the Art Cisco IOS Attack & Defense - The State of the Art
Cisco IOS Attack & Defense - The State of the Art
 
Secrets of Top Pentesters
Secrets of Top PentestersSecrets of Top Pentesters
Secrets of Top Pentesters
 
Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Security
 
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CD
 
Reverse Engineering for exploit writers
Reverse Engineering for exploit writersReverse Engineering for exploit writers
Reverse Engineering for exploit writers
 
State of Cyber Law in India
State of Cyber Law in IndiaState of Cyber Law in India
State of Cyber Law in India
 
AntiSpam - Understanding the good, the bad and the ugly
AntiSpam - Understanding the good, the bad and the uglyAntiSpam - Understanding the good, the bad and the ugly
AntiSpam - Understanding the good, the bad and the ugly
 
Reverse Engineering v/s Secure Coding
Reverse Engineering v/s Secure CodingReverse Engineering v/s Secure Coding
Reverse Engineering v/s Secure Coding
 
Network Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons LearnedNetwork Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons Learned
 
Economic offenses through Credit Card Frauds Dissected
Economic offenses through Credit Card Frauds DissectedEconomic offenses through Credit Card Frauds Dissected
Economic offenses through Credit Card Frauds Dissected
 
Immune IT: Moving from Security to Immunity
Immune IT: Moving from Security to ImmunityImmune IT: Moving from Security to Immunity
Immune IT: Moving from Security to Immunity
 
Reverse Engineering for exploit writers
Reverse Engineering for exploit writersReverse Engineering for exploit writers
Reverse Engineering for exploit writers
 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecurities
 
Web Exploit Finder Presentation
Web Exploit Finder PresentationWeb Exploit Finder Presentation
Web Exploit Finder Presentation
 
Network Security Data Visualization
Network Security Data VisualizationNetwork Security Data Visualization
Network Security Data Visualization
 
Enhancing Computer Security via End-to-End Communication Visualization
Enhancing Computer Security via End-to-End Communication Visualization Enhancing Computer Security via End-to-End Communication Visualization
Enhancing Computer Security via End-to-End Communication Visualization
 
Top Network Vulnerabilities Over Time
Top Network Vulnerabilities Over TimeTop Network Vulnerabilities Over Time
Top Network Vulnerabilities Over Time
 
What are the Business Security Metrics?
What are the Business Security Metrics? What are the Business Security Metrics?
What are the Business Security Metrics?
 

Último

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 

Último (20)

GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 

Digital Immunity -The Myths and Reality

  • 1. Digital Immunity The Myths and Reality Cornell University 27 June 2002 Christine M. Orshesky, CISSP, CQA
  • 2.
  • 3.
  • 4.
  • 5. Virus Infection Process Ensures virus executes before original executable Pre-pend Append PE Infector Overwrite
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23. How Fast Do They Spread? Source: ICSA/TruSecure 22 minutes 2001 E-mail enabled script NIMDA 5 hours 2000 E-mail enabled script LoveLetter 4 days 1999 E-mail enabled word macro Melissa 4 months 1995 Word Macro Concept 3 years 1990 Boot Sector Form Time to #1 Year Type Malware
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 32. Sample Message Header From: stranger <stranger@yahoo.com> To: bluminx @hotmail.com Subject: Worm Klez.E immunity Date: Thu, 13 Jun 2002 09:39:56 -0400 MIME-Version: 1.0 Received: from [63.117.44.150] by hotmail.com (3.2) with ESMTP id MHotMailBED1EBAB002B400431923F752C9606970; Thu, 13 Jun 2002 06:39:59 -0700 Received: from Zkprhj [216.54.110.216] by mail.atel.net  (SMTPD32-6.06) id A08E53F007E; Thu, 13 Jun 2002 09:39:26 -0400 From [email_address] Thu, 13 Jun 2002 06:41:03 -0700 Message-Id: <200206130939556.SM02700@Zkprhj>
  • 33.
  • 34.
  • 35.
  • 36.
  • 37.
  • 38.
  • 39.