This was a Presentation I gave a few years ago on how Cisco Security Agent works, and what the current landscape of threats it prevented. This was from 2009, and presented to a room of Helpdesk Technicians.

1. Mike Pruett
Information Technology
mpruett@istavision.com

2.  Definitions
 Anatomy of an Operating System
 Anatomy of an Antivirus Program
 Anatomy of a Security Threat
 Analysis

3.  Malware - short for malicious software, is
software designed to infiltrate a computer
system without the owners informed consent.
 Spam- junk email that involves nearly
identical messages sent to numerous
recipients by email.
 Distributed Denial-of-Service (DDoS) – occurs
when multiple systems flood the bandwidth
or resources of a targeted system, usually
one or more web servers.

4.  Botnet – a jargon term for a collection of software
robots, or bots, that run autonomously and
automatically
 Zombie – a computer attached to the internet that
has been compromised by some form of threat.
Generally, a compromised machine is only one of
many in a botnet, and will be used to perform
malicious tasks of one sort or another under remote
direction.
 Intrusion Detection System (IDS) – is a device (or
application) that monitors network and/or system
activities for malicious activities or policy violations.
 Intrusion Prevention System (IPS) – like a IDS, but the
device can react, in real-time, to block or prevent the
unwanted activity.

5.  Vulnerability – a term for weakness which allows an attacker to
reduce a systems security.
 Exploit – a piece of software, a chunk of data, or sequence of
commands that take advantage of a bug, glitch, or vulnerability
in order to cause unintended or unanticipated behavior to occur
on computer systems.
 Zero Day Threat – a computer threat that tries to exploit
computer application vulnerabilities that are unknown to others,
undisclosed to the software vendor, or for which no security fix
is available.
 Black Hat Hacker– are hackers who specialize in unauthorized
penetration of computer networks. They may use computers to
attack systems for profit, for fun, or for political motivations or
as a part of a social cause.
 White Hat Hacker – also known an ethical hackers, or white
knights, are computer security experts, who specialize in
penetration testing, and other testing methodologies, to ensure
that a companies information systems are secure.

6. A computer program that can copy
itself and infect a computer.

7. A self-replicating computer program.
It uses a network to send copies of itself
to other computers, usually without any
user intervention.

8. A piece of code that uses a polymorphic engine to mutate while
keeping the original algorithm intact. That is, the code changes
itself each time it runs, but the function of the code in whole will
not change at all.

9. A derogatory term used to describe those
who use scripts or programs developed by
other to attack computer systems.

10. Applications Processes
Network
COM API System API Services
Stack
KERNEL
CPU MEMORY FILE I/O DEVICE I/O

11. Applications Processes
Network
COM API System API Services
Stack
KERNEL
CPU MEMORY FILE I/O DEVICE I/O
= Cisco Security Agent “Shim”

12. On-Demand Real-Time Heuristics
Scan Engine Scan Engine Database
Applications Processes

13.  http://www.symantec.com/security_response
/writeup.jsp?docid=2008-112203-2408-
99&tabid=2
 http://www.confickerworkinggroup.org/wiki/
pmwiki.php/ANY/Timeline
 http://www.confickerworkinggroup.org/wiki/
pmwiki.php/ANY/FAQ

14.  Check the Security Logs
 Check the Event Viewer
 Use the Diagnostics Tool
 Use Reset Agent Tool