Scribd
Upload
10 views22 pages

Understanding Malicious Logic and Defenses

The document discusses various types of malicious logic in computing, including how it can exploit data as instructions, impersonate users, cross protection boundaries, alter files, and perform unauthorized actions. It emphasizes the importance of vulnerability assessments for identifying and prioritizing security weaknesses, as well as the benefits of using structured frameworks for managing vulnerabilities. Additionally, it outlines prevention techniques and the differences between vulnerability assessments and penetration tests.

Uploaded by

nandeeshbsb
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
10 views22 pages

Understanding Malicious Logic and Defenses

The document discusses various types of malicious logic in computing, including how it can exploit data as instructions, impersonate users, cross protection boundaries, alter files, and perform unauthorized actions. It emphasizes the importance of vulnerability assessments for identifying and prioritizing security weaknesses, as well as the benefits of using structured frameworks for managing vulnerabilities. Additionally, it outlines prevention techniques and the differences between vulnerability assessments and penetration tests.

Uploaded by

nandeeshbsb
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd

Malicious logic

Defenses
Malicious Logic Acting as Both Data and Instructions
– In computing, data is supposed to be passive information,
while instructions are active commands executed by the
processor.
– Malicious logic exploits situations where data is treated as
instructions or instructions masquerade as data.
– This usually happens due to programming flaws, weak
validation, or security misconfigurations.
• To prevent such attacks, systems should implement:
– Strict input validation and sanitization
– Non-executable memory (DEP/NX-bit)
– Code execution permissions (sandboxing)
– Regular patching and vulnerability scanning
Malicious Logic Assuming the Identity of a User
• Malicious logic assuming the identity of a user refers
to a cyber attack technique where malicious
programs impersonate a legitimate user to gain
unauthorized access to systems, networks, or
sensitive data.
• When malicious logic assumes a user’s identity, it can:
– Access confidential information.
– Execute fraudulent transactions.
• Prevention Techniques
– Strong, unique passwords with multi-factor authentication
(MFA)
– Regular password rotation and credential monitoring
Malicious Logic Crossing Protection Domain
Boundaries by Sharing
• It refers to a security vulnerability where malicious
code moves or gains access to areas of a system that
should normally be isolated or restricted, by exploiting
shared resources between trusted and un trusted
domains.
Malicious Logic Altering Files
• It refers to a situation where a malware
program or harmful code changes, deletes,
or corrupts files on a computer system
without authorization. These changes may
affect system files, application files, or user
data, often leading to security breaches, data
loss, or system instability.
Malicious Logic Performing Actions Beyond
Specification
• It refers to a situation where a program, script, or
piece of code executes actions that were not part of
its intended, documented, or authorized behaviour.
• This typically happens due to malware embedded in
software or compromised legitimate applications,
leading to unauthorized, unexpected, or harmful
activities in a system.
The Notion of Trust
• The notion of trust in computer security and
information systems refers to the level of
confidence that a system, user, or component
will behave as expected, securely, and reliably.
• Trust is fundamental in cyber security because
it forms the basis for access control,
authentication, communication, and system
interactions.
What is a vulnerability assessment or Analysis?
• A vulnerability assessment is the process of defining,
identifying, classifying and prioritizing vulnerabilities in
computer systems, applications and network infrastructures.
• Vulnerability assessments provide organizations with the
necessary knowledge, awareness and risk backgrounds to
understand and react to threats to their environment.
Importance of vulnerability assessments
• Vulnerability assessments provide organizations with details
on security weaknesses in their environments. They also
provide directions on how to assess the risks associated with
those weaknesses.
• This process offers the organization a better understanding of
assets, security flaws and overall risk, reducing the likelihood
a cybercriminal will breach their systems.
Types of vulnerability assessments
• Vulnerability assessments discover different types of system or network
vulnerabilities. The assessment process includes using a variety of tools,
scanners and methodologies to identify vulnerabilities, threats and risks.
Types of vulnerability assessment scans include the following:
• Network-based scans identify possible network security attacks. This type
of scan can also detect vulnerable systems on wired or wireless networks.
• Host-based scans locate and identify vulnerabilities in servers,
workstations or other network hosts. This scan usually
examines ports and services that could be visible on network-based scans.
It offers greater visibility into the configuration settings and patch history
of scanned systems, even legacy systems.
• Wireless network scans focus on points of attack in wireless network
infrastructure. In addition to identifying rogue access points, a wireless
network scan also validates a company's network is securely configured.
• Application scans test websites to detect known software vulnerabilities
and incorrect configurations in network or web applications.
• Database scans identify weak points in a database to prevent malicious
attacks, such as SQL injection attacks.
Vulnerability Assessments vs Penetration
Tests
Parameter Vulnerability assessments Penetration tests

Identification and evaluation of Real world attacks are simulated to


Objective
potential vulnerabilities exploit vulnerabilities

Usage of manual techniques and Ethical hackers are involved who


Methodology
automated systems to scan systems attempt to exploit vulnerabilities

Various aspects of the system are Target specific vulnerabilities and


Scope
covered attack vectors

Conducted regularly as part of an Less frequent and is performed when


Frequency
ongoing strategy needed

Gives a broader perspective of Gives deeper insight into the impact


Focus
potential issues of exploiting vulnerabilities

Reactive approach which assess the


Proactive approach which helps
Approach effectiveness of existing security
prevent potential issues
measures
Frameworks
• Frameworks for vulnerability analysis in
computer and network security provide a
structured, systematic approach to identify,
evaluate, and mitigate security weaknesses in
systems, networks, and applications
• frameworks ensure organizations proactively
manage their security posture and stay ahead
of threats.
How Vulnerability Analysis Frameworks Work
A vulnerability analysis framework guides an organization through
several key steps:
• Asset Discovery & Prioritization: Identify and categorize all
digital assets within the infrastructure.
• Vulnerability Scanning: Use automated tools to scan for
weaknesses and misconfigurations in networks, systems, and
applications.
• Risk Assessment: Evaluate the identified vulnerabilities to
understand their potential impact and likelihood of being
exploited.
• Remediation & Mitigation: Develop and implement strategies to
fix or reduce the severity of the vulnerabilities.
• Verification: Confirm that the vulnerabilities have been
successfully addressed.
• Monitoring: Continuously monitor the environment to detect
new or emerging vulnerabilities.
Key Frameworks and Standards:
NIST Cybersecurity Framework (CSF):
• A high-level, adaptable framework for managing
cybersecurity risk across an organization. It uses
five core functions: Identify, Protect, Detect,
Respond, and Recover.
OWASP Testing Guide:
• Provides detailed instructions and tools for testing
the security of web applications, helping
developers and security professionals identify
common vulnerabilities.
Benefits of Using a Framework
Systematic Approach:
• Provides a structured, repeatable process for managing
vulnerabilities.
Proactive Security:
• Enables organizations to find weaknesses before attackers can
exploit them.
Improved Risk Management:
• Helps in understanding and prioritizing risks to allocate resources
effectively.
Enhanced Security Posture:
• Strengthens overall security and helps maintain confidentiality,
integrity, and availability of systems.
Regulatory Compliance:
• Facilitates adherence to industry-specific security requirements and
standards.

You might also like