CompTIA®A+ Core 2 Exam Notes : Common Security Threats

3. Computer Security

3.1 Common security threats

1. Boot Sector virus: A boot sector virus stays resident by infecting the boot sector of the computer

2. MBR Virus: A Master boot record (MBR) virus infect the first physical sector of all affected disks

3. File viruses either replace or attach themselves to executable files, and most commonly found virus

4. Macro virus attaches itself to documents in the form of macros.

Social Engineering involves following threats

1. Shoulder surfing: shoulder surfing refers to using direct observation techniques, such as looking over someone's shoulder, to get information. It is commonly used to obtain passwords, PINs, security codes, and similar data. Shoulder surfing is particularly effective in crowded places because it is relatively easy to observe someone as they fill out a form, enter their PIN at an automated teller machine or a POS terminal, or enter a password at a cybercafe, public and university libraries, or airport kiosks. Shoulder surfing can also be done at a distance using binoculars or other vision-enhancing devices. Inexpensive, miniature closed-circuit television cameras can be concealed in ceilings, walls or fixtures to observe data entry. To prevent shoulder surfing, it is advised to shield paperwork or the keypad from view by using one's body or cupping one's hand.

2. Phishing phone calls: Cybercriminals might call you on the phone and offer to help solve your computer problems or sell you a software license. Neither Microsoft nor our partners make unsolicited phone calls (also known as cold calls) to charge you for computer security or software fixes.

3. Social Engineering: Social Engineering threats involve gaining trust of an employee or an insider of an organization. Once they've gained your trust, cybercriminals might ask for your username and password or ask you to go to a website to install software that will let them access your computer to fix it. Once you do this, your computer and your personal information is vulnerable. You may reduce the threat due to social engineering by treating all unsolicited phone calls with skepticism and not providing any personal information on such calls.

Some of the common attacks

Zero day attack: A Zero day attack is an exploit of an operating system or software vulnerability that is unknown to and unpatched by the author of the product. The name comes from the fact that there is no warning of the attack and this is compounded by the fact that the attack will be successful until it is discovered and patched by the vendor. It does not take long for a zero day attack to be effective considering the time it takes to program a patch and get it distributed to the public. These attacks can take place between the time they are discovered and when the patch is issued.

Zombie/botnet: When discussing a Zombie and its relationship to a botnet, think of an army of zombies. With your PC as one of the potentially millions of PCs infected with the same malware and commandeered by a single host. The entity that controls the botnet can literally use the machines for a single purpose like a DDoS, Spam or malware distribution. Hundreds of billions of dollars in losses or damage can be attributed to botnets.

Previous    Contents    Next


A+ Core 2 Cram Notes Contents

certexams ad

simulationexams ad