What were the most serious types of security risks in the past?
What is a rootkit?
What are persistent/non-persistent rootkits?
When were rootkits first discovered?
Why might rootkits be called the ultimate malware threat?
Task 6. Insert the prepositions, translate the sentences:
1. Although increased complexity of rootkits has resulted … many advantages for attackers, it has also made installing rootkits considerably more complicated.
2. Many rootkits now consist … many components that need to be compiled and installed.
3. At present information security professionals should not rely … anti-virus and anti-spyware software to detect rootkits.
4. The success of an attack depends … the vulnerability of the system and the effectiveness of existing countermeasures.
5. Attacks can be divided … two main categories.
6. This process of gathering information might lead … active attacks later on.
7. Security in wireless networks differs greatly … security for their wireline counterparts due to the very nature of the physical medium.
8. Controls are divided … three categories: physical, logical, and administrative.
9. Although the term may sound very technical and oriented in the direction of high-security computing facilities, access controls are something we deal … on a daily basis.
Task 7. Render the text:
Руткит - программа или набор программ для скрытия следов присутствия злоумышленника или вредоносной программы в системе. Под этим термином понимается набор утилит или специальный модуль ядра, которые взломщик устанавливает на взломанной им компьютерной системе сразу после получения прав суперпользователя. Руткит позволяет взломщику закрепиться во взломанной системе и скрыть следы своей деятельности путём сокрытия файлов, процессов, а также самого присутствия руткита в системе.
Task 8.Read and translate the text using Essential Vocabulary:
Text 2B. How Rootkits Work
Essential Vocabulary
clue n – ключ
convict v – убедить в чем-либо, признать виновным
omit v – пропускать, не включать
|
|
|
pertain v - относиться, принадлежать
preclude v – предотвращать, устранять
prevent from v - предотвращать, препятствовать
Rootkits work using two basic types of mechanisms, mechanisms that enable them to avoid detection and ones that set up backdoors.
Hiding Mechanisms
Attackers know that discovery of their unauthorized activity on a victim system almost invariably leads to investigations that result in the system being patched or rebuilt, thereby effectively forcing them to "start from scratch" in their efforts to gain unauthorized access to and control a target system, or in a worst case scenario for attackers, giving investigators clues that can be used in identifying and ultimately convicting the attackers of wrongdoing. It is to the attackers' advantage, therefore, to hide all indications of their presence on victim systems. Most rootkits incorporate one or more hiding mechanisms - as a rule, the more sophisticated the rootkit, the more of these mechanisms are part of the rootkit and the more proficient these mechanisms are.
The most basic type of hiding mechanism is one in which log data pertaining to an attacker's logins and logouts on the victim system are erased so that when system administrators inspect the system's audit logs, they do not see any entries that report the attacker's having logged in or out or having done anything else on the system. Additionally, many rootkits delete any evidence of processes generated by the attacker and the rootkit itself. When system administrators enter commands or use system utilities that display the processes that are running, the names of processes started in connection with all facets of the attack (including the presence of a rootkit) are omitted from the output. Rootkits may also hide files and directories that the attacker has created in a number of ways, including changing commands used to list directory contents to have them exclude files that the attacker has created, or (as explained in more detail shortly) making changes to the kernel of the operating system itself to cause it to provide false information about the presence and function of certain files and executables. To allow backdoor access by attackers, rootkits almost always open one or more network ports on the victim system. To preclude the possibility of discovering rootkits when system administrators examine open ("listening") ports, many rootkits thus also hide information about certain ports' status. Additionally, some rootkits change what happens when certain executables are invoked by legitimate users (e.g., system administrators) such that malicious executables that superficially appear to work like the original executables are run instead.
|
|
|
Backdoor Mechanisms
Rootkits almost without exception also provide attackers with remote backdoor access to compromised systems. One of the most common ways of providing this kind of access is creating encrypted connections such as secure shell (SSH) connections that not only give attackers remote control over compromised systems, but also encrypt information to prevent it from being available for analysis by network-based intrusion detection systems (IDSs) and intrusion prevention systems (IPSs) as well as network monitoring tools. Additionally, SSH implementations used in connection with rootkits require entering a username and password, thereby also helping prevent individuals other than the individual or individuals who installed the rootkit from being able to use the backdoor.
Task 9.Translate the following word combinations:
To avoid detection; start from scratch; unauthorized activity; to gain unauthorized access; the most basic type of hiding mechanism; to provide false information; legitimate users; compromised system; in a number of ways; to encrypt information; intrusion detection systems; intrusion prevention systems; network monitoring tools.
Task 10. Finish the following sentences without looking into the text:
1. Rootkits work using two basic types of …
2. Most rootkits incorporate one or more …
Дата добавления: 2018-04-15; просмотров: 249; Мы поможем в написании вашей работы! |
Мы поможем в написании ваших работ!