So next we have social engineering. Now. Social engineering is not an attack necessarily against our I T devices.
We don't social engineer. We don't social engineer a switch. We don't social engineer a router Because social engineering is exploiting people.
Social engineering is doing things such as walking is such a cz walking up to a door that requires a key card to enter and holding a box of doughnuts and or standing outside and taking a smoke break or walking up to a door on crutches right behind someone. You're exploiting people's,
procedures. You're exploiting people's weaknesses in just their day to day, day to day respectful nous and niceness. If you're walking up to the door with the computer bag over one arm, a bunch of books in the other, and you're barely making it on crutches that you that you went to the store and bought
then if you're hobbling up to a door and so and you're like, Oh, hey, hold the door,
a lot of times you're not gonna have someone who just says no and slams the door closed and then says, Use your own I d.
That's best security policy for them to do that. But the way that we in society have,
we have our, you know, procedures we have our own. We have our own unwritten rules of things that we have ways that we need to act. We have our own anthropological this way we have our own anthropological actions that we need to do that
social engineering can exploit those social engineering, can
exploit those weaknesses and make use of them to gain entry into our network. Again, Things like walking really fast down the hallway carrying a clipboard,
you may hear some people say, if you know, a lot of times people will say Okay, if if you walk down anywhere and you look busy, no one's gonna bother you. If you look like you're in a rush to get somewhere and you look like you know where you're going, then a lot of times you won't have somebody stop you and say, Hey, can I see your badge? If you're if you're carrying a clipboard up near where your badge usually would be,
sort of obscuring the view.
And maybe you went on your computer and printed out a little fake badge and laminated it and stuck it on, you know, and you stuck it on your best pocket. Because, of course, no one could do that at Staples or Office Depot. Then
you're gonna have a lot less People bother you. Then if you are walking around looking very suspicious, so social, so again, social engineering is just exploiting those people weaknesses by knowing how people act, knowing the standard way that people are receptive to actions knowing that if
you're requesting a password you're talking to I t on the phone
and you're requesting a password. Reset. You're requesting a password. Reset. And then you say, Well, I want to speak to your manager. You sound very urgent. Then they may just say, Okay, okay. I'll just reset the password for you. Or if you impersonate I c I t department calling someone and then you say, OK, I need your security questions or I need you to send me your password.
All of this is social engineering, anything where you were. You're not trying to find a vulnerability. You're not trying to find a technical vulnerability. You're not trying to find a vulnerability in computer software computer hardware. You're trying to find a vulnerability in people that social engineering. Now we can't patch people
employee employee user Update 2.5 that exploits the door that patches the door, the door holding, opening exploit.
That's not the way that this works. We can't. We can't perform the latest Windows updates on people being respectful and people on people not asking for your badge. What The way we go, the way that we patch that the way that we fix that security hole is through user training, we have to have user training and user policies that are mandatory
employees know. Okay, I know that I want to hold the door open for this person. I know that I need to be nice, but because of this policy and because of what we learned in our training, I probably should close the door. Maybe I can. I can help them with their books and let them card in and then hand them their books and then all card in two and come in the door.
We need to have training not to open that email from the Nigerian prince who wants to share his wealth for me with you. We need to have policies that let us know not to leave our computer unlocked, not to leave our badge lying around, not to write our passwords down All these things that are potential exploits in our people. So these user training and policies are extremely critical.
And if they don't work, if we still have people holding doors open, if we still have people writing down their passwords,
we need to have repercussions. For that. We need to have repercussions for if your manager finds that your computer isn't locked or if your manager finds password written down and stuck on a sticky note on your screen. Or maybe we need to hire security personnel to stay in that doors. Where does whatever the case may be? We can't just focus all of our time and all of our energy on
our actual network. Resource is on our switches and our routers and our computers.
We can make those 100% fail proof secure, but we still have people who have passwords and have access to the divide. Those devices which could be socially exploited, which could be socially engineered
and next we have viruses. Viruses are is malicious software malicious coating that attempts to
perform actions on our computer that essentially we don't want them to.
Now viruses can be in the form of
they could be formed, informed in the form of fake anti viruses. They can be in the form of malicious downloads that could be in the form of email attachments. Attack surfaces for viruses could be practically anywhere, so we need to have for in order to help
mitigate virus viruses on our network. In order to help mitigate malware on our network, we need to do a couple of things. First of all, we need to have keep having this user training. Use your training to let people know not to open email attachments that look suspicious. Let people know not to pick up
USB devices off the floor and just plug them into their computer. That could have malware on them. So Benito have user training to let people know where these viruses could come from and what not to d'oh
and what to do. In order to help prevent this and how to report how to report suspicious items.
We also need to have anti Mau updated anti malware and updated anti malware signatures on our computers. It because if we do have that malware or those viruses get on our computers, we wanna have something that is able to help prevent it from spreading. We wanna have something that gets rid of it as soon as possible.
We may want to implement intrusion prevention systems. I PS is or I. D. S is on our network
that can prevent or can detect at least suspicious traffic and suspicious items on data on our network.
We may have again user policies which goes with our user training.
In addition to our anti malware, we may have our we may have restrictions on our network that remember when we talked about our policies For if someone is allowed to connect to our network, we may have policies that say, OK, do you have the most latest you? Do you have the most recent edition of our malware?
Do you have the most updated signatures?
Have you done a scan in the last 48 hours? If not, you are. You can only connect to my remediation network until you fix these issues because I don't want you connecting to my main network because you could potentially be infected and that infection could spread. So we need to have those mitigation strategies in place
in order to protect. Protect against that. The malicious software malicious code protects against that malware.
Now, next, we have worms.
Now what's the difference between worms and viruses? Well, whereas viruses air malicious, execute a bles, worms do not need to be attached to an execute a ble in order to spread. Worms are self replicating, So all we would need to do is have that computer or have that device somehow touch a different device.
It could be connected over a network. It could be connected via a USB. But whatever the case may be, that worm has self replicating code
that it can spread by itself. It can wiggle its way through a network without having to have anyone ever click and execute herbal without anyone ever running a malicious program. It just makes its way through the network. It's self replicates
now. These convey extremely extremely dangerous to our network because if they spread wide enough and this has happened before, where worms replicate so much across our network, that 80% of our network traffic is just this worm trying to replicate itself.
So we essentially this worm is essentially performing a denial of service on our network
because it's trying to replicate. And it's doing so, so loudly. And it's taking up so much a network traffic because it's just moving all over the place, trying to infect new hosts so
worms could be self replicating. They can be polymorphic, which means that can have sections of code that adjust and change every time that they replicate so that it's harder to pin them down. It's harder to create a signature for them.
So if a warm is polymorphic it, we may have a file. When we say, Ah, this is the worm file. I found it. I'm gonna create a signature for this all my anti virus is there gonna be updated
and then you update your anti virus, and it only finds tomb or instances of that that worm on your entire network. But you know it's but it's much more widespread than that because the warmest polymorphic it keeps self, it's keeps changing its code. It's a lot harder to pin down, so worms again
are going to be one of those things that you need to do. Things such as having user policy is not to plug in unidentified US bees to your computer.
You can't plug in any personal U. S visa to your computer. They have to be secure. US peas you may want you may want to
put those ideas is an I. P. S is on your network. You may wanna have content filters to prevent people from getting too certain websites where they could unintentionally download a virus or worm. So all of these policies, all of these best practices, need to come in place to prevent these worms from infecting our network and potentially spreading on our network. It's much harder.
You know, There's a saying that
an ounce of prevention is worth more than a pound of the cure. So an ounce of set up beforehand announce of security policy and preventing the worm from getting on our network at all is worth more than the hours and hours that it may take spending to clean it up.
So we need to be aware of that.
And lastly, we have buffer overflow now buffer overflow attacks are a little bit of a a little bit of a high end topic, but let's see if we could explain them a bit.
We're talking about buffer overflows.
We're talking about data over running into other sections of memory and potentially executing arbitrary code, potentially potentially
potentially executing code that is causing our computers to do something that we don't want them to.
when a program on working up we're going to create, we're gonna do a very, very simplistic representation of what? A buffer overflow. Is this something that you find more interesting, which I know. I sure do feel free to go into look into programming and looking to our other programming sections
now. Ah, buffer overflow is when data executes
our program. We have something called the Stack.
This is gonna be a very, very simplistic overview.
And when on the stack is essentially a section of our men are computer memory where we can store variables, we can store data for our program to run because our pro different for different programs need some section of memory so that they can run so that they can execute code.
So when our program starts,
it's going to create something called a buffer
that is a section of memory that it reserves for its program. It's a section of memory that it reserves for its program reserves. For a variable, it was variable being a
piece of essentially
and something that equals something. So if we have a program that asks us for user input, it may create a buffer that says, Okay, I want you to save this much space in memory for that user input. So when the user enters in the input,
I could just save it right here, and I'm gonna make this buffer this big.
So it's sort of our buffer is our box that we can put things into in our memory that we say that our program saves for us
and essentially a very, very simplistic view of a buffer. Overflow
is an ex point or is a vulnerability in a program that
our buffer is just a set is just a section of memory
and after. Our buffer
is other information in our memory. It could be the same. This information in memory could be our same program, or it could be a completely different program.
Now when our buffer overflow runs. Essentially, what's happening is we're writing
in a very, very, very simplistic view. We're writing more data than can fit into that buffer.
So we're writing more than and then conf it, then conf it into this. So our program,
instead of fault checking this is just going to overwrite
the memory after the buffer.
And this could be something completely different. This could be a completely different program, but we're gonna overwrite that
Typically speaking, if this was an accident, then this may just cause some corruption of data in our memory. This may cause a program to crash may cause some other errors on our computer, but it may not be anything or anything really too bad. But if this is a malicious attacker, if this is someone legitimately trying to exploit a program,
overwrite this following data
and may overwrite this following data with information that allows them to execute commands on our computer.
approach any program that is writing this information to memory. They perform their ableto, successfully perform a buffer, overflow and then they're able to perform things such a system calls they're able to perform things that essentially tell our computer to just start running commands and they're able to exploit our computer.
They can get back door access into our computer. They can exploit that program.
There's a lot more to this than we're making it seem right here. But
in a nutshell. If you didn't get any of that, just take away that. A buffer overflow is a vulnerability in a program. So it's it's a vulnerability of something that we install. It's a coding vulnerability in something that we install on our computer.
So in order to mitigate Buffalo overflows, we need to do things. Unless Royal Programmer before a programmer, There's a lot of things that we need to do to help mitigate buffer overflows. But if we're just a systems administrator or a network in administrator, what we need to do to mitigate buffer overflows is to install patches and have a regular patch cycle
for the programs on our computers.
unless world programmer,
we're not going to be going in and changing the programming and we're not going to be going in and doing a dissection of the programming on all of the programs that we allow on our network. What we are going to do is we're going to make sure that we leave that to the programmers of the actual software. What we do is we Whenever they release patches,
we need to make sure that we're pushing those patches out to our computer.
So for us, it's systems administrators for us, his network administrators in order to mitigate buffer overflows. We make sure that before we allow software to be installed on our computers, we have test cycles of the software. We make sure that we check. It's that software security rating. Make sure that there's no known vulnerabilities for that software that have been unpatched. And when patches do come out,
we test cycle those, and we roll those out as soon as possible
in order to prevent those from being vulnerable.
So enough about forever flows. We talked about quite a few different attacks here. We've talked about our denial of service attack, distributed denial of service, attack me in the middle middle of tax, talked about our social engineering viruses and malware, and then a little bit about buffer overflows. So let's go ahead and let's move on. And now let's talk about some packet sniffing