What are the two main types of rootkits?
What is the difference between these two types based on?
What do the user-mode rootkits replace?
What are the most common targets?
What are the kernel-mode rootkits?
What does the term “Trojan horse program” refer to?
What is the difference between rootkits and conventional Trojans?
Task 16. Translate the sentences, paying attention to the words in bold:
1. The more haste, the less speed.
2. The broader the knowledge available, the sooner are difficulties explained.
3. The more is known about the system model, the better these parameters may be adjusted.
4. The greater the benefits these systems bring to our well-being and quality of life, the greater the potential for harm when they fail to perform their functions or perform them incorrectly.
5. There is an old adage that goes something like this: “The more you have, the more you can lose”. In the world of computer hard drives, this warning is all too true.
6. The basic theory is that the stronger the password, the longer it might take to crack that password.
7. It’s fair to say thatthe more people who know a secret, the more likely it is that the secret will become public knowledge.
8. When we are attempting to authenticate a claim of identity, the more factors we use, the more positive our results will be.
9. The longer a threat uses the same behaviour the more likely it is that defenses will detect and deploy countermeasures against it.
10. Logically, the more information assets we identify as being critical, the more involved this step becomes.
Task 17. Translate the sentences paying attention to the gerund:
1. Applying patches that close vulnerabilities is one of the most important measures in preventing rootkits from being installed.
2. Using one-time passwords is an example of strong authentication method.
3. As stated previously, discovering most rootkits is difficult because so much information about the attacks that led to their being installed is deleted or suppressed; considerable time, effort and technical prowess are thus likely to be necessary.
4. Monitoring network activity is another effective method for detecting rootkits.
5. A relatively new attack vector for installing rootkits is spyware.
6. Strong authentication means using authentication methods that are considerably more difficult to defeat.
7. There is one comforting thought, however - no attacker or rootkit, no matter how proficient, is capable of hiding all information about an attack, including the presence of a rootkit that has been installed.
|
|
|
8. Prophylactic measures are measures that prevent rootkits from being installed, even if an attacker has superuser privileges.
9. Nonrepudiation refers to a situation in which sufficient evidence exists as to prevent an individual from successfully denying that he or she has made a statement, or taken an action.
10. Information was hidden by a wide variety of codes, by tattooing them on the shaved heads of messengers and then allowing the hair to grow, and by a multitude of other methods.
Task 18.Read and translate the text:
Text 2D. Rootkits and Security-related Risk
Essential Vocabulary
cure n - средство
deed n - действие
deleterious adj – вредный, опасный
eradicate v - уничтожить
glean v – собирать
infraction n – нарушение
outcome n – результата, последствие
rummage v – изучать, тщательно исследовать
sordid adj – корыстный, низкий
Rootkits considerably raise the level of security-related risk that organizations face, namely by increasing the cost of incidents, increasing the probability of backdoor access, putting organization's machines at risk of becoming part of botnets, and exposing organizations to the risk of confidentiality infractions because of unauthorized capture of information.
Although rootkits do not break into systems per se, once they are installed on systems they are (unless they are poorly designed or written) usually extremely difficult to identify. They can reside on compromised systems for months without anyone, the most experienced system administrators included, suspecting that anything is wrong. The cost of security breaches is proportionate to their duration; anything that increases duration escalates incident-related costs.
As rootkits usually include backdoors, they substantially raise the probability that even if effective security measures are in place, attackers will gain unauthorized remote access to systems. Because rootkits are so difficult to discover, whoever gains such access can rummage through the contents of files within the compromised system to glean sensitive and other information. The fact that access of this nature is normally with superuser-level privileges means not only that attackers can remotely access systems any time they wish, but also that they have complete control to do anything that they want with each system that they access in this manner.
|
|
|
Rootkits often run in connection with botnets. A bot is a malicious executable that is under the control of a master program used by an attacker to achieve a variety of malicious goals. A botnet is comprised of multiple bots that respond to a central source of control. Botnets may be used for numerous sordid purposes; one of the worst is distributed denial of service (DDoS) attacks. Some rootkits function as bots within massive botnets that if not detected can produce deleterious outcomes. If bots are discovered early enough, they can be eradicated without their having had sufficient time to accomplish their goals, but rootkits are normally extremely hard to find, reducing the probability of discovering and deleting bots before they can do their sordid deeds.
Another area of risk that rootkits can introduce is having sensitive information such as credit card numbers and personal identification numbers (PINs) used in banking transactions captured by keystroke and terminal loggers that are part of rootkits. Keystroke loggers capture every character entered on a system, whereas terminal loggers, which pose even greater risk than do keystroke loggers, capture all input and output, not just keystrokes. Keystroke and terminal loggers are often used in connection with identity theft. Additionally, keystroke and terminal loggers are frequently used to steal logon credentials, thereby enabling successful attacks on systems on which the credentials are used. Keystroke and terminal loggers can also glean encryption keys, thereby enabling successful cryptanalysis attacks that result in the ability to decrypt encrypted information.
|
|
|
Rootkit Prevention
Prevention is the best cure; adopting measures that prevent rootkits from being installed is far better than having to detect and eradicate them after they are installed. In a way the term "rootkit prevention" does not make sense, however, because rootkit installation is something that occurs after a system is compromised at the superuser level. The one essential element in preventing rootkits from being installed, therefore, is keeping systems from being compromised in the first place. Some measures that accomplish this goal include using prophylactic measures, running software that detects and eradicates rootkits, patch management, configuring systems appropriately, adhering to the least privilege principle, using firewalls, using strong authentication, practicing good security maintenance, and limiting compilers.
Task 19.Translate the following word combinations:
А именно; сами по себе (непосредственно); если не; пробелы в защите; эффективные меры безопасности; сложно обнаружить; изучить содержимое файлов; собирать важную информацию; вредоносные цели; многочисленные корыстные цели; опасные последствия; намного лучше; в первую очередь.
Task 20.What do the following abbreviations stand for?
DDoS, PIN, SSH, IDS, IPS, i.e., e.g.
Task 21. Answer the questions:
Дата добавления: 2018-04-15; просмотров: 278; Мы поможем в написании вашей работы! |
Мы поможем в написании ваших работ!