This course examines malicious software detection and malicious software defenses including tripwire and signature software techniques. Viruses, worms and Trojan horses, logic bombs, malicious CGI scripts will be discussed. Students will review the anatomy of well-known viruses and worms to understand how they work. Mobile code issues as they apply to web and application technologies and resulting insecurities will be discussed in detail. Students will then review the underlying methodologies used by the anti-virus vendors and freeware offerings to protect electronic assets from harm or other compromise.
Learning Objectives
- Describe the impacts of malicious code on the Confidentiality, Integrity and Availability (CIA) model of network security.
- Define malicious code and types not limited to viruses, worms, Trojan Horses, Back Doors, Root Kits and Botnets.
- Understand the U.S. government National Vulnerability Database (NVD) repository of standards based vulnerability management data that enables automation of vulnerability management, security measurement, and compliance.
- Understand Malware naming methodologies, the challenges with consistency between anti-virus vendors and why malicious code names may vary from vendor to vendor.
- Describe the threat created by people and organizations that generate malicious code and computer network attack and the motives for writing malicious code. Threats include the sub-culture of malicious coders, script kiddies, disgruntled employees, organized crime and state sponsored cyber warfare organizations.
- Describe how malicious code may attack computer applications, operating systems, and computer hardware, network protocols to exploit vulnerabilities.
- Describe malicious code defense mechanisms and obfuscation techniques such as wrapping, stripping, encryption, polymorphism, metamorphism and mimimorphism.
- Describe how malicious code may attack, stand-alone systems, virtual machines, networked devices, Cloud Environments, mobile devices and Supervisory Control and Data Access (SCADA) Devices.
- Describe the Cyber Attack Lifecycle/Cyber Kill Chain including Supply Chain Risks and approaches to defend against and malicious code at the system level and malicious attacks throughout an enterprise environment.
- Describe and discuss various aspects of Static Malware Analysis and Dynamic Vulnerability Assessment tools and techniques. Students will conduct simple Static Analysis of Windows Portable Executable Files.