You have 3 free guides left 😟
Unlock your guides
Unlock Cram Mode
You have 3 free guides left 😟
Unlock your guides

9.3 Malware and intrusion detection

4 min readaugust 15, 2024

and intrusion detection are crucial aspects of operating system security. From viruses to , malicious software poses significant threats to computer systems, compromising data integrity and user privacy. Understanding these risks is essential for developing effective defense strategies.

Intrusion detection systems, , and firewalls form a multi-layered approach to system protection. These tools work together to identify, prevent, and mitigate security breaches, while regular system updates patch vulnerabilities and strengthen overall system resilience against evolving threats.

Malware Types and Impact

Common Malware Categories

Top images from around the web for Common Malware Categories

  • What is Ransomware? – Practical Help for Your Digital Life® View original

    Is this image relevant?

  • What is Malware? 5 Tips for Malware Protection View original

    Is this image relevant?

  • What is Ransomware? – Practical Help for Your Digital Life® View original

    Is this image relevant?

1 of 3

Top images from around the web for Common Malware Categories

  • What is Ransomware? – Practical Help for Your Digital Life® View original

    Is this image relevant?

  • What is Malware? 5 Tips for Malware Protection View original

    Is this image relevant?

  • What is Ransomware? – Practical Help for Your Digital Life® View original

    Is this image relevant?

1 of 3
  • Malware encompasses harmful programs designed to infiltrate and damage computer systems without user consent
  • Viruses self-replicate by attaching to executable files, spreading when infected files run
    • Potentially corrupt or destroy data
    • Example: Melissa spread through email attachments
  • Worms propagate independently across networks
    • Consume system resources
    • May carry malicious payloads
    • Example: ILOVEYOU infected millions of Windows computers
  • Trojans disguise as legitimate software to trick users into installation
    • Often create backdoors for unauthorized system access
    • Example: Zeus Trojan targeted banking information

Advanced Malware Types

  • Ransomware encrypts user data and demands payment for decryption
    • Renders files inaccessible
    • Potentially causes data loss
    • Example: WannaCry ransomware attack affected over 200,000 computers globally
  • covertly collects user information
    • Compromises privacy and security
    • Transmits sensitive data to malicious actors
    • Example: Pegasus spyware targeted mobile devices for surveillance
  • Rootkits conceal the presence of other malware
    • Make detection and removal challenging
    • Operate at a low level in the system
    • Example: Sony BMG hidden on music CDs

Intrusion Detection Principles

IDS Fundamentals

  • monitor network or system activities for malicious actions
  • Produce reports to management stations on potential security violations
  • compares events to known attack signatures
    • Effectively identifies known threats
    • May miss novel attacks
    • Example: Snort IDS uses signature-based detection
  • establishes normal system behavior baseline
    • Flags deviations from the norm
    • Capable of detecting unknown threats
    • Prone to false positives
    • Example: IBM QRadar SIEM uses anomaly-based detection

IDS Types and Advanced Techniques

  • (HIDS) monitors internals of a computing system
    • Analyzes file systems, system calls, and application logs
    • Example: OSSEC is a popular open-source HIDS
  • (NIDS) analyzes traffic across multiple hosts
    • Detects suspicious patterns or known attack signatures
    • Example: Suricata is a high-performance NIDS
  • compares events with benign protocol profiles
    • Detects deviations from expected behavior
    • Example: Bro (now Zeek) Network Security Monitor uses protocol analysis
  • and improve detection accuracy
    • Adapt to evolving threats
    • Example: Darktrace uses AI for threat detection

Antivirus and Firewalls

Antivirus Software Functionality

  • Antivirus software scans files and system memory for known malware signatures
  • Detects and removes threats based on suspicious behavior patterns
  • identifies unknown malware
    • Detects suspicious code structures or behaviors
    • Example: Kaspersky's System Watcher uses heuristic analysis
  • continuously monitors system activities
    • Provides immediate threat detection and prevention
    • Example: Windows Defender offers real-time protection

Firewall Types and Features

  • Firewalls control traffic between trusted internal and untrusted external networks
  • Stateful inspection firewalls maintain records of all connections
    • Make filtering decisions based on packet contents and context
    • Example: iptables in Linux supports stateful inspection
  • Application layer firewalls inspect traffic based on specific protocols
    • Provide granular control over network communications
    • Example: Palo Alto Networks' Next-Generation
  • Next-generation firewalls (NGFW) combine traditional and advanced features
    • Include intrusion prevention, deep packet inspection, and application awareness
    • Example: Cisco Firepower NGFW

System Updates and Patches

Importance of Regular Updates

  • Software vulnerabilities are continually discovered
  • Timely patches address security flaws before exploitation by attackers
  • Operating system updates include security enhancements and bug fixes
    • Strengthen system resilience against threats
    • Example: Microsoft's Patch Tuesday releases regular security updates
  • Patch management systems automate update processes
    • Ensure consistent and timely application of security patches
    • Example: WSUS (Windows Server Update Services) for enterprise patch management

Update Strategies and Considerations

  • pose significant risks until patches are developed
    • Emphasize need for rapid response to newly discovered threats
    • Example: Heartbleed vulnerability in OpenSSL required urgent patching
  • Regular updates to antivirus and IDS maintain up-to-date threat databases
  • Failure to apply updates leaves systems vulnerable to known
    • Can lead to data breaches or system compromises
    • Example: WannaCry ransomware exploited unpatched Windows systems
  • Testing patches in controlled environments ensures compatibility
    • Prevents unintended disruptions to critical systems
    • Example: Using test environments to validate patches before production deployment
© 2024 Fiveable Inc. All rights reserved.
AP® and SAT® are trademarks registered by the College Board, which is not affiliated with, and does not endorse this website.
Fiveable
About Us
About FiveableBlogCareersTestimonialsCode of ConductTerms of UsePrivacy PolicyCCPA Privacy Policy
Resources
Cram ModeAP Score CalculatorsStudy GuidesPractice QuizzesGlossaryCrisis Text LineRequest a Feature
Stay Connected
© 2024 Fiveable Inc. All rights reserved.
AP® and SAT® are trademarks registered by the College Board, which is not affiliated with, and does not endorse this website.
About Us
About FiveableBlogCareersTestimonialsCode of ConductTerms of UsePrivacy PolicyCCPA Privacy Policy
Resources
Cram ModeAP Score CalculatorsStudy GuidesPractice QuizzesGlossaryCrisis Text LineRequest a Feature
© 2024 Fiveable Inc. All rights reserved.
AP® and SAT® are trademarks registered by the College Board, which is not affiliated with, and does not endorse this website.
Back
Glossary
Glossary
Next