Студопедия  
Главная страница | Контакты | Случайная страница

АвтомобилиАстрономияБиологияГеографияДом и садДругие языкиДругоеИнформатика
ИсторияКультураЛитератураЛогикаМатематикаМедицинаМеталлургияМеханика
ОбразованиеОхрана трудаПедагогикаПолитикаПравоПсихологияРелигияРиторика
СоциологияСпортСтроительствоТехнологияТуризмФизикаФилософияФинансы
ХимияЧерчениеЭкологияЭкономикаЭлектроника

Text 1B. Adaptive Threats and Defenses

Читайте также:
  1. Potential Bomb Threats and Countermeasures

Essential Vocabulary

abuse n – злоупотребление, неправильное использование

counter v – противостоять

counteract v – противодействовать, препятствовать, нейтрализовать

defense n – защита

deviation n - отклонение

emergence n - появление

encounter v – сталкиваться

evolve v – развиваться

exploit v – использовать, разрабатывать

malware n – вредоносное ПО

objective n - цель

penetration n - проникновение

predominately adv – особенно, преимущественно

prevent from v - предотвращать, препятствовать

pursue v – предпринимать, проводить

realm n – сфера, область

retain v - сохранять

rival n – конкурент, противник

seek (sought – sought) v – искать, пытаться, стремиться

slight adj – незначительный

spyware n – шпионское ПО

survive v – выживать, сохранять работоспособность

threat n – опасность, угроза

vulnerability n – уязвимость

The survival of living organisms is often dependent on their ability to compensate for changes in their environment. The ability of an organism to compensate for changes encountered is referred to as adaptation. Predominately, the methods of adaptation involve changes in the organism's behavior, physical characteristics, or both. Some creatures are able to learn new skills or tricks that allow them to cope when changes occur. In other cases an organism might undergo a genetic mutation that provides it with a slight advantage over its rivals allowing it to survive better the changed conditions. Adaptation can also occur with the combination of altered behaviors and new mutations. The ability to adapt is also exhibited in the cyber realm by threats and defenses.

Threats and defenses have evolved over the years. The emergence of the first forms of malware and hacker tools was followed by defensive tools and techniques. As new methods of attack are pursued defensive measures arise to counter the threat. This constant struggle between attackers and defenders is sometimes referred to as an ongoing arms race. The goals of attackers and defenders are equally opposed to each other. Attackers seek to exploit a system while the defenders attempt to prevent compromises. The objectives for each of these competitors could be summarized with the following:

Threat Objectives Defense Objectives
Discover new weaknesses Counteract known threats
Exploit new and old vulnerabilities Detect deviations from normal activity
Hide presence Identify abuse of the system
Retain a foothold in compromised systems Mitigate known vulnerabilities

Over time the objectives of threats and defenses have not changed much. However, the methods used to achieve their objectives have substantially evolved. In the early days, threats were single purpose and could be generally categorized according to its attack vector. Initially, the taxonomy of malware was predominately marked by viruses, worms, backdoors, keystroke loggers, and Trojan horses. Human threats included hackers, crackers, and social engineers. Adaptations soon appeared with the emergence of malware such as spyware and remote-access Trojans. Similarly, the human threat evolved with the new uses of spam and phishing techniques. More recently threats and defenses began to exhibit adaptability by using techniques from different categories. The use of multiple categories is regarded as a compound threat or defense.

Attackers quickly learned that combining attack vectors enabled deeper penetration and more automation. Malware authors began to incorporate a variety of attack methods into their code. Instead of a worm simply infecting one system after another through a single exploit, it would drop packages enabling further compromise of the system. Bots, for example, are a recent evolutionary step in malware that are perhaps the most troubling. They automate much of the manual activity previously accomplished with hacker tools.

To a lesser extent compound defenses have emerged. Many security products now incorporate multiple defensive measures such as antivirus, anti-spyware, phishing filters, spam blockers and firewalls. These efforts appear to be more about consolidation and rivalry between the products of security vendors as opposed to focused efforts to compete against malicious code. The impact of compound defenses seems much less substantial than the effect of compound attacks.

 

Task 8. Translate the following word combinations:

To provide with a slight advantage over the rivals; in other cases; the emergence of the first forms of malware and hacker tools; defensive tools and techniques; an ongoing arms race; the objectives of threats and defenses; to a lesser extent; similarly.

 

Task 9. Find in the text a word that has the same or a similar meaning to the following:

 

Capability, happen, benefit, develop, aim, misuse, instrument, appearance, field, influence.

Task 10. Answer the questions:

1. What does the survival of living organisms often depend on?

2. What do methods of adaptation involve?

3. What are the goals of attackers/defenders?

4. Have the objectives of threats and defenses changed much over the years?

5. How did threats evolve over the time?

6. Can you explain the difference between a threat and vulnerability?

Task 11. Translate the following sentences, paying attention to the infinitives:

1. The information provided in this book can be used to develop a better understanding of how we protect our information assets and defend against attacks, as well as how to apply these concepts practically.

2. In order to mitigate risk, we use three main types of controls: physical, logical, and administrative.

3. Such data is used to make decisions that can impact our lives for better or worse.

4. New techniques and products are emerging to make it easier for technical staff to identify rootkits on compromised machines.

5. Finally, before recovery can be considered complete, a vulnerability scan of the compromised system should be performed to verify that no unpatched vulnerabilities exist.

6. In most cases it is far better to make a backup of virtually everything on the compromised system's hard drive as soon as possible.

7. In order for two Enigma machines to communicate, they needed to be configured identically.

8. The information security community in general and security vendors in particular have been slow to react to rootkit-related risks.

9. The ultimate goal in performing assessments of either type is to find and fix vulnerabilities before any attackers do.

10. The goal is to place enough defensive measures between our truly important assets and the attacker so that we will both notice that an attack is in progress and also buy ourselves enough time to take more active measures to prevent the attack from succeeding.

11. No matter how busy people are, they are never too busy to stop and talk about how busy they are.

12. If we have obvious security measures in place that are visible to those who might want to violate our security, such as guards, dogs, well-lit areas, fences, and other similar measures, our would-be criminal might decide we are too difficult a target to be worth the effort.

Task 12. Read and translate the text:

Text 1C. Has the end of Antivirus arrived?

Essential Vocabulary

approach n – подход, метод

compromise v – подвергать опасности

escape v – избегать, избавляться

flaw n – недостаток, дефект

guard v – защищать, предохранять

lag behind v – запаздывать, отставать

merely adv – только, просто

refine v – улучшать, усовершенствовать

resolve v – решать

safe adj – безопасный, защищенный

spot v – установить, определить

suite n – комплект, набор

suspicious adj - подозрительный

vendor n – производитель, поставщик

Vendors are claiming that the end of antivirus is upon us. Antivirus scans have proven to be very ineffective but are the traditional way of identifying new viruses, with many of the most popular antivirus programs detecting 50-70% of the viruses and only 2% of viruses are detected by all antivirus scan types. This leaves everyone in a very vulnerable position. Others say it is far too early to write off antivirus software altogether as although antivirus may not be the perfect solution it is all we have to rely on presently, new defenses are only at the start up stage of evolution.

It is no secret that antivirus is very ineffective when it comes to detecting malware. Some may work slightly better than others however none are perfect. The problem we face is the speed at which malware is being developed. The previous malware being developed as a joke or to impress others is no longer the case; the development of malware is now pursued by established, professional and purposeful entities and has grown as crime-ware. The malware our antivirus is now up against is refined and intentionally coded to escape detection from the various antivirus suites available.

Most antivirus systems will detect common malware threats however they are powerless at detecting the new targeted malware which is increasingly found in business networks today. Antivirus is a reactive technology meaning the virus first needs to be studied to identify its ‘signature’ before a program can be developed to remove it. This ‘reactive’ process is part of the problem as it can take from a couple of hours to many years to resolve, leaving a gap for excessive damage to occur.

Many businesses still view antivirus as an essential layer in their security but are looking to invest in other technologies to strengthen their security and meet today’s threats.

Antivirus still has an important role to play, guarding against common threats however businesses need to ensure that they have a multi-layered approach to information security as there isn’t a single technology offering complete protection against targeted attacks.

With new virus strains growing exponentially, from under 10 million to 49 million in 10 years, and the incapability for antivirus to keep up other options must be explored.

With the advance of computing into the world of mobility malicious apps are now compromising our mobile devices too. The ‘Baddies’ are continuing to get better at what they do whereas antivirus is lagging behind. We desperately require an all-inclusive solution.

Antivirus used alone merely offers us an illusion of security.

What alternatives do we have? A variety of technologies are being developed to improve antivirus security and companies are becoming creative when it comes to developing new forms of security. Some of the routes being explored include the following:

· Behaviour-based blocking looks at file characteristics, including the time of development and the locations where it’s been installed, before allowing it to run. 75% of the malware is detected through alternate technologies such as these.

· Building defenses into programs such as browsers that block software flaws which would potentially be exploited by malware;

· Instead of blocking the ‘bad’, as antivirus and perimeter firewalls are meant to do, another technology monitors access to servers, databases and files looking for suspicious activity;

· Whitelisting is an approach that only allows traffic through that the system knows is safe, not allowing unknown files to run on the machine;

· Investigating the source of attack, the threat source, enabling issuing of early warning signs so that businesses are prepared for the potential threat;

· Web crawlers that search web pages to find executables that are malware. Once identified a warning can be issued or the malware blocked;

· Monitoring and spotting unusual behaviour and clean up after attack seems to be the alternate approach in the future;

· Isolating business apps in a virtual environment, inspecting it for suspicious activity, before taking an informed decision whether to let the traffic through or not.

 

Task 13. Translate the following word combinations:

The start up stage of evolution; common malware threats; to escape detection;

it can take a couple of hours; a multi-layered approach to information security; complete protection against targeted attacks; an all-inclusive solution; software flaws; to look for suspicious activity; the threat source.

Task 14. Answer the questions:

1. Why are some vendors claiming that the end of antivirus is upon us?

2. What is the main disadvantage of most antivirus systems?

3. Why is antivirus called a reactive technology?

4. What is the main goal of antivirus systems?

5. What alternative solutions are being developed to improve antivirus security?

Task 15. Translate the following sentences, paying attention to the infinitive constructions:

1. In essence, administrative controls set out the rules for how we expect the users of our environment to behave.

2. Particularly after the terrorist attacks of 9/11 in the United States, we have seen the level of security at airports increase, much of it oriented in the direction of access controls.

3. Most experts expect anomaly-based detection to become more widespread in IDSs.

4. If you expect the data entered into your machine today to be there in a few weeks, and to remain unread by anyone, then the machine is secure.

5. It’s no wonder that most organizations consider insiders to be a much greater threat to IP than outside hackers or malware.

6. The term bug being used to indicate a problem in a computer system originated in September 1947. In this case, a system being tested was found to have a moth shorting two connections together and causing the system to malfunction. When the moth was removed, the system was described as having been debugged.

7. The Caesar cipher is a classic example of ancient cryptography and is said to have been used by Julius Caesar.

8. Intrusion prevention is known to be a promising prophylactic measure.

9. Firewalls are also considered to provide some measure of proactive defense against rootkit installation.

10. Rootkits are expected to become even more complex over time.

11. Among the clues that are likely to be available are subtle changes in the system.

12. Unexplained changes in systems are sure to be excellent potential indicators of the presence of rootkits.

13. Discovering all the changes and software replacements is likely to be an almost impossible task.

14. Browser attacks are very common and are likely to succeed against systems that have not been hardened against them specifically.

15. The problem is unlikely to be solved any time soon.

16. Malware seems to appear whenever a large enough number of users share a computing platform.

17. Such breaches seem to happen with disturbing regularity, and we can generally find a current example of one through a brief search of the news media.

Task 16. Read and translate the text:

 




Дата добавления: 2015-01-07; просмотров: 67 | Поможем написать вашу работу | Нарушение авторских прав




lektsii.net - Лекции.Нет - 2014-2024 год. (0.017 сек.) Все материалы представленные на сайте исключительно с целью ознакомления читателями и не преследуют коммерческих целей или нарушение авторских прав