Note

If you cannot find what you are looking for. Please visit our sitemap

Monday, 9 March 2015

Types of Malicious Programs and Firewall

                                 Malicious Programs

Virus:

Attaches itself to a program and Propagates copies of itself to other  programs.

Worms:

Program that propagates copies of itself to other computers.

Logic Bombs:

Triggers action when condition occurs.

Trojan Horse:

Program that contains unexpected additional functionality.

Back Door:

Program modification that allows unauthorized access to functionality.

Exploits:

Code specific to a single vulnerability or set of vulnerabilities.

Downloader:

Program that installs other items on a machine that is under attack usually, a downloader is sent in an e-mail.

Auto Rooter:

Malicious hacker tools used to break into new machines remotely.

Kit (Virus generator):

Set of tools for generating new viruses automatically.

Spammer Programs:

Used to send large volumes of unwanted e-mails.

Flooder:

Used to attack networked computer systems with a large volumes of traffic to carry out a DOS attack.

Keyloggers:

Captures key strokes on a compromised system.

Rootkit:

Set of hacker tools used after attacker has broken into a computer system and gained root-level access.

Zombie:

Program activated on a infected machine that is activated to launch attacks on other machines. 


Phases of Virus:

  1. Dormant Phase
  2. Propagation Phase
  3. Triggering Phase
  4. Execution Phase

Types of Viruses:

  1. Parasitic Virus
  2. Memory Resident Virus
  3. Boot Sector Virus
  4. Stealth Virus
  5. Polymorphic Virus
  6. Metamorphic Virus

                                          Firewall:

A firewall is hardware, software, or a combination of both that is used to prevent unauthorized programs or Internet users from accessing a private network and/or a single computer.

Hardware vs. Software Firewalls: 

Hardware Firewalls:

  1. Protect an entire network 
  2. Implemented on the router level 
  3. Usually more expensive, harder to configure

Software Firewalls:

  1. Protect a single computer
  2. Usually less expensive, easier to configure

Feature of Firewall:

 
Sits between two networks:
  • Used to protect one from the other
Packet Filtering:
  • Rejects TCP/IP packets from unauthorized hosts and/or connection attempts to unauthorized hosts
Network Address Translation (NAT)
  • Translates the addresses of internal hosts so as to hide them from the outside world
  • Also known as IP masquerading
Proxy Services:
  • Makes high level application level connections to external hosts on behalf of internal hosts to completely break the network connection between internal and external hosts
Encrypted Authentication:
  • Allows users on the external network to authenticate to the Firewall to gain access to the private network
Virtual Private Networking:
  • Establishes a secure connection between two private networks over a public network
  • This allows the use of the Internet as a connection medium rather than the use of an expensive leased line




Virus Scanning:
  • Searches incoming data streams for virus signatures so there may be blocked



Content Filtering:
  • Allows the blocking of internal users from certain types of content.
  • Usually an add-on to a proxy server
  • Usually a separate subscription service as it is too hard and time consuming to keep current


VPN and Firewall:
  • Many firewall products include VPN capabilities. But, most Operating Systems provide VPN capabilities
  • Encrypted Authentication: Many enterprises provide their employees VPN access from the Internet for work at home programs or for employees on the road 

How does a software firewall work?

  • Inspects each individual “packet” of data as it arrives at either side of the firewall
  • Inbound to or outbound from your computer 
  • Determines whether it should be allowed to pass through or if it should be blocked  

Firewall Rules 

  • Allow – traffic that flows automatically because it has been deemed as “safe” (Ex. Meeting Maker, Eudora, etc.) 
  • Block – traffic that is blocked because it has been deemed dangerous to your computer 
  • Ask – asks the user whether or not the traffic is allowed to pass through

Written By: Asad Hussain.

1 comment: