Malicious Programs
Virus:
Attaches itself to a program and Propagates copies of
itself to other programs.
Worms:
Program that propagates copies of itself to other computers.Logic Bombs:
Triggers action when condition occurs.Trojan Horse:
Program that contains unexpected additional functionality.Back Door:
Program modification that allows unauthorized access to functionality.Exploits:
Code specific to a single vulnerability or set of vulnerabilities.Downloader:
Program that installs other items on a machine that is under attack usually, a downloader is sent in an e-mail.Auto Rooter:
Malicious hacker tools used to break into new machines remotely.Kit (Virus generator):
Set of tools for generating new viruses automatically.Spammer Programs:
Used to send large volumes of unwanted e-mails.Flooder:
Used to attack networked computer systems with a large volumes of traffic to carry out a DOS attack.Keyloggers:
Captures key strokes on a compromised system.Rootkit:
Set of hacker tools used after attacker has broken into a computer system and gained root-level access.Zombie:
Program activated on a infected machine that is activated to launch attacks on other machines.Phases of Virus:
- Dormant Phase
- Propagation Phase
- Triggering Phase
- Execution Phase
Types of Viruses:
- Parasitic Virus
- Memory Resident Virus
- Boot Sector Virus
- Stealth Virus
- Polymorphic Virus
- Metamorphic Virus
Firewall:
A firewall is hardware, software, or a combination of both that is used to prevent unauthorized programs or Internet users from accessing a private network and/or a single computer.Hardware vs. Software Firewalls:
Hardware Firewalls:
- Protect an entire network
- Implemented on the router level
- Usually more expensive, harder to configure
Software Firewalls:
- Protect a single computer
- Usually less expensive, easier to configure
Feature of Firewall:
Sits
between two networks:
- Used to protect one from the other
Packet Filtering:
- Rejects TCP/IP packets from unauthorized hosts and/or connection attempts to unauthorized hosts
Network Address Translation (NAT)
- Translates the addresses of internal hosts so as to hide them from the outside world
- Also known as IP masquerading
Proxy Services:
- Makes high level application level connections to external hosts on behalf of internal hosts to completely break the network connection between internal and external hosts
Encrypted Authentication:
- Allows users on the external network to authenticate to the Firewall to gain access to the private network
Virtual Private Networking:
- Establishes a secure connection between two private networks over a public network
- This allows the use of the Internet as a connection medium rather than the use of an expensive leased line
Virus Scanning:
- Searches incoming data streams for virus signatures so there may be blocked
Content Filtering:
- Allows the blocking of internal users from certain types of content.
- Usually an add-on to a proxy server
- Usually a separate subscription service as it is too hard and time consuming to keep current
VPN and Firewall:
- Many firewall products include VPN capabilities. But, most Operating Systems provide VPN capabilities
- Encrypted Authentication: Many enterprises provide their employees VPN access from the Internet for work at home programs or for employees on the road
How does a software firewall work?
- Inspects each individual “packet” of data as it arrives at either side of the firewall
- Inbound to or outbound from your computer
- Determines whether it should be allowed to pass through or if it should be blocked
Firewall Rules
- Allow – traffic that flows automatically because it has been deemed as “safe” (Ex. Meeting Maker, Eudora, etc.)
- Block – traffic that is blocked because it has been deemed dangerous to your computer
- Ask – asks the user whether or not the traffic is allowed to pass through
very helpful
ReplyDeletePost a Comment