Introduction to Information Security – Part 7

Info Sec cloud image - green_2Antivirus

The virus is a type of software that protects your computer from all types of malicious program that perpetrates on your computer without your consent. These malicious programs are intrusive, hostile and annoying. The different types of malicious programs can be:

  1. Computer viruses: This type of hostile software acts similar to the virus infecting humans. As soon as he enters your computer, huddles quietly, until it finds an executable software that helps to spread similar to a host. It transmits actively up on all computers that are connected to the network and destroy all important software.
  2. Worm: This is very similar to the virus but it does not need an executable to spread. It automatically spreads and destroys all important software as well.
  3. Spyware: This pest program is quite different from viruses and Trojan horses, but it is also harmful. It does not spread like viruses, but he continuously maintains the appearance of pop-ups to convince the users to install a paid version that treacherously promises to protect your computer, or something. This program secretly collects personal information such as credit cards, social security number, usernames and passwords on your computer and remotely sends to another computer almost in real time.
  4. Adware: It is somewhat similar to spyware, but its main goal is advertisement. There might even be, but in general can not be considered a malicious program because it comes on your computer with his consent. However, it can fill you with advertisements; with pop-ups and banner ads.
  5. Grayware: This software is widely used for all computer programs that are annoying but not necessarily totally destructive. It includes programs such as adware, joke programs, and dialers.

The antivirus must always be updated with the latest virus definitions to continue protecting your computer from new threats that arise periodically. Importantly, no matter how good your antivirus and is always up to date, if the user, recklessly, low all kinds of unknown program without certificates bearing in mind that the antivirus is protecting is doing wrong because there is still risk. There are many users who choose not to use any antivirus because they know what they are downloading and installing, but it’s a personal decision, not recommended for paranoid.

The antivirus is now a requirement for every computer / server that is interconnected in a network or connected over the internet. Even an independent computer needs an antivirus installed. This is because the virus can affect not only your computer over the internet but can also infect it from external storage devices connected to your computer temporarily.

Firewall

A firewall can be both a software and a hardware. A hardware firewall is a device that is plugged into your network physically. It is a small metal box with doors. It is connected between the network and the computer. However, it is right to enterprises and large networks and is not commonly used.

The firewall software is most commonly used to protect data through constant inspection of incoming and outgoing IP packets. The firewall acts like a doorman from a security network and an unprotected and permits or denies the passage of traffic based on security policies configured in the firewall. It ensures that nothing personal between skirt and nothing malicious.

The firewall requires a proper understanding of network endpoints and the day-to-day business, how it can be configured correctly. Without proper configuration, there is no use. It can be one or more of the following types:

  1. Strainer packages: As the name suggests, the strainer firewall packages inspects each packet passing through it by five characteristics: source IP address, source port, destination IP address, destination port and IP protocol. You can use the strainer packages to block particular types of traffic on a particular port. For example, you can block web traffic on port 80 and Telnet traffic on port 23.
  2. Firewall Proxy: A Proxy Firewall application is internal and hidden web server address internal domundo outside network. It checks each packet that is going against the rules of firewall and if the packet is allowed, so he destroys and recreates each package to prevent deconhecidos attacks based on weaknesses of TCP / IP.
  3. State inspection: The packet filtering firewall keeps a track of the state of network connections. For example, it examines TCP / UDP communications that pass through it and allow only packets matching a known connection state.

Intrusion Detection

The intrusion or attacks on systems or computer networks can be detected using the Intrusion Detection System (IDS). These systems are monitoring the network / system activities for malicious activities or policy violations. Once the system notice any malicious activity, or he tries to stop them by yourself or I exercise other activities that are configured in the system to prevent intrusion. Some of the ways that an IDS can play to prevent malicious activity is reconfiguring routers and firewalls to reject traffic from the same address or preparing packets on the network to reset the connection. Alternatively, the system immediately informs the malicious activity to your system administrator, creates logs and reports.

There may be two types of IDS:

  1. Host-based: These systems collect and analyze data that originate from a computer that hosts a service like Web Services, DHCP or DNS service.
  2. Based Network: Since these collect and analyze data that originate from a network. Such as data packets traveling over a network.

In a good intrusion detection system IDS both types work together to protect a network. With time, new and unknown attacks keep coming and you can not keep up with them because they are many. Although you can not protect your system / network from every possible type of attack, you can protect you from most maeaças using an IDS.

IDS systems detect intrusions by some forms. Some of those ways are:

  1. Anomaly detection: IDS system detects statistical anomalies setting a baseline in system activities / network such as CPU utilization, disk activity, logins and activities on files. Thus there is a deviation from this baseline, the system triggers an alarm.
  2. Signature Recognition: The IDS examines traffic searching for known attack patterns. For example, the system can check all packages that try to access the default script vulnerable CGI “/ cgi-bin / phf” in a web server. / Li>
  3. Bandwidth usage: He keeps looking at bandwidth usage in the system. An unexpected increase in bandwidth usage can lead to a suspicious event.
  4. Attacks Denial of Service: In this type of attack, the attacker overloads the server with messages and the server stops responding to any message whatever requisitor. Therefore, it makes no one can access the server. The attacker in this type of attack can use as the victim router, firewall or proxy server and make them remain unused.

The following types are not actual attacks, they are intended to comment obtaining the victim’s information, ie, it is a stage of the etching process, but not him in his true form. These “attacks” are consistent with the following steps of a PenTest: information gathering, network mapping and enumeration services. A well-known tool for this is Nmap. Let’s look at the types:

  1. IP Half Scan: In this type of “attack”, the attacker repeatedly attempts to connect to a computed destination and does not send the corresponding ACK packets. It tries to determine exactly what the the doors open for connections without the target computer to be aware of this action.
  2. Port Scan (Port Scan): Here the attacker makes an attempt to count the services running on a computer by scanning for every door looking for an answer. If the attack is successful, the attacker can take notice of active ports and explore potential vulnerabilities of the door services.

Intrusion detection systems are most often integrated to firewalls. However, if it is not built in, you need both a firewall and an IDS to protect your system. The firewall must be configured correctly to enable the IDS, this is the IDS is integrated with your firewall.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s