Why need firewall in the network?


          If you have a computer network, a properly configured firewall is an essential first step in securing your network. Firewalls are usually considered in the context of the Internet. The primary purpose of a firewall is to give controlled access to and from your network. It allows you to block external people from accessing internal systems, preventing disclosure or modification of information. It also allows you to exercise some measure of control over when, how and where other people access the Internet, and allow you to monitor the traffic.


          Firewall is important in protecting confidential information and protecting the network, maintaining internal network system integrity, from network packet sniffers, IP spoofing, password attacks, distribution of sensitive information, man-in-the-middle attacks, denial-of-service attack, and application layer attacks.


 


How Viruses spread?


          Email is now the most common way that viruses are transmitted between computers. The most common mechanism for this is in the form of an “attachment” to the message. The attachment facility is normally used for emailing documents, images, and so on. However, it is also possible for attachments to contain programs which get run when the attachment is opened.


          Other viruses spread through programs you download from the Internet or from virus-ridden computer disks that you borrow from friends or even buy in a store.


How antivirus program work?


          Anti-virus scans your email and downloads. There are two main types of scanning “Specific” and “Generic”.


          Your first line of defense are all those virus definitions, signatures, and updates that your anti-virus software is always downloading. They provide identifiable characteristics, or finger prints, for malicious code. This is what is meant by “Specific” scanning—your anti virus program takes all these updates and stores them in an internal database. The anti-virus then matches them against any new files being introduced to your system via email or file download for known threats.


          Heuristic and sandboxing are “Generic” scanning methods. They are not perfected yet and can bring up some strange issues including system slowdown and incorrect diagnoses. Generic scanning is really in its infant stage and is used more in larger networks where a server can do all the scanning (not individual PCs). Antivirus companies use Generic scanning to construct new virus signatures and I feel that these methods will be more widely used by single users in the future.


          Heuristic is a type of generic scanning that looks through the lines of code, not for exact matches to virus definitions, but for suspicious code. The anti-virus makes intelligent assumptions based on the scrutinized code. Basically this means that the anti-virus can try to determine whether or not a file has a virus in it by looking at how the file or program is constructed and acts. This isn’t a perfect system, however, and can bring up some strange results. This is why some programs tell you to turn off your anti-virus before installing. This type of scanning isn’t a perfected science, but on the bright side it is better to be safe then sorry.


          Sandboxing is where an antivirus program will take suspicious code and run it in a Virtual Machine (secure from the rest of the system) in order to see exactly how the code works and what its purpose is.


          An antivirus program is no more than a system for analyzing information and then, if it finds that something is infected, it disinfects it. The information is analyzed (or scanned) in different ways depending on where it comes from. An antivirus will operate differently when monitoring floppy disk operations than when monitoring e-mail traffic or movements over a LAN. The principal is the same but there are subtle differences.



 


          The information is in the ‘Source system’ and must reach the ‘Destination system’. The information interpretation system varies depending on whether it is implemented in operating systems, in applications or whether special mechanisms are needed. The interpretation mechanism must be specific to each operating system or component in which the antivirus is going to be implemented. In this way, every time the information on a disk or floppy disk is accessed, the antivirus will intercept the read and write calls to the disk, and scan the information to be read or saved. This operation is performed through a driver in kernel mode in Windows NT/2000/XP or an NLM which intercepts disk activity in Novell.


Once the information has been scanned, using either method, if a threat has been detected, two operations are performed:


  • The cleaned information is returned to the interpretation mechanism, which in turn will return it to the system so that it can continue towards its final destination. This means that if an e-mail message was being received, the message will be let through to the mailbox, or if a file way being copied, the copy process will be allowed to finish.

  •  A warning is sent to the user interface. This user interface can vary greatly. In an antivirus for workstations, a message can be displayed on screen, but in server solutions the alert could be sent as an e-mail message, an internal network message, an entry in an activity report or as some kind of message to the antivirus management tool.

  •           Regardless of how the information to be scanned is obtained, the most important function of the antivirus now comes into play: the virus scan engine. This engine scans the information it has intercepted for viruses, and if viruses are detected, it disinfects them.


    What are the differences between viruses, worms, and Trojans?


    What is a virus?


              A virus is a piece of computer code that attaches itself to a program or file so it can spread from computer to computer, infecting every computer as it travels. They can damage your software, your hardware and your files.


              It executes itself. It will often place its own code in the path of execution of another program. It replicates itself. For example, it may replace other executable files with a copy of the virus infected file. Viruses can infect desktop computers and network servers alike.


              Some viruses are programmed to damage the computer by damaging programs, deleting files, or reformatting the hard disk. Others are not designed to do any damage, but simply to replicate themselves and make their presence known by presenting text, video, and audio messages. Even these benign viruses can create problems for the computer user. They typically take up computer memory used by legitimate programs. As a result, they often cause erratic behavior and can result in system crashes. In addition, many viruses are bug-ridden, and these bugs may lead to system crashes and data loss.


    What is a worm?


              Like a virus, a worm is designed to copy itself from one computer to another, without user action. It does that by taking control of features on the computer that can transport files or information. Unfortunately, a worm can travel alone and replicate itself in great volume. It has the tendency to send copies of itself to everyone listed in your e-mail address book, and their computers would then do the same, creating a domino effect.


              Worms are programs that replicate themselves from system to system without the use of a host file. This is in contrast to viruses, which requires the spreading of an infected host file. Although worms generally exist inside of other files, often Word or Excel documents, there is a difference between how worms and viruses use the host file. Usually the worm will release a document that already has the “worm” macro inside the document. The entire document will travel from computer to computer, so the entire document should be considered the worm. W32.Mydoom.AX@mm is an example of a worm.


    What is a Trojan?


              A Trojan is a computer program that appears to be useful but actually does damage. They spread when unsuspecting people are lured into opening a program because they think it comes from a legitimate source. You can also get them in software you download for free. Because of that, never download software from a source that you don’t trust.


                Trojan Horses are impostors–files that claim to be something desirable but, in fact, are malicious. A very important distinction between Trojan horse programs and true viruses is that they do not replicate themselves. Trojans contain malicious code that when triggered cause loss, or even theft, of data. For a Trojan horse to spread, you must, invite these programs onto your computers–for example, by opening an email attachment or downloading and running a file from the Internet. Trojan.Vundo is a Trojan.


     


     


     



    Credit:ivythesis.typepad.com


    0 comments:

    Post a Comment

     
    Top