Prior information security analysis techniques are not effective in evaluating worms. The main issues faced in worm evaluation include the scale and propagation of the infections. These facets typically receive little attention in traditional information security plans and responses.

Worms are unlike regular Internet security threats in several ways. First, they propagate automatically and quickly. By the time you have detected and started responding to the intrusion, the worm has moved on scanning for new hosts and attacking those it finds. Depending on the speed of the worm, the length of this process can be more than one cycle of infection by the time an intrusion is even noticed.

Second, the automatic propagation of worms means that because a single host on a network becomes infected, a network may become an unwilling participant in a large number of further attacks. These attacks may include denial-of-service (DoS) attacks or additional compromises by the worm program, or even secondary compromises caused by the back door that the worm introduces. This may make a network legally and financially liable, despite the lack of direct participation in the attack. While attackers typically use a compromised network as a stepping stone to other networks or as DoS launchpads, worms inevitably cause the affected network to participate in the attack.

Third, the persistent nature of worms means that despite best efforts and nearly total protection, any weakness in a network can lead to total compromise. This is especially aggravated by “island hopping,” whereby the worm favors attacks against local networks. This can lead to propagation of the worm behind firewalls and network address translation (NAT) devices, which has been observed in Nimda and Code Red II infections.

Lastly, the Internet as a whole suffers in terms of performance and reliability. The spread of worms leads to an exponential increase in traffic rates and firewall state table entries. This can choke legitimate traffic as the worm aggressively attacks the network. A single Sapphire worm host, for example, was able to congest several megabits per second of bandwidth from within a corporate network, disrupting service for everyone.

These consequences of spreading worms are well beyond the planned for scenarios of manual attackers. They require careful consideration of network design and security implementations, along with an aggressive strategy for defense on all fronts.

As worms considered as serious threats such as virus infecting computer, lupus symptoms also consider harmful for person who doesn’t have any idea about it. So lets be serious on your body and computer, both of them should be clean from harmful disease.

A disease such as lupus for an example need early detection before it spreads, so it is important to know the symptoms and checking it into your medical consultant, either way it is similar with computer as well, early detection in here check by anti virus software, thus it requires much more powerful software to do so.

A behavior blocker is anti-virus software which monitors a running program’s behavior in real time, watching for suspicious activity. If such activity is seen, the behavior blocker can prevent the suspect operations from succeeding, can terminate the program, or can ask the user for the appropriate action to perform. Behavior blockers are sometimes called behavior monitors, but the latter term implies (rightly or wrongly) that no action is taken, and the burglars are only watched while they steal the silver. Products cables for the sound system. Cheap audio cables.

What does a behavior blocker look for? Roughly speaking, a behavior blocker watches for a program to stray from what the blocker considers to be “normal” behavior. Normal behavior can be modeled in three ways, by describing:
1. The actions that are permitted. This is called positive detection,
2. The actions that are not permitted, called negative detection,
3. Some combination of the two, in much the same way that static heuristics included boosters and stoppers.

Behavior blockers can look for short dynamic signatures which are generally indicative of virus-like behavior. Looking at I/O actions, for instance, an appending virus might exhibit a dynamic signature like:
1. Opening an executable, with both read and write permission.
2. Reading the portion of the file header containing the executable’s start address.
3. Writing the same portion of the file header. (The start address can be checked separately for changes consistent with expected viral behavior.)
4. Seeking to the end of the file.
5. Appending to the file.

Finally, there is the question of how long a running program’s behavior should be monitored. The duration of monitoring is a concern because monitoring adds run-time overhead. Assuming most viruses will reveal themselves early when an infected program runs, programs only need to be monitored when they start. However, this assumption is not always valid. In any case, behavior blockers can be enabled and disabled for a running program as needed.

These virus detection method might be a perfect essay for you, the materials itself are never ended, it will always discuss as long as computer being used.

Network itself rely on connection quality, which the first and still being used until now is cable. Cable itself also being used for common electric peripherals.

With cable of course the limits is the distance which are limited by the length of the cable. And it will cost more extra budget to buy long cable. Also in network we also know that we do need a hub or switch every 95 km to extend the network.

Those kind of problem were solve with wireless network devices. Without required lots of cable, and with simple installation, all we need is just configure the parameter, and also save more money to spend.

With wireless network, either way, required more safe security protection, why because the signal could be catched by anyone on the coverage area. Unlike the cable network which is install directly into specified users, wireless network divided by sequence of security, the most common security used are mac address filtering, and encripted password.

Thus, security just not enough, for better network coverage and connection access, limiting the bandwidth sent to users, and correct network planning are very helpful to establish stable network connection. For wireless network monitoring some program such as wireless survey software could help you monitor your network and control your network connection plans and its working in Mac environment as well.

There are three characteristics associated with these malware types.
1 Self-replicating malware actively attempts to propagate by creating new copies, or instances, of itself. Malware may also be propagated passively, by a user copying it accidentally, for example, but this isn’t self-replication.

2 The population growth of malware describes the overall change in the number of malware instances due to self-replication. Malware that doesn’t selfreplicate will always have a zero population growth, but malware with a
zero population growth may self-replicate.

3 Parasitic malware requires some other executable code in order to exist. “Executable” in this context should be taken very broadly to include anything that can be executed, such as boot block code on a disk, binary code in applications, and interpreted code. It also includes source code, like application scripting languages, and code that may require compilation before being executed.

Logic Bomb
Self-replicating: no
Population growth: zero
Parasitic: possibly

A logic bomb is code which consists of two parts:
1 A pay load, which is an action to perform. The payload can be anything, but has the connotation of having a malicious effect.
2 A trigger, a boolean condition that is evaluated and controls when the payload is executed. The exact trigger condition is limited only by the imagination, and could be based on local conditions like the date, the user logged in, or the operating system version. Triggers could also be designed to be set off remotely, or – like the “dead man’s switch” on a train – be set off by the absence of an event.

Logic bombs can be inserted into existing code, or could be standalone. A simple parasitic example is shown below, with a payload that crashes the computer using a particular date as a trigger.

Logic bombs can be concise and unobtrusive, especially in millions of lines of source code, and the mere threat of a logic bomb could easily be used to extort money from a company.

Trojan Horse
Self-replicating: no
Population growth: zero
Parasitic: yes

There was no love lost between the Greeks and the Trojans. The Greeks had besieged the Trojans, holed up in the city of Troy, for ten years. They finally took the city by using a clever ploy: the Greeks built an enormous wooden horse, concealing soldiers inside, and tricked the Trojans into bringing the horse into Troy. When night fell, the soldiers exited the horse and much unpleasantness ensued.

In computing, a Trojan horse is a program which purports to do some benign task, but secretly performs some additional malicious task. A classic example is a password-grabbing login program which prints authentic-looking “username” and “password” prompts, and waits for a user to type in the information. When this happens, the password grabber stashes the information away for its creator, then prints out an “invalid password” message before running the real login program. The unsuspecting user thinks they made a typing mistake and reenters the information, none the wiser.

Kiev hotels, search best quality hotel in Ukraine.

]]> http://www.ledanet.org/type-of-malware/feed/ 0 http://www.ledanet.org/performance-vs-precaution/ http://www.ledanet.org/performance-vs-precaution/#comments Sun, 14 Aug 2011 02:54:12 +0000 http://www.ledanet.org/?p=89 In computer world, performance is something needed in order to get the job done more quickly, while precaution is something we need to do to avoid unwanted files.

Scanning an entire file for viruses is slow, and resulting on the computer performance itself. So how to solve it, because we do know scanning is also important things to do. It is referred to using the derogative term grunt scanning. There are four general approaches to improving scanner performance:

Reduce amount scanned. Scanning an entire file is not only slow, but increases the likelihood of false positives, as a signature may be erroneously found in the wrong place. Instead, scanning can be targeted to specific locations based on assumptions about viral behavior.
• Assuming that viruses add themselves to the beginning or the end of an executable file, searches can be limited to those areas. This is called top and tail scanning.
• More complicated executable formats allow an executable’s entry point to be specified. Scanning can be restricted to the program’s entry point and instructions reachable from that entry point.
• If the exact positions of all virus signatures are known, then scanning can be specifically directed to those areas. The assumption here is that all viruses are known, along with their behavior in terms of file location. This is in contrast to the more generic assumptions about virus locations made above. In conjunction with the entry point scanning above, this
is referred to dis fixed point scanning.
• Many viruses are small. The amount scanned in any location can be set according to the size of common viruses. For example, if most viruses are less than 8K in size, then the scanner may only examine 8K areas at the beginning and end of the executable.

Use of scanning-reduction techniques implies that the scanner will no longer see the complete input. The input to a scanning algorithm doesn’t have to be a faithful representation of a file’s contents, however. The algorithms work equally well on an abridged view of the input.
Of the performance-enhancing approaches, reducing the amount scanned is the only approach that directly affects the potential correctness of the result.

Another way to increase or maximize the performance of your computer and in the same time doing precaution is with desktop software monitoring, the software able to track down the software usage.

]]> http://www.ledanet.org/performance-vs-precaution/feed/ 0 http://www.ledanet.org/world-wide-web/ http://www.ledanet.org/world-wide-web/#comments Wed, 10 Aug 2011 22:39:58 +0000 http://www.ledanet.org/?p=82 Effectiveness, however, is a subjective measurement. How can you judge whether something is effective? Web designers might ask the following questions: Is your site being used? Can the visitors you hope to attract access your site without barriers? Do visitors experience your site in the manner in which you intended?

Does your site get your message across? Does the site entertain or inform? Can you quantify the site’s success through increased sales, decreased support calls, or inquiries from markets you’ve not previously been able to enter?
These questions are not exhaustive but should spark your imagination about the multitude of ways that effectiveness can be defined for Web design.

As improbable as it may now seem, the vast infrastructure and massive network we now know as the World Wide Web was the brainchild of a single man: Tim Berners-Lee. He was a scientist at CERN, the Centre Européenne Recherche Nucleaire, also known as the European Laboratory for Particle Physics, and had become frustrated by the necessity of using several computer terminals to access various stores of information belonging to the laboratory. Even more frustrating was the need to be proficient with multiple programs that were peculiar to each terminal type.

Berners-Lee envisioned a world in which access to data would be a simple task, accomplished in a consistent manner regardless of the terminal or program in use. The concept of universal readership was formed, embracing the idea that any individual, on any type of computer, in any location, should be able to access data by using only one simple and common program.

Before the Web, most information storage and retrieval methods were hierarchical in nature. So each bit of data was sorted in a structured manner. The files on your computer are sorted in that way by default; files that begin with numbers come first as a group, then files that begin with letters appear next. Within each group, files are sorted from lowest value (zero in the numbers group, a in the letters group) to highest value.

When Berners-Lee began laying out his plan for a linked information system in 1989, he was unaware that a term already existed for the process—hypertext—which was coined in the 1950s by Ted Nelson. It can be defined as “human readable information linked together in an unconstrained way.” In the beginning, these systems often used proprietary interfaces. As early as the late 1980s, work was underway to standardize hypertext systems. These efforts resulted in the Internet arena in the development of the Hypertext Markup Language, or HTML, established by Berners-Lee. The original version is now known as HTML 1.

The current direction in HTML was determined in large part as the result of a two-day workshop held by the W3C in May 1998 near San Francisco. The workshop, entitled “Shaping the Future of HTML,” was convened to answer a number of questions and concerns being raised in the Web community.

Although world wide web isn’t new in our ear and knowledge experience, but its interesting to know the development of it, and that’s why its worth material for an essay. For you who still wondering on how to start an essay, don’t worry currently there are many services that could help you out.

]]> http://www.ledanet.org/world-wide-web/feed/ 0 http://www.ledanet.org/reverse-firewalls/ http://www.ledanet.org/reverse-firewalls/#comments Tue, 09 Aug 2011 23:00:05 +0000 http://www.ledanet.org/?p=78 A reverse firewall filters outgoing traffic from a network, unlike a normal firewall which filters incoming traffic. In practice, filtering in both directions would probably be handled by the same software or device.

As with firewalls, the key to an effective reverse firewall is its policy: what outbound connections should be permitted? The principle is that a worm’s connections to infect other machines will not conform to the reverse firewall policy, and the worm’s spread is thus blocked. The decision is based on the same packet header information as was used for a firewall, including source and destination IP addresses and ports.

A host-based reverse firewall can implement a finer-grained policy by restricting Internet access on a per-application basis. Only certain specified applications are allowed to open network connections, and then only connections in keeping with the reverse firewall’s outbound traffic policy. A worm, as a newly-installed executable unknown to the reverse firewall, could not open network connections to spread.

In theory. Still, worm activity is possible in the presence of a host-based reverse firewall:
• A worm can use alternative methods to spread when faced with a reverse firewall, such as placing itself in shared network directories. As a result, no worm code is run on the host being monitored by the reverse firewall.
• Legitimate code that is already approved to access the Internet can be subverted by a worm. A worm can simply fake user input to an existing mail program to spread via email, for instance. A worm could exhibit viral behavior, too, infecting an existing “approved” executable by indirect means, like a web browser plug-in, or more direct means that a virus would normally use. To guard against the latter case, a host-based reverse firewall can use integrity checking to watch for changes to approved executables.
• Social engineering may be employed by a worm. A host-based reverse firewall may prompt the user with the name of the program attempting to open a network connection, for the user to permit or deny the operation.

Firewalls are required for your security bridge, especially if you have online store or any business based on internet connection. For examples, in order to secure your software, you’ll need certain security method and firewall setting to ensure no one enter and steals your software.

Adobe Flash files are usually used for videos, animation, games and interactive applications streamed online. Small Web Format (swf) and Flash Video (flv) are Adobe Flash movies and animations that can be viewed on most browsers. Yet, you may see that your video player have trouble viewing these files. This is why you may need to convert into video or most popular graphic formats. Eltima SWF & FLV Toolbox allows you to convert FLV to AVI video format using any codec installed in your system. It is a great opportunity to create interaction video or frame-by-frame video out of your SWF or FLV files. You can also convert any FLV to SWF file and play it with all controls, applying additional features you bundle the movie with during the conversion. Display movie controls fast-forward, pause, change volume.

]]> http://www.ledanet.org/reverse-firewalls/feed/ 0