The second major line of defense is to move all exposed services from well-known ports to uncommonly used ports. This would mean, for example, running a Web server on a port that is different than the normal port 80/TCP port used. The major drawback to this approach is that the outside world, which needs to communicate with your site, will be unable to do so without assistance on your part. With that assistance, it is possible that worms could similarly use that information to exploit the vulnerabilities that still may reside on your servers but on different ports.

The next possible line of defense is to ensure that all systems are patched and configured properly at all times. The largest problem with this is the amount of time and effort required to ensure that these conditions are met. Vulnerabilities are constantly found in every piece of software written, and similar exposures exist in configurations of software packages and their combinations.

While there is no reason to not attempt to keep software up to date and configurations in line with best practices, these practices do not scale well to large sites, locations with decentralized management, or sites that must maintain high uptime and availability. Evaluating patches and upgrades takes time and can have a negative impact on performance or functionality that may be unacceptable to some sites. Some clear and defensive line could be advantage as free internet calls.

Instead, this part focuses on strategies and techniques that avoid hiding and evasion techniques that happen during disconnections from the Internet or moving service. These are also more practical and proactive approaches to network defense.

The fundamental principle using host-based defenses is to provide a deeper entrenchment of the defenses for any single system. With multiple defenses, the hurdles required to penetrate a system and cause damage increase. These defenses can fail in a number of ways, including misconfiguration, a weakness in the security application itself, or by using a channel different than the bypassed security guard was designed to defend.

The era before the introduction of computer software are classified into two eras, namely:
1. Primitive era (± 300 BC) on which the software is made by performing simple instructions by using code similar motion semaphore.
2. Mechanical Era (1840-1930’s) that apply to the use of equipment and machinery Analytical Engine punch cards.

While the era after the introduction of computer software which means using electronic technology, is divided into pioneer era, the era of stable, micro era, and the modern era.

Pioneer Era (1940-1960) is still a form of software-cable connection to the connection between the computer and the form of punch cards (plong). Another characteristic of the pioneers of this era is still using a clustered process (batch), limited distribution, and manufactured for special purposes.

Stable Era (1960-1980) has been mass-produced computers and software can perform some functions of the control group (multitasking). Another feature that can be used to solve many users (multiuser) quickly and directly (real time), software products can be used separately, have been using the system database.

Micro Era (1980-1990) produced software for your computer needs a network (networking) and dispersed (distributed), it’s cheap so widely used for personal needs (home), is automation for artificial intelligence (artificial intelligent).

Modern Era (1990 -now) Has the characteristics of multimedia-based software, desktop and portable, object technology, expert systems, parallel processing, and can communicate with a global network.

The era of software evolution also being used in industrial and real estate business such as real estate in Bulgaria, it really very handy when we do realize technology could maximize our profit with less consume of times.

Many of the Web servers affected by the Code Red worm were not known to be vulnerable to the worm due to a poor understanding of the features in the software. This is based on the demographics of many of the Code Red sources.

The vulnerable component of the server software, an indexing utility enabled by default, can be shut off by reconfiguring the server. This effectively removes the exposed risk of the Web server without requiring an upgrade or reinstallation, which may cause downtime. By using such a strategy, a more comprehensive solution can be developed and tested and implemented at a more convenient time, such as the weekend.

It is not uncommon for software packages to have a complex feature set with many options that are unused installed by default. As shown by the Code Red worm and an early Web server vulnerability that attacked a server-side script installed by default, the vendor-installed configuration may not be ideal for all sites. A thorough reading of the documentation should be performed to install components correctly. The idea of complex feature with configuration are making a good material for write essay, until computer and its issues such as worms and virus attack still striking then the discussion will never end.

The largest challenge facing the use of black hole monitoring is the discrimination of regular probes and attacks from activity from worms. This can generally be done by looking for an exponential rise in the number of sources that parallels a rise in activity sent toward the dark network space. However, this typically yields a larger picture of network activity than other monitoring methods do due to the large scale of coverage possible. The intentions of the client computer can be assessed on the basis of the intended network destination.

When the third type of black hole monitor described earlier in this chapter is set up (which responds to connection requests to receive the first data packet), worm activity can be measured. In this scenario, the payloads of the captured packets are stored and compared to look for worm activity. This gives deep insight into worm activity, along with a large degree of coverage without the requirement of known signatures, as would be needed for a NIDS monitor.

the biggest weakness in black hole network monitoring is the growing presence of worms that use lists of allocated addresses to target. These threaten to minimize the utility of global-scale dark network monitoring for worm activity. While some worms, such as Code Red and Nimda, will indiscriminately attack any valid IPv4 class A, B, or C address (which does include unallocated space), newer worms such as Slapper and SQL Snake have incorporated lists of allocated network blocks to target. The increased use of this approach will gradually diminish the utility of dark network space monitoring. Protected both software and hardware could minimize the attack, and made your monitoring easier. For software you might knows that there are plenty software that could deflect these attack, while for hardware, usb drive password protected could help you minimize the attack.

Lastly, changes in network allocation will require updates to the dark network space monitors. For example, if a local subnet becomes used, its utility as a dark space monitor becomes impossible. Similarly, when new networks are allocated in the global IPv4 space, changes must be propagated to the dark network space monitors.

The first and major advantage to this mechanism is the widespread nature of the initial round of infection. Presumably many hosts have downloaded the modified software, forming a wide base for the worm’s launching point.

Additionally, if these hosts are targeted as hosts with good connectivity, the initial rounds of infection by the worm can proceed more efficiently due to the increased visibility of the network.

This kind of introduction mechanism has been proposed for “flash” worms. In this scenario, the initial round of the worm can be scaled up to substantially improve the efficiency of the worm’s spread. Using an introduction technique that is aware of the topology of the network it is infecting can give significant gains, over tenfold in the study by Stanford.

During migration the power of network reliability and database strength tested, of course any interference such as worms attack are unwanted, for better migration, some people choose Zen Cart for its automated migration process, it would be much more easier and less to concern.

Single point
The classic paradigm of the introduction of a worm is to use a single point of origin, such as a single Internet system. This host is set up to launch the worm and infect a number of child nodes, carrying the worm with it. These new nodes then begin the next round of target identification and compromise.

The trick is to find a well-connected and reasonably poorly monitored host. To achieve the maximum introduction from a single point, this node will have to infect several new hosts, which are also capable of a wide area of infection. This will be crucial in establishing the initial presence of the worm when it is most vulnerable, existing on only a few nodes.

An obvious weakness in this scenario is that the worm may be identified back to its source and ultimately its author. By combining a number of factors, including usage patterns of the source host or network, with the code base, investigators can sometimes establish the identity of the author of the malicious software.

One variation of this theme is to introduce the malicious software at a single point but use an accepted distribution mechanism to gain entry to the Internet. This includes a Trojan horse software package or a malicious file in a peer-to-peer network. While only a single point of entry for the software is used, it is then introduced to several computers which can then launch the worm onto multiple networks.

For the attacker, however, this is the easiest avenue of introducing a worm. It involves the fewest resources and, if the worm takes hold of the network early and establishes itself quickly, gives the quickest path to a stable infection.

The object and subject of worms and its behavior of attack are quite tickling and very interesting for writing an essay based on it. Why? because its just never ends, as long as computer technology still developing and increase, the materials and discussion just won’t end. For some people you might need to buy essays, cause its more practical and they just give you good essay with correct grammar.

This type of attack can be achieved in two major ways. In the first, the worm network is introduced and immediately begins its assault on the target network. In doing this, the worm can maximize its assault before the target network’s defenses are raised. However, the relatively small number of sources can make it easy to filter based on the source location.

In the second, the worm begins its attack only after some period of activity. This may include a widespread infection over the period of a few days, allowing it to exploit the trust of certain source networks now compromised. Alternatively, the worms may turn on the target network after a predefined number of iterations. In either scenario, the wide number of sources can overwhelm the target network and find a vulnerable host as a method of entry.

By choosing this method, an attacker can cause concentrated damage against the target network, including the release of sensitive documents and the disruption of network services. Such a worm would no doubt be useful in scenarios of corporate or military espionage, a campaign of terrorism against a corporation or a government, or the introduction of malicious software or information. While these attacks are possible with the other spread mechanisms described here, this gives an attacker a focused effort, which would be useful in overwhelming an enemy’s defenses.

This method of choosing targets has several disadvantages. First, unless an introduction of the worm is done at widespread points, it would be easy to selectively filter the sources based on the attack type and location. Because of this, a worm that turns on a target after some period of random spreading would be preferred. This method introduces a second disadvantage, however. By spreading to other networks, researchers would be able to identify the worm and develop countermeasures, making them available to the target network.

Secure the network is way to prevent it for worms attack, another way you could usenetwork inventory tool to store all information of computer, and network machine that connected to your network.