Host-based firewalls are a complement to a network-based firewall. While most systems do not run host-based firewalls, instead relying on the network’s firewall to provide them with protection, at the host level more fine-grained control can be applied. This method also acts as a fail over protection for the network-based firewall should any attack bypass that mechanism. These situations can include the penetration of a worm behind the perimeter firewall or a difference between the policy enforced by the perimeter defenses and those required by the host.
There are several example situations where host-based firewalls may be an appropriate solution to defending a set of hosts. These include situations where the default network security policy is absent but the security requirements for the host are more demanding.
Read the rest of this entry »
Unquestionable computer have been use and dig in many different aspect of human life. Lets have a look glance history of computer till we known right now.
Of course the world itself have changed, and its also causing different development of technology. And as we all know technology these days are more familiar with computer as its basic power and brain. At the first development computer was use as scientific investigation, but lately its used as military advanced technology during world war II.
Read the rest of this entry »
Honeypots have an inherent risk factor associated with them that has to be stated. Because a honeypot is designed to allow an attacker to enter and gain control (for the purposes of monitoring their actions), it is possible the compromised host may be used to spread more attacks. For this reason it is vital to monitor it closely and both control the outbound connections as well as close the host down when it has been compromised. Also, it should never be deployed on a production subnet where it can interfere with legitimate network activities and be used to gain entry to a protected network.
When monitoring for worm activity, honeypots can be an invaluable tool for capturing these beasts in the wild. They require some anticipation of the services the worm will be attacking, such as a Web server or a mail system, along with other vulnerable services.
Read the rest of this entry »
A network honeypot is simply a system you expect to get probed or attacked so that you can analyze these data later. As defined by Spitzner, a honeynet differs from a honeypot in that it is a network of honeypots made of full production systems.
This network can be logically and geographically dispersed. Because of their nature, worms will indiscriminately attack any available host on the network, including honeypots. The value of this approach is that you can analyze the attack after it has happened and learn about the methods used by the attacking agent. Honeypots come in three basic varieties:
Read the rest of this entry »
The second threat posed by worms targeting desktop systems is posed by hosts within an intranet. These networks, often built with a local area network with common policies and services, are rich in vulnerabilities for a worm to use. A worm that can exploit vulnerabilities in such an environment is likely to spread quickly and deeply.
Intranets are typically behind firewalls and detection systems, meaning they have little protection or monitoring of the hosts within the network.
Read the rest of this entry »
UNIX servers are an historical target for worms. UNIX has a long history of
being a robust server system on the Internet, including its roles as Web servers,
mail servers, name servers, and file servers for the general community.
This is due to the availability of software that performs these services, the scalability of the systems, and the networking capabilities of the systems.
For a brief time, UNIX servers were threatened by the growing popularity of Windows servers, but the presence of UNIX servers seems to have held its footing. With the growing popularity and deployment of Linux, UNIX servers are again on the rise as worm targets. The Linux and BSD operating systems are available to the community for free.
Read the rest of this entry »
The third mechanism for worm executable delivery is through a central site. In this system, the parent node executes a request from the new child node to the central site to retrieve the programs that make up the worm code from a central site. This can include a malicious Web site or file distribution server or some other system.
This method for delivering the worm payloads is most directly related to the methods used by attackers in manual compromises. Typically an attacker who amassed many hosts via a compromise distributes their programs to the compromised hosts from a central system. Early worms, which were wrapper scripts around the exploit process, often utilized this mechanism.
Read the rest of this entry »