A firewall prevents unauthorized access to a computer or a network.
As the name suggests, a fi rewall acts as a barrier between networks or parts of a network, blocking malicious traffi c or preventing hacking attempts.
A network fi rewall is installed on the boundary between two networks. Usually this is between the internet and a company network. It can be a piece of hardware, or software running on a computer that acts as a gateway to the company network.
A client fi rewall is software that runs on an end user’s computer, protecting only that
computer.
In either case, the fi rewall inspects all traffi c, both inbound and outbound, to see if it meets certain criteria. If it does, it is allowed; if not, the fi rewall blocks it. Firewalls can filter traffi c on the basis of
• the source and destination addresses and port numbers (address fi ltering)
• the type of network traffi c, e.g. HTTP or FTP (protocol fi ltering)
• the attributes or state of the packets of information sent.
A client fi rewall can also warn the user each time a program attempts to make a connection, and ask whether the connection should be allowed or blocked. It can gradually learn from the user’s responses, so that it knows which types of traffi c the user allows.
As the name suggests, a fi rewall acts as a barrier between networks or parts of a network, blocking malicious traffi c or preventing hacking attempts.
A network fi rewall is installed on the boundary between two networks. Usually this is between the internet and a company network. It can be a piece of hardware, or software running on a computer that acts as a gateway to the company network.
A client fi rewall is software that runs on an end user’s computer, protecting only that
computer.
In either case, the fi rewall inspects all traffi c, both inbound and outbound, to see if it meets certain criteria. If it does, it is allowed; if not, the fi rewall blocks it. Firewalls can filter traffi c on the basis of
• the source and destination addresses and port numbers (address fi ltering)
• the type of network traffi c, e.g. HTTP or FTP (protocol fi ltering)
• the attributes or state of the packets of information sent.
A client fi rewall can also warn the user each time a program attempts to make a connection, and ask whether the connection should be allowed or blocked. It can gradually learn from the user’s responses, so that it knows which types of traffi c the user allows.
Labels: Security software
Anti-spam programs can detect unwanted email and prevent it from reaching users’ inboxes.
These programs use a combination of methods to decide whether an email is likely to
be spam. They can:
• Block email that comes from computers on a blocklist. This can be a commercially available list or a local list of computer addresses that have sent spam to your company before.
• Block email that includes certain web addresses.
• Check whether email comes from a genuine domain name or web address. Spammers often use fake addresses to try to avoid anti-spam programs.
• Look for keywords or phrases that occur in spam (e.g. “credit card”, “lose weight”).
• Look for patterns that suggest the email’s sender is trying to disguise their words (e.g. putting “hardc*re p0rn”).
• Look for unnecessary HTML code (the code used for writing web pages) used in email, as spammers often use this to try to conceal their messages and confuse anti-spam programs.
The program combines all the information it fi nds to decide the probability of an email being spam. If the probability is high enough, it can block the email or delete it, depending on the settings you choose.
Anti-spam software needs frequent updating with new “rules” that enable it to recognize the latest techniques used by spammers.
How software protects mail you DO wantThese programs use a combination of methods to decide whether an email is likely to
be spam. They can:
• Block email that comes from computers on a blocklist. This can be a commercially available list or a local list of computer addresses that have sent spam to your company before.
• Block email that includes certain web addresses.
• Check whether email comes from a genuine domain name or web address. Spammers often use fake addresses to try to avoid anti-spam programs.
• Look for keywords or phrases that occur in spam (e.g. “credit card”, “lose weight”).
• Look for patterns that suggest the email’s sender is trying to disguise their words (e.g. putting “hardc*re p0rn”).
• Look for unnecessary HTML code (the code used for writing web pages) used in email, as spammers often use this to try to conceal their messages and confuse anti-spam programs.
The program combines all the information it fi nds to decide the probability of an email being spam. If the probability is high enough, it can block the email or delete it, depending on the settings you choose.
Anti-spam software needs frequent updating with new “rules” that enable it to recognize the latest techniques used by spammers.
Many users worry that anti-spam software will delete personal or useful email. In fact,your email is safe, and you can even see selected spam if you wish. Anti-spam programs can be very accurate. Typically, they may block less than one genuine email in ten thousand, or even a hundred thousand. Even if the program does incorrectly identify an email as spam, it can be confi gured to place it in a “quarantine” area, rather than deleting it. An administrator can then decide whether to let the mail be delivered or to delete it. Some programs let each user reclaim any quarantined mail that they want.
How software adapts to your needs
Some anti-spam software is “adaptive”: it learns which subjects you fi nd acceptable and which ones you don’t.
Suppose that a pharmaceutical company installs anti-spam software. At fi rst, the software tries to spot spam by looking for words like the following: credit, free, consolidate, debt, mortgage, drugs, prescription, medication, doctor. It blocks email with too many of these keywords, but allows individual users to retrieve mail that they want to read.
Someone in the research department fi nds that genuine mail about new drugs has been blocked, and asks for it to be released. The software learns that that user frequently receives email about drugs – and so gives less weight to drug-related words when checking for spam.
In the fi nance department, users reclaim email with fi nancial terms in it, so the software learns to give less weight to these words – but still blocks drug-related email for that user.
Labels: Security software
Anti-virus software can defend you against viruses, Trojans, worms and – depending on the product – spyware and other types of malware.
Anti-virus software uses a scanner to identify programs that are, or may be, malicious.
Scanners can detect:
• Known viruses – The scanner compares fi les on your computer against a library of “identities” for known viruses. If it fi nds a match, it issues an alert and blocks access to the file.
• Previously unknown viruses – The scanner analyzes the likely behavior of a program. If it has all the characteristics of a virus, access is blocked, even though the fi le does not match known viruses.
• Suspicious fi les – The scanner analyzes the likely behavior of a program. If that behavior is of a kind usually considered undesirable, the scanner warns that it may be a virus.
Detection of known viruses depends on frequent updating with the latest virus
identities. There are on-access and on-demand scanners. Most anti-virus packages offer both.
On-access scanners stay active on your computer whenever you are using it. They automatically check fi les as you try to open or run them, and can prevent you from accessing infected files.
On-demand scanners let you start or schedule a scan of specifi c fi les or drives.
Anti-virus software uses a scanner to identify programs that are, or may be, malicious.
Scanners can detect:
• Known viruses – The scanner compares fi les on your computer against a library of “identities” for known viruses. If it fi nds a match, it issues an alert and blocks access to the file.
• Previously unknown viruses – The scanner analyzes the likely behavior of a program. If it has all the characteristics of a virus, access is blocked, even though the fi le does not match known viruses.
• Suspicious fi les – The scanner analyzes the likely behavior of a program. If that behavior is of a kind usually considered undesirable, the scanner warns that it may be a virus.
Detection of known viruses depends on frequent updating with the latest virus
identities. There are on-access and on-demand scanners. Most anti-virus packages offer both.
On-access scanners stay active on your computer whenever you are using it. They automatically check fi les as you try to open or run them, and can prevent you from accessing infected files.
On-demand scanners let you start or schedule a scan of specifi c fi les or drives.
Labels: Security software
A zombie is a computer that is remotely controlled and used for malicious purposes, without the legitimate user’s knowledge.
A virus or Trojan can infect a computer and open a “back door” that gives other users access. As soon as this happens, the virus sends a message back to the virus writer, who can now control the computer remotely via the internet. From now on, the computer is a “zombie”, doing the bidding of others, although the user is unaware.
Collectively, such computers are called a “botnet”. The virus writer can share or sell access to control his or her list of compromised computers, allowing others to use them for malicious purposes. For example, a spammer can use zombie computers to send out spam mail. Up to 80% of all spam is now distributed in this way. This enables the spammers to avoid detection and to get around any blocklisting applied to their own servers. It can also reduce their costs, as the computer’s owner is paying for the internet access.
Hackers can also use zombies to launch a “denial-of-service” attack. They arrange for thousands of computers to attempt to access the same website simultaneously, so that the web server is unable to handle all the requests reaching it. The website thus becomes inaccessible.
A virus or Trojan can infect a computer and open a “back door” that gives other users access. As soon as this happens, the virus sends a message back to the virus writer, who can now control the computer remotely via the internet. From now on, the computer is a “zombie”, doing the bidding of others, although the user is unaware.
Collectively, such computers are called a “botnet”. The virus writer can share or sell access to control his or her list of compromised computers, allowing others to use them for malicious purposes. For example, a spammer can use zombie computers to send out spam mail. Up to 80% of all spam is now distributed in this way. This enables the spammers to avoid detection and to get around any blocklisting applied to their own servers. It can also reduce their costs, as the computer’s owner is paying for the internet access.
Hackers can also use zombies to launch a “denial-of-service” attack. They arrange for thousands of computers to attempt to access the same website simultaneously, so that the web server is unable to handle all the requests reaching it. The website thus becomes inaccessible.
Voice phishing is the use of bogus phone numbers to trick people intorevealing confidential information.
Phishing originally involved sending out emails that include links to bogus websites, where victims are asked to enter account details or other confi dential information. Voice phishing (also known as vishing, v-phishing or phone phishing) asks the victim to call a phone number, rather than visit a website, but the intention is the same: to steal details for fi nancial gain.
An example is the PayPal voice phishing email. The email appears to come from PayPal, the electronic payment service, and claims that the user’s account may have been used fraudulently. It warns that the account will be suspended unless the user calls a phone number to “verify” their details. When the user calls, an automated message asks for their card number. Criminals can then misuse the number for their own gain.
Users may be wary of following links in unexpected email, and they can ensure that they enter the correct web address when they visit a fi nancial services site. They are less likely to know the company’s phone number, though. To protect against phone phishing, you should use anti-spam software, which can detect phishing mails, and always treat unsolicited email cautiously.
Phishing originally involved sending out emails that include links to bogus websites, where victims are asked to enter account details or other confi dential information. Voice phishing (also known as vishing, v-phishing or phone phishing) asks the victim to call a phone number, rather than visit a website, but the intention is the same: to steal details for fi nancial gain.
An example is the PayPal voice phishing email. The email appears to come from PayPal, the electronic payment service, and claims that the user’s account may have been used fraudulently. It warns that the account will be suspended unless the user calls a phone number to “verify” their details. When the user calls, an automated message asks for their card number. Criminals can then misuse the number for their own gain.
Users may be wary of following links in unexpected email, and they can ensure that they enter the correct web address when they visit a fi nancial services site. They are less likely to know the company’s phone number, though. To protect against phone phishing, you should use anti-spam software, which can detect phishing mails, and always treat unsolicited email cautiously.
Virus hoaxes are reports of non-existent viruses.
Hoaxes are usually in the form of emails that do some or all of the following:
• Warn you that there is an undetectable, highly destructive new virus.
• Ask you to avoid reading emails with a particular subject line, e.g. Budweiser Frogs.
• Claim that the warning was issued by a major software company, internet provider or government agency, e.g. IBM, Microsoft, AOL or the FCC.
• Claim that a new virus can do something improbable, e.g. The A moment of silence hoax says that “no program needs to be exchanged for a new computer to be infected”.
• Use techno-babble to describe virus effects, e.g. Good Times says that the virus can put the PC’s processor into “an nth-complexity infi nite binary loop”.
• Urge you to forward the warning. If users do forward a hoax warning to all their friends and colleagues, there can be a deluge of email. This can overload mail servers and make them crash. The effect is the same as that of the real Sobig virus, but the hoaxer hasn’t even had to write any computer code.
It isn’t just end users who overreact. Companies who receive hoaxes often take drastic action, such as closing down a mail server or shutting down their network. This cripples communications more effectively than many real viruses, preventing access to email that may be really important. False warnings also distract from efforts to deal with real virus threats.
Hoaxes can be remarkably persistent too. Since hoaxes aren’t viruses, your anti-virus software can’t detect or disable them.
Hoaxes are usually in the form of emails that do some or all of the following:
• Warn you that there is an undetectable, highly destructive new virus.
• Ask you to avoid reading emails with a particular subject line, e.g. Budweiser Frogs.
• Claim that the warning was issued by a major software company, internet provider or government agency, e.g. IBM, Microsoft, AOL or the FCC.
• Claim that a new virus can do something improbable, e.g. The A moment of silence hoax says that “no program needs to be exchanged for a new computer to be infected”.
• Use techno-babble to describe virus effects, e.g. Good Times says that the virus can put the PC’s processor into “an nth-complexity infi nite binary loop”.
• Urge you to forward the warning. If users do forward a hoax warning to all their friends and colleagues, there can be a deluge of email. This can overload mail servers and make them crash. The effect is the same as that of the real Sobig virus, but the hoaxer hasn’t even had to write any computer code.
It isn’t just end users who overreact. Companies who receive hoaxes often take drastic action, such as closing down a mail server or shutting down their network. This cripples communications more effectively than many real viruses, preventing access to email that may be really important. False warnings also distract from efforts to deal with real virus threats.
Hoaxes can be remarkably persistent too. Since hoaxes aren’t viruses, your anti-virus software can’t detect or disable them.
Viruses are computer programs that can spread by making copies of themselves.
Computer viruses spread from one computer to another, and from one network to another, by making copies of themselves, usually without your knowledge. Viruses can have harmful effects, ranging from displaying irritating messages to stealing data or giving other users control over your computer.
A virus program has to be run before it can infect your computer. Viruses have ways of making sure that this happens. They can attach themselves to other programs or hide in code that is run automatically when you open certain types of fi le. Sometimes they can exploit security fl aws in your computer’s operating system to run and spread themselves automatically.
You might receive an infected fi le in a variety of ways, including via an email attachment, in a download from the internet, or on a disk. As soon as the fi le is launched, the virus code runs. Then the virus can copy itself to other fi les or disks and make changes on your computer.
Computer viruses spread from one computer to another, and from one network to another, by making copies of themselves, usually without your knowledge. Viruses can have harmful effects, ranging from displaying irritating messages to stealing data or giving other users control over your computer.
A virus program has to be run before it can infect your computer. Viruses have ways of making sure that this happens. They can attach themselves to other programs or hide in code that is run automatically when you open certain types of fi le. Sometimes they can exploit security fl aws in your computer’s operating system to run and spread themselves automatically.
You might receive an infected fi le in a variety of ways, including via an email attachment, in a download from the internet, or on a disk. As soon as the fi le is launched, the virus code runs. Then the virus can copy itself to other fi les or disks and make changes on your computer.
Subscribe to:
Posts (Atom)