Lectre 11

Antivirus software
 The primary method of preventing the propagation of malicious code

involves the use of antivirus software.
 Antivirus software is an application that is installed on a system to protect
it and to scan for viruses as well as worms and Trojan horses. Most
viruses have characteristics that are common to families of virus.
 Thousands of known viruses, worms, logic bombs, and other malicious
code have been defined. New ones are added all the time. Your antivirus
software manufacturer will usually work very hard to keep the definition
database files current.
 The second method of preventing viruses is user education. Teach your
users not to open suspicious files and to open only those files that they’re
reasonably sure are virus-free. They need to scan every disk, email, and
document they receive before they open them.
Denial-of-Service and Distributed Denial-of-Service Attacks
 Denial-of-service (DoS) attacks prevent access to resources by users authorized to use those
resources.
 An attacker may attempt to bring down an e-commerce website to prevent or deny usage by
legitimate customers.
 Most simple DoS attacks occur from a single system, and a specific server or organization is
the target.
Several types of attacks can occur in this category. These attacks can do the
following:
 Deny access to information, applications, systems, or communications.

 Bring down a website while the communications and systems continue to operate.
 crash the operating system (a simple reboot may restore the server to normal operation).
 Fill the communications channel of a network and prevent access by authorized users.
 Open as many TCP sessions as possible; this type of attack is called a TCP SYN flood DoS
attack.
Two of the most common types of DoS attacks are the ping of death and the buffer
overflow.
 The ping of death crashes a system by sending Internet Control Message Protocol (ICMP)
packets that are larger than the system can handle.
 Buffer flow attacks, as the name implies, attempt to put more data (usually long input
strings) into the buffer than it can hold.
A distributed denial-of-service (DDoS) attack is similar to a DoS attack. A
DDoS attack amplifies the concepts of a DoS attack by using multiple computer
systems (often through botnets) to conduct the attack against a single
organization.
These attacks exploit the inherent weaknesses of dedicated networks such as

DSL and cable.
An attacker can load an attack pro-gram onto dozens or even hundreds of

computer systems that use DSL or cable modems. The attack program lies
dormant on these computers until they get an attack signal from a master
computer.
The signal triggers the systems, which launch an attack simultaneously on the
target network or system.
Spoofing Attack:
 A spoofing attack is a situation in which a person or program successfully identifies

as another by falsifying data, to gain an illegitimate advantage.
 The most popular spoofing attacks today are IP spoofing, ARP spoofing, and DNS
spoofing.
 IP spoofing, the goal is to make the data look as if it came from a trusted host when
it did not (thus spoofing the IP address of the sending host).
 ARP spoofing (ARP poisoning), the MAC (Media Access Control) address of the
data is faked. By faking this value, it is possible to make it look as if the data came
from a network that it did not.
 DNS spoofing, the DNS server is given information about a name server that it thinks
is legitimate when it is not.
 This can send users to a website other than the one to which they wanted to go,
reroute mail, or do any other type of redirection wherein data from a DNS server is
used to determine a destination.
 Another name for this is DNS poisoning
Figure shows a spoofing attack occurring as part of the logon process on a
computer network. The attacker in this situation impersonates the server to the
client attempting to log in. No matter what the client attempts to do, the
impersonating system will fail the login. When this process is finished, the
impersonating system disconnects from the client. The client then logs into the
legitimate server. In the meantime, the attacker now has a valid user ID and
password.

Lectre 11

Uploaded by

Copyright:

Available Formats

Lectre 11

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Lectre 11

Uploaded by

Copyright:

Available Formats

Antivirus software

 The primary method of preventing the propagation of malicious code

Denial-of-Service and Distributed Denial-of-Service Attacks

 Deny access to information, applications, systems, or communications.

These attacks exploit the inherent weaknesses of dedicated networks such as

An attacker can load an attack pro-gram onto dozens or even hundreds of

 A spoofing attack is a situation in which a person or program successfully identifies

You might also like