Software Firewall

You may have heard the term firewall. If you have a network of computers (say 50 computers in the network) you will implement a firewall to protect your network from the cyber attacks. A firewall controls the ports that are used to communicate with the network. You can implement your own laws concerning the security of the network. You can allow the FTP to restricted number of computers. You can also regulate the computer from visiting certain restricted sites. If the network is large the security must be as tight. But what about the case of one or two computers connected to the internet ? The software firewall is the solution. Te software firewall examines the ports connected to the internet and regulates it. It also asks the user whenever an applicayion installed in the computer try to access the internet. Thus we can prevent unwanted usage of the internet by the unknown application. This also saves our band width. The usage of internet connection by the unknown application is generally a trojan or spyware.
The usage of the software firewall is not limited to the small network. It is also used in the huge network to regulate the usage of the internet by the employees.

---

The firewall uses the following ways to prevent the unwanted data transfer through the internet.

• Proxy Service: The information received from the internet is received and it is forwarded to the requesting system. It can also receive the information (request) sent by a computer in the network and forward it to the corresponding destination.
• Packet Filtereing: The information to be sent are breakdown into small units and are converted to packets. These packets are first received by the firewall and checks it with a set of predefined filters. The firewall allows only the trusted packets to pass to the requesting computer.
• Stateful Inspection: It is a newer method. It does not checks the whole packet. Instaed it checks for only certain parts of the packet. It checks specific part of the data while sending the request and compares it with the incomming packets. If a match is found the packet is considered as a trusted packet and allowed to pass through the network otherwise it is blocked.
  

Blogged with the Flock Browser

Computer virus strikes US Marshals, FBI affected

A mystery computer virus affected the computer networks of the US Marshals and FBI. Both of them had shut down their network to prevent further spreading and destruction. The computer network have been disconnected from the Justice Department as a preventive measure. The problem of virus starts in the Thursday. The origin of the virus has not been identified. Besides the external network, the law enforcement department has its own internal network to prevent the snoopers from accessing the sensitive data. The internet access and e-mail services of the US Marshals and FBI had been disabled while the staff worked on the problem.

Resident Virus

As you know a virus will normally infect an executable file and it will be executed when the infected file is executed. According to the mode of infection the viruses are divided into resident and non-resident viruses. The non resident virus has a module to find the files that it can infect and it also has another module called replication module which will infect the file encountered by the finding module. After infecting a particular file the virus will be executed when the infected file is executed.
In the case of the resident virus, the thing is different. They first infect a file or executed by some other means. When they are executed it loads its replication module into the memory. By working in the memory it is capable of infecting the files to a great extend. So there are two types of resident viruses- those which are capable of infecting large number of files in a short duration called fast infectors and the other that infects less number of files. The fast infecting type virus is somewhat more dangerous since it infect more potential programs in a short duration. If the infected potential files include the files of the antivirus then there is a chance of infecting the files scanned by the antivirus. The fast infecting virus shows the symptoms of infection very soon, mostly by slowing down the PC. There are antiviruses that will be active when there is an abnormality is identified and it will disinfect the infected file. In the case of slow infectors, they do not show the symptoms of infection as slowing downing the PC. This makes them less chance to be identified by the antivirus. But do not remain unidentified forever. Since it shows the signs of infection very late, they are identified very late. However it is less dangerous than that of the fast infectors.

Crimeware

Crimewares are applications that are developed to steal the personal information or to commit a crime. Usually crimeware are used to steal money from the accounts of the companies or the traders that makes the thief richer. Crimeware uses several methods. The attacker can use a keylogger trojan fro stealing the kestrokes from the user. The user may be an employ of a bank or other finantial institution. The attacker can use this stealed information for his job. Another method is by redirecting the user to a fake website even if the user has entered the url correctly. the crimeware allows the attacker to wait till the user login in to his account and the he can steal the information without identified by the user. The crimeware can steal password from the cache of the browser. The crimeware uses the vulnerabilities in the applications that uses internet connection. The attack may also in the form of an e-mail which provides fake sender details.

Password Cracking

Password cracking is the process of recovering the password. Usually password cracking is used to find out the password lost by the user. Like every development in the technology, this is also used for illegal purposes. Password cracking is used for hacking purposes. Password cracking is used for determining the active passwords of the email by the attackers. The password they crack include passwords of the website, computer, domains etc.
In most of the networks authentication is used to allow the limited access to the network. The authentication is generally done by using the user name and password. Without the user name or password a computer is not allowed to access the network. In most cases the password is not stored in the plain text form. The password in the plain text form is more vulnerable to attack. For the security reasons the password is encrypted. Encryption is done in different method is the password is mixed with certain data and the resultant form is stored in the corresponding database. If an attacker gets this encrypted password it will be easier for him to find out the original password.
One of the method of password cracking is by guessing. If the attacker knows a user he guesses the password by simply checks the password by giving the names of the friend, pet,favorite celebrities etc. The other type of guessing involves the trial and error method using the common password words like admin,administrator, password, passcard etc.
Another type of finding password is by using a software which generates the password like words from the dictionary. A good percentage of the people creates password from the words in the dictionary. Some people may prefix or postfix a digit which is usually 1.
The another type of attack is the brute force attack. This has higher chance of success if the password is small. That is why the most of the sites requiring authentication asks for password with more than 6 characters. The brute force attack uses every words that may have the chance for becoming the password.
Precomputation is another method of finding password. This method involves hashing of each word in the dictionary and stores it. This way when a new encrypted password is obtained password recovery is very easy.
The password cracking can be prevented by using the high encryption during the transmission. In the case of password stored in the system, the password must be accessible only to the trusted applications.

Know your Computer's internet security

You may know that a computer can communicate with other computer only through the ports. A computer can be connected to the internet only through the ports. A computer has thousands of ports. But we require only a fewer ports. If a remote computer needs a port, it sends request to the computer for accessing a particular port. Each port is identified by its port number. The computer receives the request and allows the program in the remote computer to access the computer. This is the normal case. I mean the ideal case. But the programs in the remote computer are human created and so there is a chance for the presence of the error. Moreover some programs are malware that uses the trusted programs to get in to the computer. By closing the unnecessary ports we can prevent the remote computer from accessing our computer up to a limit. But this will not protect your computer completely from the attacks through the internet. This only reduces the chance of attack through the internet connection. For knowing which ports are opened and which are closed visit: http://scan.sygate.com/
If you use a firewall software you can manage the programs from accessing the internet. You can block the unwanted programs from accessing the internet. But the presence of rootkits can even cheat the firewall

Want to know about Rootkits ?

You may noticed that while you perform scan for the virus with an anti virus software, it may sometimes display Rootkits found. Want to know about the Rootkits? Here is a small description about the Rootkits. Rootkit is a software which is a program or a combination of more programs that are designed to hide the fact that a system has been compromised. The rootkits are to be installed by the attacker in the target machine phisically by himself or by exploiting the system vulnerabilities. Once the rootkit is installed in the target system, the attacker can modify the system files and hide the running process of the attacker installed files. The rootkits often forms a back door in the system allowing the attacker to steal the data from the system without knowing the user.
Actually Rootkits are evolved as a software to handle the system when the system falls in to a non-responsive state. Later the hackers have turned this to a malware. The applications which creates the virtual devices like Demon Tools uses the Rootkits to hide certain system activity and to supress certain process of the system. The Kaspersky antivirus uses the rootkits to hide and protect their files from the attack of the malwares.
Most antiviruses are not capable of finding the rootkits. Even some of the antiviruses found certain types of rootkits, they cannot find all types of the Rookits. Fortunatley softwares for finding the Rootkits (like Rootkit Revealer) are available in the market for finding and deleting the Rootkits. Most of the Rootkits are installed in the target machine by the user in the form of patch or key generator. Lots of Rootkits are available in the internet for downloading. If you want one visit: http://vx.netlux.org/.

Make e-banking more secure...

We are familiar with the stories of several people who lost their money via e-banking. The banks are stepping up security as the cases of money loss through the e-banking increases. But in most case the money loss is due to the unawareness of the user rather than the security provided by the banks. Here are some tips that would helpful in increasing your security in e-banking:

* Do not use computers in internet cafe or computers in other institutions that you found less secure. It is always better to use your own personal computer for this purposes. The computers in internet cafe has less security as it contains lots of malware or spywares and viruses. It may steal your account details and sent this details to the hacker. These details will help the hacker to take money from your account easily. Some computers in the internet cafes are installed with anti virus softwares. But do not trust this as a high secure because in most internet cafes the anti virus softwares are not updated periodically. This softwares cannot prevent newly formed spywares.
* Use a good anti-virus software in your computer. It is more important that you must update the anti virus software periodically. This enables the software to detect more and more viruses and thus increase the security of your computer.
* Use a firewall other than windows firewall so that we can monitor the usage of internet by the programs in the computer and can block the programs that does not require internet connection.
* Always go to the website by typing the URL in the address field directly. Do not go to the website through the search engine, as it may lead to the spoofed website. The spoofed website may look similar to the original website so that the user believe that he has reached the original website. The user will enter the details in the spoofed website and his money will be utilized by the hacker. It is also important to check whether you have entered the correct address or not.
* Use a good browser like firefox or internet explorer for browsing.
* Do not save passwords in the browser. The saved password can be stealed by the hacker by understanding the algorithm of the browser.
* Also check whether the prefix of the URL in the address field is https instead of http.

Website Spoofing

Website spoofing is the practice of creating website as a hoax. The reader feel that the website was created by a different person or organization. In most cases the readers reach these sites by making small mistakes while entering the URL in the address bar. For example if the user enters www.virsu.com instead of www.virus.com, he may reach the spoofed site. (This is only an example and doesn't mean that www.virsu.com is a spoofed site.) URL redirection is a technique used for spoofing. URL redirection is generally used to redirect a user to a specific website. ie, to have more URLs for a specific website. These facility is illegally used for spoofing. Another method used is the usage of control characters. The control characters are non-printable characters that are represented by ASCII codes. The main motive in website spoofing is to publish false information regarding a person or authority or organisation.

e-mail spoofing

e-mail spoofing is a technique used to sent the spam mails. In e-mail spoofing the sender address and the other parts of the e-mail header are modified in such a way that the recipient feels that the e-mail was from a different source. If the attacker requires response from the recipient, he adds his e-mail address to the reply to field. This is helpful in finding the attacker. But in some cases the attacker mounts false address in the place of the reply to field. In such cases the the reply of the recipient may badly affect the innocent third person.
There are softwares that generate random e-mail addresses for the attacker to use. If the recipient finds the origin of the email, it is rare that the e-mail is active. Some of the worms uses mass mailing. Here the worm infects a user. When the user opens the e-mail, it triggers the worm and the worm will start reading the address book of the user and then sends e-mail to the other users whose address is in the address book of the first user. If the gateway blocks this infected mail, a message showing that a virus has been blocked.

IP Address Spoofing

The protocol that is generally used to communicate between the systems is Internet Protocol (IP).
The data is sent through the internet in the form of packets. Each packet has a header which contains general information about the packet. The header of the packet in the IP contains the source address and the destination address. The source address is generally the IP address of the system from where the packet is sent over the internet and the destination address is the IP address of the system to which the data is sent. In IP address spoofing the source address in the header is replaced by a false address and is sent to the target system. The responce from the target system is sent to the false address. The attacker may be able to predict the responce from the target machine or he can direct the responce to his IP address.
The IP spoofing is usually done in Denial of Service (DoS) attack. Here the attacker doesn't need to know the responce of the target machine. He need just to sent the packets to the target with false address. Each packet to the target may be fixed with diferent false source address. So it is difficult to filter the unnecessary packets.
It is difficult for the attacker for attacking a system which requires authentication, but it is possible to attack the target to some extend. In some networks for example in the case of a network in the bank every system is interconnected and it may not require authentication to communicate between these systems. If the attacker wins in gaining access to one of the system in the bank, he can simply attack the whole network.
One of the method to prevent spoofing is to filter the incomming and the outgoing packets. The gateway to a network usually perfoms ingress filtering, which will prevent the data comming from the outside network with source address within the network. Similarly the gateway performs engress filtering which prevents the packets with source address outside the network. These measures prevents the spoofing only to some extend.

Cyber Spying

Cyber Spying is the practice of stealing data or information from a computer without the knowledge of the owner. The Cyber Spying targets competitors, government,enemies, economists, politicians etc. Cyber Spying may be done on a computer located at far away from the attacker. Cyber Spying can be done with the help of several malicious softwares including virus, trojan, spyware etc. The Cyber Spying is done at work place by a computer professional or at home by a trained professional hacker. Cyber Spying is done by infiltrating in to the computer network in the illegal way. There were strong laws to prevent Cyber Spying.

You will get a detailed information from :

http://www.rainbowskill.com/internet-fundas/all-about-chinese-cyber-spying.php

A zombie computer

Many people knew that a hacker can use a computer connected to internet for his illegal purposes. Such computers which are connected to the internet that obeys a hacker via a virus or trojan is called a zombie computer. The computer became a zombie when a virus or trojan gets installed the computer. There may be several such computers working simultaneously for a particular hacker. This makes it difficult to trace the hacker. Since the owner of the computer is unaware of this, the computer is known as zombies.
Zombies are generally used for sending spam emails and for the spreading of the trojans or computer viruses. This help the spammers not only to save their bandwidth cost but also to remain undetected. Certain hackers use zombies to commit click fraud against the sites displaying the pay per click advertisement. The hackers use the zombies for the Denial of Service (DoS) attack. Here the hacker sends unnecessary packets to the targeted website so that the legal users cannot access the website. The intense flooding can be easily found out and prevented, but the pulsating flooding remain unidentified for several months or years. The DoS attack is even done against the top sites like yahoo,ebay etc.
Network Intrusion-prevention systems (NIPS) are usually useful for preventing, detecting and blocking zombie computers.Computer users frequently perform backups and delete suspicious mail messages as preventive measures against infection.