Network security is the topic discussed often when a discussion arouses about the computer networks, internet, intranet, etc. Security over networks reached a most in present days and a lot much of techniques have been followed to detect and preserve networks. Here, it is about the advanced techniques in preserving the networks from computer hackers and harmful viruses. It includes all the details about hacking techniques, firewall, spyware, malware, virus, etc. It also includes the detailed account of how to prevent the computer from viruses and other treats.
Network may be defined as the interconnection between two are more computers placed inside a building or within a particular area, city, state, country or over the entire world. The connection may be made either through wires which includes LAN, WAN, etc or through wireless networks such as WIFI, GPRS, etc.
Threats due to Network:
There are various threats to computer due to the networks that is, through the internet and emails. They come under the following categories,
Viruses which affects the entire computer, is capable of formatting the hard disk drives and makes the computer completely dead.
Spyware which is commercial software that uses various methods to get installed on PC and attempt to sell things or, in some cases, scam money from the user.Ad-ware is also a kind of spyware which always pops up an advertisement to sell its products without the knowledge or permission of user. Also there are various techniques followed by hackers to send these malicious softwares to the computer
through the networks. Those who follows these technique are called as hackers and this type of crime is called as cyber crime. It includes,
Hacking is the process which includes sending of viruses into user's computer when they are working with the internet. Virus is nothing but a malicious code which would format any of the hard drive and that makes it not to function properly or totally damages it. Those who create and send this kind of malicious code to internet users are called hackers. They were said to be cyber crimers and they are punishable under the law. This type of cyber crime is a kind of crime under the law of government.
The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user's information. The following image shows that how the process of phishing occurs in real time.
If the above link is clicked then the virus or a spyware may get into the user's computer.
Many people receive unsolicited email (known as Spam), much of which is offensive or a 'scam'. Spam is unsolicited email and typically consists of:
adverts for restricted websites.
adverts for drugs.
Adverts for cheap mortgages etc.
Adverts for cheap 'desirable' consumer items e.g. Rolex watches.
Too good to be true get rich quick schemes.
Spam is named after the Monty Python comedy sketch about the canned meat product of the same name. Much of this mail is offensive and most people want it stopped.
Spam as 'Scam' - some 'Spam' messages are more than 'adverts'. Some Spams are 'Scams' which try to trick people into sending money to fraudsters or revealing personal information (Phishing).
Spam as 'Virus' - some 'Spam' messages are generated by viruses and could infect your PC.
A computer virus is a computer program that can infect other computer programs by modifying them in such a way as to include a (possibly evolved) copy of it. Note that a program does not have to perform outright damage (such as deleting or corrupting files) in order to be called a "virus".
. Viruses are very dangerous; they are spreading faster than they are being stopped, and even the least harmful of viruses could be fatal. For example, a virus that stops a computer and displays a message, in the context of a hospital life-support computer, could be fatal. Even the creator of a virus cannot stop it once it is "in the wild".
The main types of PC viruses
Generally, there are two main classes of viruses. The first class consists of the file infectors, which attach themselves to ordinary program files. These usually infect arbitrary .COM and/or .EXE programs, though some can infect any program for which execution is requested, such as .SYS, .OVL, .PRG, & .MNU files. File infectors can be either direct action or resident. A direct-action virus selects one or more other programs to infect each time the program that contains it is executed. A resident virus hides itself somewhere in memory the first time an infected program is executed, and thereafter infects other programs when they are executed (as in the case of the Jerusalem 185 virus) or when certain other conditions are fulfilled. The Vienna virus is an example of a direct-action virus.
Most other viruses are resident. The second category is system or boot-record infectors: those viruses that infect executable code found in certain system areas on a disk, which are not ordinary files. On DOS systems, there are ordinary boot-sector viruses, which infect only the DOS boot sector, and MBR viruses which infect the Master Boot Record on fixed disks and the DOS boot sector on diskettes. Examples include Brain, Stoned, Empire, Azusa, and Michelangelo. Such viruses are always resident viruses. Finally, a few viruses are able to infect both (the Tequila virus is one example). These are often called "multi-partite" viruses, though there has been criticism of this name; another name is "boot-and-file" virus.
A stealth virus is one that hides the modifications it has made in the file or boot record, usually by monitoring the system functions used by programs to read files or physical blocks from storage media, and forging the results of such system functions so that programs which try to read these areas see the original uninfected form of the file instead of the actual infected form. Thus the viral modifications go undetected by anti-viral programs. However, in order to do this, the virus must be resident in memory when the anti-viral program is executed.
The very first DOS virus, Brain, a boot-sector infector, monitors physical disk I/O and redirects any attempt to read a Brain-infected boot sector to the disk area where the original boot sector is stored. The next viruses to use this technique were the file infectors Number of the Beast and Frodo.
A polymorphic virus is one that produces varied (yet fully operational) copies of itself, in the hope that virus scanners will not be able to detect all instances of the virus. The most sophisticated form of polymorphism discovered so far is the MtE "Mutation Engine" written by the Bulgarian virus writer who calls himself the "Dark Avenger".
Fast and slow infectors
A typical file infector (such as the Jerusalem) copies itself to memory when a program infected by it is executed, and then infects other programs when they are executed. A fast infector is a virus which, when it is active in memory, infects not only programs which are executed, but also those which are merely opened. The result is that if such a virus is in memory, running a scanner or integrity checker can result in all (or at least many) programs becoming infected all at once.
The term "slow infector" is sometimes used for a virus that, if it is active in memory, infects only files as they are modified (or created). The purpose is to fool people who use integrity checkers into thinking that the modification reported by the integrity checker is due solely to legitimate reasons. An example is the Darth Vader virus.
SPYWARE , MALWARE & ADWARE:
Spyware is termed as software which installs itself onto a user's machine (normally without the user's permission) and monitors their actions without them knowing. Spyware is not to be confused with 'adware' or 'malware'. Adware is software which installs itself onto your machine with the intension of promoting adverts depending on the information it captures about you. Malware (or MALicious softWARE) is software which gets onto your machine and causes viruses, worms or trojans to run without the user knowing.
HOW IT ENTERS:
If you see a pop up box similar to this, then chance are it is something tryingtoinstall onto your machine.
If the 'yes' button is clicked on the above pop up, the adware or spyware may get into the computer.
Spyware works by running a program or 'processes' behind the scenes of your computer. This means that unless you know what you are looking for or feel that your machine is starting to behave in strange ways, you are unlikely to know that you are ever being monitored. Some types of spyware will run to cause a nuisance to your machine by launching advertising pop-ups (sometimes based on the website or search engine you use), changing your browser homepage or even dialing premium rate numbers on your PC Modem so that you are left with massive phone bills
. Basically, a firewall is a barrier to keep destructive forces away from your property. In fact, that's why its called a firewall. Its job is similar to a physical firewall that keeps a fire from spreading from one area to the next. As you read through this article, you will learn more about firewalls, how they work and what kinds of threats they can protect
How it Works?
A firewall is simply a program or hardware device that filters the information coming through the Internet connection into your private network or computer system. If an incoming packet of information is flagged by the filters, it is not allowed through.
With a firewall in place, the landscape is much different. A company will place a firewall at every connection to the Internet (for example, at every T1 line coming into the company). The firewall can implement security rules. For example, one of the security rules inside the company might be:
[Out of the 500 computers inside this company, only one of them is permitted to receive public FTP traffic. Allow FTP connections only to that one computer and prevent them on all others.]
A company can set up rules like this for FTP servers, Web servers, Telnet servers and so on. In addition, the company can control how employees connect to Web sites, whether files are allowed to leave the company over the network and so on. A firewall gives a company tremendous control over how people use the network.
Firewalls use one or more of three methods to control traffic flowing in and out of the network:
Packet filtering - Packets (small chunks of data) are analyzed against a set of filters. Packets that make it through the filters are sent to the requesting system and all others are discarded.
Proxy service - Information from the Internet is retrieved by the firewall and then sent to the requesting system and vice versa.
Stateful inspection - A newer method that doesn't examine the contents of each packet but instead compares certain key parts of the packet to a database of trusted information. Information traveling from inside the firewall to the outside is monitored for specific defining characteristics, then incoming information is compared to these characteristics. If the comparison yields a reasonable match, the information is allowed through. Otherwise it is discarded.
Advancements in Using Firewall:
Firewalls are customizable. This means that you can add or remove filters based on several conditions. Some of these are:
IP addresses - Each machine on the Internet is assigned a unique address called an IP address. IP addresses are 32-bit numbers, normally expressed as four "octets" in a "dotted decimal number." A typical IP address looks like this:
188.8.131.52. For example, if a certain IP address outside the company is reading too many files from a server, the firewall can block all traffic to or from that IP address.
Domain names - Because it is hard to remember the string of numbers that make up an IP address, and because IP addresses sometimes need to change, all servers on the Internet also have human-readable names, called domain names. For example, it is easier for most of us to remember www.howstuffworks.com than it is to remember 184.108.40.206. A company might block all access to certain domain names, or allow access only to specific domain names.
Protocols - The protocol is the pre-defined way that someone who wants to use a service talks with that service. The "someone" could be a person, but more often it is a computer program like a Web browser. Protocols are often text, and simply describe how the client and server will have their conversation. The http in the Web's protocol.
Ports - Any server machine makes its services available to the Internet using numbered ports, one for each service that is available on the server .
Some operating systems come with a firewall built in. Otherwise, a software firewall can be installed on the computer in your home that has an Internet connection. This computer is considered a gateway because it provides the only point of access between your home network and the Internet.
With a hardware firewall, the firewall unit itself is normally the gateway. A good example is the Linksys Cable/DSL router. It has a built-in Ethernet card and hub. Computers in your home network connect to the router, which in turn is connected to either a cable or DSL modem. You configure the router via a Web-based interface that you reach through the browser on your computer. You can then set any filters or additional information.
BEYOND THE CONTROL OF FIREWALL:
There are many creative ways that unscrupulous people use to access or abuse unprotected computers:
Remote login - When someone is able to connect to your computer and control it in some form. This can range from being able to view or access your files to actually running programs on your computer.
Application backdoors - Some programs have special features that allow for remote access. Others contain bugs that provide a backdoor, or hidden access, that provides some level of control of the program.
Operating system bugs - Like applications, some operating systems have backdoors. Others provide remote access with insufficient security controls or have bugs that an experienced hacker can take advantage of..
Denial of service - You have probably heard this phrase used in news reports on the attacks on major Web sites. This type of attack is nearly impossible to counter. What happens is that the hacker sends a request to the server to connect to it. When the server responds with an acknowledgement and tries to establish a session, it cannot find the system that made the request. By inundating a server with these unanswerable session requests, a hacker causes the server to slow to a crawl or eventually crash.
E-mail bombs - An e-mail bomb is usually a personal attack. Someone sends you the same e-mail hundreds or thousands of times until your e-mail system cannot accept any more messages.
Viruses - Probably the most well-known threat is computer viruses. A virus is a small program that can copy itself to other computers. This way it can spread quickly from one system to the next. Viruses range from harmless messages to erasing all of your data.
Spam - Typically harmless but always annoying, spam is the electronic equivalent of junk mail. Spam can be dangerous though. Quite often it contains links to Web sites. Be careful of clicking on these because you may accidentally accept a cookie that provides a backdoor to your computer.
Be careful about using MS Outlook. Outlook is more susceptible to worms than other e-mail programs, unless you have efficient Anti-Virus programs running. Use Pegasus or Thunderbird (by Mozilla), or a web-based program such as Hotmail or Yahoo.
Install an Anti-Virus program(ex. Norton, F-Secure, Sophos or McAfee.) Also available is the free AntiVir virus scanner. Make sure you keep your virus definitions updated and run a full system scan weekly.
If someone sends you an attachment in e-mail or instant messaging, do not open it.. If someone you know very well sends you a Word attachment or other type of file, e-mail them to ask them if they meant to send it to you. If they say yes, you can open it, but you might still be at risk if they are not good about running Anti-Virus scans or careful about what they download. Be wary of attachments with a double extension, such as .txt.vb or .jpg.exe, as the system will only recognize the extension to the extreme right, and run the file as such. Double extensions are often a good indicator that the file is malicious.
Do not download software from just any old website. If it is a reputable site that you trust, you are probably safe. The threat is not only from software; don't download Word documents or other non-HTML files that have something other than one of the extensions listed above, either.
Read about the latest virus threats so you are aware of the potential danger. Go to Symantec's page to read about them daily.
Use a software firewall! Even if you have a hardware firewall, always use a software firewall (ex. Norton, Mcafee, there's also free ones- ZoneLabs ZoneAlarm).
Scan things you download! Now don't be a total nut with this. But if you download something from a site that you don't know/trust, then scan it before opening it. Anything you get from P2P software you should scan, as you are getting it from a stranger. Balance scanning things with number 11, don't go nuts scanning everything you download.
Antispyware is the software which scans for threats in the computer and display them. If user wants to delete it, it will delete those threats. The following image explains the working of antispyware.
Sometimes the viruses and spyware may come in the form by advertising themselves as the antivirus or antispyware software.
Cookies or those which are stored as documents in the some system folders in the computer and they help in fast accesing that site frequently. But they are harmfull in the case that they are from the unsecured websites. They should be blocked or deleted for safe browsing.
In Internet Explorer, on the Tools menu, click Internet Options.
Click the Privacy tab, and then click Advanced.
Click Override automatic cookie handling, and then specify how you want Internet Explorer to handle cookies from first-party Web sites and third-party Web sites (a Web site other than the one you are currently viewing).
To specify that you want Internet Explorer to always allow cookies to be saved on your computer, click Accept.
To specify that you want Internet Explorer to never allow cookies to be saved on your computer, click Block.
To specify that you want Internet Explorer to ask whether or not you want to allow a cookie to be saved on your computer, click Prompt.
If you want Internet Explorer to always allow session cookies (cookies that will be deleted from your computer when you close Internet Explorer) to be saved on your computer, click Always allow session cookies
You can delete all cookies in the temporary internet files folder by selecting "Tools" then clicking on "Internet Options..." at the bottom of the menu. Then just click the "Delete Cookies" button and then subsequently, the "OK" option.
Cookies are a widespread privacy concern, and in most circumstances can be BLOCKED. Simply "allow" cookies from the sites that request them (bank sites, forums, and other "log in" type sites usually require cookies to save your username and password).
Cache is also a file that will be stored in the system when a web page is opened.
It also should be deleted so that surfing will be safe. These things are more important when working in a browsing center.
Open your browser. Since every browser is different, the following sections will outline the steps involved in clearing the cache for the four major browsers: Internet Explorer 6, Firefox 1.0/1.5, Opera, and Konqueror.
Once your browser is open, click the Tools menu and select Internet Options.
Make sure the General tab is selected.
Click Delete Files in the Temporary Internet Files section and click OK.
Once your browser is open:
Firefox 1.0 users: click the Tools menu and select Options.
Firefox 1.5 users: Click the Edit menu and select Preferences.
Click the Privacy button and select the Cache tab.
Click the Clear Cache Now button.
Once your browser is open, select the Tools menu and click Delete Private Data.
Click the Details button.
If you do not wish to delete cookies, saved passwords, etc., uncheck them from the list.
It is a good practice to clear your cache and delete your cookies regularly.
If you make purchases online, use a money transfer service such as PayPal whenever possible.
Be certain that you purchase from credible websites, and that the site is secure. (The site is secure if you see https:// in the address bar instead of http:// - the s means secure)
Call your bank immediately if your account has been charged with purchases you did not make.
It is advisable to disable your cookies and cache. Although this may be somewhat of an inconvenience, it will make your information safer.
If you use Internet Explorer, consider migrating to a safer, more secure browser such as Firefox or Opera.
Networks can be prevented in the above explained ways either by protection or by prevention. It is to be noted that any antivirus software or likemost are used by you, the updated version must be used because day by day new and lot more viruses gets developed by the user and sent to the users. There are more facts to be discussed on this fact which are beyond the scope of the paper.