Upload File

virus strategies get closer look

1
Abstracts of Recent Articles and Literature address - that of the firewall’s external interface - you have the option of increasing security and easing IP addressing problems by using ‘illegal’ addresses internally Illegal addresses, or numerical addresses you assign to your internal network that have not been assigned by the InterNIC, add security to your net- work because an attacker can’t route packets to nodes on your inner, protected LAN. The next thing you need to do before installing the firewall is decide whether to use a dual DNS system. The downside of DNS is that the network’s DNS records can provide clues about the network’s structure or the names of machines, which an attacker can use to mount spoof- ing attacks. A dual DNS system, in which you use internal and external DNS servers, can prevent such attacks. The third item on the list should be getting the desktop systems in order. Make sure all users’ systems have the latest version of the TCP/IP stack. Then try to implement a centralized IP address-man- agement scheme such as Dynamic Host Configuration Protocol. Each of the users’ TCP/IP stacks also need to have the default gateway reset. The default gateway is the IP address of the router that is used when the desktop system has no routing infor- mation for the destination address of a given packet. On an unprotected network, the default gateway is usually the inside port of the router that connects the LAN to the Internet. On a protected network, the default gateway address must be changed to the inside port of the firewall. LAN Times, March 32, 1997, pp. 79-80. Virus strategies get closer look, Salvatore Salamone. There are more viruses, and they are becoming in- creasingly difficult to detect as their creators push the envelopes of stealth, misdirection and destruction. Virus writers are becoming more prolific with be- tween four and six new viruses introduced every day This means virus scanners, which detect viruses by looking for a characteristic string of code known as a signature, must be more frequently updated. A six- month-old collection of virus signatures can miss over 1000 new viruses. Virus writers are also trying to make their viruses harder to detect. Some newer viruses try to hide the virus string from a scanner’s detection either by encrypting the signature or by changing the signature each time a program infected by a virus runs. Such viruses are known as polymor- phic viruses. Viruses are now more likely to come from sources other than floppy disks. The main virus threat today comes from macro viruses that are em- bedded in Microsoft Word documents and Microsoft Excel spreadsheet files. Such files can quickly be distributed to many people in a company by a user who copies a message with the attachment to a mail- ing list. An additional virus threat occurs in groupware systems when an infected file is stored as part of groupware database and is then passed to other servers thanks to groupware’s built-in data-replica- tion technology This year, network managers should see several interesting twists to fighting viruses in- cluding more reliance on heuristic approaches. But experts agree that even as new approaches emerge for fighting viruses, scanning will remain the best bet for most situations. Because of the importance of scan- ning, managers should look for anti-virus software that is updated regularly For some particularly trou- blesome new viruses, many vendors post a new signature as soon as it is identified. L/IN Times, Feb- ruary 3, 1997, pp. 73-74. Hacker FAQ exposes attack strategies, Al Berg. The Unofficial Novell Inc. NetWare Hack FAQ downloadable from the Internet (ftp://ftp.fast- lane.netlpub/nomad/nw/faq.zip), is at the same time a blessing and a curse. Compiled by ‘Simple Nomad’, an anonymous computer security professional for a Fortune 500 company in the States who does security consulting in his spare time, the FAQ contains 49 pages of detailed instructions for penetrating the se- curity of NetWare 3.x and 4.x LANS. The document also provides systems administration with in-depth instruction on how to thwart hack attacks. Some of the tools and techniques described such as the brute- force method of removing the NetWare bindery from the server to fool it into thinking it was just installed or the various NLMs that can be loaded at a server console to change passwords, will be familiar to the some security administrators. The new nw-hack.exe program, which hijacks a 3.11 Supervisor connection and lets anyone on the server gain Supervisor access, is not new. But Simple Nomad and his contributors have found many other ways to compromise the security of a NetWare server. Although most of the attacks on the FAQ are better suited for inside jobs than external hacker attacks, you should not consider the document irrelevant to your organization. LAN Times, April 14, 1997, pp. 80-81. Lock IT up. It has always been difficult to quantify 130

Upload: helen-meyer

Post on 02-Jul-2016

212 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Virus strategies get closer look

Abstracts of Recent Articles and Literature

address - that of the firewall’s external interface - you have the option of increasing security and easing IP addressing problems by using ‘illegal’ addresses internally Illegal addresses, or numerical addresses you assign to your internal network that have not been assigned by the InterNIC, add security to your net- work because an attacker can’t route packets to nodes on your inner, protected LAN. The next thing you need to do before installing the firewall is decide whether to use a dual DNS system. The downside of DNS is that the network’s DNS records can provide clues about the network’s structure or the names of machines, which an attacker can use to mount spoof- ing attacks. A dual DNS system, in which you use internal and external DNS servers, can prevent such attacks. The third item on the list should be getting the desktop systems in order. Make sure all users’ systems have the latest version of the TCP/IP stack. Then try to implement a centralized IP address-man- agement scheme such as Dynamic Host Configuration Protocol. Each of the users’ TCP/IP stacks also need to have the default gateway reset. The default gateway is the IP address of the router that is used when the desktop system has no routing infor- mation for the destination address of a given packet. On an unprotected network, the default gateway is usually the inside port of the router that connects the LAN to the Internet. On a protected network, the default gateway address must be changed to the inside port of the firewall. LAN Times, March 32, 1997, pp. 79-80.

Virus strategies get closer look, Salvatore Salamone. There are more viruses, and they are becoming in- creasingly difficult to detect as their creators push the envelopes of stealth, misdirection and destruction. Virus writers are becoming more prolific with be- tween four and six new viruses introduced every day This means virus scanners, which detect viruses by looking for a characteristic string of code known as a signature, must be more frequently updated. A six- month-old collection of virus signatures can miss over 1000 new viruses. Virus writers are also trying to make their viruses harder to detect. Some newer viruses try to hide the virus string from a scanner’s detection either by encrypting the signature or by changing the signature each time a program infected by a virus runs. Such viruses are known as polymor- phic viruses. Viruses are now more likely to come from sources other than floppy disks. The main virus

threat today comes from macro viruses that are em- bedded in Microsoft Word documents and Microsoft Excel spreadsheet files. Such files can quickly be distributed to many people in a company by a user who copies a message with the attachment to a mail- ing list. An additional virus threat occurs in groupware systems when an infected file is stored as part of groupware database and is then passed to other servers thanks to groupware’s built-in data-replica- tion technology This year, network managers should see several interesting twists to fighting viruses in- cluding more reliance on heuristic approaches. But experts agree that even as new approaches emerge for fighting viruses, scanning will remain the best bet for most situations. Because of the importance of scan- ning, managers should look for anti-virus software that is updated regularly For some particularly trou- blesome new viruses, many vendors post a new signature as soon as it is identified. L/IN Times, Feb- ruary 3, 1997, pp. 73-74.

Hacker FAQ exposes attack strategies, Al Berg. The Unofficial Novell Inc. NetWare Hack FAQ downloadable from the Internet (ftp://ftp.fast- lane.netlpub/nomad/nw/faq.zip), is at the same time a blessing and a curse. Compiled by ‘Simple Nomad’, an anonymous computer security professional for a Fortune 500 company in the States who does security consulting in his spare time, the FAQ contains 49 pages of detailed instructions for penetrating the se- curity of NetWare 3.x and 4.x LANS. The document also provides systems administration with in-depth instruction on how to thwart hack attacks. Some of the tools and techniques described such as the brute- force method of removing the NetWare bindery from the server to fool it into thinking it was just installed or the various NLMs that can be loaded at a server console to change passwords, will be familiar to the some security administrators. The new nw-hack.exe program, which hijacks a 3.11 Supervisor connection and lets anyone on the server gain Supervisor access, is not new. But Simple Nomad and his contributors have found many other ways to compromise the security of a NetWare server. Although most of the attacks on the FAQ are better suited for inside jobs than external hacker attacks, you should not consider the document irrelevant to your organization. LAN Times, April 14, 1997, pp. 80-81.

Lock IT up. It has always been difficult to quantify

130

A Closer Look:

A Closer Look

Adhocracy - A closer look

Take a closer look

Charismatics a Closer Look

Look Closer Overview - [email protected] · Look Closer Fannin Musical Productions Storyboard by Jason Shelby [email protected] (270) 293-4106 Overview Look Closer is a show

Take A Closer Look!

Closer look 2014 pgs

CCHR, A Closer Look

Wikipedia: A Closer Look

TCP: A Closer Look

Bible_a Closer Look-

Let’s take a closer look…. Let’s take a closer look…

TAKING A CLOSER LOOK

A Closer Look at

A Closer Look: Cultural Competency - Child Welfare · PDF fileA ClOser lOOk Cultural Competency ... A Closer Look. ... into account the continuous organizational changes in child welfare

A closer look (3)

closer look - archive.lib.msu.edu

Wikipedia: A Closer Look

Atom a Closer Look

A CLOSER LOOK AT PUBLIC HIGHER EDUCATION … Closer Look...A CLOSER LOOK AT PUBLIC HIGHER EDUCATION IN SOUTH CAROLINA Institutional Effectiveness, Accountability, and Performance A

BLISS: A CLOSER LOOK

Closer Look

A closer look - deloitte.com

Closer look at classes

Cds, a closer look

Modeling – A Closer Look

Birds -DK Look Closer

ECG: A closer LOOK

A Closer Look

Forensics: A Closer Look

SPP: A Closer Look

Myopathy: A Closer Look

2014 FS Closer Look

A Closer Look: Prolegomena - k.b5z.netk.b5z.net/.../Microsoft_PowerPoint_-_Lecture_2__Ethics_revised.ppt.pdfA closer look: Prolegomena: reality, language, & interpretation: ... & David