March 2010
M T W T F S S
« Feb    
1234567
891011121314
15161718192021
22232425262728
293031  
Globe of Blogs

Top Blogs
Blog Directory
Elite Web Directory
Add to Technorati Favorites
My Zimbio
Top Stories
Web Directory
On our way to 1,000,000 rss feeds - millionrss.comî
As Featured on ArticleCity.com
«  
  »

windows internet security



Windows Operating System is widely used worldwide, and no wonders it becomes the main target of the hackers and other malicious software (malware). It is therefore, the need of Windows Internet Security is a must if it must connect globally into the wild internet.

There are many Windows Internet Security packets available in the market, or you can download the trial version free for one month such as Norton or BitDefender for home users which typically have couple of computers or more. Unlike home networking, corporate or enterprise networks have multiple layers of security system including endpoint secured routers with access-list security policy, hardened security firewalls, and the management of information security.

Why do you need Windows Internet Security software for your home network? Connecting the computer to the internet will expose the computer into the wild un-secured network where many hackers and malicious software threatening our computers. There are many types of network security and internet threats that we should know to get prepared for the defense. The following are some common threats you need to know.

Brute force and dictionary

Windows internet security must be able to defense against brute force and dictionary attack which threatens the passwords database file or an active logon prompt. A brute force attack actively attempt to discover passwords for user accounts by attempting every possible combination of letters, numbers, and symbols systematically.

Unlike brute force attack, a dictionary attack is an attempt to discover passwords by attempting to use every possible password from a predefined list of common or expected passwords or words from the dictionary. It is therefore the use of strong password is strongly recommended. See also securing password guideline here. With stronger and longer password, brute force attack takes longer time to discover it, but with enough time – all passwords can be discovered.

Besides windows internet security software, Stateful packet inspection which is typically embedded inside the wireless router or any other security appliance such as DSD-150 by D-Link (for home users) or Secure@Office internet security appliance can protect this type of attacks.

Denial of service Attacks

Denial of service Attacks (DoS) are common threats that mostly Windows Internet Security software and other Internet security appliance actively protect against them. DoS attacks will prevent the system from processing or responding to legitimate traffic or requests for resources and objects.

There are many types of DoS attacks that all the Windows Internet Security software must protect against them such as the following:

  • Distributed denial of service (DDoS), occurs when the attacker compromises several systems and uses them as launching platforms against one or more victims.
  • Distributed reflective denial of service (DRDoS), which takes advantage of the normal operation mechanisms of key Internet services, such as DNS and router update protocols. DRDoS attacks function by sending numerous update, session, or control packets to various Internet service servers or routers with a spoofed source address of the intended victim.
  • SYN flood is waged by breaking the standard three-way handshake used by TCP/IP to initiate communication sessions. Normally, a client sends a SYN packet to a server, the server responds with a SYN/ACK packet to the client, and the client then responds with an ACK packet back to the server. This three-way handshake establishes a communication session that is used for data transfer until the session is terminated (using a three-way handshake with FIN and ACK packets). A SYN flood occurs when numerous SYN packets are sent to a server, but the sender never replies to the server’s SYN/ACK packets with the final ACK.
  • Smurf attack occurs when an amplifying server or network is used to flood a victim with useless data. An amplifying server or network is any system that generates multiple response packets, such as ICMP ECHO packets or special UDP packets, from a single submitted packet. One common attack is to send a message to the broadcast of a subnet or network so that every node on the network produces one or more response packets.
  • A ping of death attack employs an oversized ping packet. Using special tools, an attacker can send numerous oversized ping packets to a victim. In many cases, when the victimized system attempts to process the packets, an error occurs, causing the system to freeze, crash, or reboot. The ping of death is more of a buffer overflow attack, but because it often results in a downed server. It is the Windows Internet security that should detect and protect against these types of DoS attacks.
  • A stream attack occurs when a large number of packets are sent to numerous ports on the victim system using random source and sequence numbers.

Spamming

Spam is commonly related to the unwanted e-mail, newsgroup, or discussion forum messages. Spam can be as innocuous as an advertisement from a well-meaning vendor or as malignant as floods of unrequested messages with viruses or Trojan horses attached. Spam is usually not a security threat but rather a type of DoS attack. Check out the article about anti-spam policy.


Trojan horses

As inspired by the Greek horse that was given to the city of Troy but was actually a troop carrier, Trojan horses are programs that appear to have one function but actually perform another function. ). Analogous to their namesake, modern-day Trojan horses resemble a program that the user wishes to run—e.g., login, a game, a spreadsheet, or an editor. While the program appears to be doing what the user wants, it actually is doing something else unrelated to its advertised purpose, and without the user’s knowledge. Mostly Windows Internet security are able to detect this types of attacks.

Sniffers

Internet-securityA sniffer attack (aka a snooping attack) is any activity that results in a malicious user obtaining information about a network or the traffic over that network. A sniffer is often a packet-capturing program that duplicates the contents of packets traveling over the network medium into a file. Sniffer attacks often focus on the initial connections between clients and servers to obtain logon credentials, secret keys, and so on.

Spoofing

Spoofing is the art of pretending to be something other than what you are. Spoofing attacks consist of replacing the valid source and/or destination IP address and node numbers with false ones.

Man-in-the-middle attacks

A man-in-the-middle attack (or hijack attack) occurs when a malicious user is able to position himself between the two endpoints of a communication’s link.

  • By copying or sniffing the traffic between two parties; this is basically a sniffer attack
  • The attackers positioning themselves in the line of communication where they act as a store-and-forward or proxy mechanism.

The attacker is invisible to both ends of the communication link and is able to alter the content or flow of traffic. Through this type of attack, the attacker can collect logon credentials or sensitive data as well as change the content of the messages exchanged between the two endpoints.

Crackers

Crackers are malicious user’s intent on waging an attack against a person or system. Crackers may be motivated by greed, power, or recognition. Their actions can result in stolen property (data, ideas, etc.), disabled systems, compromised security, negative public opinion, loss of market share, reduced profitability, and lost productivity.

Viruses

A true virus is a sequence of code that is inserted into other executable code so that when the regular program is run, the viral code is also executed. The viral code causes a copy of itself to be inserted in one or more other programs. Viruses are not distinct programs—they cannot run on their own, and some host program, of which they are a part, must be executed to activate them.

Worms.

Worms are Programs that propagate from computer to computer on a network, without necessarily modifying other programs on the target machines. Worms are programs that can run independently and travel from machine to machine across network connections; worms may have portions of themselves running on many different machines. They do not change other programs, although they may carry other code that does (for example, a true virus).

Crackers, viruses, and worms are common Internet threats that should be blocked proactively by Windows Internet security software.

Windows Internet Security software (such as Bitdefender Internet Security software) or any Internet security appliance (such as Secure@Office or Cisco ASA 5500 for business users) should proactively protect the computers and the entire network against any of the above internet and network threats.

Suggested articles:

Search More Information Here:

  • Share/Bookmark
December 7th, 2009 | Tags: | Category: Network Security

Leave a Reply

 

 

 

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>