Über die Autorin bzw. den Autor

Rachelle Reese has been designing and developing technical training courses for over ten years and has written a number of books on programming. She has an MA from San Jose State University. She is also a Microsoft Certified Application Developer (MCAD).

Von der hinteren Coverseite

You can get there

Whether you’re already working and looking to expand your skills in the computer networking and security field or setting out on a new career path, Network Security Fundamentals will help you get there. Easy-to-read, practical, and up-to-date, this text not only helps you learn network security techniques at your own pace; it helps you master the core competencies and skills you need to succeed.

With this book, you will be able to:

• Understand basic terminology and concepts related to security
• Utilize cryptography, authentication, authorization and access control to increase your Windows, Unix or Linux network’s security
• Recognize and protect your network against viruses, worms, spyware, and other types of malware
• Set up recovery and fault tolerance procedures to plan for the worst and to help recover if disaster strikes
• Detect intrusions and use forensic analysis to investigate the nature of the attacks

Network Security Fundamentals is ideal for both traditional and online courses. The accompanying Network Security Fundamentals Project Manual ISBN: 978-0-470-12798-8 is also available to help reinforce your skills.

Wiley Pathways helps you achieve your goals

The texts and project manuals in this series offer a coordinated curriculum for learning information technology. Learn more at www.wiley.com/go/pathways.

Aus dem Klappentext

You can get there

Whether you’re already working and looking to expand your skills in the computer networking and security field or setting out on a new career path, Network Security Fundamentals will help you get there. Easy-to-read, practical, and up-to-date, this text not only helps you learn network security techniques at your own pace; it helps you master the core competencies and skills you need to succeed.

With this book, you will be able to:

• Understand basic terminology and concepts related to security
• Utilize cryptography, authentication, authorization and access control to increase your    Windows, Unix or Linux network’s security
• Recognize and protect your network against viruses, worms, spyware, and other types of malware
• Set up recovery and fault tolerance procedures to plan for the worst and to help recover if disaster strikes
• Detect intrusions and use forensic analysis to investigate the nature of the attacks

Network Security Fundamentals is ideal for both traditional and online courses. The accompanying Network Security Fundamentals Project Manual ISBN: 978-0-470-12798-8 is also available to help reinforce your skills.

Wiley Pathways helps you achieve your goals

The texts and project manuals in this series offer a coordinated curriculum for learning information technology. Learn more at www.wiley.com/go/pathways.

Auszug. © Genehmigter Nachdruck. Alle Rechte vorbehalten.

Wiley Pathways Network Security Fundamentals

John Wiley & Sons

Chapter One

Starting Point

Go to www.wiley.com/college/cole to assess your knowledge of protecting a computer against viruses, worms, and other malicious programs. Determine where you need to concentrate your effort.

What You'll Learn in This Chapter

* Viruses

* Worms

* Trojan horses

* Spyware

* Web browser security

* Spam

* Email security

After Studying This Chapter, You'll Be Able To

* Identify various types of malicious code

* Mitigate the risk of a malware infection

* Configure web browser security settings

* Mitigate the risk of spam

* Identify safe email practices

INTRODUCTION

As software has become more powerful and users around the world have become more interconnected, the threat of a computer being infected with malicious code has ballooned. In this chapter you will learn about the types of malicious code you need to guard against and some steps for mitigating the threat. This chapter pays particular attention to two venues frequently used to spread malicious code: web pages and email.

9.1 Viruses and Other Malware

Before you can understand how to mitigate the threat of malicious code, you need to understand the types of malicious code being propagated (spread from computer to computer) and the methods of propagation. In this section, we'll look at various types of malicious code, which is also known as malware or malcode.

9.1.1 Viruses

A virus is a piece of code that inserts itself into legitimate software. As with a biological virus, the computer virus is not viable without a host. The virus needs the host software or file to propagate and carry out its mission. A virus is able to replicate (reproduce) itself and attach itself to a host file, a technique known as self-propagation.

Early viruses infected boot sectors of floppies and were spread by the sharing of applications on floppies. Today, floppies are too small to be practical for sharing applications, so boot sector viruses that are transmitted through floppy disks are not common anymore.

If the virus has attached itself to an application, the code in the virus is run every time the application runs. The virus code will have the same privileges as the host application. A typical example of a host for this kind of virus is a self-extracting video clip. When the unsuspecting user launches the file to extract the video, the virus code runs. This virus spreads by people sending the self-extracting video clip to their friends.

Some viruses are able to attach to data files such as spreadsheets and word processor files. These viruses are scripts that execute when the file is loaded. A script is code written in a scripting language, so it does not need to be compiled (converted from human-readable source code to binary machine language) into an executable. Instead, it is run by an application that supports such scripts.

One of the first widespread viruses to exploit scripts was Melissa, which spread by infecting Microsoft(r) Word files. When the Word files were opened, the virus code would run and infect the Normal.dot template file used by the word processor. After Normal.dot was infected, any Word document saved would have the Melissa virus. Melissa used the autorun macros in a Word document to run a Visual Basic(r) script (VBScript) when an infected Word document was first opened. Microsoft now has a feature called Macro Virus Protection that can stop macros from running. This protection should not be disabled.

Email viruses move from PC to PC as part of the body of a message. When the virus code is executed, a message with the virus embedded is sent to other mail clients. The virus can either be an attachment that must be opened or an embedded script. Scripts can access the user's address book, and can use those addresses to propagate the virus-infected message.

One example of a virus that propagates through email is the ILOVEYOU virus. The ILOVEYOU virus first appeared in the spring of 2000 and was simply an attachment that users launched. Once launched, the virus's Visual Basic script sent out an infected message to everyone in the user's address book.

9.1.2 Worms

A worm is code able to replicate itself and propagate to other hosts by exploiting a vulnerability in a program. Most worms exploit previously identified vulnerabilities that are correctable with patches or upgrades. Therefore, the best protection against worms is to stay current with patches and upgrades for Windows(r) as well as for other major applications.

Another way to protect against worms is to minimize the services and applications running on a computer. For example, worms often target common, high-visibility applications, such as the Microsoft web server, Internet Information Server (IIS). If a computer does not need to serve web pages and it is not being used to develop an application that relies on IIS, IIS should be disabled on the computer.

9.1.3 Trojan Horses

A Trojan horse is a program that masquerades as a legitimate application, while also performing a covert function. Users believe they are launching a legitimate application, such as a screen saver. When the Trojan horse runs, the user has every indication that the expected application is running. However, the Trojan horse also runs additional code that performs a malicious activity.

The best way to detect a Trojan horse is to identify executable files that have been altered. This is most easily done by creating a baseline of cyclic redundancy check (CRC) values for all executable files on a workstation. A CRC calculates the file size and divides by a number, then stores the remainder of the operation. If an executable file is later altered to include a Trojan horse, it can be detected by comparing the current CRC value with the baseline value.

Trojan horses are more difficult to distribute than viruses and worms. They do not propagate on their own. They rely on users accepting questionable executables from untrusted sources.

Trojan horses are very powerful threats to the security of a computer, network, and organization. They bypass most security controls put in place to stop attacks. Trojan horses are not stopped by firewalls, intrusion detection systems (IDS), or access control lists (ACLs) because a user installs them just as they would any other application.

Logic Bombs

A logic bomb (also called slag code) is a type of Trojan horse that lies in wait until some event occurs. The most common trigger for a logic bomb is a date, in which case the code is known as a time bomb. The Michelangelo virus was an early logic bomb, created in 1991. Its trigger was March 6, Michelangelo's birthday. It was a particularly destructive logic bomb because it was designed to overwrite the hard disk. The Nyxem Worm is a more recent time bomb that activates on the third of each month. It disables file sharing security and virus protection and deletes certain file types, including Microsoft Office files, .zip files, and .rar files. The files with extensions .zip and .rar are compressed...