In this article we analyze the types of attacks more common to those who faced daily by the network and some recommendations for avoiding them.
We often wonder what we can do with each of the threats that are on the Internet.
Not a single program meets the threats to our security by sophisticated and complete that it may seem, there are security suites that combine various modes of protection for your computer such as anti-virus, firewall, anti-spyware, Web content control etc.
Among the most used and recognized security suites from Norton, Mcafee, Panda and Kaspersky are.
In reality, the issue of security is something that not only depends on all programs that monitor our team, but also of ourselves.Here the factor human (or common sense) is as important as security strategies we implement with appropriate programs.
Below I will describe what everyone should have installed on our computers in order to use our PC and navigate much more secure, but also must be said that as much as we protect, all system security is likely to be vulnerable:
1. an antivirus.
Viruses are programs that are introduced into our computers in very different ways and that can produce unwanted and harmful effects. Once the virus has been introduced on the computer, will be placed in locations where the user can execute them unintentionally, so that the virus acts, it is necessary to run the infected program or a particular condition is met. It is why so on some occasions, the effects produced by a virus, appreciated time after its implementation.
The most common input media for viruses are:
1. the removable disk drives (floppy, CD-ROM, ZIP drives, pen drives etc.)
2 internet (browsing, e-mail, download files etc.)
3. a computer network of a company in which share files of all kinds, that if they are infected, can end up spreading all the computers on the network.
More likely to become infected files are the ones in storage media like hard disks or floppy disks. Those files, files or documents that have the characteristic of being programs will be more specifically infected. While these are the most normal, there are viruses that infect files that are not programs, like for example files that contain macros. These macros are programs that the user can include within a certain type of files and allow the execution of other programmes or other commands that can be lethal for our team.
Because of all this, an antivirus is the defensive system against viruses, worms, Trojans and other threats par excellence.Nowadays a computer without antivirus or not updated, is exposed to all kinds of attacks whose nefarious results range from loss of vital data to espionage in everything we do with it.
You have an antivirus has become a must for our team, especially if we are talking about at the corporate level, although increasingly is being used more on a personal level, since spending posed an antivirus is not comparable to which can lead us to recover data lost due to a virus.
There is a wide range of models of antivirus including choice, and prices are very interesting because of the competition.Besides the antivirus on payment, there are many other free antivirus, which although they do not have a database of virus as wide as the others, offer excellent protection against many viruses circulating on the network.
Anyway, we choose a professional antivirus or one free, the important thing is that our computer has one of these programs, since it will always be better than not having any protection system.
We are even more confident under the watch of two antivirus, though before we venture, we must inform us of the incompatibilities with other brands.
What we must never do is to have more than one active antivirus, since we could have serious problems of security and even hang the computer.
These are some addresses of antivirus programs where we can analyze our online team, test them, and if you are satisfied to buy them:
- Trend micro
- Bit Defender
- AVG Antivirus
- Clam Win
2. a firewall or Firewall.
When a computer accesses the Internet communicates through a “door” called connection ports. There are 65,535 channels where data may leave or enter on our computer, so that someone can try an intrusion by any of those ports. In reality is not so easy intrusion because if we try to access a computer by a port and this is not listening (listening), it will be impossible. But Windows by default opens several ports that let our very vulnerable computers.
A good firewall should close all ports that are not in use and prevent any connection through them. This ensures a lot our security.
Unlike in the antivirus, should never install two firewalls at the same time. The interference between the two can cause involuntary opening of ports that would make your computer more insecure.
Two examples of good firewalls are ZoneAlarm and Tiny, Norton, Panda, and Mcafee mentioned above.
Operation of a Firewall
A firewall is a mechanism based on software or hardware that is placed between two networks, usually between a LAN and the Internet, and allow certain connections and blocks others following a previously configured rules.
Firewalls as I’ve said before, can be a special program that is installed on a PC, or a device that performs that function or hardware that can come even implemented in certain devices such as Routers.
Personal such as Zone Alarm, Tiny and BlackICE firewalls, are Software-based Firewalls but that only protect the machine that has it installed. They are designed for small networks or individual users.
On a personal level or a small organization, if these programmes are complemented with other types of software such as an anti-virus, we would get a more than acceptable safety level.
Actually, all have the same purpose, which is to block certain types of traffic on the network that is considered inappropriate.Despite that, there are two ways to block this traffic, filtering at the network layer or application layer:
1. a network layer firewall filter packets based on pre-defined rules that indicate directions destination or origin and a port number.
2. a firewall based on an application, acts as a Proxy and prevents the traffic between two networks, but allows certain applications within the network to be accessible to certain software from the outside.
If we want to see a Firewall running, this link is a video that shows the operation of the network and how the Firewall accepts or rejects packets that arrive as rules are established. Video Firewall
3. an antispyware
Spyware is a software spy created in order to collect information from the user who has it installed and, in most cases, this user is aware of what is happening.
There are several types of spyware, so we can call them according to the function that performs its malicious code:
-Adware : open windows (popups) that displays advertising while you launch applications.
-Spyware : small program that is installed on our computer to steal our data and spy on our movements online, collecting data about the websites that we visit.
-Hijackers : program that Internet browser redirects to sites of your choice kidnapping home or our browser search page.
-Dialers : program able to modify the phone number with which we connect to our ISP (Internet service provider) so let’s call a premium rate phone number further with the cost of that. (906; 806; 807; etc).
Some are automatically installed without our consent, are not qualified as a virus but invade our privacy and are threatening the stability of the system and especially the functioning of the browser or e-mail client in the majority of cases, and they may even collect information about us and our PC. Others are installed when you download extras for our browser like for example toolbars (additional toolbars).
There are certain programs that can gather information on our browsing habits to develop complex statistics of consumption, usually for commercial purposes.
The solution to get rid of those programs that we sometimes collect involuntarily when we install a freeware program, is to install an anti-spyware on your computer.
There are some antivirus on the market that also detect and eliminate spyware as such PER Antivirusprogrammes, in addition to also update your virus database, it updated the spywares and adware, giving us the option to delete them if you so wish it.
There are many programs that eliminate spyware, many of them specific to any of them, but it is ideal to complement our antivirus program, anti-spyware as Ad-aware or SpyBot Search & Destroy, even it would be convenient to have installed the 2, since there are times that what one is not able to eliminate, the other that may, also not give each other problems as it happened with the antivirus and its interface can put in Castilian.
4. a program to delete traces on the Internet.
Among other things, you can get data as our IP, the type of browser used, the operating system that we have, our e-mail addresses, how many pages we have visited before arriving at the page that US spy, the direction of at least the last of these pages, the number of bits of secret key for encryption using SSL (Protocol which allows for encrypted and secure information through the network transmission) , the type of monitor used, the name of the computer, if it belongs to a corporate network or not, etc.
If you know our email can use it to send spam (unsolicited advertising) massively. In addition, many users matched his address of electronic mail or the name of your PC with your real name, so this way could get to know our address, phone etc.
Some pages have been able to obtain passwords and other relevant data simply stealing the cookies(documento de texto en el que se almacenan nuestras preferencias sobre ciertas webs y sobre la conexión) stored on our hard drive.
To avoid this, it is convenient to browse through a Proxy or a specific program that would prevent all this. If you are using a Proxy, we can have problems because they are very unstable, slow connections, and sometimes we will not have the necessary permissions to use them.
An option could be to use an anonimizador of navigation as Anonymizer. This program is paid, but you can use it in its free version, but we will be very limited because there will be pages that we can not access.
Another very interesting to navigate safe program is Proxomitron , which eliminates malicious HTML preventing inter alia the appearance annoying windows pop ups, the execution of worms via the Web, and best of all is you don’t need to install, so it will not touch nothing of our team or registry settings.
5. a program that monitors the ports.
When access to the Internet on our computer open connections with the outside, and these in turn are set by a particular port each.
Knowing the ports of each application, we notice any anomaly immediately, because when we infected ourselves with a Trojan, this should open the corresponding port and would know it because the program that monitors the ports we warn.
In this link we can see a list of ports in which they explain how to know if we have any Trojan on your computer and a list of the ports most commonly used by Trojans.
These programs can show us the IP of the attacker, to thus be able to prevent that our team can connect to that address via firewall rules or in this same program.
In addition we could know where are servers of the Web pages that you visit and the type of connection you establish with our computers, so we would have controlled virtually 100% of Internet traffic.
An interesting program of this type is Visualookout, although there are many programs similar to this.
Most common attack types
Below you will find a list with the most common attacks to which we face daily on the Internet ordered by types:
The scan, as a method of discovering channels of communication that can be exploited, has long been in use. The idea is to scan many ports of listening as possible, and save those who are susceptible or utility for each need information in particular.
There are different types of Scanning techniques, ports and protocols exploited:
- TCP connect scanning: basic form of scanning TCP ports to find open ports for those who enter.
- TCP SYN scanning: simulates a connection client/server that is sent in a SYN packet, if you receive a response, cut communication and register that as open port.
- TCP FIN Scanning – Stealth Port Scanning: similar to the previous but more clandestine.
- Fragmentation scanning: modification of the above, but fragmented packets.
- Eavesdropping-packet snnifing: intercepts packets on the network without modifying them to, for example, find out passwords.
Snooping downlading: same as above, but also intercepts files that can be downloaded.
Attacks of authentication:
This type of attack aims to deceive the victim system for entering it, so the attacker makes impersonation. This deception is usually done taking the sessions established by the victim or obtaining your user name and password.
- Spoofing-Looping: consists of impersonating another person then take actions on your behalf. There are several types as the spoofing of IP, DNS, WEB etc.
- Web Spoofing (phishing): the attacker creates a fake Web site similar to the original, allowing to find out from data of the victim until banks keys.
- IP Splicing-Hijacking: consists of an authorized user to impersonate when this is identified.
- Use of BackDoors: allows to bypass normal authentication methods.
- Use of Exploits: leverage hardware or software failures to enter the system.
- Obtaining Passwords: obtaining passwords by trial and error or by programs that use a few dictionaries with millions of keys that are trying to find the correct key.
Denial of service (DOS):
Existing protocols were currently designed to be used in an open community and a relationship of mutual trust. The reality shows that it is easier to disrupt the functioning of a system that access it; Thus the denial of service attacks aim to saturate the victim resources so that the services provided by it will be disabled.
- Jamming or Flooding: disabled or saturates the resources of the system, such as memory, disk, etc.
- Syn Flood: a connection is established, so that the equipment remains of contestation of the hostile crew, which slows down the system.
- Connection Flood: makes the connection limit is exceeded, leaving hanging on the Internet server.
- Net Flood: saturates the line with malicious traffic, preventing from the useful network traffic.
- Land Attack: is to send a packet with the address and port of origin equal to the target, so the system just hanging.
- Supernuke or Winnuke: shipping of packages handled a range of ports 137-139 which makes the computer hangs.
- Teardrop I and II-Newtear-Bonk-Boink: prevents that the fragments that form a package, can build successfully doing that I will saturate the system.
- E-Mail Bombing-Spamming: first, to saturate a mail account for the massive sending of a same message, and spamming is making a massive sending of an email to thousands of users without their consent.
- Tampering or Data step: unauthorized modification of the data or software installed on the victim system, including the deletion of files.
- Deletion of traces: consists of removing all of the tasks made by the intruder in the system so that it is located.
- Attacks using Java Applets: takes advantage of the java virtual machine security flaws to launch attacks.
- Attacks via ActiveX: manipulate the code of certain browsers, this will not ask for confirmation to the user to download another active control of Internet, so can insert malicious code.
- Attacks by vulnerabilities in browsers: allows access to the buffer of the team and run programs like for example format.com.
Exploitation of errors of design, implementation, and operation:
Many systems are exposed to “” security holes which are used to access files, passwords, or obtain privileges. These vulnerabilities are caused by programming errors in software applications, operating systems, network protocols, browsers, Internet, email, etc.
Recommendations to prevent the spread of viruses and spyware
( 1) have always active program antivirus and anti-spyware; It is advisable not to rely on one single, but use more than one doesn’t mean we should have them all installed, simply run these antivirus and antispyware in your choice of scan, on the folder that contains the files to review.
( 2) just as important to have the antivirus installed is to have it upgraded to the maximum. Currently, the updates are daily in most of the programmes, or at least weekly, so if the antivirus we have not updated with a maximum week rate, best would change us to another that has daily updates or more weekly.
The same goes for an antispyware program, have the most up-to-date possible, since thus correcting security holes that can compromise our security.
Many worms now have success due to the laziness of the users to update their programs, so a sense of continuous renewal of programs of our computers, especially those more delicate as browsers, operating systems, P2P clients and others, is basic to be sure.
( 3) not open any message or file received via email from unknown or little known sources. In the case of known people, proper precautions should be taken also. Sure with that person’s shipping, and never run them before the antivirus updated these files.Doubt, you must simply choose to delete the message and attachments.
( 4) be informed of how viruses operate, and updates on these, alerts and announcements critical, on the Web page of the antivirus you have installed or on the address:
( 5) not to download anything from Web sites which will not have serious references, or that they are not moderately known. And if files are downloaded, we must do as with attachments, examine them with antivirus before running them or download them.
( 6) try several antivirus, firewalls, antispyware etc., downloading version trial (trial version), which usually lasts between 15 and 30 days, with what we can try several before deciding to us for purchasing which best suits our needs.
Tell us about its ease of use and configuration, support aftermarket, performance and features. Find users of those programs that provide us with their views on this or other similar programs. The best thing we can do is to sail in a forum dedicated to safety or in the own enterprise program, where you can read important operational details of the people who use it. They even answer the questions we do them, and we will see the advantages and disadvantages of the users themselves.