12:47 Methods for protecting the network from its conversion into botnets outside attacker review of the methods of protection and to prevent ddosattacks | |
| 1. The importance of the problem for the current year 2009. 2. What are botnets and what opportunities it provides for criminal groups? 3. Methods for protecting the local network and the identification of independently operating software on client machines. 4. Overview of the hardware, software systems and methods of protection to help prevent DDoS-attacks in real time. 5. Abstract way to eradicate this type of information attack, and improve security of computer networks. The importance of this problem for the current year 2009. The importance of considering the problem of botnets in the field of information security at the current 2009 is that the year 2008 took place in the world of information security under the sign of botnets. Experts from leading companies in the field of information security to focus on ways to detect and prevent infection, the victim computer. The company WatchGuard Technologies, one of the leading companies in providing solutions for security and construction zashischennyh computer networks, today announced five key trends in information-related threats to computer networks in 2009. Fourth place in the top five occupied by the problem of computer bots and built with the help of their botnets. The company's specialists WatchGuard Technologies, believes that developers botnets this year will try to make every effort to ensure that their product has become more subtle, more dangerous and unpredictable. These aspirations of criminals will help strengthen the power of zombie networks and rassprostraneniyu bots. Creation and possession of botnets become even bolee pribylnm affair. The only way to combat crime and anti-powerful zombie networks, will have to include a wide range of tools and methods of protection and require a high level of training of network administrators and experts in the field of information security for preventive and defensive measures to ensure data integrity and stability of information systems. What are botnets and what opportunities it provides for criminal groups? Botnets is a computer network, which consists of the N-th number of hosts. On each host installed and running independently operating software, the professional language imennuemoe bot. This software is used to perform certain actions with the use of hardware resources of the infected computer neannonsirovannyh user machines. Bots are most often created and rassprostranyayutsya on the computers of victims for no legitimate action in sending spam, stealing sensitive information from infected computers, as well as for the organization of targeted attacks on information systems to ensure their failure in service. Refusal to obluzhivanii information system is the result of depletion of the hardware resources of the attacked multiple redundant requests from the distribution of the number of clients. This type of attack is called a DDoS (Distributed Denial of Service), the last few years gained a reputation as the most terrible weapons Cyber ??Internet zloumyshlinnikov. Zloumyshlinnikami Botnets are organized to conduct massive attacks on information systems of large enterprises whose activities are directly connected with the work in the Internet and the provision for users of online resources. Downtime, unavailability of these resources leads to the company in serious financial loss and opens the possibility for attackers shantozha management of the organization to obtain financial pay off the gangs. As an example, information structures, banks, web resources and applications. Methods for protecting the local network and the identification of independently operating software on client machines. The most modern methods of verification used by antivirus tools to detect malicious software often are not able obnoruzhit and iskorrenit bot infected computer. One of the reasons is that it should pass a certain number of times before, botnets will have an effect and become fully operational. Provide professionals in the field of computer security possible for the localization and subsequent analysis of activated bot and its entry to the antivirus databases. When writing bots, hackers often use a modular system based on the construction of its functionality. What can build upon and easily rassprostronyat update existing bots. The authors of this malicious software is often used for the protection mechanisms of removal similar to most viruses and rootkits. Apply masking techniques bots under the system processes, system files used by the substitution for samomaskirovki, as well as organized samoperezapuskayuschiesya processes that are aimed at restarting each other. Such processes are quite difficult and practically impossible to complete, since they cause the next process and complete themselves much faster than their time to complete the force. There are plenty of different algorithms and the emergence of new growing by making the fight with them to put it mildly difficult. For the organization of network security and identify autonomously working bots there are several recommendations aimed at addressing this problem. Because infection with malware-prone not only to home users' computers, but computers and large organizations. Network administrators sometimes do not consider it their duty udilyat due attention to cleaning their own networks of the kind of software, relying entirely on the installed antivirus solutions. There are several recommended methods and strategies to protect the corporate network from bots and conversion of it into a zombie network. The first thing to do is start with the correct Adjustment firewall and using it to constantly monitor all attempts to generate junk traffic client computers. Need to keep open only those ports on the firewall that are necessary for the proper operation of installed applications. You also can not neglect the analysis of network traffic passing through and expose the radiative analysis unmotivated bursts of network activity. It also makes sense to periodically check the individual computers on the network for the presence of nesanktsionnirovannogo connect to the IRC channel on their part. If you are viewing the active compounds of the host result meet the following command netstat to confirm the active compound, the likely chance that the host is infected with malicious bot. It is also recommended to periodically check the following registry path HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run for suspicious keys. If you find these keys should remove them and, accordingly, an executable file. Different companies in the field of information security are maintained fairly successful software development systems for early detection of bots in the local area networks. These systems include such software as BotHunter, BotMiner, BotProbe and BotSniffer. All of them are using their own unique algorithms. But most of these software products aimed at the analysis of network activity of individual computers on the network. The fact that all the bots at one point demonstrating the same behavioral characteristics. At one point they totzhe and simultaneously begin to interrogate a given resource, to transmit information to scan the network or perform other activities related to transfer packets across the network. Under these conditions, the algorithms of behavioral analysis reveals himself with the greatest efficiency. Overview of hardware, software systems and methods of protection to help prevent DDoS-attacks in real time. Targeted in DDoS-attacks one of the most nightmarish scenario for any specialist in the field of computer security. Detect DDoS-attacks on its network is quite simple, it entails slowing down the network and servers in general. To date have experts in the field of computer security developed very good methods of dealing with DDoS-attacks. But anyway, regardless of the type of attack DDoS, developed and actively used to combat them, do not provide the required elimination of the threat and a continuous and reliable operation of all systems. Specialists Cisco's claim that managed to create a complete solution to protect against attacks DDoS, as it is written on the official website of the decision is based on the principles of "identification, reorientation, verification and forwarding the application of which ensures full protection." Employees believe that their decision to protect the most critical to the simplest system against DDoS attacks of any kind, including, not least, a completely new species of this type of attack. "Active resource to quickly resolve to identify and distinguish a malicious attack traffic from legitimate. Therefore, the Cisco solution provides rapid response to attacks from DDoS, whose velocity is measured in seconds, not hours. The Cisco solution can be easily deployed close to the critical routers and switches, it can be scaled, so that eliminates any possible points of failure and does not degrade the performance and reliability of existing network components. " Decision Cisco System to protect against DDoS attacks vazhneyschuyu role is played by two components of the Cisco Traffic Anomaly Detector and a component of Cisco Guard. The first component acts as a passive monitoring system for monitoring network traffic and is designed to detect anomalies from the base behavior for a given network. If the system finds that the intensity of IP-packets from one source exceeds the permitted value then it forwards the traffic component of the Cisco Guard. This component consists of a high-performance device for eliminating the above mentioned attacks. Cisco Guard puts a five-step analysis of all the radiative passing traffic and detects all malicious traffic for its removal. As a result, removes unnecessary, garbage traffic and passed a good package, which results in the stability of all network systems and components. Cisco Guard is based on a unique patented architecture, multi-process verification. This architecture includes 5 stages of the identification is not trustworthy network traffic. The first stage is to filter traffic, the module is based on static and dynamic filters DDoS. Static methods are blocking a minor traffic and can be configured by your system administrator. Dynamic methods are put into effect the other modules based on the analysis of network traffic from other modules. In this real-time dynamic methods are adjusted and changed based on new data. The second module of this module is active verification, who confides to spoofing all the network packets. The third module - Recognition of anomalies, this module will monitor the traffic that was stopped by two predyduschemi modules and sopostovlyaet it with the basic behavior zafeksirovannym for a certain period of time. The fourth module, protocol analysis, which processes those data streams that are in the third stage were considered suspicious. The last module is a module of the valuation system, which laid the response. He does not allow the flow of anamolnym behavior bambardirovali securable. Traffic generated for each specific stream and applies osobvye measures to sources that consume an excessive amount of resources for a long time. The uniqueness of Cisco Guard is still in the fact that the intervals between atakmi system is in learning mode. In this way, generates a report about the normal behavior of the system and constitute a basic profile. Destructive force against DDoS attacks continues to grow, always apply all the more powerful tools since the attacks on the Internet quite vulnerable points. Requires constant work in this area in order to find new and innovative approaches and solutions to this very important information security issues of our day. Abstract way to eradicate this type of information attack, and improve security of computer networks. In my opinion the problem of many information threat existed because of the monopolization of the software market. Most companies operate under the Windows operating system and is aimed at criminals. There is an alternative operating system, Windows is the operating system Linux. Go to the claimed the Linux operating system will significantly reduce risks and increase the security of information and analytical systems. Provide nadzhezhnuyu performance of hardware and software in the personal sector and the commercial. Open source, modularity and separation of the operating system Linux - defines it as the operating system is not suitable for mashtabnogo rasprostroneniya zhiznideyatelnosti malware. I do not want to go into the details of the operating system and talk about its pros and cons, foment a holy war between users of Linux and Windows, as this theme is another discussion. In this presentation I described the importance of the problem of DDoS-attacks to the current year 2009 told me about botnets and malware on the opportunities they present for criminal groups. Systematized the key recommendations aimed at protecting computer networks from intruders in their conversion botnets. And on the other hand, spoke about active hardware and software measures for the prevention and elimination of DDoS-attacks. | |
|
| |
| Total comments: 0 | |