Anti-Malware

Discuss About The Security Threats And Protection Mechanisms.

Phishing email scams: It has been seen almost more than one-third of the security incidents has taken place due to the phishing emails or malicious attachments. This type of attack has been faced by company employee and by individuals as well. This type of scam has continued to evolve and this acts as a significant online threat for both the users as well as organizations where the malicious attacker gains access of the various sensitive information.

The Nigerian Scam: This can be considered as one of the oldest and the management popular scam which is mostly used by a member of a Nigerian family by making use of the wealth to trick various peoples. This type of attack is also known as the Nigerian 419. This type of scam mainly involves the sending of an emotional letter, email, text message or social networking message which generally comes from the scammer who is asking for help in order to retrieve a lot of money from the bank and by paying a little amount of initial small fees for the paper and for the legal matters. It is generally promised by the scammer that they would provide huge amount of money if someone helps them.

Greeting cards scam: It has been seen that we receive greeting cards via email in different occasions which seems to be coming from a friend or from someone we care about. This is also one of the oldest scam which is generally used by the malicious attackers to inject malware which would followed by the harvesting of the valuable data of the user.

Some ways of securing the browser has been listed below:

Anti-Malware: Firefox is associated with providing protection against various kind of viruses, worms, Trojan horses and spyware which are generally delivered over the Web. In case if an user computer is accidentally falla in front of an attack site, then it would be instantly associated with warning the user and would also provide the information why it isn’t safe to use.

Anti-Virus Software: Firefox has the capability of getting easily integrated with your antivirus software used in the Windows. When a file is being downloaded by making use of this browser then the antivirus program would be associated with automatically checking the file in order to protect the computer from any kind oft viruses and other malware.

Anti-Virus Software

Private Browsing: This browser also provides the facility of private browsing which helps in securing the browsing history. It is very easy to use this mode. This modes is greatly suited for doing online banking on a computer which is being shared or while checking email in an Internet café.

Customized Security Settings: This browser is associated with Controlling the different levels of scrutiny for the various kind of site along with providing a enter exception. Besides this the browser also consists of Customize settings related to the loading images, passwords, cookies and installing add-ons in order to have a fully empowered Web experience.

Adware: This is a type of malware that is associated with delivering advertisements and the most common example includes the pop-up ads on the website along with the advertisements which are displayed by the software. Many times it has been seen that the software and the applications are associated with providing of free versions of the software which are generally coming as bundles along with the malware. A great Accounting of adware is sponsored or authored by the advertisers or by the servers which acts as a revenue generating tool.

Bot; this can be considered as a software program which are generally created for the purpose of performing specific operations automatically. Despite of this it has been seen that many bots are there which has been created for relatively harmless purposes and the increased amount of bot is being used in today’s world. This bots can be used in the botnets which is generally used for attacks like DDoS attacks and other malicious attacks. This happens mainly due to the reason that the spambots are associated with rendering the advertisements present on the website this is one of the example of this type of virus.

Bug: Bug can be considered as a flaw that is associated with producing an undesired outcome. These type of flaws are generally happening due to the human error and the typically existing in the source code or the compilers in a program. The bugs which are minor in size are associated with affecting slightly on the behavior of the program whereas the result can go for a long period unless and until they are discovered. The bugs which are significant might be leading to crashing or freezing of the system.

Suspicious E-mail attachments should not be opened: one of the major source of malware comes whenever a user opens a suspicious attachments that comes with the emails. The major way of eliminating this by deleting the spam emails as soon as they come to our inbox. The cyber criminals are associated with designing the emails in order to make them look like an email from a reputable source but if we look at it properly then the flaws can be detected. In case when there arises a feeling of suspicion then the email must be first scanned with the anti-virus software. Suspicious emails should not be opened unless and until it is made sure that they are not harmful.

Private Browsing

Use of complex passwords: Use of strong passwords can prevent the hackers and cybercriminals from hacking the system which would in turn make them incapable of injecting any kind of malware to the system.

Stop running of untrusted programs: Whenever a user browses the web various pop-up messages arrive on the screen and would be associated with asking the user to run a program. The message might be showing download certain software or open an attachment. So the best way of stopping this is by running programs which are known and where it is coming from and what it actually is. Antivirus software should also be used in order to ensure the intent and the safety of eth computer. The consequences might be very harmful if the programs are accepted blindly.

Regular scanning of the systems by making use of anti-virus software: All the system should be regularly scanned by making use of anti-virus software. This would help in detection of any kind of malware and would also be associated with blocking and deleting of the malwares and viruses.

DoS or Deial of service: Denial of service can be considered as an attack which is a security event that generally occurs when the attackers are associated with taking actions in order to prevent the authorized user from getting access to the computer that has been targeted. This type of attacks are generally associated with flooding the servers systems or networks by the various kind of unwanted traffic in order to overwhelm the resources of the victim along with making it difficult for the authorized users to use them, this type of attack can be often dealt with by simply rebooting the system but the flooding attacks can be difficult be recover.

A number of strategies has been put forward by the experts in order to deal with this and this starts with the preparation of an incident response plan. Whenever an suspicion is detected then the organizations should be immediately contacting the ISP or the Internet Service Provider for the purpose of determining if there exists any kind of DoS attack or not. In case if there is DoS attack then the ISP can easily mitigate it by rerouting or by throttling the malicious traffics and by using the load balances in order to reduce the effects that an attack is having.

Nmap: Nmap or the Network mapper is a free source utility which is generally used for the purpose of exploring a network along with being use for security auditing. This has been designed for the purpose of scanning the large network at a rapid rate. Despite of this it works fine most against a single host. This is associated with the usage of the Raw IP packets in novel ways for the purpose of determining the hosts that are available in the network along with the services that are offered by the hosts and the OS and many more. This works in almost every computers but still there exists console as well as graphical version of this.

Customized Security Settings

Nessus Remote Security Scanner: This generally works with the clint-server framework. This is one of the most popular vulnerable scanner which is used by almost 75000 organization all across the globe. By using this many of the organizations has realized a significant cost saving while auditing the business-critical enterprise devices as well as applications.

John the Ripper: This is a tool which is associated with faster password cracking and is available in various versions. The main purpose of using this tool is for the purpose of detecting the weak Unix password.

Nikto: This is an Open source web server which is associated with performing comprehensive test against other web servers for multiple items which almost includes around more than 3200 potentially dangerous files. This also versions of over 625 servers along with the existence of version specified problems on over 230 servers. This is capable of scanning items as well as plugins which are frequently updated and can be automatically updated. This can be considered to be a good CGI scanner besides this there also exists certain other tools that are well compatible with this tool, Nikto.

Symmetric Cryptography: This method mainly includes the enciphering and deciphering keys which ate generally identical or er simply related to each other which means it is easy to derive one from the other. Both this keys are to be kept as secrets and in case if any one of them is compromised the securing the network is totally impossible. The exchange of keys is done between the users. The distribution of the keys created problems which is generally solved by the asymmetric systems.

Asymmetric Cryptography: there exists several practical problems related to the generation, distribution and protection of the large number of keys. A type of cipher was proposed which uses two different keys: one key used for enciphering can be made public, while the other, used for deciphering, is kept secret. The two keys are generated such that it is computationally infeasible to find the secret key from the public key.

The best cryptographic method that is suggested for the purpose of securing the computer is the Asymmetric cryptography. This is would be best choice as it eliminated the problems faced by the symmetric cryptography method.

References

Al Ameen, M., Liu, J., & Kwak, K. (2012). Security and privacy issues in wireless sensor networks for healthcare applications. Journal of medical systems, 36(1), 93-101.

Cohen, G., Meiseles, M., & Reshef, E. (2012). U.S. Patent No. 8,099,760. Washington, DC: U.S. Patent and Trademark Office.

Fire, M., Goldschmidt, R., & Elovici, Y. (2014). Online social networks: threats and solutions. IEEE Communications Surveys & Tutorials, 16(4), 2019-2036.

Fragkiadakis, A. G., Tragos, E. Z., & Askoxylakis, I. G. (2013). A survey on security threats and detection techniques in cognitive radio networks. IEEE Communications Surveys & Tutorials, 15(1), 428-445.

Grochocki, D., Huh, J. H., Berthier, R., Bobba, R., Sanders, W. H., Cárdenas, A. A., & Jetcheva, J. G. (2012, November). AMI threats, intrusion detection requirements and deployment recommendations. In Smart Grid Communications (SmartGridComm), 2012 IEEE Third International Conference on (pp. 395-400). IEEE.

Javaid, A. Y., Sun, W., Devabhaktuni, V. K., & Alam, M. (2012, November). Cyber security threat analysis and modeling of an unmanned aerial vehicle system. In Homeland Security (HST), 2012 IEEE Conference on Technologies for (pp. 585-590). psychology.

Kahate, A. (2013). Cryptography and network security. Tata McGraw-Hill Education.

Modi, C., Patel, D., Borisaniya, B., Patel, A., & Rajarajan, M. (2013). A survey on security issues and solutions at different layers of Cloud computing. The journal of supercomputing, 63(2), 561-592.

Pathan, A. S. K. (Ed.). (2016). Security of self-organizing networks: MANET, WSN, WMN, VANET. CRC press.

Perlman, R., Kaufman, C., & Speciner, M. (2016). Network security: private communication in a public world. Pearson Education India.

Shostack, A. (2014). Threat modeling: Designing for security. John Wiley & Sons.

Studnia, I., Nicomette, V., Alata, E., Deswarte, Y., Kaâniche, M., & Laarouchi, Y. (2013, June). Survey on security threats and protection mechanisms in embedded automotive networks. In Dependable Systems and Networks Workshop (DSN-W), 2013 43rd Annual IEEE/IFIP Conference on (pp. 1-12). IEEE.

Von Solms, R., & Van Niekerk, J. (2013). From information security to cyber security. computers & security, 38, 97-102.