One of the most common types of spam forwarded is a virus warning. Although some virus warnings sent via email are true, a large number of them are hoaxes and do not really exist. This type of spam can create problems because people warn others of the impending disaster and so flood the email system. In addition, network administrators may overreact and waste time investigating a problem that does not exist. Finally, many of these emails can actually contribute to the spread of viruses, worms, and Trojan horses.
In addition to using spam blockers, other actions to prevent the spread of spam include the following:
- Apply OS and application updates when available.
- Run an antivirus program regularly and keep it up to date.
- Do not forward suspicious emails.
- Do not open email attachments, especially from people you do not know.
- Set up rules in your email to delete spam that bypasses the antispam software.
- Identify sources of spam and report it to a network administrator so it can be blocked.
- Report incidents to the governmental agency that deals with abuse by spam.
Summary (15.7)
The following is a summary of each topic in the chapter:
- Security Threats—Attacks to a network can be devastating and can result in a loss of time and money due to damage or theft of important information or assets. When a threat actor gains access to the network, four types of threats may arise: information theft, identity theft, data loss or manipulation, and disruption of service. Security threats from network intruders can come from both internal and external sources.
External threats come from threat actors working outside of an organization who do not have authorized access to the computer systems or network. They work their way into a network mainly from the Internet, wireless links, or dial-up access servers.
Internal threats occur when someone has authorized access to the network through a user account or has physical access to the network equipment. In some cases, an internal threat can come from a trustworthy employee who picks up a virus or security threat while outside the company and unknowingly brings it into the internal network.
- Social Engineering Attacks—In the context of computer and network security, social engineering refers to a collection of techniques used to deceive internal users into performing specific actions or revealing confidential information. Social engineering attacks exploit the fact that users are generally considered one of the weakest links in security. Social engineers are threat actors and can be internal or external to the organization. Three of the most common methods used to obtain information directly from authorized users are pretexting, phishing, and vishing.
Pretexting is an invented scenario (the pretext) that is used to get a victim to release information or perform an action. Phishing is a scenario in which the phisher pretends to represent a legitimate outside organization. The phisher typically contacts the target individual via email or text messaging. The threat actor uses VoIP in vishing. With vishing, an unsuspecting user is sent a voicemail instructing that user to call a number that appears to be a legitimate telephone-banking service. The call is then intercepted by a thief. Bank account numbers or passwords entered over the phone for verification are then stolen.
- Malware—Viruses, worms, and Trojan horses are all types of malicious software introduced onto a host:
- A virus is a program that spreads by modifying other programs or files. A virus cannot start by itself; it needs to be activated.
- A worm is similar to a virus but unlike a virus does not need to attach itself to an existing program. A worm uses the network to send copies of itself to any connected hosts. Worms run independently and spread quickly.
- A Trojan horse is a program that is written to appear like a legitimate program when, in fact, it is an attack tool. It cannot replicate itself. A victim must initiate the program to activate a Trojan horse.
Spyware is any program that gathers personal information from your computer without your permission or knowledge. This information is sent to advertisers or others on the Internet and can include passwords and account numbers. Cookies are a form of spyware used to record information about Internet users when they visit websites.
Adware is a form of spyware used to collect information about a user based on the websites the user visits. That information is then used for targeted advertising. Adware is commonly installed by a user in exchange for a “free” product. Popups and pop-unders are additional advertising windows that display when visiting a website. Unlike adware, popups and pop-unders are not intended to collect information about the user.
One of the major ways that spam can be sent is through the use of a botnet or bot. Malicious bot software infects a host, usually through an email or web page link, by downloading and installing a remote control function. When infected, the “zombie” computer contacts servers managed by the botnet creator. These servers act as a command and control (C&C) center for an entire network of compromised devices, or “botnet.”
- Denial-of-Service Attacks—A DoS attack floods a system or network with traffic to prevent legitimate network traffic from flowing and disrupts connections between a client and server to prevent access to a service. Common DoS attacks are SYN flooding and ping of death.
DDoS is designed to saturate and overwhelm network links with useless data. Typically, hundreds or thousands of attack points attempt to overwhelm a target simultaneously. The attack points may be unsuspecting computers that have been previously infected by the DDoS code.
A brute-force attack may also result in denial of services. With brute-force attacks, a fast computer is used to try to guess passwords or to decipher an encryption code. Brute-force attacks can cause a denial of service due to excessive traffic to a specific resource or by locking out user accounts.
- Security Tools—A username and password are two pieces of information that a user needs to log on to a computer or application. When a threat actor knows one of these entries, the attacker needs only to crack or discover the other entry to gain access to the computer system. Change the default usernames of all users on computers and network equipment. View passwords as a key to valuable data and make them as secure as possible.
Some of the security tools and applications used in securing a network include software patches and updates, virus protection, spyware protection, spam blockers, popup blockers, and firewalls.
It is important to keep software applications up to date with the latest security patches and updates to help deter threats. A patch is a small piece of code that fixes a specific problem. An update may include additional functionality to the software package, as well as patches for specific issues.
- Antimalware Software—Some of the signs that a virus, worm, or Trojan horse may be present include these:
- A computer starts acting abnormally.
- A program does not respond to the mouse and keystrokes.
- Programs start up or shut down on their own.
- An email program begins sending out large quantities of email.
- CPU usage is very high; there are unidentifiable processes or a large number of processes running.
- The computer slows down significantly or crashes.
Antivirus software can be used as both a preventive tool and as a reactive tool. It prevents infection and detects and removes viruses, worms, and Trojan horses. Antivirus software should be installed on all computers.
Antispam software protects hosts by identifying spam and performing an action, such as placing it into a junk folder or deleting it.
Antispyware software detects and deletes spyware applications, as well as prevents future installations from occurring. Many antispyware applications also include detection and deletion of cookies and adware. Popup blocking software can be installed to prevent popups and pop-unders.
Other actions to prevent the spread of spam include the following:
- Apply OS and application updates when available.
- Run an antivirus program regularly and keep it up to date.
- Do not forward suspicious emails and do not open email attachments, especially from people you do not know.
- Set up rules in your email to delete spam that bypasses the antispam software.
- Identify sources of spam and report it to a network administrator so that it can be blocked.
- Report incidents to the government agency that deals with abuse by spam.
