1. Home
  2. Lainnya

The Viruswall Implementation Viruswalls

These viruses often replace the original contents of the MBR or DOS boot sector with their own contents and move the sector to another area on the disk. Cleaning up a boot sector virus can be performed by booting the machine from an uninfected floppy system disk rather than from the hard drive, or by finding the original boot sector and replacing it in the correct location on the disk. File−infecting viruses — File infectors, also known as parasitic viruses, operate in memory and usually infect executable files with the following extensions: .COM, .EXE, .DRV, .DLL, .BIN, .OVL, .SYS. They activate every time the infected file is executed by copying themselves into other executable files and can remain in memory long after the virus has activated. Thousands of different file−infecting viruses exist, but similar to boot sector viruses, the vast majority operate in a DOS 16−bit environment. Some, however, have successfully infected Microsoft Windows, IBM OS2, and Apple Computer Macintosh environments. Multipartite viruses — Multipartite viruses have characteristics of both boot sector viruses and file−infecting viruses. Macro viruses — Macro viruses currently account for about 80 percent of all viruses, according to the International Computer Security Association, and are the fastest growing viruses in computer history. Unlike other virus types, macro viruses are not specific to an operating system and spread with ease via e−mail attachments, floppy disks, Web downloads, file transfers, and cooperative applications. Macro viruses are, however, application−specific. They infect macro utilities that accompany such applications as Microsoft Word and Excel, which means a Word macro virus cannot infect an Excel document and vice versa. Instead, macro viruses travel between data files in the application and can eventually infect hundreds of files if undeterred. Macro viruses are written in every mans programming language — Visual Basic — and are relatively easy to create. They can infect at different points during a files use, for example, when it is opened, saved, closed, or deleted.

25.2.2.1.3 Some Other Malicious Codes

It is fair to list two more intruders: Trojan horses — A Trojan horse is a program that performs some unexpected or unauthorized, usually malicious, action such as displaying messages, erasing files, or formating a whole disk. A Trojan horse is not infective, i.e., it does not infect other host files. Once its action is terminated if we survive, there is no need for additional cleaning. To get rid of the Trojan horse, deleting the program is sufficient. Worms — A computer worm is a self−contained program or set of programs that is able to spread functional copies of itself or its segments to other computer systems. The propagation usually takes place via network connections or e−mail attachments. To get rid of the worm, the program has to be deleted.

25.2.2.2 The Viruswall Implementation

A viruswall responsibility is to protect the intranet from viruses and other malicious codes that travel through the Internet and attack all network participants. Most of the malicious codes are doing that 633 The viruswall duties could be divided into two categories: basic and extended. Basic duties are a must for a safer intranet the term safer is used intentionally — there is no guarantee for 100 safety; extended duties are optional and they improve intranet performance and safety. Basic duties include: Real−time virus detection in the inbound traffic outbound traffic can be also included: SMTP protection complements intranet mail server to scan received e−mails for the viruses. ♦ HTTP protection keeps infected files from being downloaded and allows setting of uniform, intranet security standards for Java and other HTTP−related applications. ♦ FTP protection works transparently to ensure that infected files are not downloaded from the Internet. ♦ • Blocking the entering of other malicious codes • Virus pattern file update new viruses must be known to be fight successfully: Automatic periodic updates ♦ On demand ♦ • Extended duties include: Blocking of spam and other unwanted e−mail traffic: Full spam filtering ♦ Automatic spam source and keyword−list update ♦ Customizable ♦ • Control distribution of sensitive e−mail contents: Prevention of confidential or inappropriate material leaving the intranet ♦ Customized profile−based filtering ♦ • Manage the delivery of large messages to optimize the network bandwidth: Monitoring of the e−mail traffic patterns ♦ Postponement of the delivery of e−mail based on customizable criteria ♦ • Monitoring of ongoing Internet traffic sudden unusual increase in the external traffic usually signifies virus attacks: Prediction of virus attacks based on the traffic statistic ♦ Prevention of inbound traffic under suspicious Internet traffic circumstances ♦ • The viruswall can run on the firewall machine. Assuming sufficient processing hardware power of the implemented machine, such an approach is quite feasible. But it is also quite vulnerable — a single failure in the machine can shut down the intranet completely. Firewall−viruswall is the crucial Intranet front−end service and the need for a redundancy is obvious, including on the hardware level. And if two machines are already in place, than it is also good idea to provide these two services under normal circumstances on two different machines. If one machine happens to be down, then the corresponding service could be switched to another machine. This is presented in 634 Figure 25.6: Firewall−viruswall configuration. The regular configuration supposes that the firewall and viruswall software are installed on both machines, but only one application is activated on each machine firewall or viruswall. Full communication between the firewall and viruswall machines is provided all the time. The inbound traffic is directed to the firewall. Firewall forwards messages to the viruswall for their antivirus scanning. Scanned messages are then allowed into the intranet. If a virus or some other malicious code is detected in the message, the message itself is stopped and erased. Optionally the message sender and recipient are informed about detected problem. All internal IP addresses are programmable to allow an easy automatic reconfiguration. If one machine fails, the failed application should be started on another machine, and the internal network interfaces reconfigured appropriately. Relatively simple startstop shell scripts could accomplished 635 An additional benefit of such a firewall−viruswall solution is that less demanding hardware can be implemented. Regularly this task is divided between two machines; in emergency situations a certain decrease in the speed and the performance is tolerable.

25.2.3 Proxy Servers

Proxy servers are store−and−forward caches that separate the intranet community from the external Internet world. An intranet application configured to use the proxy server never leaves the intranet boundaries. Instead, it always connects to the proxy server and asks it to proceed with the application requests. How does it work? A proxy server receives a request for an Internet service let us assume retrieving a Web page from an intranet user. If the request passes filtering requirements, the proxy server looks it up in its local cache of previously downloaded Web pages. If it finds the requested page, it returns the page to the user without needing to forward the request outside to the Internet. If the requested page is not in the cache, the proxy server, acting as a client on behalf of the user, uses one of its own IP addresses to request the page from the Web server. When the page is returned, the proxy server relates it to the original request and forwards it on to the user. During this transaction, the proxy server remains invisible to the intranet user. All requests and returned responses appear to deal directly with the addressed Internet server. As a matter of fact, the proxy server is not completely invisible. Its address must be known to, and specified as a configuration parameter to, the users browser or other protocol programs. Proxy servers usually have the ability to cache documents that they retrieve on behalf of the clients. But this is not mandatory; proxy servers can also function without document caching. If caching is part of the process, they are known as the caching proxy servers. A caching proxy server is presented in Figure 25.7. Figure 25.7: Caching proxy server. 636

Dokumen yang terkait

AN ALIS IS YU RID IS PUT USAN BE B AS DAL AM P E RKAR A TIND AK P IDA NA P E NY E RTA AN M E L AK U K A N P R AK T IK K E DO K T E RA N YA NG M E N G A K IB ATK AN M ATINYA P AS IE N ( PUT USA N N O MOR: 9 0/PID.B /2011/ PN.MD O)

0 82 16

HASIL PENELITIAN KETERKAITAN ASUPAN KALORI DENGAN PENURUNAN STATUS GIZI PADA PASIEN RAWAT INAP DI BANGSAL PENYAKIT DALAM RSU DR SAIFUL ANWAR MALANG PERIODE NOVEMBER 2010

7 171 21

PEMAKNAAN MAHASISWA PENGGUNA AKUN TWITTER TENTANG CYBERBULLY (Studi Resepsi Pada Mahasiswa jurusan Ilmu Komunikasi Universitas Muhammadiyah Malang angkatan 2010 Atas Kasus Pernyataan Pengacara Farhat Abbas Tentang Pemerintahan Jokowi - Ahok)

2 85 24

KEABSAHAN PERMOHONAN POLIGAMI KARENA ISTRI TIDAK MAU BERTEMPAT TINGGAL BERSAMA DENGAN SUAMI (Studi Putusan Nomor :36 / Pdt.G / 2010 / PA. Bdg)

1 29 17

Prevalensi Penderita Herpes Simpleks di RSUD Tangerang Periode 1 Januari 2010 – 31 Desember 2011. Tahun 2012.

1 38 47

Penjasorkes Kelas 2 Abdul Rahman Asep Zainal Rizal 2010

2 36 148

Mari Belajar Seni Rupa Kelas 7 Tri Edy Margono dan Abdul Aziz 2010

17 329 204

Isi perpres no 54 tahun 2010

0 16 139

PP 23 TAHUN 2010 TENTANG KEGIATAN USAHA

2 51 76

BAHASA PADA SURAT DINAS BALAI PENYULUHAN PERTANIAN KECAMATAN SRAGI KABUPATEN LAMPUNG SELATAN TAHUN 2010 DAN IMPLIKASINYA DALAM PEMBELAJARAN BAHASA INDONESIA DI SMA

7 85 1