Data loss prevention (DLP) is a strategy for making sure that end users do not send sensitive or critical information outside the corporate network. The term is also used to describe software products that help a network administrator control what data end users can transfer. DLP software products use business rules to classify and protect […]
Monthly Archives: February 2016
What is a Network-Based Firewall?
A network-based firewall controls traffic going in and out of a network. It does this by filtering traffic based on firewall rules and allows only authorized traffic to pass through it. Most organizations include at least one network-based firewall at the boundary between their internal network and the Internet. The network-based firewall is usually a […]
What is a host-based firewall?
Host-Based Firewalls A host-based firewall monitors traffic going in and out of a single host, such as a server or a workstation. It monitors traffic passing through the NIC and can prevent intrusions into the computer via the NIC. Many operating systems include software-based firewalls used as host-based firewalls. For example, Microsoft has included a […]
How can you sustain attacks?
Attack communications must be stealthy and cannot raise any suspicion on the network. Such traffic is usually obfuscated or hidden through techniques that include: Encryption with SSL, SSH (Secure Shell), or some other custom application. Proprietary encryption is also commonly used. For example, BitTorrent is known for its use of proprietary encryption and is a […]
What is infection?
Infection relies heavily on hiding from and evading traditional security solutions. Targeted attacks will often develop new and unique malware that is customized specifically for the target network. This technique allows the attacker to send in malware knowing that it is unlikely to be detected by traditional antivirus tools. Another common way to avoid security […]
What is a bootkit?
A bootkit is a kernel-mode variant of a rootkit, commonly used to attack computers that are protected by full-disk encryption.
What is a rootkit?
A rootkit is malware that provides privileged (root-level) access to a computer.
What is persistence?
Once a target machine is infected, the attacker needs to ensure persistence (the resilience or survivability of his foot-hold in the network). Rootkits and bootkits are commonly installed on compromised machines for this purpose. A rootkit is malware that provides privileged (root-level) access to a computer. A bootkit is a kernel-mode variant of a rootkit, […]
What is spear phishing?
Spear phishing is a targeted phishing campaign that appears more credible to its victims by gathering specific information about the target, and thus has a higher probability of success. A spear phishing e-mail may spoof an organization (such as a financial institution) or individual that the recipient actually knows and does business with, and may […]
What is tcpdump?
tcpdump is a common packet analyzer that runs under the command line. It allows the user to display TCP/IP and other packets being transmitted or received over a network to which the computer is attached. Distributed under the BSD license, tcpdump is free software. Tcpdump works on most Unix-like operating systems: Linux, Solaris, BSD, OS […]