CCNA &CISP-PTE /Network Engineer Must know: basic knowledge of information security
In the early days of the Internet, viruses were more prevalent (worms and Trojans are relatively few), so anti-virus technology was in place. Current programs that perform malicious tasks such as viruses, Trojan horses, and worms are collectively referred to as malware. The current anti-virus technology is collectively referred to as anti-malware.
A virus is a kind of malicious code that can infect or attach to applications or files. It is generally transmitted through protocols such as mail or file sharing, threatening the security of users’ hosts and networks. Some viruses use up host resources and take up network bandwidth. Some viruses control host permissions and steal user data. Some viruses even cause damage to host hardware.
Anti-virus is a security mechanism that can ensure network security by identifying and processing virus files, and avoid data corruption, permission changes, and system crashes caused by virus files. The anti-virus function can effectively protect network security by virtue of the huge and constantly updated virus signature database, preventing virus files from infringing system data. Deploying virus detection equipment at the entrance of the corporate network can really protect the virus from the network.
Common viral transmission routes:
1. Email:
(1) Malicious script may be embedded in the HTTP text;
(2) Mail attachments carry viruses
2. Network sharing:
The virus will search for the shares that exist in the local network, obtain full access rights through empty passwords or password guessing, and then copy itself to the shared file.
3. System vulnerabilities:
Due to the inherent design flaws of the operating system, it was used maliciously. Viruses often use system vulnerabilities to enter the system and spread.
4. Advertising software:
Rogue software is not a virus Trojan itself, but it will negatively affect the user’s computer. Mostly bundled installation.
Virus classification:
1. Classification of attached media types
(1) Network virus: A computer virus that infects executable files through a computer network.
(2) File viruses: viruses that attack files in the computer.
(3) Boot virus: It is a virus that mainly infects the drive sector and the boot sector of the hard disk system.
2. Computer specific algorithm classification
(1) Incidental virus: usually attached to an EXE file, its name is the same as the EXE file name, but the extension is different, generally does not destroy the change file itself, but the first to activate this type of virus when reading in DOS .
Get 100% accurate CCIE/ CCNP/CCNA dumps in IELAB .
(2) Worm virus: It will not damage computer files and data. Its destructiveness mainly depends on the deployment of the computer network. You can use the computer network to switch from one computer storage to another computer storage to calculate the network address to infect the virus.
(3) Variable virus: You can apply complex algorithms yourself, it is difficult to find, because the content and length of performance in another place are different.
Anti-virus technology:
Detection Tool:
It can usually be achieved by installing anti-virus software or professional anti-virus tools. Virus detection tools are used to detect malicious codes such as viruses, Trojan horses, and worms, and individual detection software will also provide repair functions.
Common virus detection tools: TCP View, Regmon, Filemon, Process Explorer, IceSword, Process Monitor, Wsyscheck, etc.
Antivirus software generally implements virus detection and killing through some engine technologies:
Feature code technology:
Antivirus software has a virus signature database, which contains signature codes of various viruses. The signature codes are generally obtained from virus samples. Compare the scanned information with the signature database. If the match is successful, the scanned information is considered to be a virus.
Get 100% accurate CCIE/ CCNP/CCNA dumps in IELAB .
Behavioral killing:
The virus will have various behavior characteristics during operation, such as adding a specific suffix file, monitoring user behavior, etc. If the detected information has the above action characteristics, it is regarded as a virus.
Common anti-virus software: 360, Kaspersky, Rising, Duba, Symantec, etc.
Another anti-virus technology is the gateway anti-virus technology:
We need to access the external network, download files from the external network, etc., then we can deploy the anti-virus function on the internal gateway. When the file containing the virus is detected, it will intervene by blocking or warning. The most common is firewall technology.
The firewall engine discovers viruses through different detection technologies:
1. The first package inspection technology
Determine whether the file is a virus file by extracting PE (Portable Execute, portable executable objects under Windows system, including exe, dll, sys and other file types) file header characteristics. Extract the PE file header data, which usually carries some special operations, and uses the hash algorithm to generate the file header signature, which is compared with the anti-virus first packet rule signature. If it matches, it is determined to be anti-virus.
2. Heuristic detection technology:
Heuristic detection refers to the anti-virus detection of the transferred file, and it is found that the program of the file has potential risks, which is most likely a virus file. For example, if a file is encrypted to change its own signature data to avoid killing, or attempts to close anti-virus software and other high-risk behaviors, the file is considered a virus.
3. File reputation detection technology:
File reputation detection is to calculate the full text MD5 and perform simple detection by matching the MD5 value with the file reputation feature database. The file reputation signature database contains the MD5 value of a large number of well-known virus files.
IE-LAB provides valid materials(accurate dumps) to help you pass your CCIE. For the written, we have valid workbooks that cover all real exam questions. You can easily pass the exam, usually 7 days’ preparation in enough. For the Lab exam, we will offer valid workbooks(real exam), rack which is the same as real exam, one to one support, professional tutor and timely update.
This article is exclusively published by James from IELAB.NETWORK and cannot be reproduced without permission.
We have huge promotion going on right now, this is your best chance to get accurate written and lab materials.
Get any two Cisco written dumps for 150USD only.
Deposit 150USD now and enjoy 50% off for CCIE next-level lab.
Get 100% accurate CCIE/ CCNP/CCNA dumps in IELAB .
Please follow us if you like our articles.
visit us: http://ielab.network
Facebook : https://www.facebook.com/ielab.network/
Linkedin: https://www.linkedin.com/company/ielabnetwork/
WhatsApp: +8617782638871
Skype:live:ielab.anna
