427 Botnet fm qxd

detect known malware with a very high degree of accuracy and can
cope with a surprisingly high percentage of unknown malware, using
heuristic analysis.
However, bots are capable of not only sophisticated evasion
techniques but present dissemination-related difficulties that aren’t
susceptible to straightforward technical solutions at the code analysis
level.
There is a place for open-source antivirus as a supplement to
commercial solutions, but it’s not a direct replacement; it can’t cover
the same range of threats (especially older threats), even without
considering support issues.
Snort is a signature-based NIDS with a sophisticated approach to rule
sets, in addition to its capabilities as a packet sniffer and logger.
As well as writing your own Snort signatures, you can tap into a rich
vein of signatures published by a huge group of Snort enthusiasts in
the security community.
The flexibility of the signature facility is illustrated by four example
signatures, one of which could almost be described as adding a
degree of anomaly detection to the rule set.
Tripwire is an integrity management tool that uses a database of file
signatures (message digests or checksums, not attack signatures) to
detect suspicious changes to files.
The database can be kept more secure by keeping it on read-only
media and using MD5 or snefru message digests.
The open-source version of Tripwire is limited in the platforms it
covers. If the devices you want to protect are all POSIX compliant
and you’re not bothered about value-adds like support and
enterprise-level management, and if you’re happy to do some DIY, it
might do very well.
Ken Thompson’s “Reflections on Trusting Trust” makes the point that
you can’t have absolute trust in any code you didn’t build from
scratch yourself, including your compiler.This represents a weakness

Download 6,98 Mb.

Do'stlaringiz bilan baham: