Kaspersky Internet Security 2012

More documents

Recommendations

Info

U S E R G U I D E IN THIS SECTION: Types of detected network attacks ................................................................................................................................ 114 Enabling and disabling Network Attack Blocker ............................................................................................................ 115 Editing the blockage settings ......................................................................................................................................... 115 TYPES OF DETECTED NETWORK ATTACKS Nowadays, a great number of network attacks exist. These attacks exploit the vulnerabilities of the operating system and other software, system-type or otherwise, installed on your computer. To ensure the security of your computer, you must know what kinds of network attacks you might encounter. Known network attacks can be divided into three major groups: Port scan – this type of threat is not itself an attack, but it usually precedes one, since it is one of the common ways of obtaining information about a remote computer. The UDP / TCP ports used by the network tools on the computer targeted by an intruder are scanned to determine their status (closed or open). Port scans can tell a hacker what types of attacks work on that system and what types do not. In addition, the information obtained through the scan (a model of the system) helps the malefactor to know what operating system the remote computer uses. This, in turn, further restricts the number of potential attacks, and, correspondingly, the time spent perpetrating them. It also aids a hacker in attempting to use vulnerabilities characteristic of the operating system. DoS attacks, or Denial of Service attacks, are attacks which cause unstable performance of a system or its crash. Attacks of this type may make it impossible to use the information resources under attack (for example, it may not be possible to access the Internet). There are two basic types of DoS attacks: sending the target computer specially created packets that the computer does not expect which cause the system either to restart or to stop; sending the target computer many packets within a short timeframe such that the computer cannot process them, which causes system resources to be exhausted. Prime examples of this group of attacks are the following: The Ping of death attack consists of sending an ICMP packet with a size greater than the maximum of 64 KB. This attack can crash some operating systems. The Land attack consists of sending a request to an open port on the target computer to establish a connection with itself. This attack sends the computer into a cycle, which intensifies the load on the processor and can lead to the crashing of some operating systems. The ICMP Flood attack consists of sending a large quantity of ICMP packets to your computer. The computer attempts to reply to each inbound packet, which slows the processor to a crawl. The SYN Flood attack consists of sending a large quantity of queries to a remote computer to establish a fake connection. The system reserves certain resources for each of those connections, which completely drains your system resources, and the computer stops reacting to other connection attempts. Intrusion attacks, which aim to take over your computer. This is the most dangerous type of attack, because if it is successful, the hacker takes total control of your system. Hackers use this type of attack to obtain confidential information from a remote computer (for example, credit card numbers, passwords), or to penetrate the system to use its computing resources for malicious purposes later (e.g., to use the invaded system in a zombie network, or as a platform for new attacks). 114
A D V A N C E D A P P L I C A T I O N S E T T I N G S This group includes the largest number of attacks. They may be divided into three groups depending on the operating system installed on the user's computer: Microsoft Windows attacks, Unix attacks, and a common group for network services available in both operating systems. The following types of attacks are the most common among those which use the network resources of operating systems: Buffer overflow attacks. Buffer overflow may be caused by the absence (or insufficiency) of control when working with data arrays. This is one of the oldest vulnerability types and the easiest for hackers to exploit. Format string attacks. Format string errors arise from insufficient control of input values for I/O functions, such as printf(), fprintf(), scanf(), and others, from the standard C library. If an application has this vulnerability, the hacker is able to send specially created queries and can take total control of the system. The Intrusion Detection System automatically analyzes and prevents attempts to exploit these vulnerabilities in the most common network services (FTP, POP3, IMAP) if they are running on the user’s computer. Attacks aimed at computers with Microsoft Windows are based on the use of the vulnerabilities of the software installed on a computer (such as Microsoft SQL Server, Microsoft Internet Explorer, Messenger, and system components available via the network – DCom, SMB, Wins, LSASS, IIS5). In addition, the use of various malicious scripts, including scripts processed by Microsoft Internet Explorer and Helkern-type worms, can be classified as isolated incidents of intrusion attacks. The essence of this attack type consists of sending a special type of UDP packet that can execute malicious code to a remote computer. ENABLING AND DISABLING NETWORK ATTACK BLOCKER By default, Network Attack Blocker is enabled, running in a mode recommended by Kaspersky Lab specialists. You can disable Network Attack Blocker if necessary. To disable Network Attack Blocker: 1. Open the application settings window. 2. In the left part of the window, in the Protection Center section, select the Network Attack Blocker component. 3. In the right part of the window, uncheck the Enable Network Attack Blocker box. EDITING THE BLOCKAGE SETTINGS By default, Network Attack Blocker blocks the activity of an attacking computer for one hour. You can cancel blockage of the selected computer or change the blockage time. To modify the time for which an attacking computer will be blocked: 1. Open the application settings window. 2. In the left part of the window, in the Protection Center section, select the Network Attack Blocker component. 3. In the right part of the window, check the Add the attacking computer to the list of blocked computers for box and specify the blockage time. To unblock an attacking computer: 1. Open the main application window (see page 33). 2. In the lower part of the window, select the Network Monitor section. 3. In the Network Monitor window that opens, on the Blocked computers tab, select the blocked computer and click the Unblock button. 115
Page 1 and 2:
Kaspersky Internet Security 2012 Us
Page 3 and 4:
CONTENT ABOUT THIS GUIDE ..........
Page 5 and 6:
C O N T E N T ADVANCED APPLICATION
Page 7 and 8:
C O N T E N T Viewing reports of a
Page 9 and 10:
ABOUT THIS GUIDE Greetings from Kas
Page 11 and 12:
A B O U T T H I S G U I D E DOCUMEN
Page 13 and 14:
S O U R C E S O F I N F O R M A T I
Page 15 and 16:
K A S P E R S K Y I N T E R N E T S
Page 17 and 18:
INSTALLING AND REMOVING THE APPLICA
Page 19 and 20:
I N S T A L L I N G A N D R E M O V
Page 21 and 22:
I N S T A L L I NG A N D R E M O V
Page 23 and 24:
Page 25 and 26:
Page 27 and 28:
Page 29 and 30:
LICENSING THE APPLICATION This sect
Page 31 and 32:
APPLICATION INTERFACE This section
Page 33 and 34:
A P P L I C A T I O N I N T E R F A
Page 35 and 36:
Page 37 and 38:
Page 39 and 40:
MANAGING THE COMPUTER PROTECTION Th
Page 41 and 42:
M A N A G I N G T H E C O M P U T E
Page 43 and 44:
SOLVING TYPICAL TASKS This section
Page 45 and 46:
S O L V I N G T Y P I C A L T A S K
Page 47 and 48:
Page 49 and 50:
Page 51 and 52:
Page 53 and 54:
Page 55 and 56:
Page 57 and 58:
Page 59 and 60:
Page 61 and 62:
Page 63 and 64: A D V A N C E D A P P L I C A T I O
Page 113: A D V A N C E D A P P L I C A T I O
Page 165 and 166:
A D V A N C E D A P P L I C A T I O
Page 167 and 168:
Page 169 and 170:
Page 171 and 172:
Page 173 and 174:
Page 175 and 176:
Page 177 and 178:
T E S T I N G T H E A P P L I C A T
Page 179 and 180:
CONTACTING THE TECHNICAL SUPPORT SE
Page 181 and 182:
C O N T A C T I N G T H E T E C H N
Page 183 and 184:
C O N T A C T I N G T H E T E C H N
Page 185 and 186:
A P P E N D I X STATISTICS HELP SCA
Page 187 and 188:
A P P E N D I X RTP FW HIPS pdm FM
Page 189 and 190:
A P P E N D I X - this parameter d
Page 191 and 192:
A P P E N D I X Update the Kaspersk
Page 193 and 194:
A P P E N D I X RETURN CODES OF THE
Page 195 and 196:
A P P E N D I X The notification pr
Page 197 and 198:
A PPEND I X UNRELIABLE CERTIFICATE
Page 199 and 200:
Page 201 and 202:
A P P E N D I X Update databases be
Page 203 and 204:
Page 205 and 206:
A P P E N D I X The status of a fil
Page 207 and 208:
A P P E N D I X To apply the select
Page 209 and 210:
A P P E N D I X You can select one
Page 211 and 212:
A P P E N D I X You can select one
Page 213 and 214:
G L O S S A R Y B L O C K I N G A N
Page 215 and 216:
G L O S S A R Y H E A D E R The inf
Page 217 and 218:
G L O S S A R Y L I S T O F W E B A
Page 219 and 220:
G L O S S A R Y R O O T K I T An ap
Page 221 and 222:
KASPERSKY LAB ZAO Kaspersky Lab sof
Page 223 and 224:
INDEX A Anti-Banner list of blocked
Page 225 and 226:
I N D E X notification types ......
show all

Kaspersky Internet Security 2012

Create successful ePaper yourself

Delete template?

Save as template?