jump to navigation

Steps for Protecting Against Internet Worms November 8, 2013

Posted by karlkaluzny in Security.
trackback

For what I have gathered from reading various sources about Internet worms, there are several steps that a user can take in order to protect a system from an attack.  From what I gathered from reading about Internet worms, they function mostly by exploiting vulnerabilities in an operating system.  It follows then that reducing the vulnerability in these systems will lead to a safer system.  A good example of this can be found in the article titled “The Internet Worm Program: An Analysis” by Eugene H. Spafford. [1]  The worm described in this paper, the Morris Worm, was designed to attack BSD-derived versions of Unix.  Among the vulnerabilities exploited by this worm was the very common attack of buffer overflow.  Specifically the worm exploited the use of the gets function which has no means for bounds checking.

This type of attack on operating system vulnerabilities can be reduced by vendors providing regular security updates.  However the timing here becomes tricky.  If a vulnerability is discovered before a security update is delivered, then the system becomes susceptible to an attack even if only for a short time.  Vendors must be vigilant in their testing and move quickly when a flaw is found.  Additionally, users must install security updates as soon as they are available.

Some additional steps that a user can take to avoid contamination by Internet worms is to use anti-virus protection software along with a firewall.  Some other good practices to follow is to not open suspicious emails, open attached files or applications, or visit a website which is linked in the suspicious email.

Also from what I understand about worms is that an infected machine will often be searching other connected machines for another which is vulnerable.  I think that it could be useful to monitor how often a machine seeks information about another machine.  If the frequency of requests exceeds a certain threshold, then some sort of alarm should be raised.  Additionally, if a system suddenly discovers that it has been infected with a worm, it should have protection mechanisms which will automatically quarantine the machine.

References

[1] Spafford, Eugene H. The Internet Worm Program: An Analysis. Department of Computer Sciences, Purdue University, West Lafayette, IN.

Advertisements

Comments»

No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: