jump to navigation

Protection Against Worms November 18, 2013

Posted by lorenmurphy2 in Security.
trackback

In the article “The Internet Worm Program: An Analysis,” Sapfford discusses the internet worm of 1988 which infected thousands of machines and caused Internet activities and connectivity to slow down for many days. Unlike a virus, a worm is a program that can run by itself and does not need to be activated by a “host” program. There are numerous ways that users can help stop the spread of worms. One way is by checking the source code of their finger program to ensure that the daemon’s input buffer does not have an overflow. This overflow can be caused by the gets function because it does not perform any bounds checking. To correct this problem, users should add boundary conditions to any get function or other function which does not have boundary checks.

Another way users can protect themselves from worms is by changing the user id and/or password for a system’s configuration and command file. Instead of having the same user id for all system services, make each service have a different id. That way, if the worm gains access to one service, it will not automatically have the information for another service. In addition, if a service requires a password, do not list each user’s encrypted password in one publicly readable file. This will prevent the worm from decoding the passwords by trying different combinations of letters and numbers. To solve this issue, have a shadow password file which is only accessible by the system’s administrator. Also, a user’s password should not be easy to guess but instead have a medium or high strength.

A last resort to stopping or slowing down the spread of a worm is to disconnect highly connected users from the system. This quarantine approach was performed during the 1988 attack on the Internet. However, this approach can be harmful because it prevents the disconnected users from having access to a solution to the worm. This was seen during the internet attack when researchers were trying to communicate their finding on how to stop the worm to users but was unsuccessful because many were disconnected.

References:

Spafford, Eugene. “The Internet Worm Program: An Analysis.” Purdue Technical Report. 1988

Advertisements

Comments»

No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: