Chapter 8The Art of Anti Malicious Software.ppt

Virus Infection Schemes (Diagram) The Code Red Worm Released in July 2001, it infected about 300K computers within the first 24 hours of its release It exploited a buffer overflow in Microsoft’s IIS It arrived as a GET /default.ida request (with 224 N’s) This request starts the worm code execution Virus Defense Prevention: Block viruses from getting into a healthy system Install software patches in time Do not download software from untrusted Web sites Do not open “To-Be-Cautious” email attachments from unknown senders Do not open perilous email attachments Restoration: Disinfect infected systems Scan files with a virus scanner Keep a backup of system and user files Web Security Basic types of Web documents: Static documents: A Web document without executable codes Safe to download Dynamic documents: A Web document containing executable codes CGI executed on the server computer Download resulting document to client Active documents: Also contain executable codes, but run on the client computer Download entire document to client for execution AJAX Security Asynchronous JavaScript and XML (AJAX) AJAX achieves asynchronous interactions to make smooth surfing Examples: Google Maps Face the same security problems as traditional Web applications Cross-site scripting attack Silent calls and cookies Master-Slave-Reflector DDoS Attack Security of Web Documents Server-side: May be attacked by exploiting loopholes in dynamic documents and Web server programs Security measures: Update to newest version of Web server programs Manage rigorously CGI programs and their directories Only designated person can post CGI at Web server Client-side: May be attacked by exploiting loopholes in active documents and Web browser programs Security measures: Install browser patches Disable JavaScript of browser Disable Java applets of browser Cookies Web browser is stateless A new connection with a Web server for each URL request Different, unrelated TCP connections have to be establ