Analysis of Methods of Attack Detection and Prevention Systems
Download 0.59 Mb.
|
Paper Tashev 2022
- Bu sahifa navigatsiya:
- Petya Attack
|
WannaCry Attack: In May 2017, the WannaCry Ransomware spread through the Internet, using an exploit vector named EternalBlue. The ransomware attack infected more than 230,000 computers in over 150 countries using 20 different languages to demand money from users using Bitcoin cryptocurrency. WannaCry demanded US$300 per computer.
Petya Attack: Petya worm spread during April 2016, this malware infected the master boot record of the computer by encrypting the file tables of NTFS file system. Once infected on the next boot expects a ransom is paid. Again in the month of June 2017, modified version of Petya using EternalBlue exploit and this was aimed to create disruption rather to generate profit. In addition, Cisco, a major networking and security company, published an article on the key cyber threats of 2020 [3]. The summed up results of 2020 by Cisco experts in the field of information security show that in the period of a pandemic and remote work, information security tools have become more relevant than ever before. Cisco, in its global cybersecurity report "Cisco 2021 Security Outcomes Study", which was attended by 4800 professionals in the field of information security, IT and privacy protection from 25 countries, compiled a list of the most critical areas in 2021 in which those responsible should focus. This list of the most critical areas in 2021 includes the following: 1. Strengthening the protection of the healthcare IT infrastructure. 2. Strengthening the protection of connections when working remotely. 3. Strengthening information security in general. 4. Strengthening protection against ransomware updates. 5. Strengthening the protection of personal data. Also, in the Verizon 2020 Data Breach Investigations Report, identity theft ranks second among the most common actions of hackers [4, 27]. The security solutions like firewall are not designed to handle network or application layer attacks such as DoS, DDos, Worms, Viruses and Trojans. The growth/wide-spread of Internet and the prevalent threats are the reasons for deploying IDS. IDS operate behind a firewall looking for malicious activity. A firewall is a network security system that monitors/prevents a specific type of information from moving between the untrusted network outside and the trusted network inside. Firewall is a gatekeeper computer between the Internet and a private network and protects the private network by filtering traffic to and from the Internet based on defined policies (rules). The firewall may be a separate computer system, a service running on an existing router or server, a separate network containing a number of supporting devices. Firewalls are often categorized as Packet-filtering firewalls and Application-level firewalls. Firewalls are setup to stop unnecessary network traffic into or out of any network. The network traffic approaching a firewall is either allowed or stopped according to the configured rule. Whereas an intrusion detection system gathers and analyses information from various areas within a computer or a network to identify possible security breaches. Download 0.59 Mb. Do'stlaringiz bilan baham: 
|