When most people hear the words worm or Trojan horse, they think of a computer virus. Although the words Trojan, worm and virus are often used interchangeable, they are not the same. Knowing the differences will help you better protect your network devices and computers from the damaging effects that all these malicious programs can cause.
So today, we’ll spend some time focusing on the best network security strategies. I’ll explain what viruses, worms, Trojan horse attacks, and blended threats are and the differences among these infections. I’ll also offer you my advice on the best ways to avoid them and safeguard your network. And last but not least, I’ll provide you with an overview of Cisco’s Intrusion Prevention System (IPS) that monitors your network and prevents the erratic and malicious behavior.
What is a Computer Virus?
A computer virus is nothing more than a computer program which is able to replicate and attach itself to programs or files infecting the host without its knowledge. Moreover, a computer virus can spread from one host to another like human viruses. The spreading is a result of sharing infecting files or downloading files from un-trusted sources.
Most of the viruses attach to executable files and their malicious operation begins when you run or open the executable file. In other words, a virus does not infect your computer unless you execute the infected program. Not all viruses cause catastrophic effects. Some of them cause only disturbing effects while others can damage your software or even cause total hardware failure.
What is a Trojan Horse?
The name, as you might have already guessed, comes from Greek mythology. Similar to a virus, a Trojan horse is attached to a program or file and its damaging operation begins upon program or file activation.
Unlike viruses however, Trojan horses do not reproduce by infecting other files nor do they replicate. But you must beware of them because they are very tricky. They may come within files or software that seems to be completely safe or even useful but eventually will do damage once installed or run.
Trojan horses are able to create backdoors on your computer for malicious access to your system. Most Trojan horses, when
activated, create annoying conditions such as changing your desktop or presenting silly commercial spots. Nevertheless, there are Trojans that can cause erroneous conditions such as erasing your hard disk or removing system tools.
What is a Worm?
A worm is similar to a virus, apart from the fact that a worm manages to spread from computer to computer, without any user intervention. A worm is capable of replicating itself within a system and propagating undisturbed in multiple copies within the network infrastructure, infecting unsuspicious hosts in this way.
Worms may lead to system crashing due to their replication behavior which leads to excess memory consumption and eventually system crashing. Moreover, their ability to traverse network boundaries may lead to bandwidth exhaustion and service faulty operation. Recent worm attacks include opening backdoors for malicious users to remotely gain access to your system.
The Worst One of Them All: A Blended Threat
The worst case scenario is having a mixture of attacks known as a blended threat. A blended threat consists of a combination of the worst aspects of viruses, worms, Trojan horses into a single threat.
Blended threats can cause several damages at the same time since they strike from multiple sides with multiple methods without any human intervention. Without a doubt they are considered to be the most dangerous aspects of security vulnerability.
Best Ways to Avoid Viruses, Worms and Trojan Horses
The best way to handle malicious attacks is to fight them before they do any damage. So making sure that they don’t enter your network in the first place is the best thing you can do. To do this, your access networking devices must be configured to detect possible Denial of Service attacks, buffer overflows and inspect traffic flows for potential hazards.
Cisco IOS routers and gateways are able to provide this kind of first level security at the entrance of your network. To stay protected at a much higher level, you need to focus on application and host resource protection as well. At minimum, the following combined measures need to be in place in order to maintain a protected computer:
- Your Operating System (OS) has to be up-to-date
- You should have anti-virus software installed on your system and make sure that it is updated on a daily basis to ensure that it has the latest fixes for new viruses, worms, and Trojan horses
- Make sure that your antivirus software scans emails and files as they are downloaded from the Internet
- Have your firewall enabled at all times, and if you don’t have one stop whatever you’re doing, get a firewall right now and install it
It is important to remember that you need to apply all of the above measures in order to have a sufficient level of protection and
security for your computer.
Protect Your Network with Cisco Intrusion Prevention System (IPS)
Cisco’s Intrusion Prevention System is a security device that monitors your network for any security threats and is able to prevent malicious attacts. IPS works by first detecting a possible attack and dropping the packets that might cause harm, and still allowing other traffic to pass.
Cisco’s IPS system comes in 2 flavors: Network IPS and Host IPS.
Network IPS: Special hardware device is used which has many interfaces and is placed at the heart of the network in a place where there is traffic aggregation so that it could analyze and detect malicious packets. Its traffic analysis is based on stateful (keep-on going while session is active in bidirectional way) policies and firewall filtering rules. Attacks that exist at the low levels of the OSI model (layers 1 up to 3) can be identified and eliminated. Moreover, informative alerts can be triggered to inform the network manager for malicious traffic flows.
Host IPS: Almost always, a HIPS consists of a specialized software that is installed on the host and its job is to monitor the activities of the specific host. The HIPS is able to monitor the operating system processes and protect system resources by using deep analysis methods and signature filters in conjunction with first class antivirus, application and network firewalls in one package.
Cisco IOS IPS: An IPS enabled Cisco router is able to inspect datagrams and match them against a signature database in order to identify and act upon malicious traffic. In other words, a signature database is a complete table of known malicious patterns therefore, in order to ensure continuous protection this database must be constantly updated. Cisco IOS routers use Cisco’s specific signature database, which by the way consists of more than 1200 signatures.
Test Your Security Vulnerability
Viruses, worms, Trojan horses and any other malicious code may attack your computer and network at any time, unexpectedly and quietly. Do not make their nasty jobs easier by opening email attachments from people you do not know or visiting web pages and downloading files from un-trusted sources. The danger is enormous, so you must restrict exposure to these malwares.
Symantec Corporation offers a free tool to test your computer’s exposure to a wide range of online threats. The Symantec Security Check will also help you learn how to make your computer more secure. So give it a shot and start battling all the viruses, worms, and Trojan horse attacks!
Master Cisco Security with Cisco CCNA Security Training
Lean more about the different security threats and how to identify, lockdown and secure vulnerabilities in Cisco networks in Cisco CCNA Security Training. Instructor Chris Bryant covers Cisco’s Security Device Manager (SDM), Authentication, Authorization and Accounting (AAA), Cryptography, Firewall and much more.
Learn more about Cisco CCNA Security Training