Internet Protocol Suite
Application Layer
Telnet TLS/SSL XMPP (more)
Transport Layer
RSVP ECN (more)
Internet Layer
IP (IPv4, IPv6) ICMP ICMPv6 IGMP IPsec (more)
Link Layer

Media Access Control Ethernet, DSL, ISDN, FDDI (more)


Setting up your new computer
You've just purchased a new PC or you are upgrading your current PC.
Don't know where to begin?
This guide will walk you through the steps to configure your PC into a usable and safe workstation.
Of course, not everyone has the exact same needs.
This guide will get you started.

What is the Difference Between a Virus, Trojan Horse and Worm?
The most common mistake when the topic of a computer virus arises is that people will often refer to a Worm or Trojan Horse as a Virus. While the words Trojan, worm, and virus are used interchangeably, they are not the same. Viruses, worms, and Trojan Horses are all malicious programs that can cause damage to your computer, but there are differences between the three, and knowing those differences can help you to better protect your computer from their often damaging effects.
This guide will explain the differences.

What is the Difference Between SSL and TLS?
SSL and TLS both use cryptography to provide authentication and security to Internet communications. TLS was designed to replace SSL. There are a handful of minor differences. So, why create a new protocol? Because SSL, created by Netscape in 1994 to provide application-independent secure communications over the Internet, is a closed proprietary protocol. The community cannot make changes or validate its security. The Internet Engineering Task Force (IETF) created TLS, an open version of the protocol, so everyone would be free to use and comment on it.
This guide will explain the differences.

What is a bot?
The user generally remains unaware that his computer has been taken over because it can still be used, although it might slow down considerably. As this computer begins to either send out massive amounts of spam or attack Web pages, he becomes the focal point for any investigations involving his computer's suspicious activities.
This guide will explain what a bot is.

Cross-site scripting (XSS)
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which enable malicious attackers to inject client-side script into web pages viewed by other users. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. Cross-site scripting carried out on websites were roughly 80% of all documented security vulnerabilities. Their impact may range from a petty nuisance to a significant security risk, depending on the sensitivity of the data handled by the vulnerable site, and the nature of any security mitigations implemented by site owner.
This guide will explain what Cross-site scripting is.

What is a drive-by download?
A drive-by download is a program that is automatically downloaded to your computer without your consent or your knowledge. Drive-By download attacks often favour Zero-Day Flaws as it means there are no defences avialable against these attacks. This attack targeted yet another Adobe Zero-Day Flaw. Both Firefox and Internet Explorer have to constantly plug drive-by security holes. We have also seen large scale attacks that affected more than eight million pages. The expression drive-by download is used to define three events.
This guide will help explain what a drive-by download is.

Buffer overflow
In computer security and programming, a buffer overflow, or buffer overrun, is an anomaly where a process stores data in a buffer outside the memory the programmer set aside for it. The extra data overwrites adjacent memory, which may contain other data, including program variables and program flow control data. This may result in erratic program behavior, including memory access errors, incorrect results, program termination (a crash), or a breach of system security. Buffer overflows can be triggered by inputs that are designed to execute code, or alter the way the program operates. They are thus the basis of many software vulnerabilities and can be maliciously exploited. Bounds checking can prevent buffer overflows.
This guide will explain what a buffer overflow is.

What is a "packet sniffer"?
A packet sniffer is computer software that can intercept and log traffic passing over a digital network or part of a network. As data streams travel back and forth over the network, the sniffer captures each packet and eventually decodes and analyzes its content according to the appropriate RFC or other specifications.

However, computer conversations consist of apparently random binary data. Therefore, packet sniffer programmes also come with a feature known as "protocol analysis", which allow them to "decode" the computer traffic and make sense of it.
This guide will explain what a packet sniffer is.

What is a "keystroke logger"?
A keystroke logger is a tiny device or programme that records every keystroke typed on any PC computer. This means that any logon names, passwords, or other security keystrokes are recorded by this logger programme. You may think that you are not in danger from this attack. It is now a matter of record that most email scams and phishing expeditions are for the sole purpose of installing a key logger on to your system. Ever been to a friend's place and needed to urgently check something online that requires password access? Are THEY running the software mentioned above? If you have NEVER used any computer, other than your own, to log in to any password protected account, then perhaps you are not.

Ever had your computer upgraded or repaired? Did you leave it there in the morning and pick it up on the way home? Well – guess what !!! Probably nothing happenned, but there was the opportunity if the service people were not ethical. Or even if they are completely trustworthy, perhaps a rogue technician isn't.

These scenarios are unlikely, but you should be aware of the dangers.
This guide [Part1Part2] will explain what a keystroke logger is and how it works.

CSI:Internet HQ
In our "Crime Scene Investigation:Internet" series, experts examine suspicious files using every trick in the book. Watch over their shoulders as they track down malware – because all of this really could have happened. All of the malware samples shown in CSI:Internet have been used in real attacks and have been analysed using various methods, including those described in each episode.

The second series of "Crime Scene Investigation:Internet" begins here.

Hunt Down and Kill Malware with Sysinternals Tools
Use some of the popular Sysinternals tools to hunt down malware on your system. Windows Sysinternals is now a part of the Microsoft TechNet website but was once an independent source of some excellent software. Rootkit Revealer was their best known product, while now Process Explorer is probably the most used. The Sysinternals Troubleshooting Utilities have been rolled up into a single suite of tools. This article will show you how to utilize some of the popular Sysinternals utilities to assist in your malware hunt.

The Sysinternals tools are free to download from the Windows Sysinternals page on the TechNet web site.
This guide [Part1Part2Part3] will explain how to Hunt Down and Kill Malware with Sysinternals Tools.

Vanish.Org Copyright © 2006 All rights reserved