By: Osvaldo Callegari*
Our concern today: the ports and hidden activities of our computer. How many times do we ask ourselves, what is happening inside our computer?
For sure we see when pressing the CTRL-ALT-DEL keys a series of processes that are running in the back room of our system. An obligatory question comes to mind: Will these processes be exclusive or is something else hidden behind it? In order not to delve into a series of questions and more unresolved questions, we analyze tools that will allow us to discriminate a benevolent process from a threat to our information.
Task and Security Manager
This application (called in English Network Security Task Manager-NSTM) allows us to generate an overview of what happens behind the normal processes of an operating system, nothing better than a graph to summarize the activities that are currently running.
NSTM can scan our computer to a certain date and time. To perform this task you have a resident agent installed that will run as planned. This agent reviews all the processes that are currently active and transmits the results in an encrypted way to the management console.
NSTM is based on behaviors and code analysis, protects networks from industrial espionage, sabotage and critical software by informing you about malware activities in real time. This tool analyzes the windows processes that are running on computer networks, remote PCs, determining consecutively the path and hosting of the process inside the hard disks, with a graph of the threats and severity in each case.
In turn you can see the manufacturer of the process, the hidden functions, the processes that involve copying the keyboard and the monitoring of the browsers. It has a reference database for the user to indicate which processes are beningnos in his opinion.
netasktray can be used to make the system resident on the windows start ™ bar
Scanning activities can be defined as follows:
Daily: Every day we turn on the computer the agent is loaded into memory, performs the verification processes, stores the results and is automatically uninstalled.
Weekly: It can be activated by selecting a certain day of the week to perform the processes, in the end it is uninstalled from memory.
Advanced programming: It can be defined that the system starts each time a different user enters the equipment, this can contribute to determine the responsibility of each one in the field that has to develop in the company.
New security tools
Email validation system: The company Trendmicro has launched a product that proposes a new solution to corroborate if the identity that sends us information through the mail is true.
Trend Micro Email ID is a tool designed to provide more knowledge about email security. ICONIX inc licensing is being managed by Trend Micro. The system verifies the authenticity of the sending email message, this generates confidence in the user to open and act on the messages.
It is important the change of spam in the first quarter of 2009, the types of shipments have varied since in this period circulate mostly advertisements of pharmaceutical products.
Phishing attacks often involving fraudulent emails to steal from personal and financial consumers are difficult to identify, so this tool offers a guarantee to consumers about the legitimacy of emails by adding another layer of protection against these attacks.
Email Id® is easy to set up and use. After downloading and installing a plug-in, the user immediately begins to see the Iconix ®Truemark® icons, which indicate that the sender has been verified as legitimate. This confirmation makes it very easy for the end user to quickly visualize messages that can be trusted. Hundreds of companies are identified by sender parties, including financial leaders and retailers.
After eMail ID confirms the source of an email message, you can see a mark identifying the recipient, before displaying the icon the system performs an identification function in parallel, there the domain of the company is identified within the public records, a large number of business items are verified.
For this type of shipment, a proprietary Microsoft protocol called Sender-ID is used.
The Sender ID environment is an email message authentication protocol whose technology helps solve the problem of phishing and phishing by checking the domain names of the messages that are sent.
Sender ID validates the origin of sender IP address verification email messages against the alleged owner of the source domain.
Now approved by more than ten million domains worldwide, Sender ID is providing brand owners, senders, network reception with significant turnover and technical value.
How does Sender ID work?
Sender ID aims to verify that each e-mail message originates from the Internet domain from which it claims to have been sent. This is accomplished by controlling the address of the server that sends registered mail against a list of servers that the domain owner has authorized to send e-mail messages.
This verification is performed automatically by the recipient's Internet Service Provider (ISP) or mail server before the e-mail message is delivered. The results of the Sender ID verification can be incorporated into the filtering work that has already been done by the mail server.
After the sender has been authenticated, the conventional mail server can apply content filters and examine past behavior, traffic patterns, the sender's reputation, and when determining the delivery of mail to the recipient.
To use SIDF, e-mail senders and domain owners must publish or declare all IP (Internet Protocol) addresses used by the outbound addresses of their e-mail servers, or the periods of investigation authorized to send e-mail messages on their behalf, in the Domain Name system (DNS). These IP addresses are included in a Sender Policy Framework (SPF), text file.
1. A send or a user sends a message from an email client or web interface (Browser). A change from the sending client is not required and neither is the MTA mail transfer agent.
2. The incoming recipient of the email receives it, the server uses SIDF and reports to the person in charge of the domains to consult the registry.
3. The receiver determines if the address you entered matches the ip addresses authorized when sending emails from their domains.
4. For most domains and ip addresses their validation is applied as a check of the same.
5. Based on a syntax, if the verification passes, the receiver sends the mail to the inbox or if it fails, it sends it to the spam or quarantine inbox. Later that email can be deleted and compacted.
Sender ID, the critical component of your defense
Today, anti-spam solutions are composed of several methods or layers for their detection. During each email entry, different technologies are applied in different ways. The desired measure is that unsolicited emails are blocked at the perimeter of the network, reducing exposure to incoming threats, avoiding having a greater impact on computer resources. At the level of connection as we have seen it can be difficult to determine the identity of the issuer, reputation and content to be evaluated.
In this segment we show how the Sender ID integrates with a typical anti-spam solution.
Levels of protection
The first level of spam protection is the initial connection between the SMTP server you are sending and the SMTP server recipient. The level of connection and protection in this sector is ideal since the harmful element does not enter the company, having a lower impact on resources.
Two common types of protection are IP Connection Filtering and Real-Time Block Lists.
After the message has passed the connection-protection level, the next layer of defense is the SMTP protocol level. Permissions between the sender and receiver are checked to determine the validity of the transaction. Subsequently, other anti-spam filters are applied, for example:
-Content filtering
-Anti Phising (explained in previous articles)
-Post brands
-Puzzles
With the following tools, the sent mail is legitimized by establishing its nature:
-Legitimate
-Malicious
-Unsolicited
Comments about Sender ID
We have seen that as a protection tool at the email level it is ideal, since by validating incoming mail with trusted sites we prevent that mail we are receiving from coming from a secure source. As it is seen that not all domains or IP addresses are registered, therefore it is still a bit premature to give it as a trend worldwide.
On the other hand, these threats that arise on the Internet with spam, for example, make countermeasures affect in some way private property with the freedom that the Internet gives, since the ideal is that the protocols are free source, do not belong to commercial companies so as not to use a weakness of the user in pursuit of a commercial purpose. Now, they have a great ocean of information where they can cultivate new projects and new ideas.
Likewise, PKI certificates are growing in functions and in verification companies, this is essential since in this way users request a key for their emails and receive a validator for their email client. The vast majority of email clients allow you to incorporate keys to indicate the origin or provenance of a certain email. The usual mail clients are Outlook Express™, Eudora™, Thunderbyte™, Microsoft Outlook™, Bat™.
*If you wish, you can write to the author of this article at [email protected]
Leave your comment