-
: 070188
: .
, .2008
:1. 2.
......................................................................2
: 2.1 ...............................................4 2.2
worms......................................................5 2.3
.....................................................................5
2.4 Mail
...............................................................6
2.5
..................................................................6
2.6 NetBiosa............................................7 3. : 3.1
AntiVirus ..................................................9 3.2
Firewall....................................................................10
3.2.1 ......................................11 3.2.2
NAT................................................................13
3.2.3 Proxy
Services...............................................15 3.2.4
Firewall-....................................................15 4.
........................................................................18
.....................................................19
.............................................................................20
2
1.
. :
:
: 1. 2.3.
, . : , , , . M : : :3
: - - , , , . : , , , ,
. . , , , mail . .
2.
2.1
, , , . , . . , ( KB) . - Microsoftovi . , . , 4
. , :
(CD, USB)
(95%), . "" , , . , - . attachment ( ), . attachmenta . e-mail ,
. , , ( attachmente) . , e-mail . attachment , , . . (.gif, .jpg,
.bmp) (.txt, .asc), . , Word (.doc), (.exe, .com, .bat, .cmd) , ()
. , . (.zip, .arj, .rar ili .tgz), "", . email attachmente,
attachmente news . Web FTP attachmenta. , . , .
2.2
WORMS ( )
e-mail-a ( Microsoftu) . , , -, (, MP3 ) - . , e-mail-oe Adress
Book- e-mail , .
5
: EXE, ( EXE COM SCR), ( ) *.DOC , VBS , *.VBS (Visual Basic
Script), , *.PIF . , Outlook Express-, . Microsoft e-mail , . ,
Javu ActiveX, , . Outlook Expressu e-mail inbox, e-mail . Outlook
Express Windows . : OutlookExpressa, Delete Yes . Outlook Expressa,
Recycle Bin. mail , The Bat www.ritlabs.com/the_bat/ , , Javu
ActiveX , . , EXE, COM, BAT, SCR, DOC, EXL, VBS, VBA i PIF, , 90% .
, , Outlook Expressu . , email. Internet Explorer , Operu (
Netscape ), .
2.3
( 13 20 ) , . . NetBiosa ( ).
6
2.4
MAIL
e-mail. email. 5 000 , 3-4 , . : Magic Mail Monitor, 59kB .
e-mail- ( : , subject, ), email- . , POP3 , e-mail. Magic Mail
Monitor e-mail-, mail Bombe e-mail- subject , . Mail , . mail bombi
( mailove ) .
2.5
, , , email ( ), () ( // ) , . . : , , . . email ( ) e-maila , ,
, screensaver... ICQ, . : - e-mail ICQ . . Firewall. , Outlook
Express e-mail, e-mail . e-mail Netscape Messanger, Eudoru The
Bat.
7
2.6
NETBIOSA
? , . , , . . share- , NetBios . NetBios-, . Windows, , . ?
NetBios scaner, IP ( 195.178.50.0 195.178.50.255), Search . , ,
Start/Find/Find Computers, , Search, , . ? *.pwl Windows- , .
non-stop . , , , . , , . ! ? share- , password, , share- Read-only,
. , password, , . Netbios TCP/IP , , 137, 138 139. , :
Firewall- (. AtGuard-a) NoShare.exe Control Panel-a
Firewall AtGuard : Po Default , 137 138 (NBName NBDatagram).
NBName . . , . 137, 138 139. 8
Dashboard/Settings, Add : Name: "Blokiranje Netbiosa". Action:
Block Direction: Either Application: Any Application Protocol: TCP
or UDP Service: List of services, ADD, 137, 138, 139 AtGuard
Setting . Address: Any Address 7 KB NoShare.exe NetBIOS.
www.grc.com . NetBIOS . , NetBIOS . NetBiosa, Control Panela:
Contol Panel/Network, TCP/IP ( Dial-Up ), Properties Bindings File
And Print Sharing Microsoft Family Logon. , . Virtual Networking,
File and Printer sharing Microsoft Client. , Contol Panel/Network,
TCP/IP Dal-Up Adapter. Windows Control Panel/Network . , , NetBios
. File and Printer sharing. , Desktopu "Network Neighborhood". ,
File and Printer sharing . , Netbios, . Password Firewall 137, 138
139 , .
3.
3.1
. (scan), , (clean) - (). Scan . ( ) 9
. scan clean . . . , . , . , . , . , , , , . , . , . , , .
100-150 . , 100% (. ) . . , , . 20% . FileProtector ( EXE ) , , EXE
. , . (upgrade). , , . (, ). , . web :
AVP (www.kasparsky.com) Norton Ant Vrus (www.symantec.com)
Comand Ant Vrus (www.commandcom.com) F-prot, za DOS
(www.datafellows.com/gallery) McAfee Vrus Scan (www.mcafee.com)
Panda Ant Vrus (www.pandasoftware.com) PC-clln (www.antvrus.com)
Sophos Ant Vrus (www.sophos.com)
10
3.2
FIREWALL
, , . TCP/IP . TCP/IP -, , . , . , , . , , . . , . . Firewall .
, firewall , . firewall. . . (firewall). firewall , . Firewall , .
. , , , LAN- WAN-, Weba . crackeri () , , . , IP firewall (Address
Spoofing ). firewall TCP/IP , , IP . TCP/IP (Syn-Flood,
Port-Scanner ). ping (Smurf, Ping-of-Depth ). , , firewalla.
Firewall- , . , firewall- , LAN- . firewall- , 11
. , firewall . firewall- , . Firewall- : Packet Filtering -
TCP/IP . Network Address Translation (NAT) - IP . Proxi Servises -
- . firewall- : Encrypted Authentication - firewall-, . Virtual
Private Networking - .
3.2.1. (Packet Filtering) TCP/IP-a TCP/IP . . proxy NAT-. Proxy
World Wide Web . NAT . , /, firewall-. : , , firewall (Stateless
packet flters) . o , : (source routng) IP TCP/UDP 12
, IP . , . : (Loose source routng), . (Strct source routng), . ,
IP . , , : User Datragram Protocol (UDP) Transmisson Control
Protocol (TCP) Internet Control Mesage Protocol (ICMP) Internet
Group Menagment Protocol (IGMP) , TCP , UDP . . e IP IP . , . , . .
IP , IP . IP . . TCP/UDP TCP/UDP . IP . IP . TCP UDP :
13
Telnet ( 23) command promt . . NetBIOS Session ( 139) . POP (
110) . :Echo,FTP,SMTP,DNS,HTTP IP . ( ) IP . .1 . , , . . TCP/IP-,
, , n-, TCP . IP 1 . . : (stateless), . / . , . , 1024. firewall- ,
. (Statefull packet flters) , , . , . . . , (: 192.168.0.45), na
TCP , (:10.0.0.1), (IP ) . SYN , 14
. , , . , , . (. 10.0.5.55) 192.168.0.45 1220. 1220 192.168.0.45
IP 10.0.0.1. . 1220 10.0.5.55 . TCP close . . (policies), . , ,
.
3.2.2 Network Address Translaton (NAT)NAT IP , IP , . NAT IP , .
NAT TCP/IP crackera , IP . Firewall- ( ) firewalla . , firewall ()
firewall- , firewalla, . ( ) , firewall . IP , . NAT : IP
192.168.1.9 web 10.50.23.11. 192.168.1.9:1234 TCP 10.50.23.11:80.
Router/Firewall (192.168.1.1 , 10.0.30.2 ) : 192.168.1.9:1234
10.0.30.2:15465 10.50.23.11:80
10.50.23.11:80 10.0.30.2:15465. . firewall . IP . , .15
NAT firewalla :
Dynamic Translation
Dynamic translation (IP Masquerade) IP firewalla. firewalla
firewall. firewall, IP . NAT , . , . NAT . . . e-mail , lnk. .
Static Translation
Static translation firewalla IP . Static translation IP . .
128.110.121.0-128.110.121.255 10.1.2.0-10.1.2.255. Firewall IP .
(Port forwarding) . IP e-mail 10.1.1.21, firewalla je 10.0.30.2 .
10.0.30.2:25 10.1.1.21:25, firewall SMTP e-mail firewalla.
Load Balancing Translation
IP , IP .
Network Redundancy Translation
NAT firewall. Firewall , .
16
3.2.3 Proxy ServicesNAT , firewall. firewalla firewall . cracker
TCP firewall. Proxy . Proxy firewall HTTP, FTP, SMTP. Proxy
firewall-. , proxy. firewalla . proxy.
3.2.4 Firewall-AtGuard (http://www.zastita.co.yu/atguard.html)
(1435 kB) Firewall Windows95,98,2000. , Firewall AtGuard . (IE ICQ)
. AtGuard . ( ) , Firewall , . Firewalla, AtGuard , . AtGuard w .
BlackIce (http://www.networkice.com/)(www.iss.net) BlackIce
Defender Windows firewall. AtGuarda, Conseal PC firewall-a
SyShield-a, BlackICE firewall a : Trusting, Cautious, Nervous,
Paranoid. BlackIce firewall-a -- ConSeal AtGuard. Windows NetBIOS .
. IP IP Trusted Addresses . ! , BlackICE- . NetBIOS passwordom.
Dial In Internet. IP . BlackICE- password- IP , 17
. BlackICE . BlackICE , "backtracking trace" (IP adresu, DNS
...) . BlackIce frewall . BlackIce 99.9% . Jammer 1.95
(http://jammer.comset.net/) Back Orffce-a , Net Bus- . Network -
Jammer PC NetBus, Back Orfce-a 1.x BO2K. pasword , Jammer . Jammer
. , Jammer. Jammer , NetBus Back Orfce . Jammer NetBus 1.2, NetBus
1.53, NetBus 1.6, NetBus 1.7, NetBus 2.0 Pro Beta, NetBus 2.0 Pro,
Back Orfce 1.2, Back Orfce 1.2 Modfed ( Back Orfce 2000). Back
Orfce-a 1.x, pasword , IP . Netstat - Jammer (Netstat) . Regystry -
Jammer y , . Jammer . Process - Jammer . . Grozda - fly.to/grozda -
shareware . T.Rex T-Rex firewall , . firewall-a . T-Rex firewall .
proxy , statefull filter . T-Rex , . . T-Rex .
18
proxy- IP . IP firewall proxy T.Rex- . , , firewall. IP IP , .
T-Rex . , :Web browser, Web server, e-mail, TCP/IP , RPC UDP .
Cisco PIX Firewall v.6.2 Cisco PIX firewall- firewall , . Cisco
Adaptive Security Algorithm (ASA) (statefull). , firewall. Cisco
PIX firewall- voice-over-IP (VoIP) , H.323, Session Initiation
Protocol (SIP), RealTime Transport Protocol (RTP), Real-Time
Streaming Protocol (RTSP) i Real-Time Transport Control Protocol
(RTCP). , site-to-site VPN (Virtual Private Networking) , Cisco PIX
firewall-, . Internet Key Exchange (IKE) IP Security (IPSec) VPN ,
Cisco PIX firewall- 56-bitni DES (Data Encryption Standard)
168-bitni Triple DES (3DES). RSA, , MD5 SHA-1. Diffie-Hellman- . ()
, . Cisco PIX firewall-, , Public Key Infrastructure (PKI ) X.509 .
, DoS (Denial of Service) . (DNSGuard, FloodGuard, MailGuard,),
Cisco PIX firewall- . firewall . Cisco PIX firewall- , , . ConSeal
Private Desktop (www.signal9.com) e Signal 9 Solutions Blocked
Trusted IP ( : ARP, ICMP, DHCP, DNS, TCP, File Sharing, UDP ). Log
fajl (TXT) BlackIce-a. , . Zone Alarm (www.zonelabs.com)19
ZoneLabs , . , ( ) . High NetBIOS Stealth (firewall "" ). Allow
. , , Pass Lock . Unlocked ( "Locked") Pass Lock , STOP Pass Lock .
log fajl .
4.
, (cracker) , Firewall. Firewall BackDoor . Firewall ! Firewall
Firewalla.
20
IP adresa "Veryfing User Name and Password" , - . IP 4 0 255 (.
213.240.4.100). 24 IP , , , . IP ( , ). ( ) , IP . , , , . DNS
(Doman Name Server) www.ekof.bg.ac.yu IP . PORT , . - 65536 ( ) . ,
1024 ( ) . . , 21, . , ICQ, 1508 1509. , , .
21
:. : , , , 2002 2) www3.ptt.yu 3) www.zastita.co.yu 4)
www.eunet.yu 5) : Firewall, , , 2003 6) www.pctv.co.yu 7)
www.cisco.com 8) www.firewallguide.com 9) www.infosky.net1)
22
