Advantages and disadvantages of security methods

Deb Shinder

Network administration - There are many different methods of IT security, such as black lists, white lists, behavior-based techniques, but there are also many arguments in the security arena. IT secrets about the effectiveness of each of these methods.

In this article we will look at some of the security methods, namely how they work, the strengths and weaknesses of each of them, along with some discussion of mechanisms. virtualization security.

Security methods

If you want to stay away from people at risk on the plane or stay away from malicious code that appears on your network, you may need one of the methods to decide who or what code is in or not. In the first case scenario, consider the passenger 'projection' methods:

1. You can interpret a list of terrorists or criminals who have made an identity and check their identity at the entrance, see if the name matches your list and does not allow components This is on the plane. This is an example of a blacklist-based security method and it is used by the airlines and Transportation Security Administration (TSA) security forces at most airports.

2. It is possible to compile a list of individuals with good backgrounds who have been authenticated by legal organizations, providing them with personal identification cards and allowing them to board the plane. There is no need to perform elaborate checks. This is a white list security type and it is the basic issue for the 'friendly traveler' program offered by the TSA (currently known as the Registered Traveler program).

3. You can act as a security officer, who has been trained in some situations of questioning and observing people who carry airline tickets and who act suspiciously will be prevented or banned. don't let the door.

How do these cases apply to network security?

1. The blacklist can be used to filter spam, thanks to that blacklist, you will have a list of email addresses or domains that are known to spammers, when the software detects a message. That comes from one of those sources, it will put these messages into the Junk Mail folder. Black lists can also be used to protect systems against malicious code. When you have a list of files or programs known as malware, the programs and these files will be locked so that they cannot be opened and cannot run.

2. Whitelisting can also be used to filter spam, thanks to it you get a list of senders and domains that are considered 'safe'. Mail from these sources is allowed to transfer; Remaining messages from other sources will be locked. Whitelisting can also be used to protect the system from malicious code. When you have a list of desired programs on hand, the executables that are not on your list will not be allowed to run.

3. Behavioral methods attempt to access the risk that the code is malicious based on characteristics and patterns. Signature-based and anomaly-based security mechanisms implement behavior-based security. Files and programs are likely to contain dangers, based on their behavior patterns, and from there will lock them.

All of these methods are valid methods and they all have their own strengths and weaknesses, so we'll look at them in the sections below.

Prediction based on behavior and signs

Behavior-based security is useful for situations where people, or programs or files are not previously classified as 'good' or 'bad'. This is an effective method (but not perfect) to detect new threats without having to wait until they do harmful behaviors. There is a saying that ' if it looks like a duck, walking is like a duck and it sounds like a duck, it is most likely a duck '. At the simplest level, it is the most basic thing hungry for behavior-based security.

Security forces often use a variety of methods to shape their behavior. They listened to the subject's language, observed facial expressions, words and actions to try to find out whether these objects were dangerous. The movements of the eyes, the intensity of the voice and other physiological factors can indicate stress, which may indicate that someone is trying to hide something. Similarly, behavior-based security algorithms will also look for signs of a file or part of code that is not a valid program.

The signature-based security filter works like a security officer looking for criminal signs based on their work patterns or activities. Specific actions and code sequences are compared to a database of known signs, or pre-defined strings in code to indicate that it is malware. The security method is based on the less obvious abnormal behavior; it targets behaviors or commands / instructions in anomalous code.

The search algorithm is often used to identify anomalous signs, by analyzing the network traffic going through, email, . and comparing it to existing patterns or analyzing the structure of the code itself. Search engines today are often machines capable of 'learning' from previous experiences and building new formulas accordingly. Most antivirus programs use search methods to identify malware and variants before signature updates are available.

An important point pointed out by John Douglas, a renowned expert in shaping crime, is that one of many tools can be useful in criminal investigations and in fact, shaping needs to be used. Use only after many traditional research methods have been used. In other words, single shaping is not accurate enough to be considered a criminal indicator. By the same sign, single behavior-based security methods will not protect your computer and network well. It could put some malware through it because the malware was written like a valid code and perhaps more importantly it would mislead some of your valid programs as malware for suspicious signs. must consider its.

Black list

Blacklist is a well-known concept and it sounds bad when used in the most famous political issue in Hollywood in the 1940s and 1950s when screenwriters were banned from working. in the movie field because of their political relationships. However, in computer security, the blacklist is a completely simple method of preventing malicious programs from infecting or preventing messages from malicious spammers and unsolicited senders. want to access the user's mailbox. Updates to the list can be done quickly through a specialized update server. Most antivirus programs use a blacklist format that locks known threats. Spam filtering will depend on the blacklist.

Blacklist works well in some applications. For example, a blacklist problem occurred in the US in 2004 when a senator was banned from flying because a name similar to his name was used as an alias by a suspect. terrorism and so his name is on the government's 'no-fly' list.

A problem still with spam filtering based on blacklist is the siege status of valid senders, for example, the person reported to or added to the list is not a spammer, nor must be the enemy. Some organizations and individuals have found it difficult to get their addresses removed when they are blacklisted. When you use a commercial blacklist, you'll benefit greatly from the performance of third-party carriers.

However, there is another problem with the blacklist: it only works with unwanted people, programs and senders. It does not protect against threats (zero day attacks). Scanning incoming traffic and comparing it to blacklists can use a lot of resources and slow down network traffic.

White list

In contrast to the blacklist working on the principle of allowing things to be uninhibited, the white list uses the opposite method, rejecting anything that is not allowed. The white list technique works from a list of 'known good' entities (programs, email addresses, domains and URLs) and only allows entities on the list. Whitelisting has many advantages:

1. No need to run regularly updated anti-virus software. Everything not on the list will not be allowed to run.

2. Systems are protected from zero day attacks.

3. Users cannot run unauthenticated programs that are not on the list, so you don't have to worry about them or install bad practices.

Whitelisting is a simple technique and for administrators and companies to control what happens to the network or run on computers. The advantage is that, but the white list also has its disadvantages.

When used alone, whitelists are very effective at avoiding malware and spam, but can also organize valid code that can run and valid information to pass. For most users, the whitelist solution does not work well for email filtering because they often receive emails from many people we don't know, we're saying it's legitimate and desirable mail. This solution is also not practical for sellers because they have to receive requests from completely strange people, or writers receive letters from their readers, or business people receive mail from his customers. In this case it can work well in personal email accounts because these people only want to respond to a group of friends and their family members.

Whitelists grow in popularity and are often used in conjunction with other security methods. For example, many email clients contain spam filters used to analyze notifications and mark certain criteria (keywords, formatting, repetition) that will be spam. They also allow users to compile a 'safe sender' list (whitelist) for mail from those addresses that will not be marked as spam even if it does not meet the necessary criteria.

In typical business settings, whitelists are very useful in controlling which executables can run on the machine. However, this can cause problems, such as a control that is needed to display the correct website and not on the whitelist, and the user needs to access the site to do his job. If this whitelist is properly structured then this will not cause any problems, but this method also burdens heavily on administrators about what programs need to know to allow them to have can operate in the network.

Conclude

Each security method has its own strengths and weaknesses. Each method can give unwanted or desired results. Many different methods work well in different situations. So when it comes to spam filtering, the combination of all these methods will be the best option. Allow self-search filters to analyze mail with general spam standards, allowing mail-based blacklists from any sender or domain to be blocked if they do not meet the necessary criteria, along with the whitelist, thanks to which mail from senders or domains will be allowed to pass if it meets the necessary conditions. This is the method used by most of the most effective antivirus software solutions in use.

In an enterprise environment, a pure white list is the safest solution to what needs to be done in code deployment on computers.