Noncryptographic Security Issues - Codes: The Guide to Secrecy from Ancient to Modern Times

Cryptography Reference

In-Depth Information

1. Detection : A virus is detected at some source point such as a gateway,

server, or client machine.

2. Quarantine : A sample of the virus is sent to the Digital Immune System

central quarantine where it is isolated, and scanned with the latest virus

definitions. If it turns out to be a known virus, then the cure can be

sent immediately back to the source of infection and no further action is

required. Otherwise, central quarantine strips all sensitive data such as

MS-word documents (to ensure confidentiality), and the sample is sent

to Symantec Security Response. This transmission is accomplished over

HTTP on port 80, using SSL, which ensures confidentiality and authenti-

cation (see Section 5.7).

3. Automated Processing : The DIS automatically analyzes the sample and

creates a cure, which is sent back to the administrative console at the

source.

4. Administrative Console : The new fingerprint is distributed by the ad-

ministrative console throughout the source network to be added as an

update to the current virus definitions.

Diagram 10.1 DIS Closed-Loop Virus Methodology

Quarantined

sample sent to DIS

New virus detected and isolated

−−−−→

DIS analyzes

and creates a cure

Administrative console receives

and distributes new fingerprints

←−−−−

Analysis of DIS : The DIS, arguably, represents the pinnacle of antivirus

software currently available. The DIS approach is stronger than other antivirus

techniques since it is automated, scalable, and does not require human interven-

tion for decoding viruses and creating signatures. The number of false positives

is kept low and supplies end-to-end automation of submission, analysis, and

transmission of new fingerprints for virus definition updates. There is relatively

little maintenance needed with the DIS system, and costs are minimal given the

alternatives. If the administrative console is allowed to streamline the control

of the system at the given organizational source, then the maximum benefit will

be received, since administrators have control of the level of automation.

There are other kinds of malicious programs requiring a host program, and

are not considered to be viruses due to the manner in which they operate. we

now look at their morphology.

Search WWH ::

Custom Search

Home