Network threats to user data - how to protect yourself. How to protect your router and remove the warning from Avast
Screen Trouble-shooting allows you to change default settings to resolve possible problems with the operation and compatibility of the program Avast Antivirus.
It is recommended to leave the default configuration. They should only be changed if you have a thorough understanding of how Avast Antivirus works or at the request of your service representative. Avast support to troubleshoot problems. After making any changes, click OK to save the settings.
Note. Other troubleshooting information can be found on the Getting Started page.
Manage Troubleshooting Settings
- Allow scanning for rootkits at system startup: Scan for rootkits during PC startup, before most applications and services are loaded. To ensure maximum protection, this setting is enabled by default. Clearing this checkbox may speed up startup slightly, but will weaken your virus protection.
- Allow direct access to drives when Avast performs startup scans: Allow Avast startup scan to access and scan all disk space (including moving files and file fragments that may contain malicious code). By default, this option is enabled. Unchecking this checkbox may speed up boot scanning slightly, but will weaken your virus protection.
- Skip checking digital signatures of infected files: Allow Avast to report all files as suspicious, even if they come from a trusted publisher, speeding up the scanning process. However, this setting is disabled by default to avoid cases of false alarms because trusted files with valid digital signatures Not are detected as malware and therefore are not removed.
- Enable module self-defense Avast
: Prevents all core Avast Antivirus files from being modified or deleted. By default, this option is enabled. Clearing this checkbox could allow attackers to modify and delete antivirus files to disable antivirus protection and infect your PC.
Note. Clear this checkbox only temporarily when requested by an Avast support representative to resolve specific issues. - Download Avast services only after downloading others system services : Selecting this option delays loading Avast Antivirus until all other system services have finished loading, which may speed up the PC startup process, but will temporarily leave the system unprotected from malware. By default, this option is disabled to allow Avast services to start at the very beginning of the PC boot and ensure complete security.
- Restrict access to the program for a guest account: Restrict access to and changes to Avast settings for guests (secondary accounts used to log into your PC). This parameter enabled by default so that only registered users have permission to perform such actions. Unchecking this box will allow all users (accounts) to access and change the settings.
- Enable hardware-assisted virtualization: Improve virtualization performance. Avast uses hardware virtualization in its Anti-Rootkit, Sandbox, CyberCapture, and Self-Defense components. By default, this option is active. If Avast detects another software that uses virtualization, this option will be automatically disabled. If Avast Not software installed on your PC that uses virtualization is detected and is causing compatibility and performance issues, we recommend temporarily disabling this setting.
Enabling Passive Mode
Passive mode disables all active protection, including various security tools and the firewall. In this mode, you can use several antivirus programs simultaneously without reducing the performance of your PC and the reliability of virus detection. In passive mode, Avast receives all program updates and virus definitions, allowing you to run manual scans to detect problems on your PC. However active protection Avast Not works.
This feature is disabled by default unless you install Avast on a computer that has another antivirus program installed. To activate passive mode manually, click the slider Turned off so that it changes the value to Included. Then click OK And Reboot now to confirm the changes.
If you want Avast Antivirus's active protection to protect you from malware and other security threats, make sure the passive mode switched off, and the following conditions are met.
- All third parties antivirus programs deleted.
- The main screen of Avast Antivirus displays You are protected.
Note. If Avast is the only antivirus software installed on your computer, enable passive mode only temporarily to eliminate certain malfunctions.
Restoring default values
Troubleshooting may require you to restore your Avast Antivirus settings to their default settings. To do this, follow these steps:
- Check the boxes for one or more of the following parameters to select the settings you want to restore.
- Program settings (with standard scanning types): All program settings, except screen settings.
- Screen settings: Screen settings only. Changing screen settings may affect the protection status.
- Click Reset to restore your settings.
Action Reset deletes all your custom settings. This action cannot be undone.
Note. Before recovery standard settings can be created backup copy your settings by selecting Settings Back up settings.
Managing redirection settings
If you are having problems sending or receiving messages Email during use mail screen With mail client (Microsoft Outlook , Mozilla Thunderbird etc.), you can fix this problem by identifying the ports that are used by your email service provider in the Mail.
By default, each protocol has the standard port numbers listed below.
| SMTP port(s): | 25 857 | Protected ports: | 465 |
| POP port(s): | 110 | Protected ports: | 995 |
| IMAP port(s): | 143 | Protected ports: | 993 |
| NNTP port(s): | 119 | Protected ports: | 563 |
If you (or your email service provider) use other ports, enter them in the text boxes next to the appropriate protocols to ensure email messages are verified Avast program. Use commas to separate multiple port numbers.
In a text field Ignored addresses enter the addresses of services or ports that you want to exclude from scanning (for example, smtp.example.com). If necessary, separate multiple addresses with commas.
Selecting a checkbox for an option Ignore local communication Prevents Avast from scanning internal system communications between applications running on the PC. By default, this option is active. Disabling this setting will allow Avast to scan all email communications, which improves security but may reduce system performance.
Avast always tries to stay ahead when it comes to protecting users from new threats. More and more more people watch movies, sports and TV shows on smart TV. They control the temperature in their homes using digital thermostats. They wear smart watches and fitness bracelets. As a result, security needs expand beyond personal computer to cover all devices in home network.
However, home routers that are key devices home network infrastructures often have security problems and allow easy access for hackers. A recent study by Tripwire found that 80 percent of top-selling routers have vulnerabilities. Moreover, the most common combinations for accessing the administrative interface, in particular admin/admin or admin/no password, are used in 50 percent of routers worldwide. Another 25 percent of users use their address, date of birth, first or last name as router passwords. As a result, more than 75 percent of routers worldwide are vulnerable to simple password attacks, opening the door for threats to be deployed on the home network. The router security landscape today is reminiscent of the 1990s, when new vulnerabilities were discovered every day.
Home Network Security feature
The Home Network Security feature in Avast Free Antivirus, Avast Pro Antivirus, Avast Internet Security and Avast Premier Antivirus allows you to solve these problems by scanning your router and home network settings for potential problems. With the Avast Nitro Update, the Home Network Security tool's detection engine has been completely redesigned, adding support for multi-threaded scanning and an improved DNS hijack detector. The engine now supports scanning ARP protocol and port scanning performed at the kernel driver level, which makes scanning several times faster compared to the previous version.
Home Network Security can automatically block cross-site request forgery (CSRF) attacks on your router. CSRF exploits exploit website vulnerabilities and allow cybercriminals to send unauthorized commands to a website. The command simulates instructions from a user who is known to the site. Thus, cybercriminals can impersonate a user, for example, transfer money to the victim without his knowledge. Thanks to CSRF requests, criminals can remotely make changes to router settings in order to overwrite DNS settings and redirect traffic to fraudulent sites
The Home Network Security component allows you to scan your home network and router settings for potential security issues. The tool detects weak or standard Wi-Fi passwords, vulnerable routers, compromised Internet connections, and IPv6 enabled but not secured. Avast lists all devices on your home network so users can check that only known devices are connected. The component provides simple recommendations to eliminate detected vulnerabilities.
The tool also notifies the user when new devices join the network, network-connected TVs and other devices. Now the user can immediately detect an unknown device.
The new proactive approach underlines the overall concept of providing maximum comprehensive user protection.
The Internet is a boundless world of information that provides ample opportunities for communication, learning, organizing work and leisure, and at the same time it is a huge, daily updated database that contains information about users that is interesting to attackers. There are two main types of threats that users can be exposed to: technical and social engineering.
Related materials
The main technical threats to users are malware, botnets, and DoS and DDoS attacks.
Threat- this is a potentially possible event, an action that, through its impact on the object of protection, can lead to damage.
Malware
The purpose of malware is to cause damage to a computer, server or computer network. They can, for example, corrupt, steal or erase data stored on the computer, slow down or completely stop the operation of the device. Malicious programs are often “hidden” in letters and messages with tempting offers from unknown individuals and companies, in the pages of news sites or other popular resources that contain vulnerabilities. Users visit these sites, and malware enters the computer undetected.
Malware is also distributed via email, removable media information or files downloaded from the Internet. Files or links sent by email may expose your device to infection.
Malware includes viruses, worms, Trojans.
Virus- a type of computer program distinctive feature which is the ability to reproduce (self-replicate) and be introduced into files unnoticed by the user, boot sectors disks and documents. The name "virus" in relation to computer programs came from biology precisely on the basis of the ability to self-reproduce. A virus lying as an infected file on a disk is not dangerous until it is opened or launched. It only takes effect when the user activates it. Viruses are designed to replicate themselves to infect computers, usually destroying files in the process.
Worms- This is a type of virus. They fully live up to their name, since they spread by “crawling” from device to device. Just like viruses, they are self-replicating programs, but unlike viruses, a worm does not need the user's help to spread. He finds the loophole himself.
Trojans– malicious programs that are purposefully introduced by attackers to collect information, destroy or modify it, disrupt the operation of a computer, or use its resources for nefarious purposes. Externally, Trojan programs look legitimate software products and do not arouse suspicion. Unlike viruses, they are completely ready to perform their functions. This is what attackers are counting on: their task is to create a program that users will not be afraid to launch and use.
Attackers can infect a computer to make it part of botnet– networks of infected devices located around the world. Large botnets can include tens or hundreds of thousands of computers. Users often don't even realize that their computers are infected with malware and are being used by criminals. Botnets are created by sending different ways malware, and the infected machines subsequently regularly receive commands from the botnet administrator, so that it becomes possible to organize coordinated actions of bot computers to attack other devices and resources.
DoS and DDoS attacks
A DoS attack (denial of service) is an attack that paralyzes the operation of a server or personal computer due to huge amount requests, with high speed arriving at the attacked resource.
The essence of a DoS attack is that an attacker tries to make a specific server temporarily unavailable, overload the network, processor, or fill the disk. The goal of the attack is simply to disable the computer, and not to obtain information, to seize all the resources of the victim computer so that other users do not have access to them. Resources include: memory, CPU time, disk space, network resources etc.
There are two ways to carry out a DoS attack.
With the first method A DoS attack uses a vulnerability in the software installed on the attacked computer. The vulnerability allows you to cause a certain critical error that will lead to disruption of the system.
With the second method the attack is carried out by simultaneously sending a large number of information packets to the attacked computer, which causes network overload.
If such an attack is carried out simultaneously with large number computers, then in this case they talk about a DDoS attack.
DDoS attack (distributed denial of service) is a type of DoS attack that is organized using a very large number of computers, due to which servers with even a very large number of computers can be subject to attack. throughput Internet channels.
To organize DDoS attacks, attackers use a botnet - ad hoc network computers infected with a special type of virus. An attacker can control each such computer remotely, without the knowledge of the owner. Using a virus or a program skillfully masquerading as a legitimate one, malicious program code is installed on the victim computer, which is not recognized by the antivirus and works in background. IN right moment At the command of the botnet owner, such a program is activated and begins to send requests to the attacked server, as a result of which the communication channel between the service being attacked and the Internet provider is filled and the server stops working.
Social engineering
Most attackers rely not only on technology, but also on human weaknesses, using social engineering. This complex term refers to a way to receive necessary information not with the help technical capabilities, but through ordinary deception and cunning. Social engineers use psychological methods of influencing people through e-mail, social media and instant messaging services. As a result of their skillful work, users voluntarily give up their data, not always realizing that they have been deceived.
Fraudulent messages most often contain threats, such as closing user bank accounts, promises of huge winnings with little or no effort, or requests for voluntary donations on behalf of charitable organizations. For example, a message from an attacker may look like this: “Your account is blocked. To restore access to it, you need to confirm the following data: phone number, email and password. Send them to such and such email address" Most often, attackers do not leave the user time to think, for example, they ask to pay on the day the letter is received.
Phishing
Phishing is the most popular way to attack users and one of the methods social engineering. It is a special type of Internet fraud. The goal of phishing is to gain access to sensitive information, such as address, phone number, credit card numbers, usernames and passwords, through the use of fake web pages. Often a phishing attack occurs as follows: an email is sent to you asking you to log into your Internet banking system on behalf of an alleged bank employee. The letter contains a link to a fake website that is difficult to distinguish from the real one. The user enters personal information on a fake site, and the attacker intercepts it. Having taken possession of personal data, he can, for example, get a loan in the user’s name, withdraw money from his account and pay for it credit cards, withdraw money from his accounts or create a copy of a plastic card and use it to withdraw money anywhere in the world.
False antivirus and security programs.
Attackers often distribute malware under the guise of antivirus software. These programs generate notifications, which, as a rule, contain a warning that the computer is allegedly infected and a recommendation to follow the specified link for successful treatment, download the update file from it and run it. Often, notifications are disguised as messages from legitimate sources, such as antivirus software companies. Distribution sources false antiviruses are email, online ads, social networks, and even pop-ups on your computer that mimic system messages.
Replacing the return address
It is well known that users trust messages received from people they know much more and are more likely to open them without expecting a catch. Attackers take advantage of this and fake a return address to one familiar to the user in order to trick him into visiting a site containing malware or to find out personal information. For example, clients of Internet banks often become victims of their own gullibility.
Ways to protect yourself from online threats
There are many types and methods of attacks, but there are also a sufficient number of ways to defend against them. When browsing the Internet, we recommend that you meet the following requirements:
Use passwords
For creating complex password You must use a combination of at least eight characters. It is advisable that the password include upper and lower case characters, numbers and Special symbols. The password should not repeat previous passwords, nor should it contain dates, names, phone numbers, or similar information that could be easily guessed.
Use your computer under an account with limited rights
Before you start using the operating system, it is recommended that you create a user account for everyday use of the computer and use it instead of the administrator account. Custom Account allows you to perform the same actions as an administrator account, but you will be prompted for an administrator password when you try to make changes to operating system settings or install new software. This reduces the risk of accidentally deleting or changing important system settings, as well as computer infection with malware.
Use data encryption
Data encryption is additional method protect important information from outside users. Special cryptographic programs encrypt data so that only the user who has the decryption key can read it. Many operating systems have built-in encryption. For example, in Windows 7, to protect all files stored on the operating system disk and on internal hard drives, encryption is used BitLocker drives, and to protect files stored on external hard drives, USB devices, BitLocker To Go is used.
Update your software regularly
Update your software regularly and promptly, including operating system and all applications used. It is most convenient to set the mode automatic update, which will allow you to carry out all work in the background. It is strongly recommended to download updates only from the websites of software manufacturers.
Use and regularly update antivirus programs
To protect your system from possible online threats. Antivirus is a key component of anti-malware protection. It must be installed and updated regularly to help it fight new malware, the number of which is increasing every day. Modern antivirus programs usually update antivirus databases automatically. They scan critical system areas and monitor everything possible ways virus intrusions, such as email attachments and potentially dangerous websites, in the background without interfering with the user's experience. The antivirus should always be turned on: disabling it is strongly recommended. Also try to check all removable media for viruses.
Use a firewall
Firewall, or firewall, is a special filter whose task is to control those passing through it. network packets in accordance with given rules. A firewall works as follows: it monitors communications between a device and the Internet and examines all data received from or sent to the network. It blocks if necessary network attacks and prevents the secret transmission of personal data on the Internet. The firewall does not allow suspicious information to enter and does not allow important information to leave the system.
Views: 3378
The article is intended for those who have begun to think about network security or continue to do so and are strengthening the protection of web applications from new threats - after all, first you need to understand what threats there may be in order to prevent them.
For some reason, the need to think about network security is considered the right of only large companies, such as , and , or , which openly announce competitions for finding vulnerabilities and improve the security of their products, web applications and network infrastructures in every possible way. At the same time, the vast majority of existing web systems contain “holes” of various types (90% of systems contain medium-risk vulnerabilities).
What is a network threat or network vulnerability?
WASC (Web Application Security Consortium) has identified several basic classes, each of which contains several groups of common vulnerabilities, the use of which can cause damage to a company. The full classification is laid out in the form, and there is a translation in Russian previous version from InfoSecurity - which will be used as the basis for the classification and significantly supplemented.
Main groups of website security threats
Insufficient authentication when accessing resources
This group of threats includes attacks based on Selection (), Abuse of Functionality () and Predictable Resource Location (). The main difference from insufficient authorization is that there is insufficient verification of the rights (or features) of an already authorized user (for example, a regular authorized user can gain administrative rights simply by knowing the address of the control panel if sufficient access rights verification is not performed).Such attacks can only be effectively countered at the application logic level. Some attacks (for example, too frequent brute force attacks) can be blocked at the network infrastructure level.
Insufficient authorization
This may include attacks aimed at easily brute-forcing access details or exploiting any errors when checking access to the system. In addition to the Selection () techniques, this includes Access Guessing () and Session Fixing ().
Protection against attacks from this group requires a set of requirements for reliable system user authorization.
This includes all techniques to change the content of a website without any interaction with the server serving the requests - i.e. the threat is implemented through the user’s browser (but usually the browser itself is not the “weak link”: the problem lies in content filtering on the server side) or an intermediate cache server. Attack Types: Content Spoofing (), Cross-Site Requests (XSS, ), Redirect Abuse (), Cross-Site Request Forgery (), HTTP Response Splitting (, HTTP Response Smuggling (), and Routing Bypass (), HTTP Request Splitting () and HTTP Request Smuggling ().
A significant part of these threats can be blocked at the level of setting up the server environment, but web applications must also carefully filter both incoming data and user responses.
Executing Code
Code execution attacks are classic examples website hacking through vulnerabilities. An attacker can execute his code and gain access to the hosting where the site is located by sending a specially prepared request to the server. Attacks: Buffer Overflow(), String Formatting(), Integer Overflow(), LDAP Injection(), Mail Injection(), Null Byte(), OS Command Execution(), Execution external file(RFI, ), SSI Injection (), SQL Injection (), XPath Injection (), XML Injection (), XQuery Injection (), and XXE Injection ().
Not all of these types of attacks may affect your website, but they are correctly blocked only at the level of WAF (Web Application Firewall) or data filtering in the web application itself.
Disclosure of information
Attacks from this group are not a pure threat to the site itself (since the site does not suffer from them in any way), but can harm a business or be used to carry out other types of attacks. Types: Fingerprint () and Directory Traversal ()Correct setting server environment will allow you to completely protect yourself from such attacks. However, you also need to pay attention to the error pages of the web application (they may contain a large number of technical information) and work with file system(which may be compromised by insufficient input filtering). It also happens that in search index links to any site vulnerabilities appear, and this in itself is a significant security threat.
Logical attacks
This group includes all the remaining attacks, the possibility of which lies mainly in limited server resources. In particular, these are Denial of Service () and more targeted attacks - SOAP Abuse (), XML Attribute Overflow and XML Entity Expansion ().Protection against them is only at the web application level, or blocking suspicious requests ( network hardware or web proxy). But with the emergence of new types of targeted attacks, it is necessary to audit web applications for vulnerabilities.
DDoS attacks
As should be clear from the classification, a DDoS attack in the professional sense is always the exhaustion of server resources in one way or another. Other methods () directly to DDoS attack have no relationship, but represent one or another type of site vulnerability. Wikipedia also describes protection methods in sufficient detail; I will not duplicate them here.
They have become a problem for all PC users with Internet access, without exception. Many companies use firewalls and encryption mechanisms as solutions to security problems in order to remain protected from possible threats. However, this is not always enough.
Classification of network threats
Network threats are classified into four categories:
- Unstructured threats;
- Structured threats;
- Internal threats;
- External threats.
Unstructured threats
Unstructured threats often involve unfocused attacks on one or more network systems. The attacked and infected systems may be unknown to the criminal. Program codes, such as a virus, worm or Trojan horse can easily get onto your PC. Some common terms to be aware of:
Virus – malware, capable of replicating with little or no user intervention, and replicated programs can also be replicated.
Worm– a form of virus that spreads by creating duplicates on other drives, systems, or networks. For example, a worm working with an email system can send copies of itself to every address in address book email systems.
Trojan horse- this is, at first glance, useful program(perhaps a game or screensaver), but in the background it can perform other tasks, such as deleting or changing data, or capturing passwords. A true Trojan horse is not technically a virus because it does not replicate.
Unstructured attacks using code that reproduces itself and sends a copy to all email users can easily cross Earth within hours, causing problems for networks and individuals around the world. Although the original intention may have been minor.
Structured threats
Structured threats targeted at one or more individuals; will be reproduced by people with more skills high level, actively working to compromise the system. The attackers, in this case, have a specific goal. They tend to be knowledgeable about network design, security, access procedures, and hacking tools, and have the ability to create scripts or applications to achieve their goals.
Insider threats
Insider threats come from persons with authorized access to the network. This could be a disgruntled employee or an unhappy fired employee whose access is still active. Many studies show that insider attacks can be significant in both number and loss.
External threats
External threats are threats from individuals outside the organization who frequently use the Internet or dial-up. These attackers do not have authorized access to the systems.
The classification of a particular threat may result in a combination of two or more threats. For example, an attack could be structured from external source and, at the same time, may have one or more compromised employees within actively promoting the effort.