How Security Controls Like Microsoft’s Firewall Assist in Controlling the Spread of Malware

How Security Controls Like Microsoft’s Firewall Assist in Controlling the Spread of Malware

Cyber security controls and firewalls such as the Microsoft firewall are vital in preventing attacks and infection of Malware. Cyber security controls include guidelines a company can use to avoid attacks and elements that can control access to particular computer resources such as database systems. Cyber security controls such as biometrics can be used to manage the number of individuals who can access a specific room, say the server room; this system is also efficient as it will provide a log of individuals who visited the room and the times they were in the room in case any incident occurred. Firewalls can also reduce the chances of a computer system being infected with Malware by sifting through network traffic, stopping suspicious data packets, and alarming the administrator that there is a potential cyberattack. Malicious attacks can be detected by their regular pattern, whereas normal network traffic is random, with variations depending on what the user is doing on the network (Crumpler & Lewis 2019). Gateway firewalls can also be a man-in-the-middle filter between the internal and external networks. Firewalls can also filter allowed and blocked devices; for instance, if a particular IP address or Mac address has been used before to conduct an attack, the machine can be stopped, and any traffic originating from the device will be prevented. Firewalls can also contain malware infection by creating a list of company devices and only allowing those particular devices to access the company’s internal network. Firewall authentication is another way in which Malware and other kinds of infections can be prevented. Setting up authentication with solid passwords will reduce the chances of an attacker gaining access to the network and introducing Malware.

How I Would Determine if My Computer Were the Victim of an Advanced Persistent Threat

An advanced persistent threat is an attack that is highly complex and exceptionally stealthy, hence the use of advanced. The episode also takes place over an extended period, hence the use of persistence, and is also under the direct control of a human rather than an automated program. Advanced persistent threats are also comprised of several attack techniques, such as Malware, viruses, and worms, to obtain the required outcome. One of the main methods of determining if you have been a victim of an advanced persistent threat is to check login activities. A victim of an advanced constant threat would have unidentified login details; the system would log logins not made by company members or, in the case of an individual, by the individual. Another method would be that a user might find their device has been logged out despite them leaving the device logged in. Another indicator of an advanced persistent threat would be open spam emails on company emails or devices connected to the internal network. Another indicator of an advanced constant threat will be if members of the organization have received phone calls from odd numbers pretending to be either the IT department or other members of their network requesting information. During a scan of the network, if the cyber security experts find backdoors open within the internal network, this can indicate an advanced persistent threat working within the system but is hidden from plain sight. Application software can also be used as a tool for advanced persistent threats. Some of the warning signs that can be detected include sudden hanging off the computer and if the application software keeps crashing for no apparent reason. Data movement is also another sign of an advanced persistent threat; if the user of a computer system realizes that data has been moved from one server to another or from one location to another on the same device, it is an indicator that attackers might have penetrated the system (Sun et al. 2018).

Ways That Black Hat Hackers Could Try to Obfuscate the SQL Commands They Are Using         

When hackers use SQL injection or any other attack technique, they want to keep the attack hidden to exploit the system again. The hiding of an attacker’s footprint is known as obfuscation. Some of the techniques used for SQL obfuscation include SQL HEX encoding systems. SQL HEX obfuscation is used to hide an attack by converting the query into another type of language to bypass security systems (Chaturvedi & Chakravarthy, 2020). MYSQL server is vulnerable to SQL HEX obfuscation alongside many other SQL servers since the code is changed and the system firewalls and attack monitoring system cannot detect the attack. Obfuscation is used for all episodes since attackers want to hide their intentions and not get noticed. If an attacker is to be realized, the at