Question

3.1 A computer virus is basically rogue software programs that are difficult to detect which spread
rapidly through computer systems, destroying data or disrupting processing and memory systems.
Discuss the kinds of programs that are related to computer viruses. (10)
3.2 Firewall computers and software is another important method for control and security on the
Internet and other networks. Explain the characteristics of firewalls.

Answer 1

3.1

"A computer virus is a malicious program that self-replicates by copying itself to another program. In other words, the computer virus spreads by itself into other executable code or documents"

The purpose of creating a computer virus is to infect vulnerable systems, gain admin control and steal user sensitive data. Hackers design computer viruses with malicious intent and prey on online users by tricking them.

One of the ideal methods by which viruses spread is through emails – opening the attachment in the email, visiting an infected website, clicking on an executable file, or viewing an infected advertisement can cause the virus to spread to your system. Besides that, infections also spread while connecting with already infected removable storage devices, such as USB drives.

Types of Computer Viruses:

Boot Sector Virus – This type of virus infects the master boot record and it is challenging and a complex task to remove this virus and often requires the system to be formatted. Mostly it spreads through removable media.

Direct Action Virus – This is also called non-resident virus, it gets installed or stays hidden in the computer memory. It stays attached to the specific type of files that it infect. It does not affect the user experience and system’s performance.

Resident Virus – Unlike direct action viruses, resident viruses get installed on the computer. It is difficult to identify the virus and it is even difficult to remove a resident virus.

Multipartite Virus – This type of virus spreads through multiple ways. It infects both the boot sector and executable files at the same time.

Polymorphic Virus – These type of viruses are difficult to identify with a traditional anti-virus program. This is because the polymorphic viruses alters its signature pattern whenever it replicates.

Overwrite Virus – This type of virus deletes all the files that it infects. The only possible mechanism to remove is to delete the infected files and the end-user has to lose all the contents in it. Identifying the overwrite virus is difficult as it spreads through emails.

Spacefiller Virus – This is also called “Cavity Viruses”. This is called so as they fill up the empty spaces between the code and hence does not cause any damage to the file.

Signs of Virus Infection

It is vital for any computer user to be aware of these warning signs –

• Slower system performance
• Pop-ups bombarding the screen
• Programs running on their own
• Files multiplying/duplicating on their own
• New files or programs in the computer
• Files, folders or programs getting deleted or corrupted
• The sound of a hard drive

3.2

"A firewall is a network security device that monitors incoming and outgoing network traffic and permits or blocks data packets based on a set of security rules."

Its purpose is to establish a barrier between your internal network and incoming traffic from external sources (such as the internet) in order to block malicious traffic like viruses and hackers. Firewalls carefully analyze incoming traffic based on pre-established rules and filter traffic coming from unsecured or suspicious sources to prevent attacks. Firewalls guard traffic at a computer’s entry point, called ports, which is where information is exchanged with external devices. It establishes a barrier between secured internal networks and outside untrusted network, such as the Internet.

Before Firewalls, network security was performed by Access Control Lists (ACLs) residing on routers. ACLs are rules that determine whether network access should be granted or denied to specific IP address.
But ACLs cannot determine the nature of the packet it is blocking. Also, ACL alone does not have the capacity to keep threats out of the network. Hence, the Firewall was introduced.

Connectivity to the Internet is no longer optional for organizations. However, accessing the Internet provides benefits to the organization; it also enables the outside world to interact with the internal network of the organization. This creates a threat to the organization. In order to secure the internal network from unauthorized traffic, we need a Firewall.

Characteristics

1. Different protection levels based on the location of the computer

When your PC connects to a network, the firewall applies a security level in accordance with the type of network. If you want to change the security level assigned initially, you can do this at any time through the firewall settings.

2. Protection of wireless networks (Wi-Fi)

This blocks intrusion attempts launched through wireless networks (Wi-Fi). When an intruder attempts to access, a pop-up warning is displayed that allows you to immediately block the attack.

3. Access to the network and the Internet

It specifies which programs installed on your computer can access the network or the Internet.

4. Protection against intruders

It prevents hacker attacks that try to access your computer to carry out certain actions.

5. Blocks

The firewall can block the access of the programs that you specify should not be able to access the local network or the Internet. It also blocks access from other computers that try to connect to programs installed on your computer.

Firewalls are generally of two types: Host-based and Network-based.

• Host- based Firewalls : Host-based firewall is installed on each network node which controls each incoming and outgoing packet. It is a software application or suite of applications, comes as a part of the operating system. Host-based firewalls are needed because network firewalls cannot provide protection inside a trusted network. Host firewall protects each host from attacks and unauthorized access.
• Network-based Firewalls : Network firewall function on network level. In other words, these firewalls filter all incoming and outgoing traffic across the network. It protects the internal network by filtering the traffic using rules defined on the firewall. A Network firewall might have two or more network interface cards (NICs). A network-based firewall is usually a dedicated system with proprietary software installed.

upvote pls...