Anti-Rootkits

Anti-Rootkit is an application that finds and removes any rootkit that is hidden on your computer using advanced rootkit detection technology.Rootkits in Windows systems are particularly insidious because they are able to be completely invisible to antispyware programs.There are numerous specialized anti-rootkit products available for the detection and removal of these types of malicious programs. Anti-Rootkit can even remove Trojans and Rootkits that are hiding inside NTFS Alternate Data Streams.

            Note that, on demand anti-rootkits vary in terms of options for removal. Some will only show hidden files/drivers/processes/registry keys but will not remove them.Others will show hidden files/drivers/processes/registry keys but will offer only remove known rootkits.Most of the stand alone anti-rootkit released by AV companies are relatively new.Many will eventually be incorporated into future products to extend anti-rootkit abilities.Surprisingly, most of the current offerings that specifically target rootkits are freeware or open source.

ROOT KITS

A Root kit is a collection of tools (programs) that enables administrator-level access to a computer or computer network.Also known as "kernel mode Trojans," root kits are far more sophisticated than the usual batch of Windows backdoor programs that irk network administrators today. The difference is the depth at which they control the compromised system.Conventional backdoors like BO2K operate in "user mode", which is to say, they play at the same level as any other application running on the compromised machine. That means that other applications - like anti-virus scanners - can easily discern evidence of the backdoor's existence in the Window's registry or deep among the computer's files.

          In contrast, a root kit hooks itself into the operating system's Application Program Interface (API), where it intercepts the system calls that other programs use to perform basic functions, like accessing files on the computer's hard drive. The root kit is the man-in-the-middle, squatting between the operating system and the programs that rely on it, deciding what those programs can see and do.

It uses that position to hide itself. If an application tries to list the contents of a directory containing one of the root kit's files, the malware will censor the filename from the list. It'll do the same thing with the system registry and the process list.

       Despite their increasingly sophisticated design, the current crop of Windows root kits are generally not completely undetectable,because it relies on a device driver, booting in "safe mode" will disable its cloaking mechanism, rendering its files visible.

Intrusion detection system

An intrusion detection system (IDS) monitors network traffic for unwanted attempts at accessing, manipulating, and/or disabling of services.In some cases the IDS may also respond to anomalous or malicious traffic by taking action such as blocking the user or source IP address from accessing the network.


There are IDS that detect based on looking for specific signatures of known threats- similar to the way antivirus software typically detects and protects against malware- and there are IDS that detect based on comparing traffic patterns against a baseline and looking for anomalies.
Host Intrusion Detection Systems are run on individual hosts or devices on the network. A HIDS monitors the inbound and outbound packets from the device only and will alert the user or administrator of suspicious activity is detected.A signature based IDS will monitor packets on the network and compare them against a database of signatures or attributes from known malicious threats. This is similar to the way most antivirus software detects malware. The issue is that there will be a lag between a new threat being discovered in the wild and the signature for detecting that threat being applied to your IDS. During that lag time your IDS would be unable to detect the new threat.

Wireless IDSs can be purchased through a vendor or developed in-house. There are currently only a handful of vendors who offer a wireless IDS solution - but the products are effective and have an extensive feature set.A wireless IDS can be centralized or decentralized. A centralized wireless IDS is usually a combination of individual sensors which collect and forward all data to a central management system, where the wireless IDS data is stored and processed. Decentralized wireless intrusion detection usually includes one or more devices that perform both the data gathering and processing/reporting functions of the IDS. The decentralized method is best suited for smaller WLANs due to cost and management issues. The cost of sensors with data processing capability can become prohibitive when many sensors are required. Also, management of multiple processing/reporting sensors can be more time intensive than in a centralized model.

OSSTMM

The Open Source Security Testing Methodology Manual (OSSTMM) is a peer-reviewed methodology for performing security tests and metrics.The OSSTMM is a great resource for systems administrators who want to evaluate the security of a wide range of systems in an ordered and detailed way.It is a guide for evaluating how secure systems are. It contains detailed instructions on how to test systems in a methodological way, and how to evaluate and report on the results.


The OSSTMM consists of six section :-

* Information Security
* Process Security
* Internet Technology Security
* Communications Security
* Wireless Security
* Physical Security

An OSSTMM audit is an accurate measurement of security at an operational level, void of assumptions and anecdotal evidence. A proper methodology makes for a valid security measurement which is consistent and repeatable. An open methodology means that it is free from political and corporate agendas. An open source methodology allows for free dissemination of information and intellectual property. The OSSTMM is the collective development of a true security test and the computation of factual security metrics.The primary purpose of the OSSTMM is to provide a scientific methodology for the accurate characterization of security through examination and correlation in a consistent and reliable way. This manual is adaptable to most IS audits, penetration tests, ethical hacking, security assessments, vulnerability assessments, red-teaming, blue-teaming, posture assessments, war games, and security audits.

Firewalls

A personal firewall is an application which controls network traffic to and from a computer, permitting or denying communications based on a security policy.A firewall is something, either a piece of hardware or software that is intended to stop people getting their fingers on your property. Similar to a physical device, a firewall ringfences your computer system and in the process protects you from a variety of destructive threats that could cause you to suffer a loss of information, data, or a security breach that could damage your reputation or finances. It's either a hardware device or a software program that filters your internet connection so that your internal private network is kept separate from the outside world, the Internet.

The firewall thinks about packets of information, and these are dealt with individually, and if they're not safe, then they are not allowed through. Firewalls can protect individuals and their personal pc's when they connect to the web, and they can also protect computers within a large organisation or business. The company will have an internal network and the firewall keeps this safe by providing a barrier through which all information has to pass, and if it's not safe, it's stopped, or blocked.
Hackers will probe networks and personal web connections and will try to make a connection, maybe by FTP or telnet, and try to gain control of the machines by using security holes and breaches. These security breaches or exploits can cause a great deal of trouble and this is why it is important to have a firewall, even if it is rudimentary. Spyware, browser hijackers, viruses, Trojan horses, worms, phishing, and spam can all be defeated by firewalls. Firewalls use packet filtering, a proxy service and stateful inspection to control data traffic in to and out of a network. They allow the filtering of IP addresses, domain names and protocols, and differentiate between telnet, snmp, smtp, icmp, udp, ftp, http, tcp and IP data transmissions.


Firewalls can either be software based, or they can be a piece of physical hardware that acts as a gateway.They can protect you from hackers who try to log on to your computer using remote login software, they help to avoid application backdoors, smtp session hijacking, and this is a great way to stop junk email spamming. Operating system bugs, denial of service attacks, email bombs, macros and viruses are all defeated by effective firewall solutions. They also act as a proxy server or part of a dmz or demilitarized zone. A good firewall keeps personal data in and hackers out. Out of the box it makes your PC invisible on the Internet so that hackers can not find it. The programs intelligent intrusion prevention technology blocks suspicious Internet traffic, and easy-to-use privacy controls prevent personal information from being sent out without your knowledge.

Software Patching

A patch is a small piece of software designed to fix problems with or update a computer program or its supporting data.Software patching is an increasingly important aspect of today’s computing environment as the volume, complexity, and number of configurations under which a piece of software runs have grown considerably. Software architects and developers do everything they can to build secure, bug-free software products. To ensure quality, development teams leverage all the tools and techniques at their disposal.

Most software will be used for many years in an ever-changing user environment. This can place new compatibility demands on software and introduce new security vulnerabilities not originally envisioned. Whatever their source, problems can be found in any piece of software and must be addressed with patches.While readers are likely familiar with many of the issues addressed here, my intention is to provide an overview of patching that will help frame one’s thinking when tackling these problems rather than to suggest specific solutions to the problems themselves. The primary focus is on security patches, but the issues discussed are equally applicable to nonsecurity-related defects in any software.
In many cases, security researchers and hackers find vulnerabilities missed during the development cycle, but software vendors find some themselves after the product ships. In the best case, those who find a problem will notify the vendor immediately, before publicly announcing the vulnerability. Other times they do not, however. In some cases they even post exploit code publicly prior to availability of a fix, thereby greatly increasing the risk to users of the affected component.Regardless of the source of the vulnerability, the software vendor has a responsibility to research the issue and, if valid, produce a patch to address the problem and distribute it as widely as possible.Developing a patch requires a thorough understanding of the problem beyond what the finder reported. In some cases, the vulnerability is a simple code flaw that may be easy to fix. In other cases, it may be a much more difficult architectural issue or a problem with how two components interact.

Business Process Outsourcing

BPO is the process of hiring another company to handle business activities for you. It is distinct from information technology (IT) Outsourcing which focuses on hiring a third-party company or service provider to do IT-related activities, such as application management and application development, data center operations, or testing and quality assurance.

In the early days, BPO usually consisted of outsourcing processes such as payroll. Then it grew to include employee benefits management. Now it encompasses a number of functions that are considered "non-core" to the primary business strategy.Now it is common for organizations to outsource financial and administration (F&A) processes, human resources (HR) functions, call center and customer service activities and accounting and payroll.

These outsourcing deals frequently involve multi-year contracts that can run into hundreds of millions of dollars. Often, the people performing the work internally for the client firm are transferred and become employees for the service provider. Dominant outsourcing service providers in the BPO fields (some of which also dominate the IT outsourcing business) include US companies IBM, Accenture, and Hewitt Associates, as well as European and Asian companies Capgemini, Genpact, TCS, Wipro and Infosys.

Also coming into use is the term BTO -- business transformation outsourcing. This refers to the idea of having service providers contribute to the effort of transforming a business into a leaner, more dynamic, agile and flexible operation.

What is Outsourcing?

Outsourcing is contracting with another company or person to do a particular function. Almost every organization outsources in some way.An insurance company, for example, might outsource its janitorial and landscaping operations to firms that specialize in those types of work since they are not related to insurance or strategic to the business. The outside firms that are providing the outsourcing services are third-party providers, or as they are more commonly called, service providers.

Although outsourcing has been around as long as work specialization has existed, in recent history, companies began employing the outsourcing model to carry out narrow functions, such as payroll, billing and data entry. Those processes could be done more efficiently, and therefore more cost-effectively, by other companies with specialized tools and facilities and specially trained personnel.

Currently, outsourcing takes many forms. Organizations still hire service providers to handle distinct business processes, such as benefits management. But some organizations outsource whole operations. The most common forms are information technology outsourcing (ITO) and business process outsourcing (BPO).

Business process outsourcing encompasses call center outsourcing, human resources outsourcing (HRO), finance and accounting outsourcing, and claims processing outsourcing. These outsourcing deals involve multi-year contracts that can run into hundreds of millions of dollars.