|
Spyware
and phishing are two threats that will not be backing
down anytime soon with the internet's growing importance
in our lives.
They operate by gathering
personal or confidential information, sometimes without
the knowledge of the internet user.
HIGHLIGHTS OF NETASQ
SOLUTIONS
 |
Antispyware |
| |
Spyware
(spy software) gathers information about the
workstation on which it is installed and sends
it to a third party.
This type of program operates continuously,
without the user necessarily being aware of
it. Spyware is often installed along with
other free software. The author of a software
program that hosts a spyware program may sometimes
receive a commission from the spyware publisher.
Certain websites may also use alluring pages
(offering video or animations, for example)
to trick users into executing installation
scripts that download and install spyware
through the browser.
The information obtained may then be used
to form a targeted advertisement, in the user's
language. If a credit card number is obtained,
the consequences would be far less benign.
NETASQ now provides protection from these
spy software programs through its intrusion
prevention engine, ASQ.
When spyware, which NETASQ classifies in a
broader category called "Malware"
(which comprises all harmful software) is
detected, the administrator will be notified
and can then proceed to clean the infected
workstation using some of the many software
antidotes available on the market.
What's more, to ensure an optimum level of
security, the list of spyware programs is
regularly and automatically updated thanks
to automatic update features on NETASQ appliances. |
|
Antiphishing |
| |
Internet hackers
have not invented anything new in the art
of swindling.
Among the techniques that they have adapted,
one of most effective must surely be social
engineering. This technique involves usurping
the identity of a "trusted" person
for the purpose of obtaining personal and/or
confidential information from a target (such
as a password).
Although administrator and user awareness
on the subject tends to keep the occurrence
of this problem at a minimum, the most sophisticated
forms of social engineering persist and
always cause as much damage. Phishing is
an example of social engineering.
The aim of this technique is to obtain confidential
information through a phone call. It has
been adapted to the internet and in most
cases, is presented in the form of e-mails
from large banks, for example, and asks
the user to enter his password in order
to update his particulars or even to benefit
from a promotion. If the user replies, without
knowing it, he will be sending this
information to the hacker, who will now
have full access to his victim's account.
Even if the best protection is to not click
on the link or attempt to reach the site
in question by typing the URL, it is not
easy educating all users in a company to
be wary of such attacks.
NETASQ protects users from antiphishing
attacks by combining antispam with contextual
signatures and web filters. The antispam
analysis identifies this type of message
and the cover-up techniques that the hackers
use. As for websites that take on the identitiy
of a known site, they will be referenced
in a URL filter database, thus preventing
the user from accessing them.
|
|
|
| |
|
|
