In order to avoid computer attacks, or at least limit their consequences, countermeasures must be taken: calculators and networks need protection. The only hacker-proof computer is the one which is switched off, not connected to Internet and locked up in a safe. But that is not enough; it is safe as long as it is switched off, but as soon as you switch it on again it is vulnerable and can be attacked during the installation of any updates to the operating system or while it is downloading details of the "signatures" of new viruses or worms which have appeared on Internet while it was switched off. Although these operations take only a short time, a few minutes at most, the chance of being subjected to intrusion through the network in this lapse of time must be taken seriously, and in some particularly "dirty" networks it is almost a certainty. Absolute safety is not possible, as in any environment, but tools have been developed to limit the risks and allow an appropriate level of security to be maintained.

Above all, it is very important to continuously update both the operating system and the application programmes by installing special programmes ("updates"), especially those relating to security. By doing this, you protect your computer from the weaknesses which are identified and which will sooner or later be exploited by some attacking mechanism computers must be cared for properly; the owner must know exactly what he is doing in order to reduce to the minimum the risk of having "doors" open to possible interference. You should not use obvious passwords (those which can be easily guessed) and it is advisable to limit as much as possible the use of any services which a computer  offers its users (e.g. web server, daemon for various functions, shared disk partitions available to anonymous users, etc).

 

 

 

 

 

As far as viruses are concerned, it is a good idea to use "antivirus" programmes that can identify and often remove (or at least render inoffensive) the large majority of viruses circulating on-line. To do this, however, special tables containing the "digital fingerprints" of the viruses themselves must be updated very frequently, so they can be identified. Apart from protecting individual computers, you can also protect entire networks of computers using other more sophisticated instruments based on the control of the traffic  packets entering the local network, such as "firewall" and mechanisms to detect intrusions ("Intrusion Detection/Prevention Systems". Firewalls are protection systems that include both software applications and hardware modules, i.e. network devices. Their job is to control and limit the flow of packets between the network which you want to protect (typically a private local network ( LAN) often called intranet, and the rest of the world, considered hostile. From a security point of view, Internet is considered as an absolutely insecure and unknown virtual place.

Located at the point of contact between Internet and the network of a specific organisation, the firewall filters the traffic and prevents access to packets considered as dangerous on the base of certain security rules; it can also check (and therefore allow through or block) the type of connections established between computers which communicate between the inside and the outside of the firewall itself (as with, for example, "telnet"remote connections). There are also simpler firewalls ("personal firewalls") that are used to protect one single calculator.

However, firewalls cannot solve the problem of "insiders", i.e. attacks by those working within the local network of an organisation.  In fact, internal hackers do not need to cross the "safety-zone" created by the firewall.  Intrusion detection systems are used especially for this purpose, as well as for identifying attacks from outside. They can be considered to be almost complementary to the firewalls. These systems (IDS) highlight activities suspected to be intrusions, or an unusual use of the network, and even though they cannot directly stop an attack they can activate alarms in real time.  The IDS can act either at a network-based level or on a single computer (host-based), and they detect specific and known attack techniques.  In the first case, sensors intercept and analyse the packets going through the LAN and they can identify attacks of Denial of  Service or attacks with particular destructive loads (payload). In the host-based case, the activity of specific computers is analysed by examining particular system files (log, audit). It is therefore possible to keep a check on specific activities such as the sequence of logons/logoffs, attempts to modify reserved operating system, and the use of particular programmes.