User guide

ManualsBrandsKaspersky Lab ManualsSoftwareSmall Office Security, 5U, 1Y, Base

131

132

133

134

135

136

137

138

139

140

U S E R G U I D E

132

Intrusion attacks, which aim to take over your computer. This is the most dangerous type of attack, because if it

is successful, the hacker takes total control of your system.

Hackers use this attack to obtain confidential information from a remote computer (for example, credit card

numbers, passwords), or to penetrate the system to use its computing resources for malicious purposes later

(e.g., to use the invaded system in a zombie network, or as a platform for new attacks).

This group is the largest in number of attacks included. They may be divided into three groups depending on the

operating system installed on the user's computer: Microsoft Windows attacks, Unix attacks, and the common

group for network services available in both operating systems.

The following types of attacks are the most common among those using the network resources of operating

systems:

Buffer overflow attacks. Buffer overflow may be caused by lack (or insufficiency) of control when working

with data arrays. This is one of the oldest vulnerability types and the easiest for hackers to exploit.

Format string attacks. Format string errors arise from insufficient control of input values for I/O functions,

such as printf(), fprintf(), scanf(), and others, from the standard C library. If an application has this

vulnerability, the hacker is able to send queries created with a special technique and can take total control

of the system.

Intrusion Detection System automatically analyzes and prevents attempts to exploit these vulnerabilities in

the most common network services (FTP, POP3, IMAP) if they are running on the user’s computer.

Attacks aimed at computers with Microsoft Windows are based on the use of vulnerabilities of the software

installed on a computer (such as Microsoft SQL Server, Microsoft Internet Explorer, Messenger, and

system components available via the network – DCom, SMB, Wins, LSASS, IIS5).

In addition, the use of various malicious scripts, including scripts processed by Microsoft Internet Explorer and

Helkern-type worms, can be classified as isolated incidents of intrusion attacks. The essence of this attack type

consists of sending a special type of UDP packets to a remote computer that can execute malicious code.

ENABLING AND DISABLING NETWORK ATTACK BLOCKER

By default, Network Attack Blocker is enabled, functioning in optimum mode. You can disable Network Attack Blocker, if

necessary.

To enable or disable the Network Attack Blocker:

1. Open the main application window.

2. In the top part of the window, click the Settings link.

3. In the left part of the window, in the Protection Center section, select the Network Attack Blocker component.

4. In the right part of the window, uncheck the Enable Network Attack Blocker box if you need to disable this

component. Check this box if you need to enable the component.

EDITING THE BLOCKAGE SETTINGS

By default, Network Attack Blocker blocks the activity of a computer making an attack for one hour. You can cancel

blockage of the selected computer or change the time of blockage.

To modify the time for which the computer making an attack will be blocked: