Don't miss our upcoming Network Computing virtual event on Connectivity Solutions - Secure Your Complementary Seat Now!
One critical aspect of system building is staying on top of the latest security threats. Another is having the best detection tools available to keep those threats at bay. The last thing you need is to deliver an infected Windows system to a customer—or to become susceptible yourself to some new form of highly undetectable, "stealth," malware.
One of the newest threats in the wild—what security mavens mean by "loose on the net"—is called a "rootkit," or RK for short. While a rootkit by itself causes no damage, it attempts to hide the presence of other malware, such as key-logging Trojans, viruses, and worms.
A rootkit differs from a virus in that it doesn’t seek to reproduce itself. Still, some modern viruses incorporate rootkits into their code libraries, very often to take advantage of a rootkit’s ability to remain hidden and elude detection. Also, rootkits borrow a page from typical virus behavior, in that they may seek to avoid detection by taking over for one or more specific system component files—in essence, adding their own agenda to whatever purpose the original files they replace may have served.
Rootkits often include components to open back doors on systems. Often they do so by incorporating stealthy remote access software that opens a system to unwanted, uninvited outside operations, much as many pieces of spyware do. But here's another way that rootkits differ from most spyware and viruses: They hide everything that might reveal their presence and activity on a system, including logins, processes, files, and logs. So little or no evidence of a rootkit's presence is ever available.
Also, rootkits can insinuate themselves into an operating system’s core components, so they run as part of the kernel with the same unlimited rights and privileges typically granted to such code. Though many rootkits also often include user mode components (necessary for any kind of user interaction or information display), it’s their kernel capabilities combined with their profound stealth that makes them such a nasty species of malware.
What skills do network managers really need to properly secure industrial networks? What new protocols, frameworks, and regulations are important? And what conferences and certifications can help? Here are five tips to get started.
A full-stack approach to retail edge offers retailers a way to optimize operations and adapt to changes in a post-pandemic world.
Network management tool sprawl is getting in the way of network management. It’s time for IT to do something about it.
