How to analyze and protect your internet network?

The proliferation of connected devices necessarily implies great vigilance with regard to network attacks. In the age of IOT, protecting your connection is becoming a necessity, which modern security suites offer. Let’s see together how an antivirus protects you even beyond the computer on which it is installed.

Traffic monitoring on the lookout for anomalies

Malware did not wait for the era of connected objects to spread via the network. One of the first known worms, Morris, was already transmitted in 1988 on ARPANET, the ancestor of the Internet.

Since then, countless “legendary” malware have used the network to reproduce, but also to commit their misdeeds. Botnets have wreaked havoc in recent years, turning infected computers into conduits for spreading spam or denial of service attacks.

A security solution – even a free antivirus – can act against this type of threat by monitoring the system: this is called behavioral analysis. The security suite monitors different areas of the OS in order to detect suspicious actions: abnormal access to a folder, file modification, unknown process, etc.

Network scanning does similar work, but on the traffic of the machine where the security software is installed. The module will thus scan the packets that pass through your network. As with files, detecting suspicious traffic can simply involve known information, such as IP addresses known to be malicious. In this case, if an application tries to connect to a suspicious address, just like if you try to connect to a fraudulent site through your web browser, the action is interrupted.

Machine learning to identify unknown risks

Again, this works if the address is already listed in the security suite database. Otherwise, network protection can also attempt to recognize suspicious behaviors, because they exhibit characteristics that put the scanning engine on alert. For example, it is possible to detect a sequence of actions that resembles a DDOS attack.

The most advanced network analysis techniques exploit machine learning. This solution, particularly integrated into box-type security solutions, will spend a certain amount of time observing traffic over time and refining its learning via neural networks, in the same way as facial recognition software. After this phase, the analysis can thus detect behaviors that go beyond the scope of this learning in order to block them.

Connected objects: beyond the PC

Network analysis is an essential component of modern protection for an obvious reason: our environment today extends far beyond the scope of a single PC, a laptop or even two or three mobile devices. Surveillance cameras, smart bulbs and other objects and sensors are almost always connected to the Internet.

The multiplication of the offer in this area at often advantageous prices can encourage us to buy a number of devices whose level of security we do not necessarily know. Many inexpensive surveillance cameras use firmware with a fairly low level of security. And there, no antivirus installed on the system to protect them. Hence the importance of having a solution that analyzes network traffic and which will be able, for example, to block the connection of an IP camera to a suspicious server.

These attacks are not a fantasy: the Mirai malware used this vector of connected objects to install itself and use their firmware to launch spam or DDOS attacks. Discovered in 2016, Mirai exploits a flaw that seems absurd in its simplicity. It connects to infected devices using a database of more than 60 common factory admin/password combinations, banking on the unfortunately still high probability that users have not changed them. Mirai’s success also depends on the fact that a compromised IP camera is almost invisible. It continues to function normally, and does not show clear signs of slowdown like a PC can.