A computer system may contain many components (e.g., individual computers) that are interconnected by an internal network. The computer system may be subject to attack from internal and external sources. For example, the computer system may be attacked when portable media (e.g., a USB drive) is used with one or more components of the computer system. In another example, the computer system may be attacked when a connection is made (by one or more components) to an external communication device, such as when an individual computer of the computer system uses a modem to connect to an information service provider (ISP). In another example, if the computer system has a permanent connection to the Internet it is vulnerable to attack from that connection. In another example, the computer system may be attacked through a permanent connection to an internal network (LAN) connected to the Internet. Such attacks may be intended to cripple the targeted computer system either temporarily or permanently, or may instead settle to acquire confidential information, or both. One type of attack may be in the form of a virus: a parasite that travels though network connections (particularly the Internet) and attempts to discover and map encountered computer systems. The parasite may not initially be destructive; in such event it remains undetected since current passive virus detection systems only detect destructive attacks. The parasite may therefore gather critical system information that is sent back to the attacking organization, often as data blended with a normal data stream.
Over time, the parasite's actions allow the attacking organization to build a map of targeted computer systems. Once the map has sufficient information, the attacking organization may launch a more destructive parasite that attacks one or more specific target computer systems at specified times, producing chaos and havoc in the targeted computer systems by generating bad data and possibly shutting down the targeted computer systems.
In another form of attack, an attacker may attempt to gain unauthorized access to a computer system. For example, an attacker may repeatedly attempt to gain access to an individual computer of the computer system by iteratively attempting account and password combinations. In another type of attack, an authorized person may maliciously attempt to corrupt the computer system.
Current protection software only recognizes known parasites, and is therefore ineffective against a new parasite attack until that new parasite is known to the current protection software. Current protection software also operates to detect an attack by monitoring the system for damage; this detection thus occurs after damage is inflicted. Although current protection software may detect certain malicious parasites, computer systems are still vulnerable to mapping parasite attack and other types of attack.
A computer system that includes a wireless network may be considered more vulnerable to attack because of the wireless nature of the wireless network. Often, a wireless network extends beyond its required operational area, and thus an attacker may have more opportunity to attack the wireless network. Thus, the wireless network is often configured with a key known only by devices authorized to use the wireless network. Where a computer system includes wireless networking (WiFi), set-up and deployment of wireless devices (e.g., WiFi enabled computers and PDA's) is often an arduous and time consuming (i.e., expensive) task. Typically, each wireless device requiring access to the wireless network must be loaded with the wireless network key and/or knowledge of the wireless network's WiFi NIC MAC address. Such information is manually entered into the wireless access point system, and then replicated to all access points within the wireless network to provide full and secure roaming coverage for the wireless devices within wireless network area (i.e., within range of the wireless network).
A computer network system contains many components (e.g., individual computers) that are interconnected by an internal network. The computer system may be subject to attack from internal and external sources. For example, viral infections, or more insidious information theft attacks from spyware or Bots.
Such attacks may be intended to cripple the targeted computer system either temporarily or permanently, or may instead settle to acquire confidential information, or both. One type of attack may be in the form of a virus: a Bot that travels though network connections (particularly the Internet) and attempts to discover and map encountered computer systems. The Bot may not be destructive; in such event it remains undetected since current passive virus detection systems only detect know signatures and IDS systems only detect signatures of possibly destructive attacks. The Bot may therefore gather critical system information that is sent back to the attacking organization, often as data blended with a normal data stream.