Summary

Most malicious attacks can be classified into four categories: Automated, Dedicated Attacker, Remote, or Local Execution. A key point of this book and the success of your network defense depend on you understanding that the most common threats come from automated malware, where security-by-obscurity has value as part of a computer defense plan. Automated malware includes viruses, worms, trojans, and hybrid, blended programs. Remote attacks include buffer overflows, denial-of-service, obscurity, and sniffing attacks. Other attack types, such as social engineering, spam, and insider attacks also deserve consideration. There are more than 100,000 different malware programs and they can hide in more than a hundred different places in Windows. Chapter 1 ended with a comprehensive listing of where malware can hide. The details it provides will lead to the defenses covered in the forthcoming chapters.

Now that we understand what threats we are up against, we can begin to concentrate on the defenses. Chapter 2, "Conventional and Unconventional Defenses," summarizes the overall steps of a successful computer security defense plan. Conventional defenses, such as patch management and antivirus protection, will be discussed along with unconventional but efficient defenses not covered elsewhere.