Page119

Antivirus Software

Antivirus software is designed to prevent and detect malware infections. Signature-based antivirus uses static signatures of known malware. Heuristic-based antivirus uses anomaly-based detection to attempt to identify behavioral characteristics of malware, such as altering the boot sector.

Server-Side Attacks

Server-side attacks (also called service-side attacks) are launched directly from an attacker (the client) to a listening service. The attack is shown in Fig. 4.20, where evil.example.com launches an attack on bank.example.com, listening on TCP port 445.

Patching, system hardening, firewalls, and other forms of defense-in-depth mitigate server-side attacks. Organizations should not allow direct access to server ports from untrusted networks such as the Internet, unless the systems are hardened and placed on DMZ networks, which we will discuss in Chapter 5, Domain 4: Communication and Network Security.

Note:
Server-side attacks exploit vulnerabilities in installed services. This is not exclusively a “server” problem (like a file server running the Windows 2022 operating system): desktops and laptops running operating systems such as Ubuntu Linux 22.04 and Windows 11 also run services and may be vulnerable to server-side attacks. Some prefer the term “service-side attack” to make this distinction clear, but the exam uses the term “server-side.”