In this lesson, we’ll define Botnet, look at what they are, see how to detect their presence, and identify what you can do to secure your system against them.
The Darker Side of the Internet
The Internet has many facets. It connects various people around the world, it provides information on any topic you can imagine, and it even entertains to a certain degree. Some would say it gives life. For others, the exact opposite is true. That’s because like many things, the Internet is a double-edged sword. It has a darker side, one with malicious intent. For the most part, it simply wants to inundate you with advertising, or swamp you with information about things you don’t need. But it can be more significant, resulting in downtime, or even information loss. One way this can happen is through a Botnet.
What is a Botnet?
A Botnet is a collection of networked computers that reside on the Internet. In most cases, the computers belong to private individuals that are unaware their computers have been hijacked for this purpose. These computers silently send spam, viruses, and malicious information, to other Internet computers. All based on the instructions they receive from those controlling the botnet. Effects range from the annoying clutter you receive in your email inbox, information that is ransomed for money, to random system failures. According to security specialists like Symantec, Norton, and Kaspersky Labs, Botnets represent the most significant threat to the Internet.
How Do You Detect a Botnet?
Botnets work silently, behind the scenes, so their presence may not initially be noticed. But there are telltale signs if you know where to look. Those places include:
- Linking to Servers: Botnets require command and control, so repeated connections to unknown servers are an indication that something is wrong.
- Internet Relay Chat (IRC) Traffic: Botnets need to communicate, IRC traffic through a range of ports is also an indication of a problem.
- Identical Domain Name System (DNS) Requests: Similar to IRC, unknown DNS lookups can be an indication that something is wrong.
- Simple Mail Transfer Protocol (SMTP) Traffic: Like IRC and DNS, unknown SMTP traffic in the form of email can indicate that there is a problem.
- Reduced Network Performance: Increased IRC, DNS, and/or SMTP traffic will clog up your network and reduce overall performance.
- Reduced Workstation Performance: Increased activity in any/all of the ways mentioned above will increase the processing requirements on your workstation and decrease performance.
How Do You Secure Against a Botnet?
Most systems available today, contain enough protection mechanisms to ensure Botnets aren’t a threat. But there are still two weaknesses that must be addressed:
- Incorrect Configuration- system software includes protection these days, but you have to turn it on.
- User Mistakes – the weakest part of any system is the user. Be careful what you do with your computer, particularly when online.
To that end, there are a few things you can do to ensure the best protection:
Install security software – base-level system protection is good, but it doesn’t hurt to install more. Products from BitDefender, Symantec, or Norton are good choices for added protection.
Turn on automatic software updates – patches are constantly released to address issues like those created by Botnets. Install them automatically when available to ensure the best protection.
Increase browser security settings – there are many malicious websites out there that try to infect your computer. Increased browser settings will help to address this.
Limit user access rights- Ensure that users (guests) on your system can only access what you want them to by setting the access rights accordingly.
Don’t click email attachments – viruses and other malicious entities are often embedded in email attachments. Don’t click them unless you know the source to be reputable.
To recap, a Botnet is a set of Internet computers that have been highjacked for the purpose of spreading spam, viruses, and malicious information, to other Internet computers. Signs of Botnet activity include:
- Linking to servers
- IRC traffic
- Identical DNS requests
- SMTP traffic
- Reduced network performance
- Reduced workstation performance
Although most systems are protected against Botnets, there are still two weaknesses: incorrect configuration and user mistakes. The best protection can be ensured by the following:
- Install security software
- Turn on automatic software updates
- Increase browser security settings
- Limit user access rights
- Don’t click email attachments