To block any kind of threat, we need to understand a particular threat right from its source, its transmission mechanisms, and the techniques used by it. This book has so far covered all aspects of ransomware. We started the book with an introduction to ransomware. We saw that ransomware inherits a lot of techniques from malware. Detecting and blocking the distribution mechanism can also be a strategic method to stop a threat. We have explained the techniques used by ransomware in Chapter 5, The Ransomware Economics. In this chapter, we will explain some basics of detection technologies to create an awareness about why these technologies are important. Also, network administrators should have some basic knowledge of features provided by security software. I can help them to choose the right security devices. Sometimes start-ups or smaller organizations cannot afford to spend on security. In that case, they can learn to configure free and open source security software. The motive behind explaining this technology is to provide a basic guide to people who are keen to know about it. It will involve some technical stuff, which we will try to explain in a simplified manner. We will also talk about some research going on in the field of security to stop ransomware.
Organizations use a lot of computational devices. There are desktops, servers, routers, switches, and so on. The routers and switches can separate a computer within the network from outside. Firewalls and intrusion detection systems (IDSes) can be installed on switches and routers. They can monitor the traffic going in and out of the network. They can also be installed in other places, such as in front of the servers. Antivirus software and host intrusion prevention systems (HIPSes) can be installed on desktops or end users. We can also use the term endpoints for the security software installed on the host or desktop. A home user usually has an endpoint of the HIPS installed on their system. The following is a diagram of a corporate network:
We will get into the details of antivirus, IPSes, firewalls, and sandboxes in this chapter. This will be a guide for security enthusiasts.