Presentation is loading. Please wait.

Presentation is loading. Please wait.

Definition : Computer Virus A computer program with the characteristic feature of being able to generate copies of itself, and thereby spread. Additionally.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Definition : Computer Virus A computer program with the characteristic feature of being able to generate copies of itself, and thereby spread. Additionally."— Presentation transcript:

1 Definition : Computer Virus A computer program with the characteristic feature of being able to generate copies of itself, and thereby spread. Additionally most computer viruses have a destructive payload that is activated under certain conditions. Example: The Chernobyl virus overwrites the beginning of the hard disk on certain dates.

2 large amount of ICMP echo (ping) traffic is sent at IP broadcast addresses (all having a spoofed source address of a victim) If the routing device delivering traffic to those broadcast addresses performs the IP broadcast to layer 2 broadcast function, most hosts on that IP network will take the ICMP echo request and reply to it with an echo reply each This will multiply the traffic by the number of hosts responding. Smurf Attack (D-O-S)

3 On a multi-access broadcast network, there could potentially be hundreds of machines to reply to each packet. Example : –Assume a co-location switched network with 100 hosts, and the attacker has a T1. –The attacker sends, say, a 768kb/s stream ofICMP echo (ping) packets, with a spoofed source address of the victim, to the broadcast address of the "bounce site".

4 –These ping packets hit the bounce site's broadcast network of 100 hosts; each of them takes the packet and responds to it, creating 100 ping replies out-bound. –If you multiply the bandwidth, you'll see that 76.8 Mbps is used outbound from the "bouncesite" after the traffic is multiplied.

5 Firewall A firewall is simply a program or hardware device that filters the information coming through the Internet connection into your private network or computer system. network computer system If an incoming packet of information is flagged by the filters, it is not allowed through.

6 Example: –Let’s say a company has 500 computers connected to the Internet using T1 or T3 connection. –Every computer is ‘visible’ on the Internet. –A person outside with the right knowledge maybe able to access these computers using FTP, Telnet or other security loop holes left by an employee. –With firewall security rules can be implemented: example only one computer allowed to receive public FTP

7 Three types of firewalls: Network layer: make their decisions based on the source, destination addresses and ports in individual IP packets. Network layer firewalls tend to be very fast and tend to be very transparent to users. Application layer: typically are hosts running proxy servers, which permit no traffic directly between networks, and which perform elaborate logging and auditing of traffic passing through them. Application layer firewalls tend to provide more detailed audit reports and tend to enforce more conservative security models than network layer firewalls. Hybrids: most firewalls fall into the ``hybrid'' category, which do network filtering as well as some amount of application inspection. The amount changes depending on the vendor, product, protocol and version, so some level of digging and/or testing is often necessary.

8 Firewalls use one or more of three methods to control traffic flowing in and out of the network: –Packet filtering - Packets (small chunks of data) are analyzed against a set of filters. Packets that make it through the filters are sent to the requesting system and all others are discarded. –Proxy service - Information from the Internet is retrieved by the firewall and then sent to the requesting system and vice versa. –Stateful inspection - A newer method that doesn't examine the contents of each packet but instead compares certain key parts of the packet to a database of trusted information. Information traveling from inside the firewall to the outside is monitored for specific defining characteristics, then incoming information is compared to these characteristics. If the comparison yields a reasonable match, the information is allowed through. Otherwise it is discarded.

9 Cookies are pieces of information generated by a Web server and stored in the user's computer, ready for future access. are embedded in the HTML information flowing back and forth between the user's computer and the servers. –Cookies were implemented to allow user-side customization of Web information. For example, cookies are used to personalize Web search engines, to allow users to participate in WWW-wide contests (but only once!), and to store shopping lists of items a user has selected while browsing through a virtual shopping mall.

10 Essentially, cookies make use of user- specific information transmitted by the Web server onto the user's computer so that the information might be available for later access by itself or other servers. In most cases, not only does the storage of personal information into a cookie go unnoticed, so does access to it. Web servers automatically gain access to relevant cookies whenever the user establishes a connection to them, usually in the form of Web requests. Now go to: http://www.quirksmode.org/js/cookies.html http://www.quirksmode.org/js/cookies.html And try the cookie program!

11 User-server state: cookies Many major Web sites use cookies Four components: 1) cookie header line of HTTP response message 2) cookie header line in HTTP request message 3) cookie file kept on user’s host, managed by user’s browser 4) back-end database at Web site Example: –Susan access Internet always from same PC –She visits a specific e- commerce site for first time –When initial HTTP requests arrives at site, site creates a unique ID and creates an entry in backend database for ID

12 Cookies: keeping “state” (cont.) client server usual http request msg usual http response + Set-cookie: 1678 usual http request msg cookie: 1678 usual http response msg usual http request msg cookie: 1678 usual http response msg cookie- specific action cookie- spectific action server creates ID 1678 for user entry in backend database access Cookie file amazon: 1678 ebay: 8734 Cookie file ebay: 8734 Cookie file amazon: 1678 ebay: 8734 one week later:

13 Cookies (continued) What cookies can bring: authorization shopping carts recommendations user session state (Web e- mail) Cookies and privacy: cookies permit sites to learn a lot about you you may supply name and e-mail to sites aside How to keep “state”: Protocol endpoints: maintain state at sender/receiver over multiple transactions cookies: http messages carry state

14 Source: –http://www.ibas.com/about/dictionaryhttp://www.ibas.com/about/dictionary –http://www.pentics.net/denial-of-service/white-papers/smurf.cgihttp://www.pentics.net/denial-of-service/white-papers/smurf.cgi –http://computer.howstuffworks.com/firewall1.htmhttp://computer.howstuffworks.com/firewall1.htm –www.v-com.com/support/sup_glossary.htmlwww.v-com.com/support/sup_glossary.html –http://www.cookiecentral.com/c_concept.htmhttp://www.cookiecentral.com/c_concept.htm –http://www.quirksmode.org/http://www.quirksmode.org/

Download ppt "Definition : Computer Virus A computer program with the characteristic feature of being able to generate copies of itself, and thereby spread. Additionally."

Similar presentations

Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
HTTP Cookies. CPSC 441 - Application Layer 2 User-server state: cookies Many major Web sites use cookies Four components: 1) cookie header line of HTTP.

HTTP Cookies. CPSC Application Layer 2 User-server state: cookies Many major Web sites use cookies Four components: 1) cookie header line of HTTP.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Winter 20021 CMPE 155 Week 7. Winter 20022 Assignment 6: Firewalls What is a firewall? –Security at the network level. Wide-area network access makes.

Winter CMPE 155 Week 7. Winter Assignment 6: Firewalls What is a firewall? –Security at the network level. Wide-area network access makes.
Firewall Lalitha Jammalamadaka. Agenda 1. Introduction 2.Types of firewalls 3.How a software firewall works 4.Methods to control traffic 5.Making the.

Firewall Lalitha Jammalamadaka. Agenda 1. Introduction 2.Types of firewalls 3.How a software firewall works 4.Methods to control traffic 5.Making the.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
HyperText Transfer Protocol (HTTP)

HyperText Transfer Protocol (HTTP)
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Application Layer  We will learn about protocols by examining popular application-level protocols  HTTP  FTP  SMTP / POP3 / IMAP  Focus on client-server.

Application Layer  We will learn about protocols by examining popular application-level protocols  HTTP  FTP  SMTP / POP3 / IMAP  Focus on client-server.
Security (Part 2) School of Business Eastern Illinois University © Abdou Illia, Spring 2007 (Week 13, Thursday 4/5/2007)

Security (Part 2) School of Business Eastern Illinois University © Abdou Illia, Spring 2007 (Week 13, Thursday 4/5/2007)
Chapter 2: Application Layer

Chapter 2: Application Layer
HyperText Transfer Protocol (HTTP) Computer Networks Computer Networks Spring 2012 Spring 2012.

HyperText Transfer Protocol (HTTP) Computer Networks Computer Networks Spring 2012 Spring 2012.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Application Layer  We will learn about protocols by examining popular application-level protocols  HTTP  FTP  SMTP / POP3 / IMAP  Focus on client-server.

Application Layer  We will learn about protocols by examining popular application-level protocols  HTTP  FTP  SMTP / POP3 / IMAP  Focus on client-server.
2/9/2004 Web and HTTP February 9, 2004. 2/9/2004 Assignments Due – Reading and Warmup Work on Message of the Day.

2/9/2004 Web and HTTP February 9, /9/2004 Assignments Due – Reading and Warmup Work on Message of the Day.
Firewall and Proxy Server Director: Dr. Mort Anvari Name: Anan Chen Date: Summer 2000.

Firewall and Proxy Server Director: Dr. Mort Anvari Name: Anan Chen Date: Summer 2000.

Similar presentations

Ads by Google