Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Security Fundamentals by Chuck Easttom Chapter 9: Computer Security Software.

Published byHarriet Marshall Modified over 8 years ago

Similar presentations

Presentation on theme: "Computer Security Fundamentals by Chuck Easttom Chapter 9: Computer Security Software."— Presentation transcript:

1 Computer Security Fundamentals by Chuck Easttom Chapter 9: Computer Security Software

2 © 2012 Pearson, Inc. Chapter 9 Computer Security Software 2 Chapter 9 Objectives Evaluate the effectiveness of a scanner based on how it works Choose the best type of firewall for a given organization Understand antispyware Employ intrusion-detection systems to detect problems on your system

3 © 2012 Pearson, Inc. Chapter 9 Computer Security Software 3 Introduction Preceding chapters have described computer crime and computer security. Now, look at the technical details:  Various security devices and software

4 © 2012 Pearson, Inc. Chapter 9 Computer Security Software 4 Virus Scanners Purpose: to prevent a virus from infecting the system Searches for the signature of a known virus Scanners work in two ways:  Signature matching  Behavior matching

5 © 2012 Pearson, Inc. Chapter 9 Computer Security Software 5 Virus Scanners (cont.)  Signature matching List of all known virus definitions Kept in a small.dat file Updating consists of replacing this file AV scans host, network, and incoming e- mails for a match

6 © 2012 Pearson, Inc. Chapter 9 Computer Security Software 6 Virus Scanners (cont.)  Behavior matching: Attempts to write to the boot sector Change system files Automate e-mail software Self-multiply  These are typical virus behaviors.

7 © 2012 Pearson, Inc. Chapter 9 Computer Security Software 7 Virus Scanners (cont.) Ongoing virus scanners:  Run constantly in the background On-demand virus scanners:  Run only when you launch them Modern AV scanners offer both options.

8 © 2012 Pearson, Inc. Chapter 9 Computer Security Software 8 Virus-Scanning Techniques E-mail and attachment scanning  Examine e-mail on the server, OR.  Scan the host computer before passing to the e-mail program. Download scanning  Scan downloaded files.

9 © 2012 Pearson, Inc. Chapter 9 Computer Security Software 9 Virus-Scanning Techniques (cont.) File scanning  Files on the host computer are checked periodically. Heuristic scanning  Most advanced form of virus scanning  Uses rules to determine if behavior is virus-like  Best way to find an unknown virus  Some false positives

10 © 2012 Pearson, Inc. Chapter 9 Computer Security Software 10 Virus-Scanning Techniques (cont.)  Active code scanning Java applets and ActiveX Visual effects Can be vehicles for malicious code Must be scanned

11 © 2012 Pearson, Inc. Chapter 9 Computer Security Software 11 Commercial Antivirus Software www.grisoft.com  Commercial product  Also freeware for home use McAfee Norton  Popular commercial products

12 © 2012 Pearson, Inc. Chapter 9 Computer Security Software 12 Firewalls A barrier between your network and the outside world Filters packets based on  Size  Source IP  Protocol  Destination port

13 © 2012 Pearson, Inc. Chapter 9 Computer Security Software 13 Firewalls (cont.) Need dedicated firewall between trusted network and untrusted network. Cisco is well known for its routers and firewalls. Firewalls can be hardware or software.

14 © 2012 Pearson, Inc. Chapter 9 Computer Security Software 14 Firewall Types and Components There are several types of firewalls:  Screening firewalls  Application gateway  Circuit-level gateway

15 © 2012 Pearson, Inc. Chapter 9 Computer Security Software 15 Firewall Types and Components (cont.)  Screening firewalls Most basic type Packet filters Examines packets and will either permit or deny based on a set of rules Cannot examine for state May be a bastion host, with limited services

16 © 2012 Pearson, Inc. Chapter 9 Computer Security Software 16 Firewall Types and Components (cont.) Application gateway or proxy  When a client requests a service outside the local network, it negotiates a connection first with the proxy;  The proxy then negotiates the connection with the outside server;  The server thinks it is delivering to the client, when the proxy is actually masquerading as the client to protect the client;

17 © 2012 Pearson, Inc. Chapter 9 Computer Security Software 17 Firewall Types and Components (cont.)  Circuit-level gateway Similar to a proxy, but more secure. No processing or filtering of protocols. The virtual “circuit” exists after user authentication takes place. Not appropriate for e-commerce. No URL filtering. Limited auditing.

18 © 2012 Pearson, Inc. Chapter 9 Computer Security Software 18 How Firewalls Examine Packets Stateful packet inspection (SPI)  Will not only permit or deny based on the current packet under inspection, but looks at previous packets for data.  It will be aware of the context in which a packet is sent.  SPI can tell whether a packet is part of an existing connection or a bogus packet trying to intrude.

19 © 2012 Pearson, Inc. Chapter 9 Computer Security Software 19 How Firewalls Examine Packets (cont.) Stateless packet inspection  Does not examine the contents  Does not use data from other packets to determine legitimacy of packet  Vulnerable to various types of attacks Ping floods Syn floods DoS attacks

20 © 2012 Pearson, Inc. Chapter 9 Computer Security Software 20 Firewall Configurations The type of firewall tells you how it will evaluate traffic. The configuration of the firewall tells you how the firewall is set up relative to the network it is protecting:  Network host-based  Dual-homed host  Router-based firewall  Screened host

21 © 2012 Pearson, Inc. Chapter 9 Computer Security Software 21 Firewall Configurations (cont.)  Network host-based: Software solution installed on an existing operating system. Weakness: It relies on the OS. Must harden the existing operating system.

22 © 2012 Pearson, Inc. Chapter 9 Computer Security Software 22 Firewall Configurations (cont.)  Dual-homed host: Installed on a server with at least two network interfaces. Systems inside and outside the firewall can communicate with the dual-homed host, not with each other.

23 © 2012 Pearson, Inc. Chapter 9 Computer Security Software 23 Firewall Configurations (cont.)  Router-based firewall Commonly the first layer of protection Usually a packet filter  Screened host Combination firewall A bastion host and a packet filter

24 © 2012 Pearson, Inc. Chapter 9 Computer Security Software 24 Commercial and Free Firewall Products Zone Labs  www.zonelabs.com www.zonelabs.com  Also freeware version Cisco Outpost Firewall  www.agnitum.com/products/outpost/ www.agnitum.com/products/outpost/  Also freeware version

25 © 2012 Pearson, Inc. Chapter 9 Computer Security Software 25 Commercial and Free Firewall Products (cont.) www.free-firewall.org www.homenethelp.com/web/howto/free- firewall.asp www.homenethelp.com/web/howto/free- firewall.asp www.firewall.com/freeware.htm

26 © 2012 Pearson, Inc. Chapter 9 Computer Security Software 26 Firewall Logs All firewalls log activity. Logs can provide valuable information. Can locate source of an attack. Can prevent a future attack. Network administrators regularly check for data.

27 © 2012 Pearson, Inc. Chapter 9 Computer Security Software 27 Antispyware Scans for spyware. Checks for known spyware files, such as AV software scans for known virus files. Maintain a subscription service to keep spyware file definitions up to date, or use auto-update. Be cautious about attachments and downloads.

28 © 2012 Pearson, Inc. Chapter 9 Computer Security Software 28 Intrusion-Detection Software Intrusion-detection software (IDS)  Inspects all inbound and outbound port activity  Scans for patterns that might indicate an attempted break-in

29 © 2012 Pearson, Inc. Chapter 9 Computer Security Software 29 Intrusion-Detection Software (cont.) IDS categorization  Misuse detection versus anomaly detection  Passive systems versus reactive systems  Network-based systems versus host-based systems

30 © 2012 Pearson, Inc. Chapter 9 Computer Security Software 30 Intrusion-Detection Software (cont.) Misuse detection versus anomaly detection  Misuse detection Analyzes information it gathers and compares it to known attack signatures  Anomaly detection Looks for unusual behaviors Behaviors that do not match pattern of normal user access

31 © 2012 Pearson, Inc. Chapter 9 Computer Security Software 31 Intrusion-Detection Software (cont.) Passive systems versus reactive systems  Passive systems Upon detection, logs the information and sends a signal  Reactive systems Upon detection, logs off a suspicious user or reprograms the firewall to block the suspicious network traffic

32 © 2012 Pearson, Inc. Chapter 9 Computer Security Software 32 Intrusion-Detection Software (cont.) Network-based systems versus host-based systems  Network-based systems Analyze network traffic  Host-based systems Analyze activity of each individual host

33 © 2012 Pearson, Inc. Chapter 9 Computer Security Software 33 Intrusion-Detection Software (cont.) IDS approaches  Preemptive blocking  Infiltration  Intrusion deflection  Intrusion deterrence

34 © 2012 Pearson, Inc. Chapter 9 Computer Security Software 34 Intrusion-Detection Software (cont.)  Preemptive blocking Called banishment vigilance Seeks to prevent intrusions before they occur Notes any sign of impending threats and blocks the user or IP Risk of blocking legitimate users

35 © 2012 Pearson, Inc. Chapter 9 Computer Security Software 35 Intrusion-Detection Software (cont.)  Infiltration Not a software program. The process of infiltrating hacker/cracker online groups by security administrator. Unusual. Most administrators depend on security bulletins.

36 © 2012 Pearson, Inc. Chapter 9 Computer Security Software 36 Intrusion-Detection Software (cont.) Intrusion deflection  Honeypot.  Set up an attractive, but fake, system.  Lure the attacker into the system and monitor attacker’s activity.

37 © 2012 Pearson, Inc. Chapter 9 Computer Security Software 37 Intrusion-Detection Software (cont.) Intrusion deterrence  An attempt to make the system a less palatable target. First, attempt to make the system seem less attractive—hide the valuable assets. Then, make the system seem more secure than it is—have warnings of monitoring and so on.  Make any potential reward seem more difficult to attain than it actually is.

38 © 2012 Pearson, Inc. Chapter 9 Computer Security Software 38 Commercial IDS Providers Many IDS vendors You must determine which is best for your business environment. Snort:  www.snort.org www.snort.org  Open source

39 © 2012 Pearson, Inc. Chapter 9 Computer Security Software 39 Summary Any network needs a firewall and proxy server between the trusted and untrusted networks. Also consider IDS and antispyware,

Download ppt "Computer Security Fundamentals by Chuck Easttom Chapter 9: Computer Security Software."

Similar presentations

Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.

Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 9 – Firewalls and.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 9 – Firewalls and.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Lecture 14 Firewalls modified from slides of Lawrie Brown.

Lecture 14 Firewalls modified from slides of Lawrie Brown.
N ETWORK S ECURITY Presented by: Brent Vignola. M ATERIAL OVERVIEW … Basic security components that exist in all networks Authentication Firewall Intrusion.

N ETWORK S ECURITY Presented by: Brent Vignola. M ATERIAL OVERVIEW … Basic security components that exist in all networks Authentication Firewall Intrusion.
Intrusion Detection Systems and Practices

Intrusion Detection Systems and Practices
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Electronic Commerce 2. Definition Ecommerce is the process of buying and selling products and services via distributed electronic media, usually the World.

Electronic Commerce 2. Definition Ecommerce is the process of buying and selling products and services via distributed electronic media, usually the World.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
DIYTP 2009. Computer Security – Virus Scanners  Works in two ways:  List of known ‘bad’ files  Suspicious activity  Terminate and Stay Resident (TSR)

DIYTP Computer Security – Virus Scanners  Works in two ways:  List of known ‘bad’ files  Suspicious activity  Terminate and Stay Resident (TSR)
Department Of Computer Engineering

Department Of Computer Engineering

Similar presentations

Ads by Google