Computer Security Fundamentals by Chuck Easttom Chapter 9: Computer Security Software.

Slides:



Advertisements
Similar presentations
Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.
Advertisements

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 9 – Firewalls and.
FIREWALLS Chapter 11.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Lecture 14 Firewalls modified from slides of Lawrie Brown.
N ETWORK S ECURITY Presented by: Brent Vignola. M ATERIAL OVERVIEW … Basic security components that exist in all networks Authentication Firewall Intrusion.
Intrusion Detection Systems and Practices
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World
Electronic Commerce 2. Definition Ecommerce is the process of buying and selling products and services via distributed electronic media, usually the World.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
DIYTP Computer Security – Virus Scanners  Works in two ways:  List of known ‘bad’ files  Suspicious activity  Terminate and Stay Resident (TSR)
Department Of Computer Engineering
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
Network Security (Firewall) Instructor: Professor Morteza Anvari Student: Xiuxian Chen ID: Term: Spring 2001.
BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
1 Intrusion Detection Systems. 2 Intrusion Detection Intrusion is any use or attempted use of a system that exceeds authentication limits Intrusions are.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
Why do we need Firewalls? Internet connectivity is a must for most people and organizations  especially for me But a convenient Internet connectivity.
Intranet, Extranet, Firewall. Intranet and Extranet.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Chapter 6: Packet Filtering
IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Windows 7 Firewall.
FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.
11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.
Firewalls Nathan Long Computer Science 481. What is a firewall? A firewall is a system or group of systems that enforces an access control policy between.
Firewall Technologies Prepared by: Dalia Al Dabbagh Manar Abd Al- Rhman University of Palestine
Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Linux Networking and Security
1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.
Firewalls  Firewall sits between the corporate network and the Internet Prevents unauthorized access from the InternetPrevents unauthorized access from.
Network Security Technologies CS490 - Security in Computing Copyright © 2005 by Scott Orr and the Trustees of Indiana University.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.
A Network Security -Firewall Bruce Turin.
Firewall – Survey  Purpose of a Firewall  To allow ‘proper’ traffic and discard all other traffic  Characteristic of a firewall  All traffic must go.
Network Security Terms. Perimeter is the fortified boundary of the network that might include the following aspects: 1.Border routers 2.Firewalls 3.IDSs.
Role Of Network IDS in Network Perimeter Defense.
IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.
Computer Security Firewalls and Intrusion Prevention Systems.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Chapter 14.  Upon completion of this chapter, you should be able to:  Identify different types of Intrusion Detection Systems and Prevention Systems.
Chapter 8.  Upon completion of this chapter, you should be able to:  Understand the purpose of a firewall  Name two types of firewalls  Identify common.
25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.
Click to edit Master subtitle style
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
Introduction to Networking
Firewalls.
Security+ Guide to Network Security Fundamentals, Third Edition
Firewalls Purpose of a Firewall Characteristic of a firewall
Firewall.
Network hardening Chapter 14.
Implementing Firewalls
Presentation transcript:

Computer Security Fundamentals by Chuck Easttom Chapter 9: Computer Security Software

© 2012 Pearson, Inc. Chapter 9 Computer Security Software 2 Chapter 9 Objectives Evaluate the effectiveness of a scanner based on how it works Choose the best type of firewall for a given organization Understand antispyware Employ intrusion-detection systems to detect problems on your system

© 2012 Pearson, Inc. Chapter 9 Computer Security Software 3 Introduction Preceding chapters have described computer crime and computer security. Now, look at the technical details:  Various security devices and software

© 2012 Pearson, Inc. Chapter 9 Computer Security Software 4 Virus Scanners Purpose: to prevent a virus from infecting the system Searches for the signature of a known virus Scanners work in two ways:  Signature matching  Behavior matching

© 2012 Pearson, Inc. Chapter 9 Computer Security Software 5 Virus Scanners (cont.)  Signature matching List of all known virus definitions Kept in a small.dat file Updating consists of replacing this file AV scans host, network, and incoming e- mails for a match

© 2012 Pearson, Inc. Chapter 9 Computer Security Software 6 Virus Scanners (cont.)  Behavior matching: Attempts to write to the boot sector Change system files Automate software Self-multiply  These are typical virus behaviors.

© 2012 Pearson, Inc. Chapter 9 Computer Security Software 7 Virus Scanners (cont.) Ongoing virus scanners:  Run constantly in the background On-demand virus scanners:  Run only when you launch them Modern AV scanners offer both options.

© 2012 Pearson, Inc. Chapter 9 Computer Security Software 8 Virus-Scanning Techniques and attachment scanning  Examine on the server, OR.  Scan the host computer before passing to the program. Download scanning  Scan downloaded files.

© 2012 Pearson, Inc. Chapter 9 Computer Security Software 9 Virus-Scanning Techniques (cont.) File scanning  Files on the host computer are checked periodically. Heuristic scanning  Most advanced form of virus scanning  Uses rules to determine if behavior is virus-like  Best way to find an unknown virus  Some false positives

© 2012 Pearson, Inc. Chapter 9 Computer Security Software 10 Virus-Scanning Techniques (cont.)  Active code scanning Java applets and ActiveX Visual effects Can be vehicles for malicious code Must be scanned

© 2012 Pearson, Inc. Chapter 9 Computer Security Software 11 Commercial Antivirus Software  Commercial product  Also freeware for home use McAfee Norton  Popular commercial products

© 2012 Pearson, Inc. Chapter 9 Computer Security Software 12 Firewalls A barrier between your network and the outside world Filters packets based on  Size  Source IP  Protocol  Destination port

© 2012 Pearson, Inc. Chapter 9 Computer Security Software 13 Firewalls (cont.) Need dedicated firewall between trusted network and untrusted network. Cisco is well known for its routers and firewalls. Firewalls can be hardware or software.

© 2012 Pearson, Inc. Chapter 9 Computer Security Software 14 Firewall Types and Components There are several types of firewalls:  Screening firewalls  Application gateway  Circuit-level gateway

© 2012 Pearson, Inc. Chapter 9 Computer Security Software 15 Firewall Types and Components (cont.)  Screening firewalls Most basic type Packet filters Examines packets and will either permit or deny based on a set of rules Cannot examine for state May be a bastion host, with limited services

© 2012 Pearson, Inc. Chapter 9 Computer Security Software 16 Firewall Types and Components (cont.) Application gateway or proxy  When a client requests a service outside the local network, it negotiates a connection first with the proxy;  The proxy then negotiates the connection with the outside server;  The server thinks it is delivering to the client, when the proxy is actually masquerading as the client to protect the client;

© 2012 Pearson, Inc. Chapter 9 Computer Security Software 17 Firewall Types and Components (cont.)  Circuit-level gateway Similar to a proxy, but more secure. No processing or filtering of protocols. The virtual “circuit” exists after user authentication takes place. Not appropriate for e-commerce. No URL filtering. Limited auditing.

© 2012 Pearson, Inc. Chapter 9 Computer Security Software 18 How Firewalls Examine Packets Stateful packet inspection (SPI)  Will not only permit or deny based on the current packet under inspection, but looks at previous packets for data.  It will be aware of the context in which a packet is sent.  SPI can tell whether a packet is part of an existing connection or a bogus packet trying to intrude.

© 2012 Pearson, Inc. Chapter 9 Computer Security Software 19 How Firewalls Examine Packets (cont.) Stateless packet inspection  Does not examine the contents  Does not use data from other packets to determine legitimacy of packet  Vulnerable to various types of attacks Ping floods Syn floods DoS attacks

© 2012 Pearson, Inc. Chapter 9 Computer Security Software 20 Firewall Configurations The type of firewall tells you how it will evaluate traffic. The configuration of the firewall tells you how the firewall is set up relative to the network it is protecting:  Network host-based  Dual-homed host  Router-based firewall  Screened host

© 2012 Pearson, Inc. Chapter 9 Computer Security Software 21 Firewall Configurations (cont.)  Network host-based: Software solution installed on an existing operating system. Weakness: It relies on the OS. Must harden the existing operating system.

© 2012 Pearson, Inc. Chapter 9 Computer Security Software 22 Firewall Configurations (cont.)  Dual-homed host: Installed on a server with at least two network interfaces. Systems inside and outside the firewall can communicate with the dual-homed host, not with each other.

© 2012 Pearson, Inc. Chapter 9 Computer Security Software 23 Firewall Configurations (cont.)  Router-based firewall Commonly the first layer of protection Usually a packet filter  Screened host Combination firewall A bastion host and a packet filter

© 2012 Pearson, Inc. Chapter 9 Computer Security Software 24 Commercial and Free Firewall Products Zone Labs   Also freeware version Cisco Outpost Firewall   Also freeware version

© 2012 Pearson, Inc. Chapter 9 Computer Security Software 25 Commercial and Free Firewall Products (cont.) firewall.asp firewall.asp

© 2012 Pearson, Inc. Chapter 9 Computer Security Software 26 Firewall Logs All firewalls log activity. Logs can provide valuable information. Can locate source of an attack. Can prevent a future attack. Network administrators regularly check for data.

© 2012 Pearson, Inc. Chapter 9 Computer Security Software 27 Antispyware Scans for spyware. Checks for known spyware files, such as AV software scans for known virus files. Maintain a subscription service to keep spyware file definitions up to date, or use auto-update. Be cautious about attachments and downloads.

© 2012 Pearson, Inc. Chapter 9 Computer Security Software 28 Intrusion-Detection Software Intrusion-detection software (IDS)  Inspects all inbound and outbound port activity  Scans for patterns that might indicate an attempted break-in

© 2012 Pearson, Inc. Chapter 9 Computer Security Software 29 Intrusion-Detection Software (cont.) IDS categorization  Misuse detection versus anomaly detection  Passive systems versus reactive systems  Network-based systems versus host-based systems

© 2012 Pearson, Inc. Chapter 9 Computer Security Software 30 Intrusion-Detection Software (cont.) Misuse detection versus anomaly detection  Misuse detection Analyzes information it gathers and compares it to known attack signatures  Anomaly detection Looks for unusual behaviors Behaviors that do not match pattern of normal user access

© 2012 Pearson, Inc. Chapter 9 Computer Security Software 31 Intrusion-Detection Software (cont.) Passive systems versus reactive systems  Passive systems Upon detection, logs the information and sends a signal  Reactive systems Upon detection, logs off a suspicious user or reprograms the firewall to block the suspicious network traffic

© 2012 Pearson, Inc. Chapter 9 Computer Security Software 32 Intrusion-Detection Software (cont.) Network-based systems versus host-based systems  Network-based systems Analyze network traffic  Host-based systems Analyze activity of each individual host

© 2012 Pearson, Inc. Chapter 9 Computer Security Software 33 Intrusion-Detection Software (cont.) IDS approaches  Preemptive blocking  Infiltration  Intrusion deflection  Intrusion deterrence

© 2012 Pearson, Inc. Chapter 9 Computer Security Software 34 Intrusion-Detection Software (cont.)  Preemptive blocking Called banishment vigilance Seeks to prevent intrusions before they occur Notes any sign of impending threats and blocks the user or IP Risk of blocking legitimate users

© 2012 Pearson, Inc. Chapter 9 Computer Security Software 35 Intrusion-Detection Software (cont.)  Infiltration Not a software program. The process of infiltrating hacker/cracker online groups by security administrator. Unusual. Most administrators depend on security bulletins.

© 2012 Pearson, Inc. Chapter 9 Computer Security Software 36 Intrusion-Detection Software (cont.) Intrusion deflection  Honeypot.  Set up an attractive, but fake, system.  Lure the attacker into the system and monitor attacker’s activity.

© 2012 Pearson, Inc. Chapter 9 Computer Security Software 37 Intrusion-Detection Software (cont.) Intrusion deterrence  An attempt to make the system a less palatable target. First, attempt to make the system seem less attractive—hide the valuable assets. Then, make the system seem more secure than it is—have warnings of monitoring and so on.  Make any potential reward seem more difficult to attain than it actually is.

© 2012 Pearson, Inc. Chapter 9 Computer Security Software 38 Commercial IDS Providers Many IDS vendors You must determine which is best for your business environment. Snort:   Open source

© 2012 Pearson, Inc. Chapter 9 Computer Security Software 39 Summary Any network needs a firewall and proxy server between the trusted and untrusted networks. Also consider IDS and antispyware,

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.