Upload
henry-gaines
View
217
Download
0
Tags:
Embed Size (px)
Citation preview
DIYTP 2009
Computer Security – Virus Scanners Works in two ways:
List of known ‘bad’ files Suspicious activity
Terminate and Stay Resident (TSR) program File that persists in memory after execution
Five ways of scanning E-mail/attachment Download File Heuristic
Rules that determine if a file is behaving like a virus
Active code (i.e. Java, ActiveX)
Computer Security – Virus Scanners Mcafee www.mcafee.com Symantec www.symantec.com AVG www.avg.com Trend Micro www.trendmicro.com
Computer Security – Anti-Spyware Spyware
Toolbars, skins, enhancements Threat to privacy
Ad-aware www.lavasoft.com Spybot Search and Destroy
www.safer-networking.org
Computer Security – Intrusion Detection Systems Intrusion Detection Systems (IDS)
Inspects incoming and outgoing activity and looks for patterns
Common categorizations: Misuse vs. Anomaly Passive vs. Reactive Network-based vs. Host-based
Computer Security – Intrusion Detection Systems Misuse Detection vs. Anomaly Detection
Misuse detection Attack signatures
Anomaly detection Detects intrusions and notifies administrator
Passive Systems vs. Reactive Systems Passive
Detects, logs, and sends alert Reactive
Reacts by logging off user or blocking traffic on firewall
Computer Security – Intrusion Detection Systems Network-Based vs. Host-Based
Network-based Analyzes packets on network
Host-based Analyzes a specific host/computer
Computer Security – Intrusion Detection Systems
Figure 1.0 – Intrusion Detection System typical setup
Computer Security – Intrusion Detection Systems Snort www.snort.org Cisco IDS
http://www.cisco.com/warp/public/cc/pd/sqsw/sqidsz/index.shtml
BASE http://sourceforge.net/projects/secureideas/
Computer Security - Firewalls Firewall
Barrier between network and the outside world
Filters packets based on certain parameters IP address Protocol
Components Screening Application gateway Circuit-level gateway
Computer Security - Firewalls Screening
Also known as ‘packet-filtering’ Most basic type Works in ‘Network’ layer of OSI Examines incoming packets and allows
or prohibits based on a set of pre-established rules
Example: Windows firewall
Computer Security - Firewalls Application Gateway
Also known as ‘application proxy’ Runs on firewall Client connects to program and then
proxy establishes connection for client Protects client computers Supports user authentication
Computer Security - Firewalls Circuit-level Gateway
More secure than application gateway Generally found on high-end equipment User must be verified before
communication can take place Passes traffic on to destination and vice
versa Internal systems are not visible to
outside world
Computer Security - Firewalls How firewalls look at packets
Stateful packet inspection (SPI) Examine each packet Bases decision on current and previous
packets Can look at actual contents of packet
Stateless packet inspection Very basic Only looks at current packet Does not look at contents
Computer Security - Firewalls Software-based
Zone Alarm www.zonealarm.com Mcafee Personal Firewall
www.mcafee.com Norton Personal Firewall
www.symantec.com/norton Hardware-based
Cisco www.cisco.com Juniper NetScreen www.juniper.net