Download Computer Security Hardware and Software

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
Document related concepts
no text concepts found
Transcript 
DIYTP 2009
COMPUTER SECURITY HARDWARE
AND SOFTWARE
Computer Security – Virus
Scanners
 Works in two ways:
 List of known ‘bad’ files
 Suspicious activity
 Terminate and Stay Resident (TSR) program
 File that persists in memory after execution
 Five ways of scanning




E-mail/attachment
Download
File
Heuristic
 Rules that determine if a file is behaving like a virus
 Active code (i.e. Java, ActiveX)
Computer Security – Virus
Scanners
 Mcafee www.mcafee.com
 Symantec www.symantec.com
 AVG www.avg.com
 Trend Micro www.trendmicro.com
Computer Security – AntiSpyware
 Spyware
 Toolbars, skins, enhancements
 Threat to privacy
 Ad-aware www.lavasoft.com
 Spybot Search and Destroy
www.safer-networking.org
Computer Security – Intrusion
Detection Systems
 Intrusion Detection Systems (IDS)
 Inspects incoming and outgoing activity and looks
for patterns
 Common categorizations:
 Misuse vs. Anomaly
 Passive vs. Reactive
 Network-based vs. Host-based
Computer Security – Intrusion
Detection Systems
 Misuse Detection vs. Anomaly Detection
 Misuse detection
 Attack signatures
 Anomaly detection
 Detects intrusions and notifies administrator
 Passive Systems vs. Reactive Systems
 Passive
 Detects, logs, and sends alert
 Reactive
 Reacts by logging off user or blocking traffic on firewall
Computer Security – Intrusion
Detection Systems
 Network-Based vs. Host-Based
 Network-based
 Analyzes packets on network
 Host-based
 Analyzes a specific host/computer
Computer Security – Intrusion
Detection Systems
Figure 1.0 – Intrusion Detection System typical setup
Computer Security – Intrusion
Detection Systems
 Snort www.snort.org
 Cisco IDS
http://www.cisco.com/warp/public/cc/pd/sqs
w/sqidsz/index.shtml
 BASE
http://sourceforge.net/projects/secureideas/
Computer Security - Firewalls
 Firewall
 Barrier between network and the outside world
 Filters packets based on certain parameters
 IP address
 Protocol
 Components
 Screening
 Application gateway
 Circuit-level gateway
Computer Security - Firewalls
 Screening
 Also known as ‘packet-filtering’
 Most basic type
 Works in ‘Network’ layer of OSI
 Examines incoming packets and allows or
prohibits based on a set of pre-established rules
 Example: Windows firewall
Computer Security - Firewalls
 Application Gateway
 Also known as ‘application proxy’
 Runs on firewall
 Client connects to program and then proxy
establishes connection for client
 Protects client computers
 Supports user authentication
Computer Security - Firewalls
 Circuit-level Gateway
 More secure than application gateway
 Generally found on high-end equipment
 User must be verified before communication can
take place
 Passes traffic on to destination and vice versa
 Internal systems are not visible to outside world
Computer Security - Firewalls
 How firewalls look at packets
 Stateful packet inspection (SPI)
 Examine each packet
 Bases decision on current and previous packets
 Can look at actual contents of packet
 Stateless packet inspection
 Very basic
 Only looks at current packet
 Does not look at contents
Computer Security - Firewalls
 Software-based
 Zone Alarm www.zonealarm.com
 Mcafee Personal Firewall www.mcafee.com
 Norton Personal Firewall
www.symantec.com/norton
 Hardware-based
 Cisco www.cisco.com
 Juniper NetScreen www.juniper.net
Related documents