Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.

Slides:



Advertisements
Similar presentations
Presented by Nikita Shah 5th IT ( )
Advertisements

Thank you to IT Training at Indiana University Computer Malware.
Backing Up Your Computer Hard Drive Lou Koch June 27, 2006.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Intrusion Detection Systems By: William Pinkerton and Sean Burnside.
Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.
1 Protecting Your Computer Internet Annoyances (Already done in Chapter 3) Spam Pop-ups Identity theft phishing hoaxes Spyware.
1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.
Intrusion Detection Systems and Practices
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Firewall and Proxy Server Director: Dr. Mort Anvari Name: Anan Chen Date: Summer 2000.
Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?
What is it, how does it work, and why is it important?
Information Security Introduction to Information Security Michael Whitman and Herbert Mattord 14-1.
Week 5 IBS 520 Computer and Online Security. Cybercrime Online or Internet- based illegal acts What is a computer security risk? Computer crime Any illegal.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Alisha Horsfield INTERNET SAFETY. firewall Firewall- a system made to stop unauthorised access to or from a private network Firewalls also protects your.
CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Stuart Cunningham - Computer Platforms COMPUTER PLATFORMS Computer & Network Security & User Support & Training Week 11.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
Hacker Zombie Computer Reflectors Target.
Malware Fighting Spyware, Viruses, and Malware Ch 4.
Understanding and Troubleshooting Your PC. Chapter 12: Maintenance and Troubleshooting Fundamentals2 Chapter Objectives  In this chapter, you will learn:
Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 2 This material was developed by Oregon Health & Science University,
BUSINESS B1 Information Security.
Honeypot and Intrusion Detection System
Common Cyber Defenses Tom Chothia Computer Security, Lecture 18.
A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.
1 Higher Computing Topic 8: Supporting Software Updated
Security at NCAR David Mitchell February 20th, 2007.
Network Security Jiuqin Wang June, 2000 Security & Operating system To protect the system, we must take security measures at two levels: Physical level:
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used? Tripwire.
Keeping Your Computer Safe and Running Efficiently.
NetTech Solutions Protecting the Computer Lesson 10.
Matthew Glenn AP2 Techno for Tanzania This presentation will cover the different utilities on a computer.
CHAPTER 2 Laws of Security. Introduction Laws of security enable user make the judgment about the security of a system. Some of the “laws” are not really.
Computer Security By Duncan Hall.
I NTRUSION P REVENTION S YSTEM (IPS). O UTLINE Introduction Objectives IPS’s Detection methods Classifications IPS vs. IDS IPS vs. Firewall.
Network Security Terms. Perimeter is the fortified boundary of the network that might include the following aspects: 1.Border routers 2.Firewalls 3.IDSs.
Role Of Network IDS in Network Perimeter Defense.
How to Mitigate Stay Safe. Patching Patches Software ‘fixes’ for vulnerabilities in operating systems and applications Why Patch Keep your system secure.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
Lecture 15 Page 1 CS 236 Online Evaluating Running Systems Evaluating system security requires knowing what’s going on Many steps are necessary for a full.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
A presentation by John Rowley for IUP COSC 356 Dr. William Oblitey Faculty member in attendance.
Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.
This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
By the end of this lesson you will be able to: 1. Determine the preventive support measures that are in place at your school.
Lecture 12 Page 1 CS 136, Spring 2009 Network Security: Firewalls CS 136 Computer Security Peter Reiher May 12, 2009.
Cosc 4765 Antivirus Approaches. In a Perfect world The best solution to viruses and worms to prevent infected the system –Generally considered impossible.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
bitdefender virus protection
Working at a Small-to-Medium Business or ISP – Chapter 8
Instructor Materials Chapter 7 Network Security
CompTIA Server+ Certification (Exam SK0-004)
IS3440 Linux Security Unit 9 Linux System Logging and Monitoring
Bethesda Cybersecurity Club
Operating System Concepts
6. Application Software Security
Presentation transcript:

Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.

Intrusion Detection ● We have discussed the Security, “Life Cycle”  Maintain ● Keep your system secure and up to date  Detect ● Detect an attack  Recover ● Repair damage from attack and restore the system to working order.

Intrusion Detection ● We have spent a lot of time dealing with  Types of attacks  How to help secure systems against attack. ● We have spent some time on the issue of backups  The most simple and cost effective solution to restoration on your level ● We need to talk about the issue of Detecting attacks.

Intrusion Detection -- Baselining ● The most important concept in ID is baselining  We need to know what our system looks like ordinarily, so we can notice something extraordinary has happened ● We do this by making a record of the normal state of our system  Configuration files  Network Traffic  Data files...

Defenses ● Last week we divided our defenses into three groups  Network defenses – perimeter defenses  Host defenses  Data defenses

Defenses ● We will continue our discussion by talking about ways to detect breaches on these various levels

Network Defenses ● Network Defenses  Protect our LAN from attacks outside our LAN  Defenses are usually implemented by a boundary router or a personal router providing the following services ● Firewall ● NAT ● Possibly DHCP

Traffic Analysis ● We typically detect that an intruder has gotten into our local net by doing traffic analysis  We look at the kinds of packets on our net ● What protocols or applications generate them ● How heavy is the traffic on the network ● How much traffic does each host generate ● Anything else we can grab  We make a record of normal behavior, (baselining) and we look for unusual activity

Traffic Analysis ● Port scanning  Easy to detect, if carelessly done  Look for someone looking at a lot of ports on the same host. ● Increased Traffic  Hosts that have been taken over as zombies can generate greater than normal traffic

Traffic Analysis ● Looking for specific kinds of packets  Packets that carry worms can have a signature ● Similar to the signature of a file that has a virus  This signature can be detected  Sometimes, attack packets have header information that can be looked for. ● Any unusual activity  Could indicate an attack  Could simply indicate a hardware or software problem.

Host Defense ● Host Defenses can include  Anti Virus and anti Spam software  Personal firewall  Secure configurations or add ons to network software  Human Factors, (to be discussed later)

Host Defenses ● Again, we use baselining.  Contents of configuration files  Normal levels of CPU activity ● Hard to do  Normally running tasks and processes

Anti Virus Software ● Looks for “signatures” of viruses in executable files.  Alerts user if signatures found  This gives evidence of intrusion... at some point ● Anti Virus software can also help in recovery  Cleans infected files

Anti Spyware software ● Looks for a couple of things  Files associated with known threats  Tasks running that look like threats ● Out of the ordinary  Suspicious changes in configuration information ● In Windows, the registry ● In OS X, netinfo ● In Linux, state of configuration files

Anti Spyware Software ● Anti Spyware Software can contribute to recovery  Remove suspicious tasks, (stop them from executing)  Quarantine files  Remove or repair configuration changes ● Fix the registry

Other Approches ● Alert on  Attempts to write to the bios ● Often a parameter that can be set in the bios  Root Logins ● Fair or Foul, a root login is an important event  Attempts to write to system areas ● Areas where system programs are stored are usually only written to during upgrades or software installations. Writes at other times are suspicious.

Other Approach ● Alert on  Port Scans ● Again easy to detect

ID Host -- Tools ● Most Anti Virus Vendors provide total security packages that implement most of what I have discussed ● There are Freeware packages  Snort – Linux and Windows  Tripwire – used to be free, now nominal ● Most Unix Systems, including all Linuxes  Not much available for OS X ● Ports of some Unix packages

Data Defense ● Principle tool for defending data is encryption  Also detects modification of data  An encrypted file that is modified, can not be completely decrypted. ● We can also use baselining  Only on files that are relatively static

Baselining Data ● We can store, for static files.  Last modification date  Last access date  File size  A digital digest, or signature of the file. ● If any of these change, we know the file has been modified

Candidate files for Baselining ● Configuration files  Including Host files (redirecting to false websites)  Other network configuration files  Files related to the configuration of security software ● Executable files  Parts of the operating system  Frequently used executables

File Baselining ● Its tough to baseline files that are frequently changing  New baselines have to be computed for each modification  Modifier must authenticate himself/herself to the baselining software for each modification

Tools – File Monitoring ● Again about the same  Security packages from major vendors implement much of this  Tripwire and its replacements and descendants provide these services  Again, Mac OS X uses Unix tools

Recovery ● Critical Element of recovery is a plan  Reduces recovery time  Insures that needed materials are at hand ● Backups ● Replacement hardware  The process of planning exposes weaknesses

Backups ● As we have discussed, on your level, recovery, generally means restoring from backups  Unlikely to maintain duplicate equipment or file systems  Unlikely to employ a data warehouse

Recovery ● To restore usefulness to your system you must restore  Operating System ● OS cd/dvd and/or system restore disks  Application Programs ● Original installation disks ● Original installation files on removable media ● Web site addresses for downloading the programs

Recovery ● Critical Data  Documents ● Don't forget folders if stored locally  Bookmarks ● Often forgotten in backups. ● Use Export Bookmarks in favorite browser  Program configuration information  Personal Digital certificates ● Else you will get encrypted s you can't read

Recovery ● With a simple recovery plan like this you must budget hours or days to get back to full function ● However, it is cheap. ● If your need do not permit that much downtime you need to look for backup software and hardware that allows you to make complete disk or system images.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.