After this session, you should be able to:

Slides:



Advertisements
Similar presentations
Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.
Advertisements

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.
Firewalls Uyanga Tserengombo
IUT– Network Security Course 1 Network Security Firewalls.
FIREWALLS Chapter 11.
Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University
30/04/2015Tim S Roberts COIT13152 Operating Systems T1, 2008 Tim S Roberts.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Winter CMPE 155 Week 7. Winter Assignment 6: Firewalls What is a firewall? –Security at the network level. Wide-area network access makes.
Fall 2008CS 334: Computer Security1 Firewalls Special Thanks to our friends at The Blekinge Institute of Technology, Sweden for providing the basis for.
Lecture 14 Firewalls modified from slides of Lawrie Brown.
Security Firewall Firewall design principle. Firewall Characteristics.
—On War, Carl Von Clausewitz
Chapter 11 Firewalls.
Principles of Information Security, 2nd Edition1 Firewalls and VPNs.
Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,
1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Electronic Commerce 2. Definition Ecommerce is the process of buying and selling products and services via distributed electronic media, usually the World.
Firewalls1 Firewalls Mert Özarar Bilkent University, Turkey
Privacy - not readable Permanent - not alterable (can't edit, delete) Reliable - (changes detectable) But the data must be accessible to persons authorized.
Henric Johnson1 Intruders and Viruses Henric Johnson Blekinge Institute of Technology, Sweden
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
1 Computer Viruses (and other “Malicious Programs) Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden
CSCE 815 Network Security Lecture 20 Intruders / Intrusion Detection April 3, 2003.
Video Following is a video of what can happen if you don’t update your security settings! security.
1 Ola Flygt Växjö University, Sweden Malicious Software.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
Chapter 20 Firewalls.
Why do we need Firewalls? Internet connectivity is a must for most people and organizations  especially for me But a convenient Internet connectivity.
Intranet, Extranet, Firewall. Intranet and Extranet.
Network Security Essentials Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Network and Internet Security SYSTEM SECURITY. Virus Countermeasures Antivirus approach ◦Ideal solution: Prevention ◦Not allowing the virus to infect.
January 2009Prof. Reuven Aviv: Firewalls1 Firewalls.
Chapter 6: Packet Filtering
1 Pertemuan 13 IDS dan Firewall Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
The Security Aspect of Social Engineering Justin Steele.
Chapter 11 Firewalls.
Lecture 14 Overview. Program Flaws Taxonomy of flaws: – how (genesis) – when (time) – where (location) the flaw was introduced into the system 2 CS 450/650.
1 Internet Firewalls What it is all about Concurrency System Lab, EE, National Taiwan University R355.
Fundamentals of The Internet Learning outcomes After this session, you should be able to: Identify the threat of intruders in systems and networks and.
A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.
1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
Virus Detection Mechanisms Final Year Project by Chaitanya kumar CH K.S. Karthik.
Chapter 10 Malicious software. Viruses and ” Malicious Programs Computer “ Viruses ” and related programs have the ability to replicate themselves on.
Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.
30.1 Lecture 30 Security II Based on Silberschatz & Galvin’s slides And Stallings’ slides.
NS-H /11041 Intruder. NS-H /11042 Intruders Three classes of intruders (hackers or crackers): –Masquerader –Misfeasor –Clandestine user.
Security fundamentals Topic 10 Securing the network perimeter.
Viruses a piece of self-replicating code attached to some other code – cf biological virus both propagates itself & carries a payload – carries code to.
n Just as a human virus is passed from person from person, a computer virus is passed from computer to computer. n A virus can be attached to any file.
Chapter 19 – Malicious Software What is the concept of defense: The parrying of a blow. What is its characteristic feature: Awaiting the blow. —On War,
Computer Systems Viruses. Virus A virus is a program which can destroy or cause damage to data stored on a computer. It’s a program that must be run in.
Computer Security Threats CLICKTECHSOLUTION.COM. Computer Security Confidentiality –Data confidentiality –Privacy Integrity –Data integrity –System integrity.
1 An Introduction to Internet Firewalls Dr. Rocky K. C. Chang 12 April 2007.
MALICIOUS SOFTWARE Rishu sihotra TE Computer
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
Malicious Programs (1) Viruses have the ability to replicate themselves Other Malicious programs may be installed by hand on a single machine. They may.
Detected by, M.Nitin kumar ( ) Sagar kumar sahu ( )
Security fundamentals
Firewall.
Computer Data Security & Privacy
Chap 10 Malicious Software.
Chap 10 Malicious Software.
Chapter 9 Intruders and Viruses.
Presentation transcript:

After this session, you should be able to: Learning outcomes After this session, you should be able to: Identify the threat of intruders in systems and networks and explain how to protect them through password management Describe the operation of viruses, Trojans and worms and identify relevant software to counteract them Explain the effect of unwanted network connections in an organisation and how to design a firewall that will balance user freedom in relation to network security Internet Management & Security 06

Taxanomy of Malicious Programs Need Host Program Independent Trapdoors Logic Bombs Trojan Horses Viruses Zombie Worms Internet Management & Security 06

Definitions Trojan Horse - instructions in an otherwise good program that cause bad things to happen (sending your data or password to an attacker over the net). Logic Bomb - malicious code that activates on an event (e.g., date, specific key sequence, absence of a file etc ). Trap Door (or Back Door) - undocumented entry point written into code for debugging that can allow unwanted users. Internet Management & Security 06

Virus - code that infects other executable files by copying itself. Definitions Virus - code that infects other executable files by copying itself. A “Bacteria” replicates until it fills all disk space, or CPU cycles. Payload - harmful things the malicious program does, after it has had time to spread. Worm - a program that replicates itself across the network (usually riding on email messages or attached documents (e.g., macro viruses). Zombie – a program that takes over other Internet-attached computers to launch attacks that are difficult to trace back to the original creator of the program. Typically used in Denial-of-Service Attacks Internet Management & Security 06

Dormant phase - the virus is idle Virus Phases Four different phases exist for a virus. However, not all viruses have all of these four phases. Dormant phase - the virus is idle Propagation phase - the virus places an identical copy of itself into other programs Triggering phase – the virus is activated to perform the function for which it was intended Execution phase – the function is performed Internet Management & Security 06

Virus Protection Have a well-known virus protection program, configured to scan disks and downloads automatically for known viruses. Do not execute programs (or "macro's") from unknown sources (e.g., PS files, Hypercard files, MS Office documents). Do not download .dll, .lib., .hlp, .obj files from unknown sources. Avoid the most common operating systems and email programs, if possible. Internet Management & Security 06

Increases the length of the host program !! Virus Structure Increases the length of the host program !! And, this segment will be the same in all infected files !! It is called the signature of the virus. Internet Management & Security 06

A Compression Virus Internet Management & Security 06

Types of Viruses Parasitic Virus - attaches itself to executable files as part of their code. Runs whenever the host program runs. Memory-resident Virus - Lodges in main memory as part of the residual operating system. Boot Sector Virus - infects the boot sector of a disk, and spreads when the operating system boots up (original DOS viruses). Stealth Virus - explicitly designed to hide from Virus Scanning programs. Compression and controlling disk I/O are the most common techniques. Polymorphic Virus - mutates with every new host to prevent signature detection. It is achieved either by randomly shuffling independent instructions in the virus, or by adding superfluous instructions, or by encryption. Internet Management & Security 06

Infect documents, delete files, generate email and edit letters. Macro Viruses Microsoft Office applications allow “macros” to be part of the document. The macro could run whenever the document is opened, or when a certain command is selected (Save File). Platform independent. Infect documents, delete files, generate email and edit letters. Internet Management & Security 06

Antivirus Approaches 1st Generation, Scanners: searched files for any of a library of known virus “signatures.” Checked executable files for length changes. 2nd Generation, Heuristic Scanners: looks for more general signs than specific signatures (code segments common to many viruses). Checked files for checksum or hash changes. 3rd Generation, Activity Traps: stay resident in memory and look for certain patterns of software behavior (e.g., scanning files). 4th Generation, Full Featured: combine the best of the techniques above. Internet Management & Security 06

Advanced Antivirus Techniques Generic Decryption (GD) CPU Emulator Virus Signature Scanner Emulation Control Module If the virus is encrypted it will decrypt and reveal itself. Key question: how long should a GD scanner run each interpretation? Internet Management & Security 06

Firewall Design Principles Too many computers with different Operating Systems exist in corporate networks today. They all need Internet access. The firewall is inserted between the premises network and the Internet Aims: Establish a controlled link Protect the premises network from Internet-based attacks Provide a single choke point Internet Management & Security 06

Firewall Characteristics Design goals: All traffic from inside to outside must pass through the firewall (physically blocking all access to the local network except via the firewall). Only authorized traffic (defined by the local security policy) will be allowed to pass. The firewall itself is immune to penetration (use of trusted system with a secure operating system). Internet Management & Security 06

Firewall Characteristics Four general techniques: User control Controls access to a service according to which user is attempting to access it (may need authentication procedures). Behavior control Controls how particular services are used (e.g. filter e-mail). Service control Determines the types of Internet services that can be accessed (such as FTP, HTTP) , inbound or outbound. Direction control Determines the direction in which particular service requests are allowed to flow. Internet Management & Security 06

Three common types of Firewalls: Packet-filtering routers Stateful Inspection Firewalls Application-level gateways Circuit-level gateway Internet Management & Security 06

Packet-filtering Router: Types of Firewalls Packet-filtering Router: Applies a set of rules to each incoming IP packet and then forwards or discards the packet Filter packets going in both directions The packet filter is typically set up as a list of rules based on matches to fields in the IP or TCP header Two default policies (discard or forward) Internet Management & Security 06

Types of Firewalls All these fields can be used in a packet filter: Source and Destination IP address Source and Destination Port Numbers IP Protocol field, which defines the higher-level protocol in the IP packet MAC address in case there are more than one. Packet filtering example: action src port dest comment block SPIGOT * {our hosts} we don’t trust these people allow 25 connection to our SMTP port Internet Management & Security 06

Types of Firewalls Stateful Inspection Firewalls: A traditional packet filter allows or denies packet on an individual basis after analysing IP and TCP packet headers in the arriving packet. A stateful inspection firewall, on the other hand, considers the status of ongoing TCP connections in addition to the header information in the arriving packets. Block packets that scan this port !! Example Stateful Furewall Connection State Table: Source Address Source Port Destination Address Destination Port Connection State 192.168.1.100 1030 210.9.88.29 80 Active 192.168.1.101 216.32.42.123 2552 Released 192.168.1.105 1990 192.168.1.6 79 223.43.21.231 2112 210.99.212.18 3321 Internet Management & Security 06

Application-level Gateway (proxy): Types of Firewalls Application-level Gateway (proxy): Also called proxy server Acts as a relay of application-level traffic Requires user authentication More secure than packet filtering and stateful inspection More processing overhead as well. Internet Management & Security 06

Circuit-level Gateway: Types of Firewalls Circuit-level Gateway: Sets up two TCP connections Requires user authentication The gateway typically relays TCP segments from one connection to the other without examining the contents The security function consists of determining which connections will be allowed Typically use is a situation in which the system administrator trusts the internal users Internet Management & Security 06

Firewall Configurations In addition to the use of simple configuration of a single system (single packet filtering router or single gateway), more complex configurations are possible. A “Bastion Host” (means a well-fortified area) serves as a platform for an application-level or circuit-level gateway. they use a secure operating system, only the essential services are installed (including proxies for Telnet, DNS, FTP, SMTP, and user authentication), each proxy module is a very small software package (fewer than 1000 lines) to minimise any security flaw each proxy is independent proxies have no disk access and they run as nonprivileged users Internet Management & Security 06

Firewall Configurations Screened host firewall system (single-homed bastion host): Only packets from and to the bastion host are allowed to pass through the packet filter The bastion host performs authentication and proxy functions Both packet-level and application-level filtering Internet Management & Security 06

Firewall Configurations Screened host firewall system (dual-homed bastion host): Traffic between the Internet and other hosts on the private network has to flow through the bastion host Even if the packet filter is compromised, the private network is physically isolated from the Internet by the Bastion host Internet Management & Security 06

Firewall Configurations Screened-subnet firewall system: Most secure configuration of the three An isolated sub-network is created between the Internet and the private network The private network is not visible to the Internet The Internet is not visible to the private network Internet Management & Security 06