DIYTP 2009. Computer Security – Virus Scanners  Works in two ways:  List of known ‘bad’ files  Suspicious activity  Terminate and Stay Resident (TSR)

Slides:



Advertisements
Similar presentations
Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.
Advertisements

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 9 – Firewalls and.
FIREWALLS Chapter 11.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Intrusion Detection Systems By: William Pinkerton and Sean Burnside.
Lecture 14 Firewalls modified from slides of Lawrie Brown.
(part 4).  Gateways  A gateway is responsible for translating information from one format to another and can run at any layer of the OSI model, depending.
Configuring your Home Network Configuring your Home Network Jay Ferron ADMT, CISM, CISSP, MCDBA, MCSE, MCT, NSA-IAM.
Firewalls and Intrusion Detection Systems
N ETWORK S ECURITY Presented by: Brent Vignola. M ATERIAL OVERVIEW … Basic security components that exist in all networks Authentication Firewall Intrusion.
Intrusion Detection Systems and Practices
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Security Awareness: Applying Practical Security in Your World
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
Host Intrusion Prevention Systems & Beyond
Department Of Computer Engineering
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
Network Security (Firewall) Instructor: Professor Morteza Anvari Student: Xiuxian Chen ID: Term: Spring 2001.
Computer Security Fundamentals by Chuck Easttom Chapter 9: Computer Security Software.
IDS Mike O’Connor Eric Tallman Matt Yasiejko. Overview IDS defined IDS defined What it does What it does Sample logs Sample logs Why we need it Why we.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
1 Intrusion Detection Systems. 2 Intrusion Detection Intrusion is any use or attempted use of a system that exceeds authentication limits Intrusions are.
Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.
Intrusion Protection Mark Shtern. Protection systems Firewalls Intrusion detection and protection systems Honeypots System Auditing.
Why do we need Firewalls? Internet connectivity is a must for most people and organizations  especially for me But a convenient Internet connectivity.
FIREWALL Mạng máy tính nâng cao-V1.
IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.
The Security Aspect of Social Engineering Justin Steele.
Why do you need to think about security?  Data loss  System loss  Identity theft.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Windows 7 Firewall.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Firewalls Nathan Long Computer Science 481. What is a firewall? A firewall is a system or group of systems that enforces an access control policy between.
Firewall Technologies Prepared by: Dalia Al Dabbagh Manar Abd Al- Rhman University of Palestine
Firewalls  Firewall sits between the corporate network and the Internet Prevents unauthorized access from the InternetPrevents unauthorized access from.
Network Security Technologies CS490 - Security in Computing Copyright © 2005 by Scott Orr and the Trustees of Indiana University.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
CSCE 201 Windows XP Firewalls Fall Reading Windows XP help and Support: search on “Firewall” Tony Bradley, CISSP-ISSAP, Windows XP SP2 Firewall,
Intrusion Detection System (IDS) Basics LTJG Lemuel S. Lawrence Presentation for IS Sept 2004.
Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.
A Network Security -Firewall Bruce Turin.
Firewall – Survey  Purpose of a Firewall  To allow ‘proper’ traffic and discard all other traffic  Characteristic of a firewall  All traffic must go.
I NTRUSION P REVENTION S YSTEM (IPS). O UTLINE Introduction Objectives IPS’s Detection methods Classifications IPS vs. IDS IPS vs. Firewall.
Network Security Terms. Perimeter is the fortified boundary of the network that might include the following aspects: 1.Border routers 2.Firewalls 3.IDSs.
What's a Firewall? A security system that acts as a protective boundary between a network and the outside world Isolates computer from the internet using.
Computer Security Firewalls and Intrusion Prevention Systems.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.
CompTIA Security+ Study Guide (SY0-401)
Click to edit Master subtitle style
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
Firewalls.
CompTIA Security+ Study Guide (SY0-401)
Information Security Session October 24, 2005
Security+ Guide to Network Security Fundamentals, Third Edition
Intrusion Detection Systems (IDS)
Firewall.
FIREWALL.
Firewall Installation
Presentation transcript:

DIYTP 2009

Computer Security – Virus Scanners  Works in two ways:  List of known ‘bad’ files  Suspicious activity  Terminate and Stay Resident (TSR) program  File that persists in memory after execution  Five ways of scanning  /attachment  Download  File  Heuristic  Rules that determine if a file is behaving like a virus  Active code (i.e. Java, ActiveX)

Computer Security – Virus Scanners  Mcafee  Symantec  AVG  Trend Micro

Computer Security – Anti- Spyware  Spyware  Toolbars, skins, enhancements  Threat to privacy  Ad-aware  Spybot Search and Destroy

Computer Security – Intrusion Detection Systems  Intrusion Detection Systems (IDS)  Inspects incoming and outgoing activity and looks for patterns  Common categorizations:  Misuse vs. Anomaly  Passive vs. Reactive  Network-based vs. Host-based

Computer Security – Intrusion Detection Systems  Misuse Detection vs. Anomaly Detection  Misuse detection  Attack signatures  Anomaly detection  Detects intrusions and notifies administrator  Passive Systems vs. Reactive Systems  Passive  Detects, logs, and sends alert  Reactive  Reacts by logging off user or blocking traffic on firewall

Computer Security – Intrusion Detection Systems  Network-Based vs. Host-Based  Network-based  Analyzes packets on network  Host-based  Analyzes a specific host/computer

Computer Security – Intrusion Detection Systems Figure 1.0 – Intrusion Detection System typical setup

Computer Security – Intrusion Detection Systems  Snort  Cisco IDS w/sqidsz/index.shtml w/sqidsz/index.shtml  BASE

Computer Security - Firewalls  Firewall  Barrier between network and the outside world  Filters packets based on certain parameters  IP address  Protocol  Components  Screening  Application gateway  Circuit-level gateway

Computer Security - Firewalls  Screening  Also known as ‘packet-filtering’  Most basic type  Works in ‘Network’ layer of OSI  Examines incoming packets and allows or prohibits based on a set of pre-established rules  Example: Windows firewall

Computer Security - Firewalls  Application Gateway  Also known as ‘application proxy’  Runs on firewall  Client connects to program and then proxy establishes connection for client  Protects client computers  Supports user authentication

Computer Security - Firewalls  Circuit-level Gateway  More secure than application gateway  Generally found on high-end equipment  User must be verified before communication can take place  Passes traffic on to destination and vice versa  Internal systems are not visible to outside world

Computer Security - Firewalls  How firewalls look at packets  Stateful packet inspection (SPI)  Examine each packet  Bases decision on current and previous packets  Can look at actual contents of packet  Stateless packet inspection  Very basic  Only looks at current packet  Does not look at contents

Computer Security - Firewalls  Software-based  Zone Alarm  Mcafee Personal Firewall  Norton Personal Firewall  Hardware-based  Cisco  Juniper NetScreen