Presentation is loading. Please wait.

Presentation is loading. Please wait.

DIYTP 2009. Computer Security – Virus Scanners  Works in two ways:  List of known ‘bad’ files  Suspicious activity  Terminate and Stay Resident (TSR)

Published byHenry Gaines Modified over 9 years ago

Similar presentations

Presentation on theme: "DIYTP 2009. Computer Security – Virus Scanners  Works in two ways:  List of known ‘bad’ files  Suspicious activity  Terminate and Stay Resident (TSR)"— Presentation transcript:

1 DIYTP 2009

2 Computer Security – Virus Scanners  Works in two ways:  List of known ‘bad’ files  Suspicious activity  Terminate and Stay Resident (TSR) program  File that persists in memory after execution  Five ways of scanning  E-mail/attachment  Download  File  Heuristic  Rules that determine if a file is behaving like a virus  Active code (i.e. Java, ActiveX)

3 Computer Security – Virus Scanners  Mcafee www.mcafee.comwww.mcafee.com  Symantec www.symantec.comwww.symantec.com  AVG www.avg.comwww.avg.com  Trend Micro www.trendmicro.comwww.trendmicro.com

4 Computer Security – Anti- Spyware  Spyware  Toolbars, skins, enhancements  Threat to privacy  Ad-aware www.lavasoft.com  Spybot Search and Destroy www.safer-networking.org

5 Computer Security – Intrusion Detection Systems  Intrusion Detection Systems (IDS)  Inspects incoming and outgoing activity and looks for patterns  Common categorizations:  Misuse vs. Anomaly  Passive vs. Reactive  Network-based vs. Host-based

6 Computer Security – Intrusion Detection Systems  Misuse Detection vs. Anomaly Detection  Misuse detection  Attack signatures  Anomaly detection  Detects intrusions and notifies administrator  Passive Systems vs. Reactive Systems  Passive  Detects, logs, and sends alert  Reactive  Reacts by logging off user or blocking traffic on firewall

7 Computer Security – Intrusion Detection Systems  Network-Based vs. Host-Based  Network-based  Analyzes packets on network  Host-based  Analyzes a specific host/computer

8 Computer Security – Intrusion Detection Systems Figure 1.0 – Intrusion Detection System typical setup

9 Computer Security – Intrusion Detection Systems  Snort www.snort.orgwww.snort.org  Cisco IDS http://www.cisco.com/warp/public/cc/pd/sqs w/sqidsz/index.shtml http://www.cisco.com/warp/public/cc/pd/sqs w/sqidsz/index.shtml  BASE http://sourceforge.net/projects/secureideas/ http://sourceforge.net/projects/secureideas/

10 Computer Security - Firewalls  Firewall  Barrier between network and the outside world  Filters packets based on certain parameters  IP address  Protocol  Components  Screening  Application gateway  Circuit-level gateway

11 Computer Security - Firewalls  Screening  Also known as ‘packet-filtering’  Most basic type  Works in ‘Network’ layer of OSI  Examines incoming packets and allows or prohibits based on a set of pre-established rules  Example: Windows firewall

12 Computer Security - Firewalls  Application Gateway  Also known as ‘application proxy’  Runs on firewall  Client connects to program and then proxy establishes connection for client  Protects client computers  Supports user authentication

13 Computer Security - Firewalls  Circuit-level Gateway  More secure than application gateway  Generally found on high-end equipment  User must be verified before communication can take place  Passes traffic on to destination and vice versa  Internal systems are not visible to outside world

14 Computer Security - Firewalls  How firewalls look at packets  Stateful packet inspection (SPI)  Examine each packet  Bases decision on current and previous packets  Can look at actual contents of packet  Stateless packet inspection  Very basic  Only looks at current packet  Does not look at contents

15 Computer Security - Firewalls  Software-based  Zone Alarm www.zonealarm.comwww.zonealarm.com  Mcafee Personal Firewall www.mcafee.comwww.mcafee.com  Norton Personal Firewall www.symantec.com/norton www.symantec.com/norton  Hardware-based  Cisco www.cisco.comwww.cisco.com  Juniper NetScreen www.juniper.netwww.juniper.net

16

Download ppt "DIYTP 2009. Computer Security – Virus Scanners  Works in two ways:  List of known ‘bad’ files  Suspicious activity  Terminate and Stay Resident (TSR)"

Similar presentations

Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.

Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 9 – Firewalls and.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 9 – Firewalls and.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Intrusion Detection Systems By: William Pinkerton and Sean Burnside.

Intrusion Detection Systems By: William Pinkerton and Sean Burnside.
Lecture 14 Firewalls modified from slides of Lawrie Brown.

Lecture 14 Firewalls modified from slides of Lawrie Brown.
(part 4).  Gateways  A gateway is responsible for translating information from one format to another and can run at any layer of the OSI model, depending.

(part 4).  Gateways  A gateway is responsible for translating information from one format to another and can run at any layer of the OSI model, depending.
Configuring your Home Network Configuring your Home Network Jay Ferron ADMT, CISM, CISSP, MCDBA, MCSE, MCT, NSA-IAM.

Configuring your Home Network Configuring your Home Network Jay Ferron ADMT, CISM, CISSP, MCDBA, MCSE, MCT, NSA-IAM.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
N ETWORK S ECURITY Presented by: Brent Vignola. M ATERIAL OVERVIEW … Basic security components that exist in all networks Authentication Firewall Intrusion.

N ETWORK S ECURITY Presented by: Brent Vignola. M ATERIAL OVERVIEW … Basic security components that exist in all networks Authentication Firewall Intrusion.
Intrusion Detection Systems and Practices

Intrusion Detection Systems and Practices
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Similar presentations

Ads by Google