Download presentation
Presentation is loading. Please wait.
Published byHenry Gaines Modified over 9 years ago
1
DIYTP 2009
2
Computer Security – Virus Scanners Works in two ways: List of known ‘bad’ files Suspicious activity Terminate and Stay Resident (TSR) program File that persists in memory after execution Five ways of scanning E-mail/attachment Download File Heuristic Rules that determine if a file is behaving like a virus Active code (i.e. Java, ActiveX)
3
Computer Security – Virus Scanners Mcafee www.mcafee.comwww.mcafee.com Symantec www.symantec.comwww.symantec.com AVG www.avg.comwww.avg.com Trend Micro www.trendmicro.comwww.trendmicro.com
4
Computer Security – Anti- Spyware Spyware Toolbars, skins, enhancements Threat to privacy Ad-aware www.lavasoft.com Spybot Search and Destroy www.safer-networking.org
5
Computer Security – Intrusion Detection Systems Intrusion Detection Systems (IDS) Inspects incoming and outgoing activity and looks for patterns Common categorizations: Misuse vs. Anomaly Passive vs. Reactive Network-based vs. Host-based
6
Computer Security – Intrusion Detection Systems Misuse Detection vs. Anomaly Detection Misuse detection Attack signatures Anomaly detection Detects intrusions and notifies administrator Passive Systems vs. Reactive Systems Passive Detects, logs, and sends alert Reactive Reacts by logging off user or blocking traffic on firewall
7
Computer Security – Intrusion Detection Systems Network-Based vs. Host-Based Network-based Analyzes packets on network Host-based Analyzes a specific host/computer
8
Computer Security – Intrusion Detection Systems Figure 1.0 – Intrusion Detection System typical setup
9
Computer Security – Intrusion Detection Systems Snort www.snort.orgwww.snort.org Cisco IDS http://www.cisco.com/warp/public/cc/pd/sqs w/sqidsz/index.shtml http://www.cisco.com/warp/public/cc/pd/sqs w/sqidsz/index.shtml BASE http://sourceforge.net/projects/secureideas/ http://sourceforge.net/projects/secureideas/
10
Computer Security - Firewalls Firewall Barrier between network and the outside world Filters packets based on certain parameters IP address Protocol Components Screening Application gateway Circuit-level gateway
11
Computer Security - Firewalls Screening Also known as ‘packet-filtering’ Most basic type Works in ‘Network’ layer of OSI Examines incoming packets and allows or prohibits based on a set of pre-established rules Example: Windows firewall
12
Computer Security - Firewalls Application Gateway Also known as ‘application proxy’ Runs on firewall Client connects to program and then proxy establishes connection for client Protects client computers Supports user authentication
13
Computer Security - Firewalls Circuit-level Gateway More secure than application gateway Generally found on high-end equipment User must be verified before communication can take place Passes traffic on to destination and vice versa Internal systems are not visible to outside world
14
Computer Security - Firewalls How firewalls look at packets Stateful packet inspection (SPI) Examine each packet Bases decision on current and previous packets Can look at actual contents of packet Stateless packet inspection Very basic Only looks at current packet Does not look at contents
15
Computer Security - Firewalls Software-based Zone Alarm www.zonealarm.comwww.zonealarm.com Mcafee Personal Firewall www.mcafee.comwww.mcafee.com Norton Personal Firewall www.symantec.com/norton www.symantec.com/norton Hardware-based Cisco www.cisco.comwww.cisco.com Juniper NetScreen www.juniper.netwww.juniper.net
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.