Presentation is loading. Please wait.

Presentation is loading. Please wait.

DIYTP 2009. Computer Security – Virus Scanners  Works in two ways:  List of known ‘bad’ files  Suspicious activity  Terminate and Stay Resident (TSR)

Similar presentations


Presentation on theme: "DIYTP 2009. Computer Security – Virus Scanners  Works in two ways:  List of known ‘bad’ files  Suspicious activity  Terminate and Stay Resident (TSR)"— Presentation transcript:

1 DIYTP 2009

2 Computer Security – Virus Scanners  Works in two ways:  List of known ‘bad’ files  Suspicious activity  Terminate and Stay Resident (TSR) program  File that persists in memory after execution  Five ways of scanning  E-mail/attachment  Download  File  Heuristic  Rules that determine if a file is behaving like a virus  Active code (i.e. Java, ActiveX)

3 Computer Security – Virus Scanners  Mcafee www.mcafee.comwww.mcafee.com  Symantec www.symantec.comwww.symantec.com  AVG www.avg.comwww.avg.com  Trend Micro www.trendmicro.comwww.trendmicro.com

4 Computer Security – Anti- Spyware  Spyware  Toolbars, skins, enhancements  Threat to privacy  Ad-aware www.lavasoft.com  Spybot Search and Destroy www.safer-networking.org

5 Computer Security – Intrusion Detection Systems  Intrusion Detection Systems (IDS)  Inspects incoming and outgoing activity and looks for patterns  Common categorizations:  Misuse vs. Anomaly  Passive vs. Reactive  Network-based vs. Host-based

6 Computer Security – Intrusion Detection Systems  Misuse Detection vs. Anomaly Detection  Misuse detection  Attack signatures  Anomaly detection  Detects intrusions and notifies administrator  Passive Systems vs. Reactive Systems  Passive  Detects, logs, and sends alert  Reactive  Reacts by logging off user or blocking traffic on firewall

7 Computer Security – Intrusion Detection Systems  Network-Based vs. Host-Based  Network-based  Analyzes packets on network  Host-based  Analyzes a specific host/computer

8 Computer Security – Intrusion Detection Systems Figure 1.0 – Intrusion Detection System typical setup

9 Computer Security – Intrusion Detection Systems  Snort www.snort.orgwww.snort.org  Cisco IDS http://www.cisco.com/warp/public/cc/pd/sqs w/sqidsz/index.shtml http://www.cisco.com/warp/public/cc/pd/sqs w/sqidsz/index.shtml  BASE http://sourceforge.net/projects/secureideas/ http://sourceforge.net/projects/secureideas/

10 Computer Security - Firewalls  Firewall  Barrier between network and the outside world  Filters packets based on certain parameters  IP address  Protocol  Components  Screening  Application gateway  Circuit-level gateway

11 Computer Security - Firewalls  Screening  Also known as ‘packet-filtering’  Most basic type  Works in ‘Network’ layer of OSI  Examines incoming packets and allows or prohibits based on a set of pre-established rules  Example: Windows firewall

12 Computer Security - Firewalls  Application Gateway  Also known as ‘application proxy’  Runs on firewall  Client connects to program and then proxy establishes connection for client  Protects client computers  Supports user authentication

13 Computer Security - Firewalls  Circuit-level Gateway  More secure than application gateway  Generally found on high-end equipment  User must be verified before communication can take place  Passes traffic on to destination and vice versa  Internal systems are not visible to outside world

14 Computer Security - Firewalls  How firewalls look at packets  Stateful packet inspection (SPI)  Examine each packet  Bases decision on current and previous packets  Can look at actual contents of packet  Stateless packet inspection  Very basic  Only looks at current packet  Does not look at contents

15 Computer Security - Firewalls  Software-based  Zone Alarm www.zonealarm.comwww.zonealarm.com  Mcafee Personal Firewall www.mcafee.comwww.mcafee.com  Norton Personal Firewall www.symantec.com/norton www.symantec.com/norton  Hardware-based  Cisco www.cisco.comwww.cisco.com  Juniper NetScreen www.juniper.netwww.juniper.net

16


Download ppt "DIYTP 2009. Computer Security – Virus Scanners  Works in two ways:  List of known ‘bad’ files  Suspicious activity  Terminate and Stay Resident (TSR)"

Similar presentations


Ads by Google