1 / 13

Computer Security Software

Computer Security Software. Issues. Virus (anti virus scanners) Intrusion-Detection Software Firewalls Configuration of firewalls. Virus. Virus Malware - need a host program/file to propagate Trojan horse – concept Well known 1999: Melissa (email) 2001: Klez (email) Worm

dalton-goff
Télécharger la présentation

Computer Security Software

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Computer Security Software

  2. Issues • Virus (anti virus scanners) • Intrusion-Detection Software • Firewalls • Configuration of firewalls

  3. Virus • Virus • Malware - need a host program/file to propagate • Trojan horse – concept • Well known • 1999: Melissa (email) • 2001: Klez (email) • Worm • Malware – make a copy and propagate by it self • Well known • 2000: ILOVEYOU (also email) • 2004 Sasser (also email) • http://computer.howstuffworks.com/worst-computer-viruses.htm#page=0

  4. More Virus • How scanners work • Recognize signature (file size, code, file name …)simple but work for known viruses • Detect suspicious behavior(write to boot sector, change system files, TSR)complex work for ‘unknown’ viruses • Problems to face • False positive (find virus – which is not a virus) • False negative (do not find a real virus)

  5. Intrusion-Detection Software • Different categories • Misuse (like recognize) • Anormal (behavior) • Passive (just detect - log) • Reactive (detect – log and block) • Network Based (look at network traffic) • Host based (look at one computer) • One Tool – SNORT (snort.org) • Honey pots

  6. Firewalls • Purpose of a Firewall • To allow ‘proper’ traffic and discard all other traffic • Characteristic of a firewall • All traffic must go through the firewall • Allow and blocking traffic (Only Authorized traffic) • The Firewall itself must be immune of attacked

  7. Firewalls what to configure • 5 areas to control: • Services (web, ftp, mail …) i.e. Port# • Network (hosts) i.e. IP addresses • Direction i.e. control inside-out or reverse • User i.e. only authorized users allow • Behaviour (e.g. attachment to mail) • (Denial of Service Inspection)

  8. Firewalls types • Screening Firewall • The normal built in packet filter firewall in routers • Application Gateway (OR application proxy) • Establish connection to gateway then a new connect out • Have user authentication BUT performance is bad • Circuit level gateway • Like application (two connections + authentication) • Better performance

  9. Firewall – ScreeningPacket-filtering • Level 3 – network (IP-packets) • Filtering on (the access control list): • Source/Destination IP-addresses • Source/Destination Port-numbers • IP-protocol field (e.g. icmp, tcp, egp) • TCP-direction (SYN-bit) • InBound / Outbound on each interface (sometimes also forwarding)

  10. Firewall – ScreeningPacket-filtering • Configurations • Policies: 1:optimistic: default set to allow / forward2:pessimistic: default set to discard / deny • Setting up rules

  11. Example IN OUT IN OUT

  12. Firewall – ScreeningPacket-filtering • Out 10.10.10.1 • In 10.10.10.1

  13. Firewall - Architecture • Best Practice solutionFor small and middle companies: • Screened subnet firewall MOST secure DMZ –demilitarized zone(2 packet-filter + bastion host on the net (DMZ) in between) • Home Firewalllike ZoneAlarm/ windows-firewall

More Related