DIYTP 2009
COMPUTER SECURITY HARDWARE
AND SOFTWARE
Computer Security – Virus
Scanners
 Works in two ways:
 List of known ‘bad’ files
 Suspicious activity
 Terminate and Stay Resident (TSR) program
 File that persists in memory after execution
 Five ways of scanning




E-mail/attachment
Download
File
Heuristic
 Rules that determine if a file is behaving like a virus
 Active code (i.e. Java, ActiveX)
Computer Security – Virus
Scanners
 Mcafee www.mcafee.com
 Symantec www.symantec.com
 AVG www.avg.com
 Trend Micro www.trendmicro.com
Computer Security – AntiSpyware
 Spyware
 Toolbars, skins, enhancements
 Threat to privacy
 Ad-aware www.lavasoft.com
 Spybot Search and Destroy
www.safer-networking.org
Computer Security – Intrusion
Detection Systems
 Intrusion Detection Systems (IDS)
 Inspects incoming and outgoing activity and looks
for patterns
 Common categorizations:
 Misuse vs. Anomaly
 Passive vs. Reactive
 Network-based vs. Host-based
Computer Security – Intrusion
Detection Systems
 Misuse Detection vs. Anomaly Detection
 Misuse detection
 Attack signatures
 Anomaly detection
 Detects intrusions and notifies administrator
 Passive Systems vs. Reactive Systems
 Passive
 Detects, logs, and sends alert
 Reactive
 Reacts by logging off user or blocking traffic on firewall
Computer Security – Intrusion
Detection Systems
 Network-Based vs. Host-Based
 Network-based
 Analyzes packets on network
 Host-based
 Analyzes a specific host/computer
Computer Security – Intrusion
Detection Systems
Figure 1.0 – Intrusion Detection System typical setup
Computer Security – Intrusion
Detection Systems
 Snort www.snort.org
 Cisco IDS
http://www.cisco.com/warp/public/cc/pd/sqs
w/sqidsz/index.shtml
 BASE
http://sourceforge.net/projects/secureideas/
Computer Security - Firewalls
 Firewall
 Barrier between network and the outside world
 Filters packets based on certain parameters
 IP address
 Protocol
 Components
 Screening
 Application gateway
 Circuit-level gateway
Computer Security - Firewalls
 Screening
 Also known as ‘packet-filtering’
 Most basic type
 Works in ‘Network’ layer of OSI
 Examines incoming packets and allows or
prohibits based on a set of pre-established rules
 Example: Windows firewall
Computer Security - Firewalls
 Application Gateway
 Also known as ‘application proxy’
 Runs on firewall
 Client connects to program and then proxy
establishes connection for client
 Protects client computers
 Supports user authentication
Computer Security - Firewalls
 Circuit-level Gateway
 More secure than application gateway
 Generally found on high-end equipment
 User must be verified before communication can
take place
 Passes traffic on to destination and vice versa
 Internal systems are not visible to outside world
Computer Security - Firewalls
 How firewalls look at packets
 Stateful packet inspection (SPI)
 Examine each packet
 Bases decision on current and previous packets
 Can look at actual contents of packet
 Stateless packet inspection
 Very basic
 Only looks at current packet
 Does not look at contents
Computer Security - Firewalls
 Software-based
 Zone Alarm www.zonealarm.com
 Mcafee Personal Firewall www.mcafee.com
 Norton Personal Firewall
www.symantec.com/norton
 Hardware-based
 Cisco www.cisco.com
 Juniper NetScreen www.juniper.net