CTP 204 2006-2007 FALL Firewalls Filtering Properties Anti-virus Programs
description
Transcript of CTP 204 2006-2007 FALL Firewalls Filtering Properties Anti-virus Programs
CTP 204CTP 2042006-2007 FALL2006-2007 FALL
FirewallsFirewallsFiltering PropertiesFiltering PropertiesAnti-virus ProgramsAnti-virus Programs
WHAT IS A FIREWALL?WHAT IS A FIREWALL?
System or system groupSystem or system group Traffic conrollerTraffic conroller
FIREWALLS PROPERTIESFIREWALLS PROPERTIES
Contol the trafficContol the traffic1.1. Let the traffic goLet the traffic go2.2. Stop the trafficStop the traffic
Block the packetsBlock the packets Provide a first line of defenseProvide a first line of defense Make public network secureMake public network secure Can not block viruses(disadvantage)Can not block viruses(disadvantage) Block unauthorized accessBlock unauthorized access
How does a firewall work?How does a firewall work?
Create a guide tableCreate a guide table Checks the packetsChecks the packets
PACKET(Source IP,Sink IP,Source Port,Sink Port)PACKET(Source IP,Sink IP,Source Port,Sink Port)
Compare them with firewall rulesCompare them with firewall rules Delete or checks guide tableDelete or checks guide table
PERSONAL FIREWALLSPERSONAL FIREWALLS
Without a firewall:Without a firewall: Ftp(optional)Ftp(optional) Http(optional)Http(optional) SmtpSmtp Pop3Pop3
PERSONAL SECURITYPERSONAL SECURITY
Update the applications run on Internet Update the applications run on Internet (Outlook,Internet Explorer, ICQ,MSN…)(Outlook,Internet Explorer, ICQ,MSN…)
Usa a firewall and close unused ports Usa a firewall and close unused ports (IPTABLES for Linux, NETFILTER for Windows)(IPTABLES for Linux, NETFILTER for Windows)
Use a anti-virus program & always updateUse a anti-virus program & always update Disable Java, Java Script, ActiveX choiceDisable Java, Java Script, ActiveX choice Do not open the e-mails before searching for Do not open the e-mails before searching for
virusvirus Always take back-up of important filesAlways take back-up of important files Create a boot disc for hard-disc failureCreate a boot disc for hard-disc failure
FIREWALL TYPESFIREWALL TYPES
Software based Hardware basedSoftware based Hardware based
FILTERING PROPERTIESFILTERING PROPERTIES1.1. Packet FilteringPacket Filtering
Check only source IP&port, sink IP&portCheck only source IP&port, sink IP&port Do not follow sessionDo not follow session
2.2. Stateful InspectionStateful Inspection Check the packet flow characteristic for each sessionCheck the packet flow characteristic for each session Complex from other filtering but secureComplex from other filtering but secure
3.3. NAT(Network Address Translation)NAT(Network Address Translation) Session levelSession level Block the IP address of the computersBlock the IP address of the computers Show nat address & use only one IPShow nat address & use only one IP
4.4. ProxyProxy Application levelApplication level Filter ftp,telnet applicationsFilter ftp,telnet applications Filter certain commands of an applicationFilter certain commands of an application Watch or block the local network users connectionWatch or block the local network users connection High level securityHigh level security
NAT MECANISMNAT MECANISM
STEPS OF HOW DOES THE STEPS OF HOW DOES THE MECANISM WORKSMECANISM WORKS
1.1. Take the packet from local networkTake the packet from local network2.2. Hold IP and port info of this packetHold IP and port info of this packet3.3. Make the source address self-addressMake the source address self-address4.4. Send packet to out worldSend packet to out world5.5. Take the answer packet from out worldTake the answer packet from out world6.6. Check the tables and find the owner of the Check the tables and find the owner of the
packetpacket
COMPARING NAT & PROXYCOMPARING NAT & PROXY
Both hides IP addresses of the computersBoth hides IP addresses of the computers Both can be used when IP address not enoughBoth can be used when IP address not enough Both install session(Only Proxy interfere content)Both install session(Only Proxy interfere content) Both slow down the network(CPU-RAM)Both slow down the network(CPU-RAM)
NAT easier to set up NAT easier to set up Proxy Proxy require settings for each client require settings for each client (Internet (Internet
Explorer,ICQ,MSN…)Explorer,ICQ,MSN…)
Both are secureBoth are secure
FIREWALLS PERFORMANCEFIREWALLS PERFORMANCE
Related with network performanceRelated with network performance RAM and CPU should be higher when RAM and CPU should be higher when
NAT & PROXY installedNAT & PROXY installed Operation system should be harmony with Operation system should be harmony with
firewallfirewall
INSTALLING FIREWALLSINSTALLING FIREWALLS
1.1. CENTERAL buildingCENTERAL building
2.2. MIXED buildingMIXED building
CENTRAL BuildingCENTRAL Building
CENTRAL BuildingCENTRAL Building
AdvantagesAdvantages Easy to configEasy to config SecurerSecurer
DisadvantagesDisadvantages Effect all segmentsEffect all segments Difficult to back upDifficult to back up Difficult to upgrade according to each userDifficult to upgrade according to each user
MIXED BuildingMIXED Building
MIXED BuildingMIXED Building
AdvantagesAdvantages Effect only one segmentEffect only one segment Easy back-upEasy back-up Used many different functionsUsed many different functions
DisadvantagesDisadvantages Expensive than central buildingExpensive than central building Can not generalize security politicsCan not generalize security politics
VLAN(VIRTUAL LAN)VLAN(VIRTUAL LAN)
•Seperate each group
•Makes the network securer
•Supply more security with firewall
FIREWALL SETTINGSFIREWALL SETTINGS
1.1. Direct connection to firewall:Direct connection to firewall: Enter the rules to command line(console)Enter the rules to command line(console)
2.2. If has web surface:If has web surface: Enter the rules on web serverEnter the rules on web server
3.3. Installing the firewall setting console to Installing the firewall setting console to another (secure)pc:another (secure)pc:
Enter the rules on that (secure)pcEnter the rules on that (secure)pc
WINDOWS FIREWALLWINDOWS FIREWALL
WINDOWS FIREWALLWINDOWS FIREWALL
Dangerous to open a new port for an unknown application
WINDOWS FIREWALLWINDOWS FIREWALL
ANTI-VIRUS PROGRAMSANTI-VIRUS PROGRAMS
COMMON PROPERTIESCOMMON PROPERTIES ExecutableExecutable ClonableClonable HideableHideable Change a program codesChange a program codes Change itselfChange itself
VIRUS TYPESVIRUS TYPES
1.1. File VirusFile Virus2.2. Command Runnable VirusCommand Runnable Virus3.3. Boot Sector VirusBoot Sector Virus4.4. Script VirusScript Virus5.5. MacroMacro6.6. WormWorm7.7. TrojanTrojan8.8. DailerDailer
File VirusFile Virus
Finishes with .com .bat .exeFinishes with .com .bat .exe Change fileChange file Delete fileDelete file
Command Runnable VirusCommand Runnable Virus
Roll the O\S filesRoll the O\S files Target command.comTarget command.com
Boot Sector VirusBoot Sector Virus
Place to MBR(Master Boot Record)Place to MBR(Master Boot Record) Run before O\SRun before O\S
Script VirusScript Virus
Roll from Internet Explorer,Outlook…Roll from Internet Explorer,Outlook… Active when a web site or e-mail openedActive when a web site or e-mail opened
MacroMacro
Use macro functions of MS-OfficeUse macro functions of MS-Office Roll while openingRoll while opening
WormWorm
Roll using IP address & opened share filesRoll using IP address & opened share files Use RPC(Remote Procedure Call) of Use RPC(Remote Procedure Call) of
WINDOWSWINDOWS Roll to sharing filesRoll to sharing files Copy it-selfCopy it-self Block the Internet trafficBlock the Internet traffic
TrojanTrojan
Take the passwords of victim PCTake the passwords of victim PC Spy virusSpy virus No damageNo damage
DailerDailer
Effect dial-up usersEffect dial-up users Disconnect the user from InternetDisconnect the user from Internet Mute the modemMute the modem Connect to an operator abroadConnect to an operator abroad Make user pay too much moneyMake user pay too much money
ANTI-VIRUS PROGRAM PROPERTIESANTI-VIRUS PROGRAM PROPERTIES
Check existing foldersCheck existing folders Clean\Quarantine contagious virusClean\Quarantine contagious virus Block the virus from CD,disc,internetBlock the virus from CD,disc,internet
How does a anti-virus program work?How does a anti-virus program work?
Create a databaseCreate a database Update the databaseUpdate the database Take the control of the computerTake the control of the computer Check all imports to pcCheck all imports to pc
COMPARING ANTI-VIRUS COMPARING ANTI-VIRUS PROGRAMSPROGRAMS
http://anti-http://anti-virusvirus--softwaresoftware--reviewreview..toptenreviewstoptenreviews
.com/?ttreng=1&ttrkey=anti-virus+program.com/?ttreng=1&ttrkey=anti-virus+programss