Transcript CTP 204 2006-2007 FALL Firewalls, Filtering Properties

CTP 204
2006-2007 FALL
Firewalls
Filtering Properties
Anti-virus Programs
WHAT IS A FIREWALL?
 System or system group
 Traffic conroller
FIREWALLS PROPERTIES
 Contol the traffic
1. Let the traffic go
2. Stop the traffic





Block the packets
Provide a first line of defense
Make public network secure
Can not block viruses(disadvantage)
Block unauthorized access
How does a firewall work?
 Create a guide table
 Checks the packets
PACKET(Source IP,Sink IP,Source Port,Sink Port)
 Compare them with firewall rules
 Delete or checks guide table
PERSONAL FIREWALLS
Without a firewall:
 Ftp(optional)
 Http(optional)
 Smtp
 Pop3
PERSONAL SECURITY
 Update the applications run on Internet
(Outlook,Internet Explorer, ICQ,MSN…)
 Usa a firewall and close unused ports





(IPTABLES for Linux, NETFILTER for Windows)
Use a anti-virus program & always update
Disable Java, Java Script, ActiveX choice
Do not open the e-mails before searching for
virus
Always take back-up of important files
Create a boot disc for hard-disc failure
FIREWALL TYPES
Software based
Hardware based
FILTERING PROPERTIES
1. Packet Filtering


Check only source IP&port, sink IP&port
Do not follow session
2. Stateful Inspection


Check the packet flow characteristic for each session
Complex from other filtering but secure
3. NAT(Network Address Translation)



Session level
Block the IP address of the computers
Show nat address & use only one IP
4. Proxy





Application level
Filter ftp,telnet applications
Filter certain commands of an application
Watch or block the local network users connection
High level security
NAT MECANISM
 STEPS OF HOW DOES THE
MECANISM WORKS
1.
2.
3.
4.
5.
6.
Take the packet from local network
Hold IP and port info of this packet
Make the source address self-address
Send packet to out world
Take the answer packet from out world
Check the tables and find the owner of the
packet
COMPARING NAT & PROXY




Both hides IP addresses of the computers
Both can be used when IP address not enough
Both install session(Only Proxy interfere content)
Both slow down the network(CPU-RAM)
 NAT easier to set up
 Proxy require settings for each client (Internet
Explorer,ICQ,MSN…)
 Both are secure
FIREWALLS PERFORMANCE
 Related with network performance
 RAM and CPU should be higher when
NAT & PROXY installed
 Operation system should be harmony with
firewall
INSTALLING FIREWALLS
1. CENTERAL building
2. MIXED building
CENTRAL Building
CENTRAL Building
 Advantages
 Easy to config
 Securer
 Disadvantages
 Effect all segments
 Difficult to back up
 Difficult to upgrade according to each user
MIXED Building
MIXED Building
 Advantages
 Effect only one segment
 Easy back-up
 Used many different functions
 Disadvantages
 Expensive than central building
 Can not generalize security politics
VLAN(VIRTUAL LAN)
•Seperate each group
•Makes the network
securer
•Supply more security
with firewall
FIREWALL SETTINGS
1. Direct connection to firewall:

Enter the rules to command line(console)
2. If has web surface:

Enter the rules on web server
3. Installing the firewall setting console to
another (secure)pc:

Enter the rules on that (secure)pc
WINDOWS FIREWALL
WINDOWS FIREWALL
Dangerous to open a new port for an unknown application
WINDOWS FIREWALL
ANTI-VIRUS PROGRAMS
COMMON PROPERTIES
 Executable
 Clonable
 Hideable
 Change a program codes
 Change itself
VIRUS TYPES
1.
2.
3.
4.
5.
6.
7.
8.
File Virus
Command Runnable Virus
Boot Sector Virus
Script Virus
Macro
Worm
Trojan
Dailer
File Virus
 Finishes with .com .bat .exe
 Change file
 Delete file
Command Runnable Virus
 Roll the O\S files
 Target command.com
Boot Sector Virus
 Place to MBR(Master Boot Record)
 Run before O\S
Script Virus
 Roll from Internet Explorer,Outlook…
 Active when a web site or e-mail opened
Macro
 Use macro functions of MS-Office
 Roll while opening
Worm
 Roll using IP address & opened share files
 Use RPC(Remote Procedure Call) of
WINDOWS
 Roll to sharing files
 Copy it-self
 Block the Internet traffic
Trojan
 Take the passwords of victim PC
 Spy virus
 No damage
Dailer
 Effect dial-up users
 Disconnect the user from Internet
 Mute the modem
 Connect to an operator abroad
 Make user pay too much money
ANTI-VIRUS PROGRAM PROPERTIES
 Check existing folders
 Clean\Quarantine contagious virus
 Block the virus from CD,disc,internet
How does a anti-virus program work?
 Create a database
 Update the database
 Take the control of the computer
 Check all imports to pc
COMPARING ANTI-VIRUS
PROGRAMS
http://anti-virus-softwarereview.toptenreviews.com/?ttreng=1&ttrke
y=anti-virus+programs