Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information SecurityInformation Security 1

Information Security:Information Security:Demo of Some Security Demo of Some Security

ToolsToolsJeffy MwakalingaJeffy Mwakalinga


outlineoutline

FirewallFirewall

IntrusionIntrusion DetectionDetection SystemSystem

Ad-AwareAd-Aware

Anti-SpywareAnti-Spyware

AntiAnti SpamSpam TechnologyTechnology

OverviewOverview ofof ExistingExisting SecuritySecurity ToolsTools


Overview of Existing Security Systems : Overview of Existing Security Systems : FirewallsFirewallsUsed even for Deterring (Scaring attackers)Used even for Deterring (Scaring attackers)

Firewalls Designed to prevent malicious packets from entering Software based Runs as a local program to protect one computer (personal firewall) or as a program on a separate computer (network firewall) to protect the networkHardware based separate devices that protect the entire network (network firewalls)


Firewall: SymantecFirewall: Symantec


Firewall: Symantec- Client Firewall SettingsFirewall: Symantec- Client Firewall Settings


Firewall: Symantec- Trojan Horse SettingsFirewall: Symantec- Trojan Horse Settings


Firewall: Symantec- Internet Access ControlFirewall: Symantec- Internet Access Control


Firewall: Symantec- Internet Zone ControlFirewall: Symantec- Internet Zone Control


Firewall: Symantec- Privacy ControlFirewall: Symantec- Privacy Control


Symantecs Firewall AdministratorSymantecs Firewall Administrator


Overview of Existing Security Systems : Overview of Existing Security Systems : Detection -Detection -Intrusion Detection SystemsIntrusion Detection Systems

Intrusion Detection System (IDS) Examines the activity on a network Goal is to detect intrusions and take action

Two types of IDS:Host-based IDS Installed on a server or other computers (sometimes all)

Monitors traffic to and from that particular computerNetwork-based IDS Located behind the firewall and monitors all network traffic


Intrusion Detection System: SymantecIntrusion Detection System: Symantec


Intrusion Detection System: SymantecIntrusion Detection System: SymantecExclusionsExclusions


Intrusion Detection System: SymantecIntrusion Detection System: SymantecSignature ExclusionsSignature Exclusions


Intrusion Detection System: SymantecIntrusion Detection System: Symantec-Names of Intrusions to be not Monitored-Names of Intrusions to be not Monitored


Anti Advertisement Program AD-AWAREAnti Advertisement Program AD-AWARE




Anti-Spam TechnologyAnti-Spam Technology

ContentsContents Matching-phrases,Matching-phrases, expressionsexpressions GreyGrey Listing-recordListing-record send,send, IPIP address,address, recipientrecipient :: forceforce

legitimatelegitimate sendingsending systemssystems toto trytry resendingresending thethe e-maile-mail (90%(90% eliminated)eliminated)

PhonePhone && URLURL BlacklistsBlacklists –can–can fakefake e-maile-mail butbut notnot phonesphones oror linkslinks toto theirtheir sitessites

SubjectSubject LineLine MatchingMatching OriginatorOriginator MatchingMatching -- againstagainst e-mailblacke-mailblack listlist MessageMessage CharacteristicCharacteristic CheckingChecking NetworkNetwork AddressAddress CheckingChecking RealReal timetime blackblack holehole listslists -known-known serversservers thatthat relayrelay

spamsspams LanguageLanguage CombinationsCombinations ofof technologiestechnologies


Overview of Existing Security Overview of Existing Security Systems :Systems : Network Address Translation Network Address Translation (NAT)(NAT)

Network Address Translation (NAT) Systems Hides the IP address of network devices Located just behind the firewall. NAT device uses an alias IP address in place of the sending machine’s real one “You cannot attack what you can’t see”


Overview of Existing Security Systems :Overview of Existing Security Systems :

Proxy ServersProxy Servers

Proxy Server Operates similar to NAT, but also examines packets to look for malicious content Replaces the protected computer’s IP address with the proxy server’s address

Protected computers never have a direct connection outside the networkThe proxy server intercepts requests. Acts “on behalf of” the requesting client


Adding a Special Network called Demilitarized Adding a Special Network called Demilitarized Zone (DMZ)Zone (DMZ)

Demilitarized Zones (DMZ) Another network that sits outside the secure network perimeter. Outside users can access the DMZ, but not the secure network

Some DMZs use two firewalls. This prevents outside users from even accessing the internal firewall Provides an additional layer of security


Overview of Existing Security Systems :Overview of Existing Security Systems : Virtual PrivateVirtual Private Networks Networks (VPN)(VPN)

Virtual Private Networks (VPNs) Virtual Private Networks (VPNs) A secure A secure network connection over a public network network connection over a public network • Allows mobile users to securely access Allows mobile users to securely access

informationinformation• Sets up a unique connection called a tunnel Sets up a unique connection called a tunnel


Overview of Existing Security Systems :Overview of Existing Security Systems : Virtual Private Virtual Private Networks (VPN)Networks (VPN)


Overview of Existing Security Systems :Overview of Existing Security Systems : HoneypotsHoneypots

Honeypots Computer located in a DMZ and loaded with files and software that appear to be authentic, but are actually imitations

Intentionally configured with security holesGoals: Direct attacker’s attention away from real targets; Examine the techniques used by hackers


Overview of Existing Security Systems :Overview of Existing Security Systems : Secure Socket Secure Socket Layer (SSL)Layer (SSL)

SSL is used for securing communication between SSL is used for securing communication between clients and servers. It provides mainly clients and servers. It provides mainly confidentiality, integrity and authenticationconfidentiality, integrity and authentication

WWW ServerClient

Establish SSL connection - communication protected


Protecting one ComputerProtecting one Computer

Operating system hardening is the process Operating system hardening is the process of making a PC operating system more of making a PC operating system more securesecure• Patch managementPatch management• Antivirus software – to protect your pc from Antivirus software – to protect your pc from

virusesviruses• Antispyware softwareAntispyware software• Firewalls – to deter (scare), protectFirewalls – to deter (scare), protect• Setting correct permissions for sharesSetting correct permissions for shares• Intrusion detection Systems – to detect Intrusion detection Systems – to detect

intrusionsintrusions• Cryptographic systemsCryptographic systems


Protecting a Wireless Local Area Network (WLAN)Protecting a Wireless Local Area Network (WLAN)


Security in a Wireless LANSecurity in a Wireless LAN

WLANs include a different set of WLANs include a different set of security issuessecurity issues

Steps to secure:Steps to secure:• Turn off broadcast informationTurn off broadcast information• MAC address filteringMAC address filtering• EncryptionEncryption• Password protect the access pointPassword protect the access point• Physically secure the access pointPhysically secure the access point• Use enhanced WLAN security standards Use enhanced WLAN security standards

whenever possiblewhenever possible• Use cryptographic systemsUse cryptographic systems


SummarySummary

FirewallFirewall

IntrusionIntrusion DetectionDetection SystemSystem

Ad-AwareAd-Aware


AntiAnti SpamSpam TechnologyTechnology

OverviewOverview ofof ExistingExisting SecuritySecurity ToolsTools

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Documents

information security

symantec slide

network traffic slide

antispyware slide

symantec exclusions

network hardware

network goal

ip address of network