![Page 1: CTP 204 2006-2007 FALL Firewalls Filtering Properties Anti-virus Programs](https://reader036.vdocuments.mx/reader036/viewer/2022062422/56813ad3550346895da305fb/html5/thumbnails/1.jpg)
CTP 204CTP 2042006-2007 FALL2006-2007 FALL
FirewallsFirewallsFiltering PropertiesFiltering PropertiesAnti-virus ProgramsAnti-virus Programs
![Page 2: CTP 204 2006-2007 FALL Firewalls Filtering Properties Anti-virus Programs](https://reader036.vdocuments.mx/reader036/viewer/2022062422/56813ad3550346895da305fb/html5/thumbnails/2.jpg)
WHAT IS A FIREWALL?WHAT IS A FIREWALL?
System or system groupSystem or system group Traffic conrollerTraffic conroller
![Page 3: CTP 204 2006-2007 FALL Firewalls Filtering Properties Anti-virus Programs](https://reader036.vdocuments.mx/reader036/viewer/2022062422/56813ad3550346895da305fb/html5/thumbnails/3.jpg)
FIREWALLS PROPERTIESFIREWALLS PROPERTIES
Contol the trafficContol the traffic1.1. Let the traffic goLet the traffic go2.2. Stop the trafficStop the traffic
Block the packetsBlock the packets Provide a first line of defenseProvide a first line of defense Make public network secureMake public network secure Can not block viruses(disadvantage)Can not block viruses(disadvantage) Block unauthorized accessBlock unauthorized access
![Page 4: CTP 204 2006-2007 FALL Firewalls Filtering Properties Anti-virus Programs](https://reader036.vdocuments.mx/reader036/viewer/2022062422/56813ad3550346895da305fb/html5/thumbnails/4.jpg)
How does a firewall work?How does a firewall work?
Create a guide tableCreate a guide table Checks the packetsChecks the packets
PACKET(Source IP,Sink IP,Source Port,Sink Port)PACKET(Source IP,Sink IP,Source Port,Sink Port)
Compare them with firewall rulesCompare them with firewall rules Delete or checks guide tableDelete or checks guide table
![Page 5: CTP 204 2006-2007 FALL Firewalls Filtering Properties Anti-virus Programs](https://reader036.vdocuments.mx/reader036/viewer/2022062422/56813ad3550346895da305fb/html5/thumbnails/5.jpg)
PERSONAL FIREWALLSPERSONAL FIREWALLS
Without a firewall:Without a firewall: Ftp(optional)Ftp(optional) Http(optional)Http(optional) SmtpSmtp Pop3Pop3
![Page 6: CTP 204 2006-2007 FALL Firewalls Filtering Properties Anti-virus Programs](https://reader036.vdocuments.mx/reader036/viewer/2022062422/56813ad3550346895da305fb/html5/thumbnails/6.jpg)
PERSONAL SECURITYPERSONAL SECURITY
Update the applications run on Internet Update the applications run on Internet (Outlook,Internet Explorer, ICQ,MSN…)(Outlook,Internet Explorer, ICQ,MSN…)
Usa a firewall and close unused ports Usa a firewall and close unused ports (IPTABLES for Linux, NETFILTER for Windows)(IPTABLES for Linux, NETFILTER for Windows)
Use a anti-virus program & always updateUse a anti-virus program & always update Disable Java, Java Script, ActiveX choiceDisable Java, Java Script, ActiveX choice Do not open the e-mails before searching for Do not open the e-mails before searching for
virusvirus Always take back-up of important filesAlways take back-up of important files Create a boot disc for hard-disc failureCreate a boot disc for hard-disc failure
![Page 7: CTP 204 2006-2007 FALL Firewalls Filtering Properties Anti-virus Programs](https://reader036.vdocuments.mx/reader036/viewer/2022062422/56813ad3550346895da305fb/html5/thumbnails/7.jpg)
FIREWALL TYPESFIREWALL TYPES
Software based Hardware basedSoftware based Hardware based
![Page 8: CTP 204 2006-2007 FALL Firewalls Filtering Properties Anti-virus Programs](https://reader036.vdocuments.mx/reader036/viewer/2022062422/56813ad3550346895da305fb/html5/thumbnails/8.jpg)
FILTERING PROPERTIESFILTERING PROPERTIES1.1. Packet FilteringPacket Filtering
Check only source IP&port, sink IP&portCheck only source IP&port, sink IP&port Do not follow sessionDo not follow session
2.2. Stateful InspectionStateful Inspection Check the packet flow characteristic for each sessionCheck the packet flow characteristic for each session Complex from other filtering but secureComplex from other filtering but secure
3.3. NAT(Network Address Translation)NAT(Network Address Translation) Session levelSession level Block the IP address of the computersBlock the IP address of the computers Show nat address & use only one IPShow nat address & use only one IP
4.4. ProxyProxy Application levelApplication level Filter ftp,telnet applicationsFilter ftp,telnet applications Filter certain commands of an applicationFilter certain commands of an application Watch or block the local network users connectionWatch or block the local network users connection High level securityHigh level security
![Page 9: CTP 204 2006-2007 FALL Firewalls Filtering Properties Anti-virus Programs](https://reader036.vdocuments.mx/reader036/viewer/2022062422/56813ad3550346895da305fb/html5/thumbnails/9.jpg)
NAT MECANISMNAT MECANISM
STEPS OF HOW DOES THE STEPS OF HOW DOES THE MECANISM WORKSMECANISM WORKS
1.1. Take the packet from local networkTake the packet from local network2.2. Hold IP and port info of this packetHold IP and port info of this packet3.3. Make the source address self-addressMake the source address self-address4.4. Send packet to out worldSend packet to out world5.5. Take the answer packet from out worldTake the answer packet from out world6.6. Check the tables and find the owner of the Check the tables and find the owner of the
packetpacket
![Page 10: CTP 204 2006-2007 FALL Firewalls Filtering Properties Anti-virus Programs](https://reader036.vdocuments.mx/reader036/viewer/2022062422/56813ad3550346895da305fb/html5/thumbnails/10.jpg)
COMPARING NAT & PROXYCOMPARING NAT & PROXY
Both hides IP addresses of the computersBoth hides IP addresses of the computers Both can be used when IP address not enoughBoth can be used when IP address not enough Both install session(Only Proxy interfere content)Both install session(Only Proxy interfere content) Both slow down the network(CPU-RAM)Both slow down the network(CPU-RAM)
NAT easier to set up NAT easier to set up Proxy Proxy require settings for each client require settings for each client (Internet (Internet
Explorer,ICQ,MSN…)Explorer,ICQ,MSN…)
Both are secureBoth are secure
![Page 11: CTP 204 2006-2007 FALL Firewalls Filtering Properties Anti-virus Programs](https://reader036.vdocuments.mx/reader036/viewer/2022062422/56813ad3550346895da305fb/html5/thumbnails/11.jpg)
FIREWALLS PERFORMANCEFIREWALLS PERFORMANCE
Related with network performanceRelated with network performance RAM and CPU should be higher when RAM and CPU should be higher when
NAT & PROXY installedNAT & PROXY installed Operation system should be harmony with Operation system should be harmony with
firewallfirewall
![Page 12: CTP 204 2006-2007 FALL Firewalls Filtering Properties Anti-virus Programs](https://reader036.vdocuments.mx/reader036/viewer/2022062422/56813ad3550346895da305fb/html5/thumbnails/12.jpg)
INSTALLING FIREWALLSINSTALLING FIREWALLS
1.1. CENTERAL buildingCENTERAL building
2.2. MIXED buildingMIXED building
![Page 13: CTP 204 2006-2007 FALL Firewalls Filtering Properties Anti-virus Programs](https://reader036.vdocuments.mx/reader036/viewer/2022062422/56813ad3550346895da305fb/html5/thumbnails/13.jpg)
CENTRAL BuildingCENTRAL Building
![Page 14: CTP 204 2006-2007 FALL Firewalls Filtering Properties Anti-virus Programs](https://reader036.vdocuments.mx/reader036/viewer/2022062422/56813ad3550346895da305fb/html5/thumbnails/14.jpg)
CENTRAL BuildingCENTRAL Building
AdvantagesAdvantages Easy to configEasy to config SecurerSecurer
DisadvantagesDisadvantages Effect all segmentsEffect all segments Difficult to back upDifficult to back up Difficult to upgrade according to each userDifficult to upgrade according to each user
![Page 15: CTP 204 2006-2007 FALL Firewalls Filtering Properties Anti-virus Programs](https://reader036.vdocuments.mx/reader036/viewer/2022062422/56813ad3550346895da305fb/html5/thumbnails/15.jpg)
MIXED BuildingMIXED Building
![Page 16: CTP 204 2006-2007 FALL Firewalls Filtering Properties Anti-virus Programs](https://reader036.vdocuments.mx/reader036/viewer/2022062422/56813ad3550346895da305fb/html5/thumbnails/16.jpg)
MIXED BuildingMIXED Building
AdvantagesAdvantages Effect only one segmentEffect only one segment Easy back-upEasy back-up Used many different functionsUsed many different functions
DisadvantagesDisadvantages Expensive than central buildingExpensive than central building Can not generalize security politicsCan not generalize security politics
![Page 17: CTP 204 2006-2007 FALL Firewalls Filtering Properties Anti-virus Programs](https://reader036.vdocuments.mx/reader036/viewer/2022062422/56813ad3550346895da305fb/html5/thumbnails/17.jpg)
VLAN(VIRTUAL LAN)VLAN(VIRTUAL LAN)
•Seperate each group
•Makes the network securer
•Supply more security with firewall
![Page 18: CTP 204 2006-2007 FALL Firewalls Filtering Properties Anti-virus Programs](https://reader036.vdocuments.mx/reader036/viewer/2022062422/56813ad3550346895da305fb/html5/thumbnails/18.jpg)
FIREWALL SETTINGSFIREWALL SETTINGS
1.1. Direct connection to firewall:Direct connection to firewall: Enter the rules to command line(console)Enter the rules to command line(console)
2.2. If has web surface:If has web surface: Enter the rules on web serverEnter the rules on web server
3.3. Installing the firewall setting console to Installing the firewall setting console to another (secure)pc:another (secure)pc:
Enter the rules on that (secure)pcEnter the rules on that (secure)pc
![Page 19: CTP 204 2006-2007 FALL Firewalls Filtering Properties Anti-virus Programs](https://reader036.vdocuments.mx/reader036/viewer/2022062422/56813ad3550346895da305fb/html5/thumbnails/19.jpg)
WINDOWS FIREWALLWINDOWS FIREWALL
![Page 20: CTP 204 2006-2007 FALL Firewalls Filtering Properties Anti-virus Programs](https://reader036.vdocuments.mx/reader036/viewer/2022062422/56813ad3550346895da305fb/html5/thumbnails/20.jpg)
WINDOWS FIREWALLWINDOWS FIREWALL
Dangerous to open a new port for an unknown application
![Page 21: CTP 204 2006-2007 FALL Firewalls Filtering Properties Anti-virus Programs](https://reader036.vdocuments.mx/reader036/viewer/2022062422/56813ad3550346895da305fb/html5/thumbnails/21.jpg)
WINDOWS FIREWALLWINDOWS FIREWALL
![Page 22: CTP 204 2006-2007 FALL Firewalls Filtering Properties Anti-virus Programs](https://reader036.vdocuments.mx/reader036/viewer/2022062422/56813ad3550346895da305fb/html5/thumbnails/22.jpg)
ANTI-VIRUS PROGRAMSANTI-VIRUS PROGRAMS
COMMON PROPERTIESCOMMON PROPERTIES ExecutableExecutable ClonableClonable HideableHideable Change a program codesChange a program codes Change itselfChange itself
![Page 23: CTP 204 2006-2007 FALL Firewalls Filtering Properties Anti-virus Programs](https://reader036.vdocuments.mx/reader036/viewer/2022062422/56813ad3550346895da305fb/html5/thumbnails/23.jpg)
VIRUS TYPESVIRUS TYPES
1.1. File VirusFile Virus2.2. Command Runnable VirusCommand Runnable Virus3.3. Boot Sector VirusBoot Sector Virus4.4. Script VirusScript Virus5.5. MacroMacro6.6. WormWorm7.7. TrojanTrojan8.8. DailerDailer
![Page 24: CTP 204 2006-2007 FALL Firewalls Filtering Properties Anti-virus Programs](https://reader036.vdocuments.mx/reader036/viewer/2022062422/56813ad3550346895da305fb/html5/thumbnails/24.jpg)
File VirusFile Virus
Finishes with .com .bat .exeFinishes with .com .bat .exe Change fileChange file Delete fileDelete file
![Page 25: CTP 204 2006-2007 FALL Firewalls Filtering Properties Anti-virus Programs](https://reader036.vdocuments.mx/reader036/viewer/2022062422/56813ad3550346895da305fb/html5/thumbnails/25.jpg)
Command Runnable VirusCommand Runnable Virus
Roll the O\S filesRoll the O\S files Target command.comTarget command.com
![Page 26: CTP 204 2006-2007 FALL Firewalls Filtering Properties Anti-virus Programs](https://reader036.vdocuments.mx/reader036/viewer/2022062422/56813ad3550346895da305fb/html5/thumbnails/26.jpg)
Boot Sector VirusBoot Sector Virus
Place to MBR(Master Boot Record)Place to MBR(Master Boot Record) Run before O\SRun before O\S
![Page 27: CTP 204 2006-2007 FALL Firewalls Filtering Properties Anti-virus Programs](https://reader036.vdocuments.mx/reader036/viewer/2022062422/56813ad3550346895da305fb/html5/thumbnails/27.jpg)
Script VirusScript Virus
Roll from Internet Explorer,Outlook…Roll from Internet Explorer,Outlook… Active when a web site or e-mail openedActive when a web site or e-mail opened
![Page 28: CTP 204 2006-2007 FALL Firewalls Filtering Properties Anti-virus Programs](https://reader036.vdocuments.mx/reader036/viewer/2022062422/56813ad3550346895da305fb/html5/thumbnails/28.jpg)
MacroMacro
Use macro functions of MS-OfficeUse macro functions of MS-Office Roll while openingRoll while opening
![Page 29: CTP 204 2006-2007 FALL Firewalls Filtering Properties Anti-virus Programs](https://reader036.vdocuments.mx/reader036/viewer/2022062422/56813ad3550346895da305fb/html5/thumbnails/29.jpg)
WormWorm
Roll using IP address & opened share filesRoll using IP address & opened share files Use RPC(Remote Procedure Call) of Use RPC(Remote Procedure Call) of
WINDOWSWINDOWS Roll to sharing filesRoll to sharing files Copy it-selfCopy it-self Block the Internet trafficBlock the Internet traffic
![Page 30: CTP 204 2006-2007 FALL Firewalls Filtering Properties Anti-virus Programs](https://reader036.vdocuments.mx/reader036/viewer/2022062422/56813ad3550346895da305fb/html5/thumbnails/30.jpg)
TrojanTrojan
Take the passwords of victim PCTake the passwords of victim PC Spy virusSpy virus No damageNo damage
![Page 31: CTP 204 2006-2007 FALL Firewalls Filtering Properties Anti-virus Programs](https://reader036.vdocuments.mx/reader036/viewer/2022062422/56813ad3550346895da305fb/html5/thumbnails/31.jpg)
DailerDailer
Effect dial-up usersEffect dial-up users Disconnect the user from InternetDisconnect the user from Internet Mute the modemMute the modem Connect to an operator abroadConnect to an operator abroad Make user pay too much moneyMake user pay too much money
![Page 32: CTP 204 2006-2007 FALL Firewalls Filtering Properties Anti-virus Programs](https://reader036.vdocuments.mx/reader036/viewer/2022062422/56813ad3550346895da305fb/html5/thumbnails/32.jpg)
ANTI-VIRUS PROGRAM PROPERTIESANTI-VIRUS PROGRAM PROPERTIES
Check existing foldersCheck existing folders Clean\Quarantine contagious virusClean\Quarantine contagious virus Block the virus from CD,disc,internetBlock the virus from CD,disc,internet
![Page 33: CTP 204 2006-2007 FALL Firewalls Filtering Properties Anti-virus Programs](https://reader036.vdocuments.mx/reader036/viewer/2022062422/56813ad3550346895da305fb/html5/thumbnails/33.jpg)
How does a anti-virus program work?How does a anti-virus program work?
Create a databaseCreate a database Update the databaseUpdate the database Take the control of the computerTake the control of the computer Check all imports to pcCheck all imports to pc
![Page 34: CTP 204 2006-2007 FALL Firewalls Filtering Properties Anti-virus Programs](https://reader036.vdocuments.mx/reader036/viewer/2022062422/56813ad3550346895da305fb/html5/thumbnails/34.jpg)
COMPARING ANTI-VIRUS COMPARING ANTI-VIRUS PROGRAMSPROGRAMS
http://anti-http://anti-virusvirus--softwaresoftware--reviewreview..toptenreviewstoptenreviews
.com/?ttreng=1&ttrkey=anti-virus+program.com/?ttreng=1&ttrkey=anti-virus+programss