=>Firewalls
-is a system that prevents a specific type of information from moving between untrusted networks,such as the Internet, and private networks,.Put simply,firewalls prevent unauthorized internet users from accessing private networks.
-can consist of hardware or software or both.
-Used on;-
-- basic firewall fo a home computer. In this case, the firewall is implemented as software on the home computer.
--an organization that has implemented an external firewall,which faces the Internet, and an internet firewall,which faces the company network.A demilitarized zone (DMZ) is located between the two firewalls. Messages from the internet must first pass through the internet firewall. If they conform to the defined security rules,then they are sent to company severs located in the DMZ.These servers typically handle Web page requests and e-mail. Any messages designated for the company’s internal network (for example, its intranet) must pass through the internet firewall, again with its own defined security rules, to gain access to the company’s private network.
-The danger from viruses and worms is so severe that many organizations are placing firewalls at strategic points inside their private networks. In this way, if a virus or worm does get through both the external and internet firewalls, then the internal damage may be contained.
=>Anti-malware systems
-Also called AV or antivirus software,are software packages that attempt to identify and eliminate viruses, worms, and other malicious software.
-For example, Avira , Norton and whatsoever.
-anti malware system are generally reactive.It works by creating definitions, or signatures,of various types of malware,Next,updating these signatures in their products and then examines suspicious computer code to see if it matches a known signature. If it does,then the software will remove it.
-Nowadays there are anti-malware systems that function proactively as well as reactively. This systems evaluate behavior rather than relying on signature matching.In theory, it is possible to catch malware before it can infect system.Example (www.cisilion.com/cisco-security-agent.htm) and www.prevx.com .
Top ten antivirus:-
#1 Bit Defender Antivirus (Actualy I Hate It.hehe)
#2 Kaspersky-Anti-Virus
#3 Webroot Antivirus
#4 G DATA Antivirus
#5 ESET Nod 32
#6 Paretologic Anti-Virus Plus
#7 AVG Antivirus
#8 Vipre Antivirus Antispyware
#9 F-Secure Anti-Virus
#10 Trend Micro
Chriteria That is Count For Rating
~Ease Of Use
~Effectiveness
~Updates
~Feature Set
~Ease Of Installation
~Help/Support
(http://anti-virus-software-review.toptenreviews.com/)
=>Whitelisting and Blacklisting
-99 percent of organizations had anti malware systems installed, but 62 percent of companies still suffered successful malware attacks.
-One solution to this problem is whitelisting and blacklisting. Whitelisting allows nothing to run unless it is on the whitelist while blacklist allows everything to run unless it is on the blacklist.
-In more details, whitelisting is a process in which a company identifies the software that it will allow to run and does not try to recognize malware.
-it permits acceptable software to run and either prevents anything else from running or lets new software run in a quarantined environment until the company can verify its validity.
-while blacklist includes certain types of software that are not allowed to run in the company environment.For instances,a company might blacklist peer –to – peer file sharing on its systems.
-In addition to software, people,devices, and Web sites can also be whitelisted and blacklisted..
Some nice words.."Trollope admitted that poor performance was the main reason Norton Internet Security customers abandoned previous versions of the product. In the next version, he explained, a "whitelisting approach" significantly reduced the amount of time scanning files that are known to be safe.
"It does use whitelisting as an approach, but it really focuses on the performance gains we can get by not having to scan things on the whitelist," he said. Norton 2009 security suite, according to the company's vice president of consumer engineering, Rowan Trollope."(This word i take from http://keznews.com/4878_Norton_2009_tackles_whitelisting.htm..)
=>Intrusion Detection Systems(IDS)
-Is a software or a hardware that are designed to detect all types of malicious network traffic and computer usage such as accessing, manipulating or disabling of computer systems that cannot be detected by a firewall.These systems capture all network traffic flows and examine the contents of each packet for malicious traffic.
-An example of this type of malicious traffic is a denial – of – service attack.
-An IDS can be composed of several components:
Sensors which generate security events,
a Console to monitor events and alerts and control the sensors, and
a central Engine that records events logged by the sensors in a database and uses a system of rules to generate alerts from security events received.
-There are several ways to categorize an IDS depending on the type and location of the sensors and the methodology used by the engine to generate alerts. In many simple IDS implementations all three components are combined in a single device or appliance.
Types of IDS
-A network intrusion detection system (NIDS)
-A protocol-based intrusion detection system (PIDS)
-An application protocol-based intrusion detection system (APIDS)
-A host-based intrusion detection system (HIDS)
-A hybrid intrusion detection system combines two or more approaches for examples prelude.
My References
Information Literacy Book Page 85-86
http://www.mcafee.com/
http://www.avg.com/
http://www.symantec.com/norton/antivirus
http://www.avira.com/
http://www.keznews.com
http://www.wikipedia.com
http://www.cisilion.com/cisco-security-agent.htm
http://www.prevx.com
http://searchexchange.techtarget.com/sDefinition/0,,sid43_gci896131,00.html(Whitelist)
http://www.ipcortex.co.uk/wp/fw.rhtm (Internet firewall tutorial)
http://netsecurity.about.com/cs/hackertools/a/aa030504_2.htm (Intrusion Detection System)