FIREWALL

Firewall is used to help keep a network secure. Firewalls protect against hackers and malicious intruders. Its primary objective is to control the incoming and outgoing network traffic by analyzing the data packets and determining whether it should be allowed through or not.

Working:
A firewall examines all the traffic routed between the two networks (internal network and external network) to see if it meets certain criteria.
It routes packet between the networks. And most router support packet filtering.
It filters both inbound and outbound traffic.
Firewall can filter packet based on their source and destination addresses and port number.

Firewalls fall into four categories:

• Packet filters:- it work at the network level of the OSI model (or the IP layer of TCP/IP).  Each packet is compared to a set of criteria before it is forwarded.

• Circuit level gateway:- It work at the session layer of the OSI model, or the TCP layer of TCP/IP. They hide information about the private network they protect. It do not filter individual packet.

• Application level gateway:- It also called proxies, they can filter packet at the application layer of the OSI model. Incoming or outgoing packet cannot access service for which there is no proxy. They can filter an application specific command such as “http: post and get”.

• Stateful multilayer inspection firewall:- It combine the aspects of the other three types of firewall. They are expensive and require competent personnel to administer the device.

Types of Firewall:

1.      Software Firewall: Software firewall is inbuilt in windows.

 

There are three types of software firewall:-

• Zone Alarm

• Kspersky Internet Security 2011

• Comodo Internet Security 2011

2. Hardware Firewall: Hardware firewall is looks like DVD. It needs to be attached with you network.

 

         There are three types of hardware firewall:-

• Nebero

• Cyberom

• Juniper

HONEYPOT

A honeypot is a device, placed on computer network. It capture the malicious traffic on network. Honeypot are one of the leading security tools used to monitor. The captured information is highly valuable as it contains only malicious traffic with little to no false positives.

Working:  
Honeypot create a virtual network and safe the original network from the unauthentic attacks. And it set a trap to detect the attacker and unauthorized use of information system. When an attacker connects to these services they are fooled into thinking they are attacking a real server. The honeypot safely captures all communications with the attacker and logs these results for future analysis. Test server has captured several thousand trojans and rootkits from these simulated services.

 

Types of Honeypot:

1.Production Honeypot-

•  Production Honeypot Easy to use. 
•  Capture limited information.
•  Used by primarily by companies and comporting.
•  It placed inside the production network.
•  Production honeypot is low interaction honeypot.
•  It is easier to deploy.
•  They gave less information about the attacks and attackers.

2.Research Honeypot-

• It runs by non-profit research organization or an educational institution to gather information.
• Black hat community targets different network. They are used to research the threats organization face.
• Learn better protect against those threats.
• It is complex to deploy and maintain. Capture extension  information, and are used primarily by research, military, or government organizations.

Installing HoneyBOT:

HoneyBOT is compatible with and has been tested to work on Windows
2000 and Windows XP computers. At least 128MB of ram is
recommended.
 
1. HoneyBOT can be downloaded from web site at:
http://www.atomicsoftwaresolutions.com/honeybot.php

2. After clicking the download link save HoneyBOT_010.exe to a location
on your hard drive.
 
3. Double click the HoneyBOT_010.exe installation file to begin the setup
process.
 
4. Follow the prompts in the setup process. The default installation folder
for setup is c:\honeybot\
 
5. Setup will create a shortcut in the Start Menu folder and an option is
available to create a desktop icon.
 
6. Now you can launch HoneyBOT using the programs shortcut icon. 

Introduction to IDS:

Intrusion Detection has become an essential component of computer security in recent years.

IDS provide accurate and timely information about ongoing intrusion which is necessary for network protection.

It warns administrators of malicious computer activity.

It attached in between internet and firewall.

It gathering and analyzer or network.

Measuring IDS’s:

IDS’s generate too many inaccurate alarms in current systems. But acting automatically on such alarm is very dangerous. The concept of good is not well defined for the intrusion detection problem. Effectiveness of an good IDS report intrusion when they occur and does not report when they not occur.

      Stefan Axlsson analyzed the intrusion detection problem with Bayesian Statistics and determined that the base rate effectiveness of IDS.

Alarm from IDS must be investigated by security offices to separate the real threats from the false alarm.

      There are many factors to consider when evaluating IDS’s such as:-

Speed,

Cost,

Effectiveness,

Ease-of-use,

Scalability,

Interoperability.

       They are determined by the detection algorithm of the IDS. IDS use sensor to collect data which is processed into events.

There are three main categories of detection:

• Signature Detection: It identify/detect misuse event that misuse a system.
• Anomaly Detection: It create a model of normal use and look for activity that does not conform.
• Protocol Anomaly Detection: It analyzing network traffic and build TCP/IP protocols.

Type of Intrusion Detection System:

•   Network Based detection system
•   Host based – example; CISCO (CSA) CISCO Security Agent
•   Log-file Monitoring
•   File Integrity checking- It check for Trojen horses, or file

 

 

Indication of Intrusion:

1. System Indication
2.  File System Indication
3.  Network Indication

System Indication- Unusually system performance will be changed and slow, system not work properly and going to be abnormal.

Example;

• ·         Unusually graphics display
• ·         System crashes
• ·         System reboots
• ·         System Performance slow
• ·         Missing log
• ·         Unexpected text messages
• ·         Disturbed system configuration

File System Indication- Here change the file system.

Example;

• ·         Change file system
• ·         Missing file
• ·         Change function of file permission

Network Indication- Unusually network system change.

Example;

• ·         Connection from unusually location
• ·         Indication an attempt at creating either a Denial of Services
• ·         Indicating of a crash services

Intrusion Detection Tools:

1. CISCO Secure IDS
2. Dragon Sensor
3. Check Point Real Secure
4. Silent Runner
5. Real Secure