Please enable JavaScript.
Coggle requires JavaScript to display documents.
Internet Security (9.3.2) (Worms, Viruses & Trojans (Worm: Self…
Internet Security (9.3.2)
Firewall
A system (h/w &/or s/w) designed to prevent unauthorised access to/from a private network
All data passing between the private network and outside (ie the Internet) is analysed by the firewall and will be dropped/rejected if it fails any rules in place
Drop - just deletes
Reject - deletes and notifies sender (ICMP)
Packet Filtering
(1st gen)
Operates at the Network Layer
Examines the Header of each packet and applies filtering rules, regarding the network addresses and ports (see Well-known Ports)
Can accept those it is certain are safe OR
Can reject those it is certain are unsafe
Proxy Server
Intercepts all messages to and from a network
Can act as a firewall
Stateful Inspection
(2nd gen)
Determines if a packet is related to
another packet and if so, accepts
Maintains a state table, to keep track
of all open connections through a firewall
Operates up to the Application Layer
Newer firewalls can filter on many attributes eg
destination IP or Port, destination service eg FTP, HTTP,
TTL value etc
Symmetric Encryption
AKA Secret/ Private Key
Same key to encrypt/decrypt
Asymmetric Encryption
AKA Public key
Private key kept secret by user, used to encrypt
Related Public key used by receiver to decrypt
Digital Signatures and Certificates
Signature
: a digital code attached to a message that uniquely identifies the sender and authenticates the message.
The code is encrypted with the private key and
transmitted with the document.
The receiver decrypts the message with the public key. If the receiver’s key does not compute the same hash code then the document has been altered or not sent by the sender and so is invalid.
Digital Certificates
: used to certify the online identities
of individuals, organizations, and computers
Obtained from a Certificate Authority (CA
The CA uses its private key to generate a digital signature for the certificate, that anyone can verify using the CA’s public key.
Worms, Viruses & Trojans
Worm
: Self-replicating, stand-alone malware program
Duplicates itself to spread to uninfected computers
Usually harmful to a network,
as at minimum will use up bandwidth
Virus
: Requires an active host program
eg an exe file or email attachment
Remains dormant until the host program activated
Usually corrupt or modify targeted computers
Trojan
: Any program that misleads the user
about its true purpose
Users are often tricked into installing via social engineering
Can steal, install more malware, set up remote access etc
Discuss how
improved code quality,
monitoring & protection
can be used to
address WVTs