Network and System Security > 4. Preventive Measures > Antivirus and Antispyware Tools

Table of Contents

Download Safari Books Online apps: Apple iOS | Android

Entire Site

Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Search

Table of Contents

Front Cover

Network and System Security

Chapter 1: Building a Secure Organization

Chapter 2: A Cryptography Primer

Chapter 3: Preventing System Intrusions

Chapter 4: Guarding Against Network Intrusions

1. Traditional Reconnaissance and Attacks

2. Malicious Software

3. Defense in Depth

4. Preventive Measures

Access Control

Vulnerability Testing and Patching

Closing Ports

Firewalls

Antivirus and Antispyware Tools

Spam Filtering

Honeypots

Network Access Control

5. Intrusion Monitoring and Detection

6. Reactive Measures

7. Conclusions

References

Chapter 5: Unix and Linux Security

Chapter 6: Eliminating the Security Weakness of Linux and UNIX Operating Systems

Chapter 7: Internet Security

Chapter 8: The Botnet Problem

Chapter 9: Intranet Security

Chapter 10: Local Area Network Security

Chapter 11: Wireless Network Security

Chapter 12: Cellular Network Security

Chapter 13: Radio Frequency Identification Security

Index

96 Chapter 4 DMZ Public Internet Private network Figure 4.3: A firewall isolating various network zones. Packet-filtering firewalls analyze packets in both directions and either permit or deny passage based on a set of rules. Rules typically examine port numbers, protocols, IP addresses, and other attributes of packet headers. There is no attempt to relate multiple packets with a flow or stream. The firewall is stateless, retaining no memory of one packet to the next. Stateful firewalls overcome the limitation of packet-filtering firewalls by recognizing packets belonging to the same flow or connection and keeping track of the connection state. They work at the network layer and recognize the legitimacy of sessions. Proxy firewalls are also called application-level firewalls because they process up to the application layer. They recognize certain applications and can detect whether an undesirable protocol is using a nonstandard port or an application layer protocol is being abused. They protect an internal network by serving as primary gateways to proxy connections from the internal network to the public Internet. They could have some impact on network performance due to the nature of the analysis. Firewalls are essential elements of an overall defensive strategy but have the drawback that they only protect the perimeter. They are useless if an intruder has a way to bypass the perimeter. They are also useless against insider threats originating within a private network. Antivirus and Antispyware Tools The proliferation of malware prompts the need for antivirus software [20]. Antivirus software is developed to detect the presence of malware, identify its nature, remove the malware (disinfect the host), and protect a host from future infections. Detection should ideally minimize false positives (false alarms) and false negatives (missed malware) at the same time. Antivirus software faces a number of difficult challenges: · · · Malware tactics are sophisticated and constantly evolving. Even the operating system on infected hosts cannot be trusted. Malware can exist entirely in memory without affecting files. www.syngress.com

Download Safari Books Online apps: Apple iOS | Android

This Book

Search

Contents

4. Preventive Measures > Antivirus and Antispyware Tools - Pg. 96