DOCSLIB.ORG

Hands-On INFORMATION SECURITY Lab Manual,.Third Edition

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Hands-On INFORMATION SECURITY Lab Manual,.Third Edition Hands-On INFORMATION SECURITY Lab Manual,.Third Edition Michael E. Whitman, Ph.D., CISM, CISSP, Herbert J. Mattord, CISM, CISSP ""_,_, ........ 'oo ........ _1_'" ............ ,_ ... ... ~ ... .... .. 141461 ~..' COURSE(ENGAGE Learning-TECHNOLOGY 11111111 11 Australia. Brazil. Japan. Korea. Mexico· Singapore· Spain. United Kingdom. United States TABLE OF Contents CHAPTER 1: INFORMATION SECURITY PROCESS FLOWS 1 Flow 1.1 Firewalls 3 Flow 1.2 Remote Access 3 Flow 1.3 Access Controls 4 Flow 1.4 Vulnerability Assessment 5 Flow 1.5 Penetration Testing 6 Flow 1.6 Forensics and Antiforensics 7 Flow 1.7 Client Security 8 Flow 1.8 Perimeter Defense 10 Flow 1.9 Server Security 11 Flow 1.10 Intrusion Detection 12 Flow 1.11 Network Security 13 Flow 1.12 Cyber Defense 14 References 15 CHAPTER 2: BACKGROUND AND THEORY FOR LAB EXERCISES 17 2.1 Footprinting 18 2.2 Scanning and Enumeration 22 2.3 OS Processes and Services 25 2.4 Vulnerability Identification and Research 26 2.5 Vulnerability Validation 28 2.6 Systems Remediatiob. and Hardening 28 2.7 Web Browser Security and Configuration 29 2.8 Data Management 30 2.9 Data Backup and Recovery 31 2.10 Access Controls 31 2.11 Host Intrusion Detection 33 2.12 Log Security Issues 34 2.13 Privacy and Anti-forensics 36 2.14 Software Firewalls 36 2.15 Linksys Firewalls Routers and Access Points 38 2.16 Network Intrusion Detection Systems 38 2.17 Network Traffic Analysis 39 2.18 Virtual Private Networks and Remote Access 41 2.19 Digital Certificates 41 2.20 Password Circumvention 43 2.21 Antivirus Defense 43 2.22 Malware Prevention and Detection 44 CHAPTER 3: WINDOWS LABS 47 Lab 3.1 Footpiinting Using Windows 48 Lab 3.2 Scanning and Enumeration Using Windows 73 Lab 3.3 Windows OS Processes and Services 81 Lab 3.4 Vulnerability Identification and Research Using Windows 91 Lab 3.5 Vulnerability Validation Using Windows 105 Lab 3.6 System Remediation and Hardening Using Windows 113 Lab 3.7 Windows Web Browser Security and Configuration 141 Lab 3.8 Data Management Using Windows 157 Lab 3.9 Data Backup and Recovery Using Windows 171 Lab 3.10 Access Controls Using Windows 185 Lab 3.11 Host Intrusion Detection Using Windows 201 Lab 3.12 Log Security Issues Using Windows 211 Lab 3.13 Windows Privacy and Antiforensics Issues 223 iv Hands-On Information Security lab Manual Lab 3.14 Software Firewalls Using Windows 235 Lab 3.15 Linksys Firewall Routers and Access Points 251 Lab 3.16 Network Intrusion Detection Systems Using Windows 273 t~ Lab 3.17 Network Traffic Analysis Using Windows 285 Lab 3. 18 Virtual Private Networks and Remote Access Using Windows 301 Lab 3.19 Digital Certificates Using Windows 315 Lab 3.20 Password Circumvention Using Windows 323 Lab 3.21 Antivirus Using Windows 331 Lab 3.22 Malware Prevention and Detection Using Windows 347 CHAPTER 4: LINUX LABS 361 Lab 4.1 Footprinting Using Linux 362 Lab 4.2 Scanning and Enumeration Using Linux 373 Lab 4.3 Linux OS Processes and Services 383 Lab 4.4 Vulnerability Identification and Research Using Linux 395 Lab 4.5 Vulnerability Validation Using Linux 401 Lab 4.6 System Remediation and Hardening Using Linux 409 Lab 4~ 7 Linux Web Browser Security 419 Lab 4.8 Data Management Using Linux 427 Lab 4.9 Data Management Using Linux 433 Lab 4.10 Access Controls Using Linux 443 Lab 4.11 Host Intrusion Detection Using Linux 455 Lab 4.12 Log and Security Using Linux 461 Lab 4.13 Privacy and Antiforensics Issues Using Linux 467 Lab 4.14 Software Firewalls Using Linux 471 Lab 4.15 Linksys Firewall Routers and Access Points 483 Lab 4.16 Network Intrusion Detection Systems Using Linux 485 Lab 4.17 Network Traffic Analysis Using Linux 493 Lab 4. 18 Virtual Private Networks and Remote Access Using Linux 505 Lab 4.19 Digital Certificates Using Linux 511 Lab 4.20 Password Circumvention Using Linux 523 Lab 4.21 Antivirus Using Linux 533 /"- ~ Lab 4.22 Malware Prevention and Detection 541 • INDEX 545 Index * (wildcard), 376 Advanced tab Attack Surface Reduction (ASR), 29, - (tilde), 389 Firefox, 153-154 113,409 Windows Firewall, 237-238, 242 attacks, Web-based, 29-30 A Advanced Tools, Microsoft Vista, attrib command, 181 A (address) record, 20 84-85 audible alerting, Snort, 280-281 -A flag Advanced Wireless Settings subtab, audit account logon events, 214 iptable command, 472 Linksys WAP, 266-267 audit policies, Local Computer ps command, 384 adware Policy, 213 AAAA (address) record, 20 Ad-Aware, detecting with, Audit Policy, 118-119 absolute mode, chmod command, 350-352 :J authentication, 4 447-449 Adblock Plus, detecting with, Automatic Lock settings, ZoneAlarm, ACCEPT policy, 474 353-354 245-246 access control lists (ACLs), 3 overview, 44 Autoruns, 86-87 access controls Spybot - Search & Destroy, AVG antivirus software, 335-339 file system access controls, Linux, detecting with, 347-348 445-452 Alert rule, Snort, 487 B overview, 4-5, 31-33, 443 alerts backdoors, 18, 44 user access controls, Linux, Snort, 280-281 backup and recovery 443-445 ZoneAlarm, 243, 246-247 Backup or Restore utility, Windows, 185-200 amap, 374-375 Windows, 171-178 Access Point mode, Linksys WAp, 264 anti-forensics of drive images, 436-437 Access Restrictions, Linksys, issues in Windows, 223-233 overview, 31 253-255 issues using Linux, 467-469 recovering deleted files, 437-440 Ack option, Snort, 488 overview, 7-8, 36 with SyncToy, 178-180 ACLs (access control lists), 3 antivirus software using Linux command-line tools, Activate rule, Snort, 487 existing antivirus evaluation, 433-436 Active Directory, 42, 189-191 Windows, 331-332 Windows Recovery Console, active stack fingerprinting, 23, free tools, Windows, 332-343 180-182 77-78, 376-379 for Linux, 533-537 Backup and Restore Utility, Ad-Aware, 350-353 overview, 331 Windows, 176-178 Adblock Plus add-on, 353-357, types of malicious codes, 43-44 Basic Settings window, Linksys 420-421 AP Client mode, Linksys W AP, 264 WAP,258 Add A Port option, Windows AP Mode subtab, Linksys W AP, Bastille Linux, 414-416 Firewall, 237 263-264 batch command, 181 Add-ons dialog box, Firefox, Apache Web server Benchmark Report, CIS NG Scoring 420-421 hardening, 411-412 Tool, 92-93 address (A) record, 20 overview, 29 BHOs (Browser Helper Objects), 350 address (AAAA) record, 20 requesting certificates through, Ibin directory, 32, 446 ADMIN$ share, 186, 190 515-520 Bind, hardening, 412-413 Administration utility Application Log Properties window, blocking Linksys Firewall, 255 Event Viewer, 212 adware, 355-357 Linksys WAP, 261-269 Application logs, Microsoft Event content, Firefox, 149-150 administrative shares, 186, 190 Viewer, 35 ident probes, 478 administrator, systems application-level proxy firewall, 37 Iboot directory, 32 maintaining log files, 217 applications. See software bootcfg command, 181 obtaining SAM file, 323 ARIN Web site, 57-58 bots, 347, 541 Advanced mode, Backup and ASR (Attack Surface Reduction). Browser Helper Objects (BHOs), 350 Restore Utility, 176-178 See Attack Surface Reduction browsing history, deleting, 223 Advanced Settings window, (ASR) buffer overflows, 26 ZoneAlarm, 244 asterisk (*) wildcard, 376 Bugtraq, 101-102 545 546 Index c clearlogs, 218-219 Create Supervisor Password window, -c flag, WinDump, 285 file system access controls, Linux, IE Content Advisor, 146-147 -c option 445-450 Critical Objects, Ad-Aware, 351 ( ping command, 366 log files, Linux, 461-462 cross-site scripting (XSS), 29, 30 useradd command, 526 network reconnaissance, Linux, CS Lite Options dialog box, I C switch, chkntfs command, 162 362-370 422-423 C$ share, 186, 190 network reconnaissance, Windows, CVE (Common Vulnerabilities and cables, Ethernet, 252 48-54 Exploits),98-100 Capture Filters screen, Wireshark, running chkdsk from, Windows, 292-293 157-160 D scanning and enumeration, Capture Interfaces screen, Wireshark, -D flag, iptable command, 473 Windows, 73-74 292 -d option, useradd command, 526 security default reset, Windows, 113 CAs (certificate authorities), 41-42, ID switch, chkntfs command, 162 315-319,511 system hardening, Linux, 409-411 daily backup, 173 CCleaner, 226-228 user management, Linux, 445 Darik's Boot and Nuke (DBAN), cd command, 181 using TrueCrypt, 450-452 230-231 Center for Internet Security (CIS) wipe tool, Linux, 467-468 data backup and recovery. See tools, 91-94, 395-397 command-line tool, SCW, 129, backup and recovery certificate authorities (CAs), 41-42, 133-134 data management 315-319,511 Common Vulnerabilities and Exploits certificate publishers, 41 (CVE),98-100 drive management, Linux, 427-429 Certificate Services, Microsoft, 42, 127 Computer Management window, drive management, Windows, certificates. See digital certificates Windows, 306-307 157-169 chage command, 526-527 Computer scanner tab, AVG, 337 exploring file systems, Linux, chains, 471-474 configuration files 429-430 channel, Linksys W AP, 259 file-integrity tool, 34 overview, 30-31, 427-431 chdir command, 181 Snort, 488-489 data storage options, SyncToy, chkdsk command, 157-161, 181 Confirm Attribute Changes dialog 179-180 ( chkntfs command, 161-162 box, 192-193 DBAN (Darik's Boot and Nuke), chkrootkit command, 541 Connection Manager window, 230-231 chmod command, 447-448, 524 N essus WX, 97 dd tool, Linux, 436-437 chown command, 525 console users, 190 DDoS (distributed denial-of-service) CIDR format, 488 container files, TrueCrypt, 450-452 attacks, 33 cipher command, 193-194 Content Advisor, Internet Explorer, Default Web Site Properties, lIS, 122 circuit-level proxy firewa1ls, 37 146-148 . del command, 181 CIS (Center for Internet Security) Content option, Snort, 488
Load more

Recommended publications
  • Anyconnect および Host Scan のアンチウイルス/アンチスパイウェア
    AnyConnect および Host Scan のアンチウイルス/アンチスパイウェア/ファイアウォール サポート表 AnyConnect ポスチャ モジュールにより、AnyConnect Secure Mobility クライアントはホストにインス トールされているオペレーティング システム、およびアンチウイルス、アンチスパイウェア、ファイアウォールの 各ソフトウェアを識別できます。 Host Scan アプリケーションはポスチャ モジュールのコンポーネントに含まれ る、こうした情報を収集するアプリケーションです。 AnyConnect 3.0 より、Host Scan パッケージは AnyConnect Secure Mobility クライアントおよび Cisco Secure Desktop(CSD)の共有コンポーネントになっています。 それ以前は、Host Scan パッケージは CSD を インストールすることによってのみ利用可能になるコンポーネントの 1 つでした。 Host Scan パッケージを CSD から分離したのは、CSD の一部として提供されていたときよりも、ユー ザが頻繁に Host Scan サポート表を更新できるようにするためです。 このサポート表には、ユーザが動的なア クセス ポリシーで使用しているアンチウイルス/アンチスパイウェア/ファイアウォール アプリケーションの製品 名とバージョン情報が記載されています。 シスコでは、Host Scan パッケージに Host Scan アプリケーション、 Host Scan サポート表、および他のコンポーネントを含めて提供しています。 Host Scan サポート表のリスト アンチウイルス アプリケーション総合リスト アンチスパイウェア アプリケーション総合リスト ファイアウォール アプリケーション総合リスト Windows 用アンチウイルス Windows 用アンチスパイウェア Windows 用ファイアウォール Linux 用アンチウイルス Linux 用ファイアウォール Mac OS 用アンチウイルス Mac OS 用アンチスパイウェア Mac OS 用ファイアウォール A B C D E F G H I J K L M N O P Q R S T U V W X Y Z AA AB AC AD AE ファイル データ ファ バージョ データ ファイ データ ファイル データ ファイ エンジンのバー RTP の RTP の 前回のスキャン スキャン/クリー システムのフル アンイン GUI のアク トレイ アイコンの トレイ アイコン 有効期 脅威ログの取 スキャン プログラ フル スキャンの進捗 インストール ディ 一括スキャ メモリ スキャ アンチウイルス製品名 ライブ更新 サービス GUI の表示 のスキャ 有効日の取得 更新の進捗表示 プログラム言語の取得 イル dir の取 市場での別名 ン ルの時刻 のバージョン ルの署名 ジョン チェック 設定 時刻 ニング スキャン ストール ティブ化 表示 の非表示 限 得 ムの実行 表示 レクトリの取得 ン ン 1 ン 得 2 3 360Safe.com 4 360 Antivirus 1.x 9989999898888898 8888 8 9 8 9 9 9 88 5 360杀毒 1.x 9999988898888898 8889 8 8 8 9 9 9 88 6 AEC, spol. s r.o. 7 TrustPort Antivirus 2.x 8888998899888999 9888 8 9 8 9 8 988 8 Agnitum Ltd.
    [Show full text]
  • Computer Security Administration
    Information Security Group Information + Technology Services University of Toronto Endpoint Security Policy System A Network Access Control System with Vulnerability Detection and User Remediation Evgueni Martynov UNIX Systems Group Mike Wiseman Computer Security Administration Endpoint Security Policy System Table of Contents Acknowledgements............................................................................. 3 Change History .................................................................................... 4 Summary ............................................................................................. 5 Overview .............................................................................................. 5 Network Isolation ............................................................................... 6 Vulnerability Detection ....................................................................... 6 User Remediation ................................................................................ 8 Administering ESP ............................................................................... 8 ESP Operations Experience ................................................................ 9 Appendix I – Installation and Configuration of ESP server ........... 10 Using init.sh ..................................................................................... 10 Post-Installation ................................................................................ 11 Configuring an ESP Server to Work with an ESP Agent .......................
    [Show full text]
  • Hostscan 4.8.01064 Antimalware and Firewall Support Charts
    HostScan 4.8.01064 Antimalware and Firewall Support Charts 10/1/19 © 2019 Cisco and/or its affiliates. All rights reserved. This document is Cisco public. Page 1 of 76 Contents HostScan Version 4.8.01064 Antimalware and Firewall Support Charts ............................................................................... 3 Antimalware and Firewall Attributes Supported by HostScan .................................................................................................. 3 OPSWAT Version Information ................................................................................................................................................. 5 Cisco AnyConnect HostScan Antimalware Compliance Module v4.3.890.0 for Windows .................................................. 5 Cisco AnyConnect HostScan Firewall Compliance Module v4.3.890.0 for Windows ........................................................ 44 Cisco AnyConnect HostScan Antimalware Compliance Module v4.3.824.0 for macos .................................................... 65 Cisco AnyConnect HostScan Firewall Compliance Module v4.3.824.0 for macOS ........................................................... 71 Cisco AnyConnect HostScan Antimalware Compliance Module v4.3.730.0 for Linux ...................................................... 73 Cisco AnyConnect HostScan Firewall Compliance Module v4.3.730.0 for Linux .............................................................. 76 ©201 9 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
    [Show full text]
  • Lecture 11 Firewalls
    BSc in Telecommunications Engineering TEL3214 Computer Communication Networks Lecture 11 Firewalls Eng Diarmuid O'Briain, CEng, CISSP 11-2 TEL3214 - Computer Communication Networks Copyright © 2017 Diarmuid Ó Briain Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back- Cover Texts. A copy of the license is included in the section entitled "GNU Free Documentation License". TEL3214 Firewalls 09 May 2017 TEL3214 - Computer Communication Networks 11-3 Table of Contents 1. AN INTRODUCTION TO FIREWALLS........................................................................................................................5 2. THE DIGITAL SECURITY PROBLEM...........................................................................................................................5 2.1 HOME......................................................................................................................................................................5 2.2 ENTERPRISE...............................................................................................................................................................6 2.3 ROAMING INDIVIDUAL.................................................................................................................................................6 2.4 PERIMETER DEFENCE AND FIREWALLS.............................................................................................................................6
    [Show full text]
  • Acer Lanscope Agent 2.2.25.84 Acer Lanscope Agent 2.2.25.84 X64
    Acer LANScope Agent 2.2.25.84 Acer LANScope Agent 2.2.25.84 x64 Adaptive Security Analyzer 2.0 AEC TrustPort Antivirus 2.8.0.2237 AEC TrustPort Personal Firewall 4.0.0.1305 AhnLab SpyZero 2007 and SmartUpdate AhnLab V3 Internet Security 7.0 Platinum Enterprise AhnLab V3 Internet Security 7.0 Platinum Enterprise x64 ArcaVir Antivir/Internet Security 09.03.3201.9 Ashampoo AntiSpyware 2 v 2.05 Ashampoo AntiVirus AtGuard 3.2 Authentium Command Anti-Malware v 5.0.5 AVG Identity Protection 8.5 BitDefender Antivirus 2008 BitDefender Antivirus Plus 10.247 BitDefender Client Professional Plus 8.0.2 BitDefender Antivirus Plus 10 BitDefender Standard Edition 7.2 (Fr) Bit Defender Professional Edition 7.2 (Fr) BitDefender 8 Professional Plus BitDefender 8 Professional (Fr) BitDefender 8 Standard BitDefender 8 Standard (Fr) BitDefender 9 Professional Plus BitDefender 9 Standard BitDefender for FileServers 2.1.11 BitDefender Free Edition 2009 12.0.12.0 BitDefender Antivirus 2009 12.0.10 BitDefender 2009 12.0.11.5 BitDefender Internet Security 2008 BitDefender Internet Security 2009 12.0.8 BitDefender 2009 Internet Security 12.0.11.5 BitDefender Internet Security v10.108 BitDefender Total Security 2008 BitDefender 2009 Total Security 12.0.11.5 CA AntiVirus 2008 CA Anti-Virus r8.1 / CA eTrustITM Agent r8.1 CA eTrustITM 8.1 CA eTrustITM 8.1.00 CA eTrustITM Agent 8.0.403 CA eTrust Pestpatrol 5.0 CA HIPS Managed Client 1.0 CA eTrust Antivirus 7.1.0194 CA PC Security Suite 6.0 \ Private PC Security Suite 6.0 CA PC Security Suite 6.0.00 Cipafilter Client Tools
    [Show full text]
  • Comodo Korugan UTM Security Target Lite
    Comodo Yazılım A.Ş. Tasnif Dışı/Unclassified Comodo Korugan UTM Security Target Lite Comodo Yazılım A.Ş. Comodo Korugan UTM 1.10 Security Target Lite COMODO YAZILIM A.Ş. The copyright and design right in this document are vested in Comodo Yazılım A.Ş. and the document is supplied to you for a limited purpose and only in connection with this project. No information as to the contents or the subject matter of this document or any part thereof shall be communicated in any manner to any third party without the prior consent in writing of Comodo Yazılım A.Ş. Copyright © Comodo Yazılım A.Ş., 2014-2017 Comodo Yazılım A.Ş. 1 / 48 Author: Onur Özardıç Comodo Yazılım A.Ş. Tasnif Dışı/Unclassified Comodo Korugan UTM Security Target Lite List of Tables Table 1 ST and TOE References ........................................................................................ 6 Table 2 Functional features of TOE ..................................................................................... 8 Table 3 Major Security Features of TOE ............................................................................. 8 Table 4 Assets using TOE resources .................................................................................15 Table 5 Threats addressed by TOE only ............................................................................16 Table 6 Threats met by TOE and TOE Security Environment ............................................16 Table 7 Threats Addressed by TOE Security Environment .................................................16 Table
    [Show full text]
  • Cisco Identity Services Engine Supported Windows AV/AS/PM/DE
    Cisco Identity Services Engine Supported Windows AS/AV, Patch Management and Disk Encryption Products Compliance Module Version 3.6.10363.2 This document provides Windows AS/AV, Patch Management and Disk Encryption support information on the the Cisco AnyConnect Agent Version 4.2. Supported Windows Antispyware Products Vendor_Name Product_Version Product_Name Check_FSRTP Set_FSRTP VirDef_Signature VirDef_Time VirDef_Version 360Safe.com 10.x 360安全卫士 vX X v v 360Safe.com 4.x 360安全卫士 vX X v v 360Safe.com 5.x 360安全卫士 vX X v v 360Safe.com 6.x 360安全卫士 vX X v v 360Safe.com 7.x 360安全卫士 vX X v v 360Safe.com 8.x 360安全卫士 vX X v v 360Safe.com 9.x 360安全卫士 vX X v v 360Safe.com x Other 360Safe.com Antispyware Z X X Z X Agnitum Ltd. 7.x Outpost Firewall Pro vX X X O Agnitum Ltd. 6.x Outpost Firewall Pro 2008 [AntiSpyware] v X X v O Agnitum Ltd. x Other Agnitum Ltd. Antispyware Z X X Z X AhnLab, Inc. 2.x AhnLab SpyZero 2.0 vv O v O AhnLab, Inc. 3.x AhnLab SpyZero 2007 X X O v O AhnLab, Inc. 7.x AhnLab V3 Internet Security 2007 Platinum AntiSpyware v X O v O AhnLab, Inc. 7.x AhnLab V3 Internet Security 2008 Platinum AntiSpyware v X O v O AhnLab, Inc. 7.x AhnLab V3 Internet Security 2009 Platinum AntiSpyware v v O v O AhnLab, Inc. 7.x AhnLab V3 Internet Security 7.0 Platinum Enterprise AntiSpyware v X O v O AhnLab, Inc. 8.x AhnLab V3 Internet Security 8.0 AntiSpyware v v O v O AhnLab, Inc.
    [Show full text]
  • Gateway to Visteon G2V Supported Anti-Virus Guide
    . Siemens Enterprise Communications, Inc. ........Gateway to Visteon G2V Supported Anti-Virus Guide Version: 1.6.5 – November 2010 Siemens and Visteon Confidential and Proprietary This document may not be duplicated or distributed without prior authorization from Siemens Enterprise Communications, Inc. or Visteon . Supported Anti-Virus Software The following Anti-Virus applications are fully supported. It is highly recommended that one of the following applications be used for accessing G2V. Please note that this list will change as new versions are released by their vendors. Normally, the current and previous release of these applications will remain on the supported list. Newer versions released may not be immediately supported or compatible, please consult this list before updating to a newer version. Vendor Product Version Windows XP Windows Vista Windows 7 McAfee, Inc. VirusScan Enterprise 8.7.x ✔ ✔ ✔ VirusScan 2009 13.x ✔ ✔ ‐‐ VirusScan 2010 14.x ✔ ✔ ✔ Symantec Corp. Norton Anti-Virus 2010 17.x ✔ ✔ ‐‐ Norton Anti-Virus 2011 18.x ✔ ✔ ✔ Symantec Endpoint Protection 11.x ✔ ✔ ✔ Symantec Endpoint Protection 12.x ✔ ✔ ✔ Trend Micro, Inc. Anti‐Virus 17.x ✔ ✔ ‐‐ Anti‐Virus 17.5 ✔ ✔ ✔ OfficeScan 8.x ✔ ✔ ‐‐ OfficeScan 10.x ✔ ✔ ✔ Notes: Please see the notes at the end of this guide for special instructions for Vista users with Norton Anti-Virus 2009. The products highlighted in yellow will be removed from the supported list in the next update. If you are using one of these products, you should consider upgrading to a newer version. Compatible Anti-Virus Software The applications below have been specified as compatible by the Anti-Virus Host Check vendor. Support for these applications may be removed at any time, especially in the case of older versions that may be at or near end-of-life status.
    [Show full text]
  • Microsoft Forefront Client Security FAQ
    Microsoft Forefront Client Security FAQ Q. What is Microsoft Forefront? A. The Microsoft Forefront comprehensive family of business security products provides greater protection and control over the security of your network infrastructure. Microsoft Forefront security products easily integrate with each other and with your organization’s IT infrastructure; they can be supplemented through interoperable third-party solutions, enabling end-to-end, defense-in-depth security solutions. Microsoft Forefront includes: Microsoft Internet Security and Acceleration Server (ISA) 2006. Intelligent Application Gateway (IAG). Forefront Security for Exchange Server. Forefront Security for SharePoint. Forefront Security for Office Communications Server. Forefront Client Security. Simplified management, analysis, and deployment enable you to efficiently protect your organization’s information resources, and help secure access to applications and servers. With highly responsive protection supported by Microsoft technical guidance, Microsoft Forefront helps you confidently meet ever-changing threats and increased business demands. For more information, please visit the Microsoft Forefront Web site. Q. What is Microsoft Forefront Client Security? A. Microsoft Forefront Client Security provides unified malware protection for business desktops, laptops, and server operating systems that is easier to manage and control. Built on the same highly successful Microsoft protection technology already used by millions of people worldwide, Forefront Client Security helps guard against emerging threats, such as spyware and rootkits, as well as traditional threats, such as viruses, worms, and Trojan horses. Forefront Client Security integrates with your existing infrastructure software, such as Active Directory, and complements other Microsoft security technologies for enhanced protection and greater control. Q. What value does Microsoft Forefront Client Security deliver to customers? A.
    [Show full text]
  • The Book of PF Covers the Most • Stay in Control of Your Traffic with Monitoring and Up-To-Date Developments in PF, Including New Content PETER N.M
    EDITION3RD BUILD A Covers OpenBSD 5.6, MORE SECURE FreeBSD 10.x, and NETWORK EDITION NETWORK 3RD NetBSD 6.x WITH PF THETHE BOOKBOOK THE BOOK OF PF OF THE BOOK THE BOOK OF PF OF THE BOOK OFOF PFPF OpenBSD’s stateful packet filter, PF, is the heart of • Build adaptive firewalls to proactively defend against A GUIDE TO THE the OpenBSD firewall. With more and more services attackers and spammers NO-NONSENSE placing high demands on bandwidth and an increas- OPENBSD FIREWALL • Harness OpenBSD’s latest traffic-shaping system ingly hostile Internet environment, no sysadmin can to keep your network responsive, and convert your afford to be without PF expertise. existing ALTQ configurations to the new system The third edition of The Book of PF covers the most • Stay in control of your traffic with monitoring and up-to-date developments in PF, including new content PETER N.M. HANSTEEN visualization tools (including NetFlow) on IPv6, dual stack configurations, the “queues and priorities” traffic-shaping system, NAT and redirection, The Book of PF is the essential guide to building a secure wireless networking, spam fighting, failover provision- network with PF. With a little effort and this book, you’ll ing, logging, and more. be well prepared to unlock PF’s full potential. You’ll also learn how to: ABOUT THE AUTHOR • Create rule sets for all kinds of network traffic, whether Peter N.M. Hansteen is a consultant, writer, and crossing a simple LAN, hiding behind NAT, traversing sysadmin based in Bergen, Norway. A longtime DMZs, or spanning bridges or wider networks Freenix advocate, Hansteen is a frequent lecturer on OpenBSD and FreeBSD topics, an occasional • Set up wireless networks with access points, and contributor to BSD Magazine, and the author of an lock them down using authpf and special access often-slashdotted blog (http://bsdly.blogspot.com/ ).
    [Show full text]
  • Nftables Och Iptables En Jämförelse Av Latens Nftables and Iptables a Comparison in Latency
    NFtables and IPtables Jonas Svensson Eidsheim NFtables och IPtables En jämförelse av latens NFtables and IPtables A Comparison in Latency Bachelors Degree Project in Computer Science Network and Systems Administration, G2E, 22.5 hp IT604G Jonas Svensson Eidsheim [email protected] Examiner Jonas Gamalielsson Supervisor Johan Zaxmy Abstract Firewalls are one of the essential tools to secure any network. IPtables has been the de facto firewall in all Linux systems, and the developers behind IPtables are also responsible for its intended replacement, NFtables. Both IPtables and NFtables are firewalls developed to filter packets. Some services are heavily dependent on low latency transport of packets, such as VoIP, cloud gaming, storage area networks and stock trading. This work is aiming to compare the latency between the selected firewalls while under generated network load. The network traffic is generated by iPerf and the latency is measured by using ping. The measurement of the latency is done on ping packets between two dedicated hosts, one on either side of the firewall. The measurement was done on two configurations one with regular forwarding and another with PAT (Port Address Translation). Both configurations are measured while under network load and while not under network load. Each test is repeated ten times to increase the statistical power behind the conclusion. The results gathered in the experiment resulted in NFtables being the firewall with overall lower latency both while under network load and not under network load. Abstrakt Brandväggen är ett av de viktigaste verktygen för att säkra upp nätverk. IPtables har varit den främst använda brandväggen i alla Linux-system och utvecklarna bakom IPtables är också ansvariga för den avsedda ersättaren, NFtables.
    [Show full text]
  • Tools-Tools Firewall
    Computer Security Virus Komputer & Firewall Definisi Virus A virus is a program that reproduces its own code by attaching it self to other executable file in such a way that the virus code is executed when the infected executable file is executed. Suatu program komputer yang dapat menyebar pada komputer atau jaringan dengan cara membuat copy dari dirinya sendiri tanpa sepengetahuan dari pengguna komputer tersebut. VIRUS CRITERIA Having an ability to get an information Ex: Macro virus searching all files with doc extension Having an ability to check a file Ex: Macro virus check a *.doc file whether it is already infected or not Having an ability to reproduces itself and infect other – Reproducing by infect other files Having an ability to manipulate – Routine from virus will be executed to do manipulation such as displaying a picture changing file or message/picture, directory name etc Having an ability to hide itself – Virus program is stored in boot record or track or in the form of machine code that cannot easily recognized by other VIRUS CYCLES LIFE Dormant Phase (sleeping phase) Virus is inactive until activated by one condition such as date, executed by other program Propagation Phase (distributing phase) Virus start to clonning itself by copied itself to other files or to a place in storage media Triggering Phase (active phase) Virus become active Execution Phase (acting phase) Start manipulating such as displaying message etc Kategori Virus : - Boot Virus: Jika komputer dinyalakan, sebuah inisial program di boot sector akan dijalankan. Virus yang berada di boot sector disebut boot virus. - File Virus: File virus adalah virus yang menginfeksi executable program.
    [Show full text]