Firewalls & Antivirus

8/7/2019 Firewalls & Antivirus

1/35

Firewalls & AntivirusFirewalls & Antivirus


2/35

FirewallFirewall

Communication device that filtersCommunication device that filtersaccess to the protected networkaccess to the protected network


3/35

FunctionsFunctions

The main functions of firewall areThe main functions of firewall are

All traffic from inside to outside, andvice-versa, must pass through it

Only authorized traffic is allowed to passthrough it

The firewall itself is immune to

penetration


4/35

Types of firewallsTypes of firewalls

Hardware FirewallHardware Firewall


5/35

Types of firewallsTypes of firewalls

Software FirewallsSoftware Firewalls


6/35

Need for Firewalls in MobilesNeed for Firewalls in Mobiles

Users feel more secure in using theirUsers feel more secure in using theirPC or mobilesPC or mobiles

Will be difficult for the hacker toWill be difficult for the hacker toattack or gain access and destroyattack or gain access and destroysensitive datasensitive data

To protect the mobile from the otherTo protect the mobile from the other

people seeing the user informationpeople seeing the user informationTo protect the mobile from virusTo protect the mobile from virus

attacksattacks


7/35

How Firewalls control trafficHow Firewalls control traffic

Firewalls use one of the followingFirewalls use one of the followingmethods for traffic controlmethods for traffic controlPacket FilteringPacket Filtering Packets are analyzedPackets are analyzed

against a set of filtersagainst a set of filtersProxy serviceProxy service Information fromInformation from

Internet is retrieved by the firewall andInternet is retrieved by the firewall andthen sent to the requesting systemthen sent to the requesting system

Stateful inspectionStateful inspection Compares certainCompares certainkey parts of the packets to a databasekey parts of the packets to a databaseof trusted informationof trusted information


8/35

Personal Firewall in mobilePersonal Firewall in mobile

phonesphones-- FunctionsFunctions Monitor incoming trafficMonitor incoming traffic

Look at network packets coming from InternetLook at network packets coming from Internet

Allow only trusted servers to send traffic toAllow only trusted servers to send traffic to

mobile usermobile user Imp functionality during active internetImp functionality during active internet

connection and download of Java applicationsconnection and download of Java applications

Monitor outgoing trafficMonitor outgoing traffic

Allow outgoing traffic only from trustedAllow outgoing traffic only from trustedapplicationsapplications


9/35


phonesphones-- FunctionsFunctions Detection intrusion attemptsDetection intrusion attempts

Firewall should scan for pattern of networkFirewall should scan for pattern of networktraffic that indicates a known attack intrusiontraffic that indicates a known attack intrusionattemptattempt

Trust siteTrust site Warns sites that include insecure content suchWarns sites that include insecure content such

as virusas virus

MAC address authenticationMAC address authentication

M

obiles are authenticated usingM

ACM

obiles are authenticated usingM

ACaddressesaddresses Used for authentication when two mobiles areUsed for authentication when two mobiles are

on the same network like BT or WLANon the same network like BT or WLAN


10/35


phonesphones-- FunctionsFunctions Port scan detection and loggingPort scan detection and logging

Port scan means scanning for the active TCPPort scan means scanning for the active TCPand UDP portsand UDP ports

Attacker sends an empty UDP packet toAttacker sends an empty UDP packet tovarious ports to find the UDP portvarious ports to find the UDP port

If the port is listening, the service send anIf the port is listening, the service send anerror message since the UDP is emptyerror message since the UDP is empty

Port scan function in firewall does not answerPort scan function in firewall does not answerfor the empty UDP packets and will not sendfor the empty UDP packets and will not sendany error messages alsoany error messages also


11/35


phonesphones-- FunctionsFunctions PN capabilitiesVPN capabilities

To secure networksTo secure networks

Time Control and Account managerTime Control and Account managerThis function in the mobile checks theThis function in the mobile checks the

amount of time the user has usedamount of time the user has usedinternetinternet

Useful to check if any one else used theUseful to check if any one else used theusers internet accountusers internet account


12/35


13/35


14/35

Services that require FirewallServices that require Firewall

supportsupport PushPush--toto--Talk ServiceTalk Service

Two way communication service that worksTwo way communication service that workslike a Walkielike a Walkie--TalkieTalkie

Half duplexHalf duplex SIP (Session Initiation protocol) is usedSIP (Session Initiation protocol) is used

Ports have to be kept open only during thePorts have to be kept open only during thetime when communication should occurtime when communication should occur

If the firewall is SIP enabled, the ports will beIf the firewall is SIP enabled, the ports will beautomatically opened and closed whenautomatically opened and closed whenrequiredrequired


15/35


supportsupportPushPush--toto--Talk ServiceTalk Service


16/35


supportsupportPTTPTT Functionalities requiredFunctionalities required

Block/Filter unexpected outgoingBlock/Filter unexpected outgoingpacketspackets

Block/Filter unexpected incomingBlock/Filter unexpected incomingsignaling packetssignaling packets

Port scan detectionPort scan detection

Trusted IPsTrusted IPs


17/35


supportsupport

Buddy List/Wireless VillageBuddy List/Wireless Village

Implemented using SIP protocol over IPImplemented using SIP protocol over IP

Functionality required in Firewalls is theFunctionality required in Firewalls is thesame as that of PTTsame as that of PTT


18/35


supportsupport MIDP downloadMIDP download

Firewall should keep track of the followingFirewall should keep track of the followingthings while opening/using the downloadedthings while opening/using the downloadedMIDletsMIDlets Sending sensitive info from MIDletsSending sensitive info from MIDlets

Sending SMS/MMS/email to all contacts in PhoneSending SMS/MMS/email to all contacts in Phonebookbook

Downloaded application starts sending something toDownloaded application starts sending something toInternetInternet

The firewall should warn the user if any of theThe firewall should warn the user if any of theabove mentioned occur while downloading andabove mentioned occur while downloading andusing MIDletsusing MIDlets


19/35


supportsupportMIDP downloadMIDP download

Some imp functions that firewall shouldSome imp functions that firewall shouldsupport aresupport are

Active content nuisanceActive content nuisance

Java script PopJava script Pop--up blockersup blockers

One example to protect the mobile, is thatOne example to protect the mobile, is thatthe Personal firewalls warns the user if thethe Personal firewalls warns the user if theuser really wants the downloaded game touser really wants the downloaded game totransmit IP packetstransmit IP packets


20/35

Mobile FirewallMobile Firewall ExampleExample

Mobile Firewall SettingsMobile Firewall Settings


21/35


Security ZoneSecurity Zone


22/35


Creating a new filter ruleCreating a new filter rule


23/35


Creating a new filter ruleCreating a new filter rule


24/35


DoS attackDoS attack


25/35


Checking the Logging infoChecking the Logging info


26/35

Firewalls TestingFirewalls Testing Possible testPossible test

scenariosscenarios Define various custom filters and check if the mobileDefine various custom filters and check if the mobile

firewall filter works fine or not the constraint is metfirewall filter works fine or not the constraint is met Check various types of alerting options availableCheck various types of alerting options available View the logs generated by firewallView the logs generated by firewall Check whether the incoming/outgoing traffic is filteredCheck whether the incoming/outgoing traffic is filtered

properly or notproperly or not Test Trusted IPsTest Trusted IPs Set the action to be taken place on the filtered packet i.e.Set the action to be taken place on the filtered packet i.e.

whether they have to be dropped or if what has to be donewhether they have to be dropped or if what has to be doneetc.etc.

Block all the ports and try to perform browser session/IMBlock all the ports and try to perform browser session/IM

Chat session etcChat session etc Try to download Virus files when the Firewall is ONTry to download Virus files when the Firewall is ON


27/35

IRUSVIRUS

A program that spreads unwanted andA program that spreads unwanted andunexpected actions inside the systemunexpected actions inside the system

Personal firewalls protect the systemsPersonal firewalls protect the systems

from virus attacks up to a certain extentfrom virus attacks up to a certain extent

Personal firewall cant protect against dataPersonal firewall cant protect against datadriven attacks, in which something isdriven attacks, in which something ismailed/copied and then executed in themailed/copied and then executed in thesystemsystem


28/35

Types ofVirusTypes ofVirus

Boot sector VirusBoot sector VirusFirst sector on hard diskFirst sector on hard disk

Virus might be written into itVirus might be written into it

Macro VirusMacro VirusMost common virus typeMost common virus type

Obtained from internet, email etc.Obtained from internet, email etc.

File infecting virusFile infecting virus Infect executable files loading intoInfect executable files loading into

memory when executedmemory when executed


29/35

Can Personal Firewall protectCan Personal Firewall protect

against Virus??against Virus?? Some of the below functions might be useful inSome of the below functions might be useful in

preventing the mobiles getting infected with viruspreventing the mobiles getting infected with virus Monitor incoming/outgoing trafficMonitor incoming/outgoing traffic

Detection intrusion attemptsDetection intrusion attempts

Active Content nuisanceActive Content nuisance

Personal firewalls cannot protect the mobilesPersonal firewalls cannot protect the mobilesagainst data driven attacks where something isagainst data driven attacks where something iscopied/mailed to the mobile and executed therecopied/mailed to the mobile and executed there

Best Solution is a Personal firewall with AVBest Solution is a Personal firewall with AV


30/35


31/35

How antivirus works??How antivirus works??

Main component of AV is Scanning EngineMain component of AV is Scanning Engine

The engine identifies the virusThe engine identifies the virus--laden files usingladen files usingvirus signature (a unique string of bytes tovirus signature (a unique string of bytes toidentify the virus , similar to fingerprint)identify the virus , similar to fingerprint)

Various scanning methods are availableVarious scanning methods are available

Method IMethod I The Engine compares the data again the known virusesThe Engine compares the data again the known viruses

to determine if the file is infectedto determine if the file is infected

AV repairs the found infected filesAV repairs the found infected files

If it is not possible to repair, it will delete the found filesIf it is not possible to repair, it will delete the found filesfrom the system to prevent further damagefrom the system to prevent further damage


32/35

How antivirus works??How antivirus works??

Method II:Method II:

Flag the suspicious data structures orFlag the suspicious data structures orstrange behavior that could indicatestrange behavior that could indicatevirus eventvirus event

If AV detect an unusual behavior, aIf AV detect an unusual behavior, awarning message is broadcastedwarning message is broadcasted

informing what the program might beinforming what the program might betrying to dotrying to do


33/35


34/35

Testing AntivirusTesting Antivirus

Test scenariosTest scenarios Have different types of virus files in the mobileHave different types of virus files in the mobile

and run the Virus Scan applicationand run the Virus Scan application

T

he types of virus data files that can be usedT

he types of virus data files that can be usedareare Files containing virus which can be disinfectedFiles containing virus which can be disinfected

automaticallyautomatically

Files containing virus that might require specialFiles containing virus that might require special

disinfectiondisinfection -- In thisIn this case the vendor should providecase the vendor should provideor suggest tools to remove the virusor suggest tools to remove the virus

Files containing virus that cannot be disinfectedFiles containing virus that cannot be disinfected


35/35

Testing AntiVirusTesting AntiVirus

Test ScenariosTest Scenarios Perform an automatic/manual update of thePerform an automatic/manual update of the

virus definition files required to perform thevirus definition files required to perform theVirus ScanVirus Scan

Test the various options that can be performedTest the various options that can be performedby the AntiVirus application after detecting theby the AntiVirus application after detecting thevirus in the mobile likevirus in the mobile like CleanCleanDeleteDelete Ask for the action to be performedAsk for the action to be performed Report onlyReport only

Run the antivirus application in the backgroundRun the antivirus application in the backgroundand check if it works fine or notand check if it works fine or not

Date post:	08-Apr-2018
Category:	Documents
Upload:	lakshmi-sudha-komanduri
View:	226 times
Download:	0 times

Firewalls & Antivirus

Documents