8/7/2019 Firewalls & Antivirus
1/35
Firewalls & AntivirusFirewalls & Antivirus
8/7/2019 Firewalls & Antivirus
2/35
FirewallFirewall
Communication device that filtersCommunication device that filtersaccess to the protected networkaccess to the protected network
8/7/2019 Firewalls & Antivirus
3/35
FunctionsFunctions
The main functions of firewall areThe main functions of firewall are
All traffic from inside to outside, andvice-versa, must pass through it
Only authorized traffic is allowed to passthrough it
The firewall itself is immune to
penetration
8/7/2019 Firewalls & Antivirus
4/35
Types of firewallsTypes of firewalls
Hardware FirewallHardware Firewall
8/7/2019 Firewalls & Antivirus
5/35
Types of firewallsTypes of firewalls
Software FirewallsSoftware Firewalls
8/7/2019 Firewalls & Antivirus
6/35
Need for Firewalls in MobilesNeed for Firewalls in Mobiles
Users feel more secure in using theirUsers feel more secure in using theirPC or mobilesPC or mobiles
Will be difficult for the hacker toWill be difficult for the hacker toattack or gain access and destroyattack or gain access and destroysensitive datasensitive data
To protect the mobile from the otherTo protect the mobile from the other
people seeing the user informationpeople seeing the user informationTo protect the mobile from virusTo protect the mobile from virus
attacksattacks
8/7/2019 Firewalls & Antivirus
7/35
How Firewalls control trafficHow Firewalls control traffic
Firewalls use one of the followingFirewalls use one of the followingmethods for traffic controlmethods for traffic controlPacket FilteringPacket Filtering Packets are analyzedPackets are analyzed
against a set of filtersagainst a set of filtersProxy serviceProxy service Information fromInformation from
Internet is retrieved by the firewall andInternet is retrieved by the firewall andthen sent to the requesting systemthen sent to the requesting system
Stateful inspectionStateful inspection Compares certainCompares certainkey parts of the packets to a databasekey parts of the packets to a databaseof trusted informationof trusted information
8/7/2019 Firewalls & Antivirus
8/35
Personal Firewall in mobilePersonal Firewall in mobile
phonesphones-- FunctionsFunctions Monitor incoming trafficMonitor incoming traffic
Look at network packets coming from InternetLook at network packets coming from Internet
Allow only trusted servers to send traffic toAllow only trusted servers to send traffic to
mobile usermobile user Imp functionality during active internetImp functionality during active internet
connection and download of Java applicationsconnection and download of Java applications
Monitor outgoing trafficMonitor outgoing traffic
Allow outgoing traffic only from trustedAllow outgoing traffic only from trustedapplicationsapplications
8/7/2019 Firewalls & Antivirus
9/35
Personal Firewall in mobilePersonal Firewall in mobile
phonesphones-- FunctionsFunctions Detection intrusion attemptsDetection intrusion attempts
Firewall should scan for pattern of networkFirewall should scan for pattern of networktraffic that indicates a known attack intrusiontraffic that indicates a known attack intrusionattemptattempt
Trust siteTrust site Warns sites that include insecure content suchWarns sites that include insecure content such
as virusas virus
MAC address authenticationMAC address authentication
M
obiles are authenticated usingM
ACM
obiles are authenticated usingM
ACaddressesaddresses Used for authentication when two mobiles areUsed for authentication when two mobiles are
on the same network like BT or WLANon the same network like BT or WLAN
8/7/2019 Firewalls & Antivirus
10/35
Personal Firewall in mobilePersonal Firewall in mobile
phonesphones-- FunctionsFunctions Port scan detection and loggingPort scan detection and logging
Port scan means scanning for the active TCPPort scan means scanning for the active TCPand UDP portsand UDP ports
Attacker sends an empty UDP packet toAttacker sends an empty UDP packet tovarious ports to find the UDP portvarious ports to find the UDP port
If the port is listening, the service send anIf the port is listening, the service send anerror message since the UDP is emptyerror message since the UDP is empty
Port scan function in firewall does not answerPort scan function in firewall does not answerfor the empty UDP packets and will not sendfor the empty UDP packets and will not sendany error messages alsoany error messages also
8/7/2019 Firewalls & Antivirus
11/35
Personal Firewall in mobilePersonal Firewall in mobile
phonesphones-- FunctionsFunctions PN capabilitiesVPN capabilities
To secure networksTo secure networks
Time Control and Account managerTime Control and Account managerThis function in the mobile checks theThis function in the mobile checks the
amount of time the user has usedamount of time the user has usedinternetinternet
Useful to check if any one else used theUseful to check if any one else used theusers internet accountusers internet account
8/7/2019 Firewalls & Antivirus
12/35
8/7/2019 Firewalls & Antivirus
13/35
8/7/2019 Firewalls & Antivirus
14/35
Services that require FirewallServices that require Firewall
supportsupport PushPush--toto--Talk ServiceTalk Service
Two way communication service that worksTwo way communication service that workslike a Walkielike a Walkie--TalkieTalkie
Half duplexHalf duplex SIP (Session Initiation protocol) is usedSIP (Session Initiation protocol) is used
Ports have to be kept open only during thePorts have to be kept open only during thetime when communication should occurtime when communication should occur
If the firewall is SIP enabled, the ports will beIf the firewall is SIP enabled, the ports will beautomatically opened and closed whenautomatically opened and closed whenrequiredrequired
8/7/2019 Firewalls & Antivirus
15/35
Services that require FirewallServices that require Firewall
supportsupportPushPush--toto--Talk ServiceTalk Service
8/7/2019 Firewalls & Antivirus
16/35
Services that require FirewallServices that require Firewall
supportsupportPTTPTT Functionalities requiredFunctionalities required
Block/Filter unexpected outgoingBlock/Filter unexpected outgoingpacketspackets
Block/Filter unexpected incomingBlock/Filter unexpected incomingsignaling packetssignaling packets
Port scan detectionPort scan detection
Trusted IPsTrusted IPs
8/7/2019 Firewalls & Antivirus
17/35
Services that require FirewallServices that require Firewall
supportsupport
Buddy List/Wireless VillageBuddy List/Wireless Village
Implemented using SIP protocol over IPImplemented using SIP protocol over IP
Functionality required in Firewalls is theFunctionality required in Firewalls is thesame as that of PTTsame as that of PTT
8/7/2019 Firewalls & Antivirus
18/35
Services that require FirewallServices that require Firewall
supportsupport MIDP downloadMIDP download
Firewall should keep track of the followingFirewall should keep track of the followingthings while opening/using the downloadedthings while opening/using the downloadedMIDletsMIDlets Sending sensitive info from MIDletsSending sensitive info from MIDlets
Sending SMS/MMS/email to all contacts in PhoneSending SMS/MMS/email to all contacts in Phonebookbook
Downloaded application starts sending something toDownloaded application starts sending something toInternetInternet
The firewall should warn the user if any of theThe firewall should warn the user if any of theabove mentioned occur while downloading andabove mentioned occur while downloading andusing MIDletsusing MIDlets
8/7/2019 Firewalls & Antivirus
19/35
Services that require FirewallServices that require Firewall
supportsupportMIDP downloadMIDP download
Some imp functions that firewall shouldSome imp functions that firewall shouldsupport aresupport are
Active content nuisanceActive content nuisance
Java script PopJava script Pop--up blockersup blockers
One example to protect the mobile, is thatOne example to protect the mobile, is thatthe Personal firewalls warns the user if thethe Personal firewalls warns the user if theuser really wants the downloaded game touser really wants the downloaded game totransmit IP packetstransmit IP packets
8/7/2019 Firewalls & Antivirus
20/35
Mobile FirewallMobile Firewall ExampleExample
Mobile Firewall SettingsMobile Firewall Settings
8/7/2019 Firewalls & Antivirus
21/35
Mobile FirewallMobile Firewall ExampleExample
Security ZoneSecurity Zone
8/7/2019 Firewalls & Antivirus
22/35
Mobile FirewallMobile Firewall ExampleExample
Creating a new filter ruleCreating a new filter rule
8/7/2019 Firewalls & Antivirus
23/35
Mobile FirewallMobile Firewall ExampleExample
Creating a new filter ruleCreating a new filter rule
8/7/2019 Firewalls & Antivirus
24/35
Mobile FirewallMobile Firewall ExampleExample
DoS attackDoS attack
8/7/2019 Firewalls & Antivirus
25/35
Mobile FirewallMobile Firewall ExampleExample
Checking the Logging infoChecking the Logging info
8/7/2019 Firewalls & Antivirus
26/35
Firewalls TestingFirewalls Testing Possible testPossible test
scenariosscenarios Define various custom filters and check if the mobileDefine various custom filters and check if the mobile
firewall filter works fine or not the constraint is metfirewall filter works fine or not the constraint is met Check various types of alerting options availableCheck various types of alerting options available View the logs generated by firewallView the logs generated by firewall Check whether the incoming/outgoing traffic is filteredCheck whether the incoming/outgoing traffic is filtered
properly or notproperly or not Test Trusted IPsTest Trusted IPs Set the action to be taken place on the filtered packet i.e.Set the action to be taken place on the filtered packet i.e.
whether they have to be dropped or if what has to be donewhether they have to be dropped or if what has to be doneetc.etc.
Block all the ports and try to perform browser session/IMBlock all the ports and try to perform browser session/IM
Chat session etcChat session etc Try to download Virus files when the Firewall is ONTry to download Virus files when the Firewall is ON
8/7/2019 Firewalls & Antivirus
27/35
IRUSVIRUS
A program that spreads unwanted andA program that spreads unwanted andunexpected actions inside the systemunexpected actions inside the system
Personal firewalls protect the systemsPersonal firewalls protect the systems
from virus attacks up to a certain extentfrom virus attacks up to a certain extent
Personal firewall cant protect against dataPersonal firewall cant protect against datadriven attacks, in which something isdriven attacks, in which something ismailed/copied and then executed in themailed/copied and then executed in thesystemsystem
8/7/2019 Firewalls & Antivirus
28/35
Types ofVirusTypes ofVirus
Boot sector VirusBoot sector VirusFirst sector on hard diskFirst sector on hard disk
Virus might be written into itVirus might be written into it
Macro VirusMacro VirusMost common virus typeMost common virus type
Obtained from internet, email etc.Obtained from internet, email etc.
File infecting virusFile infecting virus Infect executable files loading intoInfect executable files loading into
memory when executedmemory when executed
8/7/2019 Firewalls & Antivirus
29/35
Can Personal Firewall protectCan Personal Firewall protect
against Virus??against Virus?? Some of the below functions might be useful inSome of the below functions might be useful in
preventing the mobiles getting infected with viruspreventing the mobiles getting infected with virus Monitor incoming/outgoing trafficMonitor incoming/outgoing traffic
Detection intrusion attemptsDetection intrusion attempts
Active Content nuisanceActive Content nuisance
Personal firewalls cannot protect the mobilesPersonal firewalls cannot protect the mobilesagainst data driven attacks where something isagainst data driven attacks where something iscopied/mailed to the mobile and executed therecopied/mailed to the mobile and executed there
Best Solution is a Personal firewall with AVBest Solution is a Personal firewall with AV
8/7/2019 Firewalls & Antivirus
30/35
8/7/2019 Firewalls & Antivirus
31/35
How antivirus works??How antivirus works??
Main component of AV is Scanning EngineMain component of AV is Scanning Engine
The engine identifies the virusThe engine identifies the virus--laden files usingladen files usingvirus signature (a unique string of bytes tovirus signature (a unique string of bytes toidentify the virus , similar to fingerprint)identify the virus , similar to fingerprint)
Various scanning methods are availableVarious scanning methods are available
Method IMethod I The Engine compares the data again the known virusesThe Engine compares the data again the known viruses
to determine if the file is infectedto determine if the file is infected
AV repairs the found infected filesAV repairs the found infected files
If it is not possible to repair, it will delete the found filesIf it is not possible to repair, it will delete the found filesfrom the system to prevent further damagefrom the system to prevent further damage
8/7/2019 Firewalls & Antivirus
32/35
How antivirus works??How antivirus works??
Method II:Method II:
Flag the suspicious data structures orFlag the suspicious data structures orstrange behavior that could indicatestrange behavior that could indicatevirus eventvirus event
If AV detect an unusual behavior, aIf AV detect an unusual behavior, awarning message is broadcastedwarning message is broadcasted
informing what the program might beinforming what the program might betrying to dotrying to do
8/7/2019 Firewalls & Antivirus
33/35
8/7/2019 Firewalls & Antivirus
34/35
Testing AntivirusTesting Antivirus
Test scenariosTest scenarios Have different types of virus files in the mobileHave different types of virus files in the mobile
and run the Virus Scan applicationand run the Virus Scan application
T
he types of virus data files that can be usedT
he types of virus data files that can be usedareare Files containing virus which can be disinfectedFiles containing virus which can be disinfected
automaticallyautomatically
Files containing virus that might require specialFiles containing virus that might require special
disinfectiondisinfection -- In thisIn this case the vendor should providecase the vendor should provideor suggest tools to remove the virusor suggest tools to remove the virus
Files containing virus that cannot be disinfectedFiles containing virus that cannot be disinfected
8/7/2019 Firewalls & Antivirus
35/35
Testing AntiVirusTesting AntiVirus
Test ScenariosTest Scenarios Perform an automatic/manual update of thePerform an automatic/manual update of the
virus definition files required to perform thevirus definition files required to perform theVirus ScanVirus Scan
Test the various options that can be performedTest the various options that can be performedby the AntiVirus application after detecting theby the AntiVirus application after detecting thevirus in the mobile likevirus in the mobile like CleanCleanDeleteDelete Ask for the action to be performedAsk for the action to be performed Report onlyReport only
Run the antivirus application in the backgroundRun the antivirus application in the backgroundand check if it works fine or notand check if it works fine or not