StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

How to Implement Antivirus Filtering - Case Study Example

Cite this document
Summary
This paper "How to Implement Antivirus Filtering" states it's difficult to prevent insider attacks and firewalls do little to prevent them. The paper sheds light on internet firewall security and how a good firewall can protect a person from malware, Trojan horses, and other undesirable viruses…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER97.1% of users find it useful
How to Implement Antivirus Filtering
Read Text Preview

Extract of sample "How to Implement Antivirus Filtering"

? Computer Sciences In APA Format The invention of the internet has made life unimaginably easier, one can shop online, transfer money online, book movie tickets online, book airline tickets online and in addition to this complete a host of other important tasks with just a few clicks. Websites like Amazon and Ebay have taken online selling to the next level. When there are so many pros, one ought to fine cons too. There have been several instances of hacking in the past; recently the American intelligence website was hacked, credit card numbers are stolen on a regular basis. Considering all these cons, one must ensure that a good firewall is in place to keep the hackers at an arm’s length, keeping them at bay is an arduous task. This paper will shed light upon internet firewall security and how a good firewall can protect a person from malware, Trojan horses and other undesirable viruses. Firewall Basics: “The term "fire wall" originally meant, and still means, a fireproof wall intended to prevent the spread of fire from one room or area of a building to another. The Internet is a volatile and unsafe environment when viewed from a computer-security perspective, therefore "firewall" is an excellent metaphor for network security.” (What is a firewall?) Firewall is not something general, it means several specific things and it is supposed to do several important things to ensure that a user is safeguarded against attacks. Packet filtering is perhaps the most important job of a regular firewall. All the internet activities like downloads, chats and so on are done in packets, and these packets contain information. Firewall must ensure that these packets are either allowed or disallowed based on the source of the internet protocol address known as the IP address. The destination port of these packets is also very important, the firewall is supposed to allow or disallow these packets purely on the basis of their destination port. Firewall must follow a protocol and allow or disallow packets or information based on the set protocol. This method of packet filtering is highly effective against malware and other dangerous attacks but this is not a foolproof plan. All traffic can be blocked by a firewall which does not make much sense; it should allow certain packets which are safe for the user to receive. It has its weaknesses like it becomes very difficult for a basic firewall to detect spoofing which means the information contained in the packets is falsified. Allowed packets may contain a bug which can retrieve a password and cause unwanted actions, a basic firewall is vulnerable to these dangers. Circuit relay is another type of firewall which provides enhanced security, application level gateway is perhaps the most advanced of all and provides even better security. Static Packet Filtering: “Static packet filtering is a firewall and routing capability that provides network packet filtering based only on packet information in the current packet and administrator rules.” (Statistic Packet Filtering) Static packet filtering is based on the following important things: The administrator defines rules. The allowed ports and IP addresses are set by the administrator and only the allowed ports are allowed to send and receive packets. The transport layer contents, the network and the packet contents are all determined by the administrator. Better level of security is provided by the dynamic packet filtering. Static packet filtering does not look at the contents closely, on the contrary dynamic packet filtering screens contents very closely, previous connection states are also considered by dynamic packet filtering which static packet filtering fails to do. The packet headers are very important under static packet filtering, the information stored in the headers determines whether packets should be allowed or dropped. These headers are compared against the control policy which is set by the administrator. Below is an illustration which presents the same concept very comprehensively. (Static Packet Filtering, 2011) SPI for Main Border Firewalls: SPI stands for Stateful Packet Inspection. The SPI is the most dominating technique when it comes to main border firewalls. Its flexibility is one of its biggest pros; it is capable of handling almost anything like ICMP flow, UDP and TCP. If only one FW is used then this is the best choice, no other thing can ever come close to it when only one FW is used. Some SPI are more than capable of doing application-level filtering. It is very simple and very reasonably priced; it is least expensive when it comes to security and safety measures. It has a few cons too; the user may find that the ACL rules may be too complex. The ongoing connections are filtered easily and quickly, this is another of its pros. It could take a lot of time if the connection table has grown large. It is arguably the most cost effective. A standard operating system is good enough to ensure its smooth functioning. Network Address Translation (NAT): An entire group of computers can be represented by a single IP address thanks to NAT; NAT allows a single device to act as an agent between a local network and the internet. It is ideal to use NAT these days because there is a severe shortage of IP addresses. This is not the only reason to use NAT; there are a host of other reasons also to use NAT. NAT can be understood with the help of an opportune example, a receptionist is the one who is responsible for forwarding calls or dropping them, you can request the receptionist and tell her to forward a specific call if you are expecting it, the receptionist checks the call and confirms the extension when an important client calls and the receptionist knows that this is an important call and it should be forwarded. NAT does exactly the same; it can allow or disallow several packets depending on the set of rules laid out. Static NAT, Dynamic NAT, Overloading and Overlapping are some of the types of NAT. These work in different ways and perform a plethora of operations. NAT can also be used as a firewall; it can easily keep external connections to the network at bay. Port number translation is also carried out by NAT. 65k connections can use a single IP address. Below is an illustration which will shed more light upon how NAT works. (NAT, 2011) Application Proxy Firewalls: “A proxy or proxy server is a technique that acts as an intermediary between a Web client and a Web server. A proxy firewall acts as a gateway for requests arriving from clients. When client requests are received at the firewall, the final server destination address is determined by the proxy software. The application proxy translates the address, performs additional access control checking and logging as necessary, and connects to the server on behalf of the client.” (Application Proxy Firewalls) Application proxy firewalls are mainly used to enhance the security of a system. These are very complex when it comes to implementing them, arguably the most complex of all the firewalls when it comes to implementing. The filtering decisions are made on actual application data under application proxy firewalls. There are several limitations of application proxy firewalls; proxies are incapable of handling large number of requests. Proxies can only handle a handful of requests, this is the biggest limitation. Packet-filtering firewalls perform much better and faster than application proxy firewalls. Application proxy firewalls need more time to complete a request when compared to packet-filtering firewalls, they tend to be slow and very frustrating. Cost wise also application proxy firewalls are least popular when compared to packet-filtering firewalls, application proxy firewalls are quite expensive, on the contrary packet-filtering firewalls are very reasonably priced. These were some of the biggest cons of application proxy firewalls when juxtaposed with packet-filtering firewalls. IDS and IPS: IPS stands for intrusion prevention system and IDS stands for intrusion detection and prevention system. The internet is full of malicious activities and these two are mainly responsible for monitoring and preventing any malicious activities. IPS aims at detecting, blocking and reporting anything malicious in nature. IDS and IPS have some differences, both prevent malicious attacks from occurring but IPSs are placed in-line which is not the case with IDS and IPS actively prevents malicious attacks from taking place. CRC errors are also corrected by IPS, it can also reset the connection upon detecting something malicious, and it can also send an alarm to prevent malicious attacks. Unwanted transport can also be cleaned up by IPS. Antivirus Filtering and Firewalls: Sending and receiving e-mails is very popular, malware and viruses can also spread through e-mails. The files are very often disguised by the sender, it may appear to be a JPEG file but when it clicked it becomes an .exe file which runs on the system and corrupts it. Such disguise can be detected by antivirus filtering and firewalls. Many viruses spread through e-mails and it can easily be prevented by setting up antivirus filtering and firewalls so that the system remains free of malicious attacks. “Also consider that virus-scanning email adds more load on the server. This is because the antivirus filter must extract and test every attachment that goes through the server. It is advisable to adjust the MTA maximum transfer threads under the MTA properties to ensure that the number of concurrent instances of virus scan agents is appropriately configured. Consider that each transfer thread could potentially mean a different concurrent instance of the agent’s command line scanner.” (Antivirus Filtering) Firewall Architecture and Firewall Management: Building firewall architecture is a very daunting job; it is a backs to the wall job because it can have serious ramifications on the security of the user. Firewall management involves reading logs which contain information about rule activities, how the traffic flows, whether any rules have been violated or not and whether there are any denied probes and if there are why they have been denied. There are different architectures like the dual home host architecture, the screened host architecture and the screened subnet architecture. Defining policies is perhaps the most important step when it comes to managing a firewall, it must be very clear which packets to allow and which ones to deny, implementing these policies is the next step to ensure nothing malicious is allowed to enter into the system. Log files present a lot of information and are crucial when it comes to managing firewalls, a lot of important trends can be learned by an in-depth reading of the log files. Lastly, there are a lot of problems that firewalls usually face, the desirable services are often blocked by firewalls. For instance, EA Sports FIFA game may be blocked by a firewall from launching, this can be very hard to detect and the user may think that he has graphic card problems or his Direct X files are outdated. It can cause a lot of chaos and discomfort. Firewalls offer a huge potential for backdoors, this has been exploited to the very maximum by several hackers. Insider attacks can be very difficult to prevent and firewalls have done very little to prevent insider attacks. Newer clients have not been designed to work particularly well with firewalls; this can result in a serious and a very damaging attack on a system which may not be detected by a firewall. Firewalls many a time forward multiple IP transmissions without even checking them properly; these transmissions can easily contain malicious data which might easily harm a user. Bottleneck is another problem, all the data must pass through a firewall and this causes a bottleneck. “A firewall system concentrates security in one spot as opposed to distributing it among systems. A compromise of the firewall could be disastrous to other less-protected systems on the subnet. This weakness can be countered; however, with the argument that lapses and weaknesses in security are more likely to be found as the number of systems in a subnet increase, thereby multiplying the ways in which subnets can be exploited.” (Other Issues) In spite of these limitations and disadvantages it is recommended to use a firewall to block any packets which may contain malicious data. References Antivirus Filtering (2011). How to Implement Antivirus Filtering. Retrieved from http://www.mailenable.com/Help/Files/antivirusfiltering.htm Application Proxy Firewalls (2011). Universal Database. Retrieved from http://publib.boulder.ibm.com/infocenter/db2luw/v8/index.jsp?topic=/com.ibm.db2.udb.doc/admin/c0007400.htm NAT (2011). Firewalls. Retrieved from http://www.cse.chalmers.se/edu/year/2010/course/EDA491/slides/8.%20Firewalls.pdf Other Issues (2011). Little Protection From. Retrieved from http://www.vtcif.telstra.com.au/pub/docs/security/800-10/node43.html#SECTION00534000000000000000 Statistic Packet Filtering (2011). Comtech Doc. Retrieved from http://www.comptechdoc.org/independent/security/terms/static-packet-filtering.html Static Packet Filtering (2011). Client Server. Retrieved from http://jaipals.com/wp-content/uploads/2011/05/Static-Packet-Filtering.png What is a firewall? (2011). PC Help. Retrieved from http://www.pc-help.org/www.nwinternet.com/pchelp/security/firewalls.htm Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Internet Firewall Security Term Paper Example | Topics and Well Written Essays - 2000 words”, n.d.)
Retrieved from https://studentshare.org/information-technology/1429955-internet-firewall-security
(Internet Firewall Security Term Paper Example | Topics and Well Written Essays - 2000 Words)
https://studentshare.org/information-technology/1429955-internet-firewall-security.
“Internet Firewall Security Term Paper Example | Topics and Well Written Essays - 2000 Words”, n.d. https://studentshare.org/information-technology/1429955-internet-firewall-security.
  • Cited: 0 times

CHECK THESE SAMPLES OF How to Implement Antivirus Filtering

Network Security for the Athletes Shack

NETWORK SECURITY Network Security Author Author's Affiliation Date Table of Contents Table of Contents 2 Type of Network Security 3 Username and Password Based Access: 4 Firewalls 4 antivirus Software 5 Data Backups 5 Network Security Devices 5 Security Cameras 5 DVDs/Tapes 6 Hardware Discussed 6 Printers and Scanners 6 Switch 6 Computer Server 6 Personal Computers 7 Recommendations 7 Staff Training 7 Update Passwords 7 Update antivirus Regularly 7 Cloud-based Backup 8 References 9 Executive Summary In the past few years network security has turned out to be a serious challenge for the business organizations that heavily rely on business data and information....
5 Pages (1250 words) Essay

An IT security consultant

There are four firewall mechanisms including application gateway, proxy server, circuit level gateway and packet filtering gateway.... filtering is based on the criteria that the packet filter is able to access the destination and source ports, as well as their IP addresses (Christey 2007).... This paper will explain four methodologies and how they can be used to protect an organization's system from being vulnerable....
3 Pages (750 words) Essay

How does a hardware firewall work

In addition, the firewall stops illegal communication inside and outside of the network, facilitating the company to implement a security strategy on traffic running between its network and the Internet (Laudon and Laudon; Turban, Leidner and McLean; Turban, Rainer and Potter, Introduction to Information Technology,3rd Edition).... “Hardware firewalls are external devices that perform job of a guard between organization's network (office or home) and external networks (the internet)” (antivirus-Firewall-Spyware)....
5 Pages (1250 words) Term Paper

Vulnerability Assessment on your System at Home

The vulnerabilities can be found in the web browser and their plug-ins, web servers and application… We talk about the launch of a new software or operating system with better graphical user interface; functionality, utilities, and security, at the other end hackers discuss how to breach the security Hackers having time, resources and enthusiasm can breach into any system.... Firewalls help to secure the network from unwanted data by packet filtering technologies....
14 Pages (3500 words) Essay

Unified Threat Management: A Defensive Suite for the 21st Century

UTM solutions vary, but in essence, UTM solutions are appliances or software packages that try to provide comprehensive threat management.... It is no longer the 1990s, where the omnipresent and singular concern was… Even individual end-users behind home networks face a bevy of threats from spam, scammers, fraudulent offers, spyware (whether illicit or created by “legitimate” companies), malware, viruses, keyloggers, identity theft, credit and debit card interceptions and fraud, and Making distinctions between these threats is often an exercise in futility: Thus, the birth of the UTM movement....
13 Pages (3250 words) Essay

Network Security

In this scenario, an organization can implement adequate network security when its employees and staff members know network security.... This paper ''Network Security'' tells that The primary purpose of implementing a computer network is to allow several staff members to enter and update data simultaneously....
5 Pages (1250 words) Essay

Likely Threats in a Pharmacy and Their Control Measures

This literature review "Likely Threats in a Pharmacy and Their Control Measures" refers to using electronic means such as a remote computer to gain access to the unauthorized place.... The two forms of threats could lead to great damage to the business in terms of loss of assets.... hellip; Threats in information security have been a common issue for many past decades....
9 Pages (2250 words) Literature review

A Study on Threat Awareness and Use of Countermeasures among Online Users

The research paper " A Study on Threat Awareness and Use of Countermeasures among Online Users" describes the problem and consequences of the use of the internet, This paper outlines the background of threat awareness, types of threat, the severity of threats and main countermeasures.... nbsp;… The internet has permeated the lives of modern men in more respects than can be tabulated simply....
39 Pages (9750 words) Research Paper
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us