A5 – Software & Hardware Security Measures (Antivirus and Firewall) Flashcards
A - Cyber Security Threats, System Vulnerabilities and Security Protection Methods
Antivirus Software
👉 Anti-virus software is a utility program that is used to prevent malicious software from infecting your computer or detect and remove malicious software that has already infected your computer
👉 We use anti-virus software to regularly scan our files and folders. This might be a scan of the entire computer, a specific storage device, a specific folder, or even a specific file.
👉 These scans can be requested on demand, however, it is safer to have a regularly scheduled scan that will run every day at a certain time. We may also have real-time protection which constantly runs in the background as we download files to our computer or open files and applications already stored on it.
Virus Signature -Detection Techniques (Antivirus Software)
👉 Anti-virus software usually detects malware through the use of “signature detection”. The anti-virus companies analyze malware and identify a pattern (the signature) for the malware code. This acts like a fingerprint that can be compared to programs on your hard disk to identify the viruses.
Heuristic Techniques
- Detection Techniques (Antivirus Software)
👉 With heuristic detection, the anti-virus monitors the behavior of programs and detects anything that appears suspicious, such as trying to copy itself into another program. This allows the anti-virus software to identify malware, even without the virus signature.
Dealing with threat (Antivirus)
Once a virus has been detected it is normal for an alert to be presented to the user so they can decide what to do with this threat. It’s important that the anti-virus doesn’t automatically delete the file, as there can be false positives made, especially by heuristic detection.
The three options you will most commonly be presented with are:
👉 Clean– removing the malware from the file, without removing the file itself. This may not be possible in all cases, but is often the best option for a virus (as opposed to other types of malware).
👉 Quarantine– this moves the malware to a secure location on the computer and prevents it from executing or spreading. This is useful to do before deleting so you can investigate whether it has been correctly identified as malware or not.
👉 Delete– removing the file completely from the computer. This is a quick and safe way to protect your system, but remember, any data stored in an infected file will be gone with it.
Many anti-virus programs will automatically quarantine files that appear to be malware. This will then give you the option to choose whether to clean or delete the file.
What’s a Firewall
👉 A firewall is either a hardware device or a utility program that monitors incoming and outgoing network traffic and blocks any traffic that it deems suspicious. It’s like the high wall around a castle, blocking out the invading hordes, whilst still allowing friendly citizens in and out through its drawbridge.
👉 The difference between the hardware firewall and the software firewall is that the hardware firewall is an actual physical device that will sit between your local area network and the internet. Whereas the software firewall will be installed on each individual device.
👉 This means the hardware firewall can stop bad data from ever entering the network, while software firewalls can offer closer controls over specific devices and how they interact with the network and internet.
Packet Filtering & Inspection
(Firewall and Filtering Techniques)
👉 With packet filtering, the firewall inspects each packet of data and compares it to pre-defined security rules (known as the firewall policy, or ruleset). If the packet is flagged by the rules, then it is prevented from passing through the firewall
Application Level Awareness
(Firewall and Filtering Techniques)
👉 An application firewall is a form of firewall that controls the input and output of packets to an application. This is important as hackers may attack a network directly at the application layer, exploiting flaws in the security of specific applications. So, if an attacker gets past the network firewall, there is an added layer of protection.
Inbound and Outbound Rules (Firewall and Filtering Techniques)
👉 Inbound rules will define what data should be accepted, rejected or dropped from entering the network or computer. While outbound rules will do the same for data leaving the network or computer.
Network Address
(Firewall and Filtering Techniques)
👉 We can use Network Address Translation to assign private IP addresses to our devices within our private network. The NAT will translate our private addresses to our public internet gateway address when sending or receiving data over the public internet.
👉 Part of the reason for this is due to the limited number of IP addresses that were available using IPv4. Considering, without NAT, every computer in every network would need a completely unique IP.
