Detection

• There are various tools for detecting the

system vulnerability. These tools are:
Microsoft Baseline Security
Analyzer (MBSA)
MBSA is a vulnerability assessment tool
from Microsoft to scan for security
inadequacy in Windows NT 4, Windows
2000,Windows XP, and Windows 2003.
Wireshark :
• open source network protocol
analyzer for Unix and Windows.

• It allows you to examine data from a live

network or from a stored file on disk.

• Has powerful features, including a rich

display filter language and the ability to
view the reconstructed stream of a TCP
session.
Snort :
• This network intrusion detection
and prevention system excels at
traffic analysis and packet logging on
IP networks.
• Through protocol analysis, content
searching, and various pre-
processors, Snort detects
thousands of worms, vulnerability
exploit attempts, port scans, and
other suspicious behavior.
• Snort uses a flexible rule-based
language to describe traffic that it
should collect or pass, and a modular
detection engine.
Netcat :
• It’s the network’s swiss army knife.

• This simple utility reads and writes data

across TCP or UDP network connections.

• It is designed to be a reliable back-end tool

that can be used directly and easily driven
by other programs and scripts.
Tcpdump :
• The classic sniffer for network
monitoring and data acquisition.

• It requires fewer system resources.

• It doesn't receive new features often, it

is actively maintained to fix bugs and
portability problems.
 Protection
• There are many ways through which we
can protect our system.Some of these
are-
firewalls
Intrusion detection/prevention
systems
Antivirus and anti spyware software
patching
 Firewall
• A combination of hardware and software that
prevents unauthorized users from accessing
private networks.
• Firewalls are designed to deny all traffic and
only allow certain traffic by explicit exception.
• Acts like gatekeeper that examines each users
credentials before access is granted to network.
• Prevents unauthorized communication into and
out of network, by enforcing a security policy
on traffic flowing between its network.

• In organizations, the firewall often resides on a

specially designated computer separate from
rest of the network so no incoming request can
directly access private network resource.
Intrusion detection systems
• Intrusion detection systems monitor hot
spots on corporate networks to detect and
deter intruders.
• To protect against suspicious network traffic
and attempts to access files and databases.
• Looks for patterns indicative of known
methods of computer attacks, such as bad
passwords.
 Antivirus software
• Antivirus and antispyware software checks
computers for the presence of malware or
viruses and can often eliminate it as well.
• But, effective only against viruses already
known when software was written.
• To remain effective, needs to be updated
continually.
 Patching
• Its about patching the vulnerable
system and close the security hole.
example:
Example:
The flaw in the Apple networking software,
called Open Transport, could allow an
outsider to swamp a targeted Mac computer
with messages. The attack doesn't damage
the target but overloads its capacity so that
it ceases to function.
The company then issued software
which makes it possible for target
computers to protect themselves
from denial of service attacks by
ignoring messages.
• This strategy has been utilized successfully for a number of years,
yet it is now becoming impractical due to following reasons:
There are more computers that need
to be patched.
There are more patches that need to
be deployed.
There is less time to deploy a patch
before an exploit is released
 Disaster recovery planning
• Disaster recovery planning devises
plans for the restoration of computing
and communication services after
they have been disrupted by an event
such as earthquake, flood or terrorist
attack.
• focuses primarily on technical issues
involved in keeping systems up and
running.
• Identify which files to back up and the
maintenance of backup computer
systems or disaster recovery services.

• Example:mastercard maintains a
duplicate computer center in kansas
city, missouri to serve as emergency
backup to its primary computer center
in st. Louis.
 Business continuity
planning
• How the company can restores
business operations after a disaster
strikes.

• Business continuity plan identifies

critical business processes and
determines action plans for handling
critical functions if system goes down
• Business managers and information
technologist must work together to
determine processes critical to the
organization.
Thank you…!!!!