Contents

 1. Introduction


 2 Firewalls


 3 Anti-virus


 4 Anti-spyware


 5 Browser choice


 6 See also


 7 References
Introduction:

Internet security is the prevention of unauthorized access and/or damage to computer

systems via internet access. Most security measures involve data encryption and
passwords. Data encryption is the translation of data into a form that is unintelligible
without a deciphering mechanism. A password is a secret word or phrase that gives a user
access to a particular program or system.

Internet security professionals should be fluent in the four major aspects:

 Penetration testing
 Intrusion Detection
 Incidence Response
 Legal / Audit Compliance

Network Address Translation (NAT) typically has the effect of preventing connections
from being established inbound into a computer, whilst permitting connections out. For a
small home network, software NAT can be used on the computer with the Internet
connection, providing similar behaviour to a router and similar levels of security, but for
a lower cost and lower complexity.

Firewalls

A firewall blocks all "roads and cars" through authorized ports on your computer, thus
restricting unfettered access. A stateful firewall is a more secure form of firewall, and
system administrators often combine a proxy firewall with a packet-filtering firewall to
create a highly secure system. Most home users use a software firewall. These types of
firewalls can create a log file where it records all the connection details (including
connection attempts) with the PC.

A firewall is a dedicated appliance, or software running on another computer, which

inspects network traffic passing through it, and denies or permits passage based on a set
of rules.
A firewall's basic task is to regulate some of the flow of traffic between computer
networks of different trust levels. Typical examples are the Internet which is a zone with
no trust and an internal network which is a zone of higher trust. A zone with an
intermediate trust level, situated between the Internet and a trusted internal network, is
often referred to as a "perimeter network" or Demilitarized zone (DMZ).

A firewall's function within a network is similar to firewalls with fire doors in building
construction. In the former case, it is used to prevent network intrusion to the private
network. In the latter case, it is intended to contain and delay structural fire from
spreading to adjacent structures.

Without proper configuration, a firewall can often become worthless. Standard security
practices dictate a "default-deny" firewall ruleset, in which the only network connections
which are allowed are the ones that have been explicitly allowed. Unfortunately, such a
configuration requires detailed understanding of the network applications and endpoints
required for the organization's day-to-day operation. Many businesses lack such
understanding, and therefore implement a "default-allow" ruleset, in which all traffic is
allowed unless it has been specifically blocked. This configuration makes inadvertent
network connections and system compromise much more likely.

First generation - packet filters

The first paper published on firewall technology was in 1988, when engineers from
Digital Equipment Corporation (DEC) developed filter systems known as packet filter
firewalls. This fairly basic system was the first generation of what would become a
highly evolved and technical internet security feature. At AT&T Bell Labs, Bill
Cheswick and Steve Bellovin were continuing their research in packet filtering and
developed a working model for their own company based upon their original first
generation architecture.

Packet filters act by inspecting the "packets" which represent the basic unit of data
transfer between computers on the Internet. If a packet matches the packet filter's set of
rules, the packet filter will drop (silently discard) the packet, or reject it (discard it, and
send "error responses" to the source).

This type of packet filtering pays no attention to whether a packet is part of an existing
stream of traffic (it stores no information on connection "state"). Instead, it filters each
packet based only on information contained in the packet itself (most commonly using a
combination of the packet's source and destination address, its protocol, and, for TCP and
UDP traffic, which comprises most internet communication, the port number).

Because TCP and UDP traffic by convention uses well known ports for particular types
of traffic, a "stateless" packet filter can distinguish between, and thus control, those types
of traffic (such as web browsing, remote printing, email transmission, file transfer),
unless the machines on each side of the packet filter are both using the same non-standard
ports.

Second generation - "stateful" filters

From 1980-1990 three colleagues from AT&T Bell Laboratories, Dave Presetto, Janardan
Sharma, and Kshitij Nigam developed the second generation of firewalls, calling them
circuit level firewalls.

Second Generation firewalls in addition regard placement of each individual packet

within the packet series. This technology is generally referred to as a stateful firewall as it
maintains records of all connections passing through the firewall and is able to determine
whether a packet is either the start of a new connection, a part of an existing connection,
or is an invalid packet. Though there is still a set of static rules in such a firewall, the
state of a connection can in itself be one of the criteria which trigger specific rules.

This type of firewall can help prevent attacks which exploit existing connections, or
certain Denial-of-service attacks.

Third generation - application layer

Publications by Gene Spafford of Purdue University, Bill Cheswick at AT&T
Laboratories, and Marcus Ranum described a third generation firewall known as an
application layer firewall, also known as a proxy-based firewall. Marcus Ranum's work
on the technology spearheaded the creation of the first commercial product. The product
was released by DEC who named it the DEC SEAL product. DEC’s first major sale was
on June 13, 1991 to a chemical company based on the East Coast of the USA.

The key benefit of application layer filtering is that it can "understand" certain
applications and protocols (such as File Transfer Protocol, DNS, or web browsing), and it
can detect whether an unwanted protocol is being sneaked through on a non-standard port
or whether a protocol is being abused in a known harmful way.

Anti-virus

Antivirus software are computer programs that attempt to identify, neutralize or eliminate
malicious software. The term "antivirus" is used because the earliest examples were
designed exclusively to combat computer viruses; however most modern antivirus
software is now designed to combat a wide range of threats, including worms, phishing
attacks, rootkits, trojan horses and other malware. Antivirus software typically uses two
different approaches to accomplish this:

examining (scanning) files to look for known viruses matching definitions in a virus
dictionary, and identifying suspicious behavior from any computer program which might
indicate infection.

The second approach is called heuristic analysis. Such analysis may include data
captures, port monitoring and other methods.

Most commercial antivirus software uses both of these approaches, with an emphasis on
the virus dictionary approach. Some people consider network firewalls to be a type of
antivirus software, however this is not correct.

Some people or companies with malicious intentions write programs like computer
viruses, worms, trojan horses and spyware. These programs are all characterised as being
unwanted software that install themselves on your computer through deception.

Trojan horses are simply programs that conceal their true purpose or include a hidden
functionality that a user would not want.
Worms are characterised by having the ability to replicate themselves and viruses are
similar except that they achieve this by adding their code onto third party software. Once
a virus or worm has infected a computer, it would typically infect other programs (in the
case of viruses) and other computers.

Viruses also slow down system performance and cause strange system behavior and in
many cases do serious harm to computers, either as deliberate, malicious damage or as
unintentional side effects.

In order to prevent damage by viruses and worms, users typically install antivirus
software, which runs in the background on the computer, detecting any suspicious
software and preventing it from running.

Some malware that can be classified as trojans with a limited payload are not detected by
most antivirus software and may require the use of other software designed to detect
other classes of malware, including spyware.

Anti-spyware

There are several kinds of threats:

Spyware is software that runs on a computer without the explicit permission of its user. It
often gathers private information from a user's computer and sends this data over the
Internet back to the software manufacturer.

Adware is software that runs on a computer without the owner's consent, much like
spyware. However, instead of taking information, it typically runs in the background and
displays random or targeted pop-up advertisements. In many cases, this slows the
computer down and may also cause software conflicts.

Many programmers and some commercial firms have released products designed to
remove or block spyware. Steve Gibson's OptOut pioneered a growing category.
Programs such as Lavasoft's Ad-Aware SE (free scans for non-commercial users, must
pay for other features) and Patrick Kolla's Spybot - Search & Destroy (all features free for
non-commercial use) rapidly gained popularity as effective tools to remove, and in some
cases intercept, spyware programs. More recently Microsoft acquired the GIANT
AntiSpyware software, rebranding it as Windows AntiSpyware beta and releasing it as a
free download for Genuine Windows XP and Windows 2003 users. In 2006, Microsoft
renamed the beta software to Windows Defender (free), and it was released as a free
download in October 2006 and is included as standard with Windows Vista. Other well-
known commercial anti-spyware products include:

PC Tools's Spyware Doctor (free scans and removes spyware free, but free editions have
limited real time protection)

DriveSentry (free version (3.1) will remove spyware)

ParetoLogic's Anti-Spyware and XoftSpy SE (free version does not remove spyware)

Sunbelt Software's Counterspy (15-day free trial)

Trend Micro's HijackThis (free)

Webroot Software's Spy Sweeper (free version does not remove spyware)

Major anti-virus firms such as Symantec, McAfee and Sophos have come later to the
table, adding anti-spyware features to their existing anti-virus products. Early on, anti-
virus firms expressed reluctance to add anti-spyware functions, citing lawsuits brought by
spyware authors against the authors of web sites and programs which described their
products as "spyware". However, recent versions of these major firms' home and business
anti-virus products do include anti-spyware functions, albeit treated differently from
viruses. Symantec Anti-Virus, for instance, categorizes spyware programs as "extended
threats" and now offers real-time protection from them (as it does for viruses).

Recently, the anti-virus company Grisoft, creator of AVG Anti-Virus, acquired anti-
spyware firm Ewido Networks, re-labeling their Ewido anti-spyware program as AVG
Anti-Spyware Professional Edition. AVG also used this product to add an integrated anti-
spyware solution to some versions of the AVG Anti-Virus family of products, plus made
a freeware AVG Anti-Spyware Free Edition available for private and non-commercial
use. This shows a trend by anti virus companies to launch a dedicated solution to spyware
and malware. Zone Labs, creator of Zone Alarm firewall have also released an anti-
spyware program.

Conclusion

Internet security is the prevention of unauthorized access and/or damage to computer

systems via internet access. Most security measures involve data encryption and
passwords. A firewall blocks all "roads and cars" through authorized ports on your
computer, thus restricting unfettered access. A stateful firewall is a more secure form of
firewall, and system administrators often combine a proxy firewall with a packet-filtering
firewall to create a highly secure system. Antivirus software are computer programs that
attempt to identify, neutralize or eliminate malicious software. The term "antivirus" is
used because the earliest examples were designed exclusively to combat computer
viruses; however most modern antivirus software is now designed to combat a wide
range of threats, including worms, phishing attacks, rootkits, trojan horses and other
malware.

References

Browser Statistics". w3schools.com. Retrieved