Scribd Logo
Importer

Bienvenue sur Scribd !

  • Detecting Network Viruses Using Mikrotik: GLC Webinar, 25 August 2016 Achmad Mardiansyah GLC Networks, Indonesia

    Transféré par

    Naz Lun
    13 vues24 pages
    The document is a presentation about detecting network viruses using Mikrotik devices. It introduces GLC Networks and the trainer Achmad Mardiansyah. It defines computer viruses, worms, and trojans. It discusses virus characteristics and how they infect systems. It outlines virus countermeasures like installing antivirus software and using intrusion detection systems and firewalls on network devices. The presentation demonstrates virus detection and prevention techniques in RouterOS like port limiting, address lists, sniffing, and using the Torch tool. It concludes with asking for feedback and information on future webinars.

    Description originale:

    detecting network virus by using mikrotik

    Titre original

    20160825detectingnetworkvirususingmikrotik-160830132333

    Copyright

    © © All Rights Reserved

    Formats disponibles

    PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    The document is a presentation about detecting network viruses using Mikrotik devices. It introduces GLC Networks and the trainer Achmad Mardiansyah. It defines computer viruses, worms, and trojans. It discusses virus characteristics and how they infect systems. It outlines virus countermeasures like installing antivirus software and using intrusion detection systems and firewalls on network devices. The presentation demonstrates virus detection and prevention techniques in RouterOS like port limiting, address lists, sniffing, and using the Torch tool. It concludes with asking for feedback and information on future webinars.

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    13 vues24 pages

    Detecting Network Viruses Using Mikrotik: GLC Webinar, 25 August 2016 Achmad Mardiansyah GLC Networks, Indonesia

    Transféré par

    Naz Lun
    The document is a presentation about detecting network viruses using Mikrotik devices. It introduces GLC Networks and the trainer Achmad Mardiansyah. It defines computer viruses, worms, and trojans. It discusses virus characteristics and how they infect systems. It outlines virus countermeasures like installing antivirus software and using intrusion detection systems and firewalls on network devices. The presentation demonstrates virus detection and prevention techniques in RouterOS like port limiting, address lists, sniffing, and using the Torch tool. It concludes with asking for feedback and information on future webinars.

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 24

    Detecting network viruses

    using mikrotik
    GLC webinar, 25 august 2016

    Achmad Mardiansyah
    achmad@glcnetworks.com
    GLC Networks, Indonesia
    www.glcnetworks.com
    Agenda

    ● Introduction
    ● Computer Virus
    ● Monitoring network with mikrotik
    ● Demo
    ● Q&A

    www.glcnetworks.com
    What is GLC?

    ● Garda Lintas Cakrawala (www.glcnetworks.com)


    ● An Indonesian company
    ● Located in Bandung
    ● Areas: Training, IT Consulting
    ● Mikrotik Certified Training Partner
    ● Mikrotik Certified Consultant
    ● Mikrotik distributor

    3
    www.glcnetworks.com
    Trainer Introduction

    ● Name: Achmad Mardiansyah


    ● Base: bandung, Indonesia
    ● Linux user since ’99
    ● Certified Trainer (MTCNA/RE/WE/UME/INE/TCE)
    ● Mikrotik Certified Consultant
    ● Work: Telco engineer, Sysadmin, PHP programmer,
    and Lecturer
    ● Personal website: http://achmad.glcnetworks.com
    ● More info:
    http://au.linkedin.com/in/achmadmardiansyah

    4
    www.glcnetworks.com
    Please introduce yourself

    ● Your name
    ● Your company/university?
    ● Your networking experience?
    ● Your mikrotik experience?
    ● Your expectation from this course?

    5
    www.glcnetworks.com
    What is Mikrotik?

    ● Name of a company
    ● A brand
    ● A program (e.g. mikrotik academy)
    ● Headquarter: Riga, Latvia

    6
    www.glcnetworks.com
    What are mikrotik products?

    ● Router OS
    ○ The OS. Specialized for networking
    ○ Website: www.mikrotik.com/download
    ● RouterBoard
    ○ The hardware
    ○ RouterOS installed
    ○ Website: www.routerboard.com

    7
    www.glcnetworks.com
    What Router OS can do?

    ● Go to www.mikrotik.com
    ○ Download: what_is_routeros.pdf
    ○ Download: product catalog
    ○ Download: newsletter

    8
    www.glcnetworks.com
    What are Mikrotik training & certifications?

    Certificate validity is 3 years

    9
    www.glcnetworks.com
    Computer virus

    www.glcnetworks.com
    What is virus, worms, trojan horse?

    Virus

    ● A self-replicating program. Often Viruses require a host, and their goal is to


    infect other files so that the virus can live longer.
    ● Nothing to do with biological virus!!

    Worms

    ● Worms are insidious because they rely less (or not at all) upon human
    behavior in order to spread themselves from one computer to others.

    Trojan Horses

    ● A Trojan Horse is a one which pretend to be useful programs but do some


    unwanted action.

    www.glcnetworks.com
    Virus characteristic

    ● Very small size


    ● Versatile: available for many application
    ● Propagation: able to infect to other software, to other computer
    ● Can cause catastrophic effects: data loss, slow processing, botnet
    ● Persistence: able to reoccur through replication

    www.glcnetworks.com
    How computer virus infects other software

    www.glcnetworks.com
    Virus propagation

    ● Boot sector
    ● Non resident
    ● Macro virus
    ● Via hacked website (XSS - cross side scripting)

    www.glcnetworks.com
    Virus countermeasures on
    network

    www.glcnetworks.com
    Virus identification

    ● Host based (need to install antivirus software on host)


    ○ Signature based
    ○ heuristic
    ● Network based (analysing traffic that flows through devices)
    ○ Using protocol analyser
    ○ IDS (intrusion detection system)
    ■ Use signature based
    ■ Use heuristics
    ■ Using anomaly analytics
    ○ Devices:
    ■ Hub
    ■ Switch -> port mirrorring
    ■ Router -> activate sniff feature

    www.glcnetworks.com
    Virus countermeasures

    Local host

    ● Install antivirus
    ● Use checksum software

    Network devices

    ● Apply IDS
    ● Setup firewall rules

    www.glcnetworks.com
    On routeros...

    ● limit outgoing sync rate for SMTP


    ● drop/limit outgoing SMB/CIFS port: 135-139, 445
    ● Identify src-ip-addr that send high number of connection -> use src-addr-list
    ● Apply limit / conn-limit
    ● use tarpit / drop / reject
    ● redirect customer to a webpage
    ● setup whitelist
    ● run torch
    ● Run sniffer and send the traffic to protocol analyser software
    ○ Snort
    ○ Sourcefire
    ○ Wireshark
    ○ etc

    www.glcnetworks.com
    Demo

    www.glcnetworks.com
    Firewall limit, conn-limit, address-list, tarpit

    www.glcnetworks.com
    Sniffing on RouterOS

    www.glcnetworks.com
    torch

    www.glcnetworks.com
    QA

    www.glcnetworks.com
    End of slides

    ● Thank you for your attention


    ● Please submit your feedback: http://bit.ly/glcfeedback
    ● Like our facebook page: “GLC networks”
    ● Stay tune with our schedule

    www.glcnetworks.com

    Vous aimerez peut-être aussi