Transcript Computer Maintenance

Review Previous Lesson
1.
Describe those 4 physical network architectures.
2.
Node, host, NIC, hardware address, Ethernet address, protocol,
Packet, datagram, frame, Ethernet, IP address, Port address, subnet
mask, http, ftp, pop3, IMAP, VoIP,
3.
Describe three different types of wireless network.
4.
What are the six types of telephone network? How to install?
5.
Describe four suite of Protocol.
6.
How to share and access resources on the network?
7.
Describe symptom that might indicate the NIC is faulty.
8.
What can you do to try to test TCP/IP configuration and connectivity?
What technology can you use to connect to Internet?
9.
What are the functions of firewall both HW or SW?
10. Advantages of using a Router?
11. Common port, 20, 21, 22, 23, 25, 80, 110, 119, 143, 443?
Copyright © 2007 - CIST
1
Computer Maintenance
CompTIA A+ Guide to Managing & Maintaining Your PC
By: JEAN ANDREW
Chapter 4
Security (PC & Network) Part I
???
• What is security?
• Why you need security?
• How to secure your PC or network?
• What will can be happened if your PC or network are not
secured?
Copyright © 2007 - CIST
3
Objectives
After you have completed this lesson, you will be
able to:
• Identify ways to secure a desktop or notebook
computer
• Identify ways to secure a local wired or wireless
network
Copyright © 2007 - CIST
4
Scenario
In this chapter, you will learn:
– Access control
– Limit use of the administrator account
– Use a personal firewall
– Use Anti-virus Software
– Keep Windows update current
– Set Internet explorer for optimum security
– Use alternate third-party client software
– Consider using “Microsoft Shared Computer Toolkit for Windows XP”
– Secure important files and folders
– Hide and encrypt files and folder
– Physically protect your computer
– Beware of social engineering
– Keeps good backup of user data
– Backup system files
– Make use of event logging and incident report
– Destroy the trash
– Perform a monthly security maintenance routine
Copyright © 2007 - CIST
5
Access Control
• Authentication proves that an individual is who he says
he is and is accomplished by a variety of techniques.
• Authentication determines what an individual can do in
the system after he or she is authenticated
Copyright © 2007 - CIST
6
Access Control
• Power-on passwords and other BIOS security
• How to create strong passwords and protect them
– www.microsoft.com/athome/security/privacy/password_checker.m
spx
• Access control using Windows
– Uncheck “Use Simple file sharing” in folder options
– Configure which users are allowed access

Cacls myfile.txt

Cacls myfile.txt /E /G User1:R

Cacls myfile.txt /E /R User1
Open
CMD
Copyright © 2007 - CIST
Cacl.jpg
7
Access Control
Grant rights to
Leapcheang
Revoke rights
to Leapcheang
Figure 19-12 Use the Cacls command to change user permissions for files and folders
Copyright © 2007 - CIST
Cacl.jpg
8
Limit use of the administrator
account
• Why you should not logon as administrator account for
•
•
•
•
daily work?
The problem is that a malware program might be at work
while we’re logged on
It’s a good idea to create a Limited User account to use
for your everyday normal activities
To help you remember to limit the use of the Administrator
account, change the desktop
Be sure to change the password of the Administrator
account and use a strong password
Copyright © 2007 - CIST
9
Use a personal firewall
• Never, ever connect your computer to an unprotected
network without using a firewall
• Firewall is software or hardware that prevent worms or
hackers from getting into your system
• Software firewalls are better than no firewall at all, but a
hardware firewall offers greater protection.
Fire
wall
Copyright © 2007 - CIST
10
Use a personal firewall
Fire
wall
Copyright © 2007 - CIST
11
Use AV software
• When selecting AV software, find out if it can be:
– Automatically download new software upgrade & virus
definition from the Internet
– Automatically execute at startup
– Detect macros in a word-processing document
– Automatically monitor files being download from
Internet
– Send virus alerts to your email address to inform you of
a dangerous virus
– Scan both automatically and manually for virus
Copyright © 2007 - CIST
12
Popular antivirus software
Antivirus Software
Web Site
AVG Anti-Virus by Grisoft
www.grisoft.com
Computer Associate
www.ca.com
F-Secure Antivirus by F-Secure Corp.
www.f-secure.com
eSafe by Aladdin Knowledge Systems, Ltd.
www.esafe.com
McAfee VirusScan by McAfee Associate, Inc.
www.mcafee.com
F-Prot by FRISK Software International
www.f-prot.com
NeaTSuite by Tren Micro (for networks)
www.trenmicro.com
Norman by Norman Data Defense Systems, Inc.
(complicated to use, but highly effective)
www.norman.com
Penda Software
www.pendasoftware.com
PC-cilin by Trend Micro (for home use)
www.trendmicro.com
Copyright © 2007 - CIST
13
Keep windows updates current
• Security holes are being found all the time, and Microsoft is
constantly releasing patches to keep up
• You can keep Windows update current by using the
Website: windowsupdate.microsoft.com
– Start > All programs > Windows Update
• To update automatically
– Right-click on My Computer > Properties > click Automatic
Updates tab > select Automatic (recommended)
Copyright © 2007 - CIST
14
Keep windows updates current
Copyright © 2007 - CIST
15
Set Internet Explorer For
Optimum Security
• For most Web browsing, set the security level to Medium
Copyright © 2007 - CIST
16
Use alternative client software
• Browser software
– Internet Explorer is by far the most popular browser
– IE is written to more closely integrate with Windows Components
than other browsers.
– IE is written to use Active X control. Microsoft invented Active X
controls so that Web site could use some nifty multimedia
features.
• E-mail clients
– Microsoft Outlook and Outlook Express are probably the most
popular e-mail clients.
– You can use Eudora by Qualcomm (www.eudora.com), Mozilla
offers Thunderbird
Copyright © 2007 - CIST
17
Consider using “Microsoft Shared
Computer Toolkit for Windows XP”
• If your are responsible for Windows XP computers used in
a public place, you might want to consider installing and
running Microsoft Shared Computer Toolkit for Windows
XP.
• This software lock down the drive on which Windows is
installed so that a user cannot permanently change
Windows configuration, installed software or hardware,
user settings, or user data.
• The toolkit can be downloaded for free to computer that
are running a genuine Windows XP license.
Link
Copyright © 2007 - CIST
18
Hide and encrypt files and folders
• Disable file and printer sharing so that the others cannot
access resources on your computer
• Hide your computer from other on the network
• Hide a shared folder
• Make your personal folders private
• Another way you can protect files and folders is to use
Encrypted File System (EFS)
Note: when you open an encrypted file with an application,
Windows decrypts the file for the app. to use.
Copyright © 2007 - CIST
19
Hide and encrypt files and folders
• How to encrypt a file or folder
• How to share an encrypted file
• How to decrypt a file or folder
– From the file’s properties dialog box, click Advance button,
uncheck Encrypt contents to secure data.
– Encryption is remove automatically when you move a file or folder
to a FAT logical drive because FAT does not support encryption.
– Use the cipher command
• How to use a cipher command
For example, to decrypt all files in the c:\public folder, use
this command:
– CIPHER /D c:\public\*.*
Copyright © 2007 - CIST
20
Physically protect your
equipment
• Don’t move or jar your PC when it’s turned on
• Don’t smoke around your computer
• Don’t leave the PC turned off for weeks or months at a
time
• High humidity an be dangerous for hard drives
• In CMOS setup, disable the ability to write to the boot
sector of the hard drive
• If your data is really private, keep it under lock and key
• Keep magnets away from your computer
• Lock down the computer case
Copyright © 2007 - CIST
21
Beware of social engineering
• Phishing: is a type of identity theft where the sender of an
email message scams you into responding with personal
data about yourself.
• Scam artists use Scam email to lure you into their
scheme. For example it promise you to give some money
or commission
• A virus hoax or email hoax is email that does damage by
tempting you to forward it to everyone in your email
address book with the intent of clogging up email system
or to delete a critical windows system file by convincing
you the file is malicious.
Copyright © 2007 - CIST
22
Responsible Internet habits
1. You shall not open the e-mail attachments without scanning
them for viruses first.
2. You should not click links inside e-mail messages
3. You should not forward an e-mail message without first
checking to see if that warning is a hoax
4. You shall always check out a Web site before you download
anything from it
5. You shall never give your private information to just any ole
Web site
6. You shall never trust an e-mail message asking you to verify
your private data on a Web site with which you do business
Copyright © 2007 - CIST
23
How to debunk an E-mail hoax
Copyright © 2007 - CIST
24
How to show up an e-mail hoax
• Here are websites that specialize the virus hoaxes:
– hoaxbusters.ciac.org by Computer Incident Advisory Capability
– www.hoaxinfo.com by Jeff Richards
– www.hoaxkill.com by Oxcart Software
– www.snopes.com by Urban Legends
– www.viruslist.com by Kaspersky Lab
– www.vmyths.com by Rhode Island Soft Systems, Inc.
Copyright © 2007 - CIST
25
Protect against malicious e-mail
scripts
• How scripts work
– Script can written in VBScript or Jscript and are executed in
Windows using the WSH utility, Wscript.exe
– The extension that Windows recognize by default are Jscript (.js),
Jscript Encoded (.jse), VBScript Encode (.vbe), VBScript (.vbs),
and Windows Script (.wsf).
• How scripts are spread
• How to help protect against malicious scripts
– Set Windows so that script file extensions display by default
– Set Windows to not execute scripts, but rather to open
them in a Notepad window.
Copyright © 2007 - CIST
26
Protect against malicious e-mail
scripts
Copyright © 2007 - CIST
27
Security (PC & Network)
Part I
• Keep good backups of user data
• Backup system files
– Use ntbackup.exe to backup the system state and registry before
you edited the registry
– You need to backup system state before you make a major
change like install a new hard drive or software
– If others in your organization have permission to install hardware
or application, you might need to explain them the importance of
backing up the system state.
Copyright © 2007 - CIST
28
Make use of event logging and
incident reporting
• Monitoring Windows XP Logon Events
To track failure when people are attempting to log on to the system:
1. Log on to the system as an administrator. In Group Policy, drill
down to Computer Configuration, Windows Settings,
Security Settings, Local Policies, and Audit Policy
2. Double-click Audit account logon events. Check Failure and
click Apply. Do the same for Audit logon events.
3. To see the events that are logged, open Event Viewer and
select Security
4. You can set the system to halt when the security log file is full.
To do that, right-click on Security, Properties
Copyright © 2007 - CIST
29
Make use of event logging and
incident reporting
Copyright © 2007 - CIST
30
Make use of event logging and
incident reporting
Copyright © 2007 - CIST
31
Make use of event logging and
incident reporting
5. Select Do not overwrite events (clear log manually) and click
OK
6. The next step is to edit the registry to tell the system to halt when
the log file size is exceeded. Open registry editor and navigate to
this key: HKLM\System\CurrentControlSet\Control\Lsa.
7. To backup the key, right-click it and select Export
8. In the right pane, double-click the name CrashOnAuditFail.
Assign 1 to its value and click OK.
Note: if the size of the Security log file is exceeded, you must restart
the system, log on to the system as an administrator, open Event
Viewer, save the log file, and then clear the log file.
Copyright © 2007 - CIST
Sec.Prop
CrashOnAudit
32
Make use of event logging and
incident reporting
Copyright © 2007 - CIST
33
Make use of event logging and
incident reporting
Copyright © 2007 - CIST
34
Monitoring Changes to Files and
Folders
•
To monitor access to a file or folder. Do following:
1.
Open Group policy, Computer configuration, Windows Settings,
Local Policies, Audit Policy, and double-click Audit object
access, check Failure and click Apply. Close the Group Policy
windows.
2.
Open the Properties of file or folder you want to monitor and click
Security tab. Then click Advanced. Click the Auditing tab.
3.
You can now add users that you want to monitor and decide what
activity to monitor. To add a user, click Add. When you’re done, click
Apply.
4.
To view the logged activity, open Event Viewer and double-click
Security
Copyright © 2007 - CIST
ObjAccess
AuditSecuTab
EventViewr
35
Monitoring Changes to Files and
Folders
Copyright © 2007 - CIST
36
Monitoring Changes to Files and
Folders
Copyright © 2007 - CIST
37
Monitoring Changes to Files and
Folders
Copyright © 2007 - CIST
38
Monitoring Changes to Startup
• You can install some third-party monitoring tools to
monitor the startup process and let you know when
installation software attempt to add something to your
start up routine.
• Three good products are:
– Autoruns by Sysinternals (www.sysinternal.com)
– WinPatrol by BillP Studios (www.winpatrol.com)
– Startup Control Panel by Mike Lin (www.mlin.net)
Copyright © 2007 - CIST
39
Monitoring Network Activity
• You can use Windows Firewall to monitor and log network
•
•
•
•
•
activity.
Go to Windows Firewall window, click Advance tab.
Under Security Logging, click Setting
Path of the log file is C:\Windows\pfirewall.log
Log dropped packet is a packet that could not be
successfully delivered.
Log dropped packet when you’re trying to solve a
connection problem
Log successful connections when you want to monitor
network activity.
Copyright © 2007 - CIST
40
Destroy The Trash
• Destroy all storage media before you throw it out
• Shred or otherwise destroy hard copies that contain
sensitive data
• Data migration is moving data from one application to
another application. After the migration is complete, be
sure to destroy old data storage media that is no longer
used.
• When retiring a computer system. The best ways to totally
erase everything on a hard drive is to use a zero-fill utility
provided by a manufacturer.
Copyright © 2007 - CIST
41
Perform a Monthly Security
Maintenance Routine
1. Change the administrator password(strong pass.)
2. Checking that Windows Automatic Update is turned on and
3.
4.
5.
6.
7.
working.
Check that AV software is installed and current
Visually check the equipment to make sure the case has not
been tampered with. Is the lock secure?
Check the Event Viewer. Take a look at the Security list,
looking for the failed attempts to access the system.
Verify that user backups of data are being done and current
backups of data and the System State exit.
If you are running Windows Disk Protection, you need to save
any changes to disk that are required to update installed
software.
Copyright © 2007 - CIST
42
Securing Your Wired or Wireless
Network
• Use a router to secure a SOHO network
– Limit communication from outside the network
– Limit communication form within the network
– Secure a wireless access point
– Implement a virtual private network (VPN)
• Authentication technologies for larger networks
– Encrypted user accounts and passwords
– Smart cards
– Biometric Data
Copyright © 2007 - CIST
43
Vocabulary
authentication
authorization
phishing
social engineering
zero-fill utility
scam email
spam
virus hoax
Copyright © 2007 - CIST
Encrypted File
System
script
worm
44
Summary
• Part of securing a Windows XP desktop or notebook
computer includes securing the logon process, setting
power-on passwords, using strong passwords, and limiting
the use of the administrator account.
• All computer need to run a personal Firewall such as
Windows Firewall under Windows XP with SP2 applied.
• For AV software or anti-adware software to be effective, it
must be kept current and it must always be running in the
background.
• Keeping Windows updates current is necessary to plug up
any security holes a they become known.
• Internet Explorer can be set for better security by controlling
the way scripts are used.
• Using less-popular clients such as Firefox might mean you
are less likely to be attacked than popular one like IE.
Copyright © 2007 - CIST
45
Summary
•
Practice and teach responsible Web surfing, such as never opening
an e-mail attachment from unknown senders and never downloading
from Web site you have not carefully checked out.
•
Microsoft Shared Computer Toolkit can be used to lock down a public
personal computer.
•
File and folders can be hidden and made private and data within
these files and folders can be encrypted using WEFS.
•
Physically protect the equipment for which you are responsible
•
Social engineering techniques used by criminals include phishing,
scamming, and virus hoaxes.
•
To make it less likely you’ll launch a malicious script on your
computer, set Windows to display file extensions of scripts.
Copyright © 2007 - CIST
46
Summary
•
•
•
•
•
To secure a system, maintain good backups of user data and System
State files.
Monitor and log events concerning logon failures, access to files and
folders, changes to startup, and network activity.
Don’t throw a way or recycle storage media without first destroying all
data on the media.
Maintain a monthly routine to check your security implementations to
make sure all is working as it should and make any changes as
appropriate.
A small network can be secured using a router. For larger networks, a
user can be authenticated on a network using encrypted user
accounts and passwords, a token such as using a smart card, and/or
biometric data.
Copyright © 2007 - CIST
47
Review Questions
• Where can virus hide?
• Which windows tool do you use to view a recorded
•
•
•
•
•
log of network activity?
What is social engineering? Phishing?
What is spam? Scam e-mail ? Virus hoax?
What are five file extensions that might be used
for scripts?
Why might someone see better security when
using a browser other than Internet Explorer?
Name one e-mail client other than MS Outlook or
Outlook Express?
Copyright © 2007 - CIST
48
Question
Questions?
Video of chapter 17/18
(reference on the guide ‘Managing & maintaining your PC’)
- Securing a wireless LAN
- Using a Hardware firewall
and now it’s time to practice
Copyright © 2007 - CIST
49