Mark Boyer - Methods of Securing Data in Windows Networks
Download
Report
Transcript Mark Boyer - Methods of Securing Data in Windows Networks
Methods of Securing Data in
Windows Networks
Mark Boyer
Ways To Secure Data On A Network
Authentication and Authorization
Encryption/decryption
Virtual Private Networks (VPN)
Firewalls
Virus and Worm Protection
Spyware Protection
Wireless Security
Authentication and Authorization
Authentication – security feature that allows
administrators to control who has access to your
network
Authorization – what the users that are
authenticated are allowed to access while on the
system
Windows Password Tools
Specify length and complexity of users
passwords
XP allows passwords to be from 0 to 128
characters
Complexity setting requires user to meet 3 of
4 requirements
Lower case letters, uppercase letters, numbers,
and special characters
Windows Password Tools cont.
Minimum Password Age – min amount of days before
user can change their password
Maximum Password Age – max amount of day before
user has to change their password
Enforce Password History Setting – makes sure users
can not reuse older passwords
Account Lockout – can set system to lock out a user if
they enter the wrong password to many times
Can set to unlock manually or automatically
Restricting Logon Hours & Location
Windows administrators can set time of day, day
of week, and location of accessing the networks
Restricting reasons
System backup
Don’t want anyone on the system during this process
Policy restrictions
You don’t want people that deal with sensitive materials to
be able to access them out of the office
Windows Authorizing Access
Two Ways
Sharing permissions
NTFS Permissions
Sharing Permissions
Applied only to folders shared over the
network
Files within these folders inherit same
permissions as the folder
Permissions only apply to users trying to
access through the network, not locally
NTFS Permissions
Can assign to both folders and files
Also can restrict local users as well as ones
logged in over the network
Assign permissions to individual users or groups
of users
Has 6 different standard permissions and 14
different special permissions
Windows & Encryption
Encoding of data used to protect data
transferred over a network or the internet
Two ways of windows encryption
IP Security (IPSec)
Encrypting File Systems (EFS)
IPSec
Most popular method of encrypting data
It works by creating an connection between two devices
Done by one of three ways of authenticating
Preshared key – special key entered on both devices by an
admin
Kerberos authentication – special key generated by the OS
(more secure)
Digital certificates – uses a third party known as Certification
Authority (CA)
Must apply for a digital certificate from CA
When comunication takes place each device sends certificate to CA
for verification
Three Standard IPSec Policies in
Windows
Client (Respond Only) – only uses secure
communication if the other device suggests it
Server (Request Security) – requests IPSec
communication if its supported
Allows unsecure communication if it isn't supported
Secure Server (Require Security) – requires
IPSec
Rejects any device that does not support it
Encrypting File Systems (EFS)
Process of encrypting data on the
computers disk drive so that only the file
creator and data recovery agent can
decrypt it
Data recovery agent usually administrator
This is useful if someone gains access to your
hard drive
Windows VPN’s
Temporary or permanent connections
across a network such as the internet that
use encryption to send and receive data.
Leave it at that (other students topic)
Firewalls
Hardware or software programs that
inspects packets going in and out of the
system weeding out ones that are not
desired
Windows has implemented its own personal
firewall into it operating system
It basically monitors traffic in and out of the
system and stops anything suspicious and possibly
harmful
Online Firewall Software
ZoneAlarm Firewall
Armor2net Personal Firewall 3.12
Commando Firewall Pro
Tiny Personal Firewall 6.5
There are tons of them
Malware Protection
Any software that is meant to cause harm or
disruption to any computer system
Virus
program that spreads by replicating itself into other
programs or documents
Goal corrupt or delete files
Worm
Self contained program that spreads by replicating itself
Does not need help to spread
Goals send emails, delete files, create backdoors, use up
network bandwidth
Malware cont.
Trojans
program that appears to be something useful but
is really a form of malware such as free utilities
Spyware (sniffing software)
Collects info about activities on the computer they
are on and reports them back to one who put
them on there
Anti Virus Software
Can be expensive to maintain but it is much
more expensive to lose critical company data
Available Software
AVG Anti-Virus Free Addition
AVAST home addition
Avira AntiVir Personal – Free Antivirus
Norton AntiVirus
McAfee Virus Scan Plus
Spyware Software
Removes spyware that is on your
computer system
Ad-Aware 2008
Spybot – Search & Destroy
Spyware Doctor 5.5
SpywareBlaster 4.1
Wireless Security
You want to protect your wireless signal from wardrivers
5 ways of doing this (Use at least one if not a few)
Service Set Identifier (SSID)
Wired Equivalency Protocol (WEP)
Improvement over WEP
Alters encryption key periodically and automatically
802.11i (WPA2)
provides data encryption in a network
Uses a static encryption key
Wi-Fi Protected Access (WPA)
Alphanumeric label that identifies one LAN from another
Better encryption and encryption key handling
MAC address filtering
Used on small networks
Restricts network access to specific MAC addresses
Citations
Cnet. Retrieved October 1, 2008, Web
site: http://www.download.com
Windows IT Library. Retrieved October 1,
2008, Web site
http://www.windowsitlibrary.com
Greg Tomsho, Ed Tittle, David Jhonson.
(2007) Guide to Networking Esentials,
Fifth Edition.