IS493 Information Security
Download
Report
Transcript IS493 Information Security
LAB#: 1
Securing your system
1.1: TENABLE NESSUS
Nessus currently works on
Windows, Linux, and Mac.
It is a vulnerability scanner,
It can scan a targeted system or a range of systems
It identifies any vulnerabilities or weaknesses.
CONTI…
Nessus has two parts
Server, which is already set up,
Client which you will be working with.
When you first lunch the Nessus client you need to connect to the server.
CONTI…
Chose Single host, and type in your PC’s IP address.
Nessus will generate a whole report about the scanned system.
1.2: RUN THE MICROSOFT BASELINE SECURITY
ANALYZER (MBSA)
MBSA currently works with Microsoft Windows OS.
YOU CAN
scan a system and
identify weaknesses and misconfigurations.
CONTI…
To run MBSA, follow these steps:
Log in with administrator privileges
Download the latest version of MBSA from
http://technet.microsoft.com/en-us/security/cc184924.aspx.
CONTI…
Choose the option ‘Scan a computer’.
The default computer to scan will be the one you are sitting at.
You can change this to another on the network by specifying either the computer’s
name or IP.
Click Start Scan.
CONTI…
View the report that is given when the scan finishes.
The report will include information on missing security updates,
Service packs for the operating system and
Microsoft applications.
CONTI…
It will also identify any user accounts that have
blank or simple passwords,
firewall status,
the number of local administrators configured,
unnecessary services.
FIGURE 1.1 MBSA
FIGURE 1.2 RESULTS OF MBSA
1.3: CONFIGURE WINDOWS AUTOMATIC
UPDATES
One of the most important things you can do to keep your systems secure is to
keep them up-to-date.
Start the System applet by choosing Start Control Panel System. *Switch the
view to Classic mode
Click the Automatic Updates tab.
Check the Keep My Computer Up To Date option (with some service packs, this
becomes simply an Automatic radio button).
LAB#: 2
Identifying running processes, ports, and services
INTRODUCTION
It is important to know what processes are running on a machine at any given time.
In addition to the programs that a user may be using, there are always many others
that are required by the operating system, the network, or other applications.
2.1: IDENTIFY RUNNING PROCESSES ON
A WINDOWS-BASED MACHINE
All recent versions of Windows include the Task Manager to allow you to see what
is running.
1. Right-click an empty location in the Windows Taskbar.
2. Choose Task Manager from the pop-up menu that appears.
CONTI…
Examine the list and
look for anything out of the ordinary.
After doing this a few times,
you will become familiar with what is normally there and
will be able to spot oddities quickly.
2.2: USING PROCESSES EXPLORER TO IDENTIFY
RUNNING PROCESSES, PORTS AND SERVICES
Process Explorer is a system monitoring and examination utility
It can be used as the first step in debugging software or system problems.
To use Process Explorer follow these steps:
Download Process Explorer from Google
Then double click on “procexp” on your desktop
Click Ctrl+L. a lower panel will show up.
FIGURE 2.1 PROCESS EXPLORER.
Click Ctrl+I,
System information window will appear showing statistics and graphs about the
system.
Click on any process from the top window (e.g. svchost.exe), and
right click on it and chose ‘properties’.
FIGURE2.2 SYSTEM INFORMATION FROM
PROCESS EXPLORER
LAB#: 3
Windows system
LAB#: 3
In this Lab, you will be learning some important security aspects in the Windows
system;
This lab will go over users and permissions, sharing and folders permissions.
3.1: ADDING NEW USER IN WINDOWS
You will be creating new user on your windows system, to do so follow these steps:
CONTI…
Choose Start Control Panel.
Double click ‘User Accounts’.
Click the Create a New Account link.
Enter a name for the account.
Select the type of account you want to create for Windows.
Click the Create Account button.
Close the Control Panel.
FIGURE 3.1 ADDING A USER.
3.2: IDENTIFY USER ACCOUNTS WITH ADMINISTRATOR
ACCESS IN WINDOWS XP
User management is simplified by adding users to groups.
To see which users are members of the Administrators group, follow these steps:
CONTI…
Choose Start Run Click on Start enter compmgmt.msc, then click on the
OK button
Within the left frame, expand Local Users and Groups and then expand Groups, as
shown in Figure 3.2.
CONTI…
Double-click Administrators and a list of users appears.
You can use the Add or Remove button to place users in this group or take them
from it, respectively.
Exit the Computer Management console.
Exit Control Panel.
FIGURE 3.2 EXPAND THE GROUPS FOLDER TO SEE THE
LOCAL GROUPS.
3.3: HIDE AND ACCESS A WINDOWS SHARE
This lab requires two Windows workstations.
A simple method for “protecting” shares is to make them hidden.
To hide a share in Windows, you use the dollar sign character ($) as the last
character of its name.
It will then no longer appear in listings and will need to be referred to specifically
to be accessed.
CONTI…
Follow these steps:
On Computer1, choose to share the C:\WINDOWS directory, and name the share
DATA$.
On Computer2, look for the share.
Use My Network Places (or Network Neighborhood on older Windows operating
systems) to look for the share.
You should not be able to see the share because the name ends with $.
CONTI…
Right-click My Network Places and choose Map Network Drive.
In the Path box, type \\Computer1\DATA$
Click OK.
You should now be able to access the share.
3.4: SECURING THE WINDOW’S USER’S
ACCOUNTS DATABASE
The Windows XP accounts database can be secured through encryption to prevent
it from being compromised.
To perform this action, follow these steps:
Choose Start Run.
Type keyword “syskey” and press Enter.
Click Update.
CONTI…
Choose Password Startup.
Enter a password that you want to require during startup.
Enter the same password in the Confirm box.
Click OK.
Note the warning—once encryption is enabled, it cannot be disabled.
FIGURE 3.3 USE ENCRYPTION TO SECURE THE
WINDOWS XP ACCOUNT DATABASE.
3.5: CHANGING ACL FOR A FOLDER
Access Control Lists apply only to files stored on an NTFS formatted drive
Each ACL determines which users (or groups of users) can read or edit the file.
When a new file is created it normally inherits ACL's from the folder where it was
created.
CONTI…
The easy way in Windows is by right clicking on the folder and changing the
privileges, to do so follow these steps:
Double click the folder ‘My Document’, and then create new folder in it.
Right click on the new folder, and chose ‘properties’.
CONTI…
Click on the 3rd tap ‘Security’.
You will see all users, including the user you have created. Click on any user.
User’s permissions are displayed in the bottom window; you can change any
permission by clicking on ‘Allow’ or ‘Deny’.
Click on advanced and explore what other options you can perform.
THANKS !
TUTORIAL DELIVERED BY :
Ashraf Youssef
IS dept
College of Computer and Information Sciences (CCIS),
King Saud University ,
Riyadh ,
Kingdom of Saudi Arabia.
Mobile: 0507181787
E-mail : [email protected]