Chapter 26 Securing Computers
Download
Report
Transcript Chapter 26 Securing Computers
Mike Meyers’ CompTIA
A+® Guide to
Managing and
Troubleshooting PCs
Third Edition
Securing Computers
Chapter 26
© 2010 The McGraw-Hill Companies, Inc. All rights reserved
Mike Meyers’ CompTIA
A+® Guide to
Managing and
Troubleshooting PCs
Overview
Third Edition
• In this chapter, you will learn how to
– Explain the threats to your computers and data
– Describe key security concepts and technologies
– Explain how to protect computers from network
threats
© 2010 The McGraw-Hill Companies, Inc. All rights reserved
Mike Meyers’ CompTIA
A+® Guide to
Managing and
Troubleshooting PCs
Analyzing the Threat
Third Edition
• Threats to your data come from
accidents and malicious people
• Accidents are more common
– Deleted files
– Hard drive crashes
– Scratched discs
• Malicious intent gets all the press
• Look at two general areas
– Unauthorized access
– Direct physical problems or attacks
© 2010 The McGraw-Hill Companies, Inc. All rights reserved
Mike Meyers’ CompTIA
A+® Guide to
Managing and
Troubleshooting PCs
Unauthorized Access
Third Edition
• Unauthorized access can come from
many directions
–
–
–
–
–
–
Curiosity and poor user account management
Dumpster diving
Social engineering techniques to gain access
Infiltration
Telephone scams
Phishing
© 2010 The McGraw-Hill Companies, Inc. All rights reserved
Mike Meyers’ CompTIA
A+® Guide to
Managing and
Troubleshooting PCs
Curiosity and Account Control
Third Edition
• Unauthorized access
– Occurs when any user accesses
resources in an unauthorized way
– Often a user with just enough skill pokes
around and finds access to something he or
she shouldn’t have
• Administrative access
– Improper control of administrator accounts is
dangerous
– Some versions of Windows (such as Windows
XP Home) make it easy to use administrator
accounts improperly
© 2010 The McGraw-Hill Companies, Inc. All rights reserved
Mike Meyers’ CompTIA
A+® Guide to
Managing and
Troubleshooting PCs
Dumpster Diving
Third Edition
• What is it?
– Searching through trash looking for information
– Individual pieces of data can be put together as a
puzzle
• How do you stop it?
– Shred all documents
• Use a Cross Cut shredder
– 3/8” x 1 ½” Good home use
– 1/32” x ½” DoD and RCMP Top Secret Documents
– Lock area (when possible) where trash is placed
outside
© 2010 The McGraw-Hill Companies, Inc. All rights reserved
Mike Meyers’ CompTIA
A+® Guide to
Managing and
Troubleshooting PCs
Social Engineering
Third Edition
• Using or manipulating people in the
network to gain access to the network
• Infiltration
– Entering building in the guise of legitimacy
– Talking to people, gathering pieces of information
• Telephone scams
– Simply asking for information
– Impersonating someone else and getting a
password reset
• Phishing
– Using the Internet to pretend to be someone
you’re not to get information (user names and
passwords)
© 2010 The McGraw-Hill Companies, Inc. All rights reserved
Mike Meyers’ CompTIA
A+® Guide to
Managing and
Troubleshooting PCs
Data Destruction
Third Edition
• Unauthorized access can lead to loss or
theft of important or sensitive data
• Data destruction doesn’t even have to be
intentional
– Could be accidental data loss
– Unauthorized data modification
• “The system should have stopped me if I wasn’t supposed
to do that!”
© 2010 The McGraw-Hill Companies, Inc. All rights reserved
Mike Meyers’ CompTIA
A+® Guide to
Managing and
Troubleshooting PCs
Physical Threats
Third Edition
• Damage or loss of physical assets can
prove devastating
• Catastrophic hardware failures
– Hard drives crash, power fails
– Redundant systems provide protection
• Physical theft
– Servers need to be kept behind locked doors
– Don’t ignore physical security
– Use a cable lock on portable and desktop systems
• Viruses/spyware
– Come from the Internet, floppy disks, optical discs,
and USB drives
© 2010 The McGraw-Hill Companies, Inc. All rights reserved
Mike Meyers’ CompTIA
A+® Guide to
Managing and
Troubleshooting PCs
Third Edition
Security Concepts and
Technologies
• After assessing the threats, it’s time to
secure the network
• Strategic and tactical goals
– Understand the big picture and technologies
available for securing the network
– Know the specific tools for securing resources on
the network
• Strategic
– Access control
– Data classification and compliance
– Reporting
© 2010 The McGraw-Hill Companies, Inc. All rights reserved
Mike Meyers’ CompTIA
A+® Guide to
Managing and
Troubleshooting PCs
Access Control
Third Edition
• Access control has two meanings
– The process of controlling access to data
•
•
•
•
Physical security
Authentication
Users and groups
Security Policies
– Access control list – a piece of data stored on a
server, router, etc. that defines what users or
systems have access to a resource
• Let’s cover the first one
© 2010 The McGraw-Hill Companies, Inc. All rights reserved
Mike Meyers’ CompTIA
A+® Guide to
Managing and
Troubleshooting PCs
Access Control (continued)
Third Edition
• Physical security
– Keeping doors locked
– Don’t walk away from logged-in systems
• Authentication
– How the computer determines who can and
can’t have access
• Use proper complex passwords
– Not just for Windows login (CMOS, routers)
– Software password generators make great passwords
– Hardware authentication
• Smart cards
• Biometric devices
© 2010 The McGraw-Hill Companies, Inc. All rights reserved
Mike Meyers’ CompTIA
A+® Guide to
Managing and
Troubleshooting PCs
Access Control (continued)
Third Edition
• Users and Groups
– Use NTFS with your Users and Groups
– Remember the principle of “Least Privilege”
• Only grant the minimum privileges for a user to get the job
done
• Easy to grant more; hard to revoke privileges
– Give permissions to groups, not user accounts
– Then add user accounts to the appropriate groups
© 2010 The McGraw-Hill Companies, Inc. All rights reserved
Mike Meyers’ CompTIA
A+® Guide to
Managing and
Troubleshooting PCs
Access Control (continued)
Third Edition
• Effective permissions
– Users are invariably members of more than one
group
– If a user accesses a resource, Windows examines
Group affiliation to determine effective permissions
© 2010 The McGraw-Hill Companies, Inc. All rights reserved
Mike Meyers’ CompTIA
A+® Guide to
Managing and
Troubleshooting PCs
Access Control (continued)
Third Edition
• Security Policies
– Security policies address issues that fall outside the
scope of NTFS permissions
• Can the user change his or her password?
• Can the user see the RUN command?
• Can the user install software?
– Local security policies are applied to an individual
computer
– Domain group policies are applied to all the
computers in a domain
© 2010 The McGraw-Hill Companies, Inc. All rights reserved
Mike Meyers’ CompTIA
A+® Guide to
Managing and
Troubleshooting PCs
Sample Security Policies
Third Edition
• Prevent Registry Edits
– If you try to edit the Registry, you get a failure
message
• Prevent Access to the Command Prompt
– Keeps users from getting to the command prompt
by turning off the Run command and the MS-DOS
Prompt shortcut
• Log on Locally
– Defines who may log on to the system locally
• Shut Down System
– Defines who may shut down the system
© 2010 The McGraw-Hill Companies, Inc. All rights reserved
Mike Meyers’ CompTIA
A+® Guide to
Managing and
Troubleshooting PCs
Third Edition
Sample Security Policies
(continued)
• Minimum Password Length
– Forces a minimum password length
• Account Lockout Threshold
– Sets the maximum number of logon attempts a
person can make before being locked out of the
account
• Disable Windows Installer
– Prevents users from installing software
• Printer Browsing
– Enables users to browse for printers on the
network, as opposed to using only assigned
printers
© 2010 The McGraw-Hill Companies, Inc. All rights reserved
Mike Meyers’ CompTIA
A+® Guide to
Managing and
Troubleshooting PCs
Lab – Playing with Fire
Third Edition
• On your Windows XP computer, go to
Administrative Tools and run Local
Security Policy
• See if you can answer these questions
– How does User Rights Assignment enable you to
control access to the physical machine?
– How do the Security Options help secure things?
What can you do here?
• It’s important to note here that you can negatively
impact or make a PC inoperable by making a security
policy mistake
© 2010 The McGraw-Hill Companies, Inc. All rights reserved
Mike Meyers’ CompTIA
A+® Guide to
Managing and
Troubleshooting PCs
Third Edition
Data Classification and
Compliance
• Data classification
– Organizing data according to sensitivity
– Varies by organization
• TOP SECRET
• Compliance
– Members must comply with rules that apply to the
organization
– Laws and company policies apply and should be
followed
© 2010 The McGraw-Hill Companies, Inc. All rights reserved
Mike Meyers’ CompTIA
A+® Guide to
Managing and
Troubleshooting PCs
Reporting
Third Edition
• Event Viewer
– Event Viewer works as well for security as it does
for Windows troubleshooting
– The Security section of Event Viewer shows all
security events
– Most of the interesting security events are not
recorded in Event Viewer by default
– To see these events, you have to audit them
• Incidence Reporting
– Providing documentation for an event of interest
– Intrusion, incoming phishing, malware
– Event Viewer logs are the main tool
© 2010 The McGraw-Hill Companies, Inc. All rights reserved
Mike Meyers’ CompTIA
A+® Guide to
Managing and
Troubleshooting PCs
Network Security
Third Edition
• Networks face external threats in
addition to all those internal threats
• This section looks at three areas
– Internet-borne attacks, such as malware
– Firewalls
– Wireless networking
© 2010 The McGraw-Hill Companies, Inc. All rights reserved
Mike Meyers’ CompTIA
A+® Guide to
Managing and
Troubleshooting PCs
Malicious Software
Third Edition
• Together known as malware
–
–
–
–
Grayware
Viruses
Trojans
Worms
Hey, new mail coming
your way!
You’ve got Virus!
© 2010 The McGraw-Hill Companies, Inc. All rights reserved
Mike Meyers’ CompTIA
A+® Guide to
Managing and
Troubleshooting PCs
Grayware
Third Edition
• Not destructive in itself
– Leach bandwidth in networks
– Some people
consider them
beneficial
– Used to share
files (e.g.,
BitTorrent)
– Can push network
over the edge
© 2010 The McGraw-Hill Companies, Inc. All rights reserved
Mike Meyers’ CompTIA
A+® Guide to
Managing and
Troubleshooting PCs
Grayware (continued)
Third Edition
• Pop-ups
– Many modify the browser, making it hard to close
the pop-up window
• Some open up other pop-ups when one pop-up is closed
– Newer browsers block pop-ups politely
© 2010 The McGraw-Hill Companies, Inc. All rights reserved
Mike Meyers’ CompTIA
A+® Guide to
Managing and
Troubleshooting PCs
Spyware
Third Edition
• Family of programs that run in the
background
– Can send information on your browsing habits
– Can run distributed computing apps, capture
keystrokes to steal passwords, reconfigure dial-up,
and more
• Preventing installation
– Beware of “free” programs
such as Gator, Kazaa, others
– Adobe’s Shockwave and
Flash reputable, but many
others are not
© 2010 The McGraw-Hill Companies, Inc. All rights reserved
Mike Meyers’ CompTIA
A+® Guide to
Managing and
Troubleshooting PCs
Spyware (continued)
Third Edition
• Aggressive tactics
– Try to scare you into
installing their program
© 2010 The McGraw-Hill Companies, Inc. All rights reserved
• Removing Spyware
– Windows Defender
– Lavasoft’s Ad-Aware
– PepiMK’s Spybot
Search & Destroy
Mike Meyers’ CompTIA
A+® Guide to
Managing and
Troubleshooting PCs
Spam
Third Edition
• Unsolicited e-mail
• To avoid, don’t give out your e-mail
address
• Definitely don't post it on the Web!
• Implement antispam settings or
software
© 2010 The McGraw-Hill Companies, Inc. All rights reserved
Mike Meyers’ CompTIA
A+® Guide to
Managing and
Troubleshooting PCs
Malware
Third Edition
• Viruses
–
–
–
–
Designed to attach themselves to a program
When program is used, the virus goes into action
Can wipe out data, send spam e-mails, and more
Can hide in macros – scripting commands for
various programs such as Access
• Trojans
– Complete program
– Designed to look like one program (such as a game
or utility)
– Does something else, too, such as erase CMOS
© 2010 The McGraw-Hill Companies, Inc. All rights reserved
Mike Meyers’ CompTIA
A+® Guide to
Managing and
Troubleshooting PCs
Malware (continued)
Third Edition
• Worms
– Similar to a Trojan, but on a network
– Travels from machine to machine through the network
– Commonly infects systems because of security flaws
• Best protection against worms
– Run antivirus software
– Keep security patches
up to date
– Use tools such as
Windows Update or
Automatic Update to
get high-priority updates
– Patch management
© 2010 The McGraw-Hill Companies, Inc. All rights reserved
Mike Meyers’ CompTIA
A+® Guide to
Managing and
Troubleshooting PCs
Virus Prevention and Recovery
Third Edition
• You need to take steps to secure
computers to prevent attacks
– Run an updated antivirus program
– Practice proper prevention techniques
• You also need a plan for recovery in
case a virus affects computers on your
network
– Recognize the attack
– Fix things
– Recover
• Let’s take a look
© 2010 The McGraw-Hill Companies, Inc. All rights reserved
Mike Meyers’ CompTIA
A+® Guide to
Managing and
Troubleshooting PCs
Antivirus Programs
Third Edition
• Antivirus programs
– Can be set to scan entire computer actively for
viruses
– Can be set as virus shield to monitor activity such
as downloading files, receiving e-mail, etc.
– Run Windows Defender
• Microsoft’s free antivirus/anti-malware program
• Check Security Center in Vista
• Not used in Windows 7 or recent updates to Vista
© 2010 The McGraw-Hill Companies, Inc. All rights reserved
Mike Meyers’ CompTIA
A+® Guide to
Managing and
Troubleshooting PCs
Antivirus Programs (continued)
Third Edition
• Virus Shield
– Viruses have digital signatures
– Antivirus programs have
libraries of signatures
called definitions
– Updated regularly
• Use an automatic
update if possible
© 2010 The McGraw-Hill Companies, Inc. All rights reserved
Mike Meyers’ CompTIA
A+® Guide to
Managing and
Troubleshooting PCs
Virus Techniques and Traits
Third Edition
• Polymorphics/Polymorphs
– Viruses attempt to change or morph to prevent
detection
– Code that morphs (scrambling code) often used as
signature, so detectable by antivirus programs
• Stealth
–
–
–
–
Virus attempts to hide and appear invisible
Most are in boot sector
Some use little-known software interrupt
Others make copies of innocent-looking files
© 2010 The McGraw-Hill Companies, Inc. All rights reserved
Mike Meyers’ CompTIA
A+® Guide to
Managing and
Troubleshooting PCs
Virus Prevention Tips
Third Edition
• Scan all incoming programs and data
• Scan the PC daily and update signatures
regularly
• Keep bootable CD-R with copy of
antivirus program
– Scan if you think PC or connected media might be
affected
• Be careful with e-mail
– Consider disabling preview window
– Only open attachments from known sources
© 2010 The McGraw-Hill Companies, Inc. All rights reserved
Mike Meyers’ CompTIA
A+® Guide to
Managing and
Troubleshooting PCs
Virus Recovery Tips
Third Edition
• Recognize
– Learn to recognize how a system reacts to malware
• Quarantine
– What you do to prevent malware from propagating
• Search and destroy
– What you do to remove malware from infected
systems
• Remediate
– What you do to return the system to normal after
the malware is gone
• Educate
– How you train users to prevent malware outbreaks
© 2010 The McGraw-Hill Companies, Inc. All rights reserved
Mike Meyers’ CompTIA
A+® Guide to
Managing and
Troubleshooting PCs
Virus Recovery Tips (continued)
Third Edition
• Recognize
– If a computer starts spewing e-mail, that’s a sign
of problems
– Computers that run very slowly can indicate
malware
– Computers with heavy network activity but few
active programs point to malware
• Quarantine
– Run packet-sniffing software to alert you to any
unusual activity
– Pull the cable! A computer that’s not connected to
a network can’t propagate a virus
© 2010 The McGraw-Hill Companies, Inc. All rights reserved
Mike Meyers’ CompTIA
A+® Guide to
Managing and
Troubleshooting PCs
Virus Recovery Tips (continued)
Third Edition
• Search and destroy
– Boot the computer to a removable disc with
antivirus software included (an antivirus CD-R)
• Commercial tools, such as avast!
• LiveCD with Linux-based tools
• Ultimate Boot CD comes with several antivirus programs
– Run the antivirus software as a sword to scan the
infected system
© 2010 The McGraw-Hill Companies, Inc. All rights reserved
Mike Meyers’ CompTIA
A+® Guide to
Managing and
Troubleshooting PCs
Virus Recovery Tips (continued)
Third Edition
• Search and destroy
– Check all removable media that might have been
infected
– Manually disable Browser Helper Objects (BHOs)
installed by viruses
• In Internet Explorer, go to
Tools | Manage Add-ons
• Select a suspect BHO
• Click Disable
© 2010 The McGraw-Hill Companies, Inc. All rights reserved
Mike Meyers’ CompTIA
A+® Guide to
Managing and
Troubleshooting PCs
Virus Recovery Tips (continued)
Third Edition
• Remediate
– Fix any low-level damage by booting to the
recovery console (Windows 2000/XP) or the
Windows Vista repair environment
• FIXMBR and FIXBOOT can repair the boot sector
• BOOTCFG re-creates the BOOT.INI file
• Vista offers Startup Repair, System Restore, and other tools
• Educate
– You need to train your users to know when not to
click or open attachments
© 2010 The McGraw-Hill Companies, Inc. All rights reserved
Mike Meyers’ CompTIA
A+® Guide to
Managing and
Troubleshooting PCs
Firewalls
Third Edition
• Used to block malicious programs from
the Internet
– Can be software, hardware,
or both
– Windows has built-in firewall
(see Control Panel)
Internet
© 2010 The McGraw-Hill Companies, Inc. All rights reserved
Mike Meyers’ CompTIA
A+® Guide to
Managing and
Troubleshooting PCs
Network Authentication
Third Edition
• Authentication
– Proving who you are
– Done by providing credentials
• i.e., user name and password
– LAN authentication like Kerberos useful for
supporting multiple NOSs and providing secure
login within a network
– Not so hot for remote access authentication
© 2010 The McGraw-Hill Companies, Inc. All rights reserved
Mike Meyers’ CompTIA
A+® Guide to
Managing and
Troubleshooting PCs
Third Edition
Network Authentication
(continued)
• Common remote access protocols
– PAP: Password Authentication Protocol (clear text)
• Rarely used
– CHAP: Challenge Handshake Authentication
Protocol
• Most popular
– MS-CHAP: Microsoft CHAP
• Popular with Microsoft applications
© 2010 The McGraw-Hill Companies, Inc. All rights reserved
Mike Meyers’ CompTIA
A+® Guide to
Managing and
Troubleshooting PCs
Encryption
Third Edition
• Makes data packets unreadable
– Changes plaintext into cipher text
– Encryption occurs at many levels
– Multiple encryption standards and options
Our lowest
sell price is
$150,000
Encryption
algorithm
*2jkpS^
aou23@
`_4Laujpf
© 2010 The McGraw-Hill Companies, Inc. All rights reserved
Decryption
algorithm
Our lowest
sell price is
$150,000
Mike Meyers’ CompTIA
A+® Guide to
Managing and
Troubleshooting PCs
Encryption (continued)
Third Edition
• Dial-up encryption
– Encrypts data over lines
– Method set on the server
• Data encryption
– Multiple protocols possible
– These standards used in
connecting computers to
some kind of private
connection, like ISDN or T1
– Microsoft method of choice
is IPSec (IP Security)
© 2010 The McGraw-Hill Companies, Inc. All rights reserved
Mike Meyers’ CompTIA
A+® Guide to
Managing and
Troubleshooting PCs
Application Encryption
Third Edition
• Many applications can use other
protocols to encrypt data
– On the Web, HTTPS commonly used
– Use digital certificates
– Certificates issued by trusted
authorities
• Trusted authorities added to Web
browsers
– Invalid certificates can
be cleared from SSL cache
© 2010 The McGraw-Hill Companies, Inc. All rights reserved
Mike Meyers’ CompTIA
A+® Guide to
Managing and
Troubleshooting PCs
Third Edition
© 2010 The McGraw-Hill Companies, Inc. All rights reserved