Transcript CHAPTER3

CHAPTER 3
Securing your PC and LAN
Suraya Alias
◦
◦
◦
◦
◦
◦
◦
Know an access
control
Limit use of the
administrator
accounts
Use a personal firewall
Windows update
Security using
browsers
Alternate client
software
Encrypt files and
folders






Data backups
System files backup
Monthly security
maintenance
Router to secure a SOHO
network
Dealing malicious software
Know step by step attack
plan
Securing your desktop or
Notebook Computer
By combining Authentication and Authorization
technique on controlling access to computer,
files, folder and network.
 Authentication
◦ Proves the actual user by using id, password,
PIN
 Authorization
◦ Determines what the user can do when login to
system. The privileges and rights that was
assigned to him.
 You can lock your pc using power-on passwords
and Windows password (turn off file sharing).
 Power-on passwords are assigned in CMOS setup
to secure the CMOS/BIOS setup settings.

Access Control

To create STRONG password;
◦ Use 8 or more characters, combines numbers,
characters, symbols
◦ Don’t use consecutive numbers, or words such
as “abcdef”, “123456”
◦ Don’t use adjacent keys on keyboard “qwerty”
◦ Don’t store password on pc, use different
password for different system
Access Control
Using user accounts
and password
 Configure users with
access to certain files
and folders – which
files can be shared
 Using Icacls or cacls
command to control
user accounts to files
and folder
 Example: cacls
test.txt /G suraya:F

Access Control using Windows




Preferable to use Limited User accounts for daily
use
Administrator accounts only for maintenance and
installation
This is because maybe some malware program
can run using Administrator privileges.
Always change password and use strong
password
Limit the use of the Administrator
Account
◦ Never connect to the Internet without using Windows
Firewall
◦ Firewall is a software or hardware that prevents worms
or hackers from getting into your system
◦ Router is one example of hardware firewall

Use Anti Virus Software
◦ As a defensive and offensive measure to protect against
malicious software
◦ AV must always be on (running in background) and
updated

Keep windows updates current
◦ Using Windows update
Use a Personal Firewall

Disable pop-up blocker,
manage add-ons, active
or block script
Use alternative Client
Software
◦ Browser software –
Firefox
◦ Email Client – Outlook
express
 Consider using Microsoft
Shared Computer Toolkit
for Windows XP
◦ This s/w locks down the
drive where XP is installed
so that the user cannot
change the Windows
settings, configuration,
installed s/w and h/w, and
user data

Set Internet Explorer for optimum
security





Protect files and folders using EFS (Encrypted
File System)
Encryption converts data to a different value that
have to be decrypted (translated) before it can
be accessed.
AN encrypted file remains encrypted if you move
it around NTFS logical drive but became
decrypted in FAT file system
Use CIPHER command to encrypt/decrypt files or
folders using command prompt.
Example: CIPHER /D C:\Public\*.*
◦ Where /E encrypt, /D Decrypt, /S:DIR
directory, PATHNAME is the path name
Hide and Encrypt Files and Folders


Don’t give out personal information to untrusted source
3 common internet criminal
1. Phising
 Where the sender of an message email
scams you into responding data about
yourself
 Example – user password, account number
or credit card number
2. Scam email
 Email that usually offer false scheme
3. Virus hoax
 Email that does damage by tempting you to
forward it to everyone in your email
address box with the intent to clogging up
the email system or to delete important
files
Beware of Social Engineering

How scripts work
◦ Written is several scripting language (vbscript, jsscript)
◦ Is executed using the Windows Scripting Host (WSH)
utility, Wscript.exe

How scripts are spread
1. By embedding the script in the email message and
attaching it.
2. When you click the link, the script with .vbs extension
is executed by Wscript.exe and was spread
3. Hidden using normal flename such as coolpic.jpg, but
the actual filename is coolpic.jpg.vbs

How to protect against malicious script
1. Set windows to display the script file extension
2. Set windows to not execute script but to open it using
notepad
Protect against malicious emailscripts







Back up data and system files (using Windows backup)
Make use of event logging and incident reporting - using
Event viewer
Monitor changes to files and folders – using audit in Group
Policy
Monitor changes to startup – using Autoruns by Sysinternals
Monitor network activity – using windows firewall
Empty the recycle bin
Perform monthly security maintenance routine
◦ Change password, turn on windows updates
◦ Install AV, check for equipment security
◦ Check event viewer, the security list
◦ Verify user backups has been performed currently
◦ If running windows disk protection, save changes to disk
are required to update installed software
Keep good backups of user data

Use a router to secure a SOHO (small office
home office) network
◦ Limit communication from outside the network
◦ Limit communication from within the network
◦ Secure a wireless access point
◦ Implement virtual private network (VPN)

Authentication Technologies for larger networks
◦ Encrypt user accounts and passwords
◦ Popular protocols – CHAP (challenge Handshake
Authentication Protocol) and Kerberos
◦ Using smart card and biometric data
Securing your wired or wireless
network
Also known as malware or computer infestation
Is an unwanted program that harms and being transmitted to
your pc without your knowledge.
 Example


◦
◦
◦
◦
◦
◦
◦
◦
VIRUS (can replicate and attach itself to other program)
Adware – produces unwanted pop ups
Spam – junk email
Spyware – software that install itself to spy and collects
information
Worm – program that copies itself through network without
host program by overloading the network
Browser hijacker – does mischief by changing the homepage or
redirect it
Dialer – a software installed in your pc that disconnects your
phone line and re-direct to expensive dial up
Keylogger, logic bomb, trojan horse
Dealing with malicious software





A boot sector virus
◦ Hides in boot sector
program , floppy, hard
disk or MBR (master boot
record)
A file virus
◦ Hides in an executable
(.exe, .com) program that
contains macro
A multiparte virus
◦ Combination of boot
sector and file virus
A macro
◦ Small program that can be
automatic executed when
document first load
A Macro virus
◦ Attached to email of files,
hides in document files

A Script virus
◦ Hides in a web page link,
executes when user clicks
A stealth virus – keeps a
copy of the infected file,
change the attributes of its
host program
 A polymorphic virus – it
replicates and change its
attributes
 Encrypting virus –
continually transform
themselves so that AV
cannot detect

How a VIRUS works

To clean up infected system
◦ Run AV software
◦ Run Adware, Spyware Removal software
◦ Search out and destroy what’s left
 Respond to any startup errors
 Delete malicious files
 Turn off system restore for a while during scanning
(purge restore point)
 Clean the registry
 Root out (search for) rootkits – program that can
prevent task manager from displaying core process
◦ Spyware and adware is also rootkits
◦ Example anti root kit software – backlight by F-secure
Step by step attack plan