a+ guide to managing and maintaining your pc, 6e chapter 19 securing your pc and lan

A+ Guide to Managing and Maintaining your PC, 6e

Chapter 19 Securing Your PC and LAN

A+ Guide to Managing and Maintaining your PC, 6e 2

Objectives

• Learn how to secure a desktop or notebook computer

• Learn how to secure a local wired or wireless network

• Learn how malicious software works and how to clean an infected system


Introduction

• Topics to cover– Methods for protecting computers and networks – How to use several security tools – How malicious software works– A step-by-step plan to remove malicious software


Securing Your Desktop or Notebook Computer

• Reasons for providing additional security– Protection from attacks within the network– Attacks through security loopholes– Exposure during travel

• A few methods for securing a computer– Limit use of the administrator accounts– Keep Windows updates current– Physically protect your equipment– Keep good backups of user data– Destroy trash that might contain sensitive data


Access Control

• Authentication: identifies an individual

• Authorization: assigns privileges/rights to individuals

• Types of passwords– Power-on passwords (configured in CMOS setup)– Windows passwords– Online account passwords– Application passwords

• Some rules for creating strong passwords– Combine upper/lower case letters, numbers, symbols– Do not use words in any language


Figure 19-3 Set supervisor and user passwords in CMOS setup to lock down a computer


Access Control (continued)

• Controlling access to a PC using Windows – Set a user password for the user account– Configure user access to certain files and folders

• Overview for assigning permissions to file and folder– Disable simple file sharing from View in Folder Options– Open Properties window of a folder and select Sharing– Click Permissions and select options

• Protected files and folders display authentication box

• Cacls: command for configuring file and folder access


Figure 19-9 Control who can access a folder and the rights given that user or user group


Limit Use of the Administrator Account

• Three common types of accounts in Windows– Administrator – Guest– Limited User

• Advice for protecting the Administrator Account– Create a Limited User account for ordinary activities– Use Administrator account for reserved activities– Change appearance of desktop to flag the account– Change strong password on a regular basis


Use a Personal Firewall

• Firewalls are implemented in software or hardware

• Purpose of a firewall– Prevent worms or hackers from invading your system

• Turn on Windows Firewall to protect your system– It may be configured to allow for exceptions

• Windows Firewall is included with Service Pack 2


Figure 19-14 Use Windows Firewall to protect a Windows XP computer


Use AV Software

• Antivirus (AV) software protects system from viruses

• Using AV software to greatest effect– Configure software to automatically download updates– Run AV software as a background process– Set software to automatically scan e-mail attachments

• Virus signature: distinguishing characteristics of virus

• AV software does not always stop adware or spyware

• Use removal program for adware or spyware – Example: Ad-Aware by Lavasoft (www.lavasoft.com)

http://www.lavasoft.com/


Figure 19-15 Set your AV software to stay current automatically


Keep Windows Updates Current

• Causes for Windows susceptibility to attacks– Popularity of system makes it an attractive target– Highly integrated components give many entry points

• Update Web site: windowsupdate.microsoft.com

• Two ways to keep updates current– Access Web site from Windows Update– Run automatic update utility as background process


Figure 19-16 Turn on Automatic Updates


Set Internet Explorer for Optimum Security

• Some security features in Internet Explorer– Pop-up blocker– The ability to manage add-ons– The ability to block scripts – The ability to disable scripts embedded in Web pages– The ability to set the general security level

• Medium is recommended


Figure 19-18 Control security settings for Internet Explorer


Use Alternate Client Software

• Microsoft products targeted by authors of malware– Microsoft Internet Explorer– Microsoft Outlook Express and Microsoft Outlook

• Some reasons for susceptibility– Popularity – Close integration with other Windows components– Use of ActiveX controls

• Alternate browser: Firefox by Mozilla

• Alternate e-mail client: Eudora by Qualcomm


Consider Using Microsoft Shared Computer Toolkit for Windows XP

• Microsoft Shared Computer Toolkit for Windows XP– Locks down the drive on which Windows is installed

• Features of Windows XP that can be locked down– Windows configuration– Installed software or hardware– User settings or user data

• Some temporary changes are allowed– When system reboots, it returns to prior state

• Toolkit can be downloaded for free


Hide and Encrypt Files and Folders

• Windows 2000/XP Encrypted File System (EFS)– Works on with Windows 2000/XP NTFS EFS– Is not supported in Windows XP Home Edition

• Encryption: technology for encrypting folders/files

• Best practice: encrypt at the folder level

• How to encrypt a file or folder – Open Properties window of file or folder– Click Advanced and select appropriate options

• Encrypted folders and files in are displayed in green


Figure 19-21 Encrypt a file or folder using the Properties window


Hide and Encrypt Files and Folders (continued)

• Overview for sharing an encrypted file– First export your certificate – The other user imports certificate for access to file

• Sharing tool: Certificate Export Wizard

• Data recovery agent (DRA): can decrypt file/folder

• Three ways decrypt a file or folder– Change encryption attribute from Properties window– Move file or folder to a FAT logical drive– Use the Cipher command


Figure 19-27 A file is no longer encrypted when it is moved off the NTFS drive


Physically Protect Your Equipment

• Don’t move or jar your computer when it’s turned on

• Don’t smoke around your computer

• If your data is private, keep it under lock and key

• Keep magnets away from your computer

• Lock down the computer case


Beware of Social Engineering

• Social engineering – Tricking people into giving out private information– Passing unsafe programs into the network or PC

• Some techniques of social engineers – Phishing: extracting personal data via e-mail– Scam e-mail: offers to join phony ventures– Virus (e-mail) hoax: clogs up e-mail systems

• A few rules for using the Internet– Do not click links inside e-mail messages– Investigate a Web site before downloading software


Beware of Social Engineering (continued)

• Two ways to debunk a hoax e-mail– Note phrases/subjects that request mass forwarding– Use services of security site; e.g., www.hoaxkill.com

• Scripts: code segments automating set of tasks– Example: files with extensions .wsf and .vbs

• Malicious scripts are often hidden in e-mails – Example: the link www.symantec.com.vbs

• Protecting against malicious scripts– Set Windows to display file extensions – Set Windows to first load script to Notepad

http://www.hoaxkill.com/


Figure 19-28 An example of a hoax e-mail message


Figure 19-30 Use the Edit File Type window to change the way Windows displays and manages a file type


Keep Good Backups of User Data

• Prepare for a disaster by making good data backups

• Refer to Chapter 13 for backup procedures


Backup System Files

• Use Ntbackup to back up System State and registry– Refer to Chapter 12 for procedures

• When to back up the System State– After you have made major changes to the system– Example: after installing a new hard drive

• Make backups a routine part of monthly maintenance


Make Use of Event Logging and Incident Reporting

• Some incidents you might be expected to report– An attempt at breaking in to a secured PC or network – The security has been broken– An alarm has been activated

• Some reasons for incident reporting – The need for others to respond to an incident– The need to know about a weak security loophole – Legal concerns

• Monitoring Windows 2000/XP logon events– Configure Event Viewer to track failed logon attempts


Figure 19-32 Event Viewer monitoring failures at logging on to Windows XP


Make Use of Event Logging and Incident Reporting (continued)

• Monitor changes to files and folders– Set the Group Policy to audit an object– Add the users that you want to monitor– Decide which activity to monitor– View logged activity in the Event Viewer

• Some third-party monitoring tools– Autoruns by Sysinternals– WinPatrol by BillP Studios

• Monitoring network activity with Windows Firewall – Configure Log Settings accessed from Advanced tab


Figure 19-39 Using Windows Firewall, you can log dropped packets and successful connections


Destroy the Trash

• Trash is a source of sensitive information

• How to prevent the exposure of data– Destroy all storage media before you throw it out.– Destroy hard copies that contain sensitive data– Steps to take when migrating from older medium

• Encrypt data being migrated between systems

• Control user access to migrated data

• Destroy old data storage medium no longer being used

– Erase hard-drive of old PC with a zero-fill utility


Perform a Monthly Security Maintenance Routine

• Change the administrator password

• Make sure system is being automatically updated

• Check that AV software is installed and current

• Visually check the equipment for tampering

• Check the Event Viewer


Securing Your Wired or Wireless Network

• Topics to cover– How to use a router to secure a small network– How to secure a wireless network– Authentication techniques used for larger networks


Use a Router to Secure a SOHO Network

• SOHO: a small office or home office

• Use a router to secure a SOHO network

• Tasks that routers perform:– Limit communication from outside the network– Limit communication from within the network– Secure a wireless access point– Implement a virtual private network (VPN)

• Keep router firmware current


Authentication Technologies

• Controlling network access – Encrypt user accounts/passwords at point of entry– Decrypt user accounts/passwords before validation

• Popular authentication protocols: CHAP, Kerberos

• Two-factor authentication: present two types of id

• Smart cards– Device with id information keyed or read into system– Variations: key fob, magnetic strip, and USB smart cards

• Biometric data: id based on physical characteristics– Some biometric devices: iris scanner, fingerprint reader


Figure 19-41 For best security, keep your hardware firewall firmware updated


Figure 19-42 A smart card such as this SecurID key fob is used to authenticate a user gaining access to a secured network


Dealing with Malicious Software

• Malicious software (malware or computer infestation) – Any unwanted program intending harm to system– Transmitted to your computer without your knowledge

• Examples of malware: viruses and worms

• Topics to cover– How to recognize that a system is infected– How to understand how malicious software works– How to clean up the mess


You’ve Got Malware

• Some signs of malicious messages– Pop-up ads plague you when surfing the Web– Strange or bizarre error messages appear– Less memory than usual is available– Strange graphics appear on your computer monitor– The system cannot recognize the CD-ROM drive– Files constantly become corrupted– The OS boots, but cannot launch the Windows desktop– Your antivirus software displays one or more messages


Here's the Nasty List

• Virus– Program that replicates by attaching to other programs– Infected program must execute for virus to run– Example: boot sector program– Protection: run AV software in the background

• Adware: produces all those unwanted pop-up ads

• Spam is junk e-mail that you do not want

• Spyware: program installing itself to spy on you

• Worm: self-replicating program that overloads network


Figure 19-46 The crash virus appears to be destructive, making the screen show only garbage, but does no damage to hard drive data


Here's the Nasty List (continued)

• Browser hijacker: alters home page/browser settings

• Dialer: dials phone number without your knowledge

• Keylogger: tracks all your keystrokes

• Logic bomb: dormant code triggered by an event

• Trojan horse: disguises itself as a legitimate program


Here's the Nasty List (continued)

• Types of viruses– Boot sector: virus hides in the boot sector program– File virus: hides in executable (.exe, .com, or .sys) – Multipartite virus: combined boot sector and file virus– Macro virus: hides in documents of macro files– Script virus: a virus that hides in a script

• How malware replicates and hides– Uses various techniques to load itself into memory – Attempts to hide from AV software– Example: stealth virus manipulates its storage file


Step-by-Step Attack Plan

• Run reputable AV software– Examples: Norton Anti-Virus and McAfee VirusScan

• Run adware or spyware removal software– Example: Windows Defender by Microsoft

• Search out and destroy what’s left– Respond to any startup errors– Delete malicious files– Purge restore points– Clean the registry– Root out rootkits


Figure 19-57 Results of running Windows Defender by Microsoft


Summary

• Protect accounts and applications with passwords

• File and folders can be configured for selective permissions

• Standard security tools: AV software, firewalls, Windows Update

• Encryption technology: Windows 2000/XP NTFS EFS

• Techniques used by social engineers: phishing, scam e-mails, virus hoaxes


Summary (continued)

• Some events to monitor: failed logon access attempts and network activity

• Use a router to secure a SOHO network

• Security techniques for larger networks: smart cards, authentication protocols, biometric devices

• Malware: invasive programs such as viruses and worms

• If AV software cannot clean or delete malware, use other techniques such as deleting file from directory

a+ guide to managing and maintaining your pc, 6e chapter 19 securing your pc and lan

Documents

user groupa guide

languagea guide

lana guide

malicious softwarea

windows xp computera

user passwords

use windows firewall

sensitive dataa guide