review previous lesson 1. describe those 4 physical network architectures. 2. node, host, nic,...
DESCRIPTION
??? What is security? Why you need security? How to secure your PC or network? What will can be happened if your PC or network are not secured? Copyright © CIST 3TRANSCRIPT
Review Previous Lesson
1. Describe those 4 physical network architectures. 2. Node, host, NIC, hardware address, Ethernet address, protocol,
Packet, datagram, frame, Ethernet, IP address, Port address, subnet mask, http, ftp, pop3, IMAP, VoIP,
3. Describe three different types of wireless network. 4. What are the six types of telephone network? How to install?5. Describe four suite of Protocol. 6. How to share and access resources on the network?7. Describe symptom that might indicate the NIC is faulty.8. What can you do to try to test TCP/IP configuration and connectivity?
What technology can you use to connect to Internet?9. What are the functions of firewall both HW or SW?10. Advantages of using a Router?11. Common port, 20, 21, 22, 23, 25, 80, 110, 119, 143, 443?
Copyright © 2007 - CIST 1
CompTIA A+ Guide to Managing & Maintaining Your PC By: JEAN ANDREW
Computer Maintenance
Chapter 4Security (PC & Network) Part I
???• What is security?
• Why you need security?
• How to secure your PC or network?
• What will can be happened if your PC or network are not secured?
Copyright © 2007 - CIST 3
Copyright © 2007 - CIST 4
Objectives
After you have completed this lesson, you will be able to:• Identify ways to secure a desktop or notebook
computer
• Identify ways to secure a local wired or wireless network
Copyright © 2007 - CIST 5
Scenario
In this chapter, you will learn:– Access control– Limit use of the administrator account– Use a personal firewall– Use Anti-virus Software– Keep Windows update current– Set Internet explorer for optimum security– Use alternate third-party client software– Consider using “Microsoft Shared Computer Toolkit for Windows XP”– Secure important files and folders – Hide and encrypt files and folder– Physically protect your computer– Beware of social engineering– Keeps good backup of user data– Backup system files– Make use of event logging and incident report– Destroy the trash– Perform a monthly security maintenance routine
Copyright © 2007 - CIST 6
Access Control
• Authentication proves that an individual is who he says
he is and is accomplished by a variety of techniques.
• Authentication determines what an individual can do in the
system after he or she is authenticated
Access Control
• Power-on passwords and other BIOS security• How to create strong passwords and protect them
– www.microsoft.com/athome/security/privacy/password_checker.mspx
• Access control using Windows– Uncheck “Use Simple file sharing” in folder options
– Configure which users are allowed access Cacls myfile.txt Cacls myfile.txt /E /G User1:R Cacls myfile.txt /E /R User1
Copyright © 2007 - CIST 7
Open CMD
Cacl.jpg
Access Control
Copyright © 2007 - CIST 8
Cacl.jpgFigure 19-12 Use the Cacls command to change user permissions for files and folders
Grant rights to Leapcheang
Revoke rights to Leapcheang
Limit use of the administrator account
• Why you should not logon as administrator account for daily work?
• The problem is that a malware program might be at work while we’re logged on
• It’s a good idea to create a Limited User account to use for your everyday normal activities
• To help you remember to limit the use of the Administrator account, change the desktop
• Be sure to change the password of the Administrator account and use a strong password
Copyright © 2007 - CIST 9
Use a personal firewall
• Never, ever connect your computer to an unprotected network without using a firewall
• Firewall is software or hardware that prevent worms or hackers from getting into your system
• Software firewalls are better than no firewall at all, but a hardware firewall offers greater protection.
Copyright © 2007 - CIST 10
Firewall
Use a personal firewall
Copyright © 2007 - CIST 11
Firewall
Use AV software
• When selecting AV software, find out if it can be:– Automatically download new software upgrade & virus
definition from the Internet– Automatically execute at startup– Detect macros in a word-processing document– Automatically monitor files being download from
Internet– Send virus alerts to your email address to inform you of
a dangerous virus– Scan both automatically and manually for virus
Copyright © 2007 - CIST 12
Popular antivirus software
Antivirus Software Web SiteAVG Anti-Virus by Grisoft www.grisoft.com
Computer Associate www.ca.com
F-Secure Antivirus by F-Secure Corp. www.f-secure.com
eSafe by Aladdin Knowledge Systems, Ltd. www.esafe.com
McAfee VirusScan by McAfee Associate, Inc. www.mcafee.com
F-Prot by FRISK Software International www.f-prot.com
NeaTSuite by Tren Micro (for networks) www.trenmicro.com
Norman by Norman Data Defense Systems, Inc. (complicated to use, but highly effective)
www.norman.com
Penda Software www.pendasoftware.com
PC-cilin by Trend Micro (for home use) www.trendmicro.com
Copyright © 2007 - CIST 13
Keep windows updates current
• Security holes are being found all the time, and Microsoft is constantly releasing patches to keep up
• You can keep Windows update current by using the Website: windowsupdate.microsoft.com
– Start > All programs > Windows Update
• To update automatically
– Right-click on My Computer > Properties > click Automatic Updates tab > select Automatic (recommended)
Copyright © 2007 - CIST 14
Keep windows updates current
Copyright © 2007 - CIST 15
Set Internet Explorer For Optimum Security
• For most Web browsing, set the security level to Medium
Copyright © 2007 - CIST 16
Use alternative client software
• Browser software– Internet Explorer is by far the most popular browser– IE is written to more closely integrate with Windows Components
than other browsers. – IE is written to use Active X control. Microsoft invented Active X
controls so that Web site could use some nifty multimedia features.
• E-mail clients– Microsoft Outlook and Outlook Express are probably the most
popular e-mail clients. – You can use Eudora by Qualcomm (www.eudora.com), Mozilla
offers Thunderbird
Copyright © 2007 - CIST 17
Consider using “Microsoft Shared Computer Toolkit for Windows XP”
• If your are responsible for Windows XP computers used in a public place, you might want to consider installing and running Microsoft Shared Computer Toolkit for Windows XP.
• This software lock down the drive on which Windows is installed so that a user cannot permanently change Windows configuration, installed software or hardware, user settings, or user data.
• The toolkit can be downloaded for free to computer that are running a genuine Windows XP license.
Copyright © 2007 - CIST 18Link
Hide and encrypt files and folders
• Disable file and printer sharing so that the others cannot access resources on your computer
• Hide your computer from other on the network
• Hide a shared folder
• Make your personal folders private
• Another way you can protect files and folders is to use Encrypted File System (EFS)
Note: when you open an encrypted file with an application, Windows decrypts the file for the app. to use.
Copyright © 2007 - CIST 19
Hide and encrypt files and folders
• How to encrypt a file or folder • How to share an encrypted file• How to decrypt a file or folder
– From the file’s properties dialog box, click Advance button, uncheck Encrypt contents to secure data.
– Encryption is remove automatically when you move a file or folder to a FAT logical drive because FAT does not support encryption.
– Use the cipher command• How to use a cipher command
For example, to decrypt all files in the c:\public folder, use this command:– CIPHER /D c:\public\*.*
Copyright © 2007 - CIST 20
Physically protect your equipment
• Don’t move or jar your PC when it’s turned on
• Don’t smoke around your computer
• Don’t leave the PC turned off for weeks or months at a time
• High humidity an be dangerous for hard drives
• In CMOS setup, disable the ability to write to the boot sector of the hard drive
• If your data is really private, keep it under lock and key
• Keep magnets away from your computer
• Lock down the computer case
Copyright © 2007 - CIST 21
Beware of social engineering
• Phishing: is a type of identity theft where the sender of an email message scams you into responding with personal data about yourself.
• Scam artists use Scam email to lure you into their scheme. For example it promise you to give some money or commission
• A virus hoax or email hoax is email that does damage by tempting you to forward it to everyone in your email address book with the intent of clogging up email system or to delete a critical windows system file by convincing you the file is malicious.
Copyright © 2007 - CIST 22
Responsible Internet habits
1. You shall not open the e-mail attachments without scanning them for viruses first.
2. You should not click links inside e-mail messages
3. You should not forward an e-mail message without first checking to see if that warning is a hoax
4. You shall always check out a Web site before you download anything from it
5. You shall never give your private information to just any ole Web site
6. You shall never trust an e-mail message asking you to verify your private data on a Web site with which you do business
Copyright © 2007 - CIST 23
How to debunk an E-mail hoax
Copyright © 2007 - CIST 24
How to show up an e-mail hoax
• Here are websites that specialize the virus hoaxes:
– hoaxbusters.ciac.org by Computer Incident Advisory Capability
– www.hoaxinfo.com by Jeff Richards
– www.hoaxkill.com by Oxcart Software
– www.snopes.com by Urban Legends
– www.viruslist.com by Kaspersky Lab
– www.vmyths.com by Rhode Island Soft Systems, Inc.
Copyright © 2007 - CIST 25
Protect against malicious e-mail scripts
• How scripts work– Script can written in VBScript or Jscript and are executed in
Windows using the WSH utility, Wscript.exe
– The extension that Windows recognize by default are Jscript (.js), Jscript Encoded (.jse), VBScript Encode (.vbe), VBScript (.vbs), and Windows Script (.wsf).
• How scripts are spread• How to help protect against malicious scripts
– Set Windows so that script file extensions display by default
– Set Windows to not execute scripts, but rather to open them in a Notepad window.
Copyright © 2007 - CIST 26
Protect against malicious e-mail scripts
Copyright © 2007 - CIST 27
Security (PC & Network) Part I
• Keep good backups of user data
• Backup system files
– Use ntbackup.exe to backup the system state and registry before you edited the registry
– You need to backup system state before you make a major change like install a new hard drive or software
– If others in your organization have permission to install hardware or application, you might need to explain them the importance of backing up the system state.
Copyright © 2007 - CIST 28
Make use of event logging and incident reporting
• Monitoring Windows XP Logon Events
To track failure when people are attempting to log on to the system:
1. Log on to the system as an administrator. In Group Policy, drill down to Computer Configuration, Windows Settings, Security Settings, Local Policies, and Audit Policy
2. Double-click Audit account logon events. Check Failure and click Apply. Do the same for Audit logon events.
3. To see the events that are logged, open Event Viewer and select Security
4. You can set the system to halt when the security log file is full. To do that, right-click on Security, Properties
Copyright © 2007 - CIST 29
Make use of event logging and incident reporting
Copyright © 2007 - CIST 30
Make use of event logging and incident reporting
Copyright © 2007 - CIST 31
Make use of event logging and incident reporting
5. Select Do not overwrite events (clear log manually) and click OK
6. The next step is to edit the registry to tell the system to halt when the log file size is exceeded. Open registry editor and navigate to this key: HKLM\System\CurrentControlSet\Control\Lsa.
7. To backup the key, right-click it and select Export
8. In the right pane, double-click the name CrashOnAuditFail. Assign 1 to its value and click OK.
Note: if the size of the Security log file is exceeded, you must restart the system, log on to the system as an administrator, open Event Viewer, save the log file, and then clear the log file.
Copyright © 2007 - CIST 32Sec.Prop CrashOnAudit
Make use of event logging and incident reporting
Copyright © 2007 - CIST 33
Make use of event logging and incident reporting
Copyright © 2007 - CIST 34
Monitoring Changes to Files and Folders
• To monitor access to a file or folder. Do following:
1. Open Group policy, Computer configuration, Windows Settings, Local Policies, Audit Policy, and double-click Audit object access, check Failure and click Apply. Close the Group Policy windows.
2. Open the Properties of file or folder you want to monitor and click Security tab. Then click Advanced. Click the Auditing tab.
3. You can now add users that you want to monitor and decide what activity to monitor. To add a user, click Add. When you’re done, click Apply.
4. To view the logged activity, open Event Viewer and double-click Security
Copyright © 2007 - CIST 35ObjAccess AuditSecuTab EventViewr
Monitoring Changes to Files and Folders
Copyright © 2007 - CIST 36
Monitoring Changes to Files and Folders
Copyright © 2007 - CIST 37
Monitoring Changes to Files and Folders
Copyright © 2007 - CIST 38
Monitoring Changes to Startup
• You can install some third-party monitoring tools to monitor the startup process and let you know when installation software attempt to add something to your start up routine.
• Three good products are:
– Autoruns by Sysinternals (www.sysinternal.com)
– WinPatrol by BillP Studios (www.winpatrol.com)
– Startup Control Panel by Mike Lin (www.mlin.net)
Copyright © 2007 - CIST 39
Monitoring Network Activity
• You can use Windows Firewall to monitor and log network activity.
• Go to Windows Firewall window, click Advance tab. Under Security Logging, click Setting
• Path of the log file is C:\Windows\pfirewall.log• Log dropped packet is a packet that could not be
successfully delivered.• Log dropped packet when you’re trying to solve a
connection problem• Log successful connections when you want to monitor
network activity.
Copyright © 2007 - CIST 40
Destroy The Trash
• Destroy all storage media before you throw it out
• Shred or otherwise destroy hard copies that contain sensitive data
• Data migration is moving data from one application to another application. After the migration is complete, be sure to destroy old data storage media that is no longer used.
• When retiring a computer system. The best ways to totally erase everything on a hard drive is to use a zero-fill utility provided by a manufacturer.
Copyright © 2007 - CIST 41
Perform a Monthly Security Maintenance Routine
1. Change the administrator password(strong pass.)2. Checking that Windows Automatic Update is turned on and
working. 3. Check that AV software is installed and current4. Visually check the equipment to make sure the case has not
been tampered with. Is the lock secure?5. Check the Event Viewer. Take a look at the Security list,
looking for the failed attempts to access the system. 6. Verify that user backups of data are being done and current
backups of data and the System State exit. 7. If you are running Windows Disk Protection, you need to save
any changes to disk that are required to update installed software.
Copyright © 2007 - CIST 42
Securing Your Wired or Wireless Network
• Use a router to secure a SOHO network
– Limit communication from outside the network
– Limit communication form within the network
– Secure a wireless access point
– Implement a virtual private network (VPN)
• Authentication technologies for larger networks
– Encrypted user accounts and passwords
– Smart cards
– Biometric Data
Copyright © 2007 - CIST 43
Vocabulary
authentication authorization Encrypted File System
phishing scam email script social engineering spam wormzero-fill utility virus hoax
Copyright © 2007 - CIST 44
Copyright © 2007 - CIST 45
Summary
• Part of securing a Windows XP desktop or notebook computer includes securing the logon process, setting power-on passwords, using strong passwords, and limiting the use of the administrator account.
• All computer need to run a personal Firewall such as Windows Firewall under Windows XP with SP2 applied.
• For AV software or anti-adware software to be effective, it must be kept current and it must always be running in the background.
• Keeping Windows updates current is necessary to plug up any security holes a they become known.
• Internet Explorer can be set for better security by controlling the way scripts are used.
• Using less-popular clients such as Firefox might mean you are less likely to be attacked than popular one like IE.
Summary
• Practice and teach responsible Web surfing, such as never opening an e-mail attachment from unknown senders and never downloading from Web site you have not carefully checked out.
• Microsoft Shared Computer Toolkit can be used to lock down a public personal computer.
• File and folders can be hidden and made private and data within these files and folders can be encrypted using WEFS.
• Physically protect the equipment for which you are responsible
• Social engineering techniques used by criminals include phishing, scamming, and virus hoaxes.
• To make it less likely you’ll launch a malicious script on your computer, set Windows to display file extensions of scripts.
Copyright © 2007 - CIST 46
Summary
• To secure a system, maintain good backups of user data and System State files.
• Monitor and log events concerning logon failures, access to files and folders, changes to startup, and network activity.
• Don’t throw a way or recycle storage media without first destroying all data on the media.
• Maintain a monthly routine to check your security implementations to make sure all is working as it should and make any changes as appropriate.
• A small network can be secured using a router. For larger networks, a user can be authenticated on a network using encrypted user accounts and passwords, a token such as using a smart card, and/or biometric data.
Copyright © 2007 - CIST 47
Copyright © 2007 - CIST 48
Review Questions
• Where can virus hide?• Which windows tool do you use to view a recorded
log of network activity?• What is social engineering? Phishing?• What is spam? Scam e-mail ? Virus hoax? • What are five file extensions that might be used
for scripts? • Why might someone see better security when
using a browser other than Internet Explorer? • Name one e-mail client other than MS Outlook or
Outlook Express?
Copyright © 2007 - CIST 49
Question
Questions?
Video of chapter 17/18 (reference on the guide ‘Managing & maintaining your PC’)- Securing a wireless LAN- Using a Hardware firewall
and now it’s time to practice