Windows Security A practical approach. Basics Passwords Passwords Strong password should:Strong password should: Be long Be long Contain: Contain: LettersLetters.

Download Windows Security A practical approach. Basics Passwords Passwords Strong password should:Strong password should: Be long Be long Contain: Contain: LettersLetters.

Post on 04-Jan-2016

213 views

Category:

Documents

1 download

Embed Size (px)

TRANSCRIPT

  • Windows SecurityA practical approach

  • BasicsPasswordsStrong password should:Be longContain:LettersPunctuationSymbolsNumbersPassword Checkerhttp://www.microsoft.com/security/online-privacy/password-checker.aspx

  • PasswordPassword is known ONLY to userStoring/Managing PasswordsPassword algorithmsPassword files

  • File SystemNTFS Security AdvantagesAccess Control ListGranular structureSupports server authenticationAbility to encrypt files and directoriesEncrypted File System (EFS)

  • NTFS Access ControlPERMISSIONSFor files, directories, networked devicesAPPLICABLE ON:UsersComputersNetworked devicesGroups of:UsersComputersNetworked devices

    INHERITANCE

  • Surfing the InternetBrowsersFFIEOthers (Opera, Chrome, etc)Browser Add-onsNoScriptFlashBlock

  • Environmental Threats

    COMPONENT OBJECT MODELSObject Linking and Embedding (OLE)Remote Procedure Call (RPC)ActiveXJAVA APPLETS

  • External threatsBrowser relatedHijacks (BHO)Drive-by downloadsWMF (2005), ActiveX, DCOMScamsConfidence trickingPhishingFake EmailsID TheftData harvestingSocial EngineeringPsychological manipulationTargeted MalwareSilent_banker

  • Human ErrorEmailsDownloadsP2PUnderground sourcesSystem patches out of dateClicking without reading/fully understanding (Nexters)

  • PrivacyIndexing servicesGoogle DesktopSocial websitesFacebookID ThreatsFacebook ApplicationsSource of infectionData miningSearch enginesGoogleScrapped google engine (Scroogle)IxquickDuckDuckGo

  • Operating System Security SoftwareAnti VirusMicrosoft Security Essentials (MSE)Anti Spy/MalwareWindows DefenderTracking SoftwareAdeonaFirewallWindows FirewallSygate Personal Firewall

  • Common SenseStrong PasswordLatest updatesUnprivileged user accountRead EVERYTHING on screenNever disclose any login detailsNever believe in something for nothingBe AwareBetter safe than sorry

  • Safe SystemInternet BrowsingTightened settings for BrowsersDo not log in as AdministratorBuild up adequate layer of defence through application layerReal-Time anti-vir/spy/mal/ad wareElectronic MailSet up for plain text onlyBe careful what you subscribe to(mailing list harvesting)Spam filtersEmail address obfuscatingStructuring multiple email addresses for different purposesSystem layerHidden files (double extensions)Start-upActive software protection

  • THE END

    Thank you

Recommended

View more >