windows security a practical approach. basics passwords passwords strong password should:strong...

Download Windows Security A practical approach. Basics Passwords Passwords Strong password should:Strong password should: Be long Be long Contain: Contain: LettersLetters

Post on 04-Jan-2016




1 download

Embed Size (px)


  • Windows SecurityA practical approach

  • BasicsPasswordsStrong password should:Be longContain:LettersPunctuationSymbolsNumbersPassword Checker

  • PasswordPassword is known ONLY to userStoring/Managing PasswordsPassword algorithmsPassword files

  • File SystemNTFS Security AdvantagesAccess Control ListGranular structureSupports server authenticationAbility to encrypt files and directoriesEncrypted File System (EFS)

  • NTFS Access ControlPERMISSIONSFor files, directories, networked devicesAPPLICABLE ON:UsersComputersNetworked devicesGroups of:UsersComputersNetworked devices


  • Surfing the InternetBrowsersFFIEOthers (Opera, Chrome, etc)Browser Add-onsNoScriptFlashBlock

  • Environmental Threats

    COMPONENT OBJECT MODELSObject Linking and Embedding (OLE)Remote Procedure Call (RPC)ActiveXJAVA APPLETS

  • External threatsBrowser relatedHijacks (BHO)Drive-by downloadsWMF (2005), ActiveX, DCOMScamsConfidence trickingPhishingFake EmailsID TheftData harvestingSocial EngineeringPsychological manipulationTargeted MalwareSilent_banker

  • Human ErrorEmailsDownloadsP2PUnderground sourcesSystem patches out of dateClicking without reading/fully understanding (Nexters)

  • PrivacyIndexing servicesGoogle DesktopSocial websitesFacebookID ThreatsFacebook ApplicationsSource of infectionData miningSearch enginesGoogleScrapped google engine (Scroogle)IxquickDuckDuckGo

  • Operating System Security SoftwareAnti VirusMicrosoft Security Essentials (MSE)Anti Spy/MalwareWindows DefenderTracking SoftwareAdeonaFirewallWindows FirewallSygate Personal Firewall

  • Common SenseStrong PasswordLatest updatesUnprivileged user accountRead EVERYTHING on screenNever disclose any login detailsNever believe in something for nothingBe AwareBetter safe than sorry

  • Safe SystemInternet BrowsingTightened settings for BrowsersDo not log in as AdministratorBuild up adequate layer of defence through application layerReal-Time anti-vir/spy/mal/ad wareElectronic MailSet up for plain text onlyBe careful what you subscribe to(mailing list harvesting)Spam filtersEmail address obfuscatingStructuring multiple email addresses for different purposesSystem layerHidden files (double extensions)Start-upActive software protection


    Thank you


View more >