A Guide to Software, 4e

1
A Guide to Software, 4e

• Chapter 10
• Securing Your PC and LAN

2
Objectives

• Learn how to secure a desktop or notebook
  computer
• Learn how to secure a local wired or wireless
  network
• Learn how malicious software works and how to
  clean an infected system

3
Introduction

• Topics to cover
• Methods for protecting computers and networks
• How to use several security tools
• How malicious software works
• A step-by-step plan to remove malicious software

4
Securing Your Desktop or Notebook Computer

• Reasons for providing additional security
• Protection from attacks within the network
• Attacks through security loopholes
• Exposure during travel
• A few methods for securing a computer
• Limit use of the administrator accounts
• Keep Windows updates current
• Physically protect your equipment
• Keep good backups of user data
• Destroy trash that might contain sensitive data

5
Access Control

• Authentication identifies an individual
• Authorization assigns privileges/rights to
  individuals
• Types of passwords
• Power-on passwords (configured in CMOS setup)
• Windows passwords
• Online account passwords
• Application passwords
• Some rules for creating strong passwords
• Combine upper/lower case letters, numbers,
  symbols
• Do not use words in any language

6
Figure 10-3 Set supervisor and user passwords in
CMOS setup to lock down a computer
7
Access Control (continued)

• Controlling access to a PC using Windows
• Set a user password for the user account
• Configure user access to certain files and
  folders
• Overview for assigning permissions to file and
  folder
• Disable simple file sharing from View in Folder
  Options
• Open Properties window of a folder and select
  Sharing
• Click Permissions and select options
• Protected files and folders display
  authentication box
• Cacls command for configuring file and folder
  access

8
Figure 10-9 Control who can access a folder and
the rights given that user or user group
9
Limit Use of the Administrator Account

• Three common types of accounts in Windows
• Administrator
• Guest
• Limited User
• Advice for protecting the Administrator Account
• Create a Limited User account for ordinary
  activities
• Use Administrator account for reserved activities
• Change appearance of desktop to flag the account
• Change strong password on a regular basis

10
Use a Personal Firewall

• Firewalls are implemented in software or hardware
• Purpose of a firewall
• Prevent worms or hackers from invading your
  system
• Turn on Windows Firewall to protect your system
• It may be configured to allow for exceptions
• Windows Firewall is included with Service Pack 2

11
Figure 10-14 Use Windows Firewall to protect a
Windows XP computer
12
Use AV Software

• Antivirus (AV) software protects system from
  viruses
• Using AV software to greatest effect
• Configure software to automatically download
  updates
• Run AV software as a background process
• Set software to automatically scan e-mail
  attachments
• Virus signature distinguishing characteristics
  of virus
• AV software does not always stop adware or
  spyware
• Use removal program for adware or spyware
• Example Ad-Aware by Lavasoft (www.lavasoft.com)

13
Figure 10-15 Set your AV software to stay current
automatically
14
Keep Windows Updates Current

• Causes for Windows susceptibility to attacks
• Popularity of system makes it an attractive
  target
• Highly integrated components give many entry
  points
• Update Web site windowsupdate.microsoft.com
• Two ways to keep updates current
• Access Web site from Windows Update
• Run automatic update utility as background
  process

15
Figure 10-16 Turn on Automatic Updates
16
Set Internet Explorer for Optimum Security

• Some security features in Internet Explorer
• Pop-up blocker
• The ability to manage add-ons
• The ability to block scripts
• The ability to disable scripts embedded in Web
  pages
• The ability to set the general security level
• Medium is recommended

17
Figure 10-18 Control security settings for
Internet Explorer
18
Use Alternate Client Software

• Microsoft products targeted by authors of malware
• Microsoft Internet Explorer
• Microsoft Outlook Express and Microsoft Outlook
• Some reasons for susceptibility
• Popularity
• Close integration with other Windows components
• Use of ActiveX controls
• Alternate browser Firefox by Mozilla
• Alternate e-mail client Eudora by Qualcomm

19
Consider Using Microsoft Shared Computer Toolkit
for Windows XP

• Microsoft Shared Computer Toolkit for Windows XP
• Locks down the drive on which Windows is
  installed
• Features of Windows XP that can be locked down
• Windows configuration
• Installed software or hardware
• User settings or user data
• Some temporary changes are allowed
• When system reboots, it returns to prior state
• Toolkit can be downloaded for free

20
Quick Quiz 2

• ____________________ proves that an individual is
  who he says he is and is accomplished by a
  variety of techniques, including a username,
  password, personal identification number (PIN),
  smart card, or biometric data.
• Answer Authentication
• ____________________ determines what an
  individual can do in the system after he or she
  is authenticated.
• Answer Authorization
• True or False. A passphrase is made of several
  words with spaces allowed.
• Answer True
• Antivirus (AV) software detects a known virus by
  looking for distinguishing characteristics called
  virus ____________________.
• Answer signatures

21
Hide and Encrypt Files and Folders

• Windows 2000/XP Encrypted File System (EFS)
• Works on with Windows 2000/XP NTFS EFS
• Is not supported in Windows XP Home Edition
• Encryption technology for encrypting
  folders/files
• Best practice encrypt at the folder level
• How to encrypt a file or folder
• Open Properties window of file or folder
• Click Advanced and select appropriate options
• Encrypted folders and files in are displayed in
  green

22
Figure 10-21 Encrypt a file or folder using the
Properties window
23
Hide and Encrypt Files and Folders (continued)

• Overview for sharing an encrypted file
• First export your certificate
• The other user imports certificate for access to
  file
• Sharing tool Certificate Export Wizard
• Data recovery agent (DRA) can decrypt
  file/folder
• Three ways decrypt a file or folder
• Change encryption attribute from Properties
  window
• Move file or folder to a FAT logical drive
• Use the Cipher command

24
Figure 10-27 A file is no longer encrypted when
it is moved off the NTFS drive
25
Physically Protect Your Equipment

• Dont move or jar your computer when its turned
  on
• Dont smoke around your computer
• If your data is private, keep it under lock and
  key
• Keep magnets away from your computer
• Lock down the computer case

26
Beware of Social Engineering

• Social engineering
• Tricking people into giving out private
  information
• Passing unsafe programs into the network or PC
• Some techniques of social engineers
• Phishing extracting personal data via e-mail
• Scam e-mail offers to join phony ventures
• Virus (e-mail) hoax clogs up e-mail systems
• A few rules for using the Internet
• Do not click links inside e-mail messages
• Investigate a Web site before downloading software

27
Beware of Social Engineering (continued)

• Two ways to debunk a hoax e-mail
• Note phrases/subjects that request mass
  forwarding
• Use services of security site e.g.,
  www.hoaxkill.com
• Scripts code segments automating set of tasks
• Example files with extensions .wsf and .vbs
• Malicious scripts are often hidden in e-mails
• Example the link www.symantec.com.vbs
• Protecting against malicious scripts
• Set Windows to display file extensions
• Set Windows to first load script to Notepad

28
Figure 10-28 An example of a hoax e-mail message
29
Figure 10-30 Use the Edit File Type window to
change the way Windows displays and manages a
file type
30
Keep Good Backups of User Data

• Prepare for a disaster by making good data
  backups
• Refer to Chapter 4 for backup procedures

31
Backup System Files

• Use Ntbackup to back up System State and registry
• Refer to Chapter 3 for procedures
• When to back up the System State
• After you have made major changes to the system
• Example after installing a new hard drive
• Make backups a routine part of monthly
  maintenance

32
Make Use of Event Logging and Incident Reporting

• Some incidents you might be expected to report
• An attempt at breaking in to a secured PC or
  network
• The security has been broken
• An alarm has been activated
• Some reasons for incident reporting
• The need for others to respond to an incident
• The need to know about a weak security loophole
• Legal concerns
• Monitoring Windows 2000/XP logon events
• Configure Event Viewer to track failed logon
  attempts

33
Quick Quiz 2

• ____________________ puts data into code that
  must be translated before it can be accessed, and
  can be applied to either a folder or file.
  
• Answer Encryption
• ____________________ engineering is the practice
  of tricking people into giving out private
  information or allowing unsafe programs into the
  network or computer.
• Answer Social
• ____________________ is a type of identity theft
  where the sender of an e-mail message scams you
  into responding with personal data about
  yourself.
• Answer Phishing
• A(n) ____________________ hoax is e-mail that
  does damage by tempting you to forward it to
  everyone in your e-mail address book with the
  intent of clogging up e-mail systems or to delete
  a critical Windows system file by convincing you
  the file is malicious.
• Answer virus or e-mail

34
Figure 10-32 Event Viewer monitoring failures at
logging on to Windows XP
35
Make Use of Event Logging and Incident Reporting
(continued)

• Monitor changes to files and folders
• Set the Group Policy to audit an object
• Add the users that you want to monitor
• Decide which activity to monitor
• View logged activity in the Event Viewer
• Some third-party monitoring tools
• Autoruns by Sysinternals
• WinPatrol by BillP Studios
• Monitoring network activity with Windows
  Firewall
• Configure Log Settings accessed from Advanced tab

36
Figure 10-39 Using Windows Firewall, you can log
dropped packets and successful connections
37
Destroy the Trash

• Trash is a source of sensitive information
• How to prevent the exposure of data
• Destroy all storage media before you throw it
  out.
• Destroy hard copies that contain sensitive data
• Steps to take when migrating from older medium
• Encrypt data being migrated between systems
• Control user access to migrated data
• Destroy old data storage medium no longer being
  used
• Erase hard-drive of old PC with a zero-fill
  utility

38
Perform a Monthly Security Maintenance Routine

• Change the administrator password
• Make sure system is being automatically updated
• Check that AV software is installed and current
• Visually check the equipment for tampering
• Check the Event Viewer

39
Securing Your Wired or Wireless Network

• Topics to cover
• How to use a router to secure a small network
• How to secure a wireless network
• Authentication techniques used for larger
  networks

40
Use a Router to Secure a SOHO Network

• SOHO a small office or home office
• Use a router to secure a SOHO network
• Tasks that routers perform
• Limit communication from outside the network
• Limit communication from within the network
• Secure a wireless access point
• Implement a virtual private network (VPN)
• Keep router firmware current

41
Authentication Technologies

• Controlling network access
• Encrypt user accounts/passwords at point of entry
• Decrypt user accounts/passwords before validation
• Popular authentication protocols CHAP, Kerberos
• Two-factor authentication present two types of
  id
• Smart cards
• Device with id information keyed or read into
  system
• Variations key fob, magnetic strip, and USB
  smart cards
• Biometric data id based on physical
  characteristics
• Some biometric devices iris scanner, fingerprint
  reader

42
Figure 10-41 For best security, keep your
hardware firewall firmware updated
43
Figure 10-42 A smart card such as this SecurID
key fob is used to authenticate a user gaining
access to a secured network
44
Dealing with Malicious Software

• Malicious software (malware or computer
  infestation)
• Any unwanted program intending harm to system
• Transmitted to your computer without your
  knowledge
• Examples of malware viruses and worms
• Topics to cover
• How to recognize that a system is infected
• How to understand how malicious software works
• How to clean up the mess

45
Youve Got Malware

• Some signs of malicious messages
• Pop-up ads plague you when surfing the Web
• Strange or bizarre error messages appear
• Less memory than usual is available
• Strange graphics appear on your computer monitor
• The system cannot recognize the CD-ROM drive
• Files constantly become corrupted
• The OS boots, but cannot launch the Windows
  desktop
• Your antivirus software displays one or more
  messages

46
Here's the Nasty List

• Virus
• Program that replicates by attaching to other
  programs
• Infected program must execute for virus to run
• Example boot sector program
• Protection run AV software in the background
• Adware produces all those unwanted pop-up ads
• Spam is junk e-mail that you do not want
• Spyware program installing itself to spy on you
• Worm self-replicating program that overloads
  network

47
Figure 10-46 The crash virus appears to be
destructive, making the screen show only garbage,
but does no damage to hard drive data
48
Here's the Nasty List (continued)

• Browser hijacker alters home page/browser
  settings
• Dialer dials phone number without your knowledge
• Keylogger tracks all your keystrokes
• Logic bomb dormant code triggered by an event
• Trojan horse disguises itself as a legitimate
  program

49
Here's the Nasty List (continued)

• Types of viruses
• Boot sector virus hides in the boot sector
  program
• File virus hides in executable (.exe, .com, or
  .sys)
• Multipartite virus combined boot sector and file
  virus
• Macro virus hides in documents of macro files
• Script virus a virus that hides in a script
• How malware replicates and hides
• Uses various techniques to load itself into
  memory
• Attempts to hide from AV software
• Example stealth virus manipulates its storage
  file

50
Step-by-Step Attack Plan

• Run reputable AV software
• Examples Norton Anti-Virus and McAfee VirusScan
• Run adware or spyware removal software
• Example Windows Defender by Microsoft
• Search out and destroy whats left
• Respond to any startup errors
• Delete malicious files
• Purge restore points
• Clean the registry
• Root out rootkits

51
Quick Quiz 3

• Data ____________________ is moving data from one
  application to another application or from one
  storage media to another, and most often involves
  a change in the way the data is formatted.
• Answer migration
• ____________________ is software that installs
  itself on your computer to spy on you, and
  collects personal information about you that it
  transmits over the Internet to Web-hosting sites
  that intend to use your personal data for harm.
• Answer Spyware
• A(n) ____________________ is a program that
  copies itself throughout a network or the
  Internet without a host program.
• Answer worm
• A(n) ____________________ is a small program
  contained in a document that can be automatically
  executed either when the document is first loaded
  or later by pressing a key combination.
• Answer macro

52
Figure 10-57 Results of running Windows Defender
by Microsoft
53
Summary

• Protect accounts and applications with passwords
• File and folders can be configured for selective
  permissions
• Standard security tools AV software, firewalls,
  Windows Update
• Encryption technology Windows 2000/XP NTFS EFS
• Techniques used by social engineers phishing,
  scam e-mails, virus hoaxes

54
Summary (continued)

• Some events to monitor failed logon access
  attempts and network activity
• Use a router to secure a SOHO network
• Security techniques for larger networks smart
  cards, authentication protocols, biometric
  devices
• Malware invasive programs such as viruses and
  worms
• If AV software cannot clean or delete malware,
  use other techniques such as deleting file from
  directory