Chapter 26

© 2010 The McGraw-Hill Companies, Inc. All rights reserved

Mike Meyers’ CompTIA A+® Guide to

Managing and Troubleshooting PCs

Third Edition

Chapter 26

Securing Computers




Third Edition

Overview

• In this chapter, you will learn how to

– Explain the threats to your computers and data

– Describe key security concepts and technologies

– Explain how to protect computers from network threats




Third Edition

Analyzing the Threat

• Threats to your data come from accidents and malicious people

• Accidents are more common– Deleted files– Hard drive crashes– Scratched discs

• Malicious intent gets all the press• Look at two general areas

– Unauthorized access– Direct physical problems or attacks




Third Edition

Unauthorized Access

• Unauthorized access can come from many directions– Curiosity and poor user account management– Dumpster diving– Social engineering techniques to gain access– Infiltration– Telephone scams– Phishing




Third Edition

Curiosity and Account Control

• Unauthorized access– Occurs when any user accesses

resources in an unauthorized way– Often a user with just enough skill pokes

around and finds access to something he or she shouldn’t have

• Administrative access– Improper control of administrator accounts is

dangerous– Some versions of Windows (such as Windows

XP Home) make it easy to use administrator accounts improperly




Third Edition

Dumpster Diving

• What is it?– Searching through trash looking for information– Individual pieces of data can be put together as a

puzzle

• How do you stop it?– Shred all documents

• Use a Cross Cut shredder– 3/8” x 1 ½” Good home use– 1/32” x ½” DoD and RCMP Top Secret Documents

– Lock area (when possible) where trash is placed outside




Third Edition

Social Engineering

• Using or manipulating people in the network to gain access to the network

• Infiltration– Entering building in the guise of legitimacy– Talking to people, gathering pieces of information

• Telephone scams– Simply asking for information– Impersonating someone else and getting a

password reset

• Phishing– Using the Internet to pretend to be someone

you’re not to get information (user names and passwords)




Third Edition

Data Destruction

• Unauthorized access can lead to loss or theft of important or sensitive data

• Data destruction doesn’t even have to be intentional– Could be accidental data loss– Unauthorized data modification

• “The system should have stopped me if I wasn’t supposed to do that!”




Third Edition

Physical Threats

• Damage or loss of physical assets can prove devastating

• Catastrophic hardware failures– Hard drives crash, power fails– Redundant systems provide protection

• Physical theft– Servers need to be kept behind locked doors– Don’t ignore physical security– Use a cable lock on portable and desktop systems

• Viruses/spyware– Come from the Internet, floppy disks, optical discs,

and USB drives




Third Edition

Security Concepts and Technologies

• After assessing the threats, it’s time to secure the network

• Strategic and tactical goals– Understand the big picture and technologies

available for securing the network– Know the specific tools for securing resources on

the network

• Strategic– Access control– Data classification and compliance– Reporting




Third Edition

Access Control

• Access control has two meanings– The process of controlling access to data

• Physical security• Authentication• Users and groups• Security Policies

– Access control list – a piece of data stored on a server, router, etc. that defines what users or systems have access to a resource

• Let’s cover the first one




Third Edition

Access Control (continued)

• Physical security– Keeping doors locked– Don’t walk away from logged-in systems

• Authentication– How the computer determines who can and

can’t have access• Use proper complex passwords

– Not just for Windows login (CMOS, routers)– Software password generators make great passwords

– Hardware authentication• Smart cards• Biometric devices




Third Edition


• Users and Groups– Use NTFS with your Users and Groups– Remember the principle of “Least Privilege”

• Only grant the minimum privileges for a user to get the job done

• Easy to grant more; hard to revoke privileges

– Give permissions to groups, not user accounts– Then add user accounts to the appropriate groups




Third Edition


• Effective permissions – Users are invariably members of more than one

group– If a user accesses a resource, Windows examines

Group affiliation to determine effective permissions




Third Edition


• Security Policies– Security policies address issues that fall outside the

scope of NTFS permissions• Can the user change his or her password?• Can the user see the RUN command?• Can the user install software?

– Local security policies are applied to an individual computer

– Domain group policies are applied to all the computers in a domain




Third Edition

Sample Security Policies

• Prevent Registry Edits – If you try to edit the Registry, you get a failure

message

• Prevent Access to the Command Prompt– Keeps users from getting to the command prompt

by turning off the Run command and the MS-DOS Prompt shortcut

• Log on Locally – Defines who may log on to the system locally

• Shut Down System – Defines who may shut down the system




Third Edition

Sample Security Policies (continued)

• Minimum Password Length – Forces a minimum password length

• Account Lockout Threshold– Sets the maximum number of logon attempts a

person can make before being locked out of the account

• Disable Windows Installer– Prevents users from installing software

• Printer Browsing– Enables users to browse for printers on the

network, as opposed to using only assigned printers




Third Edition

Lab – Playing with Fire

• On your Windows XP computer, go to Administrative Tools and run Local Security Policy

• See if you can answer these questions– How does User Rights Assignment enable you to

control access to the physical machine?– How do the Security Options help secure things?

What can you do here?

• It’s important to note here that you can negatively impact or make a PC inoperable by making a security policy mistake




Third Edition

Data Classification and Compliance

• Data classification– Organizing data according to sensitivity– Varies by organization

• TOP SECRET

• Compliance– Members must comply with rules that apply to the

organization– Laws and company policies apply and should be

followed




Third Edition

Reporting

• Event Viewer– Event Viewer works as well for security as it does

for Windows troubleshooting– The Security section of Event Viewer shows all

security events – Most of the interesting security events are not

recorded in Event Viewer by default– To see these events, you have to audit them

• Incidence Reporting – Providing documentation for an event of interest– Intrusion, incoming phishing, malware– Event Viewer logs are the main tool




Third Edition

Network Security

• Networks face external threats in addition to all those internal threats

• This section looks at three areas– Internet-borne attacks, such as malware– Firewalls– Wireless networking




Third Edition

You’ve got Virus!

Hey, new mail coming your way!

Malicious Software

• Together known as malware– Grayware– Viruses– Trojans– Worms




Third Edition

Grayware

• Not destructive in itself– Leach bandwidth in networks– Some people

consider them beneficial

– Used to sharefiles (e.g., BitTorrent)

– Can push networkover the edge




Third Edition

Grayware (continued)

• Pop-ups– Many modify the browser, making it hard to close

the pop-up window• Some open up other pop-ups when one pop-up is closed

– Newer browsers block pop-ups politely




Third Edition

Spyware

• Family of programs that run in the background– Can send information on your browsing habits – Can run distributed computing apps, capture

keystrokes to steal passwords, reconfigure dial-up, and more

• Preventing installation– Beware of “free” programs

such as Gator, Kazaa, others– Adobe’s Shockwave and

Flash reputable, but many others are not




Third Edition

• Aggressive tactics– Try to scare you into

installing their program

• Removing Spyware– Windows Defender– Lavasoft’s Ad-Aware– PepiMK’s Spybot

Search & Destroy

Spyware (continued)




Third Edition

Spam

• Unsolicited e-mail

• To avoid, don’t give out your e-mail address

• Definitely don't post it on the Web!

• Implement antispam settings or software




Third Edition

Malware

• Viruses– Designed to attach themselves to a program – When program is used, the virus goes into action– Can wipe out data, send spam e-mails, and more– Can hide in macros – scripting commands for

various programs such as Access

• Trojans– Complete program– Designed to look like one program (such as a game

or utility)– Does something else, too, such as erase CMOS




Third Edition

Malware (continued)

• Worms– Similar to a Trojan, but on a network– Travels from machine to machine through the network – Commonly infects systems because of security flaws

• Best protection against worms– Run antivirus software– Keep security patches

up to date– Use tools such as

Windows Update or Automatic Update to get high-priority updates

– Patch management




Third Edition

Virus Prevention and Recovery

• You need to take steps to secure computers to prevent attacks– Run an updated antivirus program– Practice proper prevention techniques

• You also need a plan for recovery incase a virus affects computers on your network– Recognize the attack– Fix things– Recover

• Let’s take a look




Third Edition

Antivirus Programs

• Antivirus programs– Can be set to scan entire computer actively for

viruses– Can be set as virus shield to monitor activity such

as downloading files, receiving e-mail, etc.– Run Windows Defender

• Microsoft’s free antivirus/anti-malware program• Check Security Center in Vista• Not used in Windows 7 or recent updates to Vista




Third Edition

Antivirus Programs (continued)

• Virus Shield– Viruses have digital signatures– Antivirus programs have

libraries of signaturescalled definitions

– Updated regularly• Use an automatic

update if possible




Third Edition

Virus Techniques and Traits

• Polymorphics/Polymorphs– Viruses attempt to change or morph to prevent

detection– Code that morphs (scrambling code) often used as

signature, so detectable by antivirus programs

• Stealth– Virus attempts to hide and appear invisible– Most are in boot sector– Some use little-known software interrupt– Others make copies of innocent-looking files




Third Edition

Virus Prevention Tips

• Scan all incoming programs and data• Scan the PC daily and update signatures

regularly• Keep bootable CD-R with copy of

antivirus program– Scan if you think PC or connected media might be

affected

• Be careful with e-mail– Consider disabling preview window– Only open attachments from known sources




Third Edition

Virus Recovery Tips

• Recognize– Learn to recognize how a system reacts to malware

• Quarantine– What you do to prevent malware from propagating

• Search and destroy– What you do to remove malware from infected

systems

• Remediate– What you do to return the system to normal after

the malware is gone

• Educate– How you train users to prevent malware outbreaks




Third Edition

Virus Recovery Tips (continued)

• Recognize– If a computer starts spewing e-mail, that’s a sign of

problems– Computers that run very slowly can indicate

malware– Computers with heavy network activity but few

active programs point to malware

• Quarantine– Run packet-sniffing software to alert you to any

unusual activity– Pull the cable! A computer that’s not connected to

a network can’t propagate a virus




Third Edition


• Search and destroy– Boot the computer to a removable disc with

antivirus software included (an antivirus CD-R)• Commercial tools, such as avast!• LiveCD with Linux-based tools• Ultimate Boot CD comes with several antivirus programs

– Run the antivirus software as a sword to scan the infected system




Third Edition


• Search and destroy– Check all removable media that might have been

infected– Manually disable Browser Helper Objects (BHOs)

installed by viruses• In Internet Explorer, go to

Tools | Manage Add-ons• Select a suspect BHO• Click Disable




Third Edition


• Remediate– Fix any low-level damage by booting to the

recovery console (Windows 2000/XP) or the Windows Vista repair environment

• FIXMBR and FIXBOOT can repair the boot sector• BOOTCFG re-creates the BOOT.INI file• Vista offers Startup Repair, System Restore, and other tools

• Educate– You need to train your users to know when not to

click or open attachments




Third Edition

InternetInternet

Firewalls

• Used to block malicious programs from the Internet– Can be software, hardware,

or both– Windows has built-in firewall

(see Control Panel)




Third Edition

Network Authentication

• Authentication– Proving who you are– Done by providing credentials

• i.e., user name and password

– LAN authentication like Kerberos useful for supporting multiple NOSs and providing secure login within a network

– Not so hot for remote access authentication




Third Edition

Network Authentication (continued)

• Common remote access protocols– PAP: Password Authentication Protocol (clear text)

• Rarely used

– CHAP: Challenge Handshake Authentication Protocol

• Most popular

– MS-CHAP: Microsoft CHAP• Popular with Microsoft applications




Third Edition

Our lowest sell price is$150,000

Encryptionalgorithm

*2jkpS^aou23@`_4Laujpf

Decryptionalgorithm

Our lowest sell price is$150,000

Encryption

• Makes data packets unreadable– Changes plaintext into cipher text– Encryption occurs at many levels– Multiple encryption standards and options




Third Edition

Encryption (continued)

• Dial-up encryption– Encrypts data over lines– Method set on the server

• Data encryption– Multiple protocols possible– These standards used in

connecting computers to some kind of private connection, like ISDN or T1

– Microsoft method of choiceis IPSec (IP Security)




Third Edition

Application Encryption

• Many applications can use other protocols to encrypt data– On the Web, HTTPS commonly used– Use digital certificates– Certificates issued by trusted

authorities• Trusted authorities added to Web

browsers

– Invalid certificates can be cleared from SSL cache




Third Edition

Date post:	05-Jan-2016
Category:	Documents
Upload:	topaz
View:	26 times
Download:	0 times