Date post: | 15-Jul-2015 |
Category: |
Documents |
Upload: | sejahtera-affif |
View: | 719 times |
Download: | 133 times |
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
1
Securing Operating Systems
Simplifying Security.
Module 2
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
2
In its latest edition of Security Intelligence Report that Microsoft released on May 12, 2011, the company reveals that the infection rate on Windows 7 rose over 30% in H2‐2010, while that on Windows XP dropped over 20%.
Says Principal Group Program Manager Jeff Williams for Microsoft Malware Protection Center, the rate of contamination on Windows 7 increased, that's because of more malware attacks prevailing in cyber space. Computerworld.com published this on May 12, 2011.
Notably, during July‐December 2010, there was a mean rate of more than 4 32‐bit Windows 7 computers getting infected for every 1,000 such computers, a rise of 33% compared to about 3 such PCs getting infected for every 1,000 during H1‐2010.
Malware Contamination on Windows 7 High, While for XP Low
http://www.spamfighter.com
May 21, 2011
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
3
Apple ‐‐ and many Mac users ‐‐ argue that Mac OS X has a special recipe for security that makes it less likely to be infected with malware. Many security researchers counter that the Mac's seeming immunity stems not from its security, but from its lack of market share.
The debate may finally be settled.
The emergence of a serious malware construction kit for the Mac OS X seems to mimic a 2008 prediction by a security researcher. The prediction comes from a paper written in IEEE Security & Privacy (in .pdf), which used game theory to predict that Macs would become a focus for attackers as soon as Apple hit 16 percent market share.
Last week, security researchers pointed to a construction kit for creating Trojans for the Mac OS X as a major issue for Mac users. Currently, three countries ‐‐ Switzerland, Luxembourg and the United States ‐‐have Mac market share around that level.
Mac Malware Goes From Game to Serious
http://www.csoonline.com
May 11, 2011
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
4
Module Objectives
System Security
Threats to System Security
How Does Malware Propagate?
Guidelines for Windows Operating System Security
Two‐Way Firewall Protection in Windows
Windows Encrypting File System (EFS)
How to Hide Files and Folders?
Windows Security Tools
Guidelines for Securing Mac OS X
Resources on the Internet for Computer Security
Operating System Security Checklists
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
5
Module Flow
System Security
Threats to System Security
How DoesMalware Propagate?
Guidelines for Windows OS Security
Windows Encrypting File System (EFS)
Windows Security Tools
Guidelines for Securing Mac OS X
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
6
System Security
Every operating system and application is subject to security flaws
Software vendors usually develop patches to address these flaws
Users have to install the patches and configure the software
System compromise can be prevented by applying security patches in a timely manner
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
7
Module Flow
System Security
Threats to System Security
How DoesMalware Propagate?
Guidelines for Windows OS Security
Windows Encrypting File System (EFS)
Windows Security Tools
Guidelines for Securing Mac OS X
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
8
Threats to System Security
Virus
A program that replicates by copying itself to other programs, system boot sectors, or documents, and alters or damages the computer files and applications
Worm
A self‐replicating virus that does not alter files but resides in computer memory and replicates itself
Backdoor
An unauthorized mean of accessing the system and bypassing the security mechanisms
Trojan
A program that seems to be legitimate but acts maliciously, when executed
Logic Bomb
A program that releases a virus or a worm
Rootkit
A set of programs or utilities that allows someone to maintain root‐level access to the system
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
9
Keylogger
Password Cracking
Keylogger is a hardware device or small software program that monitors and records each keystroke on a user's computer keyboard
Password cracking is the process of identifying or recovering an unknown or forgotten password
Spyware Spyware includes Trojans and other malicious software that steals personal information from the system without the users’ knowledge. Example: Keylogger
Threats to System Security
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
10
Password Cracking
Trying different passwords until one works
Tricking people to reveal their password or other information that can be used to guess the password
It uses a pre‐defined list of words
Trying combinationsof all the characters until the correct password is discovered
Watching someone type the password
Password cracking is the process of identifying or recovering an unknown or forgotten password
Victim
Attacker
Server
Original Connection
Attacker gets the
password of the victimSniff
GuessingBrute Forcing
DictionaryAttack
Shoulder Surfing
SocialEngineering
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
11
Module Flow
System Security
Threats to System Security
How DoesMalware Propagate?
Guidelines for Windows OS Security
Windows Encrypting File System (EFS)
Windows Security Tools
Guidelines for Securing Mac OS X
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
12
How Does Malware Propagate?
Through Email Attachments
Emails containing attachments may include malware
Clicking the attachment installs a malicious program on the computer
A virus create an autorun.inf file that is a system hidden and a read‐only fileWhen the user opens the pen drive files, the autorun.inf is executed and copies the virus files into the system
Through Infected Websites
Visiting compromised sites may result in installation of malicious software, designed to steal personal information, on users computer
Through USB Memory Sticks
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
13
How Does Malware Propagate ?
http://www.sonicwall.com
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
14
Through Fake Codec
If the user is prompted to download and install a decoder to watch the video, the codec may be a malicious program that would be downloaded onto the system
Through Shared Folders
Malware may propagate via network shares
The malware can spread by creating copies of itself in shared folders
How Does Malware Propagate?
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
15
Through Fake Antivirus
Antivirus 2009 is a fake antivirus that performs a fake scan of the users’ system and shows viruses that are not present on the system
Clicking the Register or Scan buttons downloadsmalware onto the system
Through Downloads
Downloading software, music, photos, and videos from untrusted websites may also cause downloading a malicious file infected with a virus, worm, Trojan, etc.
A large number of malicious applications are available over the Internet with a description that may trick users into downloading them
How Does Malware Propagate?
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
16
Peer‐to‐peer (P2P) file sharing enables sharing of music, audio, images, documents, and software programs between two computers over the Internet
Shared files may contain security risks such as viruses, spyware, and other malicious software
Attackers can share malware disguised as a useful application
P2P networks can be used to illegally distributethe copyrighted material that may attract civil and/or criminal penalties
http://www.entertane.com
How Does Malware Propagate?
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
17
Module Flow
System Security
Threats to System Security
How DoesMalware Propagate?
Guidelines for Windows OS Security
Windows Encrypting File System (EFS)
Windows Security Tools
Guidelines for Securing Mac OS X
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
18
Guidelines for Windows Operating System Security
Lock the System, WhenNot in Use
Create Strong User Password
Disable the Guest Account
Lock Out Unwanted Guests
Apply Software Security Patches
Use Windows Firewall
Use NTFS
Kill Unnecessary Processes
Configure Audit Policy
Rename the AdministratorAccount
Use Windows Encrypting File System
Hide Files and Folders
Disable Start up Menu
Disable Simple File Sharing
Use Windows User Account Control (UAC)
Implement Malware Prevention
Disable Unnecessary Services
Enable BitLocker
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
19
Lock the System When Not in UsePress the ‘Windows’ and ‘L’ keys together on the keyboard to lock the system
Click Start Lock
Right‐click on the Desktop and select Personalize Screensaver select the time and check “On resume, display logon screen”
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
20
1. To create a password, go to Start Control Panel Select User Accounts click Manage another account
2. Click User name for whom the password has to be changed and choose Create a password (If the password is already set, this option will be Change your password )
3. In the Create a password for user’s account window, type the password to be assigned to the selected user and confirm the password
4. Provide a password hint (optional)
5. If a password is already assigned to the user account and are trying to change it, Windows will ask you to verify the current password
6. Click the Create/Change Password button
Note: Use strong passwords for logging into the system
Create a Strong User Password
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
21
Change Windows User Password: Windows 7
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
22
Disable the Guest Account: Windows 7
Click Start right click Computer selectManage
When the Computer Management window opens, go to Local Users and GroupsUsers
Verify that the Guest account is disabled by looking at the icon
If the account is not disabled, double‐click the account name to open its Propertieswindow
In the Guest account's properties window select the checkbox next to Account is disabled click OK
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
23
Lock Out Unwanted Guests in Windows 7
Go to Control Panel click Administrative Tools
Double‐click the Local Security Policy Account Policies double‐click the Account Lockout Policy double‐clickAccount Lockout Threshold
At the Account lockout threshold Properties window, enter the number of invalid logins (e.g., 3)
Click OK and Close
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
24
Click Start right click Computer click Manage
In the Computer Management window click Local Users and Groupsselect Users
Rename the Administrator Account in Windows 7
Right click on user Admin or Administratorselect Rename type the new name for account and click OK
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
25
Right click on the Taskbar select Properties click Start Menu tab
Uncheck both Store and display recently opened programs in the Start menu and Store and display recently opened items in the Start menu and the taskbar click Apply click OK
Disable Start up Menu in Windows 7
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
26
•
Windows Updates in Windows 7
Windows Updates
Click Start Control Panel select System and Security
Select Windows Update Change Settings
Choose how Windows can install updates
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
27
Pointers for Updates
Always patch the OS and applications to the latest patch levels
Ensure that you are downloading patches only from authentic sources ‐‐preferably the vendor site
Use patch management tools for easier updating–there are several free tools
Do not send patches through email
Do not open executable files from sources of questionable integrity
Choose to be notified by the vendor about vulnerability announcements
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
28
Apply Software Security Patches
1
2
3
4
5
Updates can be installed automatically or manually
Automatic updates can be installed on a scheduled basis
Updates must be installed from the vendor’s website
The update process can be hidden and restored
Software updates are used to keep the OS and other software up‐to‐date
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
29
Open Windows Firewall by clicking the Start button click Control Panel
In the search box, type Firewall click Windows Firewall
In the left pane, click Turn Windows Firewall ON or OFF
Configuring Windows Firewall in Windows 7
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
30
Adding New Programs in Windows Firewall in Windows 71. Click Start Control Panel type Firewall in the
search box press Enter
2. Click Allow a program through Windows Firewall
3. Click Change Settings
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
31
4. Click Allow another Program
5. The Add A Program window opens, which lists pre‐installed programs Click Browse to add a program (if required)
Adding New Programs in Windows Firewall in Windows 7
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
32
6. Navigate to the Location of the program select its executable file click Open
7. Click Add click OK to exit the Windows Firewall
The change is applied to the list of added programs
Adding New Programs in Windows Firewall in Windows 7
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
33
Removing/Disabling Programs Rules from the Windows Firewall in Windows 7
Click Start Control Panel search Windows Firewall go to Allow a Program through Windows Firewallclick Change Settings
Select the rule you want to Remove/Disable
To Disable any rule for any specific network location, uncheck its respective checkbox click OK
To remove any program completely from the allowed program list, click Remove click YES click OK
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
34
Advance settings in Windows Firewall allow users to create custom rules
Steps to create a new rule:
1. Click Start Control Panel search for firewall click Check Firewall Status click Advanced Settings
Creating a New Windows Firewall Rule in Windows 7
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
35
2. In the Windows Firewall with Advanced Security window, click Inbound Rules click New Rule
3. The New Inbound Rule Wizard opens select the type of rule (Program, Port, Predefined, and Custom rules) you would like to create click Next
Creating a New Windows Firewall Rule in Windows 7
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
36
4. Select the type of protocol (TCP/UDP) and provide the port numbers or select the option All Local Ports for the rule you want to be applied click Next
5. Decide what Action to take when a connection matches the specified condition (here, Allow the Connection) click Next
Creating a New Windows Firewall Rule in Windows 7
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
37
6. Select a Profile for which the rule has to be applied click Next
7. Give a Name to the newly created Rule and description (optional) click Finish
The rule is created and it allows TCP Inbound traffic to all the ports.
Note: To create a rule for Outbound traffic, follow the same steps. But select UDP protocol and enter 5679 as the port number
Creating a New Windows Firewall Rule in Windows 7
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
38
Two-Way Firewall Protection in Windows
Click the Start button type wf.msc or Firewall in search bar press EnterClick the Windows Firewall with Advanced Security iconThis management interface displays the inbound and outbound rulesClick Windows Firewalls PropertiesA dialog box with several tabs will appearFor each profile‐‐Domain, Private, and Public‐‐change the setting to Block, and then click OK
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
39
Close any open programs running on the partition or logical drive to be converted
Click Start All Programs Accessories, right‐click Command Prompt, and then click Run as administrator. Type the password or provide confirmation if prompted
In the Command Prompt, type convert drive_letter: /fs:ntfs, where drive_letter is the letter of the drive to be converted to NTFS, and then press ENTER
Type the name of the volume you want to convert, and then press ENTER
Always Use NTFSNTFS file system provides better performance and security for data on hard disks and partitions than the FAT file system
Convert partitions that use the earlier FAT16 or FAT32 file system to NTFS by using the convertcommand
Note: Converting a partition from FAT to NTFS does not affect the data on it. You need to restart the computer for the NTFS conversion if the partition contains system files.
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
40
Module Flow
System Security
Threats to System Security
How DoesMalware Propagate?
Guidelines for Windows OS Security
Windows Encrypting File System (EFS)
Windows Security Tools
Guidelines for Securing Mac OS X
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
41
Windows Encrypting File System (EFS)
Windows Encrypting File System (EFS) allows Windows 7 system users to encrypt files and folders in an NTFS formatted disk drive
Right‐click the file to be encrypted select Properties on the General tab click the Advancedbutton. The Advanced attributes dialog box appears.
There are two options under Compress or Encrypt attributes, Compress contents to save disk space and Encrypt contents to secure data
Select Encrypt contents to secure data click OK to close the Compress or Encrypt Attributes dialog box click Apply
An Encryption Warning dialog box appears, check any of the two options: Encrypt the file and its parent folder and Encrypt the file only click OK
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
42
• Right‐click the file to be decrypted select Properties
• On the General tab, click the Advanced button. An Advanced Attributes dialog box appears
• There are two options under Compress or Encrypt Attributes, Compress contents to save disk space and Encrypt contents to secure data
• Uncheck Encrypt contents to secure data click OK to close the Compress/Encrypt Attributes dialog box apply the settings click OK
How to Decrypt a File Using EFS in Windows?
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
43
Using Windows DefenderWindows Defender is an antispyware software that offers real‐time protection against spyware and other potentially malicious programs infecting the computer
To turn Windows Defender ON or OFF openWindows Defender by clicking the Start button click All Programs clickWindows Defender or type Windows Defender in the search space
Click Tools click Options click Administrator select or clear the Use Windows Defender check box click Save
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
44
Enable BitLocker in Windows 71. BitLocker Drive Encryption provides better data protection by encrypting an entire Windows operating system
volume
2. The hard drive and any removable media on the computer can be encrypted
3. Encrypted removable media can be decrypted and re‐encrypted on any Windows 7 computer
4. Click Start click Computer Right click on any drive and select the option Turn on BitLocker…
Note: BitLocker is available only in the Enterprise and Ultimate editions of Windows Vista and Windows 7
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
45
Launching Event Viewer in Windows 7
Windows XP Windows 7
Event Viewer is a built‐in Windows utility that allows users to view and manage the event logs, gather information about hardware and software problems, and monitor Windows security events
To start Event Viewer in Windows 7 click Start Control Panel System and SecurityAdministrative Tools Event Viewer
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
46
1. Event Viewer categorizes events into five types: Error, Warning, Information, Audit Success, and Audit Failure
2. Each event log is differentiated by its level and contains header information and a description of the event
3. Each event header contains a detailed description of the level, date, time, source, event ID, and task category
Event Viewer: Events and How to Read Logson the System
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
47
A service is a long‐running executable that performs specific functions without requiring any user intervention
Services normally start during the system start up or booting
Some services load automatically, while others are called when a program is used
To view running services, click StartControl Panel Administrative Tools double‐click Services
Alternatively, select Start type services.msc in search bar press ENTER
Once the Services window is loaded, the user can turn off any unneeded services
Disabling Unnecessary Services in Windows 7
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
48
Killing Unwanted Processes
Killing a process
Press [Alt]+ [Ctrl] + [Del] keys simultaneously click Task Manager
In Task Manager go to Processes tab select the Process click End Process
Alternatively, right click on a selected target process select End Process
Killing a Process Tree
Run the Task Manager select the target process right‐click and select End Process Tree
Kill or terminate unnecessary and suspicious processes to increase system performance and protect system against malwares
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
49
Finding Open Ports Using Netstat ToolKnowing open ports, and services and applications associated with these ports helps in detecting the presence of malware such as virus, worms, Trojans, etc. in the system
Malware generally open ports to receive or send data packets from attackers
Netstat, a Windows inbuilt utility, can be used to determine open ports in the system and associated applications
Click Start All Programs Accessories, right‐click Command Prompt, and then click Run as administrator. Type the password or provide confirmation if prompted
Type netstat –b in the command prompt window to see the open ports and associated applications
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
50
Configuring Audit Policy
1. Click Start type secpol.msc in search bar, and press Enter
2. Click Local Policies select Audit Policy double‐click the Audit account logon events policycheck the Success and Failure boxes click Apply click OK
3. Similarly, change the security setting for all the policies listed in the right hand pane of Local Security Policy window
4. Close the Local Security Policywindow
Audit policies should be configured to identify attempted or successful attacks on system and network
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
51
How to Hide Files and Folders?Right‐click the file or folder to be hidden click Properties under Attributescheck Hidden click Apply click OK
On the Organizemenu from Windows Explorer click Folder and search options
On the View tab, Select the Do not show hidden files and folders option
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
52
Disable Simple File Sharing in Windows1. Go to Start Control Panel Folder
Options
2. From the Folder Options window select the View tab
3. Scroll to the bottom of the Advanced Settings pane
4. Uncheck the checkbox for Using sharing wizard (for Windows 7)click OK
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
53
Raise the UAC Slider Bar in Windows 7User Account Control (UAC) helps the user to make critical decisions while installing software
Click Start Control Panel Action Center Change User Account Control SettingsRaise/Adjust the UAC slider bar to Always notify
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
54
Module Flow
System Security
Threats to System Security
How DoesMalware Propagate?
Guidelines for Windows OS Security
Windows Encrypting File System (EFS)
Windows Security Tools
Guidelines for Securing Mac OS X
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
55
Windows Security Tools: Microsoft Security Essentials
http://www.microsoft.com
Microsoft Security Essentials provides real‐time protection for a home PC that guards against viruses, spyware, and other malicious software
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
56
KeePass is a password manager that manages passwords in a secure way and carries all passwords in one database, which is locked with one master key or a key‐disk
The databases are encryptedusing current known secure encryption algorithms (AES‐256 and Twofish)
Windows Security Tools: KeePass Password Safe Portable
http://portableapps.com
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
57
http://www.pctools.com
Windows Security Tools: Registry Mechanic1. Registry Mechanic offers tools to speed up and improve the stability of Windows7, Windows Vista, or
Windows XP PC2. Registry Mechanic safely cleans, repairs, and optimizes the registry and automatically backs up changes
for future recovery3. Permanently erases Internet activity, personal files, and free space to keep information away from
prying eyes
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
58
http://www.microsoft.com
Windows Security Tools: Windows DefenderWindows Defender helps protect a computer against pop‐ups, slow performance, and security threats caused by spyware and other unwanted software by detecting and removing known spyware from a computer
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
59
Module Flow
System Security
Threats to System Security
How DoesMalware Propagate?
Guidelines for Windows OS Security
Windows Encrypting File System (EFS)
Windows Security Tools
Guidelines for Securing Mac OS X
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
60
Step 1: Enabling and Locking Down the Login Window
Click Apple menu System Preferences AccountsLogin options Display Login Windows as Name and Password
Uncheck Automatically login as:
Check Hide the Sleep, Restart, and Shut Down buttons
Uncheck Enable fast usersswitching if not used
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
61
Step 2: Configuring Accounts Preferences
From the Apple menu choose System Preferences from the View menu choose Accounts select the username whose password you want to change
Click Reset Password (Mac OS X v10.3 and v10.4) or Change Password (Mac OS X v10.5 or later)
Enter a new password in both the Password and Verify fields click the Reset Password (Mac OS X v10.3 and v10.4) or the Change Password (Mac OS X v10.5 or later)
If a dialog box appears with the message Your Keychain password will be changed to your new account password, click OK
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
62
Never create accounts that are shared by several users
Each user should have his or her own standard or managed account
Individual accounts are necessary to maintain accountability
Administrators should only use their administratoraccounts for administration purposes
Step 3: Guidelines for Creating Accounts
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
63
Step 4: Securing the Guest Account
The guest account must be used for temporary access to the system
The guest account should be disabled by default as it does not require a password to login to the computer
If the guest account is enabled, Enable Parental Controls to limit what the user can do
If the user permits the guest account to access shared folders, an attacker can easily attempt to access shared folders without a password
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
64
Step 5: Controlling Local Accounts with Parental Controls
Network Traffic Analysis
Open System Preferences click Accounts
If the lock icon is locked click the lock icon and provide an Administrator name and Password
Select the user account to be managed with parental controlsselect the Enable Parental Controlscheckbox
Click Open Parental Controls click System, Content, Mail & iChat, Time Limits, and Logs
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
65
Step 6: Use Keychain SettingsKeychain stores passwords on the disk in an encrypted form and it is difficult for a non‐root user to sniff a password between applications
Go to Applications Utilities Keychain Access Edit Change settings for Keychain "login"
Check Lock after change minutes of inactivity to the desired number of minutes check Lockwhen sleeping click Save
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
66
Step 7: Use Apple Software UpdateMac OS X includes an automatic software update tool to patch the majority of Apple applications
Software Update often includes important security updates that should be applied to a user’s machine
To update software :
Open Software Update preferences click the Scheduled Check pane
Deselect Download updates automatically click Check Now
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
67
Step 8: Securing Date & Time Preferences
1. Open Date & Time preferences in the Date & Time pane, enter a secure and trusted NTP server in the Set date & time automatically field
2. Click the Time Zone button choose a Time Zone
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
68
Step 9: Securing Network Preferences
It is recommended to disable unused hardware devices listed in Network preferencesOpen Network preferences from the list of hardware devices, select the hardware device that connects one’s networkFrom the Configure pop‐up menu, choose ManuallyEnter the user’s static IP address, Subnet Mask, Router, DNS Server, and Search Domain configuration settingsClick Advanced in the Configure IPv6pop‐up menu, choose Off click OK
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
69
Step 10: Enable Screen Saver PasswordTo prevent unauthorized access to a system, enable a screen saver password
1. From the Applemenu select SystemPreferences click Security click the Lockicon to make changes
2. If prompted, type the admin userid and password
3. In the Security window click the Generaltab check Require password to wake this computer from sleep or screen saver (Leopard) or Require password immediately after sleep or screen saver begins (Snow Leopard)
4. In addition to the screen saver password, also secure the system by selecting:
Disable automatic login
Require password to unlock each System Preference.
Use secure virtual memory
Click the lock icon to prevent further changes
Close the Security window and restart your machine
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
70
Step 11: Set Up FileVault to Keep Home Folder Secure
Click System Preferences click Security click FileVaultclick Set Master Password
Create the master password for the computer but ensure this password is different from user account password
Verify the password click OK
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
71
Step 12: Firewall Security Mac OS X firewall blocks unwanted networkcommunication with the computer:1. Click System Preferences click Security click
Firewall
2. Click the Lock Icon to make changes
3. If prompted, type the admin userid and password
4. By default, the firewall allows all incomingconnections, change the option by clicking the second option (Allow only essential services) or third option (Set access for specific services and applications)
5. Choose which application(s) you want the firewall to allow and which to block
6. Click the lock icon to prevent further changes and close the Security window
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
72
Internet Fraud Complaint Center (IC3)http://www.ic3.gov
TECS: The Encyclopedia of Computer Security http://www.itsecurity.com
Virus Bulletin http://www.virusbtn.com
Common Vulnerabilitiesand Exposureshttp://www.cve.mitre.org
Windows Security Guide http://www.winguides.com
Stay Safe Onlinehttp://www.staysafeonline.org
CYBERCRIMEhttp://www.cybercrime.gov
Macintosh Security Sitehttp://www.securemac.com
Resources on the Internet for Computer Security
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
73
Module Summary
Attackers discover new vulnerabilities and bugs to exploit in computer software
Software vendors usually develop patches to address the problems
Encryption is the process of converting data into a secret code
Regularly update the operating system and other applications
Windows System Restore is used to return one’s computer to an earlier state in case of a system failure or other major problem with the system
Microsoft Security Essentials provides real‐time protection for the PC that guards against viruses, spyware, and other malicious software
Windows Defender helps to protect the system against pop‐ups, slow performance, and security threats
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
74
Operating Systems Security Checklist
Install antivirus software and scan the system regularly
Do not open any email from unknown senders
Perform an antivirus scan while downloading
Regularly update the operating system and other applications
Lock the system when not in use
Physically secure the system from unauthorized access
Enable firewall protection and configure all the computer settings for high security
Use strong passwords, at least eight characters long, containing both letters and numbers
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
75
Operating Systems Security Checklist
Delete the Internet history files, logs, and personal files
Make backups of important data and store them safely
Disable or limit the number of unnecessary accounts
Configure antivirus to check all mediums (CD‐ROMs, email, websites, downloaded files, etc.,) for viruses
Use encryption to enhance privacy
Keep up‐to‐date with hotfixes and service packs
Disable AutoRun for the DVD/CD‐ROM
Secure the wireless network
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
76
Use Windows Defender to help prevent spyware and other potentially unwanted software from being installed on the computer automatically
User Account Control asks for permission before installing software or opening certain kinds of programs that could potentially harm your computer or make it vulnerable to security threats
Back up your files and settings regularly so that if you get a virus or have any kind of hardware failure, you can recover your files
Set Windows Update to download and install the latest updates for the computer automatically
Windows Firewall can help prevent hackers and malicious software, such as viruses, from gaining access to your computer through the Internet
Use Action Center to make sure the firewall is ON, antivirus software is up to date, and the computer is set to install updates automatically
Windows 7 Security Checklist
Copyright © by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
77
MAC OS Security Checklist
Securely erase the Mac OS X partition before installation
Set parental controls for managed accounts and Use Password Assistant to generate complex passwords
Securely configure Accounts preferences and Date & Time preferences
Install Mac OS X using Mac OS Extended disk formatting
Create an administrator account and a standard account for each administrator
Create keychains for specialized purposes
Securely configure Security preferences