Computer Security

© 2007 The McGraw-Hill Companies, Inc. All rights reserved

Computer SecurityChapter 23


Overview

• In this chapter, you will learn to

– Explain the threats to your computers and data

– Describe how to control the local computing environment

– Explain how to protect computers from network threats


Analyzing the Threat

Historical/Conceptual


Threats

• Unauthorized access– Any user accesses resources

in an unauthorized way– Not locked down

• Data destruction– Intentional or accidental data loss– Unauthorized data modification

• Administrative access– XP Home almost requires granting multiple users

administrator access– Use Windows 2000 or XP Pro to control access


Threats

• System crash/hardware failures– Hard drives crash, power fails– Redundant systems provide protection

• Viruses/spyware– Travel quickly in a network– Come from the Internet, floppy disks, optical discs,

and USB drives• Goal is to prevent infection

InternetInternet


CompTIA A+Essentials

Essentials

Getting the Right Sound CardLocal Control


Local Control

• Identify what to back up

• Eliminate sensitive data from discarded media

• “First, Do No Harm””– Part of physician’s oath

• “First, Secure the Data”– Tech version of the oath

Top Secret


What to Back Up

• Essential data– Use the Backup tool– Documents and Settings folder for all users– E-mail and address books– Other data


What to Back Up

• Servers– Some servers have critical data (Active Directory)– Back up System State to include

• Most of Registry, security settings, and more


Off-Site Storage

• Backups should be stored someplace other than your place of business– Could be tape, CD, portable drive

• Off-site storage– Copy of backup stored in another

geographical location– Protects against major disaster

such as fire, flood, etc. Backups


Migration

• When a computer is replaced– Move user’s data and settings to new computer– Use a tool such as File and Settings Transfer (FAST)

Wizard– Don’t connect new computer to network until

security has been implemented

`

Old computer New computer


Migration

• Eliminate data remnants– Just formatting or repartitioning isn’t enough– Use a tool such as Windows Washer– Can eliminate specific data or the entire drive


Recycle

• Don’t just throw computers in trash

– Keeps toxic chemicals out of landfills

– Recycling centers will take them

– Donate • Schools and other organizations will gladly take

used computers


CompTIA A+Technician

IT Technician

Getting the Right Sound CardSocial Engineering


Social Engineering

• Using or manipulating people in the network to gain access to the network

• Infiltration– Physically sneaking into building– Talking to people gathering pieces of information

• Telephone scams– Simply asking for information– Impersonating someone else


Social Engineering

• Dumpster diving

– Searching through trash looking for information

– Individual pieces of data can be put together as a puzzle

• Physical theft

– Servers need to be kept behind locked doors

– The best network security is beaten easily if physical security is ignored


Access Control

• Physical security– Lock the door– Don’t leave PC unattended when logged on

• Authentication– Software authentication using proper passwords– Hardware authentication using smart cards

and biometrics


Access Control

• Use NTFS, not FAT32– FAT32 provides very limited security– Use NTFS whenever possible

• To convert FAT32 drive to NTFS– Convert D:\ /FS:NTFS

• Users and groups– Can add users to groups– Users now have permissions

of group


Network Security

• User account control through groups– Can grant permission to group– Groups represented by icon


Network Security

• Adding users to a group– Done in Computer Management


Network Security

• Effective permissions (combined)– Rita is in Sales Group and Managers group– Sales granted List Folder Contents permission– Managers granted Read & Execute permission– Rita has Read & Execute AND List Folder Contents

permissions (combination of both)

Sales group Managers group

ListFolderContents

Read &Execute


Network Security

• Default groups

– Everyone, Guests, Users

– Can become backdoors to the network

– Windows 2000 gives full control to the Everyone group by default


Security Policies

• Local Security Settings– Set via Local Security Policy in Administrator Tools– Can set Local Computer Group Policy Object Editor– Applies only to this computer


Security Policies

• Local Group Policy—applies locally only


Security Policies

• Examples of what can be done with Group Policy in a domain– Prevent Registry Edits– Prevent Access to the Command Prompt– Log on Locally– Shut Down System– Minimum Password

Length– Account Lockout

Threshold– Disable Windows

Installer– Much more


Malicious Software

• Together known as malware

– Viruses

– Trojans

– Worms

– Spyware

– Adware

– Grayware

You’ve got Virus!

Hey, new mail coming your way!


Malware

• Viruses– Designed to attach themselves to a program – When program is used, the virus goes into action– Can wipe out data, send spam e-mails, and more

• Trojans– Designed to look like one program (such as a game

or utility)– Does something else too, such as erase CMOS


Malware

• Worms– Similar to a Trojan but on a network– Travels from machine to machine through network – Commonly infects systems because of security flaws

• Best protection against Worms– Run antivirus software– Keep security patches

up to date– Use tools such as

Windows Update or Automatic Update to get critical updates


Antivirus Programs

• Antivirus programs– Can be set to scan entire computer actively

for viruses

– Can be set as virus shield to monitor activity such as downloading files, receiving e-mail, etc.

– Viruses have digitalsignatures

– Antivirus programs havelibrary of signatures

– Update signatures regularly


Virus Techniques

• Polymorphics/Polymorphs– Viruses attempt to change or morph to prevent

detection– Code used to morph (scrambling code) often used

as signature

• Stealth– Virus attempts to hide and appear invisible– Most are in boot sector– Some use little-known software interrupt– Others make copies of innocent-looking files


Virus Prevention Tips

• Scan all incoming programs and data

• Scan the PC daily

• Update signatures regularly

• Keep bootable CD-R with copy of antivirus program

• Be careful with e-mail– Consider disabling preview window– Only open attachments from known sources


Malware

• Spam– Unsolicited commercial e-mail (UCE)– To avoid, don’t give out your e-mail address

• Pop-ups– Many modify the browser so hard to close

• Some open up other pop-ups when one pop-up is closed– To close

• Right-click the browser on the taskbar and select Close• While the pop-up is displayed, press Alt-F4


Spyware

• Family of programs that run in the background– Can send information on your browsing habits – Can run distributed computing apps, capture

keystrokes to steal passwords, reconfigure dial-up, and more

• Preventing installation– Beware of free programs

such as Gator, Kazaa, others– Adobe’s Shockwave and

Flash reputable, but many others are not


Spyware

• Aggressive tactics– Try to scare you into

installing their program

• Removing Spyware– Windows Defender– Lavasoft’s Ad-Aware– PepiMK’s Spybot

Search & Destroy


Grayware

• Not destructive in themselves– Leach bandwidth in networks

– Some people consider them beneficial

– Used to sharefiles (e.g., BitTorrent)

– Can push networkover the edge


Firewalls

• Used to block malicious programs from the Internet

– Can be software, hardware, or both

– Windows XP has built-in firewall

InternetInternet


Encryption

• Makes data packets unreadable

– Changes plaintext into cipher text

– Encryption occurs at many levels

– Multiple encryption standards and options

Our lowest sell price is$150,000

Encryptionalgorithm

*2jkpS^aou23@`_4Laujpf

Decryptionalgorithm

Our lowest sell price is$150,000


Network Authentication

• Authentication– Proving who you are– Done by providing credentials

• i.e., user name and password– Credentials rarely passed in plaintext

• Common remote access protocols– PAP: Password Authentication Protocol (clear text)

• Rarely used– CHAP: Challenge Handshake Authentication

Protocol • Most popular

– MS-CHAP: Microsoft CHAP• Popular with Microsoft applications


Encryption

• Dial-up encryption

– Set on the server

• Data encryption

– Multiple protocols possible

– Microsoft method of choiceis IPSec (IP Security)


Application Encryption

• Many applications can use other protocols to encrypt data– On the Web, HTTPS commonly used– Use digital certificates– Certificates issued by trusted

authorities• Trusted authorities added to

Web browsers– Invalid certificates can

be cleared from cache


Wireless Issues

• Set up wireless encryption– WEP,WPA, or preferably WPA2

• Have clients use static address – If you must use DHCP, limit available addresses

• Change default SSID– And disable SSID broadcast

• Filter by MAC addresses• Change default user name and

passwords• Turn on WAP firewall


Reporting

• Event Viewer– Application – Security– System


Event Viewer

• Can view errors that a user saw and forgot

• Can get help with errors by clicking the Microsoft link


Reporting

• Auditing– Event auditing—logs events– Object access auditing—logs resource access– Someone else will set up—but you need to be

aware of the policies

• Incidence reporting– When events occur, you need to report them– Supervisors and/or managers may have more

information– Reporting one seemingly innocuous event may help

the supervisor solve a bigger problem


Beyond A+

• Security in Windows Vista– User Account Control

• Helps prevent malware from running with administrator privileges

– Security Center• First appeared in Windows XP SP2• Enhanced in Windows Vista

– Parental Controls• Allows parents (or supervisors) to monitor and/or restrict

access• Can restrict Web sites and downloads, login times, games,

and more

Computer Security

Documents

Transcript of Computer Security