Managing Local Security in Windows

Managing Local Security in Windows

Threats to Computers and UsersDefense Against Threats

Windows Local Security AccountsApplying Security to Files and Folders, Common Windows Security Problems

Chapter

7

Threats to Computers and Users Accidental, Deliberate, Natural and Unnatural Disasters

Fires; Earthquakes; Floods ? Dropped Theft and damage Protect against disasters with frequent backups

Backup critical data files Image backups Multiple backup sets Why?

Chapter

7

Threats to Computers and Users Computer Hardware Theft

Secure computers physically Laptops more vulnerable Unsophisticated thieves steal for the value of hardware. Sophisticated thieves will search hard drive for data.

Identify Theft Personal information is stolen and used to commit fraud Obtaining a social security # and other key personal information

may be enough to steal someone's identity Fraud a form of identity theft

The use of deceit & trickery to obtain money or valuables

Chapter

7

Threats to Computers and Users

Accidental, Deliberate, Natural and Unnatural Disasters Continued) Other Deliberate Attacks Spyware

Bluesnarfing Password Crackers Spam Trojan Horse Pop-Up Download War Driving Phishing

Keystroke Logger Viruses, Worms, Adware Home Page Hijack PC Hijacking Back Doors

Chapter

7

Define

Spyware whether malicious or not, “Spyware” is software secretly placed on a computer that records and reports user activity.

Phishing is attempt to lure a user into surrendering their personal information, by pretending to be an official request from a legitimate business. (PayPal, eBay, Citibank, IRS Tax refund)

Chapter

7

Attackers Online attackers or organized crime – monetary gain

Credit card trafficking Identity theft Financial account access Hire out

Marketing organizations Online surfing and purchasing habits Trend related activities to mount marketing campaigns

Trusted Insiders sell information leverage to gain advantage Black mail

Chapter

7

Attack Form

Application add-ons: Often bundled with software

Web site installs: Malicious Web sites often disguise spyware as a helpful utility and prompt users to install the spyware when browsing the site.

E-mail attachments or links: especially HTML graphics images, misrepresented links

Software Install Prompt Pop-up Windows:

Chapter

7

Spyware Types

Adware – demos, free trials, EULA deception Keyloggers – record key press Trojans - attached to a useful program Scumware – altered link rerouting (email) Dialers – hidden time pay phone calls (Porn) Browser & search engine Hijackers

Chapter

7

Spyware Visual Examples

Spyware has been known to masquerade as a prize-notification pop-up

window.

Masquerading as anti-spyware - This is one of the cruelest tricks in the book. This type of software convinces you that it's a tool to detect and remove spyware.

Spyware Visual Examples continued:

Peer-to-peer file-sharing clients. While it officially claims otherwise, Kazaa hasbeen known to include Spyware in its download

package.

Bonzi Buddy is an "add-on" application that includes spyware in its package. Browser add-ons – are particularly nasty add-ons are considered browser hijackers -- these embed themselves deeply in your machine and take quite a bit of work to get rid of.

Indicators Unexplainable, reduction in computer

performance. “unauthorized device hijacking” Toolbars appear that can't be deleted

permanently. Heavy increase in pop-up ads. “internet

pollution” Search engine or browser home page has

changed, “Hijacked”. Excessive or unexplained network or modem

traffic. “bandwidth stealing”

Chapter

7

Spyware Statistics Spyware dishing websites, at the end of Q1 of 2006,

the number was 427,000, while at the end of Q2 2006, the number reached an astonishing 527,136.

Infection rates Q2 of 2006: Home user – 89% Small & Medium size Businesses – 50% Enterprise Businesses – 21%

Business Effects Reported: Performance slow down – 65% Productivity Loss – 58% Loss in sales – 20%

The Spyware King: China 42%, United States 17%

Chapter

7

Emotions Emotional effects on home user and IT personnel Direct Revenue an advertising company (spyware)

tracked the most frequently used aggressive words found in customer complaints for June of 2005. The top three are, ’”die” (103 times), “f-----“(44), and “kill” (15) (Elgin & Grow, 2006).

No where to turn, no recourse! Controversial Course teaches Spyware Code writing

Chapter

7

Legislation

Federal - Computer Fraud and Abuse Act Federal Trade Commission Act Electronic Communications Privacy Act About 12 states have specific Spyware laws Shawn Collins, Chicago attorney - charges spyware as a

pollutant to the internet and a trespass-to-personal-property as an argument. (6 cases: 3 and 1 so far)

Spy vs. Spy (Direct Revenue and Avenue Media) Fail to Report Incidents why?

FTC must (reasonably protected) Reputation

Chapter

7

Prevention and Detection

Use a firewall to restrict outbound traffic on all ports except those used for HTTP, POP3, and SMTP.

Use multi-layered Anti-spyware approach Make it a habit to run scans of antivirus and anti-

spyware programs bi-weekly or even daily. Read EULA very carefully – target phrases

EULAlyzer program – automatic EULA reader Close unwanted pop-up install prompts using Alt-F4

instead of “X” icon on the title bar, a “No”, “Close”, or “Cancel” button.

Avoid using peer-to-peer, file sharing networks


Limit Web surfing to known-safe sites by using a proxy server or restricted sites list.

Web links within pop-ups or in emails can be masked to look legitimate. Type in URLs don’t click email links Use Pop-up blockers

Avoid downloading helpful site plug-ins. Avoid downloading freeware, shareware, limited

demo software, and free trail offers. Use only commercial and known-safe utilities. Don’t surf the web while logged in as Administrator Regularly apply software patches and updates.


Consider alternative browsers, Firefox, Opera. Turn off PC or modem Backup your data regularly. Adjust cookie permissions: Uninstall applications you don’t use. When possible, configure user accounts without

download or install permissions. Use Spam blockers Check out programs before you download or

install

Removal Install multiple detection and removal programs. Identify and disable malicious processes with Windows

Task Manager. Run “msconfig” disable malicious services and startup

programs with the System Configuration Utility. Run an anti-virus program and keep it updated Reacting to a Suspected Virus Attack

Scan all drives and memory with a locally installed anti-virus

Use a free antivirus scanner, such as Housecall, at housecall.trendmicro.com

Search and delete registry entries associated that malicious code. Warning, educate yourself first!

Chapter

7

Top Ten Rogue Anti-Spyware Applications

10. Spyware Bomber brought to us by the same folks behind Enternet Media, the spyware company shut down recently by the FTC

9. SlimShield tied with Winhound Spyware Remover for hijacking and stealth installation

8. WinAntiVirus and its companion WinAntiSpyware 2005 for hijacking, aggressive advertising and inappropriate collection of personally identifying information

7. SpywareNo and its clone SpyDemolisher for stealth installation and deceptive aggressive advertising

6. Razespyware for stealth installs, desktop hijacks and aggressive advertising

5. Spy Trooper for stealth installs, desktop hijacks and aggressive advertising

4. WorldAntiSpy for stealth installs, desktop hijacks and aggressive advertising

3. PSGuard for stealth installs, desktop hijacks and aggressive advertising

2. SpySheriff for stealth installs, desktop hijacks and aggressive advertising

1. SpyAxe for desktop hijacks, stealth installs and deceptive, aggressive advertising

Chapter

7

Top Ten Anti-Spyware Applications

1. Lavasoft Ad-aware - Free2. ZoneAlarm Anti-Spyware3. Tenebril SpyCatcher4. Webroot Spy Sweeper 5. PC Tools Spyware Doctor6. McAfee AntiSpyware 7. Spybot Search & Destroy - Free8. Microsoft Defender – Free for until Dec.9. Trend Micro Anti-Spyware10. CA eTrust PestPatrol - Free

Chapter

7

Defense Against Threats

Authentication and Authorization Authentication

Verification of who you are, your identity (user name) One-layer authentication

Something you know (password) Two-layer authentication

Something you know plus something you have (a token, like a bankcard)

Three-layer authentication Above plus biometric data (retinal scan, voice print, etc.)

Chapter

7


Authentication and Authorization (continued) Authorization

Determines the level of access to a computer or a resource.

Includes both authentication, plus verification of access level

Permission describes an action that can be performed on an object

Chapter

7


Authentication and Authorization (continued) Password

A string of characters entered for authentication Don’t take passwords for granted Don’t use the same password everywhere Basic defense against invasion of privacy Use long and complex password Do not use common words

Chapter

7


Best Practices with User Names and Passwords Don't Give Away Your User Name and Password Create Strong Passwords Never Reuse Passwords Avoid Creating Unnecessary Online Accounts Don’t Provide More Information Than Necessary Always Use Strong Passwords for Certain Types

of Accounts

Chapter

7


Security Accounts An account that can be assigned permission

to take action on an object or the right to take action on an entire system.

User Accounts Individual account Includes user name and password Full name, description, and other information Exist in all Windows security accounts databases

Chapter

7


Security Accounts (continued) Group Accounts

Contain one or more user and group accounts Exist in all Windows Security accounts databases

Computer Accounts Computers may have accounts Exist in Microsoft domain security accounts

databases

Chapter

7

Defense Against Threats Encryption

Transformation of data into a code that can only be decrypted with a secret key or password

Secret key is a special code used to decrypt Encrypt a local or network-based file Encrypt data before sending over a network (PGP) Only someone with the password or key can decrypt

data Secret key may be held in a digital certificate Encrypt sensitive data stored on a laptop or in a setting

where data theft is a concern NTFS5 supports file and folder encryption

Chapter

7


Firewalls Firewall technologies

IP packet filter Proxy service Encrypted authentication Virtual private network (VPN)

Chapter

7


Firewalls (continued) Working behind a Firewall in a Large Organization

Firewall configured based on the computers it is protecting. Working Behind a Firewall at Home or on a Small LAN

Hardware for home and small business called "broadband routers“

Personal software firewall utilitiesStep-by-Step 7.01

Configure the Windows FirewallPage 324

Chapter

7


More help from Windows XP Service Pack 2 Windows Security Center monitors

Firewall Automatic Updates Virus Protections

A Manage Add-ons button in Internet Options A pop-up dialog will warn of add-on installation

attempt Protection from opening suspect files

Chapter

7


Privacy Protection Internet Options privacy settings

Control handling of cookies Settings from block-all-cookies to allow-all-cookies Balance between convenience and risk

Chapter

7

Defense Against Threats Protection from Inappropriate or Distasteful Content

Web content filter Add-on or feature of a web browser Block or allow certain sites Service on Internet give ratings to web sites Configure filter to allow or disallow unrated sites Content Advisor in Internet Explorer

Step-by-Step 7.02Check Out the Content Advisor

in Internet Explorer9

Chapter

7

Windows Local Security Accounts

Administering Local Windows Accounts (continued) User Administration in Windows XP Pro (continued)

Password Reset Disk Created by/for currently logged on user Use when password is forgotten Will not lose access to items such as encrypted files If Administrator resets—password access to encrypted

files is lost Gives user power to fix own passwords More complicated to do in a domain

Step-by-Step 7.05Creating User Accounts and a Password Reset Disk in Windows XP

Page 347

Chapter

7

Managing Local Security in Windows

Documents

Transcript of Managing Local Security in Windows