Networking Security

Chapter 8

powered by dj

Chapter Objectives

Explain various security threats

Monitor security in Windows Vista

Explain basic Firewall

Use Windows Firewall with Advanced Security

Keep your system secure with Windows update

Block virus using Antivirus

Stop spyware with Windows Defender

powered by dj

Recall

The Internet Protocol (IP) is method or protocol, using which the data transferred from one computer to the other on the Internet

Transmission control protocol (TCP) is a connection oriented protocol that provides reliable transport service between both the end systems

The TCP/IP services are Dynamic Host Configuration Protocol (DHCP), Domain Name Service ,Automatic Private IP Addressing (APIPA), Windows Internet Name Service (WINS)

Wireless network uses radio signals frequency to communicate among computers and other network devices

powered by dj

Identifying Security Threats

A security threat can either be residing in the user’s system or enter the system from an outside source

Types of

SecurityThreats

Virus Worms Spyware

powered by dj

Question for group discussion – What is Spyware? (2 min)

powered by dj

User Account Control (UAC) I

Helps in preventing unauthorized changes to take place

Allows the user to perform common tasks as a standard user without requiring the user to switch users

Windows Vista creates tokens that depend upon the user type

Types of user

Standard Administrator

powered by dj

User Account Control (UAC) II UAC prompts identified by the type of application that triggered the prompt

These applications can be classified as: System applications

Applications blocked by Group Policy or from a blocked publisher

Applications not trusted by local computer

Applications authenticated and trusted by local computer

powered by dj

Practical Activity: Demonstrate a procedure to enable UAC. (5 min)

powered by dj

Monitoring Security in Windows Vista

Windows Vista continuously monitors the security status of the system with an application called Windows Security Center

Central point of administration of the various security components that are present in the system

Represented by a shield icon in the notification area on the taskbar

powered by dj

Introducing Windows Security Center

Application that monitors the security status of the system by checking the status of Firewall, Windows Update, Windows Defender, Malware and other security components

Supports third-party security components

The main components are:

Firewall

Automatic updating

Malware protection

Other security settingspowered by dj

Question for group discussion – What is Worm? (2 min)

powered by dj

Basic Firewall

Firewall is software or hardware that checks information that comes from the Internet or a network, depending on your firewall settings, either it blocks the information or allows it to pass through your computer

In Windows Vista it supports incoming as well as outgoing traffic

Windows Vista uses two firewalls:

Windows Firewall

Windows Firewall with Advanced Securitypowered by dj

Managing Windows Firewall

Works by regulating the network traffic on a set of rules

If a rule does not exist for the incoming or outgoing traffic, the firewall drops the traffic

Tools for managing the firewall:

Windows Firewall

Windows Firewall with Advanced Security

Group Policy Object Editor

Netsh Utility powered by dj

Question for group discussion – What is Firewall? (2 min)

powered by dj

Identifying Profiles and Network Location Awareness

Three types of profiles based on the network location types assigned by NLA:

Private – When computer is connected to Home or Work network

Public – When the network of computer is connected to a public location like University, Airport

Domain – When computer is connected to an Active Directory domain

powered by dj

Practical Activity: Demonstrate a procedure to configure a firewall. Ask the students to perform the procedure to disable Windows Firewall for a particular connection.(20 min)

powered by dj

Verifying and Modifying the Firewall State

Windows Firewall is enabled by default

State of Windows Firewall can be verified from Windows Security Center

By choosing the turn off option of Windows Firewall it will disable the firewall completely

If you have multiple network interface cards, you can select all of them, unless you have some specific reason for leaving one unprotected

powered by dj

Configuring Exceptions

Exception is an instruction used by windows firewall to open a port briefly, allow a program or service to pass a specific piece of information through and then close the port

Prevents the programs under the exception list from being blocked by the firewall

powered by dj

Practical Activity: Demonstrate a procedure to add a new program and set its exception. Ask the students to perform a procedure to set exception for an incoming connection by opening a port. (20 min)

powered by dj

Windows Firewall with Advanced Security Provides advance options for setting the rules and exceptions for

incoming as well as outgoing traffic

Window Firewall Window Firewall with Advanced Security

Used to configure only inbound exception

Used to configure inbound and outbound exceptions

Used to apply the firewall configuration for the active profile

Configuration can be applied to all network profiles in the computer using Windows Firewall with Advanced Security

powered by dj

Practical Activity: Demonstrate a procedure to configure basic Windows Firewall settings for a Private profile. (10 min)

powered by dj

Setting Inbound and Outbound Rules

Allows to configure inbound and outbound rules for the network

Inbound rules are a set of rules for allowing or blocking all the incoming traffic to the computer

Outbound rules are a set of rules for allowing or blocking all the outgoing traffic from the computer

powered by dj

Practical Activity: Demonstrate a procedure to configure an inbound rule by using Windows Firewall with Advanced Security.(20 min)

powered by dj

Keeping Your System Secure with Windows Update Windows Update is a service that is used to obtain

product updates, latest security features, driver updates, patches to fix any vulnerability in the system, from the internet

Microsoft Windows releases updates periodically

powered by dj

Configuring Windows Update and Windows Update Settings Configured to suit the user’s needs with the help

of various options

User manage the products to be installed on the system

If the user does not wish to get any updates, the update feature can be turned off

powered by dj

Using Update Manually

User can manually check for updates to install them, only when :

Windows Update feature is disabled

User does not want Windows Update to automatically download and install the updates

If updates are available:

User can select the appropriate updates

Choose to install them

powered by dj

Removing an Update

Most of the updates can be removed from the system

Some updates related to security can not be removed

User needs to check whether a particular update can be removed or not

powered by dj

Updating More than One Computer

Update by setting Windows Update feature to update automatically

Computers with different versions of Windows operating system consumes a lot of work and time

For large networks, the Windows Server Update Services (WSUS) can be used

powered by dj

Hiding Updates and Restoring Hidden Updates

When the Windows Update feature is enabled, Windows check for updates regularly

Whenever an update is available, the Security Center icon at the notification area displays

Hidden updates can be restored later if you want to install them

powered by dj

Practical Activity: Demonstrate the procedure to configure Windows Update Settings and check for Windows Vista updates manually. Demonstrate the procedure to check for updates that can be uninstalled and the procedure to restore hidden updates. (25min)

powered by dj

Blocking Virus using Antivirus

Virus is dependent on host files while a worm is not

Viruses, worms and other malicious programs in the system can be blocked using an antivirus program

powered by dj

Question for group discussion – What is Virus? (2 min)

powered by dj

Using an Antivirus Program Protect the system from virus activities

When installed, runs in the background and reads each and every file from the disk

Configured to perform a routine scan

Updated periodically to keep the system secure from new threats

Provided by Some Internet Service Provider (ISP) or computer manufacturer

powered by dj

Group Activity: Ask the students to standup and sit down.

powered by dj

Scanning for Viruses without an Antivirus Program Upgraded versions of a utility called Malicious

Software Removal Tool (MSRT) released periodically

MSRT utility scans the system for infections and to clean up the system

After clean up is done, this utility removes itself from the user’s system

Saves a record of the activities performed and the details of infections found on the system

powered by dj

Stopping Spyware with Windows Defender Spyware is a type of software that is installed on your

computer to watch and record your activity

Installed through free software, such as file sharing, screen savers, or search toolbars

Windows Defender enables to block and remove the spyware

Windows Defender offers three ways to keep spyware away from infecting your computer: Real-time protection

SpyNet community

Scanning options

powered by dj

Configuring and Scheduling Scans for Spywares Windows Defender can be configured and

scheduled to suit the needs of the user

Using Windows Defender, the user can choose to scan the system for spywares automatically or manually

powered by dj

Practical Activity: Demonstrate the procedure to scan for Spywares automatically. Demonstrate the procedure to configure a custom scan. (10 min)

powered by dj

Using Real Time Protection

Keep watch on the system looking out for spyware programs that may try to access, run and install on the system

Windows Defender Warning prompt shows the suspected spywares

powered by dj

Responding to Windows Defender Alerts

Scan Results window shows the name, alert level, action and status of the program

Option display by action list:

Remove

Quarantine

Ignore

Always allow

If the software is already running and trying to change some windows settings, the two actions to be performed :

Permit

Deny

powered by dj

Introducing Windows Defender Definitions

Files that act like an encyclopedia of known spyware and other potentially unwanted software

Windows Defender works with Windows Update settings to automatically install the latest definition

Enables to automatically check for new definition before schedule scans and check for new definitions manually

powered by dj

Blocking Offending Programs The suspected programs can be blocked by selecting Remove or

Remove all option

Option appears in Category list :

Startup program

Currently running programs

Network-connected programs

Winsock service providers

powered by dj

Disabling Windows Defender

Windows Defender can be turned off, if you do not want to use Windows Defender for scanning the systems for spywares

Windows Defender can be turned on again by selecting the Use Windows Defender check box from the Options screen

powered by dj

Practical Activity: Demonstrate the procedure to automatically check for new definition before schedule scans and a procedure to check for new definitions manually. Demonstrate the procedure to access Software Explorer. Demonstrate the procedure to disable Windows Defender. (15 min)

powered by dj

Summary I

Security threats can be classified into the following three types: viruses, worms and spywares

Windows Vista creates tokens at logon to identify the level of access to be provided to the user. A standard user is provided the standard token while an administrator is provided standard as well as administrator token

User Account Control feature notifies the user whenever a system wide setting is going to take place

Windows Security Center is the central location for administrating the various security components present in the system

powered by dj

Summary II

The firewall in Windows Vista consists of two firewalls: Windows Firewall and Windows Firewall with Advanced Security

Network Location Awareness method is used by Windows Vista to categorize the network locations, based on which the following three profiles are created: Public, Private and Domain

Exceptions are set on a specific program or port address, to allow it from being blocked by the firewall

Inbound and outbound rules allow or block the incoming and outgoing connections respectively

powered by dj

Summary III Connection Security Rules are the rules followed by Windows Vista

computers for authentication before connecting to other computers on the network

The configuration of Windows Firewall with Advanced Security can be imported or exported in the form of policies

Windows Update provides various security updates to be installed from the Microsoft website

Windows Vista supports the use of third-party antivirus software that can be used to block viruses and worms in the system

Windows Defender is used to protect the system from spywares and other similar programs

powered by dj