1 / 25

CN1176 Computer Support

CN1176 Computer Support. Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS , MCDST, MCP, A+. Agenda. Chapter 10: Securing Windows 7 Exercise / Lab Quiz. Configuring Password Policies. Used to enforce good password security practices Local Security Policy on individual computers

aurek
Download Presentation

CN1176 Computer Support

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. CN1176Computer Support Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+

  2. Agenda • Chapter 10: Securing Windows 7 • Exercise / Lab • Quiz

  3. Configuring Password Policies • Used to enforce good password security practices • Local Security Policy on individual computers • Group Policy on an AD DS

  4. Password Policy • Enforce password history • How many old password remember • Maximum / Minimum password age • Minimum password length • Password must meet complexity requirements • Store passwords using reversible encryption

  5. Account Lockout Policies • Account Lockout duration • How long will it lockout • Account Lockout threshold • How many attempt before it locked out • Reset account lockout counter after • The period of time that counter will reset to 0

  6. Using Credential Manager • Under control panel • Credentials can be added directly • Windows Vault • Stores usernames and passwords for servers and Web sites

  7. Smart Cards • High security alternative to passwords • Group Policy controls how authentication with Smart Cards is enforced • Comp Conf.\Policies\Wins Settings\Sec Settings\Local Policies\Security Options • Interactive Logon: Require Smart Card • To allow ONLY smart card user authentications • Interactive Logon: Smart Card Removal Behavior • If card is removed while logon • No action • Lock Workstation • Force Logoff • Disconnect if a Remote Desktop Services session

  8. Managing Certificates • Used for a variety of authentication tasks, internally, on the local network, and on the Internet • Users can manage their certificate stores directly using Certificates snap-in

  9. Certificates Snap-In • Certmgr.msc

  10. Using Biometrics • Scans a physical characteristic of a user to confirm identity • Windows Biometric Framework provides core biometric functionality and a Biometric Device control panel

  11. Elevating Privileges • Use Run As Administrator context menu option • Use command linerunas.execommand: runas /user:example\administrator “notepad.exe\script.vbs”

  12. Troubleshooting Authentication Issues • Password loss • Users can change their own password if they know their old password • Administrator can reset password without supplying old password • Password reset Disk is better option

  13. Authorizing Users • Authorization grants the user access to certain resources: • Using permissions • To allow user to access the folder, read the file, etc. • Configuring user rights • To allow user to logon, shutdown, etc.

  14. Defending Against Malware • Malware • Malicious software created specifically for the purpose of infiltrating or damaging a computer system without the user’s knowledge or consent • Viruses • Trojan horses • Worms • Spyware • Adware

  15. Introducing Windows 7 Action Center

  16. Understanding Firewalls • Base their filtering on TCP/IP characteristics: • IP address - Specific computers • Protocol numbers - Transport layer protocol • Port number - Application running on computer • Rules are used to filter traffic two ways: • Admit all traffic, except that which applies to the rules • Block all traffic, except that which applies to the rules

  17. The Windows Firewall Window

  18. Using the Windows Firewall Control Panel

  19. Using the Windows Firewall with Advanced Security Console

  20. Using the Windows Firewall with Advanced Security Console • Default profile settings can be modified • Inbound and outbound rules can be created

  21. Introducing Windows Defender • To defend against spyware by real-time monitoring and scanning the places where it most commonly infiltrates a computer • When malware detected, it alerts and prompts • Ignore • Quarantine • Remove the program • Add it to an Always Allow list • Not a full-featured antivirus program

  22. Malicious Software Removal Tool • A single user virus scanner supplied with monthly updates • Removes any potentially damaging software it finds • There are no controls and is not permanently installed

  23. Using the Encrypting File System (EFS) • EFS is a feature of NTFS that encodes the files on a computer • Uses public and private keys (PKI) • The user who creates the file is the only person who can read it • Only available on Professional, Enterprise and Ultimate editions • Compressed files cannot be encrypted

  24. Configuring Parental Controls • Enables parents to limit their children’s access to specific Internet sites, games, and applications • Based on user accounts • Impose restrictions on accounts • Filter Web sites users are allowed to access • Limit downloads from Internet sites • Enforce time limits for computer use • Restrict access to games by rating, content, or title • Allow or block specific applications

  25. Assignment • Matching • Multiple Choice • Case Scenario 10-1

More Related