250 likes | 344 Views
CN1176 Computer Support. Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS , MCDST, MCP, A+. Agenda. Chapter 10: Securing Windows 7 Exercise / Lab Quiz. Configuring Password Policies. Used to enforce good password security practices Local Security Policy on individual computers
E N D
CN1176Computer Support Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+
Agenda • Chapter 10: Securing Windows 7 • Exercise / Lab • Quiz
Configuring Password Policies • Used to enforce good password security practices • Local Security Policy on individual computers • Group Policy on an AD DS
Password Policy • Enforce password history • How many old password remember • Maximum / Minimum password age • Minimum password length • Password must meet complexity requirements • Store passwords using reversible encryption
Account Lockout Policies • Account Lockout duration • How long will it lockout • Account Lockout threshold • How many attempt before it locked out • Reset account lockout counter after • The period of time that counter will reset to 0
Using Credential Manager • Under control panel • Credentials can be added directly • Windows Vault • Stores usernames and passwords for servers and Web sites
Smart Cards • High security alternative to passwords • Group Policy controls how authentication with Smart Cards is enforced • Comp Conf.\Policies\Wins Settings\Sec Settings\Local Policies\Security Options • Interactive Logon: Require Smart Card • To allow ONLY smart card user authentications • Interactive Logon: Smart Card Removal Behavior • If card is removed while logon • No action • Lock Workstation • Force Logoff • Disconnect if a Remote Desktop Services session
Managing Certificates • Used for a variety of authentication tasks, internally, on the local network, and on the Internet • Users can manage their certificate stores directly using Certificates snap-in
Certificates Snap-In • Certmgr.msc
Using Biometrics • Scans a physical characteristic of a user to confirm identity • Windows Biometric Framework provides core biometric functionality and a Biometric Device control panel
Elevating Privileges • Use Run As Administrator context menu option • Use command linerunas.execommand: runas /user:example\administrator “notepad.exe\script.vbs”
Troubleshooting Authentication Issues • Password loss • Users can change their own password if they know their old password • Administrator can reset password without supplying old password • Password reset Disk is better option
Authorizing Users • Authorization grants the user access to certain resources: • Using permissions • To allow user to access the folder, read the file, etc. • Configuring user rights • To allow user to logon, shutdown, etc.
Defending Against Malware • Malware • Malicious software created specifically for the purpose of infiltrating or damaging a computer system without the user’s knowledge or consent • Viruses • Trojan horses • Worms • Spyware • Adware
Understanding Firewalls • Base their filtering on TCP/IP characteristics: • IP address - Specific computers • Protocol numbers - Transport layer protocol • Port number - Application running on computer • Rules are used to filter traffic two ways: • Admit all traffic, except that which applies to the rules • Block all traffic, except that which applies to the rules
Using the Windows Firewall with Advanced Security Console • Default profile settings can be modified • Inbound and outbound rules can be created
Introducing Windows Defender • To defend against spyware by real-time monitoring and scanning the places where it most commonly infiltrates a computer • When malware detected, it alerts and prompts • Ignore • Quarantine • Remove the program • Add it to an Always Allow list • Not a full-featured antivirus program
Malicious Software Removal Tool • A single user virus scanner supplied with monthly updates • Removes any potentially damaging software it finds • There are no controls and is not permanently installed
Using the Encrypting File System (EFS) • EFS is a feature of NTFS that encodes the files on a computer • Uses public and private keys (PKI) • The user who creates the file is the only person who can read it • Only available on Professional, Enterprise and Ultimate editions • Compressed files cannot be encrypted
Configuring Parental Controls • Enables parents to limit their children’s access to specific Internet sites, games, and applications • Based on user accounts • Impose restrictions on accounts • Filter Web sites users are allowed to access • Limit downloads from Internet sites • Enforce time limits for computer use • Restrict access to games by rating, content, or title • Allow or block specific applications
Assignment • Matching • Multiple Choice • Case Scenario 10-1