1k likes | 1.15k Views
Chapter 15. Security Essential. Understanding Security Threats. What’s New in Windows 7 Monitoring Your Computer’s Security Blocking Intruders with Windows Firewall. Staying Secure with Windows Update . Blocking Viruses and Worms with an Antivirus Program.
E N D
Chapter 15 Security Essential
Understanding Security Threats • What’s New in Windows 7 • Monitoring Your Computer’s Security • Blocking Intruders with Windows Firewall. • Staying Secure with Windows Update . • Blocking Viruses and Worms with an Antivirus Program. • Stopping Spyware with Windows Defender.......... • Preventing Unsafe Actions with User Account Control.
In this chapter, we examine in detail each of four essential security steps—using a firewall, getting updates, blocking viruses, and blockingspyware—for ensuring that your computer is protected from those who would do it harm.
Understanding Security Threats • When people talk about security threats in personal computers, they’re generally referring to viruses, worms, and spyware:
A virusis a program that can copy itself, usually by attaching itself to another object. Infections spread when an infected file is transferred to another computer over a network, over the internet, or on removable media, and then executed on the target computer. Viruses are typically written to destroy or corrupt data files, wipe out installed programs, or damage the operating system itself. • .
A wormis a program that replicates by copying itself from one computer on a network to another. Many modern worms also contain virus code that can damage data, consume so many system resources that they render the operating system unusable
Spywareis a term that has been applied to a variety of unwanted programs, including advertiser-sponsored software that tracks a user’s web surfing habits, programs that display pop-up ads, programs that redirect Internet Explorer to a search engine or home page that’s different from the one you specify, and more.
Spyware is a program that is installed without the user’s full and informed consent, often through deceptive means, and that displays advertising, records personal information, or changes a computer’s configuration without the user’s explicit permission.
Collectively, viruses, worms, and spyware in all their forms are often called malware.
Such a program can be used to monitor users’ activities and to capture account numbers and passwords for financial accounts, which are subsequently cleaned out.
Computers that have been taken over by other forms of malware are sometimes referred to as zombies or bots (short for robots). Armies of these zombies, called botnets, can be used to launch attacks against websites, to send spam without revealing the true sender’s address, and to propagate themselves.
Securing Your Computer: Four Essential Steps • 1. Keep your firewall turned on. You can use Windows Firewall, which is included with Windows 7, or a firewall that you obtain elsewhere. • 2. Keep Windows up to date. Windows Update can do this for you automatically. • 3. Use an antivirus program. You’ll need to obtain one, as none is included with Windows. • 4. Use an antispyware program. Windows Defender, which is included with Windows 7, serves this function well.
What’s New in Windows 7 Among the key security improvements are these: • Windows Firewall Windows Firewall is substantially changed from the version in Windows XP. As in Windows Vista, it is a two-way firewall, monitoring outbound traffic as well as inbound, and it fully supports Internet Protocol version 6 (IPv6). • In Windows 7, Windows Firewall adds multiple access firewall profiles, a feature that provides appropriate protection for each connected network when you’re connected to more than one at a time—an increasingly common situation.
With an advanced configuration console for Windows Firewall, administrators have control over firewall rules and other settings.
User Account Control (UAC) UAC reduces the danger of using an administrator account for everyday tasks by requesting your consent when an application needs to do something with system wide effect.
In Windows 7, UAC is far less intrusive than in Windows Vista because fewer tasks trigger UAC prompts, and new configuration options make it easier to control UAC so that it doesn’t control you.
Windows Defender Windows Defender, an antispyware program, continuously monitors system settings to prevent the installation of known spyware and to alert you to the presence of spyware-like activity.
The new interface in the Windows 7 version has fewer confusing options—which is appropriate for a program that normally runs silently in the background.
Internet Explorer Internet Explorer runs in Protected Mode, which lessens the likelihood of installing malicious code. Effectively, it runs reduced privileges, able to write data only in locked-down temporary folders unless you grant permission to act outside the protected area.
Other security improvements to Internet Explorer include restrictions on ActiveX controls, a SmartScreen phishing filter, and InPrivate Filtering and InPrivate Browsing to prevent information about your browsing habits from being tracked.
Windows Biometric Service The Windows Biometric Service provides support for fingerprint biometric devices so that you can use a fingerprint reader to log on to your computer and to enter administrative credentials in response to UAC elevation prompts.
Data encryption BitLocker Drive Encryption (available only in Enterprise and Ultimate editions) encrypts entire hard drives—making the data they contain completely inaccessible to a thief who makes off with a computer. In Windows 7, BitLocker To Go can also be used to protect removable storage drives, such as portable hard drives and USB flash drives.
Parental Controls Parental Controls provide tools to help parents guide their kids’ use of the internet, games, and other programs. • Data redirection While running under a standard user’s account, an application that attempts to write to a protected system folder (such as %ProgramFiles% or %SystemRoot%) gets transparently redirected to a virtual file store within the user’s profile.
Similarly, if an application attempts to write to system wide areas of the registry (such as the HKEY_LOCAL_MACHINE hive), it gets redirected to virtual keys within the user’s section of the registry. Applications that attempt to read from these protected file and registry locations look first to the virtual stores.
File and registry virtualization allows standard users to run older applications—including many of those that required administrator access under Windows XP—while at the same time preventing malicious applications from writing to areas that could bring down the entire system.
Additional security on 64-bit computers With the 64-bit versions of Windows, only digitally signed device drivers can be installed. This feature, called PatchGuard, ensures that kernel-level code is from a known source and has not been altered, as a means to prevent the installation of rootkits and any other code that tries to alter the underlying operating system.
Restrictions on removable drives Through the use of Group Policy, administrators can control the use of removable storage devices, such as USB flash drives and external hard drives. These restrictions can help prevent the theft of sensitive data. In addition, they can be used to seal an entry point for viruses and other malware brought in from home.
In addition, AutoRun is disabled for removable storage devices such as USB flash drives, lessening the chance that an attacker can fool you into running a hostile program by simply clicking on an entry in the AutoPlay list.
Monitoring Your Computer’s Security • In Windows 7, security-related options have been gathered in Action Center, an application that replaces Security Center found in Windows XP and Windows Vista. • You can also open Action Center from Control Panel.
Figure 15-1 Clicking the notification area icon displays a menu that includes links to directly address current problems, as well as a link to open Action Center itself.
The Security section in Action Center provides at-a-glance information about your security settings. Items that need your attention have a red or yellow bar red bar identifies important items that need immediate attention, such as detection of a virus or spyware, or that no firewall is enabled.
A yellow bar denotes informational messages about suboptimal, but less critical, settings or status, such as when Windows Update is not set to automatically download and install critical updates. Next to the bar appear explanatory text and buttons that let you correct the problem (or configure Action Center so that it won’t bother you).
Figure 15-2 Action Center collects security, maintenance, and troubleshooting information and settings in a single window.
Note • Running more than one antivirus program can cause problems because the programs compete with each other to process each bit of information that passes through the computer. For this reason, Action Center doesn’t allow you to turn on an antivirus program until all others have been turned off. Antispyware programs, on the other hand, generally don’t have such conflicts, so you can safely run multiple programs if you really feel the need to do so.
In Windows 7 (unlike earlier versions of Windows), Windows Firewall can coexist with third-party firewall programs.
A properly written third-party firewall can take ownership of a category and Windows Firewall no longer protects that category, even when Windows Firewall is turned on. If the third-party firewall is stopped or removed, however, and no other firewalls are registered for the category, Windows Firewall takes over.
Figure 15-4 You can selectively disable and enable Action Center monitoring here, or you can manage monitored items individually by clicking links in the main Action Center window.
Blocking Intruders with Windows Firewall • Your first line of defense in securing your computer is to protect it from attacks by outsiders. Once your computer is connected to the internet, it becomes just another node on a huge global network.
A firewallprovides a barrier between your computer and the network to which it’s connected by preventing the entry of unwanted traffic while allowing transparent passage to authorized connections.
CAUTION! • In today’s environment, you should run firewall software on each networked computer; don’t rely on corporate gateway firewalls and gateway antivirus solutions to protect your computer from another infected computer inside the perimeter.
Windows Firewall is a two-way stateful-inspection packet filtering. • Windows Firewall is enabled by default for all connections, and it begins protecting your computer as it boots.
The firewall blocks all inbound traffic, with the exception of traffic sent in response to a request sent by your computer and unsolicited traffic that has been explicitly allowed by creating a rule. • All outgoing traffic is allowed.
Stateful-Inspection Packet Filtering Explained • Most firewalls work, by packet filtering—that is, they block or allow transmissions depending on the content of each packet that reaches the firewall. • A packet filter examines several attributes of each packet and can either route it (that is, forward it to the intended destination computer) or block it, based on any of these attributes:
Stateful-Inspection Packet Filtering Explained • ●Source address The IP address of the computer that generated the packet • ●Destination address The IP address of the packet’s intended target computer • ●Network protocol The type of traffic, such as Internet Protocol (IP) • ●Transport protocol The higher level protocol, such as Transmission Control Protocol (TCP) or User Datagram Protocol (UDP)
Source and destination ports The number that communicating computers use to identify a communications channel
Packet filtering alone is an inadequate solution; incoming traffic that meets all the packet filter criteria could still be something you didn’t ask for or want.
Stateful-inspection packet filtering goes a step further by restricting incoming traffic to responses to requests from your computer. Here’s a simplified example of how stateful-inspection filtering works to allow “good” incoming traffic:
1. You enter a URL in your browser’s address bar. • 2. The browser sends one or more packets of data, addressed to the web server. The destination port is 80, the standard port for HTTP web servers; the source port is an arbitrary number from 1024 through 65535. • 3. The firewall saves information about the connection in its state table, which it will use to validate returning inbound traffic.
4. After the web server and your computer complete the handshaking needed to open a TCP connection, the web server sends a reply (the contents of the webpage you requested) addressed to your computer’s IP address and source port. • 5. The firewall receives the incoming traffic and compares its source and destination addresses and ports with the information in its state table. If the information matches, the firewall permits the reply to pass through to the browser. If the data doesn’t match in all respects, the firewall silently discards the packet. • 6. Your browser displays the received information.
Using Windows Firewall in Different Network Locations • Windows Firewall maintains a separate profile for each of three network location types: • ●Domain Used when your computer is joined to an Active Directory domain. In this environment, firewall settings are typically (but not necessarily) controlled by a network administrator. • ●Private Used when your computer is connected to a home or work network in a workgroup configuration. • Public Used when your computer is connected to a network in a public location, such as an airport or library.