470 likes | 601 Views
Computer Security. Chapter 23. Overview. In this chapter, you will learn to Explain the threats to your computers and data Describe how to control the local computing environment Explain how to protect computers from network threats. Historical/Conceptual. Analyzing the Threat. Threats.
E N D
Computer Security Chapter 23
Overview • In this chapter, you will learn to • Explain the threats to your computers and data • Describe how to control the local computing environment • Explain how to protect computers from network threats
Historical/Conceptual Analyzing the Threat
Threats • Unauthorized access • Any user accesses resources in an unauthorized way • Not locked down • Data destruction • Intentional or accidental data loss • Unauthorized data modification • Administrative access • XP Home almost requires granting multiple users administrator access • Use Windows 2000 or XP Pro to control access X
Threats • System crash/hardware failures • Hard drives crash, power fails • Redundant systems provide protection • Viruses/spyware • Travel quickly in a network • Come from the Internet, floppy disks, optical discs, and USB drives • Goal is to prevent infection X Internet
Essentials CompTIA A+Essentials Getting the Right Sound Card Local Control
Top Secret Local Control • Identify what to back up • Eliminate sensitive data from discarded media • “First, Do No Harm”” • Part of physician’s oath • “First, Secure the Data” • Tech version of the oath
What to Back Up • Essential data • Use the Backup tool • Documents and Settings folder for all users • E-mail and address books • Other data
What to Back Up • Servers • Some servers have critical data (Active Directory) • Back up System State to include • Most of Registry, security settings, and more
Backups Off-Site Storage • Backups should be stored someplace other than your place of business • Could be tape, CD, portable drive • Off-site storage • Copy of backup stored in another geographical location • Protects against major disaster such as fire, flood, etc.
Migration • When a computer is replaced • Move user’s data and settings to new computer • Use a tool such as File and Settings Transfer (FAST) Wizard • Don’t connect new computer to network until security has been implemented Old computer New computer
Migration • Eliminate data remnants • Just formatting or repartitioning isn’t enough • Use a tool such as Windows Washer • Can eliminate specific data or the entire drive
Recycle • Don’t just throw computers in trash • Keeps toxic chemicals out of landfills • Recycling centers will take them • Donate • Schools and other organizations will gladly take used computers
IT Technician CompTIA A+Technician Getting the Right Sound Card Social Engineering
Social Engineering • Using or manipulating people in the network to gain access to the network • Infiltration • Physically sneaking into building • Talking to people gathering pieces of information • Telephone scams • Simply asking for information • Impersonating someone else
Social Engineering • Dumpster diving • Searching through trash looking for information • Individual pieces of data can be put together as a puzzle • Physical theft • Servers need to be kept behind locked doors • The best network security is beaten easily if physical security is ignored
Access Control • Physical security • Lock the door • Don’t leave PC unattended when logged on • Authentication • Software authentication using proper passwords • Hardware authentication using smart cards and biometrics
Access Control • Use NTFS, not FAT32 • FAT32 provides very limited security • Use NTFS whenever possible • To convert FAT32 drive to NTFS • Convert D:\ /FS:NTFS • Users and groups • Can add users to groups • Users now have permissions of group
Network Security • User account control through groups • Can grant permission to group • Groups represented by icon
Network Security • Adding users to a group • Done in Computer Management
Network Security • Effective permissions (combined) • Rita is in Sales Group and Managers group • Sales granted List Folder Contents permission • Managers granted Read & Execute permission • Rita has Read & Execute AND List Folder Contents permissions (combination of both) ListFolderContents Read &Execute Sales group Managers group
Network Security • Default groups • Everyone, Guests, Users • Can become backdoors to the network • Windows 2000 gives full control to the Everyone group by default
Security Policies • Local Security Settings • Set via Local Security Policy in Administrator Tools • Can set Local Computer Group Policy Object Editor • Applies only to this computer
Security Policies • Local Group Policy—applies locally only
Security Policies • Examples of what can be done with Group Policy in a domain • Prevent Registry Edits • Prevent Access to the Command Prompt • Log on Locally • Shut Down System • Minimum Password Length • Account LockoutThreshold • Disable WindowsInstaller • Much more
Malicious Software • Together known as malware • Viruses • Trojans • Worms • Spyware • Adware • Grayware Hey, new mail coming your way! You’ve got Virus!
Malware • Viruses • Designed to attach themselves to a program • When program is used, the virus goes into action • Can wipe out data, send spam e-mails, and more • Trojans • Designed to look like one program (such as a game or utility) • Does something else too, such as erase CMOS
Malware • Worms • Similar to a Trojan but on a network • Travels from machine to machine through network • Commonly infects systems because of security flaws • Best protection against Worms • Run antivirus software • Keep security patches up to date • Use tools such as Windows Update or Automatic Update to get critical updates
Antivirus Programs • Antivirus programs • Can be set to scan entire computer actively for viruses • Can be set as virus shield to monitor activity such as downloading files, receiving e-mail, etc. • Viruses have digitalsignatures • Antivirus programs havelibrary of signatures • Update signatures regularly
Virus Techniques • Polymorphics/Polymorphs • Viruses attempt to change or morph to prevent detection • Code used to morph (scrambling code) often used as signature • Stealth • Virus attempts to hide and appear invisible • Most are in boot sector • Some use little-known software interrupt • Others make copies of innocent-looking files
Virus Prevention Tips • Scan all incoming programs and data • Scan the PC daily • Update signatures regularly • Keep bootable CD-R with copy of antivirus program • Be careful with e-mail • Consider disabling preview window • Only open attachments from known sources
Malware • Spam • Unsolicited commercial e-mail (UCE) • To avoid, don’t give out your e-mail address • Pop-ups • Many modify the browser so hard to close • Some open up other pop-ups when one pop-up is closed • To close • Right-click the browser on the taskbar and select Close • While the pop-up is displayed, press Alt-F4
Spyware • Family of programs that run in the background • Can send information on your browsing habits • Can run distributed computing apps, capture keystrokes to steal passwords, reconfigure dial-up, and more • Preventing installation • Beware of free programs such as Gator, Kazaa, others • Adobe’s Shockwave andFlash reputable, but many others are not
Aggressive tactics Try to scare you into installing their program Removing Spyware Windows Defender Lavasoft’s Ad-Aware PepiMK’s Spybot Search & Destroy Spyware
Grayware • Not destructive in themselves • Leach bandwidth in networks • Some people consider them beneficial • Used to sharefiles (e.g., BitTorrent) • Can push networkover the edge
Firewalls • Used to block malicious programs from the Internet • Can be software, hardware, or both • Windows XP has built-in firewall Internet
Encryption • Makes data packets unreadable • Changes plaintext into cipher text • Encryption occurs at many levels • Multiple encryption standards and options Our lowest sell price is$150,000 *2jkpS^aou23@`_4Laujpf Our lowest sell price is$150,000 Encryptionalgorithm Decryptionalgorithm
Network Authentication • Authentication • Proving who you are • Done by providing credentials • i.e., user name and password • Credentials rarely passed in plaintext • Common remote access protocols • PAP: Password Authentication Protocol (clear text) • Rarely used • CHAP: Challenge Handshake Authentication Protocol • Most popular • MS-CHAP: Microsoft CHAP • Popular with Microsoft applications
Encryption • Dial-up encryption • Set on the server • Data encryption • Multiple protocols possible • Microsoft method of choiceis IPSec (IP Security)
Application Encryption • Many applications can use other protocols to encrypt data • On the Web, HTTPS commonly used • Use digital certificates • Certificates issued by trusted authorities • Trusted authorities added to Web browsers • Invalid certificates can be cleared from cache
Wireless Issues • Set up wireless encryption • WEP,WPA, or preferably WPA2 • Have clients use static address • If you must use DHCP, limit available addresses • Change default SSID • And disable SSID broadcast • Filter by MAC addresses • Change default user name and passwords • Turn on WAP firewall
Reporting • Event Viewer • Application • Security • System
Event Viewer • Can view errors that a user saw and forgot • Can get help with errors by clicking the Microsoft link
Reporting • Auditing • Event auditing—logs events • Object access auditing—logs resource access • Someone else will set up—but you need to be aware of the policies • Incidence reporting • When events occur, you need to report them • Supervisors and/or managers may have more information • Reporting one seemingly innocuous event may help the supervisor solve a bigger problem
Beyond A+ • Security in Windows Vista • User Account Control • Helps prevent malware from running with administrator privileges • Security Center • First appeared in Windows XP SP2 • Enhanced in Windows Vista • Parental Controls • Allows parents (or supervisors) to monitor and/or restrict access • Can restrict Web sites and downloads, login times, games, and more