330 likes | 442 Views
Chapter. 7. Managing Local Security in Windows. Threats to Computers and Users Defense Against Threats Windows Local Security Accounts Applying Security to Files and Folders, Common Windows Security Problems. Chapter. Threats to Computers and Users. 7.
E N D
Chapter 7 Managing Local Security in Windows Threats to Computers and Users Defense Against Threats Windows Local Security Accounts Applying Security to Files and Folders, Common Windows Security Problems
Chapter Threats to Computers and Users 7 • Accidental, Deliberate, Natural and Unnatural Disasters • Fires; Earthquakes; • Floods ? • Dropped • Theft and damage • Protect against disasters with frequent backups • Backup critical data files • Image backups • Multiple backup sets Why?
Chapter Threats to Computers and Users 7 • Computer Hardware Theft • Secure computers physically • Laptops more vulnerable • Unsophisticated thieves steal for the value of hardware. • Sophisticated thieves will search hard drive for data. • Identify Theft • Personal information is stolen and used to commit fraud • Obtaining a social security # and other key personal information may be enough to steal someone's identity • Fraud a form of identity theft • The use of deceit & trickery to obtain money or valuables
Chapter Threats to Computers and Users 7 • Accidental, Deliberate, Natural and Unnatural Disasters Continued) • Other Deliberate Attacks Spyware
Chapter Define 7 • Spyware whether malicious or not, “Spyware” is software secretly placed on a computer that records and reports user activity. • Phishing is attempt to lure a user into surrendering their personal information, by pretending to be an official request from a legitimate business. (PayPal, eBay, Citibank, IRS Tax refund)
Chapter Attackers 7 • Online attackers or organized crime – monetary gain • Credit card trafficking • Identity theft • Financial account access • Hire out • Marketing organizations • Online surfing and purchasing habits • Trend related activities to mount marketing campaigns • Trusted Insiders • sell information • leverage to gain advantage • Black mail
Chapter Attack Form 7 • Application add-ons: Often bundled with software • Web site installs: Malicious Web sites often disguise spyware as a helpful utility and prompt users to install the spyware when browsing the site. • E-mail attachments or links: especially HTML graphics images, misrepresented links • Software Install Prompt Pop-up Windows:
Chapter Spyware Types 7 • Adware – demos, free trials, EULA deception • Keyloggers – record key press • Trojans - attached to a useful program • Scumware – altered link rerouting (email) • Dialers – hidden time pay phone calls (Porn) • Browser & search engine Hijackers
Spyware Visual Examples Spyware has been known to masquerade as a prize- notification pop-up window. Masquerading as anti-spyware - This is one of the cruelest tricks in the book. This type of software convinces you that it's a tool to detect and remove spyware.
Spyware Visual Examples continued: Peer-to-peer file-sharing clients. While it officially claims otherwise, Kazaa has been known to include Spyware in its download package. Bonzi Buddy is an "add-on" application that includes spyware in its package. Browser add-ons – are particularly nasty add-ons are considered browser hijackers -- these embed themselves deeply in your machine and take quite a bit of work to get rid of.
Chapter Indicators 7 • Unexplainable, reduction in computer performance. “unauthorized device hijacking” • Toolbars appear that can't be deleted permanently. • Heavy increase in pop-up ads. “internet pollution” • Search engine or browser home page has changed, “Hijacked”. • Excessive or unexplained network or modem traffic. “bandwidth stealing”
Chapter Spyware Statistics 7 • Spyware dishing websites, at the end of Q1 of 2006, the number was 427,000, while at the end of Q2 2006, the number reached an astonishing 527,136. • Infection rates Q2 of 2006: • Home user – 89% • Small & Medium size Businesses – 50% • Enterprise Businesses – 21% • Business Effects Reported: • Performance slow down – 65% • Productivity Loss – 58% • Loss in sales – 20% • The Spyware King: China 42%, United States 17%
Chapter Emotions 7 • Emotional effects on home user and IT personnel • Direct Revenue an advertising company (spyware) tracked the most frequently used aggressive words found in customer complaints for June of 2005. The top three are, ’”die” (103 times), “f-----“(44), and “kill” (15) (Elgin & Grow, 2006). • No where to turn, no recourse! • Controversial Course teaches Spyware Code writing
Chapter Legislation 7 • Federal - Computer Fraud and Abuse Act • Federal Trade Commission Act • Electronic Communications Privacy Act • About 12 states have specific Spyware laws • Shawn Collins, Chicago attorney - charges spyware as a pollutant to the internet and a trespass-to-personal-property as an argument. (6 cases: 3 and 1 so far) • Spy vs. Spy (Direct Revenue and Avenue Media) • Fail to Report Incidents why? • FTC must (reasonably protected) • Reputation
Prevention and Detection • Use a firewall to restrict outbound traffic on all ports except those used for HTTP, POP3, and SMTP. • Use multi-layered Anti-spyware approach • Make it a habit to run scans of antivirus and anti-spyware programs bi-weekly or even daily. • Read EULA very carefully – target phrases • EULAlyzer program – automatic EULA reader • Close unwanted pop-up install prompts using Alt-F4 instead of “X” icon on the title bar, a “No”, “Close”, or “Cancel” button. • Avoid using peer-to-peer, file sharing networks
Prevention and Detection • Limit Web surfing to known-safe sites by using a proxy server or restricted sites list. • Web links within pop-ups or in emails can be masked to look legitimate. • Type in URLs don’t click email links • Use Pop-up blockers • Avoid downloading helpful site plug-ins. • Avoid downloading freeware, shareware, limited demo software, and free trail offers. • Use only commercial and known-safe utilities. • Don’t surf the web while logged in as Administrator • Regularly apply software patches and updates.
Prevention and Detection • Consider alternative browsers, Firefox, Opera. • Turn off PC or modem • Backup your data regularly. • Adjust cookie permissions: • Uninstall applications you don’t use. • When possible, configure user accounts without download or install permissions. • Use Spam blockers • Check out programs before you download or install
Chapter Removal 7 • Install multiple detection and removal programs. • Identify and disable malicious processes with Windows Task Manager. • Run “msconfig” disable malicious services and startup programs with the System Configuration Utility. • Run an anti-virus program and keep it updated • Reacting to a Suspected Virus Attack • Scan all drives and memory with a locally installed anti-virus • Use a free antivirus scanner, such as Housecall, at housecall.trendmicro.com • Search and delete registry entries associated that malicious code. Warning, educate yourself first!
Chapter Top Ten Rogue Anti-Spyware Applications 7
Chapter Top Ten Anti-Spyware Applications 7 • Lavasoft Ad-aware - Free • ZoneAlarm Anti-Spyware • Tenebril SpyCatcher • Webroot Spy Sweeper • PC Tools Spyware Doctor • McAfee AntiSpyware • Spybot Search & Destroy - Free • Microsoft Defender – Free for until Dec. • Trend Micro Anti-Spyware • CA eTrust PestPatrol - Free
Chapter Defense Against Threats 7 • Authentication and Authorization • Authentication • Verification of who you are, your identity (user name) • One-layer authentication • Something you know (password) • Two-layer authentication • Something you know plus something you have (a token, like a bankcard) • Three-layer authentication • Above plus biometric data (retinal scan, voice print, etc.)
Chapter Defense Against Threats 7 • Authentication and Authorization (continued) • Authorization • Determines the level of access to a computer or a resource. • Includes both authentication, plus verification of access level • Permission describes an action that can be performed on an object
Chapter Defense Against Threats 7 • Authentication and Authorization (continued) • Password • A string of characters entered for authentication • Don’t take passwords for granted • Don’t use the same password everywhere • Basic defense against invasion of privacy • Use long and complex password • Do not use common words
Chapter Defense Against Threats 7 • Best Practices with User Names and Passwords • Don't Give Away Your User Name and Password • Create Strong Passwords • Never Reuse Passwords • Avoid Creating Unnecessary Online Accounts • Don’t Provide More Information Than Necessary • Always Use Strong Passwords for Certain Types of Accounts
Chapter Defense Against Threats 7 • Security Accounts • An account that can be assigned permission to take action on an object or the right to take action on an entire system. • User Accounts • Individual account • Includes user name and password • Full name, description, and other information • Exist in all Windows security accounts databases
Chapter Defense Against Threats 7 • Security Accounts (continued) • Group Accounts • Contain one or more user and group accounts • Exist in all Windows Security accounts databases • Computer Accounts • Computers may have accounts • Exist in Microsoft domain security accounts databases
Chapter Defense Against Threats 7 • Encryption • Transformation of data into a code that can only be decrypted with a secret key or password • Secret key is a special code used to decrypt • Encrypt a local or network-based file • Encrypt data before sending over a network (PGP) • Only someone with the password or key can decrypt data • Secret key may be held in a digital certificate • Encrypt sensitive data stored on a laptop or in a setting where data theft is a concern • NTFS5 supports file and folder encryption
Chapter Defense Against Threats 7 • Firewalls • Firewall technologies • IP packet filter • Proxy service • Encrypted authentication • Virtual private network (VPN)
Chapter Defense Against Threats 7 • Firewalls (continued) • Working behind a Firewall in a Large Organization • Firewall configured based on the computers it is protecting. • Working Behind a Firewall at Home or on a Small LAN • Hardware for home and small business called "broadband routers“ • Personal software firewall utilities Step-by-Step 7.01 Configure the Windows Firewall Page 324
Chapter Defense Against Threats 7 • More help from Windows XP Service Pack 2 • Windows Security Center monitors • Firewall • Automatic Updates • Virus Protections • A Manage Add-ons button in Internet Options • A pop-up dialog will warn of add-on installation attempt • Protection from opening suspect files
Chapter Defense Against Threats 7 • Privacy Protection • Internet Options privacy settings • Control handling of cookies • Settings from block-all-cookies to allow-all-cookies • Balance between convenience and risk
Chapter Defense Against Threats 7 • Protection from Inappropriate or Distasteful Content • Web content filter • Add-on or feature of a web browser • Block or allow certain sites • Service on Internet give ratings to web sites • Configure filter to allow or disallow unrated sites • Content Advisor in Internet Explorer Step-by-Step 7.02 Check Out the Content Advisor in Internet Explorer Page 329
Chapter Windows Local Security Accounts 7 • Administering Local Windows Accounts (continued) • User Administration in Windows XP Pro (continued) • Password Reset Disk • Created by/for currently logged on user • Use when password is forgotten • Will not lose access to items such as encrypted files • If Administrator resets—password access to encrypted files is lost • Gives user power to fix own passwords • More complicated to do in a domain Step-by-Step 7.05 Creating User Accounts and a Password Reset Disk in Windows XP Page 347