Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Mike Meyers’ CompTIA A+® Guide to Managing and Troubleshooting PCs Third Edition Securing Computers Chapter 26 © 2010 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+® Guide to Managing and Troubleshooting PCs Overview Third Edition • In this chapter, you will learn how to – Explain the threats to your computers and data – Describe key security concepts and technologies – Explain how to protect computers from network threats © 2010 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+® Guide to Managing and Troubleshooting PCs Analyzing the Threat Third Edition • Threats to your data come from accidents and malicious people • Accidents are more common – Deleted files – Hard drive crashes – Scratched discs • Malicious intent gets all the press • Look at two general areas – Unauthorized access – Direct physical problems or attacks © 2010 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+® Guide to Managing and Troubleshooting PCs Unauthorized Access Third Edition • Unauthorized access can come from many directions – – – – – – Curiosity and poor user account management Dumpster diving Social engineering techniques to gain access Infiltration Telephone scams Phishing © 2010 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+® Guide to Managing and Troubleshooting PCs Curiosity and Account Control Third Edition • Unauthorized access – Occurs when any user accesses resources in an unauthorized way – Often a user with just enough skill pokes around and finds access to something he or she shouldn’t have • Administrative access – Improper control of administrator accounts is dangerous – Some versions of Windows (such as Windows XP Home) make it easy to use administrator accounts improperly © 2010 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+® Guide to Managing and Troubleshooting PCs Dumpster Diving Third Edition • What is it? – Searching through trash looking for information – Individual pieces of data can be put together as a puzzle • How do you stop it? – Shred all documents • Use a Cross Cut shredder – 3/8” x 1 ½” Good home use – 1/32” x ½” DoD and RCMP Top Secret Documents – Lock area (when possible) where trash is placed outside © 2010 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+® Guide to Managing and Troubleshooting PCs Social Engineering Third Edition • Using or manipulating people in the network to gain access to the network • Infiltration – Entering building in the guise of legitimacy – Talking to people, gathering pieces of information • Telephone scams – Simply asking for information – Impersonating someone else and getting a password reset • Phishing – Using the Internet to pretend to be someone you’re not to get information (user names and passwords) © 2010 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+® Guide to Managing and Troubleshooting PCs Data Destruction Third Edition • Unauthorized access can lead to loss or theft of important or sensitive data • Data destruction doesn’t even have to be intentional – Could be accidental data loss – Unauthorized data modification • “The system should have stopped me if I wasn’t supposed to do that!” © 2010 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+® Guide to Managing and Troubleshooting PCs Physical Threats Third Edition • Damage or loss of physical assets can prove devastating • Catastrophic hardware failures – Hard drives crash, power fails – Redundant systems provide protection • Physical theft – Servers need to be kept behind locked doors – Don’t ignore physical security – Use a cable lock on portable and desktop systems • Viruses/spyware – Come from the Internet, floppy disks, optical discs, and USB drives © 2010 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+® Guide to Managing and Troubleshooting PCs Third Edition Security Concepts and Technologies • After assessing the threats, it’s time to secure the network • Strategic and tactical goals – Understand the big picture and technologies available for securing the network – Know the specific tools for securing resources on the network • Strategic – Access control – Data classification and compliance – Reporting © 2010 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+® Guide to Managing and Troubleshooting PCs Access Control Third Edition • Access control has two meanings – The process of controlling access to data • • • • Physical security Authentication Users and groups Security Policies – Access control list – a piece of data stored on a server, router, etc. that defines what users or systems have access to a resource • Let’s cover the first one © 2010 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+® Guide to Managing and Troubleshooting PCs Access Control (continued) Third Edition • Physical security – Keeping doors locked – Don’t walk away from logged-in systems • Authentication – How the computer determines who can and can’t have access • Use proper complex passwords – Not just for Windows login (CMOS, routers) – Software password generators make great passwords – Hardware authentication • Smart cards • Biometric devices © 2010 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+® Guide to Managing and Troubleshooting PCs Access Control (continued) Third Edition • Users and Groups – Use NTFS with your Users and Groups – Remember the principle of “Least Privilege” • Only grant the minimum privileges for a user to get the job done • Easy to grant more; hard to revoke privileges – Give permissions to groups, not user accounts – Then add user accounts to the appropriate groups © 2010 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+® Guide to Managing and Troubleshooting PCs Access Control (continued) Third Edition • Effective permissions – Users are invariably members of more than one group – If a user accesses a resource, Windows examines Group affiliation to determine effective permissions © 2010 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+® Guide to Managing and Troubleshooting PCs Access Control (continued) Third Edition • Security Policies – Security policies address issues that fall outside the scope of NTFS permissions • Can the user change his or her password? • Can the user see the RUN command? • Can the user install software? – Local security policies are applied to an individual computer – Domain group policies are applied to all the computers in a domain © 2010 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+® Guide to Managing and Troubleshooting PCs Sample Security Policies Third Edition • Prevent Registry Edits – If you try to edit the Registry, you get a failure message • Prevent Access to the Command Prompt – Keeps users from getting to the command prompt by turning off the Run command and the MS-DOS Prompt shortcut • Log on Locally – Defines who may log on to the system locally • Shut Down System – Defines who may shut down the system © 2010 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+® Guide to Managing and Troubleshooting PCs Third Edition Sample Security Policies (continued) • Minimum Password Length – Forces a minimum password length • Account Lockout Threshold – Sets the maximum number of logon attempts a person can make before being locked out of the account • Disable Windows Installer – Prevents users from installing software • Printer Browsing – Enables users to browse for printers on the network, as opposed to using only assigned printers © 2010 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+® Guide to Managing and Troubleshooting PCs Lab – Playing with Fire Third Edition • On your Windows XP computer, go to Administrative Tools and run Local Security Policy • See if you can answer these questions – How does User Rights Assignment enable you to control access to the physical machine? – How do the Security Options help secure things? What can you do here? • It’s important to note here that you can negatively impact or make a PC inoperable by making a security policy mistake © 2010 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+® Guide to Managing and Troubleshooting PCs Third Edition Data Classification and Compliance • Data classification – Organizing data according to sensitivity – Varies by organization • TOP SECRET • Compliance – Members must comply with rules that apply to the organization – Laws and company policies apply and should be followed © 2010 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+® Guide to Managing and Troubleshooting PCs Reporting Third Edition • Event Viewer – Event Viewer works as well for security as it does for Windows troubleshooting – The Security section of Event Viewer shows all security events – Most of the interesting security events are not recorded in Event Viewer by default – To see these events, you have to audit them • Incidence Reporting – Providing documentation for an event of interest – Intrusion, incoming phishing, malware – Event Viewer logs are the main tool © 2010 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+® Guide to Managing and Troubleshooting PCs Network Security Third Edition • Networks face external threats in addition to all those internal threats • This section looks at three areas – Internet-borne attacks, such as malware – Firewalls – Wireless networking © 2010 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+® Guide to Managing and Troubleshooting PCs Malicious Software Third Edition • Together known as malware – – – – Grayware Viruses Trojans Worms Hey, new mail coming your way! You’ve got Virus! © 2010 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+® Guide to Managing and Troubleshooting PCs Grayware Third Edition • Not destructive in itself – Leach bandwidth in networks – Some people consider them beneficial – Used to share files (e.g., BitTorrent) – Can push network over the edge © 2010 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+® Guide to Managing and Troubleshooting PCs Grayware (continued) Third Edition • Pop-ups – Many modify the browser, making it hard to close the pop-up window • Some open up other pop-ups when one pop-up is closed – Newer browsers block pop-ups politely © 2010 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+® Guide to Managing and Troubleshooting PCs Spyware Third Edition • Family of programs that run in the background – Can send information on your browsing habits – Can run distributed computing apps, capture keystrokes to steal passwords, reconfigure dial-up, and more • Preventing installation – Beware of “free” programs such as Gator, Kazaa, others – Adobe’s Shockwave and Flash reputable, but many others are not © 2010 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+® Guide to Managing and Troubleshooting PCs Spyware (continued) Third Edition • Aggressive tactics – Try to scare you into installing their program © 2010 The McGraw-Hill Companies, Inc. All rights reserved • Removing Spyware – Windows Defender – Lavasoft’s Ad-Aware – PepiMK’s Spybot Search & Destroy Mike Meyers’ CompTIA A+® Guide to Managing and Troubleshooting PCs Spam Third Edition • Unsolicited e-mail • To avoid, don’t give out your e-mail address • Definitely don't post it on the Web! • Implement antispam settings or software © 2010 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+® Guide to Managing and Troubleshooting PCs Malware Third Edition • Viruses – – – – Designed to attach themselves to a program When program is used, the virus goes into action Can wipe out data, send spam e-mails, and more Can hide in macros – scripting commands for various programs such as Access • Trojans – Complete program – Designed to look like one program (such as a game or utility) – Does something else, too, such as erase CMOS © 2010 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+® Guide to Managing and Troubleshooting PCs Malware (continued) Third Edition • Worms – Similar to a Trojan, but on a network – Travels from machine to machine through the network – Commonly infects systems because of security flaws • Best protection against worms – Run antivirus software – Keep security patches up to date – Use tools such as Windows Update or Automatic Update to get high-priority updates – Patch management © 2010 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+® Guide to Managing and Troubleshooting PCs Virus Prevention and Recovery Third Edition • You need to take steps to secure computers to prevent attacks – Run an updated antivirus program – Practice proper prevention techniques • You also need a plan for recovery in case a virus affects computers on your network – Recognize the attack – Fix things – Recover • Let’s take a look © 2010 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+® Guide to Managing and Troubleshooting PCs Antivirus Programs Third Edition • Antivirus programs – Can be set to scan entire computer actively for viruses – Can be set as virus shield to monitor activity such as downloading files, receiving e-mail, etc. – Run Windows Defender • Microsoft’s free antivirus/anti-malware program • Check Security Center in Vista • Not used in Windows 7 or recent updates to Vista © 2010 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+® Guide to Managing and Troubleshooting PCs Antivirus Programs (continued) Third Edition • Virus Shield – Viruses have digital signatures – Antivirus programs have libraries of signatures called definitions – Updated regularly • Use an automatic update if possible © 2010 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+® Guide to Managing and Troubleshooting PCs Virus Techniques and Traits Third Edition • Polymorphics/Polymorphs – Viruses attempt to change or morph to prevent detection – Code that morphs (scrambling code) often used as signature, so detectable by antivirus programs • Stealth – – – – Virus attempts to hide and appear invisible Most are in boot sector Some use little-known software interrupt Others make copies of innocent-looking files © 2010 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+® Guide to Managing and Troubleshooting PCs Virus Prevention Tips Third Edition • Scan all incoming programs and data • Scan the PC daily and update signatures regularly • Keep bootable CD-R with copy of antivirus program – Scan if you think PC or connected media might be affected • Be careful with e-mail – Consider disabling preview window – Only open attachments from known sources © 2010 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+® Guide to Managing and Troubleshooting PCs Virus Recovery Tips Third Edition • Recognize – Learn to recognize how a system reacts to malware • Quarantine – What you do to prevent malware from propagating • Search and destroy – What you do to remove malware from infected systems • Remediate – What you do to return the system to normal after the malware is gone • Educate – How you train users to prevent malware outbreaks © 2010 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+® Guide to Managing and Troubleshooting PCs Virus Recovery Tips (continued) Third Edition • Recognize – If a computer starts spewing e-mail, that’s a sign of problems – Computers that run very slowly can indicate malware – Computers with heavy network activity but few active programs point to malware • Quarantine – Run packet-sniffing software to alert you to any unusual activity – Pull the cable! A computer that’s not connected to a network can’t propagate a virus © 2010 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+® Guide to Managing and Troubleshooting PCs Virus Recovery Tips (continued) Third Edition • Search and destroy – Boot the computer to a removable disc with antivirus software included (an antivirus CD-R) • Commercial tools, such as avast! • LiveCD with Linux-based tools • Ultimate Boot CD comes with several antivirus programs – Run the antivirus software as a sword to scan the infected system © 2010 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+® Guide to Managing and Troubleshooting PCs Virus Recovery Tips (continued) Third Edition • Search and destroy – Check all removable media that might have been infected – Manually disable Browser Helper Objects (BHOs) installed by viruses • In Internet Explorer, go to Tools | Manage Add-ons • Select a suspect BHO • Click Disable © 2010 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+® Guide to Managing and Troubleshooting PCs Virus Recovery Tips (continued) Third Edition • Remediate – Fix any low-level damage by booting to the recovery console (Windows 2000/XP) or the Windows Vista repair environment • FIXMBR and FIXBOOT can repair the boot sector • BOOTCFG re-creates the BOOT.INI file • Vista offers Startup Repair, System Restore, and other tools • Educate – You need to train your users to know when not to click or open attachments © 2010 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+® Guide to Managing and Troubleshooting PCs Firewalls Third Edition • Used to block malicious programs from the Internet – Can be software, hardware, or both – Windows has built-in firewall (see Control Panel) Internet © 2010 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+® Guide to Managing and Troubleshooting PCs Network Authentication Third Edition • Authentication – Proving who you are – Done by providing credentials • i.e., user name and password – LAN authentication like Kerberos useful for supporting multiple NOSs and providing secure login within a network – Not so hot for remote access authentication © 2010 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+® Guide to Managing and Troubleshooting PCs Third Edition Network Authentication (continued) • Common remote access protocols – PAP: Password Authentication Protocol (clear text) • Rarely used – CHAP: Challenge Handshake Authentication Protocol • Most popular – MS-CHAP: Microsoft CHAP • Popular with Microsoft applications © 2010 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+® Guide to Managing and Troubleshooting PCs Encryption Third Edition • Makes data packets unreadable – Changes plaintext into cipher text – Encryption occurs at many levels – Multiple encryption standards and options Our lowest sell price is $150,000 Encryption algorithm *2jkpS^ aou23@ `_4Laujpf © 2010 The McGraw-Hill Companies, Inc. All rights reserved Decryption algorithm Our lowest sell price is $150,000 Mike Meyers’ CompTIA A+® Guide to Managing and Troubleshooting PCs Encryption (continued) Third Edition • Dial-up encryption – Encrypts data over lines – Method set on the server • Data encryption – Multiple protocols possible – These standards used in connecting computers to some kind of private connection, like ISDN or T1 – Microsoft method of choice is IPSec (IP Security) © 2010 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+® Guide to Managing and Troubleshooting PCs Application Encryption Third Edition • Many applications can use other protocols to encrypt data – On the Web, HTTPS commonly used – Use digital certificates – Certificates issued by trusted authorities • Trusted authorities added to Web browsers – Invalid certificates can be cleared from SSL cache © 2010 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+® Guide to Managing and Troubleshooting PCs Third Edition © 2010 The McGraw-Hill Companies, Inc. All rights reserved