meljun cortes computer organization lecture chapter23 computer security

Chapter 23

Computer Security

MELJUN CORTESMELJUN CORTES

© 2007 The McGraw-Hill Companies, Inc. All rights reserved

OverviewIn this chapter, you will learn to

Explain the threats to your computers and data

Describe how to control the local computing environment

Explain how to protect computers from network threats

Analyzing the Threat

Historical/Conceptual


ThreatsUnauthorized access

Any user accesses resources in an unauthorized way

Not locked down

Data destructionIntentional or accidental data lossUnauthorized data modification

Administrative accessXP Home almost requires granting multiple users

administrator accessUse Windows 2000 or XP Pro to control access


ThreatsSystem crash/hardware failures

Hard drives crash, power failsRedundant systems provide protection

Viruses/spywareTravel quickly in a networkCome from the Internet, floppy disks, optical discs, and USB drives

Goal is to prevent infection

InternetInternet

CompTIA A+Essentials

Essentials

Getting the Right Sound Card

Local Control


Local ControlIdentify what to back up

Eliminate sensitive data from discarded media

“First, Do No Harm””Part of physician’s oath

“First, Secure the Data”Tech version of the oath

Top Secret


What to Back UpEssential data

Use the Backup toolDocuments and Settings folder for all usersE-mail and address booksOther data


What to Back UpServers

Some servers have critical data (Active Directory)Back up System State to include

Most of Registry, security settings, and more


Off-Site StorageBackups should be stored someplace other than your place of

businessCould be tape, CD, portable drive

Off-site storageCopy of backup stored in another

geographical locationProtects against major disaster

such as fire, flood, etc.

Backups


MigrationWhen a computer is replaced

Move user’s data and settings to new computerUse a tool such as File and Settings Transfer (FAST) WizardDon’t connect new computer to network until security has

been implemented

Old computer New computer


MigrationEliminate data remnants

Just formatting or repartitioning isn’t enoughUse a tool such as Windows WasherCan eliminate specific data or the entire drive


RecycleDon’t just throw computers in trash

Keeps toxic chemicals out of landfills

Recycling centers will take them

Donate Schools and other organizations will gladly take

used computers

CompTIA A+Technician

IT Technician

Getting the Right Sound Card

Social Engineering


Social EngineeringUsing or manipulating people in the network to gain access

to the network

InfiltrationPhysically sneaking into buildingTalking to people gathering pieces of information

Telephone scamsSimply asking for informationImpersonating someone else


Social EngineeringDumpster diving

Searching through trash looking for information

Individual pieces of data can be put together as a puzzle

Physical theft

Servers need to be kept behind locked doors

The best network security is beaten easily if physical security is ignored


Access ControlPhysical security

Lock the doorDon’t leave PC unattended when logged on

AuthenticationSoftware authentication using proper passwordsHardware authentication using smart cards

and biometrics


Access ControlUse NTFS, not FAT32

FAT32 provides very limited securityUse NTFS whenever possible

To convert FAT32 drive to NTFSConvert D:\ /FS:NTFS

Users and groupsCan add users to groupsUsers now have permissions

of group


Network SecurityUser account control through groups

Can grant permission to groupGroups represented by icon


Network SecurityAdding users to a group

Done in Computer Management


Network SecurityEffective permissions (combined)

Rita is in Sales Group and Managers groupSales granted List Folder Contents permissionManagers granted Read & Execute permissionRita has Read & Execute AND List Folder Contents

permissions (combination of both)

Sales group Managers group

ListFolderContents

Read &Execute


Network SecurityDefault groups

Everyone, Guests, Users

Can become backdoors to the network

Windows 2000 gives full control to the Everyone group by default


Security PoliciesLocal Security Settings

Set via Local Security Policy in Administrator ToolsCan set Local Computer Group Policy Object EditorApplies only to this computer


Security PoliciesLocal Group Policy—applies locally only


Security PoliciesExamples of what can be done with Group Policy in a

domainPrevent Registry EditsPrevent Access to the Command PromptLog on LocallyShut Down SystemMinimum Password

LengthAccount Lockout

ThresholdDisable Windows

InstallerMuch more


Malicious SoftwareTogether known as malware

Viruses

Trojans

Worms

Spyware

Adware

Grayware

You’ve got Virus!

Hey, new mail coming your way!


MalwareViruses

Designed to attach themselves to a program When program is used, the virus goes into actionCan wipe out data, send spam e-mails, and more

TrojansDesigned to look like one program (such as a game or utility)Does something else too, such as erase CMOS


MalwareWorms

Similar to a Trojan but on a networkTravels from machine to machine through network Commonly infects systems because of security flaws

Best protection against WormsRun antivirus softwareKeep security patches

up to dateUse tools such as

Windows Update or Automatic Update to get critical updates


Antivirus ProgramsAntivirus programs

Can be set to scan entire computer actively for viruses

Can be set as virus shield to monitor activity such as downloading files, receiving e-mail, etc.

Viruses have digitalsignatures

Antivirus programs havelibrary of signatures

Update signatures regularly


Virus TechniquesPolymorphics/Polymorphs

Viruses attempt to change or morph to prevent detectionCode used to morph (scrambling code) often used as signature

StealthVirus attempts to hide and appear invisibleMost are in boot sectorSome use little-known software interruptOthers make copies of innocent-looking files


Virus Prevention TipsScan all incoming programs and data

Scan the PC daily

Update signatures regularly

Keep bootable CD-R with copy of antivirus program

Be careful with e-mailConsider disabling preview windowOnly open attachments from known sources


MalwareSpam

Unsolicited commercial e-mail (UCE)To avoid, don’t give out your e-mail address

Pop-upsMany modify the browser so hard to close

Some open up other pop-ups when one pop-up is closed

To close Right-click the browser on the taskbar and select Close While the pop-up is displayed, press Alt-F4


SpywareFamily of programs that run in the background

Can send information on your browsing habits Can run distributed computing apps, capture keystrokes to

steal passwords, reconfigure dial-up, and more

Preventing installationBeware of free programs

such as Gator, Kazaa, othersAdobe’s Shockwave and

Flash reputable, but many others are not


SpywareAggressive tactics

Try to scare you into installing their program

Removing SpywareWindows DefenderLavasoft’s Ad-AwarePepiMK’s Spybot

Search & Destroy


GraywareNot destructive in themselves

Leach bandwidth in networks

Some people consider them beneficial

Used to sharefiles (e.g., BitTorrent)

Can push networkover the edge


FirewallsUsed to block malicious programs from the Internet

Can be software, hardware, or both

Windows XP has built-in firewall

InternetInternet


EncryptionMakes data packets unreadable

Changes plaintext into cipher text

Encryption occurs at many levels

Multiple encryption standards and options

Our lowest sell price is$150,000

Encryptionalgorithm

*2jkpS^aou23@`_4Laujpf

Decryptionalgorithm

Our lowest sell price is$150,000


Network AuthenticationAuthentication

Proving who you areDone by providing credentials

i.e., user name and passwordCredentials rarely passed in plaintext

Common remote access protocolsPAP: Password Authentication Protocol (clear text)

Rarely usedCHAP: Challenge Handshake Authentication Protocol

Most popularMS-CHAP: Microsoft CHAP

Popular with Microsoft applications


EncryptionDial-up encryption

Set on the server

Data encryption

Multiple protocols possible

Microsoft method of choiceis IPSec (IP Security)


Application EncryptionMany applications can use other protocols to encrypt data

On the Web, HTTPS commonly usedUse digital certificatesCertificates issued by trusted

authorities Trusted authorities added to

Web browsers

Invalid certificates can be cleared from cache


Wireless IssuesSet up wireless encryption

WEP,WPA, or preferably WPA2Have clients use static address

If you must use DHCP, limit available addressesChange default SSID

And disable SSID broadcastFilter by MAC addressesChange default user name and passwordsTurn on WAP firewall


ReportingEvent Viewer

Application SecuritySystem


Event ViewerCan view errors that a user saw

and forgot

Can get help with errors by clicking the Microsoft link


ReportingAuditing

Event auditing—logs eventsObject access auditing—logs resource accessSomeone else will set up—but you need to be aware of the

policies

Incidence reportingWhen events occur, you need to report themSupervisors and/or managers may have more informationReporting one seemingly innocuous event may help the

supervisor solve a bigger problem


Beyond A+Security in Windows Vista

User Account Control Helps prevent malware from running with administrator privileges

Security Center First appeared in Windows XP SP2 Enhanced in Windows Vista

Parental Controls Allows parents (or supervisors) to monitor and/or restrict access Can restrict Web sites and downloads, login times, games, and more

meljun cortes computer organization lecture chapter23 computer security

Technology