meljun cortes computer organization_lecture_chapter23_computer_security

Chapter 23Computer Security

MELJUN CORTESMELJUN CORTES

© 2007 The McGraw-Hill Companies, Inc. All rights reserved

OverviewIn this chapter, you will learn to

Explain the threats to your computers and data

Describe how to control the local computing environment

Explain how to protect computers from network threats

Analyzing the Threat

Historical/Conceptual


ThreatsUnauthorized access

Any user accesses resources in an unauthorized way

Not locked downData destruction

Intentional or accidental data lossUnauthorized data modification

Administrative accessXP Home almost requires granting multiple

users administrator accessUse Windows 2000 or XP Pro to control access


ThreatsSystem crash/hardware failures

Hard drives crash, power failsRedundant systems provide protection

Viruses/spywareTravel quickly in a networkCome from the Internet, floppy disks, optical

discs, and USB drivesGoal is to prevent infection

InternetInternet

CompTIA A+Essentials

Essentials

Getting the Right Sound Card

Local Control


Local ControlIdentify what to back up

Eliminate sensitive data from discarded media

“First, Do No Harm””Part of physician’s oath

“First, Secure the Data”Tech version of the oath

Top Secret


What to Back UpEssential data

Use the Backup toolDocuments and Settings folder for all usersE-mail and address booksOther data


What to Back UpServers

Some servers have critical data (Active Directory)

Back up System State to includeMost of Registry, security settings, and more


Off-Site StorageBackups should be stored someplace other

than your place of businessCould be tape, CD, portable drive

Off-site storageCopy of backup stored in another

geographical locationProtects against major disaster

such as fire, flood, etc.

Backups


MigrationWhen a computer is replaced

Move user’s data and settings to new computer

Use a tool such as File and Settings Transfer (FAST) Wizard

Don’t connect new computer to network until security has been implemented

`

Old computer New computer


MigrationEliminate data remnants

Just formatting or repartitioning isn’t enoughUse a tool such as Windows WasherCan eliminate specific data or the entire

drive


RecycleDon’t just throw computers in trash

Keeps toxic chemicals out of landfills

Recycling centers will take them

Donate Schools and other organizations will gladly take

used computers

CompTIA A+Technician

IT Technician

Getting the Right Sound Card

Social Engineering


Social EngineeringUsing or manipulating people in the

network to gain access to the network

InfiltrationPhysically sneaking into buildingTalking to people gathering pieces of

information

Telephone scamsSimply asking for informationImpersonating someone else


Social EngineeringDumpster diving

Searching through trash looking for informationIndividual pieces of data can be

put together as a puzzle

Physical theftServers need to be kept

behind locked doorsThe best network security is beaten easily if

physical security is ignored


Access ControlPhysical security

Lock the doorDon’t leave PC unattended when logged on

AuthenticationSoftware authentication using proper

passwordsHardware authentication using smart cards

and biometrics


Access ControlUse NTFS, not FAT32

FAT32 provides very limited securityUse NTFS whenever possible

To convert FAT32 drive to NTFSConvert D:\ /FS:NTFS

Users and groupsCan add users to groupsUsers now have permissions

of group


Network SecurityUser account control through groups

Can grant permission to groupGroups represented by icon


Network SecurityAdding users to a group

Done in Computer Management


Network SecurityEffective permissions (combined)

Rita is in Sales Group and Managers groupSales granted List Folder Contents

permissionManagers granted Read & Execute

permissionRita has Read & Execute AND List Folder

Contents permissions (combination of both)

Sales group Managers group

ListFolderContents

Read &Execute


Network SecurityDefault groups

Everyone, Guests, Users

Can become backdoors to the network

Windows 2000 gives full control to the Everyone group by default


Security PoliciesLocal Security Settings

Set via Local Security Policy in Administrator Tools

Can set Local Computer Group Policy Object Editor

Applies only to this computer


Security PoliciesLocal Group Policy—applies locally only


Security PoliciesExamples of what can be done with Group Policy in

a domainPrevent Registry EditsPrevent Access to the Command PromptLog on LocallyShut Down SystemMinimum Password

LengthAccount Lockout

ThresholdDisable Windows

InstallerMuch more


Malicious SoftwareTogether known as malware

Viruses

Trojans

Worms

Spyware

Adware

Grayware

You’ve got Virus!

Hey, new mail coming your way!


MalwareViruses

Designed to attach themselves to a program When program is used, the virus goes into

actionCan wipe out data, send spam e-mails, and

more

TrojansDesigned to look like one program (such as a

game or utility)Does something else too, such as erase CMOS


MalwareWorms

Similar to a Trojan but on a networkTravels from machine to machine through network Commonly infects systems because of security flaws

Best protection against WormsRun antivirus softwareKeep security patches

up to dateUse tools such as

Windows Update or Automatic Update to get critical updates


Antivirus ProgramsAntivirus programs

Can be set to scan entire computer actively for viruses

Can be set as virus shield to monitor activity such as downloading files, receiving e-mail, etc.

Viruses have digitalsignatures

Antivirus programs havelibrary of signatures

Update signatures regularly


Virus TechniquesPolymorphics/Polymorphs

Viruses attempt to change or morph to prevent detection

Code used to morph (scrambling code) often used as signature

StealthVirus attempts to hide and appear invisibleMost are in boot sectorSome use little-known software interruptOthers make copies of innocent-looking files


Virus Prevention TipsScan all incoming programs and data

Scan the PC daily

Update signatures regularly

Keep bootable CD-R with copy of antivirus program

Be careful with e-mailConsider disabling preview windowOnly open attachments from known sources


MalwareSpam

Unsolicited commercial e-mail (UCE)To avoid, don’t give out your e-mail address

Pop-upsMany modify the browser so hard to close

Some open up other pop-ups when one pop-up is closedTo close

Right-click the browser on the taskbar and select CloseWhile the pop-up is displayed, press Alt-F4


SpywareFamily of programs that run in the background

Can send information on your browsing habits Can run distributed computing apps, capture

keystrokes to steal passwords, reconfigure dial-up, and more

Preventing installationBeware of free programs

such as Gator, Kazaa, othersAdobe’s Shockwave and

Flash reputable, but many others are not


SpywareAggressive tactics

Try to scare you into installing their program

Removing SpywareWindows DefenderLavasoft’s Ad-AwarePepiMK’s Spybot

Search & Destroy


GraywareNot destructive in themselves

Leach bandwidth in networks

Some people consider them beneficial

Used to sharefiles (e.g., BitTorrent)

Can push networkover the edge


FirewallsUsed to block malicious programs from the

InternetCan be software, hardware,

or both

Windows XP has built-in firewall

InternetInternet


EncryptionMakes data packets unreadable

Changes plaintext into cipher text

Encryption occurs at many levels

Multiple encryption standards and options

Our lowest sell price is$150,000

Encryptionalgorithm

*2jkpS^aou23@`_4Laujpf

Decryptionalgorithm

Our lowest sell price is$150,000


Network AuthenticationAuthentication

Proving who you areDone by providing credentials

i.e., user name and passwordCredentials rarely passed in plaintext

Common remote access protocolsPAP: Password Authentication Protocol (clear text)

Rarely usedCHAP: Challenge Handshake Authentication

Protocol Most popular

MS-CHAP: Microsoft CHAP Popular with Microsoft applications


EncryptionDial-up encryption

Set on the server

Data encryptionMultiple protocols possible

Microsoft method of choiceis IPSec (IP Security)


Application EncryptionMany applications can use other protocols

to encrypt dataOn the Web, HTTPS commonly usedUse digital certificatesCertificates issued by trusted

authoritiesTrusted authorities added to

Web browsersInvalid certificates can

be cleared from cache


Wireless IssuesSet up wireless encryption

WEP,WPA, or preferably WPA2Have clients use static address

If you must use DHCP, limit available addresses

Change default SSIDAnd disable SSID broadcast

Filter by MAC addressesChange default user name and passwordsTurn on WAP firewall


ReportingEvent Viewer

Application SecuritySystem


Event ViewerCan view errors that a user saw

and forgot

Can get help with errors by clicking the Microsoft link


ReportingAuditing

Event auditing—logs eventsObject access auditing—logs resource accessSomeone else will set up—but you need to be

aware of the policies

Incidence reportingWhen events occur, you need to report themSupervisors and/or managers may have more

informationReporting one seemingly innocuous event may

help the supervisor solve a bigger problem


Beyond A+Security in Windows Vista

User Account Control Helps prevent malware from running with administrator

privileges

Security Center First appeared in Windows XP SP2 Enhanced in Windows Vista

Parental Controls Allows parents (or supervisors) to monitor and/or restrict

access Can restrict Web sites and downloads, login times, games,

and more

meljun cortes computer organization_lecture_chapter23_computer_security

Technology