cscd 303 essential computer security fall 2010 lecture 8 - desktop security recovery, prevention and...
TRANSCRIPT
![Page 1: CSCD 303 Essential Computer Security Fall 2010 Lecture 8 - Desktop Security Recovery, Prevention and Hardening Reading: Links are in Lecture](https://reader035.vdocument.in/reader035/viewer/2022062718/56649e6c5503460f94b6b83f/html5/thumbnails/1.jpg)
CSCD 303Essential Computer SecurityFall 2010
Lecture 8 - Desktop Security Recovery, Prevention and Hardening Reading: Links are in Lecture
![Page 2: CSCD 303 Essential Computer Security Fall 2010 Lecture 8 - Desktop Security Recovery, Prevention and Hardening Reading: Links are in Lecture](https://reader035.vdocument.in/reader035/viewer/2022062718/56649e6c5503460f94b6b83f/html5/thumbnails/2.jpg)
Overview• Recovery and Prevention
•Recovery• Antivirus/Antitrojan• Restore System
– Restore – Windows• Boot disks
Prevention• Patching – All systems• Harden OS - Features
![Page 3: CSCD 303 Essential Computer Security Fall 2010 Lecture 8 - Desktop Security Recovery, Prevention and Hardening Reading: Links are in Lecture](https://reader035.vdocument.in/reader035/viewer/2022062718/56649e6c5503460f94b6b83f/html5/thumbnails/3.jpg)
The Attack Surface• Security folks talk about “Reducing
the Attack Surface”–What does that mean?– Get Secure
• Reduce the Attack Surface• Patch• Harden
– Stay Secure• Maintain secure infrastructure
– Patches– Updates– Upgrades– Read, Research, Results
![Page 4: CSCD 303 Essential Computer Security Fall 2010 Lecture 8 - Desktop Security Recovery, Prevention and Hardening Reading: Links are in Lecture](https://reader035.vdocument.in/reader035/viewer/2022062718/56649e6c5503460f94b6b83f/html5/thumbnails/4.jpg)
The Attack Surface
• What is an Attack Surface?
Weak Passwords
Open Ports
Unused Services Left On
Un-patched Web Server
Open File Shares
Excessive privileges
Systemstoo complex
No Policie
s
No Auditing
Unknowns
People
![Page 5: CSCD 303 Essential Computer Security Fall 2010 Lecture 8 - Desktop Security Recovery, Prevention and Hardening Reading: Links are in Lecture](https://reader035.vdocument.in/reader035/viewer/2022062718/56649e6c5503460f94b6b83f/html5/thumbnails/5.jpg)
The Attack Surface
• Now for The Attacks ...
VirusesPort
Scanners
Network Spoofing
Denial of Service
Password Cracking
Packet Sniffing
Trojan Horses
Worms Poisons (Packets, DNS, etc.)
Unknowns
People
![Page 6: CSCD 303 Essential Computer Security Fall 2010 Lecture 8 - Desktop Security Recovery, Prevention and Hardening Reading: Links are in Lecture](https://reader035.vdocument.in/reader035/viewer/2022062718/56649e6c5503460f94b6b83f/html5/thumbnails/6.jpg)
Anti-virus
• Anti-virus – Will identify infections, viruses, trojans, worms– Not always able to exactly identify what got
you– First step, detect something is wrong– Try to identify it - Key– Then, try to remove it and restore the files if
possible– Two main ways – Treating Infection
• Quarantine• Disinfect
![Page 7: CSCD 303 Essential Computer Security Fall 2010 Lecture 8 - Desktop Security Recovery, Prevention and Hardening Reading: Links are in Lecture](https://reader035.vdocument.in/reader035/viewer/2022062718/56649e6c5503460f94b6b83f/html5/thumbnails/7.jpg)
Anti Virus Software• Quarantine
– Only temporary until user decides how to handle it, user asked to make a decision
![Page 8: CSCD 303 Essential Computer Security Fall 2010 Lecture 8 - Desktop Security Recovery, Prevention and Hardening Reading: Links are in Lecture](https://reader035.vdocument.in/reader035/viewer/2022062718/56649e6c5503460f94b6b83f/html5/thumbnails/8.jpg)
Anti Virus Software
• Why do Anti-Virus Programs Quarantine?– Virus detection was generic, can’t
determine how to clean it off of system– Want user, you, to make a decision– Quarantine Actions
• Copy infected file to quarantine directory• Remove original infected file• Disable file permissions so user can’t
accidentally transfer it out of directory
![Page 9: CSCD 303 Essential Computer Security Fall 2010 Lecture 8 - Desktop Security Recovery, Prevention and Hardening Reading: Links are in Lecture](https://reader035.vdocument.in/reader035/viewer/2022062718/56649e6c5503460f94b6b83f/html5/thumbnails/9.jpg)
Anti Virus Software
• Disinfect Files• a. Disinfection by Specific Virus
– Multiple ways to disinfect files– Depends on the type of virus– From virus DB, get file executable start
address• Run generic clean-up routine with start address
• Can derive this information by running virus in test lab, recording information from infected file
• Store this information for specific virus
![Page 10: CSCD 303 Essential Computer Security Fall 2010 Lecture 8 - Desktop Security Recovery, Prevention and Hardening Reading: Links are in Lecture](https://reader035.vdocument.in/reader035/viewer/2022062718/56649e6c5503460f94b6b83f/html5/thumbnails/10.jpg)
Anti Virus Software• b. Disinfect by Virus Behavior
– Disinfect based on assumptions from virus behavior
• Prepend or Appended viruses• Restore original program header• Move original byte contents back to original location
– Can store in advance for each executable file on an uninfected system, system file
•Program header, file length, checksum of executable file contents, which is a computed check of the file contents•Compute various checksums until you get the exact checksum of the file, can be tricky need to figure out which part of the file is original, look for checksum match
![Page 11: CSCD 303 Essential Computer Security Fall 2010 Lecture 8 - Desktop Security Recovery, Prevention and Hardening Reading: Links are in Lecture](https://reader035.vdocument.in/reader035/viewer/2022062718/56649e6c5503460f94b6b83f/html5/thumbnails/11.jpg)
Test Your Virus Scanner
• Good to test your anti-virus software to see how well it does• There is test file you can use to test your anti-virus software–The Anti-Virus or Anti-Malware test file
• From the European Expert Group for IT Security, www.eicar.org–Run this file against your virus scanner to determine its effectiveness
http://www.eicar.org/anti_virus_test_file.htm
![Page 12: CSCD 303 Essential Computer Security Fall 2010 Lecture 8 - Desktop Security Recovery, Prevention and Hardening Reading: Links are in Lecture](https://reader035.vdocument.in/reader035/viewer/2022062718/56649e6c5503460f94b6b83f/html5/thumbnails/12.jpg)
System Restore Windows• Purpose of System Restore
– Create snapshot of system's configuration– Want to return a system back to a known
good configuration
• System Restore is designed to automatically create a restore point– Each time system recognizes a significant
change in the file or application
![Page 13: CSCD 303 Essential Computer Security Fall 2010 Lecture 8 - Desktop Security Recovery, Prevention and Hardening Reading: Links are in Lecture](https://reader035.vdocument.in/reader035/viewer/2022062718/56649e6c5503460f94b6b83f/html5/thumbnails/13.jpg)
System Restore Go to Start>> All Programs>> Accessories>>
System Tools>> System Restore
![Page 14: CSCD 303 Essential Computer Security Fall 2010 Lecture 8 - Desktop Security Recovery, Prevention and Hardening Reading: Links are in Lecture](https://reader035.vdocument.in/reader035/viewer/2022062718/56649e6c5503460f94b6b83f/html5/thumbnails/14.jpg)
System Restore and Viruses• Virus authors intentionally write viruses with same
extensions as Windows files that are backed up by System Restore
• Common for people to have a virus, then run virus scans to remove the virus– But, once System Restore recovers computer to an
earlier date, it is very possible to introduce that same virus back to system
• When a virus is found on a system,
• System Restore should be completely disabled, all Restore Points should be deleted ... – So, whats the point? System restore not for
malware!!
• After scanning computer, restore can be turned back on
![Page 15: CSCD 303 Essential Computer Security Fall 2010 Lecture 8 - Desktop Security Recovery, Prevention and Hardening Reading: Links are in Lecture](https://reader035.vdocument.in/reader035/viewer/2022062718/56649e6c5503460f94b6b83f/html5/thumbnails/15.jpg)
Making a Boot Disk Vista and Other OS's
• If your computer is un-bootable, what do you do?– Try to use a recovery disk.– How many know where the recovery disk
is?– Can you make one?
![Page 16: CSCD 303 Essential Computer Security Fall 2010 Lecture 8 - Desktop Security Recovery, Prevention and Hardening Reading: Links are in Lecture](https://reader035.vdocument.in/reader035/viewer/2022062718/56649e6c5503460f94b6b83f/html5/thumbnails/16.jpg)
Vista Recovery Disk
• Recovery Disk or a Recovery Partition will allow you to restore your computer to original settings from hardware manufacturer,– Will not be able to use it to repair your
Windows Vista installation– For that, you will need an actual Windows
Vista DVD that contains the Windows Recovery Environment
![Page 17: CSCD 303 Essential Computer Security Fall 2010 Lecture 8 - Desktop Security Recovery, Prevention and Hardening Reading: Links are in Lecture](https://reader035.vdocument.in/reader035/viewer/2022062718/56649e6c5503460f94b6b83f/html5/thumbnails/17.jpg)
Making a Boot Disk Vista/Windows 7
• Yes, you can make an installation disk if your computer didn't come with one– Complete burnable images for Vista– And ... a DVD or CD writer http://www.howtogeek.com/howto/windows-vista/
how-to-make-a-windows-vista-repair-disk-if-you-dont-have-one/
http://neosmart.net/blog/2008/download-windows-vista-x64-recovery-disc/
– Versions of 32 and 64 bit and Windows 7
![Page 18: CSCD 303 Essential Computer Security Fall 2010 Lecture 8 - Desktop Security Recovery, Prevention and Hardening Reading: Links are in Lecture](https://reader035.vdocument.in/reader035/viewer/2022062718/56649e6c5503460f94b6b83f/html5/thumbnails/18.jpg)
Boot Disk for Ubuntu
• Ubuntu– Can make Ubuntu into a live image CD – Really easy, Use it to boot and possibly
fix Ubuntu– Instructions are herehttps://help.ubuntu.com/community/
LiveCD
![Page 19: CSCD 303 Essential Computer Security Fall 2010 Lecture 8 - Desktop Security Recovery, Prevention and Hardening Reading: Links are in Lecture](https://reader035.vdocument.in/reader035/viewer/2022062718/56649e6c5503460f94b6b83f/html5/thumbnails/19.jpg)
Patching
![Page 20: CSCD 303 Essential Computer Security Fall 2010 Lecture 8 - Desktop Security Recovery, Prevention and Hardening Reading: Links are in Lecture](https://reader035.vdocument.in/reader035/viewer/2022062718/56649e6c5503460f94b6b83f/html5/thumbnails/20.jpg)
Patching
• What does patching your computer do?– Allows it to limp along until the next
major version• Windows XP before Vista • Vista then quickly Windows 7 etc.
– Software producers give you patches to fix “holes” in between major software versions
![Page 21: CSCD 303 Essential Computer Security Fall 2010 Lecture 8 - Desktop Security Recovery, Prevention and Hardening Reading: Links are in Lecture](https://reader035.vdocument.in/reader035/viewer/2022062718/56649e6c5503460f94b6b83f/html5/thumbnails/21.jpg)
Study on Unpatched Computers
http://www.computerworld.com/s/article/9109938/Unpatched_Windows_PCs_fall_to_hackers_in_under_5_minutes_says_ISC?taxonomyId=82&intsrc=kc_top&taxonomyName=cybercrime_and_hacking
• 2008• Computerworld - It takes less than five minutes
for hackers to find and compromise an unpatched Windows PC after it's connected to the Internet, a security researcher said today.
• The SANS Institute's Internet Storm Center (ISC) currently estimates the "survival" time of an Internet-connected computer running Windows at around four minutes if it's not equipped with the latest Microsoft Corp. security patches
![Page 22: CSCD 303 Essential Computer Security Fall 2010 Lecture 8 - Desktop Security Recovery, Prevention and Hardening Reading: Links are in Lecture](https://reader035.vdocument.in/reader035/viewer/2022062718/56649e6c5503460f94b6b83f/html5/thumbnails/22.jpg)
More Patching Storieshttp://www.circleid.com/posts/
20090915_major_organizations_overlooking_high_priority_security_risks/
• Security report by SANS Institute, TippingPoint and Qualys, Sept. 2009– Number of vulnerabilities found in applications in
far greater than the number of vulnerabilities discovered in operating systems
– "On average, major organizations take at least twice as long to patch client-side vulnerabilities as they take to patch operating system vulnerabilities
– In other words highest priority risk is getting less attention than the lower priority risk"
![Page 23: CSCD 303 Essential Computer Security Fall 2010 Lecture 8 - Desktop Security Recovery, Prevention and Hardening Reading: Links are in Lecture](https://reader035.vdocument.in/reader035/viewer/2022062718/56649e6c5503460f94b6b83f/html5/thumbnails/23.jpg)
Patching
• Types of Patches– Patch – Simple small fix, one or two problems– Update – Add or fix problem or earlier patch– Cumulative – Includes all previously released
patch for one application– Service Pack – Generally, large files, typically
include lots of patches to many problems– Vista is up to service pack 2– Windows 7 - not even to service pack 1
![Page 24: CSCD 303 Essential Computer Security Fall 2010 Lecture 8 - Desktop Security Recovery, Prevention and Hardening Reading: Links are in Lecture](https://reader035.vdocument.in/reader035/viewer/2022062718/56649e6c5503460f94b6b83f/html5/thumbnails/24.jpg)
What Should you Patch?• Microsoft releases Windows security
updates on the second Tuesday of every month– Recommended you turn on automatic
updates, all versions of Windows– Configure this in control panel
![Page 25: CSCD 303 Essential Computer Security Fall 2010 Lecture 8 - Desktop Security Recovery, Prevention and Hardening Reading: Links are in Lecture](https://reader035.vdocument.in/reader035/viewer/2022062718/56649e6c5503460f94b6b83f/html5/thumbnails/25.jpg)
Updates for Microsoft Vista/7• What gets updated?
– Updates OS & Internet Explorer,also other Microsoft Windows software, such as Microsoft Office, Windows Live applications, and Microsoft Expression
– But, older versions of Windows updated only OS components,
• Windows Updates vs. Microsoft update• Users had to go to Microsoft update to update
their Office suite and SQL Server ... etc.
http://arstechnica.com/microsoft/news/2010/04/isvs-to-blame-for-vista7-infections-office-updates-ignored.ars
![Page 26: CSCD 303 Essential Computer Security Fall 2010 Lecture 8 - Desktop Security Recovery, Prevention and Hardening Reading: Links are in Lecture](https://reader035.vdocument.in/reader035/viewer/2022062718/56649e6c5503460f94b6b83f/html5/thumbnails/26.jpg)
Updates for Microsoft Vista/7
• Does it update other software on your computer? Like Adobe Flash Player ...
• Microsoft does not, update other software running on your computer
![Page 27: CSCD 303 Essential Computer Security Fall 2010 Lecture 8 - Desktop Security Recovery, Prevention and Hardening Reading: Links are in Lecture](https://reader035.vdocument.in/reader035/viewer/2022062718/56649e6c5503460f94b6b83f/html5/thumbnails/27.jpg)
Updates for Ubuntu, Mac OS X
• Ubuntu updates– All the software on its distribution
automatically– Built into the system as a service – Need to turn it on,
update manager
• Mac OS X– Updates all software on Mac
![Page 28: CSCD 303 Essential Computer Security Fall 2010 Lecture 8 - Desktop Security Recovery, Prevention and Hardening Reading: Links are in Lecture](https://reader035.vdocument.in/reader035/viewer/2022062718/56649e6c5503460f94b6b83f/html5/thumbnails/28.jpg)
Patching
• Third party Software – Vendors often provide free patches on
their web sites• Should know how vendor supplies patches• Provide programs bundled with their systems
automatically contact their web sites looking for patches specifically
• Automatic updates tell you when patches are available, download them, and install them
![Page 29: CSCD 303 Essential Computer Security Fall 2010 Lecture 8 - Desktop Security Recovery, Prevention and Hardening Reading: Links are in Lecture](https://reader035.vdocument.in/reader035/viewer/2022062718/56649e6c5503460f94b6b83f/html5/thumbnails/29.jpg)
Patching
• Boring but ...– Make a list of the software on your
computer• Games, office, document readers, Adobe,
media players – like Flash, Database, Multi-media, voip – Skype, security software – Semantic, Browser
• What is their patching strategy?• Websites? Auto-update?
![Page 30: CSCD 303 Essential Computer Security Fall 2010 Lecture 8 - Desktop Security Recovery, Prevention and Hardening Reading: Links are in Lecture](https://reader035.vdocument.in/reader035/viewer/2022062718/56649e6c5503460f94b6b83f/html5/thumbnails/30.jpg)
Patch Management
• Patches are issued for good reasons– Always test before deploying
• Are some Automation Tools– Monitoring/Alerting– Data Collection/Archiving
• HfNetChk – weird name, great tool!– Windows machines queries it for up-to-
date patcheshttp://majorgeeks.com/HFNetChk-FE_d1103.html
![Page 31: CSCD 303 Essential Computer Security Fall 2010 Lecture 8 - Desktop Security Recovery, Prevention and Hardening Reading: Links are in Lecture](https://reader035.vdocument.in/reader035/viewer/2022062718/56649e6c5503460f94b6b83f/html5/thumbnails/31.jpg)
Harden OS
![Page 32: CSCD 303 Essential Computer Security Fall 2010 Lecture 8 - Desktop Security Recovery, Prevention and Hardening Reading: Links are in Lecture](https://reader035.vdocument.in/reader035/viewer/2022062718/56649e6c5503460f94b6b83f/html5/thumbnails/32.jpg)
OS Hardening Defined
• What is Operating System Hardening?
Reconfiguring an OS to be more secure, stable and resistant to attacks.
• Examples:– Removing unnecessary processes.– Setting file permissions.– Patching or updating software.– Setting network access controls.
![Page 33: CSCD 303 Essential Computer Security Fall 2010 Lecture 8 - Desktop Security Recovery, Prevention and Hardening Reading: Links are in Lecture](https://reader035.vdocument.in/reader035/viewer/2022062718/56649e6c5503460f94b6b83f/html5/thumbnails/33.jpg)
Hardening Utilities
• Bastille Linux www.bastille-linux.org– Automated security
program, Security wizard• SUID restrictions• SecureInetd• DoS attack detection
and prevention• Automated firewall
scripting• User privileges• Education
– You can try it against your computer ....
![Page 34: CSCD 303 Essential Computer Security Fall 2010 Lecture 8 - Desktop Security Recovery, Prevention and Hardening Reading: Links are in Lecture](https://reader035.vdocument.in/reader035/viewer/2022062718/56649e6c5503460f94b6b83f/html5/thumbnails/34.jpg)
Linux Hardening
• Examine Linux System Features– Recall ....
• Linux is more modular than Windows• Multi-user design from the beginning
– Challenge in cracking Linux• Gain Root access
– Goal in Defense of Linux• Make unauthorized root access impossible
![Page 35: CSCD 303 Essential Computer Security Fall 2010 Lecture 8 - Desktop Security Recovery, Prevention and Hardening Reading: Links are in Lecture](https://reader035.vdocument.in/reader035/viewer/2022062718/56649e6c5503460f94b6b83f/html5/thumbnails/35.jpg)
Linux Hardening
• Setuid and Setgid– Everything in Linux is a file
• Files have read, write and execute permissions• One more permission is setuid (similar with
setgid)• Executable programs run with same privileges
of file owner• If owner is root ... gain root privileges• Goal is to use buffer overrun or some other
means of gaining a root shell session, attacker can do anything after that
![Page 36: CSCD 303 Essential Computer Security Fall 2010 Lecture 8 - Desktop Security Recovery, Prevention and Hardening Reading: Links are in Lecture](https://reader035.vdocument.in/reader035/viewer/2022062718/56649e6c5503460f94b6b83f/html5/thumbnails/36.jpg)
Linux Hardening
• Example chmod 4755 removemyfiles.sh
-rwsr-xr-- 1 ctaylor fac removemyfiles.sh
Assume remove my files is a script#! /bin/bash rm -rf /home/ctaylor/*.*
The -rws in above permissions on file, says to run this program with the privileges of ctaylor
![Page 37: CSCD 303 Essential Computer Security Fall 2010 Lecture 8 - Desktop Security Recovery, Prevention and Hardening Reading: Links are in Lecture](https://reader035.vdocument.in/reader035/viewer/2022062718/56649e6c5503460f94b6b83f/html5/thumbnails/37.jpg)
Linux Servers
• Don't install some software– X - windows– RPC Services – R-Services, rlogin, rpc - ssh instead– Inetd daemon – SMTP daemons - enabled by default– Telnet, ftp, pop3 and Imap– Might want to disable LKM - Loadable
Kernel Modules
![Page 38: CSCD 303 Essential Computer Security Fall 2010 Lecture 8 - Desktop Security Recovery, Prevention and Hardening Reading: Links are in Lecture](https://reader035.vdocument.in/reader035/viewer/2022062718/56649e6c5503460f94b6b83f/html5/thumbnails/38.jpg)
Windows Hardening
![Page 39: CSCD 303 Essential Computer Security Fall 2010 Lecture 8 - Desktop Security Recovery, Prevention and Hardening Reading: Links are in Lecture](https://reader035.vdocument.in/reader035/viewer/2022062718/56649e6c5503460f94b6b83f/html5/thumbnails/39.jpg)
Overview
• Services• Account types of policies• Software Restrictions• Data lock down
– Bit Locker– EFS
![Page 40: CSCD 303 Essential Computer Security Fall 2010 Lecture 8 - Desktop Security Recovery, Prevention and Hardening Reading: Links are in Lecture](https://reader035.vdocument.in/reader035/viewer/2022062718/56649e6c5503460f94b6b83f/html5/thumbnails/40.jpg)
Windows Vista and 7 Security Features
• Windows Service Hardening– Most Windows exploits, install malware,
result of flaws in Windows services– Windows services have been changed as
follows:• Each service is given a SID number, Security ID• Services run with a lower privilege level by default• Unnecessary privileges for services have been
removed• Services are isolated and cannot interact with
users
![Page 41: CSCD 303 Essential Computer Security Fall 2010 Lecture 8 - Desktop Security Recovery, Prevention and Hardening Reading: Links are in Lecture](https://reader035.vdocument.in/reader035/viewer/2022062718/56649e6c5503460f94b6b83f/html5/thumbnails/41.jpg)
41
Account Policies• Contain the password policy and the
account lockout policy• Must be configured at the domain level• Password policy
– Controls password characteristics for local user accounts
– Available settings• Enforce password history• Maximum, Minimum password age• Minimum, Maximum password length• Complexity requirements
![Page 42: CSCD 303 Essential Computer Security Fall 2010 Lecture 8 - Desktop Security Recovery, Prevention and Hardening Reading: Links are in Lecture](https://reader035.vdocument.in/reader035/viewer/2022062718/56649e6c5503460f94b6b83f/html5/thumbnails/42.jpg)
42
Account Policies
• Account lockout policy– Prevents unauthorized access to
Windows Vista– Can configure an account to be
temporarily disabled after a number of incorrect log-on attempts
![Page 43: CSCD 303 Essential Computer Security Fall 2010 Lecture 8 - Desktop Security Recovery, Prevention and Hardening Reading: Links are in Lecture](https://reader035.vdocument.in/reader035/viewer/2022062718/56649e6c5503460f94b6b83f/html5/thumbnails/43.jpg)
MCTS Guide to Microsoft Windows Vista 43
Software Restriction Policies
• Defines which programs are allowed or disallowed in the system
• Used in corporate environments where parental controls are not able to be used
• Default security level for applications– Disallowed– Basic User– Unrestricted
![Page 44: CSCD 303 Essential Computer Security Fall 2010 Lecture 8 - Desktop Security Recovery, Prevention and Hardening Reading: Links are in Lecture](https://reader035.vdocument.in/reader035/viewer/2022062718/56649e6c5503460f94b6b83f/html5/thumbnails/44.jpg)
44
Software Restriction Policies
• Software not affected by software restriction policies– Drivers or other kernel mode software– Programs run by the SYSTEM account– Macros in Microsoft Office 2000 or
Microsoft Office XP documents– .NET programs that use the common
language runtime (alternate security is used)
![Page 45: CSCD 303 Essential Computer Security Fall 2010 Lecture 8 - Desktop Security Recovery, Prevention and Hardening Reading: Links are in Lecture](https://reader035.vdocument.in/reader035/viewer/2022062718/56649e6c5503460f94b6b83f/html5/thumbnails/45.jpg)
45
Software Restriction Policies
• Software restriction configuration options– Policies are evaluated each time an
executable file is accessed– Executable files are identified by file
extension• You can customize the list of extensions
– Many Windows applications use DLL files when they are executing
– DLL files are considered a lower risk than executable files and are not evaluated by default
![Page 46: CSCD 303 Essential Computer Security Fall 2010 Lecture 8 - Desktop Security Recovery, Prevention and Hardening Reading: Links are in Lecture](https://reader035.vdocument.in/reader035/viewer/2022062718/56649e6c5503460f94b6b83f/html5/thumbnails/46.jpg)
46
Data Security
• NTFS permissions– Most basic level of data security in
Windows Vista– Stop logged-on users from accessing files
and folders that they are not assigned read or write permission to
• Relatively easy to work around NTFS permissions!!!!– When you have physical access to the
computer• To secure data on desktop computers and
laptops, encryption is required– Vista includes Encrypting File System
(EFS) and BitLocker Drive Encryption
![Page 47: CSCD 303 Essential Computer Security Fall 2010 Lecture 8 - Desktop Security Recovery, Prevention and Hardening Reading: Links are in Lecture](https://reader035.vdocument.in/reader035/viewer/2022062718/56649e6c5503460f94b6b83f/html5/thumbnails/47.jpg)
47
Encryption Algorithms• Symmetric Encryption
– What is Symmetric Encryption?– Same key to encrypt data and decrypt
data– Symmetric encryption is strong and fast
• Good for encrypting large volumes of data such as files
– Used by both EFS and BitLocker Drive Encryption
– Biggest problem is securing the key
![Page 48: CSCD 303 Essential Computer Security Fall 2010 Lecture 8 - Desktop Security Recovery, Prevention and Hardening Reading: Links are in Lecture](https://reader035.vdocument.in/reader035/viewer/2022062718/56649e6c5503460f94b6b83f/html5/thumbnails/48.jpg)
MCTS Guide to Microsoft Windows Vista 48
Encrypting File System
• Encrypting File System (EFS)– First included with Windows 2000
Professional– Encrypts individual files and folders on a
partition– Suitable for protecting data files and
folders on workstations and laptops– Can also be used to encrypt files and
folders on network servers• File or folder must be located on an NTFS-
formatted partition
![Page 49: CSCD 303 Essential Computer Security Fall 2010 Lecture 8 - Desktop Security Recovery, Prevention and Hardening Reading: Links are in Lecture](https://reader035.vdocument.in/reader035/viewer/2022062718/56649e6c5503460f94b6b83f/html5/thumbnails/49.jpg)
49
Encrypting File System• To use EFS, users must have a digital
certificate with a public key and a private key– Windows Vista can generate one for you
• From the user perspective,• Encryption is a file attribute
• Files can also be encrypted using the command-line utility Cipher
• Lost encryption keys– If a user loses the EFS key, then an
encrypted file is unrecoverable with the default configuration
![Page 50: CSCD 303 Essential Computer Security Fall 2010 Lecture 8 - Desktop Security Recovery, Prevention and Hardening Reading: Links are in Lecture](https://reader035.vdocument.in/reader035/viewer/2022062718/56649e6c5503460f94b6b83f/html5/thumbnails/50.jpg)
50
Encrypting File System• Lost encryption keys
– Some ways EFS keys may be lost• The user profile is corrupted• The user profile is deleted accidentally• The user is deleted from the system• The user password is reset
– Backing up your EFS key is done by using the Certificates MMC snap-in
• Only you can back up your own key– Creating a recovery certificate allows the files
encrypted by all users to be recovered if required
![Page 51: CSCD 303 Essential Computer Security Fall 2010 Lecture 8 - Desktop Security Recovery, Prevention and Hardening Reading: Links are in Lecture](https://reader035.vdocument.in/reader035/viewer/2022062718/56649e6c5503460f94b6b83f/html5/thumbnails/51.jpg)
MCTS Guide to Microsoft Windows Vista 51
BitLocker Drive Encryption
• BitLocker Drive Encryption– Data encryption feature included with
Windows Vista• An entire volume is encrypted when you use
BitLocker Drive Encryption– Also protects the operating system
• Designed to be used with a Trusted Platform Module (TPM)– Part of the motherboard in your computer
and used to store encryption keys and certificates
![Page 52: CSCD 303 Essential Computer Security Fall 2010 Lecture 8 - Desktop Security Recovery, Prevention and Hardening Reading: Links are in Lecture](https://reader035.vdocument.in/reader035/viewer/2022062718/56649e6c5503460f94b6b83f/html5/thumbnails/52.jpg)
MCTS Guide to Microsoft Windows Vista 52
BitLocker Drive Encryption
![Page 53: CSCD 303 Essential Computer Security Fall 2010 Lecture 8 - Desktop Security Recovery, Prevention and Hardening Reading: Links are in Lecture](https://reader035.vdocument.in/reader035/viewer/2022062718/56649e6c5503460f94b6b83f/html5/thumbnails/53.jpg)
MCTS Guide to Microsoft Windows Vista 53
BitLocker Drive Encryption
• BitLocker Hard Drive Configuration– Hard drive must be divided into two
partitions• Encrypted partition: the operating system
volume• Unencrypted system partition: contains
necessary files to boot the operating system
![Page 54: CSCD 303 Essential Computer Security Fall 2010 Lecture 8 - Desktop Security Recovery, Prevention and Hardening Reading: Links are in Lecture](https://reader035.vdocument.in/reader035/viewer/2022062718/56649e6c5503460f94b6b83f/html5/thumbnails/54.jpg)
MCTS Guide to Microsoft Windows Vista 54
BitLocker Drive Encryption
• Recovering BitLocker-Encrypted Data– A recovery password is generated
automatically– You can save it to a USB drive or folder,
display on the screen, or print
![Page 55: CSCD 303 Essential Computer Security Fall 2010 Lecture 8 - Desktop Security Recovery, Prevention and Hardening Reading: Links are in Lecture](https://reader035.vdocument.in/reader035/viewer/2022062718/56649e6c5503460f94b6b83f/html5/thumbnails/55.jpg)
55
BitLocker Drive Encryption• Recovering BitLocker-Encrypted Data
– Recovery password is required when the normal decryption process is unable to function
– Most common reasons include:• Modified boot files• Lost encryption keys• Lost or forgotten startup PIN
• Disabling BitLocker Drive Encryption– Decrypts all of the data on the hard drive
and makes it readable again
![Page 56: CSCD 303 Essential Computer Security Fall 2010 Lecture 8 - Desktop Security Recovery, Prevention and Hardening Reading: Links are in Lecture](https://reader035.vdocument.in/reader035/viewer/2022062718/56649e6c5503460f94b6b83f/html5/thumbnails/56.jpg)
Summary
• Recovery, Prevention and Hardening– Learn about restoring your computer and
preventing problem before bad things happen
– Learn how to use some tools now, while your computer is still running
– Learn how to restore your system, learn how to patch and to keep updated on patches
– What else to do to Harden your system beyond the usual default configuration
![Page 57: CSCD 303 Essential Computer Security Fall 2010 Lecture 8 - Desktop Security Recovery, Prevention and Hardening Reading: Links are in Lecture](https://reader035.vdocument.in/reader035/viewer/2022062718/56649e6c5503460f94b6b83f/html5/thumbnails/57.jpg)
The End
• Next Time– Authentication and Biometrics
• Creative Midterm