Download - Managing Local Security in Windows
Managing Local Security in Windows
Threats to Computers and UsersDefense Against Threats
Windows Local Security AccountsApplying Security to Files and Folders, Common Windows Security Problems
Chapter
7
Threats to Computers and Users Accidental, Deliberate, Natural and Unnatural Disasters
Fires; Earthquakes; Floods ? Dropped Theft and damage Protect against disasters with frequent backups
Backup critical data files Image backups Multiple backup sets Why?
Chapter
7
Threats to Computers and Users Computer Hardware Theft
Secure computers physically Laptops more vulnerable Unsophisticated thieves steal for the value of hardware. Sophisticated thieves will search hard drive for data.
Identify Theft Personal information is stolen and used to commit fraud Obtaining a social security # and other key personal information
may be enough to steal someone's identity Fraud a form of identity theft
The use of deceit & trickery to obtain money or valuables
Chapter
7
Threats to Computers and Users
Accidental, Deliberate, Natural and Unnatural Disasters Continued) Other Deliberate Attacks Spyware
Bluesnarfing Password Crackers Spam Trojan Horse Pop-Up Download War Driving Phishing
Keystroke Logger Viruses, Worms, Adware Home Page Hijack PC Hijacking Back Doors
Chapter
7
Define
Spyware whether malicious or not, “Spyware” is software secretly placed on a computer that records and reports user activity.
Phishing is attempt to lure a user into surrendering their personal information, by pretending to be an official request from a legitimate business. (PayPal, eBay, Citibank, IRS Tax refund)
Chapter
7
Attackers Online attackers or organized crime – monetary gain
Credit card trafficking Identity theft Financial account access Hire out
Marketing organizations Online surfing and purchasing habits Trend related activities to mount marketing campaigns
Trusted Insiders sell information leverage to gain advantage Black mail
Chapter
7
Attack Form
Application add-ons: Often bundled with software
Web site installs: Malicious Web sites often disguise spyware as a helpful utility and prompt users to install the spyware when browsing the site.
E-mail attachments or links: especially HTML graphics images, misrepresented links
Software Install Prompt Pop-up Windows:
Chapter
7
Spyware Types
Adware – demos, free trials, EULA deception Keyloggers – record key press Trojans - attached to a useful program Scumware – altered link rerouting (email) Dialers – hidden time pay phone calls (Porn) Browser & search engine Hijackers
Chapter
7
Spyware Visual Examples
Spyware has been known to masquerade as a prize-notification pop-up
window.
Masquerading as anti-spyware - This is one of the cruelest tricks in the book. This type of software convinces you that it's a tool to detect and remove spyware.
Spyware Visual Examples continued:
Peer-to-peer file-sharing clients. While it officially claims otherwise, Kazaa hasbeen known to include Spyware in its download
package.
Bonzi Buddy is an "add-on" application that includes spyware in its package. Browser add-ons – are particularly nasty add-ons are considered browser hijackers -- these embed themselves deeply in your machine and take quite a bit of work to get rid of.
Indicators Unexplainable, reduction in computer
performance. “unauthorized device hijacking” Toolbars appear that can't be deleted
permanently. Heavy increase in pop-up ads. “internet
pollution” Search engine or browser home page has
changed, “Hijacked”. Excessive or unexplained network or modem
traffic. “bandwidth stealing”
Chapter
7
Spyware Statistics Spyware dishing websites, at the end of Q1 of 2006,
the number was 427,000, while at the end of Q2 2006, the number reached an astonishing 527,136.
Infection rates Q2 of 2006: Home user – 89% Small & Medium size Businesses – 50% Enterprise Businesses – 21%
Business Effects Reported: Performance slow down – 65% Productivity Loss – 58% Loss in sales – 20%
The Spyware King: China 42%, United States 17%
Chapter
7
Emotions Emotional effects on home user and IT personnel Direct Revenue an advertising company (spyware)
tracked the most frequently used aggressive words found in customer complaints for June of 2005. The top three are, ’”die” (103 times), “f-----“(44), and “kill” (15) (Elgin & Grow, 2006).
No where to turn, no recourse! Controversial Course teaches Spyware Code writing
Chapter
7
Legislation
Federal - Computer Fraud and Abuse Act Federal Trade Commission Act Electronic Communications Privacy Act About 12 states have specific Spyware laws Shawn Collins, Chicago attorney - charges spyware as a
pollutant to the internet and a trespass-to-personal-property as an argument. (6 cases: 3 and 1 so far)
Spy vs. Spy (Direct Revenue and Avenue Media) Fail to Report Incidents why?
FTC must (reasonably protected) Reputation
Chapter
7
Prevention and Detection
Use a firewall to restrict outbound traffic on all ports except those used for HTTP, POP3, and SMTP.
Use multi-layered Anti-spyware approach Make it a habit to run scans of antivirus and anti-
spyware programs bi-weekly or even daily. Read EULA very carefully – target phrases
EULAlyzer program – automatic EULA reader Close unwanted pop-up install prompts using Alt-F4
instead of “X” icon on the title bar, a “No”, “Close”, or “Cancel” button.
Avoid using peer-to-peer, file sharing networks
Prevention and Detection
Limit Web surfing to known-safe sites by using a proxy server or restricted sites list.
Web links within pop-ups or in emails can be masked to look legitimate. Type in URLs don’t click email links Use Pop-up blockers
Avoid downloading helpful site plug-ins. Avoid downloading freeware, shareware, limited
demo software, and free trail offers. Use only commercial and known-safe utilities. Don’t surf the web while logged in as Administrator Regularly apply software patches and updates.
Prevention and Detection
Consider alternative browsers, Firefox, Opera. Turn off PC or modem Backup your data regularly. Adjust cookie permissions: Uninstall applications you don’t use. When possible, configure user accounts without
download or install permissions. Use Spam blockers Check out programs before you download or
install
Removal Install multiple detection and removal programs. Identify and disable malicious processes with Windows
Task Manager. Run “msconfig” disable malicious services and startup
programs with the System Configuration Utility. Run an anti-virus program and keep it updated Reacting to a Suspected Virus Attack
Scan all drives and memory with a locally installed anti-virus
Use a free antivirus scanner, such as Housecall, at housecall.trendmicro.com
Search and delete registry entries associated that malicious code. Warning, educate yourself first!
Chapter
7
Top Ten Rogue Anti-Spyware Applications
10. Spyware Bomber brought to us by the same folks behind Enternet Media, the spyware company shut down recently by the FTC
9. SlimShield tied with Winhound Spyware Remover for hijacking and stealth installation
8. WinAntiVirus and its companion WinAntiSpyware 2005 for hijacking, aggressive advertising and inappropriate collection of personally identifying information
7. SpywareNo and its clone SpyDemolisher for stealth installation and deceptive aggressive advertising
6. Razespyware for stealth installs, desktop hijacks and aggressive advertising
5. Spy Trooper for stealth installs, desktop hijacks and aggressive advertising
4. WorldAntiSpy for stealth installs, desktop hijacks and aggressive advertising
3. PSGuard for stealth installs, desktop hijacks and aggressive advertising
2. SpySheriff for stealth installs, desktop hijacks and aggressive advertising
1. SpyAxe for desktop hijacks, stealth installs and deceptive, aggressive advertising
Chapter
7
Top Ten Anti-Spyware Applications
1. Lavasoft Ad-aware - Free2. ZoneAlarm Anti-Spyware3. Tenebril SpyCatcher4. Webroot Spy Sweeper 5. PC Tools Spyware Doctor6. McAfee AntiSpyware 7. Spybot Search & Destroy - Free8. Microsoft Defender – Free for until Dec.9. Trend Micro Anti-Spyware10. CA eTrust PestPatrol - Free
Chapter
7
Defense Against Threats
Authentication and Authorization Authentication
Verification of who you are, your identity (user name) One-layer authentication
Something you know (password) Two-layer authentication
Something you know plus something you have (a token, like a bankcard)
Three-layer authentication Above plus biometric data (retinal scan, voice print, etc.)
Chapter
7
Defense Against Threats
Authentication and Authorization (continued) Authorization
Determines the level of access to a computer or a resource.
Includes both authentication, plus verification of access level
Permission describes an action that can be performed on an object
Chapter
7
Defense Against Threats
Authentication and Authorization (continued) Password
A string of characters entered for authentication Don’t take passwords for granted Don’t use the same password everywhere Basic defense against invasion of privacy Use long and complex password Do not use common words
Chapter
7
Defense Against Threats
Best Practices with User Names and Passwords Don't Give Away Your User Name and Password Create Strong Passwords Never Reuse Passwords Avoid Creating Unnecessary Online Accounts Don’t Provide More Information Than Necessary Always Use Strong Passwords for Certain Types
of Accounts
Chapter
7
Defense Against Threats
Security Accounts An account that can be assigned permission
to take action on an object or the right to take action on an entire system.
User Accounts Individual account Includes user name and password Full name, description, and other information Exist in all Windows security accounts databases
Chapter
7
Defense Against Threats
Security Accounts (continued) Group Accounts
Contain one or more user and group accounts Exist in all Windows Security accounts databases
Computer Accounts Computers may have accounts Exist in Microsoft domain security accounts
databases
Chapter
7
Defense Against Threats Encryption
Transformation of data into a code that can only be decrypted with a secret key or password
Secret key is a special code used to decrypt Encrypt a local or network-based file Encrypt data before sending over a network (PGP) Only someone with the password or key can decrypt
data Secret key may be held in a digital certificate Encrypt sensitive data stored on a laptop or in a setting
where data theft is a concern NTFS5 supports file and folder encryption
Chapter
7
Defense Against Threats
Firewalls Firewall technologies
IP packet filter Proxy service Encrypted authentication Virtual private network (VPN)
Chapter
7
Defense Against Threats
Firewalls (continued) Working behind a Firewall in a Large Organization
Firewall configured based on the computers it is protecting. Working Behind a Firewall at Home or on a Small LAN
Hardware for home and small business called "broadband routers“
Personal software firewall utilitiesStep-by-Step 7.01
Configure the Windows FirewallPage 324
Chapter
7
Defense Against Threats
More help from Windows XP Service Pack 2 Windows Security Center monitors
Firewall Automatic Updates Virus Protections
A Manage Add-ons button in Internet Options A pop-up dialog will warn of add-on installation
attempt Protection from opening suspect files
Chapter
7
Defense Against Threats
Privacy Protection Internet Options privacy settings
Control handling of cookies Settings from block-all-cookies to allow-all-cookies Balance between convenience and risk
Chapter
7
Defense Against Threats Protection from Inappropriate or Distasteful Content
Web content filter Add-on or feature of a web browser Block or allow certain sites Service on Internet give ratings to web sites Configure filter to allow or disallow unrated sites Content Advisor in Internet Explorer
Step-by-Step 7.02Check Out the Content Advisor
in Internet ExplorerPage 329
Chapter
7
Windows Local Security Accounts
Administering Local Windows Accounts (continued) User Administration in Windows XP Pro (continued)
Password Reset Disk Created by/for currently logged on user Use when password is forgotten Will not lose access to items such as encrypted files If Administrator resets—password access to encrypted
files is lost Gives user power to fix own passwords More complicated to do in a domain
Step-by-Step 7.05Creating User Accounts and a Password Reset Disk in Windows XP
Page 347
Chapter
7