NetTech Solutions

Protecting the Computer

Lesson 10

NetTech Solutions

Exam Objectives

• Identify and troubleshoot network connectivity problems caused by the firewall configuration

• Identify and respond to security incidents

NetTech Solutions

Lessons in this Chapter:

• Updating Windows and Microsoft Office

• Configuring Windows Firewall• Troubleshooting Virus Attacks• Using Microsoft Baseline

Security Analyzer

NetTech Solutions

Updating Windows and Microsoft Office

• Configuring Automatic Updates

NetTech Solutions

Using the Microsoft Update Site

• Three updates types: – High Priority updates, – Software Optional (non-critical

updates for Windows and other products), and

– Hardware Optional (hardware driver updates).

NetTech Solutions

High Priority Updates

NetTech Solutions

Software Optional Updates

NetTech Solutions

Practice:

• Updating Windows XP– Page 10-7

NetTech Solutions

Configuring Windows Firewall

• Understanding Windows Firewall– Perimeter firewalls– Local firewalls

• A stateful, host-based firewall

NetTech Solutions

Windows Drops Traffic that:

• Solicited traffic (valid traffic that is sent in response to a request by the computer) is allowed through the firewall.

• Expected traffic (valid traffic that you have specifically configured the firewall to accept) is allowed through the firewall.

NetTech Solutions

Windows Firewall is:

• Is enabled by default for all network connections.

• Limits the network traffic that comes into a computer by blocking transmission over all ports except those specifically configured to allow traffic

• Restricts traffic by IP address (or IP address range),

• Allows you to enable or disable Windows Firewall on each connection configured

• Allows you to keep a security log of blocked traffic

• Performs stateful packet filtering during startup

NetTech Solutions

Enable or Disable Windows Firewall for all Network Connections

• Control Panel• Security Center• Windows Firewall

NetTech Solutions

Windows Firewall

To Disable for a specific connection

NetTech Solutions

Exam Tip

• You should know where Windows Firewall log files are stored, whether logging isavailable, and what kind of information you can learn from log files.

NetTech Solutions

Tip

• Instead of entering the IP address for the local computer, you can also use the loopback address 127.0.0.1, which always refers to the local computer.

• This is useful should the IP address of the local computer change.

NetTech Solutions

ICMP Options

• Table 10-1– Page 10-18,19

NetTech Solutions

Troubleshooting Windows Firewall

• The inability to enable or disable Windows Firewall

• Problems with file and print sharing,

• Inability to access a server• Problems with Remote

Assistance,• Problems running Internet

programs.

NetTech Solutions

Things to Remember

• Windows Firewall can be enabled or disabled only by administrators.

• you must enable the File And Printer Sharing exception.

• Web server, FTP server, or other service, create the proper exceptions

• Windows Firewall blocks Remote Assistance and Remote Desktop traffic by default.

NetTech Solutions

Practice:

• Configure Windows Firewall– Page 10-21

NetTech Solutions

Troubleshooting Virus Attacks

• Virus Scanning Software– After installation, you should

1. Configure of automatic start

2. Configure to scan in/out going e-mail

3. Block scripts

4. Set to run either daily or weekly

5. Go to the web site for update Signatures

6. Keep your subscriptions current

7. Configure to protect against spyware or adware

8. Should automatically fix the system when a virus is detected

NetTech Solutions

Updating Virus Scanning Software

• Most important action a user can do is keep the virus signatures up to date

NetTech Solutions

Managing Antivirus Programs with Security Center

• On the Network

NetTech Solutions

Managing Antivirus Programs with Security Center

• On a workgroup the local administrator

NetTech Solutions

Taking Notice of Common Signs

• Virus’ come in through:– E-mail, – A floppy disk,– A downloaded application,– Network program

NetTech Solutions

Symptoms of virus infection

• The computer system or network slows down.• Network users all report similar problems almost

simultaneously.• Activity occurs on the computer, including

messages, music, or pop-ups.• A network e-mail server slows down or stops

responding.• Data files become corrupt or are missing.• Files and folders are changed.• Programs do not run or they run chaotically.• Computer partitions become unavailable.• E-mail is sent from a computer automatically and to

everyone in the user’s address book.

NetTech Solutions

Recovering from a Virus

• First find the virus.– Virus scanner should pick it up– There are online checkers:

• http://housecall.trendmicro.com• http://windowsxp.mvps.org/Scanners.htm

• A list of anti virus companies Microsoft supports:– http://www.microsoft.com/security/partner

s/antivirus.asp– http://www.microsoft.com/athome/security

/protect/windowsxp/default.mspx

NetTech Solutions

Using Microsoft Baseline Security Analyzer

• Downloading MBSA• http://www.microsoft.com/tech

net/security/tools/mbsa2/default.mspx

• Follow the instructions

NetTech Solutions

Install MBSA 2.0

NetTech Solutions

Run MBSA 2.0

NetTech Solutions

Practice:

• Install and Run MBSA– Page 10-32

NetTech Solutions

Summary

• Case Scenario– Page 10-34

• Troubleshooting Lab– Page 10-35

• Exam Highlights– Page 10-36