[go: up one dir, main page]
Scribd
Upload
3K views77 pages

CSCU Module 02 Securing Operating Systems PDF

Microsoft: infection rate on Windows 7 rose over 30% in H2-2010, while that on Windows XP dropped over 20%. Emergence of a serious malware construction kit for the Mac OS X seems to mimic a 2008 prediction by a security researcher. Adobe reader: "it's not a matter of if a computer is infected, it's whether it's infected"

Uploaded by

Sandeep Roy
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
3K views77 pages

CSCU Module 02 Securing Operating Systems PDF

Microsoft: infection rate on Windows 7 rose over 30% in H2-2010, while that on Windows XP dropped over 20%. Emergence of a serious malware construction kit for the Mac OS X seems to mimic a 2008 prediction by a security researcher. Adobe reader: "it's not a matter of if a computer is infected, it's whether it's infected"

Uploaded by

Sandeep Roy
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 77

Securing Operating Systems

Module 2

Simplifying Security.

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

MalwareContaminationonWindows7High,WhileforXPLow

May21,2011

InitslatesteditionofSecurityIntelligenceReportthatMicrosoftreleasedonMay12,2011,thecompanyrevealsthatthe
infectionrateonWindows7roseover30%inH22010,whilethatonWindowsXPdroppedover20%.
SaysPrincipalGroupProgramManagerJeffWilliamsforMicrosoftMalwareProtectionCenter,therateofcontaminationon
Windows7increased,that'sbecauseofmoremalwareattacksprevailingincyberspace.Computerworld.compublishedthis
onMay12,2011.
Notably,duringJulyDecember2010,therewasameanrateofmorethan432bitWindows7computersgettinginfected
forevery1,000 suchcomputers,ariseof33%comparedtoabout3suchPCsgettinginfectedforevery1,000duringH1
2010.
http://www.spamfighter.com
2

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Mac Malware Goes From Game


to Serious
May11,2011

Apple andmanyMacusers arguethatMacOSXhasaspecialrecipeforsecuritythatmakesitless


likelytobeinfectedwithmalware.ManysecurityresearcherscounterthattheMac'sseemingimmunity
stemsnotfromitssecurity,butfromitslackofmarketshare.
Thedebatemayfinallybesettled.
TheemergenceofaseriousmalwareconstructionkitfortheMacOSX seemstomimica2008prediction
byasecurityresearcher.ThepredictioncomesfromapaperwritteninIEEESecurity&Privacy(in.pdf),
whichusedgametheorytopredictthatMacswouldbecomeafocusforattackersassoonasApplehit16
percentmarketshare.
Lastweek,securityresearcherspointedtoaconstructionkitforcreatingTrojansfortheMacOSXasa
majorissueforMacusers.Currently,threecountries Switzerland,LuxembourgandtheUnitedStates
haveMacmarketsharearoundthatlevel.
http://www.csoonline.com

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Module Objectives
SystemSecurity

HowtoHideFilesandFolders?

ThreatstoSystemSecurity

WindowsSecurityTools

HowDoesMalwarePropagate?

GuidelinesforSecuringMacOSX

GuidelinesforWindowsOperating
SystemSecurity

ResourcesontheInternetfor
ComputerSecurity

TwoWayFirewallProtectionin
Windows

OperatingSystemSecurity
Checklists

WindowsEncryptingFileSystem(EFS)

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Module Flow
GuidelinesforSecuring
MacOSX

SystemSecurity

WindowsSecurity
Tools

ThreatstoSystem
Security

WindowsEncrypting
FileSystem(EFS)

HowDoes
MalwarePropagate?

GuidelinesforWindowsOSSecurity

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

System Security
Everyoperating
systemand
applicationis
subjectto
securityflaws

Usershaveto
installthe
patchesand
configurethe
software

Softwarevendors
usuallydevelop
patchestoaddress
theseflaws

System
compromisecan
bepreventedby
applyingsecurity
patchesina
timelymanner

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Module Flow
GuidelinesforSecuring
MacOSX

SystemSecurity

WindowsSecurity
Tools

ThreatstoSystem
Security

WindowsEncrypting
FileSystem(EFS)

HowDoes
MalwarePropagate?

GuidelinesforWindowsOSSecurity

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Threats to System Security


Virus
Aprogramthatreplicatesby
copyingitselftoother
programs,systembootsectors,
ordocuments,andaltersor
damagesthecomputerfilesand
applications

Rootkit
Asetofprogramsor
utilitiesthatallows
someonetomaintain
rootlevelaccesstothe
system

Worm
Aselfreplicatingvirus
thatdoesnotalterfiles
butresidesincomputer
memoryandreplicates
itself

Trojan
Aprogramthatseems
tobelegitimatebutacts
maliciously,when
executed

Backdoor
Anunauthorizedmeanof
accessingthesystemand
bypassingthesecurity
mechanisms

Logic Bomb
Aprogramthatreleasesa
virusoraworm

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Threats to System Security


Keylogger
Keyloggerisahardwaredevice
orsmallsoftwareprogramthat
monitorsandrecordseach
keystrokeonauser's
computerkeyboard

Spyware
SpywareincludesTrojansand
othermalicioussoftwarethat
stealspersonalinformation
fromthesystemwithoutthe
usersknowledge.Example:
Keylogger

PasswordCracking
Passwordcrackingistheprocess
ofidentifyingorrecoveringan
unknownorforgottenpassword

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Password Cracking
Passwordcrackingistheprocessofidentifying orrecovering anunknownorforgottenpassword
Brute
Forcing

Guessing

Dictionary
Attack

Tryingcombinations
ofallthecharacters
untilthecorrect
passwordis
discovered

Tryingdifferent
passwords until
oneworks

Itusesapre
definedlist of
words

Shoulder
Surfing

Social
Engineering

Watching someone
typethepassword

Tricking peopleto
revealtheirpassword
orotherinformation
thatcanbeusedto
guessthepassword

OriginalConnection

Victim

Attackergetsthe

Sniff

Server

passwordofthevictim

Attacker
10

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Module Flow
GuidelinesforSecuring
MacOSX

SystemSecurity

WindowsSecurity
Tools

ThreatstoSystem
Security

WindowsEncrypting
FileSystem(EFS)

HowDoes
MalwarePropagate?

GuidelinesforWindowsOSSecurity

11

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

How Does Malware Propagate?


Through Email
Attachments
Emailscontaining
attachmentsmay
includemalware
Clickingthe
attachmentinstallsa
maliciousprogramon
thecomputer

Through USB
Memory Sticks
A virus createan
autorun.inf filethatisa
systemhiddenanda
readonlyfile
Whentheuseropensthe
pendrivefiles,the
autorun.infisexecuted
andcopiesthe virus files
intothesystem

12

Through Infected
Websites
Visitingcompromised
sitesmayresultin
installationof
malicioussoftware,
designedtosteal
personalinformation,
onuserscomputer

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

How Does Malware


Propagate ?

http://www.sonicwall.com

13

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

How Does Malware Propagate?


ThroughFakeCodec
Iftheuserispromptedtodownload andinstall a
decoder towatchthevideo,thecodecmaybea
maliciousprogramthatwouldbedownloadedonto
thesystem

ThroughSharedFolders
Malwaremaypropagatevianetwork shares
Themalwarecanspreadbycreating copies ofitselfin
sharedfolders

14

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

How Does Malware Propagate?


ThroughFakeAntivirus
Antivirus2009isafakeantivirusthatperformsafake
scanoftheuserssystemandshowsvirusesthatare
notpresentonthesystem
ClickingtheRegister orScan buttonsdownloads
malwareontothesystem

ThroughDownloads
Downloadingsoftware,music,photos,andvideosfrom
untrustedwebsites mayalsocausedownloadinga
maliciousfileinfectedwithavirus,worm,Trojan,etc.
Alargenumberofmaliciousapplicationsareavailable
overtheInternetwithadescriptionthatmaytrick
usersintodownloadingthem

15

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

How Does Malware Propagate?


Peertopeer(P2P)filesharingenablessharing
ofmusic,audio,images,documents,and
softwareprogramsbetweentwocomputers
overtheInternet
Sharedfilesmaycontainsecurityriskssuchas
viruses,spyware,andothermalicioussoftware
Attackerscansharemalwaredisguisedasa
usefulapplication
P2Pnetworkscanbeusedtoillegallydistribute
thecopyrightedmaterialthatmayattractcivil
and/orcriminalpenalties

http://www.entertane.com

16

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Module Flow
GuidelinesforSecuring
MacOSX

SystemSecurity

WindowsSecurity
Tools

ThreatstoSystem
Security

WindowsEncrypting
FileSystem(EFS)

HowDoes
MalwarePropagate?

GuidelinesforWindowsOSSecurity

17

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Guidelines for Windows


Operating System Security
LocktheSystem,When
NotinUse

ApplySoftwareSecurityPatches

KillUnnecessaryProcesses

CreateStrongUserPassword

UseWindowsFirewall

ConfigureAuditPolicy

DisabletheGuestAccount

UseNTFS

HideFilesandFolders

LockOutUnwantedGuests

UseWindowsEncryptingFile
System

DisableSimpleFileSharing

RenametheAdministrator
Account

EnableBitLocker

UseWindowsUserAccount
Control(UAC)

DisableStartupMenu

DisableUnnecessaryServices

ImplementMalware
Prevention

18

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Lock the System When Not in Use


PresstheWindowsandLkeystogetheronthekeyboardtolockthesystem
Click Start

Lock

RightclickontheDesktopand select Personalize Screensaver selectthetime and


checkOnresume,displaylogonscreen

19

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Create a Strong User Password


1. Tocreateapassword,gotoStart ControlPanel SelectUserAccounts click
Manageanotheraccount
2. ClickUsername forwhomthepasswordhastobechangedandchooseCreatea
password (Ifthepasswordisalreadyset,thisoptionwillbeChangeyourpassword)
3. IntheCreateapasswordforusers accountwindow,typethepasswordtobeassigned
totheselecteduserandconfirmthepassword
4. Provideapasswordhint (optional)
5. Ifapasswordisalreadyassignedtotheuseraccountandaretryingtochangeit,
Windowswillaskyoutoverifythecurrentpassword
6. ClicktheCreate/ChangePassword button
Note:Usestrongpasswords forloggingintothesystem

20

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Change Windows User Password:


Windows 7

21

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Disable the Guest Account:


Windows 7
ClickStart rightclickComputer select
Manage
WhentheComputerManagement window
opens,gotoLocalUsersandGroups
Users
VerifythattheGuestaccount isdisabledby
lookingattheicon
Iftheaccountisnotdisabled,doubleclick
theaccountname toopenitsProperties
window
IntheGuestaccount'sproperties window
selectthecheckboxnexttoAccountis
disabled clickOK

22

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Lock Out Unwanted Guests in


Windows 7
GotoControlPanel click
AdministrativeTools
DoubleclicktheLocalSecurity
Policy AccountPolicies
doubleclicktheAccount
LockoutPolicy doubleclick
AccountLockoutThreshold
AttheAccountlockoutthreshold
Properties window,enterthe
numberofinvalidlogins(e.g.,3)
ClickOK andClose

23

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Rename the Administrator


Account in Windows 7
ClickStart rightclickComputer click
Manage
IntheComputer
Management window click
LocalUsersandGroups
selectUsers

Rightclickonuser AdminorAdministrator
selectRename typethenewnamefor
accountandclickOK

24

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Disable Start up Menu in Windows 7


Rightclickonthe Taskbar select
Properties clickStartMenu tab
UncheckbothStoreanddisplayrecently
openedprogramsintheStartmenuand
Storeanddisplayrecentlyopeneditems
intheStartmenuandthetaskbar click
Apply clickOK

25

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Windows Updates in
Windows 7
WindowsUpdates
ClickStart Control
Panel select System
andSecurity
SelectWindowsUpdate
ChangeSettings
ChoosehowWindowscan
install updates

26

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Pointers for Updates


Choosetobenotifiedby
thevendorabout
vulnerability
announcements

AlwayspatchtheOSand
applications tothelatest
patchlevels

Ensurethatyouare
downloadingpatchesonly
fromauthenticsources
preferablythevendorsite

Donotopenexecutable
filesfromsourcesof
questionableintegrity

Usepatch
managementtoolsfor
easierupdatingthere
areseveralfreetools

Donotsendpatches
throughemail

27

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Apply Software Security Patches


1

SoftwareupdatesareusedtokeeptheOSandother
softwareuptodate

Updatesmustbeinstalledfromthevendorswebsite

Updatescanbeinstalledautomaticallyormanually

Automaticupdatescanbeinstalledonascheduled
basis

Theupdateprocesscanbehiddenandrestored

28

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Configuring Windows Firewall in


Windows 7
OpenWindowsFirewallbyclickingtheStartbutton clickControlPanel
Inthesearchbox,typeFirewall clickWindowsFirewall
Intheleftpane,clickTurnWindowsFirewall ON orOFF

29

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Adding New Programs in Windows


Firewall in Windows 7
1. ClickStart Control Panel typeFirewall inthe
searchbox pressEnter
2. ClickAllowaprogramthroughWindowsFirewall
3. ClickChangeSettings

30

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Adding New Programs in Windows


Firewall in Windows 7
4. ClickAllowanotherProgram
5. TheAddAProgramwindowopens,whichlistspreinstalledprograms
ClickBrowse toaddaprogram(ifrequired)

31

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Adding New Programs in Windows


Firewall in Windows 7
6. NavigatetotheLocation oftheprogram selectitsexecutable file clickOpen
7. ClickAdd clickOKtoexittheWindowsFirewall

Thechangeisappliedtothelistofaddedprograms
32

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Removing/Disabling Programs Rules


from the Windows Firewall in Windows 7
ClickStart Control Panel search
WindowsFirewall gotoAllowa
ProgramthroughWindows Firewall
clickChangeSettings
Selecttheruleyouwantto
Remove/Disable
ToDisable anyruleforanyspecific
networklocation,uncheckits
respectivecheckbox clickOK
Toremoveanyprogramcompletely
fromtheallowedprogramlist,click
Remove clickYES clickOK

33

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Creating a New Windows Firewall


Rule in Windows 7
AdvancesettingsinWindowsFirewallallowuserstocreatecustomrules
Stepstocreateanewrule:
1. ClickStart Control Panel searchfor firewall clickCheck Firewall Status click
Advanced Settings

34

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Creating a New Windows Firewall


Rule in Windows 7
2. IntheWindowsFirewallwithAdvancedSecuritywindow, clickInboundRules clickNewRule
3. TheNewInboundRuleWizard opens selectthetypeofrule(Program,Port,Predefined,andCustom
rules)youwouldliketocreate clickNext

35

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Creating a New Windows Firewall


Rule in Windows 7
4. Selectthetypeofprotocol(TCP/UDP)andprovidetheportnumbersorselecttheoptionAll
LocalPortsfortheruleyouwanttobeapplied clickNext
5. DecidewhatAction totakewhenaconnectionmatchesthespecifiedcondition(here,Allow
theConnection) clickNext

36

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Creating a New Windows Firewall


Rule in Windows 7
6. SelectaProfile forwhichtherulehastobeapplied clickNext
7. GiveaName tothenewlycreatedRuleanddescription(optional) clickFinish
TheruleiscreatedanditallowsTCPInboundtraffictoalltheports.
Note:TocreatearuleforOutboundtraffic,followthesamesteps.ButselectUDPprotocol
andenter5679astheportnumber

37

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Two-Way Firewall Protection in


Windows
ClicktheStart button typewf.msc
orFirewall insearchbar press
Enter
ClicktheWindows Firewall with
Advanced Security icon
Thismanagementinterfacedisplays
theinboundandoutboundrules
ClickWindows FirewallsProperties
Adialogboxwithseveraltabswill
appear
ForeachprofileDomain,Private,and
PublicchangethesettingtoBlock,
andthenclickOK

38

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Always Use NTFS


NTFSfilesystemprovidesbetterperformanceandsecurityfordataonharddisksandpartitionsthan
theFATfilesystem
ConvertpartitionsthatusetheearlierFAT16orFAT32filesystemtoNTFSbyusingtheconvert
command
ClickStart AllPrograms
Accessories,rightclick
CommandPrompt,andthen
clickRunasadministrator.
Typethepasswordorprovide
confirmationifprompted

Closeanyopenprograms
runningonthepartitionor
logicaldrivetobe
converted

IntheCommandPrompt,
typeconvertdrive_letter:
/fs:ntfs,where
drive_letter istheletterof
thedrivetobeconvertedto
NTFS,andthenpressENTER

Typethenameofthe
volumeyouwanttoconvert,
andthenpressENTER

Note:ConvertingapartitionfromFATtoNTFSdoesnotaffectthedataonit.
YouneedtorestartthecomputerfortheNTFSconversionifthepartition
containssystemfiles.

39

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Module Flow
GuidelinesforSecuring
MacOSX

SystemSecurity

WindowsSecurity
Tools

ThreatstoSystem
Security

HowDoes
MalwarePropagate?

WindowsEncrypting
FileSystem(EFS)

GuidelinesforWindowsOSSecurity

40

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Windows Encrypting File System (EFS)


WindowsEncryptingFileSystem(EFS)allows
Windows7systemuserstoencryptfilesandfolders
inanNTFSformatteddiskdrive
Rightclickthefiletobeencrypted select
Properties ontheGeneral tab clicktheAdvanced
button.TheAdvancedattributesdialogboxappears.
TherearetwooptionsunderCompressorEncrypt
attributes,Compresscontentstosavediskspace
andEncryptcontentstosecuredata
SelectEncryptcontentstosecuredata clickOK to
closetheCompressorEncryptAttributesdialogbox
clickApply
AnEncryptionWarningdialogboxappears,check
anyofthetwooptions:Encryptthefileandits
parentfolderandEncryptthefileonly clickOK

41

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

How to Decrypt a File Using EFS in


Windows?

Rightclickthefiletobedecrypted
selectProperties

OntheGeneral tab,clickthe
Advanced button.AnAdvanced
Attributes dialogboxappears

Therearetwooptionsunder
CompressorEncryptAttributes,
Compresscontentstosavediskspace
andEncryptcontentstosecuredata

UncheckEncryptcontentstosecure
data clickOK toclosethe
Compress/EncryptAttributesdialog
box applythesettings clickOK

42

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Using Windows Defender


WindowsDefenderisanantispyware softwarethatoffersrealtimeprotectionagainstspywareandotherpotentially
maliciousprogramsinfectingthecomputer
Toturn Windows DefenderON or OFF open Windows Defender byclickingthe Start button click All Programs click
Windows Defender ortypeWindows Defender inthesearchspace
Click Tools click Options click Administrator select or clear the Use Windows Defender check box click Save

43

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Enable BitLocker in Windows 7


1.

BitLockerDriveEncryptionprovidesbetterdataprotectionbyencryptinganentireWindowsoperatingsystem
volume

2.

Theharddriveandanyremovablemediaonthecomputercanbeencrypted

3.

EncryptedremovablemediacanbedecryptedandreencryptedonanyWindows7computer

4.

ClickStart click Computer Rightclickonanydrive andselecttheoptionTurnonBitLocker

Note:BitLocker isavailableonlyintheEnterpriseandUltimateeditionsofWindowsVistaandWindows7

44

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Launching Event Viewer in


Windows 7
EventViewerisabuiltinWindowsutilitythatallowsuserstoviewandmanagetheeventlogs,gather
informationabouthardwareandsoftwareproblems,andmonitorWindowssecurityevents
TostartEventViewerinWindows7 clickStart ControlPanel SystemandSecurity
AdministrativeTools Event Viewer

WindowsXP

Windows7
45

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Event Viewer: Events


and How to Read Logs
on the System

46

1. EventViewercategorizeseventsintofivetypes:
Error,Warning,Information,AuditSuccess,and
AuditFailure
2. Eacheventlogisdifferentiatedbyitslevel and
containsheaderinformationandadescriptionof
theevent
3. Eacheventheadercontainsadetaileddescription
ofthelevel,date,time,source,eventID,andtask
category

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Disabling Unnecessary Services in


Windows 7
Aserviceisalongrunningexecutablethat
performsspecificfunctionswithout
requiringanyuserintervention
Servicesnormallystartduringthesystem
startuporbooting
Someservicesloadautomatically,while
othersarecalledwhenaprogramisused
Toviewrunningservices,clickStart
Control Panel Administrative Tools
doubleclickServices
Alternatively,selectStart type
services.msc insearchbar pressENTER
OncetheServiceswindowisloaded,the
usercanturnoffanyunneededservices

47

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Killing Unwanted Processes


Killorterminateunnecessaryandsuspiciousprocessestoincreasesystemperformanceandprotectsystem
againstmalwares

Killing a process
Press [Alt]+[Ctrl]+[Del]keyssimultaneously click
TaskManager
InTask Manager gotoProcesses tab selectthe
Process clickEnd Process
Alternatively,rightclickonaselectedtargetprocess
selectEnd Process

Killing a Process Tree


RuntheTask Manager selectthetarget process
rightclickandselectEndProcessTree

48

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Finding Open Ports Using Netstat Tool


Knowingopenports,andservicesandapplicationsassociatedwiththeseportshelpsindetectingthepresence
ofmalwaresuchasvirus,worms,Trojans,etc.inthesystem
Malwaregenerallyopenports toreceiveorsend datapacketsfromattackers
Netstat,aWindowsinbuiltutility,canbeusedtodetermineopenportsinthesystemandassociated
applications
ClickStart AllPrograms Accessories,rightclickCommandPrompt,andthenclickRunasadministrator.
Typethepasswordorprovideconfirmationifprompted
Typenetstat b inthecommandpromptwindowtoseetheopenportsandassociatedapplications

49

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Configuring Audit Policy


Auditpoliciesshouldbeconfiguredtoidentifyattemptedorsuccessfulattacksonsystemandnetwork

1. ClickStart typesecpol.msc in
searchbar,andpressEnter
2. ClickLocalPolicies selectAudit
Policy doubleclicktheAudit
accountlogoneventspolicy
checktheSuccess andFailureboxes
clickApply click OK
3. Similarly,changethesecurity
settingforallthepolicieslistedin
therighthandpaneofLocal
SecurityPolicywindow
4. ClosetheLocalSecurityPolicy
window

50

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

How to Hide Files and Folders?


Rightclickthefileorfoldertobehidden clickProperties underAttributes
checkHidden click Apply clickOK
OntheOrganize menufromWindowsExplorer clickFolderandsearchoptions
Onthe View tab,SelecttheDonotshowhiddenfilesandfolders option

51

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Disable Simple File Sharing in


Windows
1. GotoStart ControlPanel Folder
Options
2. FromtheFolderOptions window
selecttheView tab
3. ScrolltothebottomoftheAdvanced
Settings pane
4. UncheckthecheckboxforUsing
sharingwizard(forWindows7)
clickOK

52

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Raise the UAC Slider Bar in Windows 7


UserAccountControl(UAC)helpstheusertomakecriticaldecisionswhileinstallingsoftware
ClickStart ControlPanel ActionCenter ChangeUserAccountControlSettings
Raise/AdjusttheUACsliderbartoAlwaysnotify

53

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Module Flow
GuidelinesforSecuring
MacOSX

SystemSecurity

WindowsSecurity
Tools

ThreatstoSystem
Security

WindowsEncrypting
FileSystem(EFS)

HowDoes
MalwarePropagate?

GuidelinesforWindowsOSSecurity

54

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Windows Security Tools: Microsoft


Security Essentials

MicrosoftSecurityEssentials
providesrealtimeprotection
forahomePCthatguards
againstviruses,spyware,and
othermalicioussoftware

http://www.microsoft.com

55

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Windows Security Tools: KeePass


Password Safe Portable
KeePassisapassword
managerthatmanages
passwordsinasecureway
andcarriesallpasswordsin
one database,whichislocked
withone master key ora
keydisk
Thedatabasesareencrypted
usingcurrentknownsecure
encryptionalgorithms(AES
256andTwofish)

http://portableapps.com

56

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Windows Security Tools: Registry


Mechanic
1.

RegistryMechanicofferstoolstospeed up andimprove thestability ofWindows7,WindowsVista,or


WindowsXPPC

2.

RegistryMechanicsafelycleans,repairs,andoptimizes theregistryandautomaticallybacksupchanges
forfuturerecovery

3.

Permanentlyerases Internetactivity,personalfiles,andfreespacetokeep information away from


pryingeyes

http://www.pctools.com
57

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Windows Security Tools: Windows


Defender
WindowsDefenderhelpsprotect a
computeragainstpopups,slow
performance,andsecuritythreats
causedbyspywareandother
unwantedsoftwarebydetectingand
removingknownspywarefroma
computer

http://www.microsoft.com

58

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Module Flow
GuidelinesforSecuring
MacOSX

SystemSecurity

WindowsSecurity
Tools

ThreatstoSystem
Security

WindowsEncrypting
FileSystem(EFS)

HowDoes
MalwarePropagate?

GuidelinesforWindowsOSSecurity

59

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Step 1: Enabling and Locking Down the


Login Window
ClickApplemenu System
Preferences Accounts
Loginoptions DisplayLogin
Windowsas Nameand
Password
UncheckAutomaticallylogin as:
CheckHide the Sleep,Restart,
andShutDownbuttons
UncheckEnable fast users
switching ifnotused

60

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Step 2: Configuring Accounts


Preferences
FromtheApplemenuchooseSystem
Preferences fromtheViewmenu
chooseAccounts selecttheusername
whosepasswordyouwanttochange
ClickReset Password(MacOSXv10.3and
v10.4)orChange Password(MacOSX
v10.5orlater)
Enteranewpasswordinboththe
PasswordandVerifyfields clickthe
ResetPassword(MacOSXv10.3and
v10.4)ortheChangePassword(MacOSX
v10.5orlater)
Ifadialogboxappearswiththemessage
YourKeychainpasswordwillbechanged
toyournewaccountpassword, click
OK

61

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Step 3: Guidelines for Creating


Accounts
Nevercreateaccounts
thatareshared by
severalusers

Eachusershouldhavehisor
herownstandard or
managed account

Administratorsshouldonly
usetheiradministrator
accounts foradministration
purposes

Individual accounts are


necessarytomaintain
accountability

62

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Step 4: Securing the Guest Account


Theguestaccountmustbeusedfor
temporary access tothesystem
Theguestaccountshouldbe
disabled bydefault asitdoesnot
requireapasswordtologintothe
computer
Iftheguestaccountisenabled,
Enable Parental Controls tolimit
whattheusercando
Iftheuserpermitstheguest
accounttoaccess shared folders,an
attackercaneasilyattemptto
accesssharedfolderswithouta
password

63

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Step 5: Controlling Local Accounts


with Parental Controls
Network
Traffic Analysis
OpenSystem Preferences click
Accounts
Ifthelockiconislocked clickthe
lockiconandprovidean
Administrator name andPassword
Selecttheuser account tobe
managedwithparental controls
selecttheEnable Parental Controls
checkbox
ClickOpenParentalControls click
System,Content,Mail&iChat,Time
Limits,andLogs

64

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Step 6: Use Keychain Settings


Keychainstorespasswordsonthediskinanencryptedformanditisdifficultforanonrootuserto
sniffapasswordbetweenapplications
Goto Applications Utilities Keychain Access Edit Change settings forKeychain"login"
CheckLock after changeminutes ofinactivity tothedesirednumberofminutes checkLock
when sleeping clickSave

65

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Step 7: Use Apple Software Update


MacOSXincludesanautomaticsoftwareupdatetooltopatchthemajorityofAppleapplications
SoftwareUpdateoftenincludesimportantsecurity updates thatshouldbeappliedtoausersmachine
Toupdatesoftware:
OpenSoftware Update preferences clicktheScheduled Check pane
Deselect Download updates automatically clickCheck Now

66

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Step 8: Securing Date & Time Preferences


1. OpenDate&Timepreferences intheDate & Time pane,enterasecureandtrusted
NTPserverintheSet date & time automatically field
2. ClicktheTime Zone button chooseaTime Zone

67

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Step 9: Securing Network Preferences


Itisrecommendedtodisableunused
hardwaredeviceslistedinNetwork
preferences
OpenNetworkpreferences fromthe
listofhardwaredevices,selectthe
hardwaredevicethatconnectsones
network
FromtheConfigure popupmenu,
chooseManually
EntertheusersstaticIPaddress,Subnet
Mask,Router,DNSServer,andSearch
Domainconfigurationsettings
ClickAdvanced intheConfigureIPv6
popupmenu,chooseOff clickOK

68

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Step 10: Enable Screen Saver Password


Topreventunauthorizedaccesstoasystem,enable ascreen saver password
1. Fromthe Apple menu select System
Preferences click Security clicktheLock
icontomakechanges
2. Ifprompted,typetheadmin userid and
password
3. IntheSecurity window clicktheGeneral
tab checkRequirepasswordtowakethis
computerfromsleeporscreensaver(Leopard)
orRequirepasswordimmediatelyaftersleep
orscreensaverbegins(SnowLeopard)
4. Inadditiontothescreensaverpassword,also
securethesystembyselecting:

Disable automaticlogin

Requirepasswordtounlock eachSystem
Preference.

Usesecure virtual memory

Clickthelock icon topreventfurther changes

ClosetheSecurity window andrestart your


machine

69

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Step 11: Set Up FileVault to Keep


Home Folder Secure
ClickSystem Preferences click
Security clickFileVault
clickSetMasterPassword
Createthemasterpasswordfor
thecomputerbutensurethis
passwordisdifferentfromuser
accountpassword
Verifythepassword clickOK

70

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Step 12: Firewall Security


MacOSXfirewallblocks unwanted network
communication withthecomputer:
1.

ClickSystem Preferences clickSecurity click


Firewall

2.

ClicktheLock Icon tomakechanges

3.

Ifprompted,typetheadmin userid andpassword

4.

Bydefault,thefirewallallows all incoming


connections,changetheoptionbyclickingthe
secondoption(Allowonlyessentialservices)or
thirdoption(Setaccessforspecificservicesand
applications)

5.

Choosewhichapplication(s)youwantthefirewall
toallowandwhichtoblock

6.

Clickthe lock icon topreventfurtherchangesand


closethe Security window

71

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Resources on the Internet for


Computer Security
TECS:TheEncyclopediaof
ComputerSecurity

InternetFraudComplaint
Center(IC3)

http://www.itsecurity.com

http://www.ic3.gov

CYBERCRIME

VirusBulletin

http://www.cybercrime.gov

http://www.virusbtn.com

CommonVulnerabilities
andExposures

WindowsSecurityGuide
http://www.winguides.com

http://www.cve.mitre.org

StaySafeOnline

MacintoshSecuritySite

http://www.staysafeonline.org

http://www.securemac.com

72

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Module Summary
Attackersdiscovernewvulnerabilitiesandbugstoexploitincomputersoftware
Softwarevendorsusuallydeveloppatchestoaddresstheproblems
Encryptionistheprocessofconvertingdataintoasecretcode
Regularlyupdatetheoperatingsystemandotherapplications
WindowsSystemRestoreisusedtoreturnonescomputertoanearlierstatein
caseofasystemfailureorothermajorproblemwiththesystem
MicrosoftSecurityEssentialsprovidesrealtimeprotectionforthePCthatguards
againstviruses,spyware,andothermalicioussoftware
WindowsDefenderhelpstoprotectthesystemagainstpopups,slowperformance,
andsecuritythreats

73

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Operating Systems Security Checklist


Regularlyupdatetheoperatingsystemandotherapplications
Installantivirussoftwareandscanthesystemregularly
Donotopenanyemailfromunknownsenders
Performanantivirusscanwhiledownloading
Lockthesystemwhennotinuse
Physicallysecurethesystemfromunauthorizedaccess
Enablefirewallprotectionandconfigureallthecomputersettingsfor
highsecurity
Usestrongpasswords,atleasteightcharacterslong,containingboth
lettersandnumbers

74

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Operating Systems Security Checklist


Configureantivirustocheckallmediums(CDROMs,email,websites,
downloadedfiles,etc.,)forviruses
DeletetheInternethistoryfiles,logs,andpersonalfiles
Makebackupsofimportantdataandstorethemsafely
Disableorlimitthenumberofunnecessaryaccounts
Useencryptiontoenhanceprivacy
Keepuptodatewithhotfixes andservicepacks
DisableAutoRun fortheDVD/CDROM
Securethewirelessnetwork

75

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

Windows 7 Security Checklist


UseWindowsDefendertohelppreventspywareandotherpotentiallyunwantedsoftware
frombeinginstalledonthecomputerautomatically
UserAccountControlasksforpermissionbeforeinstallingsoftwareoropeningcertainkindsof
programsthatcouldpotentiallyharmyourcomputerormakeitvulnerabletosecuritythreats

Backupyourfilesandsettingsregularlysothatifyougetavirusorhaveanykindof
hardwarefailure,youcanrecoveryourfiles
SetWindowsUpdatetodownloadandinstallthelatestupdatesforthecomputer
automatically
WindowsFirewallcanhelppreventhackersandmalicioussoftware,suchasviruses,
fromgainingaccesstoyourcomputerthroughtheInternet
UseActionCentertomakesurethefirewallisON,antivirussoftwareisuptodate,and
thecomputerissettoinstallupdatesautomatically

76

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

MAC OS Security Checklist


SecurelyerasetheMacOSXpartitionbeforeinstallation
SetparentalcontrolsformanagedaccountsandUsePasswordAssistant
togeneratecomplexpasswords
SecurelyconfigureAccountspreferencesandDate&Timepreferences

InstallMacOSXusingMacOSExtendeddiskformatting
Createanadministratoraccountandastandardaccountforeach
administrator
Createkeychains forspecializedpurposes

SecurelyconfigureSecuritypreferences

77

CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.

You might also like