Securing Operating Systems Module 2
Simplifying Security.
1
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Malware Contamination on Windows 7 High, While for XP Low
May 21, 2011
In its latest edition of Security Intelligence Report that Microsoft released on May 12, 2011, the company reveals that the infection rate on Windows 7 rose over 30% in H2‐2010, while that on Windows XP dropped over 20%. Says Principal Group Program Manager Jeff Williams for Microsoft Malware Protection Center, the rate of contamination on Windows 7 increased, that's because of more malware attacks prevailing in cyber space. Computerworld.com published this on May 12, 2011. Notably, during July‐December 2010, there was a mean rate of more than 4 32‐bit Windows 7 computers getting infected for every 1,000 such computers, a rise of 33% compared to about 3 such PCs getting infected for every 1,000 during H1‐ 2010. http://www.spamfighter.com 2
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Mac Malware Goes From Game to Serious May 11, 2011
Apple ‐‐ and many Mac users ‐‐ argue that Mac OS X has a special recipe for security that makes it less likely to be infected with malware. Many security researchers counter that the Mac's seeming immunity stems not from its security, but from its lack of market share. The debate may finally be settled. The emergence of a serious malware construction kit for the Mac OS X seems to mimic a 2008 prediction by a security researcher. The prediction comes from a paper written in IEEE Security & Privacy (in .pdf), which used game theory to predict that Macs would become a focus for attackers as soon as Apple hit 16 percent market share. Last week, security researchers pointed to a construction kit for creating Trojans for the Mac OS X as a major issue for Mac users. Currently, three countries ‐‐ Switzerland, Luxembourg and the United States ‐‐ have Mac market share around that level. http://www.csoonline.com
3
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Module Objectives System Security
How to Hide Files and Folders?
Threats to System Security
Windows Security Tools
How Does Malware Propagate?
Guidelines for Securing Mac OS X
Guidelines for Windows Operating System Security
Resources on the Internet for Computer Security
Two‐Way Firewall Protection in Windows
Operating System Security Checklists
Windows Encrypting File System (EFS)
4
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Module Flow Guidelines for Securing Mac OS X
System Security
Windows Security Tools
Threats to System Security
Windows Encrypting File System (EFS)
How Does Malware Propagate?
Guidelines for Windows OS Security
5
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
System Security Every operating system and application is subject to security flaws
Users have to install the patches and configure the software
Software vendors usually develop patches to address these flaws
System compromise can be prevented by applying security patches in a timely manner
6
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Module Flow Guidelines for Securing Mac OS X
System Security
Windows Security Tools
Threats to System Security
Windows Encrypting File System (EFS)
How Does Malware Propagate?
Guidelines for Windows OS Security
7
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Threats to System Security Virus A program that replicates by copying itself to other programs, system boot sectors, or documents, and alters or damages the computer files and applications
Rootkit A set of programs or utilities that allows someone to maintain root‐level access to the system
Worm A self‐replicating virus that does not alter files but resides in computer memory and replicates itself
Trojan A program that seems to be legitimate but acts maliciously, when executed
8
Backdoor An unauthorized mean of accessing the system and bypassing the security mechanisms
Logic Bomb A program that releases a virus or a worm
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Threats to System Security Keylogger Keylogger is a hardware device or small software program that monitors and records each keystroke on a user's computer keyboard
Spyware Spyware includes Trojans and other malicious software that steals personal information from the system without the users’ knowledge. Example: Keylogger
Password Cracking Password cracking is the process of identifying or recovering an unknown or forgotten password
9
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Password Cracking Password cracking is the process of identifying or recovering an unknown or forgotten password Brute Forcing
Guessing
Dictionary Attack
Trying combinations of all the characters until the correct password is discovered
Trying different passwords until one works
It uses a pre‐ defined list of words
Shoulder Surfing
Social Engineering
Watching someone type the password
Tricking people to reveal their password or other information that can be used to guess the password
Original Connection
Victim
Attacker gets the
Sniff
Server
password of the victim
Attacker 10
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Module Flow Guidelines for Securing Mac OS X
System Security
Windows Security Tools
Threats to System Security
Windows Encrypting File System (EFS)
How Does Malware Propagate?
Guidelines for Windows OS Security
11
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
How Does Malware Propagate? Through Email Attachments Emails containing attachments may include malware Clicking the attachment installs a malicious program on the computer
Through USB Memory Sticks A virus create an autorun.inf file that is a system hidden and a read‐only file When the user opens the pen drive files, the autorun.inf is executed and copies the virus files into the system
12
Through Infected Websites Visiting compromised sites may result in installation of malicious software, designed to steal personal information, on users computer
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
How Does Malware Propagate ?
http://www.sonicwall.com
13
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
How Does Malware Propagate? Through Fake Codec If the user is prompted to download and install a decoder to watch the video, the codec may be a malicious program that would be downloaded onto the system
Through Shared Folders Malware may propagate via network shares The malware can spread by creating copies of itself in shared folders
14
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
How Does Malware Propagate? Through Fake Antivirus Antivirus 2009 is a fake antivirus that performs a fake scan of the users’ system and shows viruses that are not present on the system Clicking the Register or Scan buttons downloads malware onto the system
Through Downloads Downloading software, music, photos, and videos from untrusted websites may also cause downloading a malicious file infected with a virus, worm, Trojan, etc. A large number of malicious applications are available over the Internet with a description that may trick users into downloading them
15
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
How Does Malware Propagate? Peer‐to‐peer (P2P) file sharing enables sharing of music, audio, images, documents, and software programs between two computers over the Internet Shared files may contain security risks such as viruses, spyware, and other malicious software Attackers can share malware disguised as a useful application P2P networks can be used to illegally distribute the copyrighted material that may attract civil and/or criminal penalties
http://www.entertane.com
16
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Module Flow Guidelines for Securing Mac OS X
System Security
Windows Security Tools
Threats to System Security
Windows Encrypting File System (EFS)
How Does Malware Propagate?
Guidelines for Windows OS Security
17
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Guidelines for Windows Operating System Security Lock the System, When Not in Use
Apply Software Security Patches
Kill Unnecessary Processes
Create Strong User Password
Use Windows Firewall
Configure Audit Policy
Disable the Guest Account
Use NTFS
Hide Files and Folders
Lock Out Unwanted Guests
Use Windows Encrypting File System
Disable Simple File Sharing
Rename the Administrator Account
Enable BitLocker
Use Windows User Account Control (UAC)
Disable Start up Menu
Disable Unnecessary Services
Implement Malware Prevention
18
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Lock the System When Not in Use Press the ‘Windows’ and ‘L’ keys together on the keyboard to lock the system Click Start
Lock
Right‐click on the Desktop and select Personalize Screensaver select the time and check “On resume, display logon screen”
19
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Create a Strong User Password 1. To create a password, go to Start Control Panel Select User Accounts click Manage another account 2. Click User name for whom the password has to be changed and choose Create a password (If the password is already set, this option will be Change your password ) 3. In the Create a password for user’s account window, type the password to be assigned to the selected user and confirm the password 4. Provide a password hint (optional) 5. If a password is already assigned to the user account and are trying to change it, Windows will ask you to verify the current password 6. Click the Create/Change Password button Note: Use strong passwords for logging into the system
20
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Change Windows User Password: Windows 7
21
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Disable the Guest Account: Windows 7 Click Start right click Computer select Manage When the Computer Management window opens, go to Local Users and Groups Users Verify that the Guest account is disabled by looking at the icon If the account is not disabled, double‐click the account name to open its Properties window In the Guest account's properties window select the checkbox next to Account is disabled click OK
22
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Lock Out Unwanted Guests in Windows 7 Go to Control Panel click Administrative Tools Double‐click the Local Security Policy Account Policies double‐click the Account Lockout Policy double‐click Account Lockout Threshold At the Account lockout threshold Properties window, enter the number of invalid logins (e.g., 3) Click OK and Close
23
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Rename the Administrator Account in Windows 7 Click Start right click Computer click Manage In the Computer Management window click Local Users and Groups select Users
Right click on user Admin or Administrator select Rename type the new name for account and click OK
24
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Disable Start up Menu in Windows 7 Right click on the Taskbar select Properties click Start Menu tab Uncheck both Store and display recently opened programs in the Start menu and Store and display recently opened items in the Start menu and the taskbar click Apply click OK
25
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Windows Updates in Windows 7 • Windows Updates Click Start Control Panel select System and Security Select Windows Update Change Settings Choose how Windows can install updates
26
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Pointers for Updates Choose to be notified by the vendor about vulnerability announcements
Always patch the OS and applications to the latest patch levels
Ensure that you are downloading patches only from authentic sources ‐‐ preferably the vendor site
Do not open executable files from sources of questionable integrity
Use patch management tools for easier updating–there are several free tools
Do not send patches through email
27
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Apply Software Security Patches 1
Software updates are used to keep the OS and other software up‐to‐date
2
Updates must be installed from the vendor’s website
3
Updates can be installed automatically or manually
4
Automatic updates can be installed on a scheduled basis
5
The update process can be hidden and restored
28
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Configuring Windows Firewall in Windows 7 Open Windows Firewall by clicking the Start button click Control Panel In the search box, type Firewall click Windows Firewall In the left pane, click Turn Windows Firewall ON or OFF
29
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Adding New Programs in Windows Firewall in Windows 7 1. Click Start Control Panel type Firewall in the search box press Enter 2. Click Allow a program through Windows Firewall 3. Click Change Settings
30
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Adding New Programs in Windows Firewall in Windows 7 4. Click Allow another Program 5. The Add A Program window opens, which lists pre‐installed programs Click Browse to add a program (if required)
31
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Adding New Programs in Windows Firewall in Windows 7 6. Navigate to the Location of the program select its executable file click Open 7. Click Add click OK to exit the Windows Firewall
The change is applied to the list of added programs 32
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Removing/Disabling Programs Rules from the Windows Firewall in Windows 7 Click Start Control Panel search Windows Firewall go to Allow a Program through Windows Firewall click Change Settings Select the rule you want to Remove/Disable To Disable any rule for any specific network location, uncheck its respective checkbox click OK To remove any program completely from the allowed program list, click Remove click YES click OK
33
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Creating a New Windows Firewall Rule in Windows 7 Advance settings in Windows Firewall allow users to create custom rules Steps to create a new rule: 1. Click Start Control Panel search for firewall click Check Firewall Status click Advanced Settings
34
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Creating a New Windows Firewall Rule in Windows 7 2. In the Windows Firewall with Advanced Security window, click Inbound Rules click New Rule 3. The New Inbound Rule Wizard opens select the type of rule (Program, Port, Predefined, and Custom rules) you would like to create click Next
35
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Creating a New Windows Firewall Rule in Windows 7 4. Select the type of protocol (TCP/UDP) and provide the port numbers or select the option All Local Ports for the rule you want to be applied click Next 5. Decide what Action to take when a connection matches the specified condition (here, Allow the Connection) click Next
36
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Creating a New Windows Firewall Rule in Windows 7 6. Select a Profile for which the rule has to be applied click Next 7. Give a Name to the newly created Rule and description (optional) click Finish The rule is created and it allows TCP Inbound traffic to all the ports. Note: To create a rule for Outbound traffic, follow the same steps. But select UDP protocol and enter 5679 as the port number
37
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Two-Way Firewall Protection in Windows Click the Start button type wf.msc or Firewall in search bar press Enter Click the Windows Firewall with Advanced Security icon This management interface displays the inbound and outbound rules Click Windows Firewalls Properties A dialog box with several tabs will appear For each profile‐‐Domain, Private, and Public‐‐change the setting to Block, and then click OK
38
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Always Use NTFS NTFS file system provides better performance and security for data on hard disks and partitions than the FAT file system Convert partitions that use the earlier FAT16 or FAT32 file system to NTFS by using the convert command Click Start All Programs Accessories, right‐click Command Prompt, and then click Run as administrator. Type the password or provide confirmation if prompted
Close any open programs running on the partition or logical drive to be converted
In the Command Prompt, type convert drive_letter: /fs:ntfs, where drive_letter is the letter of the drive to be converted to NTFS, and then press ENTER
Type the name of the volume you want to convert, and then press ENTER
Note: Converting a partition from FAT to NTFS does not affect the data on it. You need to restart the computer for the NTFS conversion if the partition contains system files.
39
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Module Flow Guidelines for Securing Mac OS X
System Security
Windows Security Tools
Threats to System Security
How Does Malware Propagate?
Windows Encrypting File System (EFS)
Guidelines for Windows OS Security
40
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Windows Encrypting File System (EFS) Windows Encrypting File System (EFS) allows Windows 7 system users to encrypt files and folders in an NTFS formatted disk drive Right‐click the file to be encrypted select Properties on the General tab click the Advanced button. The Advanced attributes dialog box appears. There are two options under Compress or Encrypt attributes, Compress contents to save disk space and Encrypt contents to secure data Select Encrypt contents to secure data click OK to close the Compress or Encrypt Attributes dialog box click Apply An Encryption Warning dialog box appears, check any of the two options: Encrypt the file and its parent folder and Encrypt the file only click OK
41
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
How to Decrypt a File Using EFS in Windows? •
Right‐click the file to be decrypted select Properties
•
On the General tab, click the Advanced button. An Advanced Attributes dialog box appears
•
There are two options under Compress or Encrypt Attributes, Compress contents to save disk space and Encrypt contents to secure data
•
Uncheck Encrypt contents to secure data click OK to close the Compress/Encrypt Attributes dialog box apply the settings click OK
42
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Using Windows Defender Windows Defender is an antispyware software that offers real‐time protection against spyware and other potentially malicious programs infecting the computer To turn Windows Defender ON or OFF open Windows Defender by clicking the Start button click All Programs click Windows Defender or type Windows Defender in the search space Click Tools click Options click Administrator select or clear the Use Windows Defender check box click Save
43
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Enable BitLocker in Windows 7 1.
BitLocker Drive Encryption provides better data protection by encrypting an entire Windows operating system volume
2.
The hard drive and any removable media on the computer can be encrypted
3.
Encrypted removable media can be decrypted and re‐encrypted on any Windows 7 computer
4.
Click Start click Computer Right click on any drive and select the option Turn on BitLocker…
Note: BitLocker is available only in the Enterprise and Ultimate editions of Windows Vista and Windows 7
44
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Launching Event Viewer in Windows 7 Event Viewer is a built‐in Windows utility that allows users to view and manage the event logs, gather information about hardware and software problems, and monitor Windows security events To start Event Viewer in Windows 7 click Start Control Panel System and Security Administrative Tools Event Viewer
Windows XP
Windows 7 45
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Event Viewer: Events and How to Read Logs on the System
46
1. Event Viewer categorizes events into five types: Error, Warning, Information, Audit Success, and Audit Failure 2. Each event log is differentiated by its level and contains header information and a description of the event 3. Each event header contains a detailed description of the level, date, time, source, event ID, and task category
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Disabling Unnecessary Services in Windows 7 A service is a long‐running executable that performs specific functions without requiring any user intervention Services normally start during the system start up or booting Some services load automatically, while others are called when a program is used To view running services, click Start Control Panel Administrative Tools double‐click Services Alternatively, select Start type services.msc in search bar press ENTER Once the Services window is loaded, the user can turn off any unneeded services
47
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Killing Unwanted Processes Kill or terminate unnecessary and suspicious processes to increase system performance and protect system against malwares
Killing a process Press [Alt]+ [Ctrl] + [Del] keys simultaneously click Task Manager In Task Manager go to Processes tab select the Process click End Process Alternatively, right click on a selected target process select End Process
Killing a Process Tree Run the Task Manager select the target process right‐click and select End Process Tree
48
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Finding Open Ports Using Netstat Tool Knowing open ports, and services and applications associated with these ports helps in detecting the presence of malware such as virus, worms, Trojans, etc. in the system Malware generally open ports to receive or send data packets from attackers Netstat, a Windows inbuilt utility, can be used to determine open ports in the system and associated applications Click Start All Programs Accessories, right‐click Command Prompt, and then click Run as administrator. Type the password or provide confirmation if prompted Type netstat –b in the command prompt window to see the open ports and associated applications
49
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Configuring Audit Policy Audit policies should be configured to identify attempted or successful attacks on system and network
1. Click Start type secpol.msc in search bar, and press Enter 2. Click Local Policies select Audit Policy double‐click the Audit account logon events policy check the Success and Failure boxes click Apply click OK 3. Similarly, change the security setting for all the policies listed in the right hand pane of Local Security Policy window 4. Close the Local Security Policy window
50
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
How to Hide Files and Folders? Right‐click the file or folder to be hidden click Properties under Attributes check Hidden click Apply click OK On the Organize menu from Windows Explorer click Folder and search options On the View tab, Select the Do not show hidden files and folders option
51
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Disable Simple File Sharing in Windows 1. Go to Start Control Panel Folder Options 2. From the Folder Options window select the View tab 3. Scroll to the bottom of the Advanced Settings pane 4. Uncheck the checkbox for Using sharing wizard (for Windows 7) click OK
52
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Raise the UAC Slider Bar in Windows 7 User Account Control (UAC) helps the user to make critical decisions while installing software Click Start Control Panel Action Center Change User Account Control Settings Raise/Adjust the UAC slider bar to Always notify
53
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Module Flow Guidelines for Securing Mac OS X
System Security
Windows Security Tools
Threats to System Security
Windows Encrypting File System (EFS)
How Does Malware Propagate?
Guidelines for Windows OS Security
54
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Windows Security Tools: Microsoft Security Essentials
Microsoft Security Essentials provides real‐time protection for a home PC that guards against viruses, spyware, and other malicious software
http://www.microsoft.com
55
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Windows Security Tools: KeePass Password Safe Portable KeePass is a password manager that manages passwords in a secure way and carries all passwords in one database, which is locked with one master key or a key‐disk The databases are encrypted using current known secure encryption algorithms (AES‐ 256 and Twofish)
http://portableapps.com
56
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Windows Security Tools: Registry Mechanic 1.
Registry Mechanic offers tools to speed up and improve the stability of Windows7, Windows Vista, or Windows XP PC
2.
Registry Mechanic safely cleans, repairs, and optimizes the registry and automatically backs up changes for future recovery
3.
Permanently erases Internet activity, personal files, and free space to keep information away from prying eyes
http://www.pctools.com 57
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Windows Security Tools: Windows Defender Windows Defender helps protect a computer against pop‐ups, slow performance, and security threats caused by spyware and other unwanted software by detecting and removing known spyware from a computer
http://www.microsoft.com
58
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Module Flow Guidelines for Securing Mac OS X
System Security
Windows Security Tools
Threats to System Security
Windows Encrypting File System (EFS)
How Does Malware Propagate?
Guidelines for Windows OS Security
59
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Step 1: Enabling and Locking Down the Login Window Click Apple menu System Preferences Accounts Login options Display Login Windows as Name and Password Uncheck Automatically login as: Check Hide the Sleep, Restart, and Shut Down buttons Uncheck Enable fast users switching if not used
60
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Step 2: Configuring Accounts Preferences From the Apple menu choose System Preferences from the View menu choose Accounts select the username whose password you want to change Click Reset Password (Mac OS X v10.3 and v10.4) or Change Password (Mac OS X v10.5 or later) Enter a new password in both the Password and Verify fields click the Reset Password (Mac OS X v10.3 and v10.4) or the Change Password (Mac OS X v10.5 or later) If a dialog box appears with the message Your Keychain password will be changed to your new account password, click OK
61
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Step 3: Guidelines for Creating Accounts Never create accounts that are shared by several users
Each user should have his or her own standard or managed account
Administrators should only use their administrator accounts for administration purposes
Individual accounts are necessary to maintain accountability
62
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Step 4: Securing the Guest Account The guest account must be used for temporary access to the system The guest account should be disabled by default as it does not require a password to login to the computer If the guest account is enabled, Enable Parental Controls to limit what the user can do If the user permits the guest account to access shared folders, an attacker can easily attempt to access shared folders without a password
63
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Step 5: Controlling Local Accounts with Parental Controls Network Traffic Analysis Open System Preferences click Accounts If the lock icon is locked click the lock icon and provide an Administrator name and Password Select the user account to be managed with parental controls select the Enable Parental Controls checkbox Click Open Parental Controls click System, Content, Mail & iChat, Time Limits, and Logs
64
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Step 6: Use Keychain Settings Keychain stores passwords on the disk in an encrypted form and it is difficult for a non‐root user to sniff a password between applications Go to Applications Utilities Keychain Access Edit Change settings for Keychain "login" Check Lock after change minutes of inactivity to the desired number of minutes check Lock when sleeping click Save
65
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Step 7: Use Apple Software Update Mac OS X includes an automatic software update tool to patch the majority of Apple applications Software Update often includes important security updates that should be applied to a user’s machine To update software : Open Software Update preferences click the Scheduled Check pane Deselect Download updates automatically click Check Now
66
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Step 8: Securing Date & Time Preferences 1. Open Date & Time preferences in the Date & Time pane, enter a secure and trusted NTP server in the Set date & time automatically field 2. Click the Time Zone button choose a Time Zone
67
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Step 9: Securing Network Preferences It is recommended to disable unused hardware devices listed in Network preferences Open Network preferences from the list of hardware devices, select the hardware device that connects one’s network From the Configure pop‐up menu, choose Manually Enter the user’s static IP address, Subnet Mask, Router, DNS Server, and Search Domain configuration settings Click Advanced in the Configure IPv6 pop‐up menu, choose Off click OK
68
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Step 10: Enable Screen Saver Password To prevent unauthorized access to a system, enable a screen saver password 1. From the Apple menu select System Preferences click Security click the Lock icon to make changes 2. If prompted, type the admin userid and password 3. In the Security window click the General tab check Require password to wake this computer from sleep or screen saver (Leopard) or Require password immediately after sleep or screen saver begins (Snow Leopard) 4. In addition to the screen saver password, also secure the system by selecting:
Disable automatic login
Require password to unlock each System Preference.
Use secure virtual memory
Click the lock icon to prevent further changes
Close the Security window and restart your machine
69
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Step 11: Set Up FileVault to Keep Home Folder Secure Click System Preferences click Security click FileVault click Set Master Password Create the master password for the computer but ensure this password is different from user account password Verify the password click OK
70
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Step 12: Firewall Security Mac OS X firewall blocks unwanted network communication with the computer: 1.
Click System Preferences click Security click Firewall
2.
Click the Lock Icon to make changes
3.
If prompted, type the admin userid and password
4.
By default, the firewall allows all incoming connections, change the option by clicking the second option (Allow only essential services) or third option (Set access for specific services and applications)
5.
Choose which application(s) you want the firewall to allow and which to block
6.
Click the lock icon to prevent further changes and close the Security window
71
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Resources on the Internet for Computer Security TECS: The Encyclopedia of Computer Security
Internet Fraud Complaint Center (IC3)
http://www.itsecurity.com
http://www.ic3.gov
CYBERCRIME
Virus Bulletin
http://www.cybercrime.gov
http://www.virusbtn.com
Common Vulnerabilities and Exposures
Windows Security Guide http://www.winguides.com
http://www.cve.mitre.org
Stay Safe Online
Macintosh Security Site
http://www.staysafeonline.org
http://www.securemac.com
72
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Module Summary Attackers discover new vulnerabilities and bugs to exploit in computer software Software vendors usually develop patches to address the problems Encryption is the process of converting data into a secret code Regularly update the operating system and other applications Windows System Restore is used to return one’s computer to an earlier state in case of a system failure or other major problem with the system Microsoft Security Essentials provides real‐time protection for the PC that guards against viruses, spyware, and other malicious software Windows Defender helps to protect the system against pop‐ups, slow performance, and security threats
73
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Operating Systems Security Checklist Regularly update the operating system and other applications Install antivirus software and scan the system regularly Do not open any email from unknown senders Perform an antivirus scan while downloading Lock the system when not in use Physically secure the system from unauthorized access Enable firewall protection and configure all the computer settings for high security Use strong passwords, at least eight characters long, containing both letters and numbers
74
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Operating Systems Security Checklist Configure antivirus to check all mediums (CD‐ROMs, email, websites, downloaded files, etc.,) for viruses Delete the Internet history files, logs, and personal files Make backups of important data and store them safely Disable or limit the number of unnecessary accounts Use encryption to enhance privacy Keep up‐to‐date with hotfixes and service packs Disable AutoRun for the DVD/CD‐ROM Secure the wireless network
75
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Windows 7 Security Checklist Use Windows Defender to help prevent spyware and other potentially unwanted software from being installed on the computer automatically User Account Control asks for permission before installing software or opening certain kinds of programs that could potentially harm your computer or make it vulnerable to security threats
Back up your files and settings regularly so that if you get a virus or have any kind of hardware failure, you can recover your files Set Windows Update to download and install the latest updates for the computer automatically Windows Firewall can help prevent hackers and malicious software, such as viruses, from gaining access to your computer through the Internet Use Action Center to make sure the firewall is ON, antivirus software is up to date, and the computer is set to install updates automatically
76
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
MAC OS Security Checklist Securely erase the Mac OS X partition before installation Set parental controls for managed accounts and Use Password Assistant to generate complex passwords Securely configure Accounts preferences and Date & Time preferences
Install Mac OS X using Mac OS Extended disk formatting Create an administrator account and a standard account for each administrator Create keychains for specialized purposes
Securely configure Security preferences
77
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
