CSCU Module 02 Securing Operating Systems PDF

Securing Operating Systems
Module 2
Simplifying Security.
CopyrightbyEC-Council
AllRightsReserved.ReproductionisStrictlyProhibited.
MalwareContaminationonWindows7High,WhileforXPLow
May21,2011
InitslatesteditionofSecurityIntelligenceReportthatMicrosoftreleasedonMay12,2011,thecompanyrevealsthatthe
infectionrateonWindows7roseover30%inH22010,whilethatonWindowsXPdroppedover20%.
SaysPrincipalGroupProgramManagerJeffWilliamsforMicrosoftMalwareProtectionCenter,therateofcontaminationon
Windows7increased,that'sbecauseofmoremalwareattacksprevailingincyberspace.Computerworld.compublishedthis
onMay12,2011.
Notably,duringJulyDecember2010,therewasameanrateofmorethan432bitWindows7computersgettinginfected
forevery1,000 suchcomputers,ariseof33%comparedtoabout3suchPCsgettinginfectedforevery1,000duringH1
2010.
http://www.spamfighter.com
2
Mac Malware Goes From Game

to Serious
May11,2011
Apple andmanyMacusers arguethatMacOSXhasaspecialrecipeforsecuritythatmakesitless

likelytobeinfectedwithmalware.ManysecurityresearcherscounterthattheMac'sseemingimmunity
stemsnotfromitssecurity,butfromitslackofmarketshare.
Thedebatemayfinallybesettled.
TheemergenceofaseriousmalwareconstructionkitfortheMacOSX seemstomimica2008prediction
byasecurityresearcher.ThepredictioncomesfromapaperwritteninIEEESecurity&Privacy(in.pdf),
whichusedgametheorytopredictthatMacswouldbecomeafocusforattackersassoonasApplehit16
percentmarketshare.
Lastweek,securityresearcherspointedtoaconstructionkitforcreatingTrojansfortheMacOSXasa
majorissueforMacusers.Currently,threecountries Switzerland,LuxembourgandtheUnitedStates
haveMacmarketsharearoundthatlevel.
http://www.csoonline.com
Module Objectives
SystemSecurity
HowtoHideFilesandFolders?
ThreatstoSystemSecurity
WindowsSecurityTools
HowDoesMalwarePropagate?
GuidelinesforSecuringMacOSX
GuidelinesforWindowsOperating
SystemSecurity
ResourcesontheInternetfor
ComputerSecurity
TwoWayFirewallProtectionin
Windows
OperatingSystemSecurity
Checklists
WindowsEncryptingFileSystem(EFS)
Module Flow
GuidelinesforSecuring
MacOSX
SystemSecurity
WindowsSecurity
Tools
ThreatstoSystem
Security
WindowsEncrypting
FileSystem(EFS)
HowDoes
MalwarePropagate?
GuidelinesforWindowsOSSecurity
System Security
Everyoperating
systemand
applicationis
subjectto
securityflaws
Usershaveto
installthe
patchesand
configurethe
software
Softwarevendors
usuallydevelop
patchestoaddress
theseflaws
System
compromisecan
bepreventedby
applyingsecurity
patchesina
timelymanner
Module Flow
MacOSX
SystemSecurity
WindowsSecurity
Tools
ThreatstoSystem
Security
WindowsEncrypting
FileSystem(EFS)
HowDoes
MalwarePropagate?
Threats to System Security

Virus
Aprogramthatreplicatesby
copyingitselftoother
programs,systembootsectors,
ordocuments,andaltersor
damagesthecomputerfilesand
applications
Rootkit
Asetofprogramsor
utilitiesthatallows
someonetomaintain
rootlevelaccesstothe
system
Worm
Aselfreplicatingvirus
thatdoesnotalterfiles
butresidesincomputer
memoryandreplicates
itself
Trojan
Aprogramthatseems
tobelegitimatebutacts
maliciously,when
executed
Backdoor
Anunauthorizedmeanof
accessingthesystemand
bypassingthesecurity
mechanisms
Logic Bomb
Aprogramthatreleasesa
virusoraworm
Threats to System Security

Keylogger
Keyloggerisahardwaredevice
orsmallsoftwareprogramthat
monitorsandrecordseach
keystrokeonauser's
computerkeyboard
Spyware
SpywareincludesTrojansand
othermalicioussoftwarethat
stealspersonalinformation
fromthesystemwithoutthe
usersknowledge.Example:
Keylogger
PasswordCracking
Passwordcrackingistheprocess
ofidentifyingorrecoveringan
unknownorforgottenpassword
Password Cracking
Passwordcrackingistheprocessofidentifying orrecovering anunknownorforgottenpassword
Brute
Forcing
Guessing
Dictionary
Attack
Tryingcombinations
ofallthecharacters
untilthecorrect
passwordis
discovered
Tryingdifferent
passwords until
oneworks
Itusesapre
definedlist of
words
Shoulder
Surfing
Social
Engineering
Watching someone
typethepassword
Tricking peopleto
revealtheirpassword
orotherinformation
thatcanbeusedto
guessthepassword
OriginalConnection
Victim
Attackergetsthe
Sniff
Server
passwordofthevictim
Attacker
10
Module Flow
MacOSX
SystemSecurity
WindowsSecurity
Tools
ThreatstoSystem
Security
WindowsEncrypting
FileSystem(EFS)
HowDoes
MalwarePropagate?
11
How Does Malware Propagate?

Through Email
Attachments
Emailscontaining
attachmentsmay
includemalware
Clickingthe
attachmentinstallsa
maliciousprogramon
thecomputer
Through USB
Memory Sticks
A virus createan
autorun.inf filethatisa
systemhiddenanda
readonlyfile
Whentheuseropensthe
pendrivefiles,the
autorun.infisexecuted
andcopiesthe virus files
intothesystem
12
Through Infected
Websites
Visitingcompromised
sitesmayresultin
installationof
malicioussoftware,
designedtosteal
personalinformation,
onuserscomputer
How Does Malware

Propagate ?
http://www.sonicwall.com
13

ThroughFakeCodec
Iftheuserispromptedtodownload andinstall a
decoder towatchthevideo,thecodecmaybea
maliciousprogramthatwouldbedownloadedonto
thesystem
ThroughSharedFolders
Malwaremaypropagatevianetwork shares
Themalwarecanspreadbycreating copies ofitselfin
sharedfolders
14

ThroughFakeAntivirus
Antivirus2009isafakeantivirusthatperformsafake
scanoftheuserssystemandshowsvirusesthatare
notpresentonthesystem
ClickingtheRegister orScan buttonsdownloads
malwareontothesystem
ThroughDownloads
Downloadingsoftware,music,photos,andvideosfrom
untrustedwebsites mayalsocausedownloadinga
maliciousfileinfectedwithavirus,worm,Trojan,etc.
Alargenumberofmaliciousapplicationsareavailable
overtheInternetwithadescriptionthatmaytrick
usersintodownloadingthem
15

Peertopeer(P2P)filesharingenablessharing
ofmusic,audio,images,documents,and
softwareprogramsbetweentwocomputers
overtheInternet
Sharedfilesmaycontainsecurityriskssuchas
viruses,spyware,andothermalicioussoftware
Attackerscansharemalwaredisguisedasa
usefulapplication
P2Pnetworkscanbeusedtoillegallydistribute
thecopyrightedmaterialthatmayattractcivil
and/orcriminalpenalties
http://www.entertane.com
16
Module Flow
MacOSX
SystemSecurity
WindowsSecurity
Tools
ThreatstoSystem
Security
WindowsEncrypting
FileSystem(EFS)
HowDoes
MalwarePropagate?
17
Guidelines for Windows

Operating System Security
LocktheSystem,When
NotinUse
ApplySoftwareSecurityPatches
KillUnnecessaryProcesses
CreateStrongUserPassword
UseWindowsFirewall
ConfigureAuditPolicy
DisabletheGuestAccount
UseNTFS
HideFilesandFolders
LockOutUnwantedGuests
UseWindowsEncryptingFile
System
DisableSimpleFileSharing
RenametheAdministrator
Account
EnableBitLocker
UseWindowsUserAccount
Control(UAC)
DisableStartupMenu
DisableUnnecessaryServices
ImplementMalware
Prevention
18
Lock the System When Not in Use

PresstheWindowsandLkeystogetheronthekeyboardtolockthesystem
Click Start
Lock
RightclickontheDesktopand select Personalize Screensaver selectthetime and

checkOnresume,displaylogonscreen
19
Create a Strong User Password

1. Tocreateapassword,gotoStart ControlPanel SelectUserAccounts click
Manageanotheraccount
2. ClickUsername forwhomthepasswordhastobechangedandchooseCreatea
password (Ifthepasswordisalreadyset,thisoptionwillbeChangeyourpassword)
3. IntheCreateapasswordforusers accountwindow,typethepasswordtobeassigned
totheselecteduserandconfirmthepassword
4. Provideapasswordhint (optional)
5. Ifapasswordisalreadyassignedtotheuseraccountandaretryingtochangeit,
Windowswillaskyoutoverifythecurrentpassword
6. ClicktheCreate/ChangePassword button
Note:Usestrongpasswords forloggingintothesystem
20
Change Windows User Password:

Windows 7
21
Disable the Guest Account:

Windows 7
ClickStart rightclickComputer select
Manage
WhentheComputerManagement window
opens,gotoLocalUsersandGroups
Users
VerifythattheGuestaccount isdisabledby
lookingattheicon
Iftheaccountisnotdisabled,doubleclick
theaccountname toopenitsProperties
window
IntheGuestaccount'sproperties window
selectthecheckboxnexttoAccountis
disabled clickOK
22
Lock Out Unwanted Guests in

Windows 7
GotoControlPanel click
AdministrativeTools
DoubleclicktheLocalSecurity
Policy AccountPolicies
doubleclicktheAccount
LockoutPolicy doubleclick
AccountLockoutThreshold
AttheAccountlockoutthreshold
Properties window,enterthe
numberofinvalidlogins(e.g.,3)
ClickOK andClose
23
Rename the Administrator

Account in Windows 7
ClickStart rightclickComputer click
Manage
IntheComputer
Management window click
LocalUsersandGroups
selectUsers
Rightclickonuser AdminorAdministrator
selectRename typethenewnamefor
accountandclickOK
24
Disable Start up Menu in Windows 7

Rightclickonthe Taskbar select
Properties clickStartMenu tab
UncheckbothStoreanddisplayrecently
openedprogramsintheStartmenuand
Storeanddisplayrecentlyopeneditems
intheStartmenuandthetaskbar click
Apply clickOK
25
Windows Updates in
Windows 7
WindowsUpdates
ClickStart Control
Panel select System
andSecurity
SelectWindowsUpdate
ChangeSettings
ChoosehowWindowscan
install updates
26
Pointers for Updates

Choosetobenotifiedby
thevendorabout
vulnerability
announcements
AlwayspatchtheOSand
applications tothelatest
patchlevels
Ensurethatyouare
downloadingpatchesonly
fromauthenticsources
preferablythevendorsite
Donotopenexecutable
filesfromsourcesof
questionableintegrity
Usepatch
managementtoolsfor
easierupdatingthere
areseveralfreetools
Donotsendpatches
throughemail
27
Apply Software Security Patches

1
SoftwareupdatesareusedtokeeptheOSandother
softwareuptodate
Updatesmustbeinstalledfromthevendorswebsite
Updatescanbeinstalledautomaticallyormanually
Automaticupdatescanbeinstalledonascheduled
basis
Theupdateprocesscanbehiddenandrestored
28
Configuring Windows Firewall in

Windows 7
OpenWindowsFirewallbyclickingtheStartbutton clickControlPanel
Inthesearchbox,typeFirewall clickWindowsFirewall
Intheleftpane,clickTurnWindowsFirewall ON orOFF
29
Adding New Programs in Windows

Firewall in Windows 7
1. ClickStart Control Panel typeFirewall inthe
searchbox pressEnter
2. ClickAllowaprogramthroughWindowsFirewall
3. ClickChangeSettings
30

4. ClickAllowanotherProgram
5. TheAddAProgramwindowopens,whichlistspreinstalledprograms
ClickBrowse toaddaprogram(ifrequired)
31

6. NavigatetotheLocation oftheprogram selectitsexecutable file clickOpen
7. ClickAdd clickOKtoexittheWindowsFirewall
Thechangeisappliedtothelistofaddedprograms
32
Removing/Disabling Programs Rules

from the Windows Firewall in Windows 7
ClickStart Control Panel search
WindowsFirewall gotoAllowa
ProgramthroughWindows Firewall
clickChangeSettings
Selecttheruleyouwantto
Remove/Disable
ToDisable anyruleforanyspecific
networklocation,uncheckits
respectivecheckbox clickOK
Toremoveanyprogramcompletely
fromtheallowedprogramlist,click
Remove clickYES clickOK
33
Creating a New Windows Firewall

Rule in Windows 7
AdvancesettingsinWindowsFirewallallowuserstocreatecustomrules
Stepstocreateanewrule:
1. ClickStart Control Panel searchfor firewall clickCheck Firewall Status click
Advanced Settings
34

Rule in Windows 7
2. IntheWindowsFirewallwithAdvancedSecuritywindow, clickInboundRules clickNewRule
3. TheNewInboundRuleWizard opens selectthetypeofrule(Program,Port,Predefined,andCustom
rules)youwouldliketocreate clickNext
35

Rule in Windows 7
4. Selectthetypeofprotocol(TCP/UDP)andprovidetheportnumbersorselecttheoptionAll
LocalPortsfortheruleyouwanttobeapplied clickNext
5. DecidewhatAction totakewhenaconnectionmatchesthespecifiedcondition(here,Allow
theConnection) clickNext
36

Rule in Windows 7
6. SelectaProfile forwhichtherulehastobeapplied clickNext
7. GiveaName tothenewlycreatedRuleanddescription(optional) clickFinish
TheruleiscreatedanditallowsTCPInboundtraffictoalltheports.
Note:TocreatearuleforOutboundtraffic,followthesamesteps.ButselectUDPprotocol
andenter5679astheportnumber
37
Two-Way Firewall Protection in

Windows
ClicktheStart button typewf.msc
orFirewall insearchbar press
Enter
ClicktheWindows Firewall with
Advanced Security icon
Thismanagementinterfacedisplays
theinboundandoutboundrules
ClickWindows FirewallsProperties
Adialogboxwithseveraltabswill
appear
ForeachprofileDomain,Private,and
PublicchangethesettingtoBlock,
andthenclickOK
38
Always Use NTFS

NTFSfilesystemprovidesbetterperformanceandsecurityfordataonharddisksandpartitionsthan
theFATfilesystem
ConvertpartitionsthatusetheearlierFAT16orFAT32filesystemtoNTFSbyusingtheconvert
command
ClickStart AllPrograms
Accessories,rightclick
CommandPrompt,andthen
clickRunasadministrator.
Typethepasswordorprovide
confirmationifprompted
Closeanyopenprograms
runningonthepartitionor
logicaldrivetobe
converted
IntheCommandPrompt,
typeconvertdrive_letter:
/fs:ntfs,where
drive_letter istheletterof
thedrivetobeconvertedto
NTFS,andthenpressENTER
Typethenameofthe
volumeyouwanttoconvert,
andthenpressENTER
Note:ConvertingapartitionfromFATtoNTFSdoesnotaffectthedataonit.
YouneedtorestartthecomputerfortheNTFSconversionifthepartition
containssystemfiles.
39
Module Flow
MacOSX
SystemSecurity
WindowsSecurity
Tools
ThreatstoSystem
Security
HowDoes
MalwarePropagate?
WindowsEncrypting
FileSystem(EFS)
40
Windows Encrypting File System (EFS)

WindowsEncryptingFileSystem(EFS)allows
Windows7systemuserstoencryptfilesandfolders
inanNTFSformatteddiskdrive
Rightclickthefiletobeencrypted select
Properties ontheGeneral tab clicktheAdvanced
button.TheAdvancedattributesdialogboxappears.
TherearetwooptionsunderCompressorEncrypt
attributes,Compresscontentstosavediskspace
andEncryptcontentstosecuredata
SelectEncryptcontentstosecuredata clickOK to
closetheCompressorEncryptAttributesdialogbox
clickApply
AnEncryptionWarningdialogboxappears,check
anyofthetwooptions:Encryptthefileandits
parentfolderandEncryptthefileonly clickOK
41
How to Decrypt a File Using EFS in

Windows?
Rightclickthefiletobedecrypted
selectProperties
OntheGeneral tab,clickthe
Advanced button.AnAdvanced
Attributes dialogboxappears
Therearetwooptionsunder
CompressorEncryptAttributes,
Compresscontentstosavediskspace
andEncryptcontentstosecuredata
UncheckEncryptcontentstosecure
data clickOK toclosethe
Compress/EncryptAttributesdialog
box applythesettings clickOK
42
Using Windows Defender

WindowsDefenderisanantispyware softwarethatoffersrealtimeprotectionagainstspywareandotherpotentially
maliciousprogramsinfectingthecomputer
Toturn Windows DefenderON or OFF open Windows Defender byclickingthe Start button click All Programs click
Windows Defender ortypeWindows Defender inthesearchspace
Click Tools click Options click Administrator select or clear the Use Windows Defender check box click Save
43
Enable BitLocker in Windows 7

1.
BitLockerDriveEncryptionprovidesbetterdataprotectionbyencryptinganentireWindowsoperatingsystem
volume
2.
Theharddriveandanyremovablemediaonthecomputercanbeencrypted
3.
EncryptedremovablemediacanbedecryptedandreencryptedonanyWindows7computer
4.
ClickStart click Computer Rightclickonanydrive andselecttheoptionTurnonBitLocker
Note:BitLocker isavailableonlyintheEnterpriseandUltimateeditionsofWindowsVistaandWindows7
44
Launching Event Viewer in

Windows 7
EventViewerisabuiltinWindowsutilitythatallowsuserstoviewandmanagetheeventlogs,gather
informationabouthardwareandsoftwareproblems,andmonitorWindowssecurityevents
TostartEventViewerinWindows7 clickStart ControlPanel SystemandSecurity
AdministrativeTools Event Viewer
WindowsXP
Windows7
45
Event Viewer: Events

and How to Read Logs
on the System
46
1. EventViewercategorizeseventsintofivetypes:
Error,Warning,Information,AuditSuccess,and
AuditFailure
2. Eacheventlogisdifferentiatedbyitslevel and
containsheaderinformationandadescriptionof
theevent
3. Eacheventheadercontainsadetaileddescription
ofthelevel,date,time,source,eventID,andtask
category
Disabling Unnecessary Services in

Windows 7
Aserviceisalongrunningexecutablethat
performsspecificfunctionswithout
requiringanyuserintervention
Servicesnormallystartduringthesystem
startuporbooting
Someservicesloadautomatically,while
othersarecalledwhenaprogramisused
Toviewrunningservices,clickStart
Control Panel Administrative Tools
doubleclickServices
Alternatively,selectStart type
services.msc insearchbar pressENTER
OncetheServiceswindowisloaded,the
usercanturnoffanyunneededservices
47
Killing Unwanted Processes

Killorterminateunnecessaryandsuspiciousprocessestoincreasesystemperformanceandprotectsystem
againstmalwares
Killing a process
Press [Alt]+[Ctrl]+[Del]keyssimultaneously click
TaskManager
InTask Manager gotoProcesses tab selectthe
Process clickEnd Process
Alternatively,rightclickonaselectedtargetprocess
selectEnd Process
Killing a Process Tree

RuntheTask Manager selectthetarget process
rightclickandselectEndProcessTree
48
Finding Open Ports Using Netstat Tool

Knowingopenports,andservicesandapplicationsassociatedwiththeseportshelpsindetectingthepresence
ofmalwaresuchasvirus,worms,Trojans,etc.inthesystem
Malwaregenerallyopenports toreceiveorsend datapacketsfromattackers
Netstat,aWindowsinbuiltutility,canbeusedtodetermineopenportsinthesystemandassociated
applications
ClickStart AllPrograms Accessories,rightclickCommandPrompt,andthenclickRunasadministrator.
Typethepasswordorprovideconfirmationifprompted
Typenetstat b inthecommandpromptwindowtoseetheopenportsandassociatedapplications
49
Configuring Audit Policy

Auditpoliciesshouldbeconfiguredtoidentifyattemptedorsuccessfulattacksonsystemandnetwork
1. ClickStart typesecpol.msc in
searchbar,andpressEnter
2. ClickLocalPolicies selectAudit
Policy doubleclicktheAudit
accountlogoneventspolicy
checktheSuccess andFailureboxes
clickApply click OK
3. Similarly,changethesecurity
settingforallthepolicieslistedin
therighthandpaneofLocal
SecurityPolicywindow
4. ClosetheLocalSecurityPolicy
window
50
How to Hide Files and Folders?

Rightclickthefileorfoldertobehidden clickProperties underAttributes
checkHidden click Apply clickOK
OntheOrganize menufromWindowsExplorer clickFolderandsearchoptions
Onthe View tab,SelecttheDonotshowhiddenfilesandfolders option
51
Disable Simple File Sharing in

Windows
1. GotoStart ControlPanel Folder
Options
2. FromtheFolderOptions window
selecttheView tab
3. ScrolltothebottomoftheAdvanced
Settings pane
4. UncheckthecheckboxforUsing
sharingwizard(forWindows7)
clickOK
52
Raise the UAC Slider Bar in Windows 7

UserAccountControl(UAC)helpstheusertomakecriticaldecisionswhileinstallingsoftware
ClickStart ControlPanel ActionCenter ChangeUserAccountControlSettings
Raise/AdjusttheUACsliderbartoAlwaysnotify
53
Module Flow
MacOSX
SystemSecurity
WindowsSecurity
Tools
ThreatstoSystem
Security
WindowsEncrypting
FileSystem(EFS)
HowDoes
MalwarePropagate?
54
Windows Security Tools: Microsoft

Security Essentials
MicrosoftSecurityEssentials
providesrealtimeprotection
forahomePCthatguards
againstviruses,spyware,and
othermalicioussoftware
http://www.microsoft.com
55
Windows Security Tools: KeePass

Password Safe Portable
KeePassisapassword
managerthatmanages
passwordsinasecureway
andcarriesallpasswordsin
one database,whichislocked
withone master key ora
keydisk
Thedatabasesareencrypted
usingcurrentknownsecure
encryptionalgorithms(AES
256andTwofish)
http://portableapps.com
56
Windows Security Tools: Registry

Mechanic
1.
RegistryMechanicofferstoolstospeed up andimprove thestability ofWindows7,WindowsVista,or

WindowsXPPC
2.
RegistryMechanicsafelycleans,repairs,andoptimizes theregistryandautomaticallybacksupchanges
forfuturerecovery
3.
Permanentlyerases Internetactivity,personalfiles,andfreespacetokeep information away from

pryingeyes
http://www.pctools.com
57
Windows Security Tools: Windows

Defender
WindowsDefenderhelpsprotect a
computeragainstpopups,slow
performance,andsecuritythreats
causedbyspywareandother
unwantedsoftwarebydetectingand
removingknownspywarefroma
computer
http://www.microsoft.com
58
Module Flow
MacOSX
SystemSecurity
WindowsSecurity
Tools
ThreatstoSystem
Security
WindowsEncrypting
FileSystem(EFS)
HowDoes
MalwarePropagate?
59
Step 1: Enabling and Locking Down the

Login Window
ClickApplemenu System
Preferences Accounts
Loginoptions DisplayLogin
Windowsas Nameand
Password
UncheckAutomaticallylogin as:
CheckHide the Sleep,Restart,
andShutDownbuttons
UncheckEnable fast users
switching ifnotused
60
Step 2: Configuring Accounts

Preferences
FromtheApplemenuchooseSystem
Preferences fromtheViewmenu
chooseAccounts selecttheusername
whosepasswordyouwanttochange
ClickReset Password(MacOSXv10.3and
v10.4)orChange Password(MacOSX
v10.5orlater)
Enteranewpasswordinboththe
PasswordandVerifyfields clickthe
ResetPassword(MacOSXv10.3and
v10.4)ortheChangePassword(MacOSX
v10.5orlater)
Ifadialogboxappearswiththemessage
YourKeychainpasswordwillbechanged
toyournewaccountpassword, click
OK
61
Step 3: Guidelines for Creating

Accounts
Nevercreateaccounts
thatareshared by
severalusers
Eachusershouldhavehisor
herownstandard or
managed account
Administratorsshouldonly
usetheiradministrator
accounts foradministration
purposes
Individual accounts are

necessarytomaintain
accountability
62
Step 4: Securing the Guest Account

Theguestaccountmustbeusedfor
temporary access tothesystem
Theguestaccountshouldbe
disabled bydefault asitdoesnot
requireapasswordtologintothe
computer
Iftheguestaccountisenabled,
Enable Parental Controls tolimit
whattheusercando
Iftheuserpermitstheguest
accounttoaccess shared folders,an
attackercaneasilyattemptto
accesssharedfolderswithouta
password
63
Step 5: Controlling Local Accounts

with Parental Controls
Network
Traffic Analysis
OpenSystem Preferences click
Accounts
Ifthelockiconislocked clickthe
lockiconandprovidean
Administrator name andPassword
Selecttheuser account tobe
managedwithparental controls
selecttheEnable Parental Controls
checkbox
ClickOpenParentalControls click
System,Content,Mail&iChat,Time
Limits,andLogs
64
Step 6: Use Keychain Settings

Keychainstorespasswordsonthediskinanencryptedformanditisdifficultforanonrootuserto
sniffapasswordbetweenapplications
Goto Applications Utilities Keychain Access Edit Change settings forKeychain"login"
CheckLock after changeminutes ofinactivity tothedesirednumberofminutes checkLock
when sleeping clickSave
65
Step 7: Use Apple Software Update

MacOSXincludesanautomaticsoftwareupdatetooltopatchthemajorityofAppleapplications
SoftwareUpdateoftenincludesimportantsecurity updates thatshouldbeappliedtoausersmachine
Toupdatesoftware:
OpenSoftware Update preferences clicktheScheduled Check pane
Deselect Download updates automatically clickCheck Now
66
Step 8: Securing Date & Time Preferences

1. OpenDate&Timepreferences intheDate & Time pane,enterasecureandtrusted
NTPserverintheSet date & time automatically field
2. ClicktheTime Zone button chooseaTime Zone
67
Step 9: Securing Network Preferences

Itisrecommendedtodisableunused
hardwaredeviceslistedinNetwork
preferences
OpenNetworkpreferences fromthe
listofhardwaredevices,selectthe
hardwaredevicethatconnectsones
network
FromtheConfigure popupmenu,
chooseManually
EntertheusersstaticIPaddress,Subnet
Mask,Router,DNSServer,andSearch
Domainconfigurationsettings
ClickAdvanced intheConfigureIPv6
popupmenu,chooseOff clickOK
68
Step 10: Enable Screen Saver Password

Topreventunauthorizedaccesstoasystem,enable ascreen saver password
1. Fromthe Apple menu select System
Preferences click Security clicktheLock
icontomakechanges
2. Ifprompted,typetheadmin userid and
password
3. IntheSecurity window clicktheGeneral
tab checkRequirepasswordtowakethis
computerfromsleeporscreensaver(Leopard)
orRequirepasswordimmediatelyaftersleep
orscreensaverbegins(SnowLeopard)
4. Inadditiontothescreensaverpassword,also
securethesystembyselecting:
Disable automaticlogin
Requirepasswordtounlock eachSystem
Preference.
Usesecure virtual memory
Clickthelock icon topreventfurther changes
ClosetheSecurity window andrestart your

machine
69
Step 11: Set Up FileVault to Keep

Home Folder Secure
ClickSystem Preferences click
Security clickFileVault
clickSetMasterPassword
Createthemasterpasswordfor
thecomputerbutensurethis
passwordisdifferentfromuser
accountpassword
Verifythepassword clickOK
70
Step 12: Firewall Security

MacOSXfirewallblocks unwanted network
communication withthecomputer:
1.
ClickSystem Preferences clickSecurity click

Firewall
2.
ClicktheLock Icon tomakechanges
3.
Ifprompted,typetheadmin userid andpassword
4.
Bydefault,thefirewallallows all incoming

connections,changetheoptionbyclickingthe
secondoption(Allowonlyessentialservices)or
thirdoption(Setaccessforspecificservicesand
applications)
5.
Choosewhichapplication(s)youwantthefirewall
toallowandwhichtoblock
6.
Clickthe lock icon topreventfurtherchangesand

closethe Security window
71
Resources on the Internet for

Computer Security
TECS:TheEncyclopediaof
ComputerSecurity
InternetFraudComplaint
Center(IC3)
http://www.itsecurity.com
http://www.ic3.gov
CYBERCRIME
VirusBulletin
http://www.cybercrime.gov
http://www.virusbtn.com
CommonVulnerabilities
andExposures
WindowsSecurityGuide
http://www.winguides.com
http://www.cve.mitre.org
StaySafeOnline
MacintoshSecuritySite
http://www.staysafeonline.org
http://www.securemac.com
72
Module Summary
Attackersdiscovernewvulnerabilitiesandbugstoexploitincomputersoftware
Softwarevendorsusuallydeveloppatchestoaddresstheproblems
Encryptionistheprocessofconvertingdataintoasecretcode
Regularlyupdatetheoperatingsystemandotherapplications
WindowsSystemRestoreisusedtoreturnonescomputertoanearlierstatein
caseofasystemfailureorothermajorproblemwiththesystem
MicrosoftSecurityEssentialsprovidesrealtimeprotectionforthePCthatguards
againstviruses,spyware,andothermalicioussoftware
WindowsDefenderhelpstoprotectthesystemagainstpopups,slowperformance,
andsecuritythreats
73
Operating Systems Security Checklist

Regularlyupdatetheoperatingsystemandotherapplications
Installantivirussoftwareandscanthesystemregularly
Donotopenanyemailfromunknownsenders
Performanantivirusscanwhiledownloading
Lockthesystemwhennotinuse
Physicallysecurethesystemfromunauthorizedaccess
Enablefirewallprotectionandconfigureallthecomputersettingsfor
highsecurity
Usestrongpasswords,atleasteightcharacterslong,containingboth
lettersandnumbers
74
Operating Systems Security Checklist

Configureantivirustocheckallmediums(CDROMs,email,websites,
downloadedfiles,etc.,)forviruses
DeletetheInternethistoryfiles,logs,andpersonalfiles
Makebackupsofimportantdataandstorethemsafely
Disableorlimitthenumberofunnecessaryaccounts
Useencryptiontoenhanceprivacy
Keepuptodatewithhotfixes andservicepacks
DisableAutoRun fortheDVD/CDROM
Securethewirelessnetwork
75
Windows 7 Security Checklist

UseWindowsDefendertohelppreventspywareandotherpotentiallyunwantedsoftware
frombeinginstalledonthecomputerautomatically
UserAccountControlasksforpermissionbeforeinstallingsoftwareoropeningcertainkindsof
programsthatcouldpotentiallyharmyourcomputerormakeitvulnerabletosecuritythreats
Backupyourfilesandsettingsregularlysothatifyougetavirusorhaveanykindof
hardwarefailure,youcanrecoveryourfiles
SetWindowsUpdatetodownloadandinstallthelatestupdatesforthecomputer
automatically
WindowsFirewallcanhelppreventhackersandmalicioussoftware,suchasviruses,
fromgainingaccesstoyourcomputerthroughtheInternet
UseActionCentertomakesurethefirewallisON,antivirussoftwareisuptodate,and
thecomputerissettoinstallupdatesautomatically
76
MAC OS Security Checklist

SecurelyerasetheMacOSXpartitionbeforeinstallation
SetparentalcontrolsformanagedaccountsandUsePasswordAssistant
togeneratecomplexpasswords
SecurelyconfigureAccountspreferencesandDate&Timepreferences
InstallMacOSXusingMacOSExtendeddiskformatting
Createanadministratoraccountandastandardaccountforeach
administrator
Createkeychains forspecializedpurposes
SecurelyconfigureSecuritypreferences
77

CSCU Module 02 Securing Operating Systems PDF

Încărcat de

Informații document

Descriere originală:

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

CSCU Module 02 Securing Operating Systems PDF

Încărcat de

Drepturi de autor:

Formate disponibile

Securing Operating Systems

Mac Malware Goes From Game

Apple andmanyMacusers arguethatMacOSXhasaspecialrecipeforsecuritythatmakesitless

Threats to System Security

Threats to System Security

How Does Malware Propagate?

How Does Malware

How Does Malware Propagate?

How Does Malware Propagate?

How Does Malware Propagate?

Guidelines for Windows

Lock the System When Not in Use

RightclickontheDesktopand select Personalize Screensaver selectthetime and

Create a Strong User Password

Change Windows User Password:

Disable the Guest Account:

Lock Out Unwanted Guests in

Rename the Administrator

Disable Start up Menu in Windows 7

Pointers for Updates

Apply Software Security Patches

Configuring Windows Firewall in

Adding New Programs in Windows

Adding New Programs in Windows

Adding New Programs in Windows

Removing/Disabling Programs Rules

Creating a New Windows Firewall

Creating a New Windows Firewall

Creating a New Windows Firewall

Creating a New Windows Firewall

Two-Way Firewall Protection in

Always Use NTFS

Windows Encrypting File System (EFS)

How to Decrypt a File Using EFS in

Using Windows Defender

Enable BitLocker in Windows 7

ClickStart click Computer Rightclickonanydrive andselecttheoptionTurnonBitLocker

Launching Event Viewer in

Event Viewer: Events

Disabling Unnecessary Services in

Killing Unwanted Processes

Killing a Process Tree

Finding Open Ports Using Netstat Tool

Configuring Audit Policy

How to Hide Files and Folders?

Disable Simple File Sharing in

Raise the UAC Slider Bar in Windows 7

Windows Security Tools: Microsoft

Windows Security Tools: KeePass

Windows Security Tools: Registry

RegistryMechanicofferstoolstospeed up andimprove thestability ofWindows7,WindowsVista,or

Permanentlyerases Internetactivity,personalfiles,andfreespacetokeep information away from

Windows Security Tools: Windows

Step 1: Enabling and Locking Down the

Step 2: Configuring Accounts

Step 3: Guidelines for Creating

Individual accounts are

Step 4: Securing the Guest Account

Step 5: Controlling Local Accounts

Step 6: Use Keychain Settings

Step 7: Use Apple Software Update

Step 8: Securing Date & Time Preferences