1 / 86

CSC 2260 Operating Systems and Networks

CSC 2260 Operating Systems and Networks Chapter 7 Fall 2008 Dr. Chuck Lillie Managing Local Security in Windows Chapter 7 Threats to Computers and Users Defense Against Threats Windows Local Security Accounts Applying Security to Files, Folders, and Printers in Windows

Faraday
Télécharger la présentation

CSC 2260 Operating Systems and Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CSC 2260Operating Systems and Networks Chapter 7 Fall 2008 Dr. Chuck Lillie

  2. Managing Local Security in Windows Chapter 7 Threats to Computers and Users Defense Against Threats Windows Local Security Accounts Applying Security to Files, Folders, and Printers in Windows Troubleshooting Common Windows Security Problems

  3. Learning Objectives • Recognize security threats and vulnerabilities to desktop PCs and users • Implement methods and technologies that protect against threats • Create local user accounts in Windows • Assign permissions to files, folders, and printers in Windows • Troubleshoot common security problems in Windows

  4. Threats to Computers and Users • Computer Hardware Theft • Secure computers physically • Laptops more vulnerable • Unsophisticated thieves steal for the value of hardware. • Sophisticated thieves will search hard drive for data.

  5. Threats to Computers and Users • Identify Theft • Personal information is stolen and used to commit fraud • Obtaining a social security number and other key personal information may be enough to steal someone's identity • Fraud • The use of deceit and trickery to obtain money or other valuables

  6. Threats to Computers and Users • Accidents, Mistakes, and Natural and Unnatural Disasters • Fires; Earthquakes; Weather; Etc. • Protect against disasters with frequent, comprehensive backups • Backup critical data files • Multiple backup sets

  7. Threats to Computers and Users • Accidents, Mistakes, Natural and Unnatural Disasters (Continued) • Deliberate Attacks

  8. Threats to Computers and Users • Accidents, Mistakes, Natural and Unnatural Disasters (continued) • Deliberate Attacks (continued) • Spim • Phishing • Exposure to Inappropriate or Distasteful Content • Invasion of Privacy • Hoaxes • In Addition …

  9. Defense Against Threats • Authentication and Authorization • Authentication • Verification of who you are • Your identity (user name) • One-factor authentication • Something you know (password) • Two-factor authentication • Something you know plus something you have (a token, like a bankcard) • Three-factor authentication • Above plus biometric data (retinal scan, voice print, etc.)

  10. Defense Against Threats • Authentication and Authorization (continued) • Authorization • Determines the level of access to a computer or a resource. • Includes both authentication, plus verification of access level • Permission describes an action that can be performed on an object

  11. Defense Against Threats • Authentication and Authorization (continued) • Password • A string of characters entered for authentication • Don’t take passwords for granted • Don’t use the same password everywhere • Basic defense against invasion of privacy • Use long and complex password • Do not use common words

  12. Defense Against Threats • Best Practices with User Names and Passwords • Don't Give Away Your User Name and Password • Create Strong Passwords • Never Reuse Passwords • Avoid Creating Unnecessary Online Accounts • Don’t Provide More Information Than Necessary • Always Use Strong Passwords for Certain Types of Accounts

  13. Defense Against Threats • Security Accounts • An account that can be assigned permission to take action on an object or the right to take action on an entire system.

  14. Defense Against Threats • Security Accounts (continued) • User Accounts • Individual account • Includes user name and password • Full name, description, and other information • Exist in all Windows security accounts databases

  15. Defense Against Threats • Security Accounts (continued) • Group Accounts • Contain one or more user and group accounts • Exist in all Windows Security accounts databases • Computer Accounts • Computers may have accounts • Exist in Microsoft domain security accounts databases

  16. Defense Against Threats • Encryption • Transformation of data into a code that can only be decrypted with a secret key or password • Secret key is a special code used to decrypt • Encrypt a local or network-based file • Encrypt data before sending over a network

  17. Defense Against Threats • Encryption (continued) • Only someone with the password or key can decrypt data • Secret key may be held in a digital certificate • Encrypt sensitive data stored on a laptop or in a setting where data theft is a concern • NTFS5 supports file and folder encryption

  18. Defense Against Threats • Firewalls • Firewall technologies • IP packet filter • Proxy service • Encrypted authentication • Virtual private network (VPN)

  19. Defense Against Threats • Firewalls (continued) • Working behind a Firewall in a Large Organization • Firewall configured based on the computers it is protecting. • Working Behind a Firewall at Home or on a Small LAN • Hardware for home and small business called "broadband routers“ • Personal software firewall utilities

  20. Defense Against Threats Step-by-Step 7.01 Configure the Windows Firewall Page 324

  21. Defense Against Threats • Anti-Spam • Spam filters • On corporate mail servers • Internet-based spam filtering service • Installed on desktop computers • Not perfect – may need configuration

  22. Defense Against Threats • Antivirus • Examines contents of disk or RAM for hidden viruses • Detects and removes virus • Antivirus engine and definitions • Requires updating – usually a paid subscription • Free programs available for personal use

  23. Defense Against Threats • Anti-Pop-Up • Block adware, especially pop-ups • Pop-up blocker • Configurable • XP SP2 Pop-Up Blocker for Internet Explorer

  24. Defense Against Threats • More help from Windows XP Service Pack 2 • Windows Security Center monitors • Firewall • Automatic Updates • Virus Protections • A Manage Add-ons button in Internet Options • A pop-up dialog will warn of add-on installation attempt • Protection from opening suspect files

  25. Defense Against Threats • Privacy Protection • Internet Options privacy settings • Control handling of cookies • Settings from block-all-cookies to allow-all-cookies • Balance between convenience and risk

  26. Defense Against Threats • Protection from Inappropriate or Distasteful Content • Web content filter • Add-on or feature of a web browser • Block or allow certain sites • Service on Internet give ratings to web sites • Configure filter to allow or disallow unrated sites • Content Advisor in Internet Explorer

  27. Defense Against Threats Step-by-Step 7.02 Check Out the Content Advisor in Internet Explorer Page 329

  28. Windows Local Security Accounts • Windows Account Administration Tools • Windows NT 4.0 Workstation • Simple Account Management in Windows 2000 and Windows XP Professional • Advanced Account Management in Windows 2000 and Windows XP Professional

  29. Windows Local Security Accounts • Windows Local User Accounts • Built-in local user accounts • Administrator • Guest • User-created accounts

  30. Windows Local Security Accounts • Windows Local Group Accounts • Built-In Local Group Accounts • Automatically-Created Groups • Special Groups/Built-in Security Principals • Creator owner • Everyone

  31. Windows Local Security Accounts • User Rights • The privilege to perform a systemwide function • Windows NT 4.0 Workstation • Policy menu of User Manager • Windows 2000 and Windows XP • Local Security Policy console

  32. Windows Local Security Accounts • Granularity of Control with Groups • Increased in Windows 2000 and XP • Network Configuration Operators group • Built-in • Has a set of rights to perform network tasks

  33. Windows Local Security Accounts • Planning for Users and Groups • Create at least one user other than Administrator • XP Pro requires creation of second member of Administrators group • Then create a limited user

  34. Windows Local Security Accounts • Planning for Users and Groups (continued) • If computer is a workgroup computer … AND if it is used by more than one local user: • Create one limited local account for each user • If sharing files and printers in workgroup: • create an account for each network user

  35. Windows Local Security Accounts • Planning for Users and Groups (continued) • If computer is a member of a domain • Local limited accounts are not needed • Users may log on locally with domain accounts • Member of Administrators group may create users or groups • Use a completed planning form

  36. Windows Local Security Accounts • Administering Local Windows Accounts • In a domain: • Management of users and groups is centralized in the domain • On a standalone or workgroup computer: • Users and groups are managed on each computer

  37. Windows Local Security Accounts • Administering Local Windows Accounts (continued) • Creating a New User • Create one account that is only a member of the local Users group • Create an additional account that is a member of the local Administrators group (mandatory in XP Pro)

  38. Windows Local Security Accounts • Administering Local Windows Accounts (continued) • User Administration in Windows NT 4.0 Workstation • Using User Manager requires knowledge of Windows security accounts • NT Workstation was targeted to advanced users or users who relied on support staff

  39. Windows Local Security Accounts Step-by-Step 7.03 Creating New Users in Windows NT 4.0 Workstation Page 342

  40. Windows Local Security Accounts • Administering Local Windows Accounts (continued) • User Administration in Windows 2000 Pro • Workgroup computer can skip interactive user logon • Authentication is still occurring • Control Panel | Users and Passwords • Users must enter a user name and password to use this computer • Require users to press Ctrl-Alt-Delete before logging on

  41. Windows Local Security Accounts Step-by-Step 7.04 Creating and Configuring a New User Account in Windows 2000 Professional Page 344

  42. Windows Local Security Accounts • Administering Local Windows Accounts (continued) • User Administration in Windows XP Pro • Users Accounts applet • Computer Administrator = member of Admin-istrators group • Limited account = member of Users group (and NOT also a member of Administrators)

  43. Windows Local Security Accounts • Administering Local Windows Accounts (continued) • User Administration in Windows XP Pro (continued) • Password Reset Disk • Created by/for currently logged on user • Use when password is forgotten • Will not lose access to items such as encrypted files • If Administrator resets—password access to encrypted files is lost • Gives user power to fix own passwords • More complicated to do in a domain

  44. Windows Local Security Accounts Step-by-Step 7.05 Creating User Accounts and a Password Reset Disk in Windows XP Page 347

  45. Windows Local Security Accounts • Administering Local Windows Accounts (continued) • Account Policies • Password Policy – password length, etc. • Account lockout policy: lockout after failed attempts

  46. Windows Local Security Accounts • Administering Local Windows Accounts (continued) • Account Policies • Windows NT 4.0 Workstation Account Policies • Set from the Policies menu in User Manager • Windows 2000 Pro and Windows XP Pro • Set from Local Security Policy console

  47. Windows Local Security Accounts • Administering Local Windows Accounts (continued) • Configuring Protection from Physical Access • Log out • Lock computer • Use a password-protected screen saver • Select Standby or Hibernate options • Enable Switch User

  48. Windows Local Security Accounts • Administering Local Windows Accounts (continued) • Configuring Protection from Physical Access (continued) • Downside of logging out & finding a better solution • Lock Computer • Password-Protected Screen Saver • Switch User

  49. Applying Security to Files, Folders, and Printers in Windows • Securing Files and Folders on an NTFS Drive • File and Folder Permissions • Permissions Assigned to Personal Folders • NTFS Permission Inheritance

More Related