1 / 33

Security Strategies & Mitigating Threats

Learn common prevention methods, deploy security best practices, identify threats, and troubleshoot PC security issues. Explore authentication, authorization, strong passwords, two-factor authentication, file encryption, Group Policy, and security strategies.

idad
Télécharger la présentation

Security Strategies & Mitigating Threats

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SecurityStrategies & Mitigating Threats

  2. Exam 902 Objectives • Compare and contrast common prevention methods • Given a scenario, deploy and enforce security best practices to secure a workstation • Identify common security threats and vulnerabilities • Given a scenario, troubleshoot common PC security issues with appropriate tools and best practices

  3. Securing a Windows Workstation • There are 2 goals in securing data, programs, and other network resources: • 1. To protect resources • 2. To not interfere with the functions of a system • Sometimes the 2 goals of security are in conflict with each other

  4. Authentication & Authorization • Access Control • Controlling access to computer resources is composed of authentication and authorization • Authentication • Occurs when a user proves their identity • The most common way a user authenticates is with a username and password • The three authentication methods are something you know (passwords or pins), something you have (smart cards), or something you are (biometrics) • Many organizations will use two factor authentication • Authorization • Determines what an individual can do in the system after they successfully authenticate • This should be decided based on the “Principle of Least Privilege”

  5. Ctrl+Alt+Del • Normally, a user clicks their username and enters a password at the Welcome screen • However, malware can sometimes intercept and trick users into providing their credentials • A more secure method of logging in requires a user to press Ctrl+Alt+Del to logon • Enter netplwiz in the start/search box, press Enter • The User Accounts window should appear • Click the Advanced tab • Check Require users to press Ctrl+Alt+Delete • Click Apply

  6. Strong PasswordsPM Video 13:34 • Users should be instructed to create strong passwords and to store them out of plain sight (not under the mouse pad) • Passwords should not be easy to guess by humans and computer programs Use 8 or more characters Combine uppercase, lowercase, and symbols Don’t use consecutive letters or numbers Don’t use adjacent keyboard keys Don’t use your logon name Don’t use words in any language Don’t use the same password for more than 1 account • The following are some strong password criteria:

  7. Two Factor Authentication • Normally Windows authenticates a user with a Windows password • However, the best security happens when a user knows something (password) and possesses something (smartcard or biometric data) • This is known as two factor authentication

  8. TokensPM Video 6:44 • A token is a device that stores unique information that the user carries on them • Enable authentication with more authority than passwords • Smart Cards (most popular token) • Often keyed into a logon window by a user • A Smart Card is a small device containing authentication information • Could be read by a smart card reader • Could be transmitted wirelessly

  9. Biometric Data • Biometric data validates the person’s physical body • Biometric device - input device that inputs biological data which can identify a person’s: • Fingerprints, handprints, face, voice, retinal, iris, and handwritten signatures • Retinal scanning scans blood vessels of the eye and is the most reliable of all biometric data • Used by the government and military for highest security • Smart cards and biometric data should be used in addition to and not as a replacement for a password

  10. File & Folder EncryptionPM Video 9:27 • The file system on a hard drive matters • You must use NTFS or you will have no security • In Windows, files and folders can be encrypted using Windows Encrypted File System (EFS) Encrypt a folder and its contents • EFS works only with the NTFS file system • If a folder is marked for encryption, everything created in or copied to the folder will be encrypted • An encrypted file remains encrypted if moved to an unencrypted folder

  11. Group Policy • Group Policy controls what users can do with a system and how the system is used • You can access Group Policy by entering gpedit.msc • Group Policy is available with business and professional editions of Windows • With Group Policy, you can set security policies to help secure a workstation • Example: Require all users to have passwords and to rename default user accounts • Example: Set the minimum password age and length

  12. Security StrategiesPM Video 9:11 • BitLocker Encryption • Network Settings • BIOS Security • Firewalls • Data Destruction • To further secure a workstation and network • Physical Devices • Educating Users

  13. Physical Security Methods • Lock down the computer case • Privacy filters can be used and fit over the screen to prevent it from being read from a wide angle • Can use a theft-prevention plate which can be embedded into the a computer case and you can engrave your ID information into it

  14. Firewalls • Firewalls are an essential tool in the fight against malware • Firewalls protect internal networks from unauthorized access • Typical networks use 2 types of firewalls, hardware firewalls and software firewalls • Hardware firewalls can be stand alone devices or built into routers • A software firewall (also called a host or personal firewall) is software on a computer to protect that computer • Windows Firewall is a host firewall • Its automatically configured when you set your network location in the Network and Sharing Center and you can also customize the settings further

  15. 3 firewalls used to protect a network and individual computers on the network

  16. When your computer connects to a network Windows will prompt you to choose the network type: Home, Work, or Public - A public network prevents your computer from sharing and disables all discovery protocols

  17. BitLocker Encryption • BitLocker can encrypt an entire Windows volume and any other volume on the drive • If a hard drive is stolen, BitLocker would not allow access without BitLocker key • 1. Computer authentication uses a chip on the motherboard called the TPM that holds the key • There are 3 ways to use BitLocker Encryption: • 2. User authentication uses a startup key stored on a USB drive • 3. Computer and user authentication requires a PIN or password at every startup

  18. BIOS Security • Power on password Required to power on the computer • Supervisor password Required to change BIOS setup • You can enable different BIOS security passwords: • Drive lock password Required to access the hard drive • User password • Required to use the system or view BIOS setup

  19. Use a paper shredder Data DestructionPM Video 4:12 • Use a secure data-destruction service • Overwrite data on the drive • Ways to destroy printed documents and sanitize storage devices: • For solid-state devices, use a Secure Erase utility • Physically destroy the storage media Degausser – exposes a storage device to a strong magnetic field in order to erase data • For magnetic devices, use a degausser

  20. Educate Users This phishing technique uses an email message with a link and is an example of social engineering

  21. Malicious SoftwarePM Video 18:17 • Malware (malicious software, computer infestation) is any unwanted program or software that means harm • Grayware is different than malware and is annoying or unwanted programs that may not mean harm • Malware is transmitted to a computer without the user’s knowledge • Malware comes in many colorfully-named varieties

  22. The term virus is often used when talking about any type of malware, but this is not accurate • A Virus is malicious code that attaches itself to another host file (like the flu virus attaches to a cell) Viruses • When a file is infected with a virus the code runs when the file is executed • A virus must have a host file to run (like the flu virus it can’t do anything on its own) • Viruses come in many forms, including stealth, polymorphic, and boot sector viruses • A boot sector virus infects the boot sector of the hard drive and loads when the computer is booted

  23. A Worm is malware that does not need a host file to run (key difference between a virus and a worm) • A worm copies itself throughout a network or the Internet without a host program and attempts to overload the network Worms & Trojans • A Trojan Horse substitutes itself for a legitimate program and they account for more infections than any other malware • A user might download a free registry scanner, thinking they are getting a tool that will make their system quicker • When they install and run the scanner, malicious code also runs

  24. Spyware is software that installs itself on a system and often modifies the system without the user’s knowledge or consent • The purpose of spyware is to spy on a user and collect personal information and user habits Adware & Spyware • Spyware often changes the user’s home page, installs web browser add-ins and toolbar helpers • Adware produces unwanted pop-up ads and presents targeted advertisements to users • Adware is often referred to as spyware, but that is not accurate

  25. Rootkits & Keyloggers • A Rootkit is a type of malware that takes over root (or admin) access on a computer • A rootkit can hide folders that contain software it has installed • Rootkits control what a user and antivirus software can view and they often require extraordinary measures to remove them • A Keylogger is a hardware device or software that tracks all your keystrokes and can be used to steal a person’s identity, credit card numbers, Social Security numbers, bank information, passwords, etc.

  26. Malware RemovalPM Video 5:20 • Being familiar with the types of malware is important • You should also know how to prevent and remove malware • The general steps to stop and troubleshoot malware are:

  27. Identify Malware Symptoms • Pop-up ads plague you when surfing the web • You may experience browser hijacking where you are redirected to a web site you didn’t ask for • System works much slower than it used to • Problems making a network connection • Antivirus software displays one or more messages • Windows updates fail to install correctly • Cannot access AV software sites and cannot update your AV software • Any other erratic behavior, as if the computer had a mind of its own

  28. Quarantine • When removing malware its often necessary to isolate or quarantine a system • You would typically quarantine a system by removing its network access to prevent spreading malware • Immediately disconnect from network by removing network cable or turn off the wireless adapter • Download antivirus software • Before cleaning up infected system back up data to another media

  29. Destroy Malware • Run AV or AM software • The best protection against malware is up to date AV or AM software • Perform a full scan • You might need to use Safe Mode or a recovery environment to start the scanning process • Run software from a bootable rescue disk • Run Adware or Spyware Removal Software • Adware or Spyware software is specifically dedicated to removing adware or spyware • Windows Defender is free antispyware included in Windows 7 & Windows Vista

  30. Destroy Malware • Purge Restore Points and disable system restore • Some malware hides its program files in restore points stored by System Protection • While removing malware, you will likely make changes that would normally be captured by System Restore • By disabling system restore, you ensure that a user can’t accidentally infect the system again by applying a restore point • After scanning and cleaning is complete, enable system restore and create a restore point

  31. Destroy Malware • Dig deep to find malware processes • Use Task Manager and System Configuration to search for malware processes • Clean up the registry • Use a registry cleaning utility (ccleaner) • Clean up Internet Explorer • Remove temporary files and suspicious toolbars, home pages, and add-ons • Research malware and solutions • You may need to delete registry run keys

  32. Fix Malware Damage • Hard drive boot sectors or boot blocks can become infected or damaged by malware • Repair the MBR or OS boot record • Launch the Recovery Environment, and access command prompt • Use the command bootrec /fixmbr to write a Windows compatible MBR to the system partition • Use the command bootrec /fixboot to write a new boot sector to the system partition

  33. Educate UsersYT Video 5:13 • Always use a software firewall • Windows Firewall is turned on by default • Use anti-malware software • To avoid conflicts and not slow down performance, it is best to run only one anti-malware program on a computer • Keep Windows updates current • Keep good backups • Keep the User Account Control box enabled • Limit the use of administrator accounts • Set Internet Explorer for optimum security • Use a hard drive image so you can reinstall the image if a system gets infected • All data should be stored on network drives

More Related