CHAPTER 3 Securing your PC and LAN Suraya Alias

Securing your desktop or Notebook Computer ◦Know an access control ◦Limit use of the administrator accounts ◦Use a personal firewall ◦Windows update ◦Security using browsers ◦Alternate client software ◦Encrypt files and folders Data backups System files backup Monthly security maintenance Router to secure a SOHO network Dealing malicious software Know step by step attack plan

Access Control By combining Authentication and Authorization technique on controlling access to computer, files, folder and network. Authentication ◦Proves the actual user by using id, password, PIN Authorization ◦Determines what the user can do when login to system. The privileges and rights that was assigned to him. You can lock your pc using power-on passwords and Windows password (turn off file sharing). Power-on passwords are assigned in CMOS setup to secure the CMOS/BIOS setup settings.

Access Control To create STRONG password; ◦Use 8 or more characters, combines numbers, characters, symbols ◦Don’t use consecutive numbers, or words such as “abcdef”, “123456” ◦Don’t use adjacent keys on keyboard “qwerty” ◦Don’t store password on pc, use different password for different system

Access Control using Windows Using user accounts and password Configure users with access to certain files and folders – which files can be shared Using Icacls or cacls command to control user accounts to files and folder Example: cacls test.txt /G suraya:F

Limit the use of the Administrator Account Preferable to use Limited User accounts for daily use Administrator accounts only for maintenance and installation This is because maybe some malware program can run using Administrator privileges. Always change password and use strong password

Use a Personal Firewall ◦Never connect to the Internet without using Windows Firewall ◦Firewall is a software or hardware that prevents worms or hackers from getting into your system ◦Router is one example of hardware firewall Use Anti Virus Software ◦As a defensive and offensive measure to protect against malicious software ◦AV must always be on (running in background) and updated Keep windows updates current ◦Using Windows update

Set Internet Explorer for optimum security Disable pop-up blocker, manage add-ons, active or block script Use alternative Client Software ◦Browser software – Firefox ◦ Client – Outlook express Consider using Microsoft Shared Computer Toolkit for Windows XP ◦This s/w locks down the drive where XP is installed so that the user cannot change the Windows settings, configuration, installed s/w and h/w, and user data

Hide and Encrypt Files and Folders Protect files and folders using EFS (Encrypted File System) Encryption converts data to a different value that have to be decrypted (translated) before it can be accessed. AN encrypted file remains encrypted if you move it around NTFS logical drive but became decrypted in FAT file system Use CIPHER command to encrypt/decrypt files or folders using command prompt. Example: CIPHER /D C:\Public\*.* ◦Where /E encrypt, /D Decrypt, /S:DIR directory, PATHNAME is the path name

Beware of Social Engineering Don’t give out personal information to un- trusted source 3 common internet criminal 1.Phising  Where the sender of an message scams you into responding data about yourself  Example – user password, account number or credit card number 2.Scam  that usually offer false scheme 3.Virus hoax  that does damage by tempting you to forward it to everyone in your address box with the intent to clogging up the system or to delete important files

Protect against malicious - scripts How scripts work ◦Written is several scripting language (vbscript, jsscript) ◦Is executed using the Windows Scripting Host (WSH) utility, Wscript.exe How scripts are spread 1.By embedding the script in the message and attaching it. 2.When you click the link, the script with.vbs extension is executed by Wscript.exe and was spread 3.Hidden using normal flename such as coolpic.jpg, but the actual filename is coolpic.jpg.vbs How to protect against malicious script 1.Set windows to display the script file extension 2.Set windows to not execute script but to open it using notepad

Keep good backups of user data Back up data and system files (using Windows backup) Make use of event logging and incident reporting - using Event viewer Monitor changes to files and folders – using audit in Group Policy Monitor changes to startup – using Autoruns by Sysinternals Monitor network activity – using windows firewall Empty the recycle bin Perform monthly security maintenance routine ◦Change password, turn on windows updates ◦Install AV, check for equipment security ◦Check event viewer, the security list ◦Verify user backups has been performed currently ◦If running windows disk protection, save changes to disk are required to update installed software

Securing your wired or wireless network Use a router to secure a SOHO (small office home office) network ◦Limit communication from outside the network ◦Limit communication from within the network ◦Secure a wireless access point ◦Implement virtual private network (VPN) Authentication Technologies for larger networks ◦Encrypt user accounts and passwords ◦Popular protocols – CHAP (challenge Handshake Authentication Protocol) and Kerberos ◦Using smart card and biometric data

Dealing with malicious software Also known as malware or computer infestation Is an unwanted program that harms and being transmitted to your pc without your knowledge. Example ◦VIRUS (can replicate and attach itself to other program) ◦Adware – produces unwanted pop ups ◦Spam – junk ◦Spyware – software that install itself to spy and collects information ◦Worm – program that copies itself through network without host program by overloading the network ◦Browser hijacker – does mischief by changing the homepage or redirect it ◦Dialer – a software installed in your pc that disconnects your phone line and re-direct to expensive dial up ◦Keylogger, logic bomb, trojan horse

How a VIRUS works A boot sector virus ◦Hides in boot sector program, floppy, hard disk or MBR (master boot record) A file virus ◦Hides in an executable (.exe,.com) program that contains macro A multiparte virus ◦Combination of boot sector and file virus A macro ◦Small program that can be automatic executed when document first load A Macro virus ◦Attached to of files, hides in document files A Script virus ◦Hides in a web page link, executes when user clicks A stealth virus – keeps a copy of the infected file, change the attributes of its host program A polymorphic virus – it replicates and change its attributes Encrypting virus – continually transform themselves so that AV cannot detect

Step by step attack plan To clean up infected system ◦Run AV software ◦Run Adware, Spyware Removal software ◦Search out and destroy what’s left  Respond to any startup errors  Delete malicious files  Turn off system restore for a while during scanning (purge restore point)  Clean the registry  Root out (search for) rootkits – program that can prevent task manager from displaying core process ◦ Spyware and adware is also rootkits ◦ Example anti root kit software – backlight by F-secure