Cyber Patriot Training Ken Dewey Rose State College
Local Security Policy What is it? Where is it? Used to directly modify account and local policies, public key policies and IP security policies for your local computer Where is it? Start > Control Panel > Administrative Tools > Local Security Policy
Local Security Policy What should I look for? More information Default User Rights, Security Templates, Password Policies, etc More information http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/lpe_topnode.mspx?mfr=true
Local Security Policy
User & Group Configuration What is it? Policy is typically assigned at the group level and then users are assigned into groups. It is very important that your groups are configured correctly and your users are in the appropriate groups. Where is it? Start > Control Panel > User Accounts
User & Group Configuration What should I look for? Users in correct groups for their job, all users have password protected account, etc Guest account turned off More information http://support.microsoft.com/kb/307882 http://www.kellys-korner-xp.com/xp_groups.htm
User & Group Configurations
BackDoor/Virus/Malware What is it? A malicious program that allows a computer to be remotely controlled or exploited Where is it? Can be anywhere on your computer (memory, harddrive, registry, flash drive, etc)
BackDoor/Virus/Malware What should I look for? Look for files and folders that do not belong. Start in the root of C:\ and comb through the file system. Bogus file extensions, files with no name or a garbled name, files that should be small but are huge, etc. More information http://www.wikihow.com/Remove-a-Virus http://news.frbiz.com/windows_system_the_virus_most-275070.html
Installing Anti-Virus Microsoft Security Essentials Sufficiently protects computer from malicious attacks, and roots out viruses After downloading/installing be sure to update the software
Installing Anti-Virus
Installing Anti-Virus Update the MSE Virus Database, and Spyware Database
Enable Windows Firewall Start > Control Panel > Windows Firewall
DNS How to check DNS configuration Host file DHCP C:\windows\system32\drivers\etc DHCP Check via ipconfig /all
Task Manager vs. Process Explorer Malicious Processes can be executing on the computer Windows Task Manager shows processes Process Explorer shows a more detailed analysis of what is running on computer
Task Manager vs. Process Explorer
Task Manager vs. Process Explorer
File/Folder Permissions What is it? The guidelines on who should be able to and how they should be able to access any particular file or folder. Where is it? Right click any file or folder > Properties > Sharing and Security tabs
File/Folder Permissions What should I look for? Folders that are shared that don’t need to be, folders that have full permissions for all users that don’t need to be, etc More information http://articles.techrepublic.com.com/5100-10878_11-5308684.html
File/Folder Permissions
Vulnerable Services What is it? Where is it? Services are programs that run in the background and perform a specific task. Where is it? Start > Run > Services.msc
Vulnerable Services What should I look for? More information Services running that don’t need to be (Telnet, SSH, etc) More information http://techrepublic.com.com/i/tr/downloads/home/windows_xp_services_that_can_be_disabled.pdf
Vulnerable Services
Vulnerable Services
Patching & Updating What is it? Where should I look? Patches are updates to your operating system (or some program) that add functionality, fix bugs/errors/security holes, etc Where should I look? Start > Windows Update
Patching & Updating What should I look for? More information Make sure that you have all the latest updates and service packs. More information http://update.microsoft.com
Patching & Updating
Patching & Updating