Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSCD 303 Essential Computer Security Fall 2018

Published byKaveri Mehta Modified over 6 years ago

Similar presentations

Presentation on theme: "CSCD 303 Essential Computer Security Fall 2018"— Presentation transcript:

1 CSCD 303 Essential Computer Security Fall 2018
Lecture 15 - Desktop Security Recovery, Prevention and Hardening Reading: CompTIA Text – Chapter 5, Links are in Lecture

2 Overview Host Defense Mechanisms Defense in Depth Recovery Restore System Restore – Windows Boot disks Prevention Patching – All systems Harden OS – Features

3 Defense in Depth or Layered Security
As we have said ...defense in depth is an information assurance (IA) concept Multiple layers of security controls (defense) are placed throughout a system Its intent is to provide redundancy in the event a security control fails Defense in depth is originally a military strategy that seeks to delay, rather than prevent, advance of an attacker

4 Defense in Depth Examples
Using more than one of the following layers constitutes defense in depth. Anti-virus software Authentication and password security Biometrics Firewalls (hardware or software) Intrusion detection systems (IDS) Physical security (e.g. deadbolt locks) Internet Security Awareness Training Virtual private network (VPN) Hardening Systems

5 The Attack Surface Security people talk about “Reducing the Attack Surface” What does that mean? Get Secure Reduce the Attack Surface Patch Harden Stay Secure Maintain secure infrastructure Patches Updates Upgrades Ongoing Reading, Research Results

6 Unused Services Left On
The Attack Surface What is an Attack Surface? Weak Passwords Open File Shares Open Ports Systems too complex Unknowns People Un-patched Web Server “The greatest threat to computer systems and their information comes from humans, through actions that are either malicious or ignorant. When the action is malicious, some motivation or goal is generally behind the attack.” --Best Practices for Enterprise Security, Microsoft Solutions Framework ( Unused Services Left On Excessive privileges No Policies No Auditing

7 Poisons (Packets, DNS, etc.)‏
The Attack Surface Now for The Attacks ... Port Scanners Viruses Password Cracking Trojan Horses Unknowns People Denial of Service Network Spoofing Packet Sniffing Worms Poisons (Packets, DNS, etc.)‏

8 Recovery

9 Other Defenses Restore, Boot Options and More

10 System Restore Windows
Purpose of System Restore Create snapshot of system's configuration Want to return a system back to a known good configuration System Restore is designed to automatically create a restore point Each time system recognizes a significant change in the file or application 10-a.html

11 System Restore Go to Start>> All Programs>> Accessories>> System Tools>> System Restore

12 Windows 10 and System Restore
System Restore Turned off by Default Search for system restore in the Windows 10 Search box and select Create a restore point from the list of results Click the System Protection tab Then click the Configure button.

13 Windows 10 and System Restore
Click to enable Turn on system protection Use Max Usage slider to determine how much of your hard drive to use to store Restore Points 5% to 10% is good Click OK

14 System Restore and Malware May Not Work
Malware authors intentionally write viruses with same extensions as Windows files that are backed up by System Restore Virus scans will remove it But, once System Restore recovers computer to an earlier date, very possible to introduce that same virus back to system When malware is found on a system, System Restore should be completely disabled, all Restore Points should be deleted ... So, whats the point? System restore not for malware!! After scanning computer, restore can be turned back on

15 Making a Boot Disk If your computer is un-bootable, what do you do?
New Blue Screen of Death If your computer is un-bootable, what do you do? Try to use a recovery disk. How many know where your recovery disk is? Do you know how to make one?

16 Windows Bootable Recovery Partition
Recovery partition is a small partition on your hard drive that can help you restore your system Will allow you to restore your computer to original settings from hardware manufacture Windows 10 creates one automatically windows-10-recovery-partition.html partition-after-upgrading-to-windows html

17 Making a Boot Disk Vista/Windows 10
Yes, you can make an installation disk if your computer didn't come with one Complete burnable images for Windows 10 And ... a DVD or CD writer bootable-usb-disk-for-windows Next article addresses how to make and use a recovery disk for: Versions of 32 and 64 bit of Windows 8/10 and-use-a-recovery-drive-or-system-repair-disc-in- windows-8/

18 Boot Disk for Ubuntu Ubuntu or Debian
Can make Ubuntu/Debian into a live image CD Really easy, Use it to boot and possibly fix Ubuntu Instructions are here for Ubuntu Instructions are here for Debian

19 Live CD Restore Windows
Live CD for non-Windows may be used to repair Windows - Fix Windows problems on a machine that doesn't have a dual-boot installation - Fix anti-virus problems on a Windows system - Data recovery such as corrupted or deleted files

20 Live Disk Kali Kali Live USB Disk
Lots of attack software but can be used for defense Recover Windows passwords with Kali Linux password-with-kali-linux.html 10 Cleverest Ways to Use Linux to Fix Windows ways-to-use-linux-to-fix-your-windows-pc/

21 Prevention

22 Patching What is patching?
Allows it to limp along until the next major version Software producers give you patches to fix “holes” in between major software versions Security updates – majority of patches New devices supported or old devices not supported, Performance issues, Can patching cause problems? Yes or No.

23 Study on Unpatched Computers
_in_under_5_minutes_says_ISC?taxonomyId=82&intsrc=kc_top&taxonomyName=cybercrim e_and_hacking 2008 Computerworld - “It takes less than five minutes for hackers to find and compromise an unpatched Windows PC after it's connected to the Internet” The SANS Institute's Internet Storm Center (ISC) currently estimates "survival" time of an Internet- connected computer running Windows at around four minutes if it's not equipped with the latest Microsoft Corp. security patches

24 Updated Stats on Unpatched Computers
Currently, Feb. 2018 Average time for an unpatched computer placed on the Internet to be compromised by malware is only 20 minutes, according to the Internet Storm Center Advice is critical patches should be applied within one week of their release Statistics show that the vast majority organizations that suffer exploits are those that don't patch in the first year or ever patch at all protection/zero-days-arent-the-problem- patches-are.html

25 More Patching Stories overlooking_high_priority_security_risks/ Security report by SANS Institute, TippingPoint and Qualys, Sept. 2009 Number of vulnerabilities found in applications is far greater than number of vulnerabilities discovered in operating systems "On average, major organizations take at least twice as long to patch software vulnerabilities as they take to patch operating system vulnerabilities”

26 Patching Types of Patches
Patch – Simple small fix, one or two problems Update – Add or fix problem or earlier patch Cumulative – Includes all previously released patches for one application Service Pack – Generally, large files, typically include lots of patches to many problems Vista is up to service pack 2 Windows 7 - Service pack 1 Windows 8 – Windows 8.1 (different version) Windows 10 – Gone to “Windows Builds”

27 What Should you Patch? Microsoft has released Windows security updates on second Tuesday of every month Recommended that you turn on automatic updates, all versions of Windows Configure this in control panel Changes in Patching As of October 2016, they will do monthly “rollups” that address security issues and bug fixes, still second Tuesday Questions on Windows 10 updates answered

28 Updates for Microsoft Vista/7/10
What gets updated? Updates OS & Internet Explorer, also other Microsoft Windows software, such as Microsoft Office, Windows Live applications, and Microsoft Expression But, older versions of Windows updated only OS components, Windows Updates vs. Microsoft update Users had to go to Microsoft update to update their Office suite and SQL Server ... etc. blame-for-vista7-infections-office-updates-ignored.ars

29 Updates for Microsoft Vista/7/10
Does it update other software on your computer? Like Adobe Flash Player ... Microsoft does not, update other software running on your computer

30 Updates for Ubuntu, Mac OS X
Ubuntu updates All the software on its distribution automatically Built into the system as a service Need to turn it on, update manager Mac OS X Updates all software on Mac

31 Patching Third party Software
Vendors often provide free patches on their web sites Should know how vendor supplies patches Automatically contact their web sites and install them or Automatic updates tell you when patches are available, you download them, and install them

32 Patching Boring but ... Make a list of the software on your computer
Games, office, document readers, Adobe, media players Adobe, Database, Multi-media, Voip – Skype Security software Device Drivers What is their patching strategy? Websites? Auto-update?

33 Harden OS

34 OS Hardening Defined What does it mean to Harden an Operating System?
Reconfiguring an OS to be more secure, stable and resistant to attacks. Examples: Removing unnecessary processes. Setting file permissions. Patching or updating software. Setting network access controls.

35 Linux Hardening Examine Linux System Features In Design
Linux is more modular than Windows Multi-user design from beginning Main Challenge in cracking Linux Gain Root access !!!! Main Goal in Defense of Linux Make unauthorized root access impossible

36 Linux Hardening Setuid and Setgid Everything in Linux is a file
Files have read, write and execute permissions One more permission is setuid (similar with setgid)‏ Executable programs run with same privileges of file owner If owner is root ... gain root privileges Goal is to use buffer overrun or some other means of gaining a root shell session, attacker can do anything after that

37 Linux Programs Running Setuid
Examples of some SetUID programs -rwsr-xr-x 1 root root :02 /bin/fusermount -rwsr-xr-x 1 root root :58 /bin/mount -rwsr-xr-x 1 root root :13 /bin/ping -rwsr-xr-x 1 root root :13 /bin/ping6 -rwsr-xr-x 1 root root :29 /bin/su -rwsr-xr-x 1 root root :58 /bin/umount -rwsr-xr-x 1 root root :29 /usr/bin/passwd -rwsr-xr-x 1 root root :13 /usr/bin/pkexec -rwsr-xr-x 1 root root :01 /usr/bin/schroot -rwsr-xr-x 1 root root :45 /usr/bin/sudo

38 Linux Servers – Web, File, DB
Limited use machines, user services not needed Don't install some software X - windows RPC Services R-Services, rlogin, rpc - ssh instead Inetd daemon SMTP daemons - enabled by default Telnet, ftp, pop3 and Imap Might want to disable LKM - Loadable Kernel Modules

39 Linux Security Checklist
Can follow a security checklist from Security Firm like Sans Boot and Rescue Disk System Patches Disabling Unnecessary Services Check for Security on Key Files Default Password Policy Other things … too

40 Hardening Utilities Bastille Linux - Older
Bastille Linux - Older Automated security program, Security wizard that systematically hardens Linux SUID restrictions SecureInetd DoS attack detection and prevention Automated firewall scripting User privileges Education You can try it on your your linux system

41 Hardening Utilities https://cisofy.com/lynis/
Lynis is a newer security tool for audit and hardening Linux / Unix systems. This tool scans systems, does tests and gathers information about it Lynis provides report with suggestions and security related warning to increase the security of the system Tests are technical by nature, so Lynis intended for system administrators, auditor or security professional Project is open source software with the GPL license and available since 2007

42 Windows Hardening

43 Overview Services Policies for different Account Types
Software Restrictions Data lock down Bit Locker EFS

44 Windows Vista and 7/10 Security Features
Windows Service Hardening Most Windows exploits, install malware, result of flaws in Windows services Windows services changed as follows: Each service is given an SID number, Security ID Services run with a lower privilege level by default Unnecessary privileges for services have been removed Services are isolated and cannot interact with users

45 Windows Vista and 7/10 Security Features
Windows Service Hardening There are still services that may come enabled by default and should be turned off Telnet IMAP NetBios SNMP TFTP SMTP All these services run across the network, open ports and potentially allow access

46 Microsoft Services One complete list for Windows 7
Shows safe configurations for services configurations/black-vipers-windows-7-service- configurations/ Another list for Windows 10 configurations/black-vipers-windows-10- service-configurations/

47 User Accounts Disable or remove non-user accounts
1) Start > search bar> lusrmgr.msc 2) Go to: Users 3) Disable or remove all Accounts that you do not use Make sure to look up accounts you are unsure about Verify the default administrator and guest accounts are disabled ..they should be by default with Windows 7 on up Now establish another admin account and set your main account to limited standard user The limited account should be used on a daily basis and the admin account only when you need to perform admin tasks Has anybody done this?

48 Account Policies Can set Local Policies for your system
in-windows-7 Can set Local Policies for your system Password policy Controls password characteristics for local user accounts Available settings Enforce password history Maximum, Minimum password age Minimum, Maximum password length Complexity requirements 48 48

49 Account Policies Account lockout policy
Prevents unauthorized access to Windows Vista and 7/10 Only certain versions of Windows 10 Can configure an account to be temporarily disabled after a number of incorrect log-on attempts 49 49

50 More Account Policies 50 50

51 Software Restriction Policies AppLocker for Enterprise Windows
us/library/ee424367%28v=ws.10%29.aspx AppLocker new feature of Windows 7/8/10 Defines which programs are allowed or disallowed on system Can control executables, scripts and DLL's Used in corporate environments Windows 10, Enterprise and Education only Set default security level for applications Disallowed Basic User Unrestricted 51 51

52 Software Restriction Policies cont.
Software not affected by software restriction policies Drivers or other kernel mode software Programs run by SYSTEM account Macros in Microsoft Office 2000 or Microsoft Office XP documents .NET programs that use runtime 52 52

53 Data Security Vista and Later Windows versions includes
To really secure data on desktop computers and laptops, encryption is required Vista and Later Windows versions includes Encrypting File System (EFS) and BitLocker Drive Encryption 53 53

54 Encryption Algorithms
Uses Symmetric Encryption What is Symmetric Encryption? Same key used to encrypt data and decrypt data Symmetric encryption is strong and fast Good for encrypting large volumes of data such as files Used by both EFS and BitLocker Drive Encryption Biggest problem is securing the key Or Losing the Key !!! One Key 54 54

55 Encrypting File System
Encrypting File System (EFS)‏ First included with Windows 2000 Professional Encrypts individual files and folders on a partition, not the entire drive Suitable for protecting data files and folders on workstations and laptops, on a per-user basis Can also be used to encrypt files and folders on network servers File or folder must be located on an NTFS-formatted partition MCTS Guide to Microsoft Windows Vista 55 55

56 BitLocker Drive Encryption
Data encryption feature included with Windows Vista, only Windows 7 Ultimate or Enterprise Is available in Windows 10 An entire volume is encrypted when you use BitLocker Drive Encryption Also protects the operating system Designed for Trusted Platform Module (TPM)‏ Part of your motherboard and used to store encryption keys and certificates Can also use a USB drive to store the keys 56 56

57 How BitLocker is Used BitLocker is designed to help protect ALL personal and system files on Windows OS drive Useful if your computer is stolen, or if unauthorized users try to access the computer Use BitLocker to also encrypt all files on fixed data drives and to encrypt files on removable data drives including USB drives

58 BitLocker Drive Encryption
MCTS Guide to Microsoft Windows Vista 58 58

59 Microsoft Baseline Security Analyzer (MCSA)
Microsoft Baseline Security Analyzer (MBSA) an easy-to-use tool that helps determine security state of your computer based on Microsoft security recommendations After tool completes scan on your computer, you receive specific remediation suggestions Finds weak passwords, unpatched software and other vulnerabilities us/download/details.aspx?id=7558

60 MSCA no longer for Windows 10
-ending-security-compliance-manager.aspx Microsoft's main replacement for the Baseline Security Analyzer tool is its new "Security Compliance Toolkit" Uses the latest security baselines which are included in the tool See link below for more details us/windows/security/threat-protection/windows- security-baselines

61 References Linux security checklist
Windows Security Primer – Nice Series tutorials/misc_network_security/Windows-7-Security-Primer- Part1.html BitLocker Explained Nice site for all versions Windows settings

62 Summary Recovery, Prevention and Hardening
Learn about restoring your computer and preventing problem before bad things happen Learn how to use some tools now, while your computer is still running Learn how to restore your system, learn how to patch and to keep updated on patches What else to do to Harden your system beyond the usual default configuration Backups not mentioned … should be backing up your computer

63 The End Lab is Human and Computer Reconnaissance

Download ppt "CSCD 303 Essential Computer Security Fall 2018"

Similar presentations

Windows XP Tutorial Securing Windows. Introduction This presentation will guide you through basic security principles for Windows XP.

Windows XP Tutorial Securing Windows. Introduction This presentation will guide you through basic security principles for Windows XP.
Upgrading Software CIT 1100 Chapter4.

Upgrading Software CIT 1100 Chapter4.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 12: Managing and Implementing Backups and Disaster Recovery.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 12: Managing and Implementing Backups and Disaster Recovery.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Week:#14 Windows Recovery

Week:#14 Windows Recovery
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
KEEP YOUR COMPUTE SAFE AND HOW TO FIX IT 1. OBJECTIVE Keep your computer safe. -Not about spam, phishing or browser hijacks Designed for the non-geek.

KEEP YOUR COMPUTE SAFE AND HOW TO FIX IT 1. OBJECTIVE Keep your computer safe. -Not about spam, phishing or browser hijacks Designed for the non-geek.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 12: Managing and Implementing Backups and Disaster Recovery.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 12: Managing and Implementing Backups and Disaster Recovery.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 14: Problem Recovery.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 14: Problem Recovery.
Windows Tutorial 9 Maintaining Hardware and Software

Windows Tutorial 9 Maintaining Hardware and Software
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.

Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.

1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.
Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.

Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.
Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.

Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.

1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.
Administering Windows 7 Lesson 11. Objectives Troubleshoot Windows 7 Use remote access technologies Troubleshoot installation and startup issues Understand.

Administering Windows 7 Lesson 11. Objectives Troubleshoot Windows 7 Use remote access technologies Troubleshoot installation and startup issues Understand.
Chapter 7 Microsoft Windows XP. Windows XP Versions XP Home XP Home XP Professional XP Professional XP Professional 64-Bit XP Professional 64-Bit XP Media.

Chapter 7 Microsoft Windows XP. Windows XP Versions XP Home XP Home XP Professional XP Professional XP Professional 64-Bit XP Professional 64-Bit XP Media.
A+ Guide to Managing and Maintaining Your PC Fifth Edition Chapter 15 Installing and Using Windows XP Professional.

A+ Guide to Managing and Maintaining Your PC Fifth Edition Chapter 15 Installing and Using Windows XP Professional.

Similar presentations

Ads by Google