Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Operating Systems Security. 2 Where Malware hides ? Autoexec.bat or autoexec.nt can start malware before windows start Config.sys, config.nt Autorun.inf.

Published byLaureen Rogers Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Operating Systems Security. 2 Where Malware hides ? Autoexec.bat or autoexec.nt can start malware before windows start Config.sys, config.nt Autorun.inf."— Presentation transcript:

1 1 Operating Systems Security

2 2 Where Malware hides ? Autoexec.bat or autoexec.nt can start malware before windows start Config.sys, config.nt Autorun.inf on CD-ROMs or even hard drives Boot.ini, bootsect.dos, command.com, dosstart.bat msdos.sys, io.sys Desktop.ini -Can be used to hide files and auto- launch programs when a folder is viewed Host, lmhost Manipulating SMTP server settings or the Host file and intercepting sent e-mail.

3 3 Malware (cont) Nested archives (zip, rar, tar, cab) -detected only by recursive scanning Auto-run files in archives Embedded applications in Documents (word, PowerPoint, excel) Embedded macros in documents -Can secretly send a named doc to a remote sender OLE2 formatted documents can be executed Rasphone.pbk -Can modify dialup network setting including DNS and make long distance calls

4 4 Malware (cont) Startup folder Web cache -malware dropped in by websites Path variable -illegitimate program will run then load legitimate program Trusted publishers -can execute programs w/o user approval Registry entries Embedded URLs in HTML Emails (can execute programs)

5 5 Malware Trends Moving from hobby to criminals ⇒ more attempts to gain financial information Viruses are distributed through compromised websites Compromised clients are then directed to download more malware

6 6 Magnitude of the Problem

7 7 Defenses Don't give users Admin access ⇒ Windows Vista requires "run as administrator" for Privileged operations:  Install or uninstall programs  Configure windows system settings  View or change security permissions  Change networking configuration  Stop, start, load, or pause services  Modify drivers  Registry  etc.

8 8 Defenses (Cont) Update often Use Personal firewall Use antivirus software -keep updated Use anti-spam Use anti-spyware Boot-up password Boot only from primary hard drive -Can't load NTFS4DOS Password protect the bios

9 9 Defenses (Cont) Disable guest account Rename administrator account -unlimited retries Rename guest account to administrator -helps catch hackers Run services on non-default ports https://x.com:3809 Install software on non-default folders Use encrypted file system (EFS) Disable LM and NTLM authentication Enable account lockout after a certain number of tries

10 10 Defenses (Cont) Use two factor authentication -biometric, smart card, USB token, etc. Disable Simple File Sharing. SFS removes most NTFS permissions to close to Share. All connecting users come in as administrator or guests

11 11 Passwords

12 12 Windows Login Passwords

13 13 Password Attacks

14 14 Password Attacks

15 15 Password Attacks

16 16 Password Authentication Mistakes

17 17 Application Security

18 18 Email Phishing Attachments HTML content (autopreview) Spam: Spamming tools to introduce misspellings to avoid detection, to harvest emails from web sites, usenet groups, chat channels Most email is plain text ⇒ Can be read by any one Match the senders domain with IP address Set rate control on: Connections per client, emails per client, number of recipients per email Personal black and white lists

19 19 Browsing IE MIME type mismatch -Declare skin but send java script IE Plug-ins, Active X controls, Java scripts Password and form input saving in browsers and in-line auto complete Empty Temporary Internet Files folder when browser is closed

20 20 Web Servers Directory Traversal:  http://hostdomain/../../../../../../../windows/system32/cmd.exe?/c+ dir+c  will be converted to c:\windows\system32\cmd.exe in unpatched versions of IIS 5.  Allows a command shell access to the hacker

21 21 Summary Need to secure systems against theft of data –bios password, boot password Passwords must be strong. Use two-factor authentication for critical applications. 10 Immutable Laws of Security Secure email and browsing

22 22

23 23 Any question ?

Download ppt "1 Operating Systems Security. 2 Where Malware hides ? Autoexec.bat or autoexec.nt can start malware before windows start Config.sys, config.nt Autorun.inf."

Similar presentations

Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.

Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.

Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.
Phishing (pronounced “fishing”) is the process of sending e-mail messages to lure Internet users into revealing personal information such as credit card.

Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.
Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.

Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security.
Hands-On Microsoft Windows Server 2003 Administration Chapter 7 Administering Web Resources in Windows Server 2003.

Hands-On Microsoft Windows Server 2003 Administration Chapter 7 Administering Web Resources in Windows Server 2003.
Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.

Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.
Module 6 Windows 2000 Professional 6.1 Installation 6.2 Administration/User Interface 6.3 User Accounts 6.4 Managing the File System 6.5 Services.

Module 6 Windows 2000 Professional 6.1 Installation 6.2 Administration/User Interface 6.3 User Accounts 6.4 Managing the File System 6.5 Services.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
What’s New in WatchGuard XCS 10.0 Update 3 WatchGuard Training.

What’s New in WatchGuard XCS 10.0 Update 3 WatchGuard Training.
Hacking Web Server Defiana Arnaldy, M.Si 0818 0296 4763.

Hacking Web Server Defiana Arnaldy, M.Si
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Title: The Internet LO: Security risks. Security risks Types of risks: 1.Phishing 2.Pharming 3.Spamming 4.Spyware 5.Cookies 6.Virus.

Title: The Internet LO: Security risks. Security risks Types of risks: 1.Phishing 2.Pharming 3.Spamming 4.Spyware 5.Cookies 6.Virus.
MS System Setup Securing A System. Use Automatic Updates For a workstation or server, schedule the updates to occur regularly. –Control panel click on.

MS System Setup Securing A System. Use Automatic Updates For a workstation or server, schedule the updates to occur regularly. –Control panel click on.
1 Computer Security: Protect your PC and Protect Yourself.

1 Computer Security: Protect your PC and Protect Yourself.
Securing Your Home Computer Presenter: Donnie Green Date: February 11, 2009 National Aeronautics and Space Administration www.nasa.gov.

Securing Your Home Computer Presenter: Donnie Green Date: February 11, 2009 National Aeronautics and Space Administration
Course ILT Security Unit objectives Configure operating system and file system security Install a fingerprint scanner and card reader Manage the human.

Course ILT Security Unit objectives Configure operating system and file system security Install a fingerprint scanner and card reader Manage the human.

Similar presentations

Ads by Google