review previous lesson 1. describe those 4 physical network architectures. 2. node, host, nic,...

Review Previous Lesson

1. Describe those 4 physical network architectures. 2. Node, host, NIC, hardware address, Ethernet address, protocol,

Packet, datagram, frame, Ethernet, IP address, Port address, subnet mask, http, ftp, pop3, IMAP, VoIP,

3. Describe three different types of wireless network. 4. What are the six types of telephone network? How to install?5. Describe four suite of Protocol. 6. How to share and access resources on the network?7. Describe symptom that might indicate the NIC is faulty.8. What can you do to try to test TCP/IP configuration and connectivity?

What technology can you use to connect to Internet?9. What are the functions of firewall both HW or SW?10. Advantages of using a Router?11. Common port, 20, 21, 22, 23, 25, 80, 110, 119, 143, 443?

Copyright © 2007 - CIST 1

CompTIA A+ Guide to Managing & Maintaining Your PC By: JEAN ANDREW

Computer Maintenance

Chapter 4Security (PC & Network) Part I

???• What is security?

• Why you need security?

• How to secure your PC or network?

• What will can be happened if your PC or network are not secured?



Objectives

After you have completed this lesson, you will be able to:• Identify ways to secure a desktop or notebook

computer

• Identify ways to secure a local wired or wireless network


Scenario

In this chapter, you will learn:– Access control– Limit use of the administrator account– Use a personal firewall– Use Anti-virus Software– Keep Windows update current– Set Internet explorer for optimum security– Use alternate third-party client software– Consider using “Microsoft Shared Computer Toolkit for Windows XP”– Secure important files and folders – Hide and encrypt files and folder– Physically protect your computer– Beware of social engineering– Keeps good backup of user data– Backup system files– Make use of event logging and incident report– Destroy the trash– Perform a monthly security maintenance routine


Access Control

• Authentication proves that an individual is who he says

he is and is accomplished by a variety of techniques.

• Authentication determines what an individual can do in the

system after he or she is authenticated

Access Control

• Power-on passwords and other BIOS security• How to create strong passwords and protect them

– www.microsoft.com/athome/security/privacy/password_checker.mspx

• Access control using Windows– Uncheck “Use Simple file sharing” in folder options

– Configure which users are allowed access Cacls myfile.txt Cacls myfile.txt /E /G User1:R Cacls myfile.txt /E /R User1


Open CMD

Cacl.jpg

http://www.microsoft.com/athome/security/privacy/password_checker.mspx

http://www.microsoft.com/athome/security/privacy/password_checker.mspx

Access Control


Cacl.jpgFigure 19-12 Use the Cacls command to change user permissions for files and folders

Grant rights to Leapcheang

Revoke rights to Leapcheang

Limit use of the administrator account

• Why you should not logon as administrator account for daily work?

• The problem is that a malware program might be at work while we’re logged on

• It’s a good idea to create a Limited User account to use for your everyday normal activities

• To help you remember to limit the use of the Administrator account, change the desktop

• Be sure to change the password of the Administrator account and use a strong password


Use a personal firewall

• Never, ever connect your computer to an unprotected network without using a firewall

• Firewall is software or hardware that prevent worms or hackers from getting into your system

• Software firewalls are better than no firewall at all, but a hardware firewall offers greater protection.


Firewall

Use a personal firewall


Firewall

Use AV software

• When selecting AV software, find out if it can be:– Automatically download new software upgrade & virus

definition from the Internet– Automatically execute at startup– Detect macros in a word-processing document– Automatically monitor files being download from

Internet– Send virus alerts to your email address to inform you of

a dangerous virus– Scan both automatically and manually for virus


Popular antivirus software

Antivirus Software Web SiteAVG Anti-Virus by Grisoft www.grisoft.com

Computer Associate www.ca.com

F-Secure Antivirus by F-Secure Corp. www.f-secure.com

eSafe by Aladdin Knowledge Systems, Ltd. www.esafe.com

McAfee VirusScan by McAfee Associate, Inc. www.mcafee.com

F-Prot by FRISK Software International www.f-prot.com

NeaTSuite by Tren Micro (for networks) www.trenmicro.com

Norman by Norman Data Defense Systems, Inc. (complicated to use, but highly effective)

www.norman.com

Penda Software www.pendasoftware.com

PC-cilin by Trend Micro (for home use) www.trendmicro.com


http://www.grisoft.com/

http://www.ca.com/

http://www.f-secure.com/

http://www.esafe.com/

http://www.mcafee.com/

Keep windows updates current

• Security holes are being found all the time, and Microsoft is constantly releasing patches to keep up

• You can keep Windows update current by using the Website: windowsupdate.microsoft.com

– Start > All programs > Windows Update

• To update automatically

– Right-click on My Computer > Properties > click Automatic Updates tab > select Automatic (recommended)


Keep windows updates current


Set Internet Explorer For Optimum Security

• For most Web browsing, set the security level to Medium


Use alternative client software

• Browser software– Internet Explorer is by far the most popular browser– IE is written to more closely integrate with Windows Components

than other browsers. – IE is written to use Active X control. Microsoft invented Active X

controls so that Web site could use some nifty multimedia features.

• E-mail clients– Microsoft Outlook and Outlook Express are probably the most

popular e-mail clients. – You can use Eudora by Qualcomm (www.eudora.com), Mozilla

offers Thunderbird


Consider using “Microsoft Shared Computer Toolkit for Windows XP”

• If your are responsible for Windows XP computers used in a public place, you might want to consider installing and running Microsoft Shared Computer Toolkit for Windows XP.

• This software lock down the drive on which Windows is installed so that a user cannot permanently change Windows configuration, installed software or hardware, user settings, or user data.

• The toolkit can be downloaded for free to computer that are running a genuine Windows XP license.

Copyright © 2007 - CIST 18Link

Hide and encrypt files and folders

• Disable file and printer sharing so that the others cannot access resources on your computer

• Hide your computer from other on the network

• Hide a shared folder

• Make your personal folders private

• Another way you can protect files and folders is to use Encrypted File System (EFS)

Note: when you open an encrypted file with an application, Windows decrypts the file for the app. to use.


Hide and encrypt files and folders

• How to encrypt a file or folder • How to share an encrypted file• How to decrypt a file or folder

– From the file’s properties dialog box, click Advance button, uncheck Encrypt contents to secure data.

– Encryption is remove automatically when you move a file or folder to a FAT logical drive because FAT does not support encryption.

– Use the cipher command• How to use a cipher command

For example, to decrypt all files in the c:\public folder, use this command:– CIPHER /D c:\public\*.*


Physically protect your equipment

• Don’t move or jar your PC when it’s turned on

• Don’t smoke around your computer

• Don’t leave the PC turned off for weeks or months at a time

• High humidity an be dangerous for hard drives

• In CMOS setup, disable the ability to write to the boot sector of the hard drive

• If your data is really private, keep it under lock and key

• Keep magnets away from your computer

• Lock down the computer case


Beware of social engineering

• Phishing: is a type of identity theft where the sender of an email message scams you into responding with personal data about yourself.

• Scam artists use Scam email to lure you into their scheme. For example it promise you to give some money or commission

• A virus hoax or email hoax is email that does damage by tempting you to forward it to everyone in your email address book with the intent of clogging up email system or to delete a critical windows system file by convincing you the file is malicious.


Responsible Internet habits

1. You shall not open the e-mail attachments without scanning them for viruses first.

2. You should not click links inside e-mail messages

3. You should not forward an e-mail message without first checking to see if that warning is a hoax

4. You shall always check out a Web site before you download anything from it

5. You shall never give your private information to just any ole Web site

6. You shall never trust an e-mail message asking you to verify your private data on a Web site with which you do business


How to debunk an E-mail hoax


How to show up an e-mail hoax

• Here are websites that specialize the virus hoaxes:

– hoaxbusters.ciac.org by Computer Incident Advisory Capability

– www.hoaxinfo.com by Jeff Richards

– www.hoaxkill.com by Oxcart Software

– www.snopes.com by Urban Legends

– www.viruslist.com by Kaspersky Lab

– www.vmyths.com by Rhode Island Soft Systems, Inc.


Protect against malicious e-mail scripts

• How scripts work– Script can written in VBScript or Jscript and are executed in

Windows using the WSH utility, Wscript.exe

– The extension that Windows recognize by default are Jscript (.js), Jscript Encoded (.jse), VBScript Encode (.vbe), VBScript (.vbs), and Windows Script (.wsf).

• How scripts are spread• How to help protect against malicious scripts

– Set Windows so that script file extensions display by default

– Set Windows to not execute scripts, but rather to open them in a Notepad window.


Protect against malicious e-mail scripts


Security (PC & Network) Part I

• Keep good backups of user data

• Backup system files

– Use ntbackup.exe to backup the system state and registry before you edited the registry

– You need to backup system state before you make a major change like install a new hard drive or software

– If others in your organization have permission to install hardware or application, you might need to explain them the importance of backing up the system state.


Make use of event logging and incident reporting

• Monitoring Windows XP Logon Events

To track failure when people are attempting to log on to the system:

1. Log on to the system as an administrator. In Group Policy, drill down to Computer Configuration, Windows Settings, Security Settings, Local Policies, and Audit Policy

2. Double-click Audit account logon events. Check Failure and click Apply. Do the same for Audit logon events.

3. To see the events that are logged, open Event Viewer and select Security

4. You can set the system to halt when the security log file is full. To do that, right-click on Security, Properties



5. Select Do not overwrite events (clear log manually) and click OK

6. The next step is to edit the registry to tell the system to halt when the log file size is exceeded. Open registry editor and navigate to this key: HKLM\System\CurrentControlSet\Control\Lsa.

7. To backup the key, right-click it and select Export

8. In the right pane, double-click the name CrashOnAuditFail. Assign 1 to its value and click OK.

Note: if the size of the Security log file is exceeded, you must restart the system, log on to the system as an administrator, open Event Viewer, save the log file, and then clear the log file.

Copyright © 2007 - CIST 32Sec.Prop CrashOnAudit

Monitoring Changes to Files and Folders

• To monitor access to a file or folder. Do following:

1. Open Group policy, Computer configuration, Windows Settings, Local Policies, Audit Policy, and double-click Audit object access, check Failure and click Apply. Close the Group Policy windows.

2. Open the Properties of file or folder you want to monitor and click Security tab. Then click Advanced. Click the Auditing tab.

3. You can now add users that you want to monitor and decide what activity to monitor. To add a user, click Add. When you’re done, click Apply.

4. To view the logged activity, open Event Viewer and double-click Security

Copyright © 2007 - CIST 35ObjAccess AuditSecuTab EventViewr

Monitoring Changes to Startup

• You can install some third-party monitoring tools to monitor the startup process and let you know when installation software attempt to add something to your start up routine.

• Three good products are:

– Autoruns by Sysinternals (www.sysinternal.com)

– WinPatrol by BillP Studios (www.winpatrol.com)

– Startup Control Panel by Mike Lin (www.mlin.net)


Monitoring Network Activity

• You can use Windows Firewall to monitor and log network activity.

• Go to Windows Firewall window, click Advance tab. Under Security Logging, click Setting

• Path of the log file is C:\Windows\pfirewall.log• Log dropped packet is a packet that could not be

successfully delivered.• Log dropped packet when you’re trying to solve a

connection problem• Log successful connections when you want to monitor

network activity.


Destroy The Trash

• Destroy all storage media before you throw it out

• Shred or otherwise destroy hard copies that contain sensitive data

• Data migration is moving data from one application to another application. After the migration is complete, be sure to destroy old data storage media that is no longer used.

• When retiring a computer system. The best ways to totally erase everything on a hard drive is to use a zero-fill utility provided by a manufacturer.


Perform a Monthly Security Maintenance Routine

1. Change the administrator password(strong pass.)2. Checking that Windows Automatic Update is turned on and

working. 3. Check that AV software is installed and current4. Visually check the equipment to make sure the case has not

been tampered with. Is the lock secure?5. Check the Event Viewer. Take a look at the Security list,

looking for the failed attempts to access the system. 6. Verify that user backups of data are being done and current

backups of data and the System State exit. 7. If you are running Windows Disk Protection, you need to save

any changes to disk that are required to update installed software.


Securing Your Wired or Wireless Network

• Use a router to secure a SOHO network

– Limit communication from outside the network

– Limit communication form within the network

– Secure a wireless access point

– Implement a virtual private network (VPN)

• Authentication technologies for larger networks

– Encrypted user accounts and passwords

– Smart cards

– Biometric Data


Vocabulary

authentication authorization Encrypted File System

phishing scam email script social engineering spam wormzero-fill utility virus hoax



Summary

• Part of securing a Windows XP desktop or notebook computer includes securing the logon process, setting power-on passwords, using strong passwords, and limiting the use of the administrator account.

• All computer need to run a personal Firewall such as Windows Firewall under Windows XP with SP2 applied.

• For AV software or anti-adware software to be effective, it must be kept current and it must always be running in the background.

• Keeping Windows updates current is necessary to plug up any security holes a they become known.

• Internet Explorer can be set for better security by controlling the way scripts are used.

• Using less-popular clients such as Firefox might mean you are less likely to be attacked than popular one like IE.

Summary

• Practice and teach responsible Web surfing, such as never opening an e-mail attachment from unknown senders and never downloading from Web site you have not carefully checked out.

• Microsoft Shared Computer Toolkit can be used to lock down a public personal computer.

• File and folders can be hidden and made private and data within these files and folders can be encrypted using WEFS.

• Physically protect the equipment for which you are responsible

• Social engineering techniques used by criminals include phishing, scamming, and virus hoaxes.

• To make it less likely you’ll launch a malicious script on your computer, set Windows to display file extensions of scripts.


Summary

• To secure a system, maintain good backups of user data and System State files.

• Monitor and log events concerning logon failures, access to files and folders, changes to startup, and network activity.

• Don’t throw a way or recycle storage media without first destroying all data on the media.

• Maintain a monthly routine to check your security implementations to make sure all is working as it should and make any changes as appropriate.

• A small network can be secured using a router. For larger networks, a user can be authenticated on a network using encrypted user accounts and passwords, a token such as using a smart card, and/or biometric data.



Review Questions

• Where can virus hide?• Which windows tool do you use to view a recorded

log of network activity?• What is social engineering? Phishing?• What is spam? Scam e-mail ? Virus hoax? • What are five file extensions that might be used

for scripts? • Why might someone see better security when

using a browser other than Internet Explorer? • Name one e-mail client other than MS Outlook or

Outlook Express?


Question

Questions?

Video of chapter 17/18 (reference on the guide ‘Managing & maintaining your PC’)- Securing a wireless LAN- Using a Hardware firewall

and now it’s time to practice

C:\Users\leapcheang.hy\Documents\CIST DATA\Data At CIST\Lessons At CIST\SNA_Q1\01 Computer Mantenance\Materials for Instructor and Student\New Update with Nordine\Multimedia\Course\Video Clips\A+GuideVideos.exe