Saturday, November 24, 2012

Chapter 12 Using Mobile Computers


Wireless networks have the same threats as cabled networks, but are easier for attackers to break in.  Cabled networks require physical access to the network, whereas wireless attacks transpire offsite, like in a car outside a building. Specific wireless attacks:

·         Eavesdropping - capture traffic at the WAP (wireless access point)

·         Masquerading - attacker gains access by pretending to be authorized user

·         Attacks against wireless clients - launch network based attacks on computer connected to ad-hoc network or untrusted wireless network

·         Denial of service (DOS) - jam frequencies preventing users from communicating with network

·         Data tampering - man-in-the middle attack used to modify information before sending to intended destination

(WEP)  wired equivalent Privacy and (WPA and WPA2) WiFi Protected Area (more secure than WEP) are two main security protocols used in wireless networks. You must decide which protocol to use and all devices must support the one you choose.

·         WEP - most frequently cracked

o   Doesn't provide automatic changing of the shared secret

o   Shared secret tend to stay in place indefinitely giving attackers longer time to crack the code

·         WAP - two encryption options/two operational modes

o    TKIP - temporal key integrity protocol - uses unique encryption key for each packet

o   AES - advanced encryption system - uses more secure encryption algorithm - requires equipment that specifically supports it

o   WPA-Personal - aka WPA-PSK (preshared key mode) - only devices with WPA passphrase can join the network

o   WPA-Enterprise - aka WPA9802.1X or WPA-RADIUS - more difficult to implement and configure, but is more secure - eliminates shared passphrase - provides centralized administration, logging and auditing

Using Windows mobility center, you can modify configuration settings of the computer you are working on. You can configure power settings, display, brightness, etc. Table 12-2 on page 462 displays the default power plan settings for: power saver, balanced and high performance plans.

BitLocker is an encrypting file system that makes it possible to encrypt an entire volume, while BitLocker To Go encrypts removable USB devices such as flash drives and external hard disks. Full volume encryption advantages:

·         Increased data protection

·         Integrity checking - ensures that if the hard drive is stolen and installed into a different computer, access will be denied

Assign a DRA - data recovery agent - in case a user loses the startup key and/or the PIN needed to boot a system with BitLocker enabled.

VPN creates a tunnel between client and server, which encrypts the data. VPN protocols that Windows Server 2008 supports:

·         PPTP - Point to Point tunneling protocol - oldest and least secure

·         L2TP - Layer 2 tunneling protocol - relies on IPsec for encryption - performs double encapsulation

·         SSTP - Secure socket tunneling protocol - encapsulates PPP traffic using Secure Socket Layer (SSL) protocol - uses certificates for authentication

·         IKEv2 - Internet Key Exchange, Version 2 - new in Windows 7 and Server 2008 R2 - supports IPv6 and VPN Reconnect feature -based on (MOBIKE) mobile and multihoming protocol enables a computer to reconnect to a VPN server automatically after an interruption up to 8 hrs

 

 

 

 

Saturday, November 17, 2012

Chapter 11 Administrating Windows 7


Troubleshooting is playing a detective to determine who, what, where, when, why & how. You need to find the missing piece to solve the puzzle. Many computer problems are caused by user error, and can be corrected quickly. Basic steps to troubleshooting:

·         What is not working properly?

o   What exactly were you doing just before and at the moment when the problem started?

o   Were you able to finish?

o   Any other problems recently?

o   Was everything working just before the problem?

o   Did anyone do anything to solve the problem? What?

·         Where is the problem?

·         Was something changed/added?

o   Any hardware or software recently installed, removed, reconfigured?

·         Select the most probable cause - may be as simple as making sure the device is plugged in or performing a restart

·         Implement a solution - remove pgm/drive updates

·         Test results

·         Document the solution

o   Documenting the problem/solution and educating users why the problem occurred can help prevent problems in the future - can provide for quicker resolutions

Prioritize which problems to troubleshoot first:

·         Shared resources over individual resources

·         Network wide over workgroup or user

·         Departmental problems rated by the function of the department

·         System-wide over application

Many troubleshooting available in Windows 7 as listed in table 11-1 on page 405-406

A user that needs help starts by requesting for help using remote assistance. Remote assistance must be configured through control panel or by using group policy. Using remote assistance eliminates the need to travel to the user's location for:

·         Technical assistance

·         Troubleshooting

·         Training

Remote assistance allows the person helping to have the same authorization as the user they are helping. Security features included with remote assistance:

·         Must be invited in order to login

·         User must be present to grant access

·         User being helped has control and can terminate session at any time

·         Users/administrators can use remote assistance group policy settings or the system property sheet to grant specific permissions for remote assistance

·         Firewalls - block port 3389 if using remote assistance internally and connecting to the internet

o   Possible to provide remote assistance over the internet - would require leaving port 3389 open

Remote management enables administrators to execute commands on remote computers using Windows PowerShell or Windows Remote Shell (WinRS.exe)

·         Windows Remote Management


·         Windows Remote Shell video


·         WinRS.exe - to execute command from Windows 7 command prompt

o   -r:computer: name of computer to execute the command on
  • computer name needs to be NetBIOS name or a FDQN

o   -u:user: account where you want to execute the command on

o   -p:password: password for the account specified in -u command

o   command: the command you want to execute




Friday, November 9, 2012

Lesson 10 Securing Windows 7


The beginning of Chapter 10 reviews different aspects of security in Windows 7. Passwords are a way of authenticating a user and Password policies helps to establish stronger passwords.

Multifactor authorization uses more than one of the following:

·         Something a user knows – User ID and password

·         Something a user has – something carried by the user – smartcard

o   PIV – Personal identity verification – Windows 7 can get drivers for PIV smart cards

·         Something the user is – biometrics – most popular is fingerprint

o   Windows Biometric Framework – provides core biometric function and a drive component

o   Usually part of a multifactor authentication in case the fingerprint scan fails

Several password policies can be configured to ensure your users are creating strong passwords, making brute force attacks more cumbersome for attackers:

·         Length of password – minimum 7 characters

·         Password complexity- use at least three of the following

o   Upper case, Lower case, number, special character

·         Enforce password history – users cannot reuse passwords

·         Enforce password age – users must change passwords – can’t be too short of a period of time or users will be constantly forgetting their passwords – interrupting administrators from completing more important tasks

o   Important note: Users need to create reset password disks – if administrator resets the password- a user loses all access to EFS-encrypted files, all certificates in the users' personal certificate store and all passwords stored in the Windows Vault

·         Account lockout – if user enters incorrect password, account locks – denying any access for a set period of time or until and administrator unlocks – prevents brute force attacks from completing successfully due to denial of access into account

Smart cards – more secure than passwords - almost no way to duplicate and create a brute force attack using a smart card

·         If lost – a user knows and reports – card is disabled immediately

·         Usually a smart card and one other authentication method is used

Firewalls protect against some of the following hazards:

·         Trojan horse applications

·         Users connected to public networks then bringing compromising resources to the work/home network

·         Unguarded ports

·         Unauthorized users obtain passwords then log on to a computer from a remote location and compromise data/programming

Firewall traffic:

·         Inbound traffic –  default is set to block all traffic until you specify what to allow in - specify rules for allowing inbound traffic – most important

·         Outbound traffic – default is set to allow all traffic - specify rules for outgoing traffic

Important: When working with Advanced Security console in Windows Firewall, you are working with a complete set of rules for ALL profiles. When working with Windows Firewall Settings dialog box, you are working with rules for current active profile.

Firewall rule parameters:

·         Rule type - program, port, predefined. Custom

·         Protocol and ports - allows to specify the exact rules allowed

·         Scopes - allow or block traffic by IP address

·         Action - what firewall should do if a packet matches the rule

·         Profiles - domain, private and/or public

·         Names - specifies the name of the rule and description (optional)

Windows Defender - prevents spyware from entering your network

·         Scans where spyware most commonly infiltrates a computer

·         Must be running all the time - installed in preloading mechanism like a Startup folder and the Run key registry

·         Prompts user to ignore, quarantine, remove program or add it to an always allow list

·         By default runs a scan at 2 am every day

·         Difficult to find in Windows 7 - there is no shortcut - located in Control Panel when in Large or Small icons view

·         Configuration settings:

o   Automatic scanning - if, when, how often Defender should scan

o   Default actions - what to do when detecting items at each of the alert level

o   Real-time protection - provide real time protection and what type

o   Excluded files and folders - specify what not to scan

o   Exclude file types - specify what type not to scan

o   Advanced - more detailed options

o   Administrator - alert all users if detection of spyware occurs and allow all users to initiate Defender scans

Sunday, October 28, 2012

Chapter 9 Working with Workgroups and Domains


 
 
Authentication - verify ID - "Can I see your ID please"
Authorization - giving permission - cashier enters code in register granting permission for purchase
User rights - this is not a part of permissions - specific OS tasks that can be performed by designated users or system admin:
·         Backups
·         System shut down
·         Allow log on through terminal services
Groups - giving permissions by using groups instead of individual users is less work for administrators; easier to give and take away permissions.
Two way of assigning permissions in Windows depending on experience/expertise
·         User accounts - for inexperienced users
·         Local users and groups - full access to local users and groups for the more experienced user

Three main user profiles:
·         Local - automatically created
·         Roaming - stored on shared server - accessible from anywhere on network
·         Mandatory - roaming profile that is a read-only profile - users can change how it looks while they are logged on - once they log off, the profile reverts back to original setup
Domain vs. workgroup
·         Main difference - users log on to domain once rather than each computer individually
·         Access network resources, the individual computer hosting the resource send authorization requests to the domain controller rather than handing all requests
Properties sheet for local users has 3 tabs where the domain user properties sheet has 15 allowing significantly more information about user and network resources.
Local groups that are built-in can have their properties modified, change names and new permissions, but it's a better to leave the built-ins with the default. Create your own and assign permissions needed. See table on page 332 for built-in local groups and their capabilities. Local groups are defined by what they cannot do:
·         Can only be used on computer where they were created
·         Local users from same computer can be members of local groups
·         When computer is part of AD DS domain - local groups can have domain users and domain global groups as members
·         Local groups can't have other local groups as members - domain groups can be members
·         Assign permissions to local groups only when controlling access to resources on local computer
·         If windows server is functioning as a domain controller - can't create local groups here
Special identity - placeholder for users with similar characteristics - see page 333 for table of Special Identities and their constituents

Saturday, October 27, 2012

Chapter 8 Managing and Monitoring Windows 7 Performance


The first part of the chapter reviewed Windows Update Types, which are one of the following forms:

·         Hotfixes

·         Security updates

·         Cumulative updates or rollups

·         Service packs

The updates are classified in the following categories of importance:

·         Important

·         Recommended

·         Optional

·         Device drivers - usually updated from manufacturers website

In large organizations, admins may delay running the updates until after testing them on one workstation to ensure applications will still work properly, or, they may wait several weeks to allow any bugs to be worked out.

·         Home users or small offices may install updates automatically, which is the recommended method.

·         You can also set up to download the updates, but let the user decide when to install.

·         Check for updates and let user decide if they want to download them.

·         Never check for updates - NOT recommended.

WSUS - windows server update services

·         Downloads updates and stores in a database for admin evaluation

·         Select updates to deploy and which computers to deploy them to

·         This allows update to be downloaded once from the Internet - reduces bandwidth usage

·         Distributes using LAN

Event Viewer displays log info gathered by the OS and in a graphical application.  They can be information, error, warnings or critical. Windows logs:

·         Application

·         Security

·         Setup

·         System

·         Forwarded events

Performance Monitor displays performance counters as reports, bar graph or line graph. You can add counters to create customized performance trackers. 4 pieces of info need to be added to create a counter:

·         Computer

·         Performance object

·         Performance counter

·         Instance

The type of information that is collected should determine the view used. If the counter variables are considerably different, or if there is several different categories, it may be more meaningful to display as a report or as a histogram. To create an effective display:

·         Limit number of counters

·         Modify counter display properties

·         Choose counters with comparable values

A data collector set (DCS) is used to create a baseline so you have readings to compare to a future instance.

To monitor programs and configuration settings that may be causing negative effects on system performance, you need to use the System Configuration tool by typing msconfig in the start menu search box.