Saturday, November 24, 2012

Chapter 12 Using Mobile Computers


Wireless networks have the same threats as cabled networks, but are easier for attackers to break in.  Cabled networks require physical access to the network, whereas wireless attacks transpire offsite, like in a car outside a building. Specific wireless attacks:

·         Eavesdropping - capture traffic at the WAP (wireless access point)

·         Masquerading - attacker gains access by pretending to be authorized user

·         Attacks against wireless clients - launch network based attacks on computer connected to ad-hoc network or untrusted wireless network

·         Denial of service (DOS) - jam frequencies preventing users from communicating with network

·         Data tampering - man-in-the middle attack used to modify information before sending to intended destination

(WEP)  wired equivalent Privacy and (WPA and WPA2) WiFi Protected Area (more secure than WEP) are two main security protocols used in wireless networks. You must decide which protocol to use and all devices must support the one you choose.

·         WEP - most frequently cracked

o   Doesn't provide automatic changing of the shared secret

o   Shared secret tend to stay in place indefinitely giving attackers longer time to crack the code

·         WAP - two encryption options/two operational modes

o    TKIP - temporal key integrity protocol - uses unique encryption key for each packet

o   AES - advanced encryption system - uses more secure encryption algorithm - requires equipment that specifically supports it

o   WPA-Personal - aka WPA-PSK (preshared key mode) - only devices with WPA passphrase can join the network

o   WPA-Enterprise - aka WPA9802.1X or WPA-RADIUS - more difficult to implement and configure, but is more secure - eliminates shared passphrase - provides centralized administration, logging and auditing

Using Windows mobility center, you can modify configuration settings of the computer you are working on. You can configure power settings, display, brightness, etc. Table 12-2 on page 462 displays the default power plan settings for: power saver, balanced and high performance plans.

BitLocker is an encrypting file system that makes it possible to encrypt an entire volume, while BitLocker To Go encrypts removable USB devices such as flash drives and external hard disks. Full volume encryption advantages:

·         Increased data protection

·         Integrity checking - ensures that if the hard drive is stolen and installed into a different computer, access will be denied

Assign a DRA - data recovery agent - in case a user loses the startup key and/or the PIN needed to boot a system with BitLocker enabled.

VPN creates a tunnel between client and server, which encrypts the data. VPN protocols that Windows Server 2008 supports:

·         PPTP - Point to Point tunneling protocol - oldest and least secure

·         L2TP - Layer 2 tunneling protocol - relies on IPsec for encryption - performs double encapsulation

·         SSTP - Secure socket tunneling protocol - encapsulates PPP traffic using Secure Socket Layer (SSL) protocol - uses certificates for authentication

·         IKEv2 - Internet Key Exchange, Version 2 - new in Windows 7 and Server 2008 R2 - supports IPv6 and VPN Reconnect feature -based on (MOBIKE) mobile and multihoming protocol enables a computer to reconnect to a VPN server automatically after an interruption up to 8 hrs

 

 

 

 

Saturday, November 17, 2012

Chapter 11 Administrating Windows 7


Troubleshooting is playing a detective to determine who, what, where, when, why & how. You need to find the missing piece to solve the puzzle. Many computer problems are caused by user error, and can be corrected quickly. Basic steps to troubleshooting:

·         What is not working properly?

o   What exactly were you doing just before and at the moment when the problem started?

o   Were you able to finish?

o   Any other problems recently?

o   Was everything working just before the problem?

o   Did anyone do anything to solve the problem? What?

·         Where is the problem?

·         Was something changed/added?

o   Any hardware or software recently installed, removed, reconfigured?

·         Select the most probable cause - may be as simple as making sure the device is plugged in or performing a restart

·         Implement a solution - remove pgm/drive updates

·         Test results

·         Document the solution

o   Documenting the problem/solution and educating users why the problem occurred can help prevent problems in the future - can provide for quicker resolutions

Prioritize which problems to troubleshoot first:

·         Shared resources over individual resources

·         Network wide over workgroup or user

·         Departmental problems rated by the function of the department

·         System-wide over application

Many troubleshooting available in Windows 7 as listed in table 11-1 on page 405-406

A user that needs help starts by requesting for help using remote assistance. Remote assistance must be configured through control panel or by using group policy. Using remote assistance eliminates the need to travel to the user's location for:

·         Technical assistance

·         Troubleshooting

·         Training

Remote assistance allows the person helping to have the same authorization as the user they are helping. Security features included with remote assistance:

·         Must be invited in order to login

·         User must be present to grant access

·         User being helped has control and can terminate session at any time

·         Users/administrators can use remote assistance group policy settings or the system property sheet to grant specific permissions for remote assistance

·         Firewalls - block port 3389 if using remote assistance internally and connecting to the internet

o   Possible to provide remote assistance over the internet - would require leaving port 3389 open

Remote management enables administrators to execute commands on remote computers using Windows PowerShell or Windows Remote Shell (WinRS.exe)

·         Windows Remote Management


·         Windows Remote Shell video


·         WinRS.exe - to execute command from Windows 7 command prompt

o   -r:computer: name of computer to execute the command on
  • computer name needs to be NetBIOS name or a FDQN

o   -u:user: account where you want to execute the command on

o   -p:password: password for the account specified in -u command

o   command: the command you want to execute




Friday, November 9, 2012

Lesson 10 Securing Windows 7


The beginning of Chapter 10 reviews different aspects of security in Windows 7. Passwords are a way of authenticating a user and Password policies helps to establish stronger passwords.

Multifactor authorization uses more than one of the following:

·         Something a user knows – User ID and password

·         Something a user has – something carried by the user – smartcard

o   PIV – Personal identity verification – Windows 7 can get drivers for PIV smart cards

·         Something the user is – biometrics – most popular is fingerprint

o   Windows Biometric Framework – provides core biometric function and a drive component

o   Usually part of a multifactor authentication in case the fingerprint scan fails

Several password policies can be configured to ensure your users are creating strong passwords, making brute force attacks more cumbersome for attackers:

·         Length of password – minimum 7 characters

·         Password complexity- use at least three of the following

o   Upper case, Lower case, number, special character

·         Enforce password history – users cannot reuse passwords

·         Enforce password age – users must change passwords – can’t be too short of a period of time or users will be constantly forgetting their passwords – interrupting administrators from completing more important tasks

o   Important note: Users need to create reset password disks – if administrator resets the password- a user loses all access to EFS-encrypted files, all certificates in the users' personal certificate store and all passwords stored in the Windows Vault

·         Account lockout – if user enters incorrect password, account locks – denying any access for a set period of time or until and administrator unlocks – prevents brute force attacks from completing successfully due to denial of access into account

Smart cards – more secure than passwords - almost no way to duplicate and create a brute force attack using a smart card

·         If lost – a user knows and reports – card is disabled immediately

·         Usually a smart card and one other authentication method is used

Firewalls protect against some of the following hazards:

·         Trojan horse applications

·         Users connected to public networks then bringing compromising resources to the work/home network

·         Unguarded ports

·         Unauthorized users obtain passwords then log on to a computer from a remote location and compromise data/programming

Firewall traffic:

·         Inbound traffic –  default is set to block all traffic until you specify what to allow in - specify rules for allowing inbound traffic – most important

·         Outbound traffic – default is set to allow all traffic - specify rules for outgoing traffic

Important: When working with Advanced Security console in Windows Firewall, you are working with a complete set of rules for ALL profiles. When working with Windows Firewall Settings dialog box, you are working with rules for current active profile.

Firewall rule parameters:

·         Rule type - program, port, predefined. Custom

·         Protocol and ports - allows to specify the exact rules allowed

·         Scopes - allow or block traffic by IP address

·         Action - what firewall should do if a packet matches the rule

·         Profiles - domain, private and/or public

·         Names - specifies the name of the rule and description (optional)

Windows Defender - prevents spyware from entering your network

·         Scans where spyware most commonly infiltrates a computer

·         Must be running all the time - installed in preloading mechanism like a Startup folder and the Run key registry

·         Prompts user to ignore, quarantine, remove program or add it to an always allow list

·         By default runs a scan at 2 am every day

·         Difficult to find in Windows 7 - there is no shortcut - located in Control Panel when in Large or Small icons view

·         Configuration settings:

o   Automatic scanning - if, when, how often Defender should scan

o   Default actions - what to do when detecting items at each of the alert level

o   Real-time protection - provide real time protection and what type

o   Excluded files and folders - specify what not to scan

o   Exclude file types - specify what type not to scan

o   Advanced - more detailed options

o   Administrator - alert all users if detection of spyware occurs and allow all users to initiate Defender scans