The beginning of Chapter 10 reviews different aspects of security in
Windows 7. Passwords are a way of authenticating a user and Password policies
helps to establish stronger passwords.
Multifactor authorization uses more than one of the following:
·
Something a user knows – User ID and password
·
Something a user has – something carried by the
user – smartcard
o
PIV – Personal identity verification – Windows 7
can get drivers for PIV smart cards
·
Something the user is – biometrics – most
popular is fingerprint
o
Windows Biometric Framework – provides core
biometric function and a drive component
o
Usually part of a multifactor authentication in
case the fingerprint scan fails
Several password policies can be configured to ensure your users are
creating strong passwords, making brute force attacks more cumbersome for
attackers:
·
Length of password – minimum 7 characters
·
Password complexity- use at least three of the
following
o
Upper case, Lower case, number, special
character
·
Enforce password history – users cannot reuse
passwords
·
Enforce password age – users must change
passwords – can’t be too short of a period of time or users will be constantly
forgetting their passwords – interrupting administrators from completing more
important tasks
o
Important note: Users need to create reset
password disks – if administrator resets the password- a user loses all access
to EFS-encrypted files, all certificates in the users' personal certificate
store and all passwords stored in the Windows Vault
·
Account lockout – if user enters incorrect
password, account locks – denying any access for a set period of time or until
and administrator unlocks – prevents brute force attacks from completing
successfully due to denial of access into account
Smart cards – more secure than passwords - almost no way to duplicate
and create a brute force attack using a smart card
·
If lost – a user knows and reports – card is
disabled immediately
·
Usually a smart card and one other
authentication method is used
Firewalls protect against some of the following hazards:
·
Trojan horse applications
·
Users connected to public networks then bringing
compromising resources to the work/home network
·
Unguarded ports
·
Unauthorized users obtain passwords then log on
to a computer from a remote location and compromise data/programming
Firewall traffic:
·
Inbound traffic – default is set to block all traffic until you
specify what to allow in - specify rules for allowing inbound traffic – most
important
·
Outbound traffic – default is set to allow all
traffic - specify rules for outgoing traffic
Important: When working with
Advanced Security console in Windows Firewall, you are working with a complete
set of rules for ALL profiles. When working with Windows Firewall Settings
dialog box, you are working with rules for current active profile.
·
Rule type - program, port, predefined. Custom
·
Protocol and ports - allows to specify the exact
rules allowed
·
Scopes - allow or block traffic by IP address
·
Action - what firewall should do if a packet
matches the rule
·
Profiles - domain, private and/or public
·
Names - specifies the name of the rule and
description (optional)
Windows Defender - prevents spyware from entering your network
·
Scans where spyware most commonly infiltrates a
computer
·
Must be running all the time - installed in
preloading mechanism like a Startup folder and the Run key registry
·
Prompts user to ignore, quarantine, remove
program or add it to an always allow list
·
By default runs a scan at 2 am every day
·
Difficult to find in Windows 7 - there is no
shortcut - located in Control Panel when in Large or Small icons view
·
Configuration settings:
o
Automatic scanning - if, when, how often
Defender should scan
o
Default actions - what to do when detecting
items at each of the alert level
o
Real-time protection - provide real time
protection and what type
o
Excluded files and folders - specify what not to
scan
o
Exclude file types - specify what type not to
scan
o
Advanced - more detailed options
o
Administrator - alert all users if detection of
spyware occurs and allow all users to initiate Defender scans
No comments:
Post a Comment