Friday, November 9, 2012

Lesson 10 Securing Windows 7


The beginning of Chapter 10 reviews different aspects of security in Windows 7. Passwords are a way of authenticating a user and Password policies helps to establish stronger passwords.

Multifactor authorization uses more than one of the following:

·         Something a user knows – User ID and password

·         Something a user has – something carried by the user – smartcard

o   PIV – Personal identity verification – Windows 7 can get drivers for PIV smart cards

·         Something the user is – biometrics – most popular is fingerprint

o   Windows Biometric Framework – provides core biometric function and a drive component

o   Usually part of a multifactor authentication in case the fingerprint scan fails

Several password policies can be configured to ensure your users are creating strong passwords, making brute force attacks more cumbersome for attackers:

·         Length of password – minimum 7 characters

·         Password complexity- use at least three of the following

o   Upper case, Lower case, number, special character

·         Enforce password history – users cannot reuse passwords

·         Enforce password age – users must change passwords – can’t be too short of a period of time or users will be constantly forgetting their passwords – interrupting administrators from completing more important tasks

o   Important note: Users need to create reset password disks – if administrator resets the password- a user loses all access to EFS-encrypted files, all certificates in the users' personal certificate store and all passwords stored in the Windows Vault

·         Account lockout – if user enters incorrect password, account locks – denying any access for a set period of time or until and administrator unlocks – prevents brute force attacks from completing successfully due to denial of access into account

Smart cards – more secure than passwords - almost no way to duplicate and create a brute force attack using a smart card

·         If lost – a user knows and reports – card is disabled immediately

·         Usually a smart card and one other authentication method is used

Firewalls protect against some of the following hazards:

·         Trojan horse applications

·         Users connected to public networks then bringing compromising resources to the work/home network

·         Unguarded ports

·         Unauthorized users obtain passwords then log on to a computer from a remote location and compromise data/programming

Firewall traffic:

·         Inbound traffic –  default is set to block all traffic until you specify what to allow in - specify rules for allowing inbound traffic – most important

·         Outbound traffic – default is set to allow all traffic - specify rules for outgoing traffic

Important: When working with Advanced Security console in Windows Firewall, you are working with a complete set of rules for ALL profiles. When working with Windows Firewall Settings dialog box, you are working with rules for current active profile.

Firewall rule parameters:

·         Rule type - program, port, predefined. Custom

·         Protocol and ports - allows to specify the exact rules allowed

·         Scopes - allow or block traffic by IP address

·         Action - what firewall should do if a packet matches the rule

·         Profiles - domain, private and/or public

·         Names - specifies the name of the rule and description (optional)

Windows Defender - prevents spyware from entering your network

·         Scans where spyware most commonly infiltrates a computer

·         Must be running all the time - installed in preloading mechanism like a Startup folder and the Run key registry

·         Prompts user to ignore, quarantine, remove program or add it to an always allow list

·         By default runs a scan at 2 am every day

·         Difficult to find in Windows 7 - there is no shortcut - located in Control Panel when in Large or Small icons view

·         Configuration settings:

o   Automatic scanning - if, when, how often Defender should scan

o   Default actions - what to do when detecting items at each of the alert level

o   Real-time protection - provide real time protection and what type

o   Excluded files and folders - specify what not to scan

o   Exclude file types - specify what type not to scan

o   Advanced - more detailed options

o   Administrator - alert all users if detection of spyware occurs and allow all users to initiate Defender scans

No comments:

Post a Comment