15 minute security guide - windows workstation security
TRANSCRIPT
-
8/7/2019 15 Minute Security Guide - Windows Workstation Security
1/47
15 minute security primers:15 minute security primers:
Windows Network WorkstationWindows Network WorkstationSecuritySecurity
Johnny LongJohnny Long
http://johnny.http://johnny.ihackstuffihackstuff.com.com
-
8/7/2019 15 Minute Security Guide - Windows Workstation Security
2/47
The BIG DisclaimerThe BIG Disclaimer This presentation is based on theThis presentation is based on the
SecurityFocusSecurityFocus Checklist by ScottChecklist by Scott GrannemanGranneman
entitledentitled A Home User's Security Checklist forA Home User's Security Checklist forWindowsWindows
Download:Download:http://www.http://www.securityfocussecurityfocus.com/columnists/220.com/columnists/220
Scott did the work. IScott did the work. Im here to spread them here to spread theword, keep it simple and show how it can beword, keep it simple and show how it can beabused.abused.
Basic Windows security is possible, and it onlyBasic Windows security is possible, and it onlytakes 15 minutes.takes 15 minutes.
-
8/7/2019 15 Minute Security Guide - Windows Workstation Security
3/47
The little disclaimerThe little disclaimer ItIts hard to account for all versions ofs hard to account for all versions of
Windows here, so I use Windows XPWindows here, so I use Windows XP
Professional for the examples.Professional for the examples. This presentation is for entry-levelThis presentation is for entry-level
users.users.
For most examples I will show an attackFor most examples I will show an attackfollowed by the appropriate fix.followed by the appropriate fix.
In some cases I will just show a fix.In some cases I will just show a fix.
-
8/7/2019 15 Minute Security Guide - Windows Workstation Security
4/47
Problem: Administrative AccessProblem: Administrative Access
Although itAlthough its simpler, do not use thes simpler, do not use the
Administrator account (or anAdministrator account (or an
equivalent) for every-day work.equivalent) for every-day work.
ItIts too easy for an attacker to abuses too easy for an attacker to abuse
you machine and unless you know whatyou machine and unless you know what
youyoure doing, itre doing, its too easy to messs too easy to messthings up!things up!
-
8/7/2019 15 Minute Security Guide - Windows Workstation Security
5/47
Fix: Restrict Admin AccessFix: Restrict Admin Access
Do Not run Windows as AdministratorDo Not run Windows as Administrator
Create a user account for every dayCreate a user account for every day
use. Reserve the Administrator role foruse. Reserve the Administrator role for
system maintenance.system maintenance.
-
8/7/2019 15 Minute Security Guide - Windows Workstation Security
6/47
Problem: Accounts without passwordsProblem: Accounts without passwords
Surprisingly enough, many users haveSurprisingly enough, many users have
accounts without passwords.accounts without passwords.
Most users are aware that passwordsMost users are aware that passwords
are a good thing, but do you keep trackare a good thing, but do you keep track
of all user accounts on your machine?of all user accounts on your machine?
-
8/7/2019 15 Minute Security Guide - Windows Workstation Security
7/47
Problem: Accounts with badProblem: Accounts with bad
passwordspasswords
This is a
standard useraccount with
no password!
All accounts
should have
strongpasswords.
Control Panel ->
User Accounts
brings up the User
Account Manager.
-
8/7/2019 15 Minute Security Guide - Windows Workstation Security
8/47
Attack! Accounts without passwordsAttack! Accounts without passwords
A attacker
can usesimple
commands to
browse your
machine
without apassword...
-
8/7/2019 15 Minute Security Guide - Windows Workstation Security
9/47
Attack! Accounts without passwordsAttack! Accounts without passwords
The THC-hydra tool
from
http://www.thc.org
has many uses.
-
8/7/2019 15 Minute Security Guide - Windows Workstation Security
10/47
Attack! Accounts withoutAttack! Accounts without
passwordspasswords..including the
discovery of user
accounts with nopassword!
-
8/7/2019 15 Minute Security Guide - Windows Workstation Security
11/47
Attack! Dictionary AttackAttack! Dictionary Attack
In order to pound a
password, an attacker
will create a basicpassword file.
-
8/7/2019 15 Minute Security Guide - Windows Workstation Security
12/47
Attack! Dictionary Attack!Attack! Dictionary Attack!THChydra can
eventually find a
password, even if itsnot simple like this
one.
-
8/7/2019 15 Minute Security Guide - Windows Workstation Security
13/47
Fix: Good, Strong PasswordsFix: Good, Strong Passwords All accounts on your machine shouldAll accounts on your machine should
have strong passwords.have strong passwords.
Unless you know what youUnless you know what youre doing,re doing,every account should have a passwordevery account should have a password
Strong Passwords:Strong Passwords:
Never appear in any dictionaryNever appear in any dictionary Contain upper and lower case characters,Contain upper and lower case characters,
numbers and special charactersnumbers and special characters
-
8/7/2019 15 Minute Security Guide - Windows Workstation Security
14/47
Problem:Problem: CleartextCleartext PasswordsPasswords
Sometimes, even a strong password isSometimes, even a strong password is
not enough protection.not enough protection.
Passwords that travel the networkPasswords that travel the network
under cover of weak or zero encryptionunder cover of weak or zero encryption
can be captured and reused.can be captured and reused.
-
8/7/2019 15 Minute Security Guide - Windows Workstation Security
15/47
Attack!Attack! CleartextCleartext PasswordsPasswords
the attacker
connects to your
computer with your
password...
then connects to your
C: drive....
Using a pilfered password
-
8/7/2019 15 Minute Security Guide - Windows Workstation Security
16/47
Attack!Attack!CleartextCleartext PasswordsPasswords
and rifles through
your personal stuff!!!
-
8/7/2019 15 Minute Security Guide - Windows Workstation Security
17/47
Fix: Only use encryptedFix: Only use encrypted
authenticationauthentication If you are unsure about the protectionIf you are unsure about the protection
of your passwords over the network, itof your passwords over the network, itss
best to err on the side of caution.best to err on the side of caution.
Understand the risks of yourUnderstand the risks of your
transactionstransactions
-
8/7/2019 15 Minute Security Guide - Windows Workstation Security
18/47
Problem: Anyone can ConnectProblem: Anyone can Connect
to your computerto your computer Even with strong passwords, attackersEven with strong passwords, attackers
can still access services on yourcan still access services on your
machine if theymachine if they
obtain your passwordobtain your password
exploit a vulnerability on your machineexploit a vulnerability on your machine
exploit third-party softwareexploit third-party software
-
8/7/2019 15 Minute Security Guide - Windows Workstation Security
19/47
Attack! PingsAttack! PingsWithout a firewall,
anyone can send a
PING or an are youthere message to your
computer.
-
8/7/2019 15 Minute Security Guide - Windows Workstation Security
20/47
Attack! Port scanAttack! Port scanPort scanners can show
what services your
computer is running
-
8/7/2019 15 Minute Security Guide - Windows Workstation Security
21/47
Attack! WindowsAttack! Windows PopupsPopups
Various open ports on
your machine (like 138,NETBIOS DGM) can be
used by attackers to
send you annoying or
dangerous popup
messages like these.
-
8/7/2019 15 Minute Security Guide - Windows Workstation Security
22/47
Fix: Windows FirewallFix: Windows Firewall Windows has a built-in firewall that hasWindows has a built-in firewall that has
a minimum of features, but is bettera minimum of features, but is better
than nothingthan nothing
-
8/7/2019 15 Minute Security Guide - Windows Workstation Security
23/47
Fix: Windows FirewallFix: Windows FirewallStart Menu -->
Settings -->
Network Connections
Right-Click your Internet
Adapter and choose
Properties
-
8/7/2019 15 Minute Security Guide - Windows Workstation Security
24/47
Fix: Windows FirewallFix: Windows FirewallClick the Advanced tab to find
the option for Internet
Connection Firewall.
Checking this box turns onyour firewall.
Turning off the firewall
(unchecking this box)
produces a warning message.
-
8/7/2019 15 Minute Security Guide - Windows Workstation Security
25/47
Fix: Windows FirewallFix: Windows FirewallFrom the Advanced Tab,
click Settings
The Services Tab allows
you to select which
services to allow through
the firewall. Checkedservices are allowed
through. Only check
services if you know
what youre doing
-
8/7/2019 15 Minute Security Guide - Windows Workstation Security
26/47
Fix: Windows FirewallFix: Windows FirewallFrom the Advanced Tab,
click Settings
The Security Logging tab
allows for various
logging options. By
default, nothing islogged! Select log
dropped, log
successful or both to
enable logging.
-
8/7/2019 15 Minute Security Guide - Windows Workstation Security
27/47
Fix: Windows FirewallFix: Windows FirewallA dropped packets log
might look like this
This report shows information including the date,
packet type, and the IP address that sent it.
-
8/7/2019 15 Minute Security Guide - Windows Workstation Security
28/47
Fix: Windows FirewallFix: Windows FirewallFrom the Advanced Tab,
click Settings
The ICMP tab blocks ICMP
messages by default. Although
ICMP (the protocol that handles
PING) is fairly benign, it can beused my accomplished hackers
to gather info about your
computer. Keep these options
unchecked.
-
8/7/2019 15 Minute Security Guide - Windows Workstation Security
29/47
Fix: Test your InternetFix: Test your Internet
ExposureExposureThe Shields up
program allows you to
scan your machine for
vulnerabilities from the
Internet.
-
8/7/2019 15 Minute Security Guide - Windows Workstation Security
30/47
Problem: Out of DateProblem: Out of Date
SoftwareSoftware ItIts a statistical fact that older softwares a statistical fact that older software
has more discovered security holes thanhas more discovered security holes than
newer versions of that software.newer versions of that software.
The easiest way to stay on top of theThe easiest way to stay on top of the
latest security fixes is windows updatelatest security fixes is windows update
-
8/7/2019 15 Minute Security Guide - Windows Workstation Security
31/47
Attack! Spoofing WindowsAttack! Spoofing Windows
UpdateUpdate It is possible for an accomplished attacker toIt is possible for an accomplished attacker to
insert a bogus update into your system.insert a bogus update into your system.
Ultra-paranoids should install updatesUltra-paranoids should install updatesmanually viamanually via
http://windowsupdate.microsoft.comhttp://windowsupdate.microsoft.com
In addition, downloaded packages should beIn addition, downloaded packages should be
manually verified before installation.manually verified before installation.
-
8/7/2019 15 Minute Security Guide - Windows Workstation Security
32/47
Fix: Windows UpdateFix: Windows UpdateOne way to get into
Windows Update
Settings is via right-
clicking on
My Computer, selecting
Properties and
selecting the
Automatic UpdatesTab.
-
8/7/2019 15 Minute Security Guide - Windows Workstation Security
33/47
Fix: Windows UpdateFix: Windows Update
Another way is
from Start -->
Help andSupport Center
click
Windows
Update
-
8/7/2019 15 Minute Security Guide - Windows Workstation Security
34/47
Fix: Windows UpdateFix: Windows Update Never follow update instructions sentNever follow update instructions sent
via email.via email.
This technique is calledThis technique is called phishingphishingandand
opens the door for malicious usersopens the door for malicious users
-
8/7/2019 15 Minute Security Guide - Windows Workstation Security
35/47
Fix: Application updatesFix: Application updates Always keep on top of updates forAlways keep on top of updates for
applications you install.applications you install.
Keep a list of apps you install and theKeep a list of apps you install and the
website for that product.website for that product.
For example, visitFor example, visit
http://office.microsoft.com/officeupdatehttp://office.microsoft.com/officeupdatefor updates to MS Office products.for updates to MS Office products.
-
8/7/2019 15 Minute Security Guide - Windows Workstation Security
36/47
Problem: Malicious codeProblem: Malicious code Regardless of your protection from theRegardless of your protection from the
network, viruses and other types ofnetwork, viruses and other types of
malicious code can cause disruption ormalicious code can cause disruption oraffect the security of your computer.affect the security of your computer.
-
8/7/2019 15 Minute Security Guide - Windows Workstation Security
37/47
Fix: Anti-Virus ProgramsFix: Anti-Virus Programs An anti-virus program should be installedAn anti-virus program should be installed
The software should be set to:The software should be set to:
automatically scan the computer at least once aautomatically scan the computer at least once adayday
automatically scan email messagesautomatically scan email messages
allow scanning of Instant Messaging downloadsallow scanning of Instant Messaging downloads
automatically update virus signatures via the webautomatically update virus signatures via the web
-
8/7/2019 15 Minute Security Guide - Windows Workstation Security
38/47
Problem: Malicious EmailProblem: Malicious Email Email is often used to propagateEmail is often used to propagate
malicious codemalicious code
Depending on the configuration of yourDepending on the configuration of youremail reader, malicious code can enteremail reader, malicious code can enteryour system without even being readyour system without even being read
Web bugsWeb bugscan track your location andcan track your location andyour activitiesyour activities
-
8/7/2019 15 Minute Security Guide - Windows Workstation Security
39/47
Attack: Fake Email scamsAttack: Fake Email scams
Malicious users
can pose as
respected websites via email. Is
this real? How can
you know?
If you trust the
site, go to the
website by typing
the URL in your
browser.
-
8/7/2019 15 Minute Security Guide - Windows Workstation Security
40/47
Fix: Email reader configurationFix: Email reader configuration Turn off the preview paneTurn off the preview pane
Always know who an email is from before youAlways know who an email is from before you
open itopen it DisableDisable JavascriptJavascript
HTML-based email is nice, butHTML-based email is nice, but JavascriptJavascript in anin an
email message can be very dangerousemail message can be very dangerous
Go offlineGo offline Email tracking (web bugs) do not work in offlineEmail tracking (web bugs) do not work in offline
mode.mode.
-
8/7/2019 15 Minute Security Guide - Windows Workstation Security
41/47
Fix: Email safetyFix: Email safety Never open attachments that areNever open attachments that are
programsprograms
Only open attachments that you areOnly open attachments that you are
expectingexpecting
Always scan attachments for viruses,Always scan attachments for viruses,
even if you think your virus scanner iseven if you think your virus scanner isdoing it automatically.doing it automatically.
-
8/7/2019 15 Minute Security Guide - Windows Workstation Security
42/47
Fix: Email safetyFix: Email safety Never reply to spam, even to beNever reply to spam, even to be
removedremovedfrom their mailing listfrom their mailing list
Remember that secure web sites willRemember that secure web sites will
never request you to change yournever request you to change your
password, enter your PIN, or answerpassword, enter your PIN, or answer
other sensitive questions via emailother sensitive questions via email
-
8/7/2019 15 Minute Security Guide - Windows Workstation Security
43/47
Problem: Browser SecurityProblem: Browser Security There are many different ways anThere are many different ways an
attacker can deliver malicious code viaattacker can deliver malicious code via
your web browser.your web browser.
Configure your web browser safely.Configure your web browser safely.
Scott wrote a terrific article entitledScott wrote a terrific article entitled
Securing PrivacySecuring Privacy available fromavailable fromhttp://www.http://www.securityfocussecurityfocus.com/.com/infocusinfocus/1585/1585
-
8/7/2019 15 Minute Security Guide - Windows Workstation Security
44/47
Fix: Browser Security TestsFix: Browser Security Tests The Browser Security TestThe Browser Security Test
http://bcheck.scanit.be/bcheck/http://bcheck.scanit.be/bcheck/
PC FlankPC Flanks Testss Tests
http://www.pcflank.com/about.htmhttp://www.pcflank.com/about.htm
Jason LevineJason Levines Toolboxs Toolbox http://www.http://www.jasonsjasons-toolbox.com/-toolbox.com/BrowserSecurityBrowserSecurity//
-
8/7/2019 15 Minute Security Guide - Windows Workstation Security
45/47
Problem:Problem: SpywareSpyware SpywareSpyware is software designed to trackis software designed to track
Internet users.Internet users.
This invasion of privacy can also beThis invasion of privacy can also be
disruptive and subversive to your onlinedisruptive and subversive to your online
activities.activities.
-
8/7/2019 15 Minute Security Guide - Windows Workstation Security
46/47
Fix: Anti-Fix: Anti-SpywareSpyware ProgramsPrograms You should install and implement andYou should install and implement and
anti-anti-spywarespyware program.program.
You should keep up with updates,You should keep up with updates,
automatically if the program allows it.automatically if the program allows it. http://www.anti-spyware-review.toptenreviews.com/http://www.anti-spyware-review.toptenreviews.com/
lists reviews of the most popular anti-lists reviews of the most popular anti-spywarespyware programs.programs.
-
8/7/2019 15 Minute Security Guide - Windows Workstation Security
47/47
ClosingClosing Be sure to download ScottBe sure to download Scotts completes complete
checklist for all the details.checklist for all the details. http://www.securityfocus.com/columnists/220http://www.securityfocus.com/columnists/220
This presentation can be downloadedThis presentation can be downloaded
from my websitefrom my website
http://johnny.ihackstuff.comhttp://johnny.ihackstuff.com