networking security chapter 8 powered by dj. chapter objectives explain various security threats ...
TRANSCRIPT
Networking Security
Chapter 8
powered by dj
Chapter Objectives
Explain various security threats
Monitor security in Windows Vista
Explain basic Firewall
Use Windows Firewall with Advanced Security
Keep your system secure with Windows update
Block virus using Antivirus
Stop spyware with Windows Defender
powered by dj
Recall
The Internet Protocol (IP) is method or protocol, using which the data transferred from one computer to the other on the Internet
Transmission control protocol (TCP) is a connection oriented protocol that provides reliable transport service between both the end systems
The TCP/IP services are Dynamic Host Configuration Protocol (DHCP), Domain Name Service ,Automatic Private IP Addressing (APIPA), Windows Internet Name Service (WINS)
Wireless network uses radio signals frequency to communicate among computers and other network devices
powered by dj
Identifying Security Threats
A security threat can either be residing in the user’s system or enter the system from an outside source
Types of
SecurityThreats
Virus Worms Spyware
powered by dj
Question for group discussion – What is Spyware? (2 min)
powered by dj
User Account Control (UAC) I
Helps in preventing unauthorized changes to take place
Allows the user to perform common tasks as a standard user without requiring the user to switch users
Windows Vista creates tokens that depend upon the user type
Types of user
Standard Administrator
powered by dj
User Account Control (UAC) II UAC prompts identified by the type of application that triggered the prompt
These applications can be classified as: System applications
Applications blocked by Group Policy or from a blocked publisher
Applications not trusted by local computer
Applications authenticated and trusted by local computer
powered by dj
Practical Activity: Demonstrate a procedure to enable UAC. (5 min)
powered by dj
Monitoring Security in Windows Vista
Windows Vista continuously monitors the security status of the system with an application called Windows Security Center
Central point of administration of the various security components that are present in the system
Represented by a shield icon in the notification area on the taskbar
powered by dj
Introducing Windows Security Center
Application that monitors the security status of the system by checking the status of Firewall, Windows Update, Windows Defender, Malware and other security components
Supports third-party security components
The main components are:
Firewall
Automatic updating
Malware protection
Other security settingspowered by dj
Question for group discussion – What is Worm? (2 min)
powered by dj
Basic Firewall
Firewall is software or hardware that checks information that comes from the Internet or a network, depending on your firewall settings, either it blocks the information or allows it to pass through your computer
In Windows Vista it supports incoming as well as outgoing traffic
Windows Vista uses two firewalls:
Windows Firewall
Windows Firewall with Advanced Securitypowered by dj
Managing Windows Firewall
Works by regulating the network traffic on a set of rules
If a rule does not exist for the incoming or outgoing traffic, the firewall drops the traffic
Tools for managing the firewall:
Windows Firewall
Windows Firewall with Advanced Security
Group Policy Object Editor
Netsh Utility powered by dj
Question for group discussion – What is Firewall? (2 min)
powered by dj
Identifying Profiles and Network Location Awareness
Three types of profiles based on the network location types assigned by NLA:
Private – When computer is connected to Home or Work network
Public – When the network of computer is connected to a public location like University, Airport
Domain – When computer is connected to an Active Directory domain
powered by dj
Practical Activity: Demonstrate a procedure to configure a firewall. Ask the students to perform the procedure to disable Windows Firewall for a particular connection.(20 min)
powered by dj
Verifying and Modifying the Firewall State
Windows Firewall is enabled by default
State of Windows Firewall can be verified from Windows Security Center
By choosing the turn off option of Windows Firewall it will disable the firewall completely
If you have multiple network interface cards, you can select all of them, unless you have some specific reason for leaving one unprotected
powered by dj
Configuring Exceptions
Exception is an instruction used by windows firewall to open a port briefly, allow a program or service to pass a specific piece of information through and then close the port
Prevents the programs under the exception list from being blocked by the firewall
powered by dj
Practical Activity: Demonstrate a procedure to add a new program and set its exception. Ask the students to perform a procedure to set exception for an incoming connection by opening a port. (20 min)
powered by dj
Windows Firewall with Advanced Security Provides advance options for setting the rules and exceptions for
incoming as well as outgoing traffic
Window Firewall Window Firewall with Advanced Security
Used to configure only inbound exception
Used to configure inbound and outbound exceptions
Used to apply the firewall configuration for the active profile
Configuration can be applied to all network profiles in the computer using Windows Firewall with Advanced Security
powered by dj
Practical Activity: Demonstrate a procedure to configure basic Windows Firewall settings for a Private profile. (10 min)
powered by dj
Setting Inbound and Outbound Rules
Allows to configure inbound and outbound rules for the network
Inbound rules are a set of rules for allowing or blocking all the incoming traffic to the computer
Outbound rules are a set of rules for allowing or blocking all the outgoing traffic from the computer
powered by dj
Practical Activity: Demonstrate a procedure to configure an inbound rule by using Windows Firewall with Advanced Security.(20 min)
powered by dj
Keeping Your System Secure with Windows Update Windows Update is a service that is used to obtain
product updates, latest security features, driver updates, patches to fix any vulnerability in the system, from the internet
Microsoft Windows releases updates periodically
powered by dj
Configuring Windows Update and Windows Update Settings Configured to suit the user’s needs with the help
of various options
User manage the products to be installed on the system
If the user does not wish to get any updates, the update feature can be turned off
powered by dj
Using Update Manually
User can manually check for updates to install them, only when :
Windows Update feature is disabled
User does not want Windows Update to automatically download and install the updates
If updates are available:
User can select the appropriate updates
Choose to install them
powered by dj
Removing an Update
Most of the updates can be removed from the system
Some updates related to security can not be removed
User needs to check whether a particular update can be removed or not
powered by dj
Updating More than One Computer
Update by setting Windows Update feature to update automatically
Computers with different versions of Windows operating system consumes a lot of work and time
For large networks, the Windows Server Update Services (WSUS) can be used
powered by dj
Hiding Updates and Restoring Hidden Updates
When the Windows Update feature is enabled, Windows check for updates regularly
Whenever an update is available, the Security Center icon at the notification area displays
Hidden updates can be restored later if you want to install them
powered by dj
Practical Activity: Demonstrate the procedure to configure Windows Update Settings and check for Windows Vista updates manually. Demonstrate the procedure to check for updates that can be uninstalled and the procedure to restore hidden updates. (25min)
powered by dj
Blocking Virus using Antivirus
Virus is dependent on host files while a worm is not
Viruses, worms and other malicious programs in the system can be blocked using an antivirus program
powered by dj
Question for group discussion – What is Virus? (2 min)
powered by dj
Using an Antivirus Program Protect the system from virus activities
When installed, runs in the background and reads each and every file from the disk
Configured to perform a routine scan
Updated periodically to keep the system secure from new threats
Provided by Some Internet Service Provider (ISP) or computer manufacturer
powered by dj
Group Activity: Ask the students to standup and sit down.
powered by dj
Scanning for Viruses without an Antivirus Program Upgraded versions of a utility called Malicious
Software Removal Tool (MSRT) released periodically
MSRT utility scans the system for infections and to clean up the system
After clean up is done, this utility removes itself from the user’s system
Saves a record of the activities performed and the details of infections found on the system
powered by dj
Stopping Spyware with Windows Defender Spyware is a type of software that is installed on your
computer to watch and record your activity
Installed through free software, such as file sharing, screen savers, or search toolbars
Windows Defender enables to block and remove the spyware
Windows Defender offers three ways to keep spyware away from infecting your computer: Real-time protection
SpyNet community
Scanning options
powered by dj
Configuring and Scheduling Scans for Spywares Windows Defender can be configured and
scheduled to suit the needs of the user
Using Windows Defender, the user can choose to scan the system for spywares automatically or manually
powered by dj
Practical Activity: Demonstrate the procedure to scan for Spywares automatically. Demonstrate the procedure to configure a custom scan. (10 min)
powered by dj
Using Real Time Protection
Keep watch on the system looking out for spyware programs that may try to access, run and install on the system
Windows Defender Warning prompt shows the suspected spywares
powered by dj
Responding to Windows Defender Alerts
Scan Results window shows the name, alert level, action and status of the program
Option display by action list:
Remove
Quarantine
Ignore
Always allow
If the software is already running and trying to change some windows settings, the two actions to be performed :
Permit
Deny
powered by dj
Introducing Windows Defender Definitions
Files that act like an encyclopedia of known spyware and other potentially unwanted software
Windows Defender works with Windows Update settings to automatically install the latest definition
Enables to automatically check for new definition before schedule scans and check for new definitions manually
powered by dj
Blocking Offending Programs The suspected programs can be blocked by selecting Remove or
Remove all option
Option appears in Category list :
Startup program
Currently running programs
Network-connected programs
Winsock service providers
powered by dj
Disabling Windows Defender
Windows Defender can be turned off, if you do not want to use Windows Defender for scanning the systems for spywares
Windows Defender can be turned on again by selecting the Use Windows Defender check box from the Options screen
powered by dj
Practical Activity: Demonstrate the procedure to automatically check for new definition before schedule scans and a procedure to check for new definitions manually. Demonstrate the procedure to access Software Explorer. Demonstrate the procedure to disable Windows Defender. (15 min)
powered by dj
Summary I
Security threats can be classified into the following three types: viruses, worms and spywares
Windows Vista creates tokens at logon to identify the level of access to be provided to the user. A standard user is provided the standard token while an administrator is provided standard as well as administrator token
User Account Control feature notifies the user whenever a system wide setting is going to take place
Windows Security Center is the central location for administrating the various security components present in the system
powered by dj
Summary II
The firewall in Windows Vista consists of two firewalls: Windows Firewall and Windows Firewall with Advanced Security
Network Location Awareness method is used by Windows Vista to categorize the network locations, based on which the following three profiles are created: Public, Private and Domain
Exceptions are set on a specific program or port address, to allow it from being blocked by the firewall
Inbound and outbound rules allow or block the incoming and outgoing connections respectively
powered by dj
Summary III Connection Security Rules are the rules followed by Windows Vista
computers for authentication before connecting to other computers on the network
The configuration of Windows Firewall with Advanced Security can be imported or exported in the form of policies
Windows Update provides various security updates to be installed from the Microsoft website
Windows Vista supports the use of third-party antivirus software that can be used to block viruses and worms in the system
Windows Defender is used to protect the system from spywares and other similar programs
powered by dj