Professional Documents
Culture Documents
Tεχνικό Eγχειρίδιο Ασφαλούς Ρύθμισης & Χρήσης PC
Tεχνικό Eγχειρίδιο Ασφαλούς Ρύθμισης & Χρήσης PC
1.0 28-01-13
1 144
1.0 28-01-13
..............................................................................................................................................3
................................................3
.....................................................................................................6
- ...........................................................................9
Windows XP....................................................................................................................................9
Windows 7.....................................................................................................................................28
Ubuntu...........................................................................................................................................48
- (Browsers)......................................................................57
Internet Explorer 9.........................................................................................................................57
Firefox............................................................................................................................................65
Chrome...........................................................................................................................................73
Windows 7...................................................................................................80
Tor.................................................................................................................87
(email)....................................................................90
- usb.............................................................................................................93
.............................................................................................................102
Sandboxie.........................................................................................................................................110
/.........................................................................................116
Windows......................................................................................................................................116
Linux............................................................................................................................................134
...........................................................................................................................................143
2 144
1.0 28-01-13
,
. ,
,
, .
,
, .
,
.
,
; :
, ,
.
,
tablet,
, , .
, , ,
.
,
.
(user name)
, :
- ,
( ),
, .
- , Amazon, Walmart, e-Bay,
, .
- , iCloud, Google Drive, Dropbox,
.
- , ,
.
- , ,
(, , , ),
, .
3 144
1.0 28-01-13
4 144
1.0 28-01-13
(botnet -
() )
(trojan) botnet,
:
- , ,
, .
-
(DDOS) , ,
.
-
, ,
.
- ,
(proxy server) ( )
,
.
- CAPTCHA
(), .
:
- ( ) Facebook, Twitter, LinkedIn,, Google+
, .
- (e-mail).
- , Skype, Messenger, Viber
.
,
, ,
:
- .
- ,
5 144
1.0 28-01-13
.
- ,
.
-
.
- .
- (Fake
antivirus).
, ,
:
- (server)
.
- (server) .
- () , , ,
.
, ,
,
.
.
:
(Server Side Exploitation). ,
.
,
,
.
Brute Forcing ( ).
,
(ncrack, Hydra, medusa).
(Client side attack).
6 144
1.0 28-01-13
Browser, email
client, Browser email client.
Social engineering
,
.
.
.
, antivirus firewall
. ,
, antivirus firewall,
(offline updates).
( - bluetooth)
.
, ,
:
1.
(Open Source), (updates).
2.
(Security Updates, Patches, )
.
3.
(Anti-Virus, Firewall AntiSpyware), .
4.
(Passwords),
.
5.
/
(Browser) .
6.
( ) - (LinksURLs) EMail Instant Messaging,
.
7.
(url) ,
.
8.
Emails,
.
9.
7 144
1.0 28-01-13
10.
(.. USB
Drives) .
11.
,
(..
Internet).
12.
,
.
13.
, . ,
email, .
14.
( ).
.
,
. ,
.
8 144
1.0 28-01-13
-
Windows XP
Windows XP .
9 144
1.0 28-01-13
windows XP .
Windows XP
service pack 3.
.
Windows XP
, ,
.
DriveImage XML (http://www.runtime.org/driveimage-xml.htm) paragon
(http://www.paragon-software.com/home/br-free/). ,
,
.
.
.
,
. (backup)
ntbackup.exe.
:
start --> run, ntbackup.exe enter.
. (wizard)
.
1 -
10 144
1.0 28-01-13
(password)
.
, ( ,
), 8 ,
, ( ),
.
( 60 ),
30
. : Isx1r0_P@ssW0rd!@#
:
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/enus/usercpl_change_password.mspx?mfr=true
http://en.wikipedia.org/wiki/Password_strength
2 -
11 144
1.0 28-01-13
.
,
. ,
(standard user)
.
administrator
, click
run as administrator
.
administrator.
, ,
.
.
,
laptop
, .
,
,
.
Windows XP EFS
(Encrypting File System),
NTFS.
3 -
Start, All Programs, Accessories,
Windows Explorer. ,
Properties. General,
Advanced. Compress or Encrypt attributes, Encrypt
contents to secure data check box OK. (file)
.
truecrypt. truecrypt,
.
truecrypt
(http://www.truecrypt.org/downloads),
Create Volume TrueCrypt Volume Creation Wizard.
create an encrypted file container,
standard TrueCrypt volume NEXT. Select File
container, save.
(AES), ,
(format).
, .
, select file> mount .
12 144
1.0 28-01-13
4 - TrueCrypt
,
, ,
.
, ,
.
eraser.
(http://www.heidi.ie/eraser/download.php).
5 - Eraser
13 144
1.0 28-01-13
(autorun)
,
(cd, dvd, usb sticks, hards disks), . ,
,
, .
.
start, run, gpedit.msc enter.
Local Computer Policy, Computer Configuration,
(expand) Administrative Templates
System.
settings pane Turn off Autoplay
Properties, Enabled. Turn off Autoplay box All drives
autorun . OK Turn off
Autoplay Properties dialog box. ,
. ,
.
autorun.inf,
.
text editor
6 - autorun.inf
.
(read only)
. file sharing,
, scheduler.
14 144
1.0 28-01-13
file sharing.
: Start, My Computer. Tools menu, Folder
Options . View,
Advanced Settings - Use simple file sharing (Recommended) check
box OK.
7 -
Windows
.
Start, My Computer, Tools menu,
Folder
Options,
View, Advanced Settings
- "Hide extensions for
known file types" check box
OK.
8 -
15 144
1.0 28-01-13
Windows
.
:
Start, My Computer, Tools
menu, Folder Options.
View. Advanced Settings
"Show hidden files and
folders" check box OK.
9 -
(services)
. ,
start,
run,
services.msc
enter.
.
10 -
16 144
1.0 28-01-13
.
telnet, FTP remote desktop,
( back
door).
:
Service Name
Alerter
Disabled
Manual
ClipBook
Disabled
Computer Browser
Disabled
Disabled
Disabled
Fax
Disabled
Disabled
Disabled
Indexing Service
Disabled
Disabled
Messenger
Disabled
Disabled
Network DDE
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Task Scheduler
Disabled
Telnet
Disabled
Terminal Services
Disabled
Disabled
WebClient
Disabled
Disabled
Disabled
Disabled
17 144
1.0 28-01-13
,
.
, BIOS
boot
. ,
, CD, DVD
USB,
.
, ,
screen saver, .
( : http://www.geo.umn.edu/computer/win_password.html).
antivirus anti spyware
.
( ),
, :
- MS Security Essentials (http://windows.microsoft.com/en-US/windows/products/
security-essentials)
- AVG (http://free.avg.com/ww-en/free-antivirus-download)
- AVAST (http://www.avast.com/free-antivirus-download)
On-line
URL (.doc, .xls,
.pdf) ,
(upload) on-line -,
.
:
http://www.virustotal.com
http://virusscan.jotti.org/en
http://vscan.novirusthanks.org/
(.exe),
, , online sandboxes, ,
.
:
http://anubis.iseclab.org/
http://www.threatexpert.com/submit.aspx
http://www.threattrack.com/
http://wepawet.iseclab.org/
18 144
1.0 28-01-13
(scanning)
,
Firewall.
Firewall Windows
.
, laptop
. ,
.
browser
.
,
browser.
11 Firewall
,
LMHASH.
:
start, run, gpedit.msc enter. Local
Computer Policy, Computer Configuration, Windows Settings,
Security Settings, Local Policies, Security Options
.
12 -
19 144
1.0 28-01-13
(policies), Network
security: Do not store LAN Manager hash value on next password change.
Enabled OK.
,
(sandbox), sandboxie
(http://www.sandboxie.com/).
,
sandboxie,
.
sandbox,
browser
.
13 - Sandboxie
,
,
.
, , ,
MD5 Check (http://angusj.com/delphi/md5check_setup.exe),
.
14 - MD5 Check
20 144
1.0 28-01-13
PGP
15 -
,
, , ,
. ,
. ,
, .
, exploit
. ,
,
.
secunia Personal Software Inspector (PSI),
(http://secunia.com/vulnerability_scanning/personal/).
,
.
21 144
1.0 28-01-13
windows XP
,
:
start, click my
computer, properties, automatic
updates.
16.1 -
,
,
service pack 3, :
start,
run
winver.exe.
,
service pack 3.
windows updates.
, MS Office.
22 144
1.0 28-01-13
16.3 -
,
,
, .
internet explorer
, browser,
.
:
http://technet.microsoft.com/en-us/security/bulletin
http://www.securityfocus.com/
http://en.wikipedia.org/wiki/Exploit_%28computer_security%29
http://www.securiteam.com/
http://www.exploit-db.com/
Log files
windows XP log files,
(System log files), (Application log)
(Security log).
, security loggings.
,
, brute
forcing ( ), :
Control Panel Network Connections
Properties. Advanced
Settings. Advanced Security
Logging Settings. Log Settings Log
dropped packets Log successfull connections .
.
23 144
1.0 28-01-13
24 144
1.0 28-01-13
:
start, run, cmd.exe enter.
netstat -ano.
task manager
ctrl+alt+del .
18 -
.
25 144
1.0 28-01-13
nslookup ,
domain names IP, :
19 - nslookup
.
IP ,
/ .
.
Microsoft Baseline Security Analyzer
(MBSA).
link: http://technet.microsoft.com/en-us/security/cc184924.
To MBSA 2.2 administrators, security auditors, IT
professionals security vulnerability assessment .
26 144
1.0 28-01-13
.
, ,
, .
.
Virtualbox,
. XP
virtualbox windows XP,
. ,
, snapshot.
(https://www.virtualbox.org/wiki/Downloads).
HIDS (Host Intrusion Detection System)
HIDS (http://en.wikipedia.org/wiki/Host-based_intrusion_detection_system),
.
HIDS (Host-based Intrusion Detection System), ossec
zone alarm.
http://www.ossec.net/main/downloads
http://www.zonealarm.com/
, .
,
.
. - ,
.
27 144
1.0 26-02-13
Windows 7
Windows 7
28 144
1.0 26-02-13
Windows 7
User Account Control
User Account Control (UAC)
,
.
,
.
1.0 26-02-13
.
Windows 7
, ,
.
Backup And Restore
.
Start, Control Panel, System and Security, Backup and Restore
Setup Backup.
2 - .
Set up backup
.
.
DriveImage
XML
(http://www.runtime.org/driveimage-xml.htm) paragon (http://www.paragonsoftware.com/home/br-free/).
,
,
.
30 144
1.0 26-02-13
.
,
.
,
Recovery
(Start, Control Panel,
All
Control
Panel
Items, Recovery)
Open
System Restore
.
3 - .
(password)
. , (
, ), 8 ,
, ( ),
.
( 60 ),
3
30 . : Isx1r0_P@ssW0rd!@#
:
http://windows.microsoft.com/en-US/windows-vista/Change-your-Windows-password
http://en.wikipedia.org/wiki/Password_strength
4
31 144
1.0 26-02-13
.
,
.
,
(standard user)
.
(. User Account Control)
administrator ,
run as administrator,
.
administrator.
, ,
.
5
.
, laptop ,
.
, ,
.
Windows XP
EFS (Encrypting File System),
(format) NTFS.
Start, All Programs,
Accessories, Windows Explorer.
,
Properties. General,
Advanced.
Compress or Encrypt attributes,
Encrypt contents to
secure data check box
OK. (file)
.
6 Advanced Attributes
32 144
1.0 26-02-13
truecrypt. truecrypt,
.
truecrypt (http://www.truecrypt.org/downloads),
Create Volume TrueCrypt Volume Creation Wizard.
create an encrypted file container, standard TrueCrypt
volume NEXT. Select File
container, save.
(AES), ,
(format). ,
.
, select file> mount .
7 - TrueCrypt
BitLocker Drive Encryption
BitLocker
. ,
. Ultimate Enterprise
Windows 7. T BitLocker To Go Windows 7
,
flash USB .
33 144
1.0 26-02-13
8 - BitLocker
,
,
.
,
, .
eraser.
(http://www.heidi.ie/eraser/download.
php).
9 Eraser ( )
(autorun)
,
(cd, dvd, usb sticks, hards disks), . ,
, ,
.
.
start, gpedit.msc
34 144
1.0 26-02-13
10 autorun.inf
.
(read only)
.
file sharing,
, scheduler.
file sharing.
Organize Folder and Search
Options. .
View, Advanced Settings
-
Use
Sharing
Wizard
(Recommended) OK.
11
35 144
1.0 26-02-13
Windows .
Organize Folder and
Search Options.
. View,
Advanced Settings - "Hide
extensions for known file types" check box
OK.
12
Windows
.
Organize Folder and
Search Options.
. View,
Advanced Settings "Show hidden
files, folders and drives" check box OK.
13
(services)
. ,
.
36 144
1.0 26-02-13
:
start, run, services.msc enter.
.
14.1 -
.
telnet, FTP remote desktop,
( back door).
:
Service Name
Manual
Computer Browser
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
37 144
1.0 26-02-13
Service Name
Disabled
Disabled
Disabled
SSDP Discovery
Disabled
Task Scheduler
Disabled
Disabled
Disabled
WebClient
Disabled
Disabled
,
.
, BIOS
boot . ,
, CD, DVD USB,
.
, ,
screen saver, .
:
http://windows.microsoft.com/en-US/windows-vista/Use-your-Windows-password-for-yourscreen-saver-password
antivirus anti spyware
.
( ),
, :
MS Security Essentials (http://windows.microsoft.com/en-US/windows/products/securityessentials)
AVG (http://free.avg.com/ww-en/free-antivirus-download)
AVAST (http://www.avast.com/free-antivirus-download)
On-line
URL (.doc, .xls, .pdf)
,
(upload) on-line -,
. :
38 144
1.0 26-02-13
http://www.virustotal.com
http://virusscan.jotti.org/en
http://vscan.novirusthanks.org/
(.exe),
, , online sandboxes, ,
. :
http://anubis.iseclab.org/
http://www.threatexpert.com/submit.aspx
http://www.threattrack.com/
http://wepawet.iseclab.org/
(scanning)
,
Firewall.
Firewall Windows .
,
laptop
. ,
.
browser
.
,
browser.
/
.
14 Windows Firewall
,
LMHASH.
: start, run,
gpedit.msc enter. Local Computer Policy,
Computer Configuration, Windows Settings, Security Settings, Local Policies,
Security Options .
39 144
1.0 26-02-13
.
,
(sandbox), sandboxie
(http://www.sandboxie.com/).
16 - Sandboxie
40 144
1.0 26-02-13
, sandboxie,
. sandbox, browser
.
.
,
,
.
,
,
, MD5 Check
(http://angusj.com/delphi/md5check_setup.
exe),
.
17 MD5 Check
md5, sha1, pgp.
.
PGP
18
41 144
1.0 26-02-13
, ,
, ,
. ,
. , ,
.
, exploit .
, ,
.
Secunia , Personal Software Inspector (PSI),
(http://secunia.com/vulnerability_scanning/personal/). ,
.
Windows 7 ,
: start, All Programs, Windows Update.
19 Windows Update
42 144
1.0 26-02-13
20 winver.exe
,
service pack 1.
windows updates Microsoft.
, MS Office.
1.0 26-02-13
,
, .
internet explorer
,
browser, .
:
http://technet.microsoft.com/en-us/security/bulletin
http://www.securityfocus.com/
http://en.wikipedia.org/wiki/Exploit_%28computer_security%29
http://www.securiteam.com/
http://www.exploit-db.com/
Log files
Windows 7 log files,
(System log files), (Application log), (Security
log).
, security loggings.
,
, brute
forcing ( ), :
Start wf.msc Windows Firewall with
Advanced Security. Windows Firewall With Advanced Security on Local Computer
Properties .
44 144
1.0 26-02-13
customize
Logging.
log files .
logging
drop down menus (Log
dropped packets & Log Successful connections)
Yes.
.
24 Event Viewer
:
start, run, cmd.exe enter.
netstat -ano.
task manager
ctrl+alt+del. .
45 144
1.0 26-02-13
25
.
nslookup , domain names IP,
:
26 nslookup
. IP
, /
.
.
Microsoft Baseline Security Analyzer
(MBSA).
link: http://technet.microsoft.com/en-us/security/cc184924
46 144
1.0 26-02-13
, .
,
.
. - ,
.
47 144
1.0 26-02-13
Ubuntu
Ubuntu 12.10.
:
1.
2.
3.
4.
5.
Firewall
6.
HIDS
7.
(Shared memory)
8.
9.
10.
11.
12.
Amazon
13.
chkrootkit rkhunter
14.
Boot up Manager
15.
Apparmor
16.
Clamav
48 144
1.0 26-02-13
ubuntu 12.10.
1.
,
sudoers. H ( username
testuser):
:
sudo useradd -d /home/testuser -m testuser
:
sudo passwd testuser
X display manager for login interfaces., which replaced the old GDM (Gnome Displ
,
root .
root, :
su (username sudoer)
:
sudo -s
2.
(http://en.wikipedia.org/wiki/Password_strength)
: Isx1r0_P@ssW0rd!@#
3.
, , home folder.
49 144
1.0 26-02-13
, home folder
:
ecryptfs-utils :
apt-get install ecryptfs-utils
:
sudo ecryptfs-migrate-home -u USERNAME
username username home
folder. login.
truecrypt (http://www.truecrypt.org)
, openpgp (GNUPG).
4.
,
. updates
upgrades, :
. DASH Home update manager, settings,
updates .
50 144
1.0 26-02-13
repositories .
. , google.
5.
firewall
Ubuntu ufw (Uncomplicated Firewall).
UFW. .
.
ubuntu software
center (search) ufw, Firewall
Configuration.
51 144
1.0 26-02-13
ufw.
DASH Home Firewall Firewall configuration.
ufw
.
52 144
1.0 26-02-13
.
.
Firewall, .
:
FTP, HTTP,HTTPS,CUPS,SMTP,IMAP,DNS,NTP
:
Outgoing DENY
+
UDP
1.0 26-02-13
6.
Host IDS (Host Intrusion Detection
System). OSSEC. OSSEC Open Source Host-based Intrusion
Detection System. log analysis, file integrity checking, policy
monitoring, rootkit detection, real-time alerting active response.
. :
sudo apt-get install build-essential
http://www.ossec.net/
ossec hids agent. , script
(install.sh) ,
. (local) .
:
/var/ossec/bin/ossec-control restart
link.
http://acidborg.wordpress.com/2009/10/08/how-to-install-and-configure-ossec-in-ubuntuserver-9-04/
7.
(Shared memory)
exploits .
.
gksudo gedit /etc/fstab
: tmpfs /dev/shm tmpfs defaults,noexec,nosuid 0 0
:
sudo mount -o remount /dev/shm
8.
:
:
gksudo gedit /etc/sysctl.conf
(
#):
net.ipv4.conf.default.rp_filter=1
net.ipv4.conf.all.rp_filter=1
net.ipv4.conf.all.accept_redirects = 0
net.ipv6.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv6.conf.all.accept_source_route = 0
net.ipv4.conf.all.log_martians = 1
:
sudo sysctl -p
9.
shell
shell ( )
(guest account).
54 144
1.0 26-02-13
: backup /etc/passwd
cp -p -a /etc/passwd /etc/passwd-bak
gksudo gedit /etc/passwd
shell ( /bin/sh) /bin/false.
bin:x:2:2:bin:/bin:/bin/sh
bin:x:2:2:bin:/bin:/bin/false
,
sudo sh -c 'echo "allow-guest=false" >> /etc/lightdm/lightdm.conf'
10 . /etc/shadow
backup /etc/shadow
cp -p -a /etc/shadow /etc/shadow-bak
gksudo gedit /etc/shadow
:
passwd -l deamon ( deamon)
.
11.
sudo sh -c 'echo "greeter-show-remote-login=false" >> /etc/lightdm/lightdm.conf'
12.
amazon
sudo apt-get remove unity-lens-shopping
.
13.
chkrootkit rkhunter :
sudo apt-get install chkrootkit rkhunter
:
sudo rkhunter update
chkrootkit rkhunter
(rootkit) linux .
rkhunter :
sudo rkhunter -c
chkrootkit :
sudo chkrootkit
14.
Boot up Manager (bum) :
apt-get install bum
,
. :
sudo bum
BUM
55 144
1.0 26-02-13
. bluetooth services
apply.
15.
(http://en.wikipedia.org/wiki/AppArmor), :
apparmor
sudo aa-status
profiles :
apt-get install apparmor-profiles
:
aa-status apparmor_status
16.
windows ubuntu,
clamav antivirus :
sudo apt-get install clamav
(updates) clamav :
freshclam
, .
,
.
.
- ,
.
56 144
1.0 26-02-13
- (Browsers)
Internet Explorer 9
57 144
1.0 26-02-13
, ,
:
social engineering.
web browser add-ons web
browser.
, cross-site scripting, client side attack.
browser ,
.
browser :
1. (history) browser.
, .
2. , porn
sites, hackers sites .
3. .
4. URL,
site.
5. Auto complete.
6. browser
..
9
. Application Reputation,
.
1 - Application Reputation
. ActiveX Filtering,
ActiveX controls.
.
2 - ActiveX Filtering
SmartScreen Filter, phishing
58 144
1.0 26-02-13
3 - Smartscreen Filter
Tracking Protection.
sites , ,
. Tracking Protection List.
Microsoft :
http://ie.microsoft.com/testdrive/Browser/TrackingProtectionLists/
4 - Tracking Protection
cross-site scripting
.
59 144
1.0 26-02-13
Compatibility View
,
IE 9. ,
(Compatibility View), .
5 - Compatibility View
(history)
Tools button , Safety,
Delete browsing history.
Delete.
6 - (history)
InPrivate Browsing
60 144
1.0 26-02-13
9 (browsing history,
temporary Internet files, form data, cookies, user names, passwords)
InPrivate Browsing. :
Tools button , Safety,
InPrivate Browsing.
7 - InPrivate Browsing
, InPrivate Browsing
.
Check this website
, IE9
.
H
:
Tools
button , Safety,
Check this website.
1.0 26-02-13
62 144
1.0 26-02-13
10.2 -
restricted
sites
high,
10.3.
10.3 -
9 , .
.
, 9,
.
:
Tools button
Internet options.
Programs set programs. ,
( 11).
63 144
1.0 26-02-13
11 -
Auto Complete
Auto Complete
URL
username/
password
.
.
Auto Complete
:
Tools button
, Internet
Options. Content
Auto Complete Settings.
checkboxes .
12 - Auto Complete
Internet Explorer.
64 144
Firefox
FIREFOX
65 144
1.0 26-02-13
1.0 26-02-13
FIREFOX
, ,
:
social engineering.
web browser add-ons web
browser.
, cross-site scripting, client side attack.
browser ,
.
browser :
1. (history) browser.
, .
2. ,
porn sites, hackers sites .
3. .
4. URL,
site.
5. Auto complete.
6. browser
.
Firefox :
Firefox Options.
(General)
,
. ,
.
1 Options
66 144
1.0 26-02-13
(Content)
java script.
, sites
.
java script.
, ,
javascript
add on noscript,
javascript .
no script http://noscript.net/
, popup windows .
2 - Options/Content
(applications).
firefox
,
flash videos.
, ,
video vlc player
(vulnerability),
player, .
3 Options/Applications
67 144
1.0 26-02-13
(privacy)
Firefox .
,
, .
(Form
History) URL
username
,
.
.
4 - Options/Privacy
(security)
checkboxes:
- Warn me when sites try to install add-ons
(
)
- Blocked reported attack sites (
)
- Block reported web forgeries (
)
checkbox Remember passwords for sites (
),
master password.
5 Options/Security
68 144
1.0 26-02-13
(Advanced)
,
browser
,
.
:
-Use hardware acceleration when available
( hardware,
)
-check my spelling as type (
)
6 - Options/Advanced/General
(Network)
Firefox
. proxy server
. proxy provider
.
(cache).
,
(Offline web content and user data). checkbox
(Tell
me when a website asks to store data for offline use).
69 144
1.0 26-02-13
7.1 - Options/Advanced/Network
(Updates)
browser.
7.2 - Options/Advanced/Update
70 144
1.0 26-02-13
(Encryption)
ssl 3
tls1. ,
(certificates)
.
7.3 - Options/Advanced/Encryption
Private Browsing
Firefox (browsing history,
temporary Internet files, form data, cookies, user names, passwords)
Start Private Browsing. Tools.
1.0 26-02-13
, Firefox
Private Browsing.
Firefox.
72 144
1.0 26-02-13
Chrome
GOOGLE CHROME
73 144
1.0 26-02-13
GOOGLE CHROME
, ,
:
social engineering.
web browser add-ons web
browser.
, cross-site scripting, client side attack.
browser ,
.
browser :
1. (history) browser.
, .
2. ,
porn sites, hackers sites .
3. .
4. URL,
site.
5. Auto fill.
6. browser
.
. O Chrome
, .
(history)
Tools, Clear Browsing Data .
74 144
1.0 26-02-13
1.1 - (history)
, ,
.
1.2 - (history)-
75 144
1.0 26-02-13
cookie
cookies
Chrome. cookies ,
. cookies
,
. cookies
Chrome :
, Settings, Under the Hood Content
Settings.
.
76 144
1.0 26-02-13
Windows 7 3
(Safe Browsing)
Chrome
"" (phishing).
"" (phishing)
, . ,
,
.
Safe Browsing Chrome
'' '' ,
.
77 144
1.0 26-02-13
4
Safe Browsing Chrome
:
, Settings, Under the Hood Privacy
Enable phishing and malware protection
.
5 Safe Browsing
Sandboxing
Chrome Sandboxing
78 144
1.0 26-02-13
.
,
.
Windows 7
Google Chrome.
79 144
Windows 7
Windows 7
80 144
1.0 26-02-13
1.0 26-02-13
Windows 7.
windows 7. Firewall,
.
.
:
firewall
firewall
firewall
,
Internet , ,
, . 4
, .
, , , domain.
,
.
, worm
worm
: Microsoft, FAQ Firewall
: http://windows.microsoft.com/el-GR/windows7/Firewall-frequently-askedquestions
firewall
, firewall
. internet security
antivirus.
, :
1.
Windows
, ,
.
.
81 144
1.0 26-02-13
2. Windows.
3. ,
Windows.
,
.
,
Windows ( ),
.
82 144
1.0 26-02-13
Windows
, Windows
.
,
. ,
Windows.
( ).
,
,
Internet .
,
worm Internet. ( ).
Windows
83 144
1.0 26-02-13
, Windows . (
).
Windows ( )
,
.
Windows, ( , ) .
: Microsoft, Windows
: http://windows.microsoft.com/el-GR/windows7/Understanding-Windows-Firewallsettings#section_1
: http://windows.microsoft.com/el-GR/windows7/Understanding-Windows-Firewall-settings
,
,
. ,
.
1.
Windows
, ,
.
.
2.
.
3.
Windows , .
84 144
1.0 26-02-13
4. ,
:
.
().
85 144
1.0 26-02-13
5. ,
.
, .
.
.
86 144
1.0 26-02-13
Tor
H TOR
87 144
1.0 26-02-13
H TOR
-
,
.
.
Tor
To Tor ( The onion router)
. Tor
.
Tor ,
, ,
,
,
.
Tor
Onion routing
:
,
Tor,
.
. ,
1.
1 Tor
Tor
Tor .
https://www.torproject.org/download/download.html.en.
88 144
1.0 26-02-13
Tor
Tor, Windows
Start Tor Browser.
Linux ,
(
root!) # ./start-tor-browser.
Tor,
( 2)
,
3,
.
(browser)
(www).
2 Tor
( ),
.
3 Tor
,
. ,
.
89 144
1.0 26-02-13
(email).
email
1. email client.
2. .
3. email client
antivirus
email.
email, :
1. .
PDF, DOC, XLS, RTF
.
2. exploit email client.
email exploit
email client email client.
3. HTML mail scripts.
email client,
html .
4. .
email
client side attack.
email .
1. email client
. Trust Center microsoft Outlook 2007-2010
, Microsoft.
2. email
3. spam filterinq
4. antivirus email
5. .
6. email.
7. email.
90 144
1.0 26-02-13
8. email attachments :
(.bat, .chm, .cmd, .com, .exe, .hta, .ocx, .pif, .scr, .shs, .vbe, .vbs, or .wsf).
9. email, BCC (Blind Carbon Copy),
.
10. email .
- free email services.
. :
1.
, browser.
2.
, antivirus, antispam.
. :
1. , .
2. , , .
3. , ssl .
spam email:
1. email .
2. email, (private
policies).
3. ,
email.
4. spam .
5. spam email .
6. spam .
7. html .
8. email, spam.
9. email
.
10. spam email.
O Outlook email client 2007 2010 trust center,
.
Trust center Outlook .
File ---> options trust center
.
91 144
1.0 26-02-13
.
1. activeX, .
2. Internet Zone.
3. Trusted Center
4. preview emails.
5. junk filter.
92 144
1.0 26-02-13
- usb
(USB Flash Drives)
Windows XP
USB (USB Flash Drives)
(
)
. , USB Flash Drives
/
(Malware).
/ ,
. , /
Malware.
/ .
/ Windows.
/
USB Flash Drives Windows XP.
(3) :
1.
Antivirus -
USB .
2.
(Autorun) Windows.
3.
:
.
.
.
.
.
.
USB
:
1.
o USB
( )
Autorun (E 1 2).
1.
93 144
1.0 26-02-13
2.
( 1)
autorun USB
autorun.inf
/ .
(E 2) autorun
autorun.inf,
.
malware.
2.
(Autorun)
Windows. Autorun :
.
Start --> Run, Gpedit.msc Enter.
.
Local Group Policy, (expand) Computer
Configuration, Administrative Templates click
System.
.
Settings click Turn off Autoplay,
click Properties.
.
click Enabled, All drives
Turn off Autoplay Autorun (drives).
.
click OK Turn off Autoplay
Properties.
.
(Restart) /.
3.
USB (
autorun) Open ( 3).
94 144
1.0 26-02-13
3. USB
4.
malware. ( .exe, .com,
.dll, .scr). , autorun.inf.
autorun. notepad
(path) .
autorun.inf.:
[AutoRun]
shellexecute=\RECYCLER\virus.exe
UseAutoPlay=1
(virus) RECYCLER
USB virus.exe ( 4).
95 144
1.0 26-02-13
E 4. USB
RECYCLER.
,
(Show hidden files and
folders). ( 5):
5. &
96 144
1.0 26-02-13
5.
, .
Tools --> Folder Options
View Show hidden files and folders
Hide extensions for known file types Hide protected operating
system files ( 6).
6. & ,
autorun.inf.
USB Shortcut
Virus. : USB ,
, ( )
(Shortcuts)
( 7 8). ( )
,
/.
USB :
1.
Antivirus (updates)
USB.
97 144
1.0 26-02-13
7. USB
98 144
1.0 26-02-13
9. (Shortcut) .
2.
Open.
, ,
( Antivirus).
Shortcut
( 9).
( 10) ,
Antivirus.
99 144
1.0 26-02-13
10.
3.
, , Start -->
Run cmd.exe Enter.
( ). USB
d, ( 11)
( 12):
attrib -h -r -s /s /d d:\*.*
11.
100 144
1.0 26-02-13
12. USB
101 144
1.0 26-02-13
TrueCrypt
102 144
1.0 26-02-13
TrueCrypt
,
(USB)
,
.
TrueCrypt. truecrypt, ,
.
truecrypt
,
:
http://www.truecrypt.org/downloads
TrueCrypt.exe
, .
1
1 Create Volume
.
103 144
1.0 26-02-13
2
.
, partition,
usb flash disk.
, partition
.
,
.
Create an encrypted file
container Next.
,
3,
.
Standard TrueCrypt Volume
Next.
3
4 ,
. Select File Next
Windows Explorer 4.
104 144
1.0 26-02-13
4
Windows Explorer
,
Save.
:
, ,
.
,
5.1, Next 5.1,
Next.
105 144
1.0 26-02-13
5.1
5.2 Next
.
Next.
5.2
.
.
, (pass-phrase)
.
106 144
1.0 26-02-13
, (NTFS
) 5.3.1 Format.
5.3.1.
. Exit
5.3.1
5.3.2
.
Select File, 6.1.
Windows Explorer
Open.
107 144
1.0 26-02-13
6.1
6.2 Mount
.
OK.
6.2,
.
6.2
108 144
1.0 26-02-13
.
. My
Computer,
, 6.3.
.
.
6.3
Dismount 7.
, ,
,
. ,
truecrypt .
.
.
.
. , Linux, LUKS
truecrypt .
109 144
Sandboxie
SANDBOXIE
110 144
1.0 26-02-13
1.0 26-02-13
SANDBOXIE
T sandbox - ,
() ,
.
. ,
browser, ,
.
, sandbox
, ,
.
( ),
, sandbox,
. , sandbox
.
sandbox.
sandboxie [http://www.sandboxie.com/],
.
Sandboxie .
1 Sandboxie
(sandboxieinstaller.exe)
, .
.
111 144
1.0 26-02-13
System Tray.
, Sandboxie
Control.
3 System Tray
4 Sandboxie Control
' file
manager , Sandbox.
, ..
Desktop, Drives . , DefaultBox,
.
112 144
1.0 26-02-13
5 Sandboxie Control/Programs
Sandboxie
Start, All Programs
.
.
6 Sandboxie
113 144
1.0 26-02-13
,
,
. Sandboxie
().
.
7
DefaultBox
Sandboxie.
, Sandboxie,
.
Sandboxed
.
8 Sandboxie
114 144
1.0 26-02-13
Sandbox, DefaultBox, SandboxSettings
.
.
.
Sandboxie .
http://www.sandboxie.com/index.php?HelpTopics
sandbox
,
.
115 144
/
Windows
WINDOWS
116 144
1.0 26-02-13
1.0 26-02-13
WINDOWS
Windows,
. ,
/
. (DOS
prompt).
Command prompt Start, cmd.exe
(search).
,
,
.
,
, , ,
registry, keylogger ( ),
scheduler
.
,
,
(administrator).
,
.
1
:
(administrator)
, C:\>lusrmgr.msc.
Groups, Administrator
, 1.
117 144
1.0 26-02-13
, C:\>net
user ( 2) C:\>net localgroup administrators ( 3).
2 - (1)
3 - (2)
(logs) ( ).
,
C:\>eventvwr.msc.
4,
,
.
4 -
118 144
1.0 26-02-13
.
/
1.
2.
3.
[
not restored to its original, valid version ] ,
because the Windows File Protection...
Windows...
4.
The MS Telnet
successfully.
Service
has
started Telnet .
1
, (logon
failures) .
.
,
,
(SYSTEM)
(Administrator),
5 -
C:\>taskmgr.exe
5.
119 144
1.0 26-02-13
,
C:\>tasklist ( 6) C:\>wmic process list full ( 7)
.
6 - (1)
120 144
1.0 26-02-13
7 (2)
, ,
C:\>services.exe 8.
121 144
1.0 26-02-13
8
, C:\>net start
( 9) C:\>sc query ( 10) .
122 144
9 (1)
123 144
1.0 26-02-13
1.0 26-02-13
10 (2)
,
C:\>tasklist /svc 11.
124 144
1.0 26-02-13
11
( ),
explorer ,
Start > Search > For files or folders... >
Search options > Size > At least 10000KB .
, registry,
(system startup) :
125 144
1.0 26-02-13
) HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion/Run
) HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion/Runonce
) HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion/RunonceEx
registry ,
C:\>regedit.exe ( 12) C:\>req query
<reg key> ( 13).
12 registry
13 registry
126 144
1.0 26-02-13
,
, C:\>msconfig.exe. ,
( 14) ( 15).
14
15
127 144
1.0 26-02-13
.
, C:\>wmic
startup list full ( 16).
16
128 144
1.0 26-02-13
,
C:\>net session. ,
17.
17
,
C:\>net use. ,
18.
18
,
C:\>net view \\127.0.0.1. ,
19.
19
NetBIOS ,
C:\>nbtstat -S.
, ,
20.
129 144
1.0 26-02-13
20 NetBIOS
(ports).
.
,
C:\>netstat -na.
21
5
,
5
C:\>netstat -na 5
,
C:\>netstat -na.
21
, arp
MAC IP .
, C:\>arp -a. ,
.
130 144
1.0 26-02-13
22 arp
,
,
C:\>netsh firewall show config
( 23).
23
,
(SYSTEM) (Administrator) .
,
Start > Programs > Accessories > System Tools > Scheduled
Tasks Task Scheduler ( 24).
131 144
1.0 26-02-13
24
, C:\>schtasks
( 25).
25
http://www.cisecurity.org/
.
132 144
1.0 26-02-13
!
.
,
( swap),
.
,
administrator.
, ,
.
133 144
Linux
LINUX
134 144
1.0 26-02-13
1.0 26-02-13
LINUX
Linux .
, root (
#) ( $ ).
. ,
, ( )
, Linux .
,
, .
,
.
.
/etc/passwd.
,
:
# sort -nk3 -t: /etc/passwd |lesss
1.
UID 0 500.
UID 0 :
# egrep ':0+' /etc/passwd
1
, :
135 144
1.0 26-02-13
2
.
,
.
,
136 144
1.0 26-02-13
# ps -aux
3.
3
ps manual page,
# man ps.
,
(ports)
, # lsof -p [pid] , pid (process id)
.
,
# chkconfig list.
137 144
1.0 26-02-13
SUID
root.
SUID ,
:
# find / -uid 0 -perm -4000 -print
4,
.
,
(
10)
:
# find / -size +10000k -print
,
.
,
:
# find / -name " " -print
# find / -name ". " -print
# find / -name ".. " -print
(ports)
, :
# lsof +L1
4 SUID
,
.
RPM,
MD5, , ,
Linux .
: # rpm -Va |sort
1.
138 144
MD5
1.0 26-02-13
1 RPM
/sbin, /bin, /usr/bin /usr/bin.
, Linux
check-packages, .
promiscuous mode,
.
, : # ip link | grep PROMISC ,
.
(ports).
.
,
# netstat -nap
, 5.
netstat
manual page, # man netstat.
, arp
MAC IP .
, # arp -a .
139 144
140 144
1.0 26-02-13
1.0 26-02-13
5
cron, # crontab -u
root -l , root.
, root,
root , ,
:
141 144
1.0 26-02-13
!
.
,
( swap).
,
root. ,
, .
142 144
1.0 26-02-13
,
, .
,
.
,
.
,
.
.
, .
,
,
.
,
.
.
.
143 144
1.0 26-02-13
:
http://krebsonsecurity.com/2012/10/the-scrap-value-of-a-hacked-pc-revisited/
https://www.sans.org/score/checklists/ID_Linux.pdf
https://www.sans.org/score/checklists/ID_Windows.pdf
http://benchmarks.cisecurity.org/downloads/audit-tools/
http://iase.disa.mil/stigs/
http://technet.microsoft.com/en-us/library/cc677002.aspx
http://www.sandboxie.com/
https://www.torproject.org/docs/documentation.html.en
http://secunia.com/vulnerability_scanning/personal/
http://www.truecrypt.org/downloads
144 144