ITT320 INTRO TO

COMPUTER SECURITY

Chapter 7 :
Operating System Hardening
Zulazeze Sahri, UiTM
 Objectives

❑ Properly configure a secure Windows system

❑ Properly configure a secure Linux system
❑ Apply appropriate operating system patches to Windows
❑ Securely configure a Web browser
 Introduction
Securely configuring the operating system and its software is a
critical step in system security that is often neglected.

This chapter takes you through this process for different

operating systems.

It is not enough to just implement firewalls and proxy servers, it

is also important to secure internal machines and the
applications and information they house.
 OS Hardening
Hardening of the OS is the act of configuring an OS securely, updating it, creating rules and
policies to help govern the system in a secure manner, and removing unnecessary applications
and services.

➢ To reduce the chance of a computer operating system becoming vulnerable to attacks

➢ This chapter focuses on Windows Operating System in General

What You Need to do to Secure Your OS : Accounts | Users | Groups | Password

1. There are default user accounts – Win Server, DB
2. Administrator accounts – Change Default Username and Password
3. Other accounts
IUSR_Machine Name / ASP.NET / Database Accounts / Phpmyadmin
 OS Hardening

What You Need to do to Secure Your OS : Accounts | Users | Groups | Password (Cont.)

Disable Those Accounts That are Not Being Used

Avoid Using Default Accounts if Possible – Ask for Change Password

Restrict User Access – Downloading/Installing/Access To Server/VPN

Configuring System and Network Components Properly

“To provide your clients with
Deleting Unused Files and Folders peace of mind, safeguard their
sensitive data,
Applying the Latest Patches and differentiate your security
offerings from others”
 Configuring Windows
Properly

Setting Security Policies : User error can lead to a successful cyberattack, we need to create
and update user policies and make sure all users are aware of and compliant with these
procedures

1. Password policies
2. Account lockout policies
3. See tables 7.1 – 7.4 for recommended policies
4. Other issues
i. Writing passwords down
ii. Sharing passwords
iii. Using the “least required access” rule
 Configuring Windows
Properly – Password Policy
Default Windows Password Policies

Table 7.1 Default Windows Password Policies

Group Policy Management

Local Policy Management

 Configuring Windows
Properly - Password Setting Recommendations

Table 7.2 Default Windows Password Policies

 Configuring Windows
Properly-Windows Lockout Policy

Account lockout policies are used by administrators to lock out an account when someone tries to log on
unsuccessfully several times in a row.

➢ Account Lockout Duration

➢ Policy setting determines the number of minutes that a locked-out
account remains locked out before automatically becoming unlocked
➢ Account Lockout Threshold
➢ Policy setting determines the number of failed sign-in attempts
that will cause a user account to be locked. E.g. 3 Times Attempts
➢ Reset Account Lockout Counter After
➢ The number of minutes that must pass after a user fails to log on before the failed logon
attempt counter is reset to zero
 Configuring Windows
Properly-Windows Lockout Policy

Table 7.3 Windows Default Account Lockout Policies

RECOMMENDED

Table 7.4 Recommended Account Lockout Policies

 Configuring Windows
Properly-Registry Settings

The Windows Registry stores much of the information

and settings for software programs, hardware devices, user
preferences, and operating-system configuration.
Registry settings can be altered to increase your
computer security.

❑ Registry basics
❑ Secure registry settings
❑ Restrict Null session access
❑ Restrict Null session access over named pipes
❑ Restrict anonymous access
 Configuring Windows
Properly-Registry Basics

Registry Basics:
Core registry folders in the registry

▪ HKEY_CLASSES_ROOT
▪ HKEY_CURRENT_USER
▪ HKEY_LOCAL_MACHINE
▪ HKEY_USERS
▪ HKEY_CURRENT_CONFIG
 Configuring Windows
Properly-Registry Settings

Registry settings (Continued) Table 7.5 TCP/IP Stack Registry Settings

1. TCP/IP Stack settings – A method for protecting a

system against DoS attacks. This method involves
reconfiguring the operating system to handle
connections differently
2. Default Shares - Certain drives/folders are shared
by default. Leaving them shared like this presents a
security hazard. Registry setting is required to
overcome this problem.
3. Remote access to the registry
4. Other registry settings
HKML\SYSTEM\CurrentControlSet\Services\Tcpip
 Configuring Windows
Properly-Services

Services
➢ Shutting down a service in Windows
➢ Port filtering and firewalls in Windows

Encrypting File System (EFS)

➢ User interaction
➢ Virtually transparent to the user
➢ Built into Windows and easy to use
http://ntfs.com/using-encrypted-files.htm
 Configuring Windows
Properly-Security Templates

Security Templates - often used by corporate environments and are essentially text files that
represent a security configuration.
To help manage your group policy and ensure consistency across your entire organization
1. DC security.inf
2. Hisecdc.inf
3. Hisecws.inf
4. Securedc.inf
5. Securews.inf
6. Setup security.inf

https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/define-security-templates-using-security-
templates-snap-in
 Configuring Linux
Properly

❑ Many security principles apply in Linux as they do in Windows

❑ Commonalities between Windows and Linux

❑ Default users and policies (names are different)
❑ All services not in use should be shutdown
❑ Browser must be configured securely
❑ Routinely patch the system
 Configuring Linux
Properly
❑ Differences between Linux and Windows
❑ No application should run as the root user
❑ Complexity of the root password
❑ Disable all console-equivalent access for regular
users
❑ Hide system information

Web sites that provide additional help:

https://linuxsecurity.com/howtos
https://www.linux.com/topic/security/
https://securityboulevard.com/2020/08/linux-server-security-10-linux-hardening-security-best-practices/
https://blog.avast.com/secure-your-linux-server-avast
 Configuring Linux
Properly – Patching the OS

Patches have the particularly important role of fixing security

holes.
Patch Management System is a software that manages and
regularly updates the missing software patches in a network of
computers.

➢ Windows has updates on the Microsoft web site and

Automated Patch updates in user’s computer
➢ RedHat has a site that also allows updates to be made to its OS
 Configuring Linux
Properly – Configuring Browsers

➢ Usually, the web browser that comes with an operating system is not
set up in a secure default configuration.
➢ Can caused spyware being installed without your knowledge to
intruders taking control of your computer.

Browser Security & Privacy settings such as :

1. Keep your browsers up to date
2. Enable automatic updates for your browser
3. Block pop-ups, plug-ins and phishing sites (AV)
4. Set your browser not to store passwords
 Configuring Linux
Properly – Configuring Browsers Cont.
Browser Security & Privacy settings such as :

5. Disable third-party cookies

6. Prompt for first-party cookies & Always allow session
cookies
7. Browser-specific settings:
1. Firefox: install the uBlock Origin add-on
2. Safari: disable Java
3. IE: set up security zones

Security settings :
https://its.ucsc.edu/software/release/browser-secure.html
 SUMMARY

❖ Hardening of operating systems is a critical part of Network security

❖ Proper security configuration can make hacking more difficult
❖ Encrypted File System (EFS) can secure information on the local computer
❖ Proper registry settings are also key in a Windows environment
❖ Failure to address registry settings will greatly reduce the security of the
computer
❖ Securing the browser can limit exposure to malware
 References

https://www.connectwise.com/blog/cybersecurity/6-important-os-hardening-tips-to-
protect-your-clients
https://www.techtarget.com/search/query?q=operating+system+security
https://www.lifewire.com/windows-registry-2625992
 ITT320 INTRO TO
COMPUTER SECURITY

Chapter 8 : Defending Against

Virus Attacks
Zulazeze Sahri, UiTM
 Objectives

• Explain how virus attacks work

• Explain how viruses spread and how they propagate
• Distinguish between different types of virus attacks
• Employ virus scanners to detect viruses
• Have a working knowledge of several specific viruses
• Formulate an appropriate strategy to defend against virus attacks
 Introduction
Defending against virus attacks is more than having anti-virus
software in place.

Organizations need to understand the nature of viruses in

relation to other types of attacks so that they can reduce the
overall effects and impact that viruses will have on their
organization
 Understanding Virus Attacks
• Important points that should be answered to help understand
Virus Attacks :
Virus Attacks

➢ What is a Computer Virus?

➢ What is a Computer Worm? Virus vs Worms
vs Trojan Horses

➢ How does a Virus and Worm Spread?

How a Virus
Spread and
Defending
 RECAP
Classifications of Threats

Malware Attack – Stand for Malicious Software, the most prevalent danger to your network

Example of Malware:

✓ Virus
✓ Worms
✓ Trojan Horses
✓ Adware
✓ Spyware Ransomware (securityintelligence.com)
✓ Bot
https://www.broadcom.com/support/security-center/a-z
 Computer Virus

• A computer virus is a type of malicious code

or program / software written to alter/harm
the way computer operates and when
executed, replicate itself and spread to other
machines.

➢ Self-Replicates
➢ Spreads Rapidly
➢ May or may not have a malicious payload
 How does a Virus Spread?

How a Virus Spreads:

➢ Finds a network connection; copies itself to

other hosts on the network
• Requires programming skill

➢ Mails itself to everyone in host’s address

book
• Requires less programming skill
Image : CyberThreatPortal.com
 How does a Virus Spread?

E-mail Propagation

➢ More common for one major reason;

• Microsoft Outlook is easy to work with
• Five lines of code can cause Outlook to
send e-mails covertly

Other viruses spread using their own e-mail

engine. Image : CyberThreatPortal.com
 How does a Virus Spread?

Network Propagation
➢ Less frequent, but just as effective

Website Delivery
➢ Relies on end-user negligence

Multiple vectors for a virus are becoming more

common
Image : CyberThreatPortal.com
 Example of Viruses

• Virus Types
– Macro
– Multi-Partite
– Armored
– Memory Resident
– Sparse Infector
– Polymorphic

Realtime and Latest : https://threats.kaspersky.com/

 Example of Viruses

Minmail Virus

• Examples
– Rombertik
– Gameover ZeuS
– FakeAV

Sobig Virus
 Virus Scanner

Software that tries to prevent viruses from infecting machines.

Work in two ways, generally:

1. Contains a list of known virus files in a .dat file

and compares files on your computer to that file
2. Monitor the computer for certain types of virus
behavior

Can be on-demand or ongoing scanning

 Virus Scanning Techniques

In general, Antivirus software scans a file, program, or an

application and compares a specific set of code with
information stored in its database.

1. E-mail and attachment scanning

2. Download scanning
3. File scanning
4. Heuristic scanning
5. Active code scanning
6. Instant messaging scanning
 Commercial Antivirus
Software
Factors to consider when choosing antivirus:
➢ Skill (users need to understand how to
➢ Budget (Price) use it)
➢ Vulnerability (how often is e-mail used or files ➢ Technical (specifications of the software
downloaded?) and how it functions)
 Antivirus Policies and
Procedures

Brief summary of possible policies:

➢ Always use a virus scanner

➢ If you are not sure about an attachment, do not
open it
➢ Consider exchanging a code word with friends
➢ Do not believe “security alerts” you are sent
➢ Be skeptical of any e-mail you are sent
➢ Do not download files from the Internet
Antivirus Policies and
Procedures

FAKE SECURITY ALERT!

 Defending Your System

Additional Methods for Defending Your System :

➢ Set all browsers to block active code

➢ Set all user accounts so that they cannot install
software or change browser security
➢ Segregate subnetworks
 Infected by a Virus?

What to do if your system is infected by a Virus ?

Need to focus on ‘THREE’ STEPS :

1. Stopping the Spread of the Virus

2. Removing the Virus
3. Finding out how the infection Started
 Infected by a Virus?

1. Stop the Spread of the Virus

Priority / Must Do in First Place. Follow the Steps Below :

1. If infection is on a WAN, disconnect the WAN

2. If on a subnet, disconnect that subnet
3. Disconnect vital servers that might be connected to an
infected machine
4. Disconnect any backup devices that might be
connected to an infected machine.
 Infected by a Virus?

2. Removing Virus

Virus Propagation Must be Stopped First

Run Antivirus:
Update Your AV | Run Full Scanning

Find Removal Instructions on The Internet

✓ Some Viruses Cannot be Removed

 Infected by a Virus?

3. Find Out How the Infection Started

Talk to users of infected machines

➢ Read any online documentation on that virus.

➢ Check activity logs from the machine.
 SUMMARY

➢ Virus attacks and hoaxes are arguably the greatest threat to computer networks

➢ Sophistication of viruses and worms is increasing

➢ It is necessary to understand how viruses work in order to prevent infection

➢ One also needs to know how viruses spread

 SUMMARY

➢ There are a number of ways to reduce exposure to viruses

Virus scanners :
◼ Understand how they work
◼ Be familiar enough to choose the right one for your organization
◼ Come in both commercial and free versions

➢ Establish written policies and procedures

 SUMMARY

➢ There are a number of ways to reduce exposure to viruses (continued)m

❑ Block installation of software by users

❑ Secure the browser
❑ Separate subnetworks

➢ Security should have a multi-layer approach

 ITT320 INTRO TO
COMPUTER SECURITY

Chapter 9 : Defending Against

Trojan Horses, Adware & Spyware
Zulazeze Sahri, UiTM
 Objectives

▪ Understanding Trojan horses

▪ How a Trojan Horses Works
▪ Example of Trojan Horses : Old vs New
▪ Take steps to prevent Trojan horse attacks
▪ Describe spyware
▪ Use anti-spyware software
▪ Create anti-spyware policies
 Introduction
Though not as common as viruses, Trojan horses still pose a
real threat to computer systems.

Spyware and adware continue to grow and clutter computer

networks and individual computers. This chapter provides
ways to combat these particular types of threats.
 Understanding Trojan Horses

A Trojan horse or Trojan is a type of malware that is often disguised as legitimate

software. A program that looks benign, but is not.

Typical actions Trojan horses take:

➢ Delete files from a computer | turn on camera
➢ Download harmful software | Zombie
➢ Install a key logger / Key strokes
➢ Spread other malware / install Ransomware
➢ Use the computer to launch a DDoS
➢ Search for personal information
➢ Install “back door” to the computer
 How a Trojan horse works
In order to get infected, user must download
the malicious application and run/install it.

Typical modus of Trojan horses:

➢ Social Engineering - used to convince end
users to download the malicious
application
➢ Banner ads, Website Links Pop-Up Ads
➢ Email Spamming – with Attachment files
that contains the trojan
➢ BotNet- continue spreading the Trojan
horse through Zombies
 Identifying Trojan Horses

Example of some of the famous trojan horses that have been attacked us
around the world.

✓ Back Orifice
✓ Internet Explorer Trojan Horse
✓ NetBus
✓ Linux Trojan Horses
✓ Portal of Doom
 Back Orifice

Back Orifice is a computer program designed

for remote system administration. It enables a user to
control a computer running the Microsoft
Windows operating system from a remote location.
It Has been misused to embed in trojan and create
connection to the victim’s computer.

• Allows control over TCP/IP

• Entirely self-installing
• Can be attached to legitimate applications
• Does not appear in the task list
• Registry is the best way to remove
 Internet Explorer Trojan Horse

❑ Released in 2003
❑ Targets Microsoft’s Internet Explorer
Browser
❑ Changes the DNS configuration on the
Windows machine
❑ Redirects requests to the hacker’s site
❑ Patch released by Microsoft
❑ Check out Secunia-OSI to see if your
browser is vulnerable
 NetBus

NetBus or Netbus is a software program for remotely controlling a

Microsoft Windows computer system
over a network.

❑ Similar to Back Orifice

❑ Only works on port 20034
❑ Simple to check infection
❑ Removal through the Registry
❑ Easy-to-use GUI
 Portal of Doom

Hijacks the computers of unsuspecting Windows users running old operating systems.
Computers running Windows 95, 98, ME, NT, XP and Vista are vulnerable to the Trojan.
Port 9872 - 9875
Back door tool allows remote users to perform the following:
✓ Open and close the CD tray
✓ Shut down the system
✓ Open files or programs
✓ Access drives
✓ Change passwords
✓ Log keystrokes
✓ Take screen shots Image By : https://flylib.com
 Linux Trojan Horses

➢ One released in 1999

➢ Typical back door Trojan
➢ Uploaded to at least one FTP server
➢ Not known how many systems were
compromised

Other example : Twart

RansomEXX Trojan attacks Linux systems

 Example of Current Trojan Horses

Some of the most famous discoveries include in the last 5 years :

✓ Bitfrost, a remote access Trojan (RAT) – Windows, altering components

✓ Tiny Banker - steal sensitive financial information
✓ FakeAV Trojan – when users followed directions to fix the problem by
FakeAV, then they actually downloaded more malware
✓ Magic Lantern – Created by FBI, government trojan to record
keystrokes logging
✓ Zues - a financial services crimeware toolkit allows attacker to build their
own trojan horses
https://threats.kaspersky.com/en/threat/
 Symptoms of a Trojan Horse

• Home page for your browser changes

• Any change to passwords, usernames,
accounts, etc.
• Any change to screen savers
• Changes to mouse settings, backgrounds, etc.
• Any device seeming to work on its own
 Preventing Trojan Horses

The answer is a hybrid approach using:

1. Technological measures
2. Policy measures
 Technological Measures

1. Block unneeded ports (e.g. 20034)

2. Utilize anti-virus software (most check for Trojans)
3. Prevent active code in browsers
4. Limit user’s rights to just what is needed
5. Firewall
6. Patch Management
Blocking ports using Windows Firewall:
1. Tap on the Windows-key, type Windows Firewall, and
select Windows Firewall with Advanced Security from
the results.
2. Click on Inbound Rules when the firewall window
opens.
3. Select New Rule from the Actions pane.
4. Select Port from the Rule Type listing.
Trojan Horse and Associated Port(s)
 Policy Measures

❑ Never download any (email) attachments

unless absolutely certain they are safe or
expected
❑ If a port is not needed, close it
❑ Restrict the downloading of software
❑ Be cautious of hidden file extensions
 Spyware and Adware

Spyware is Part of Malware – installed without user

authorization.
❑ Becoming more and more intrusive
❑ Can cause systems to crash
❑ Made to gather information and send it to third-
parties
❑ Generate Pop-Ups not detected by pop-up
blockers
❑ Monitors internet activities
❑ Track login credentials
❑ Spies sensitive information / credit card
Spyware and Adware
 Identifying Spyware and Adware
Example;

Like viruses and Trojan horses, RedSheriff (Spyware)

spyware and adware programs
become well known too .. ◼ Twofold problem:

Gator (Adware) ✓ No one is certain what data is

◼ Two methods of removal collected (except Manufacturer)
✓ Many people have a negative
✓ Add/Remove Programs reaction to web site monitoring
✓ The Registry

Old
✓ Spy Sweeper (www.webroot.com)
✓ Spyware Doctor
(www.pctools.com/spywaredoctor/)
✓ Zero Spyware
✓ Microsoft Anti-Spyware
(www.microsoft.com/athome/security/s
pywar
e/software/default.mspx)
Anti-Spyware
New
✓ Malwarebytes - scan through registry files,
running programs, hard drives and individual files
✓ Trend Micro HouseCal - uses minimal
processor and memory resources
✓ Windows Defender - lightweight
antimalware tool that protects against threats
such as spyware, adware and viruses
 Anti-Spyware Policies

1. Never download any attachments you are not

certain is safe
2. Only downloading software from trusted sources
3. Configure browser to block cookies
4. Configure browser to block scripts
5. Utilize browser pop-up blockers
6. Reading all disclosures when installing software
7. Avoiding interaction with pop-up ads; and
8. Staying current with updates and patches for
browser, OS and application software
 Anti-Spyware Policies Cont

Never download the following if you are uncertain of

their safety:

❑ Applications
❑ Browser skins
❑ Screen savers
❑ Utilities

Block Java applets, or require manual approval of

such
 SUMMARY

➢ Both Trojan horses and spyware pose significant dangers

➢ Virus scanners and appropriate policies are your only protection against Trojan
horses and spyware
➢ Carefully develop and implement anti-Trojan horse policies
➢ Spyware and Adware are growing problems for networks
➢ Spyware can compromise security
➢ Confidential information can be compromised by spyware
➢ Adware is more a nuisance than a real security threat :
➢ However, there is a threshold of adware that can
make a system unusable
 SUMMARY

➢ There are numerous utilities that can help protect against Trojan horses (Anti-
virus software)
➢ Available utilities can protect against spyware and adware
➢ Policies can work in conjunction with utilities to further protect systems
 ITT320 INTRO TO
COMPUTER SECURITY

Chapter 10 :
Security Policy
Zulazeze Sahri, UiTM
 Objectives

• Create effective user policies

• Outline effective sys admin policies
• Define effective access control
• Generate effective development policies
 Introduction

• Security technologies and all expensive perimeter

devices won’t guarantee 100% security and
effectiveness if people do not follow appropriate
PEOPLE
procedure.
• E.g : Social Engineering and virus attack (human
intervention)
PROCEDURE
• Must Remember this triangle /POLICY
TECHNOLOGY
 What is Security Policy?

• Security policy is a document that states in

writing how a company plans to protect the
company's physical and information technology
(IT) assets.

• This policy can effectively guide you as you

implement and manage security.
 Defining User Policies

• User policies outline specifically how

people may use systems and how they
may not.
• The policy must be very clear and specific.
• Vague statement should be avoided that
can lead to misuse such as password
sharing, copying co. data etc.
 Defining User Policies

• They are several areas that effective user

policies that the company must cover:

1.Passwords
➢ Enforce password length and minimum
character
➢ 6-8 character long with combination of
alphanumeric, numbers and symbols. E.g
123D0g@#
➢ Refer Previous Chapter
 Defining User Policies

• They are several areas that effective user

policies that the company must cover:

2.Internet Use
➢ For business / work only
➢ No chat rooms / Mudah.my / Website that
consumes lot of traffics
➢ Not legitimates website
 Defining User Policies

3.Email Attachments
▪ Allow legitimate business document (.ppt,
.doc, . xls)
▪ Disallow unknown document extension
(.dat, .exe)
▪ Some security company disallow image files
▪ Limit file size to 10mb only
▪ Disallow email sender address which has
been banned by Security company / Google
 Defining User Policies

4.Software Installation and removal

▪ User should not allowed to install anything
in company machine

5.Desktop Configuration
▪ User may change desktop background,
font size, resolution etc. – can lead to
getting virus if user keep on downloading
desktop wallpaper from internet.
▪ E.g mypic.jpg is actually mypic.jpg.exe
 Defining System
Administrator Policies

Procedures that administrator need to follows for adding users,

removing users, dealing with security and changing any system.

1) New Employee
Define access, create account, job function
2) Leaving Employee
Terminate account login asap
Discontinue system and physical access
Email, internet access, wireless, cell phones
 Defining System Administrator Policies

3) Change Request
Form -→ Check Requirement → Make Change
Apply to IT unit, DB Change, System Change etc.
 Defining System
Administrator Policies

4) Security Breach – How the process in facing below security breaches:

– Virus Infection
– Denial of Services
– Intrusion by a Hacker

Read your textbook to find types of

Security Breaches
 Defining Access Control

• User’s access to some resources must be defined specifically.

• Admin cannot allow anyone and everyone complete access to
everything
• E.g Manager should be given all access to entire network system
• However, extremes in defining policies are not practical.
• Should apply the concept of Least Privilege.
 SUMMARY

• User Policies
– Password
– Internet Uses
– Email Attachment
– Software Installation
– Desktop Configuration
 SUMMARY

• System Administrator Policy

– New Employee
– Leaving Employee
– Change Request
– Security Breach