Professional Documents
Culture Documents
ITT320 Chapter 7-10
ITT320 Chapter 7-10
COMPUTER SECURITY
Chapter 7 :
Operating System Hardening
Zulazeze Sahri, UiTM
Objectives
What You Need to do to Secure Your OS : Accounts | Users | Groups | Password (Cont.)
Setting Security Policies : User error can lead to a successful cyberattack, we need to create
and update user policies and make sure all users are aware of and compliant with these
procedures
1. Password policies
2. Account lockout policies
3. See tables 7.1 – 7.4 for recommended policies
4. Other issues
i. Writing passwords down
ii. Sharing passwords
iii. Using the “least required access” rule
Configuring Windows
Properly – Password Policy
Default Windows Password Policies
Account lockout policies are used by administrators to lock out an account when someone tries to log on
unsuccessfully several times in a row.
RECOMMENDED
❑ Registry basics
❑ Secure registry settings
❑ Restrict Null session access
❑ Restrict Null session access over named pipes
❑ Restrict anonymous access
Configuring Windows
Properly-Registry Basics
Registry Basics:
Core registry folders in the registry
▪ HKEY_CLASSES_ROOT
▪ HKEY_CURRENT_USER
▪ HKEY_LOCAL_MACHINE
▪ HKEY_USERS
▪ HKEY_CURRENT_CONFIG
Configuring Windows
Properly-Registry Settings
Services
➢ Shutting down a service in Windows
➢ Port filtering and firewalls in Windows
Security Templates - often used by corporate environments and are essentially text files that
represent a security configuration.
To help manage your group policy and ensure consistency across your entire organization
1. DC security.inf
2. Hisecdc.inf
3. Hisecws.inf
4. Securedc.inf
5. Securews.inf
6. Setup security.inf
https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/define-security-templates-using-security-
templates-snap-in
Configuring Linux
Properly
➢ Usually, the web browser that comes with an operating system is not
set up in a secure default configuration.
➢ Can caused spyware being installed without your knowledge to
intruders taking control of your computer.
Security settings :
https://its.ucsc.edu/software/release/browser-secure.html
SUMMARY
https://www.connectwise.com/blog/cybersecurity/6-important-os-hardening-tips-to-
protect-your-clients
https://www.techtarget.com/search/query?q=operating+system+security
https://www.lifewire.com/windows-registry-2625992
ITT320 INTRO TO
COMPUTER SECURITY
Malware Attack – Stand for Malicious Software, the most prevalent danger to your network
Example of Malware:
✓ Virus
✓ Worms
✓ Trojan Horses
✓ Adware
✓ Spyware Ransomware (securityintelligence.com)
✓ Bot
https://www.broadcom.com/support/security-center/a-z
Computer Virus
➢ Self-Replicates
➢ Spreads Rapidly
➢ May or may not have a malicious payload
How does a Virus Spread?
E-mail Propagation
Network Propagation
➢ Less frequent, but just as effective
Website Delivery
➢ Relies on end-user negligence
• Virus Types
– Macro
– Multi-Partite
– Armored
– Memory Resident
– Sparse Infector
– Polymorphic
Minmail Virus
• Examples
– Rombertik
– Gameover ZeuS
– FakeAV
Sobig Virus
Virus Scanner
2. Removing Virus
Run Antivirus:
Update Your AV | Run Full Scanning
➢ Virus attacks and hoaxes are arguably the greatest threat to computer networks
Virus scanners :
◼ Understand how they work
◼ Be familiar enough to choose the right one for your organization
◼ Come in both commercial and free versions
Example of some of the famous trojan horses that have been attacked us
around the world.
✓ Back Orifice
✓ Internet Explorer Trojan Horse
✓ NetBus
✓ Linux Trojan Horses
✓ Portal of Doom
Back Orifice
❑ Released in 2003
❑ Targets Microsoft’s Internet Explorer
Browser
❑ Changes the DNS configuration on the
Windows machine
❑ Redirects requests to the hacker’s site
❑ Patch released by Microsoft
❑ Check out Secunia-OSI to see if your
browser is vulnerable
NetBus
Hijacks the computers of unsuspecting Windows users running old operating systems.
Computers running Windows 95, 98, ME, NT, XP and Vista are vulnerable to the Trojan.
Port 9872 - 9875
Back door tool allows remote users to perform the following:
✓ Open and close the CD tray
✓ Shut down the system
✓ Open files or programs
✓ Access drives
✓ Change passwords
✓ Log keystrokes
✓ Take screen shots Image By : https://flylib.com
Linux Trojan Horses
1. Technological measures
2. Policy measures
Technological Measures
Old New
✓ Spy Sweeper (www.webroot.com) ✓ Malwarebytes - scan through registry files,
running programs, hard drives and individual files
✓ Spyware Doctor
(www.pctools.com/spywaredoctor/) ✓ Trend Micro HouseCal - uses minimal
processor and memory resources
✓ Zero Spyware
✓ Windows Defender - lightweight
✓ Microsoft Anti-Spyware antimalware tool that protects against threats
(www.microsoft.com/athome/security/s such as spyware, adware and viruses
pywar
e/software/default.mspx)
Anti-Spyware Policies
❑ Applications
❑ Browser skins
❑ Screen savers
❑ Utilities
➢ There are numerous utilities that can help protect against Trojan horses (Anti-
virus software)
➢ Available utilities can protect against spyware and adware
➢ Policies can work in conjunction with utilities to further protect systems
ITT320 INTRO TO
COMPUTER SECURITY
Chapter 10 :
Security Policy
Zulazeze Sahri, UiTM
Objectives
1.Passwords
➢ Enforce password length and minimum
character
➢ 6-8 character long with combination of
alphanumeric, numbers and symbols. E.g
123D0g@#
➢ Refer Previous Chapter
Defining User Policies
2.Internet Use
➢ For business / work only
➢ No chat rooms / Mudah.my / Website that
consumes lot of traffics
➢ Not legitimates website
Defining User Policies
3.Email Attachments
▪ Allow legitimate business document (.ppt,
.doc, . xls)
▪ Disallow unknown document extension
(.dat, .exe)
▪ Some security company disallow image files
▪ Limit file size to 10mb only
▪ Disallow email sender address which has
been banned by Security company / Google
Defining User Policies
5.Desktop Configuration
▪ User may change desktop background,
font size, resolution etc. – can lead to
getting virus if user keep on downloading
desktop wallpaper from internet.
▪ E.g mypic.jpg is actually mypic.jpg.exe
Defining System
Administrator Policies
1) New Employee
Define access, create account, job function
2) Leaving Employee
Terminate account login asap
Discontinue system and physical access
Email, internet access, wireless, cell phones
Defining System Administrator Policies
3) Change Request
Form -→ Check Requirement → Make Change
Apply to IT unit, DB Change, System Change etc.
Defining System
Administrator Policies
• User Policies
– Password
– Internet Uses
– Email Attachment
– Software Installation
– Desktop Configuration
SUMMARY