15 Minute Security Guide - Windows Workstation Security

8/7/2019 15 Minute Security Guide - Windows Workstation Security

1/47

15 minute security primers:15 minute security primers:

Windows Network WorkstationWindows Network WorkstationSecuritySecurity

Johnny LongJohnny Long

http://johnny.http://johnny.ihackstuffihackstuff.com.com


2/47

The BIG DisclaimerThe BIG Disclaimer This presentation is based on theThis presentation is based on the

SecurityFocusSecurityFocus Checklist by ScottChecklist by Scott GrannemanGranneman

entitledentitled A Home User's Security Checklist forA Home User's Security Checklist forWindowsWindows

Download:Download:http://www.http://www.securityfocussecurityfocus.com/columnists/220.com/columnists/220

Scott did the work. IScott did the work. Im here to spread them here to spread theword, keep it simple and show how it can beword, keep it simple and show how it can beabused.abused.

Basic Windows security is possible, and it onlyBasic Windows security is possible, and it onlytakes 15 minutes.takes 15 minutes.


3/47

The little disclaimerThe little disclaimer ItIts hard to account for all versions ofs hard to account for all versions of

Windows here, so I use Windows XPWindows here, so I use Windows XP

Professional for the examples.Professional for the examples. This presentation is for entry-levelThis presentation is for entry-level

users.users.

For most examples I will show an attackFor most examples I will show an attackfollowed by the appropriate fix.followed by the appropriate fix.

In some cases I will just show a fix.In some cases I will just show a fix.


4/47

Problem: Administrative AccessProblem: Administrative Access

Although itAlthough its simpler, do not use thes simpler, do not use the

Administrator account (or anAdministrator account (or an

equivalent) for every-day work.equivalent) for every-day work.

ItIts too easy for an attacker to abuses too easy for an attacker to abuse

you machine and unless you know whatyou machine and unless you know what

youyoure doing, itre doing, its too easy to messs too easy to messthings up!things up!


5/47

Fix: Restrict Admin AccessFix: Restrict Admin Access

Do Not run Windows as AdministratorDo Not run Windows as Administrator

Create a user account for every dayCreate a user account for every day

use. Reserve the Administrator role foruse. Reserve the Administrator role for

system maintenance.system maintenance.


6/47

Problem: Accounts without passwordsProblem: Accounts without passwords

Surprisingly enough, many users haveSurprisingly enough, many users have

accounts without passwords.accounts without passwords.

Most users are aware that passwordsMost users are aware that passwords

are a good thing, but do you keep trackare a good thing, but do you keep track

of all user accounts on your machine?of all user accounts on your machine?


7/47

Problem: Accounts with badProblem: Accounts with bad

passwordspasswords

This is a

standard useraccount with

no password!

All accounts

should have

strongpasswords.

Control Panel ->

User Accounts

brings up the User

Account Manager.


8/47

Attack! Accounts without passwordsAttack! Accounts without passwords

A attacker

can usesimple

commands to

browse your

machine

without apassword...


9/47

Attack! Accounts without passwordsAttack! Accounts without passwords

The THC-hydra tool

from

http://www.thc.org

has many uses.


10/47

Attack! Accounts withoutAttack! Accounts without

passwordspasswords..including the

discovery of user

accounts with nopassword!


11/47

Attack! Dictionary AttackAttack! Dictionary Attack

In order to pound a

password, an attacker

will create a basicpassword file.


12/47

Attack! Dictionary Attack!Attack! Dictionary Attack!THChydra can

eventually find a

password, even if itsnot simple like this

one.


13/47

Fix: Good, Strong PasswordsFix: Good, Strong Passwords All accounts on your machine shouldAll accounts on your machine should

have strong passwords.have strong passwords.

Unless you know what youUnless you know what youre doing,re doing,every account should have a passwordevery account should have a password

Strong Passwords:Strong Passwords:

Never appear in any dictionaryNever appear in any dictionary Contain upper and lower case characters,Contain upper and lower case characters,

numbers and special charactersnumbers and special characters


14/47

Problem:Problem: CleartextCleartext PasswordsPasswords

Sometimes, even a strong password isSometimes, even a strong password is

not enough protection.not enough protection.

Passwords that travel the networkPasswords that travel the network

under cover of weak or zero encryptionunder cover of weak or zero encryption

can be captured and reused.can be captured and reused.


15/47

Attack!Attack! CleartextCleartext PasswordsPasswords

the attacker

connects to your

computer with your

password...

then connects to your

C: drive....

Using a pilfered password


16/47

Attack!Attack!CleartextCleartext PasswordsPasswords

and rifles through

your personal stuff!!!


17/47

Fix: Only use encryptedFix: Only use encrypted

authenticationauthentication If you are unsure about the protectionIf you are unsure about the protection

of your passwords over the network, itof your passwords over the network, itss

best to err on the side of caution.best to err on the side of caution.

Understand the risks of yourUnderstand the risks of your

transactionstransactions


18/47

Problem: Anyone can ConnectProblem: Anyone can Connect

to your computerto your computer Even with strong passwords, attackersEven with strong passwords, attackers

can still access services on yourcan still access services on your

machine if theymachine if they

obtain your passwordobtain your password

exploit a vulnerability on your machineexploit a vulnerability on your machine

exploit third-party softwareexploit third-party software


19/47

Attack! PingsAttack! PingsWithout a firewall,

anyone can send a

PING or an are youthere message to your

computer.


20/47

Attack! Port scanAttack! Port scanPort scanners can show

what services your

computer is running


21/47

Attack! WindowsAttack! Windows PopupsPopups

Various open ports on

your machine (like 138,NETBIOS DGM) can be

used by attackers to

send you annoying or

dangerous popup

messages like these.


22/47

Fix: Windows FirewallFix: Windows Firewall Windows has a built-in firewall that hasWindows has a built-in firewall that has

a minimum of features, but is bettera minimum of features, but is better

than nothingthan nothing


23/47

Fix: Windows FirewallFix: Windows FirewallStart Menu -->

Settings -->

Network Connections

Right-Click your Internet

Adapter and choose

Properties


24/47

Fix: Windows FirewallFix: Windows FirewallClick the Advanced tab to find

the option for Internet

Connection Firewall.

Checking this box turns onyour firewall.

Turning off the firewall

(unchecking this box)

produces a warning message.


25/47

Fix: Windows FirewallFix: Windows FirewallFrom the Advanced Tab,

click Settings

The Services Tab allows

you to select which

services to allow through

the firewall. Checkedservices are allowed

through. Only check

services if you know

what youre doing


26/47


click Settings

The Security Logging tab

allows for various

logging options. By

default, nothing islogged! Select log

dropped, log

successful or both to

enable logging.


27/47

Fix: Windows FirewallFix: Windows FirewallA dropped packets log

might look like this

This report shows information including the date,

packet type, and the IP address that sent it.


28/47


click Settings

The ICMP tab blocks ICMP

messages by default. Although

ICMP (the protocol that handles

PING) is fairly benign, it can beused my accomplished hackers

to gather info about your

computer. Keep these options

unchecked.


29/47

Fix: Test your InternetFix: Test your Internet

ExposureExposureThe Shields up

program allows you to

scan your machine for

vulnerabilities from the

Internet.


30/47

Problem: Out of DateProblem: Out of Date

SoftwareSoftware ItIts a statistical fact that older softwares a statistical fact that older software

has more discovered security holes thanhas more discovered security holes than

newer versions of that software.newer versions of that software.

The easiest way to stay on top of theThe easiest way to stay on top of the

latest security fixes is windows updatelatest security fixes is windows update


31/47

Attack! Spoofing WindowsAttack! Spoofing Windows

UpdateUpdate It is possible for an accomplished attacker toIt is possible for an accomplished attacker to

insert a bogus update into your system.insert a bogus update into your system.

Ultra-paranoids should install updatesUltra-paranoids should install updatesmanually viamanually via

http://windowsupdate.microsoft.comhttp://windowsupdate.microsoft.com

In addition, downloaded packages should beIn addition, downloaded packages should be

manually verified before installation.manually verified before installation.


32/47

Fix: Windows UpdateFix: Windows UpdateOne way to get into

Windows Update

Settings is via right-

clicking on

My Computer, selecting

Properties and

selecting the

Automatic UpdatesTab.


33/47

Fix: Windows UpdateFix: Windows Update

Another way is

from Start -->

Help andSupport Center

click

Windows

Update


34/47

Fix: Windows UpdateFix: Windows Update Never follow update instructions sentNever follow update instructions sent

via email.via email.

This technique is calledThis technique is called phishingphishingandand

opens the door for malicious usersopens the door for malicious users


35/47

Fix: Application updatesFix: Application updates Always keep on top of updates forAlways keep on top of updates for

applications you install.applications you install.

Keep a list of apps you install and theKeep a list of apps you install and the

website for that product.website for that product.

For example, visitFor example, visit

http://office.microsoft.com/officeupdatehttp://office.microsoft.com/officeupdatefor updates to MS Office products.for updates to MS Office products.


36/47

Problem: Malicious codeProblem: Malicious code Regardless of your protection from theRegardless of your protection from the

network, viruses and other types ofnetwork, viruses and other types of

malicious code can cause disruption ormalicious code can cause disruption oraffect the security of your computer.affect the security of your computer.


37/47

Fix: Anti-Virus ProgramsFix: Anti-Virus Programs An anti-virus program should be installedAn anti-virus program should be installed

The software should be set to:The software should be set to:

automatically scan the computer at least once aautomatically scan the computer at least once adayday

automatically scan email messagesautomatically scan email messages

allow scanning of Instant Messaging downloadsallow scanning of Instant Messaging downloads

automatically update virus signatures via the webautomatically update virus signatures via the web


38/47

Problem: Malicious EmailProblem: Malicious Email Email is often used to propagateEmail is often used to propagate

malicious codemalicious code

Depending on the configuration of yourDepending on the configuration of youremail reader, malicious code can enteremail reader, malicious code can enteryour system without even being readyour system without even being read

Web bugsWeb bugscan track your location andcan track your location andyour activitiesyour activities


39/47

Attack: Fake Email scamsAttack: Fake Email scams

Malicious users

can pose as

respected websites via email. Is

this real? How can

you know?

If you trust the

site, go to the

website by typing

the URL in your

browser.


40/47

Fix: Email reader configurationFix: Email reader configuration Turn off the preview paneTurn off the preview pane

Always know who an email is from before youAlways know who an email is from before you

open itopen it DisableDisable JavascriptJavascript

HTML-based email is nice, butHTML-based email is nice, but JavascriptJavascript in anin an

email message can be very dangerousemail message can be very dangerous

Go offlineGo offline Email tracking (web bugs) do not work in offlineEmail tracking (web bugs) do not work in offline

mode.mode.


41/47

Fix: Email safetyFix: Email safety Never open attachments that areNever open attachments that are

programsprograms

Only open attachments that you areOnly open attachments that you are

expectingexpecting

Always scan attachments for viruses,Always scan attachments for viruses,

even if you think your virus scanner iseven if you think your virus scanner isdoing it automatically.doing it automatically.


42/47

Fix: Email safetyFix: Email safety Never reply to spam, even to beNever reply to spam, even to be

removedremovedfrom their mailing listfrom their mailing list

Remember that secure web sites willRemember that secure web sites will

never request you to change yournever request you to change your

password, enter your PIN, or answerpassword, enter your PIN, or answer

other sensitive questions via emailother sensitive questions via email


43/47

Problem: Browser SecurityProblem: Browser Security There are many different ways anThere are many different ways an

attacker can deliver malicious code viaattacker can deliver malicious code via

your web browser.your web browser.

Configure your web browser safely.Configure your web browser safely.

Scott wrote a terrific article entitledScott wrote a terrific article entitled

Securing PrivacySecuring Privacy available fromavailable fromhttp://www.http://www.securityfocussecurityfocus.com/.com/infocusinfocus/1585/1585


44/47

Fix: Browser Security TestsFix: Browser Security Tests The Browser Security TestThe Browser Security Test

http://bcheck.scanit.be/bcheck/http://bcheck.scanit.be/bcheck/

PC FlankPC Flanks Testss Tests

http://www.pcflank.com/about.htmhttp://www.pcflank.com/about.htm

Jason LevineJason Levines Toolboxs Toolbox http://www.http://www.jasonsjasons-toolbox.com/-toolbox.com/BrowserSecurityBrowserSecurity//


45/47

Problem:Problem: SpywareSpyware SpywareSpyware is software designed to trackis software designed to track

Internet users.Internet users.

This invasion of privacy can also beThis invasion of privacy can also be

disruptive and subversive to your onlinedisruptive and subversive to your online

activities.activities.


46/47

Fix: Anti-Fix: Anti-SpywareSpyware ProgramsPrograms You should install and implement andYou should install and implement and

anti-anti-spywarespyware program.program.

You should keep up with updates,You should keep up with updates,

automatically if the program allows it.automatically if the program allows it. http://www.anti-spyware-review.toptenreviews.com/http://www.anti-spyware-review.toptenreviews.com/

lists reviews of the most popular anti-lists reviews of the most popular anti-spywarespyware programs.programs.


47/47

ClosingClosing Be sure to download ScottBe sure to download Scotts completes complete

checklist for all the details.checklist for all the details. http://www.securityfocus.com/columnists/220http://www.securityfocus.com/columnists/220

This presentation can be downloadedThis presentation can be downloaded

from my websitefrom my website

http://johnny.ihackstuff.comhttp://johnny.ihackstuff.com

Documents

15 Minute Security Guide - Windows Workstation Security