Cyber Patriot Training

Ken DeweyRose State College

Local Security Policy

• What is it?– Used to directly modify account and local

policies, public key policies and IP security policies for your local computer

• Where is it?– Start > Control Panel > Administrative Tools >

Local Security Policy

Local Security Policy

• What should I look for?– Default User Rights, Security Templates, Password

Policies, etc• More information– http://www.microsoft.com/resources/documenta

tion/windows/xp/all/proddocs/en-us/lpe_topnode.mspx?mfr=true

Local Security Policy

User & Group Configuration

• What is it?– Policy is typically assigned at the group level and

then users are assigned into groups. It is very important that your groups are configured correctly and your users are in the appropriate groups.

• Where is it?– Start > Control Panel > User Accounts

User & Group Configuration

• What should I look for?– Users in correct groups for their job, all users have

password protected account, etc– Guest account turned off

• More information– http://support.microsoft.com/kb/307882– http://www.kellys-korner-xp.com/xp_groups.htm

User & Group Configurations

BackDoor/Virus/Malware

• What is it?– A malicious program that allows a computer to be

remotely controlled or exploited• Where is it?– Can be anywhere on your computer (memory,

harddrive, registry, flash drive, etc)

BackDoor/Virus/Malware

• What should I look for?– Look for files and folders that do not belong. Start

in the root of C:\ and comb through the file system. Bogus file extensions, files with no name or a garbled name, files that should be small but are huge, etc.

• More information– http://www.wikihow.com/Remove-a-Virus– http://news.frbiz.com/windows_system_the_virus

_most-275070.html

Installing Anti-Virus

• Microsoft Security Essentials– Sufficiently protects computer from malicious

attacks, and roots out viruses– After downloading/installing be sure to update the

software

Installing Anti-Virus

Installing Anti-Virus

Update the MSE Virus Database, and Spyware Database

Enable Windows Firewall• Enable Windows Firewall• Start > Control Panel > Windows

Firewall

DNS

• How to check DNS configuration• Host file– C:\windows\system32\drivers\etc

• DHCP– Check via ipconfig /all

Task Manager vs. Process Explorer

• Malicious Processes can be executing on the computer– Windows Task Manager shows processes– Process Explorer shows a more detailed analysis of

what is running on computer

Task Manager vs. Process Explorer

Task Manager vs. Process Explorer

File/Folder Permissions

• What is it?– The guidelines on who should be able to and how

they should be able to access any particular file or folder.

• Where is it?– Right click any file or folder > Properties > Sharing

and Security tabs

File/Folder Permissions

• What should I look for?– Folders that are shared that don’t need to be,

folders that have full permissions for all users that don’t need to be, etc

• More information– http://articles.techrepublic.com.com/5100-10878

_11-5308684.html

File/Folder Permissions

Vulnerable Services

• What is it?– Services are programs that run in the background

and perform a specific task.• Where is it?– Start > Run > Services.msc

Vulnerable Services

• What should I look for?– Services running that don’t need to be (Telnet,

SSH, etc)• More information– http://techrepublic.com.com/i/tr/downloads/hom

e/windows_xp_services_that_can_be_disabled.pdf

Vulnerable Services

Vulnerable Services

Patching & Updating

• What is it?– Patches are updates to your operating system (or

some program) that add functionality, fix bugs/errors/security holes, etc

• Where should I look?– Start > Windows Update

Patching & Updating

• What should I look for?– Make sure that you have all the latest updates and

service packs.• More information– http://update.microsoft.com

Patching & Updating

Patching & Updating