How to Secure Windows

Last updated: 30 Oct 2008

Overview
Overview of computer and network security and Windows tools; hands-on experience with securing Windows; testing security configuration
Seminar Duration
2 hrs.
Student Prerequisites
how to administer a computer
Student Provides
Lab Provides
  1. computer with Windows XP installed
  2. itadmin and ituser accounts and passwords
Preparation
  1. Updated installation of Windows XP to x cloned disks
  2. Disk drives inserted and locked into computers
  3. Setup itadmin account with password
Delivery
  1. Overview of Computer and Network Security
    1. Security is relative, not absolute
    2. What can happen in 5 minutes?

      Besides 1 trillion instructions executed?

      • passwords copied
      • keystroke sniffer installed
      • privileges elevated
      • total control of computer for later use
      • denial of use of computer or network
      • use of your computer to pirate software, music, etc.
      • use of your computer to compromise other computers
      • deletion or modification of information on computer
      • impersonation of anything virtual, including email
    3. any input can be a "vector" (a point of entry)

      Most common:

      • keyboard (both authorized and unauthorized people)
      • removable media
      • network
      • stolen/lost/damaged device (e.g., cellphone, laptop, thumb drive)
    4. any output can provide information to unauthorized people

      Most common:

      • display (both authorized and unauthorized people)
      • removable media
      • network
      • stolen/lost/damaged device (e.g., cellphone, laptop, thumb drive)
    5. What can be done?
      • deter: make it more difficult (obstruct, hide, fortify, complicate, etc.)
      • probe: look for where vulnerabilities are
      • monitor: look for suspicious activity
      • defend: block attack, remove or weaken attacker, minimize theft/damage
    6. What does that translate to for administering computers?
      • Prevent physical access to your computer or data.

        Lock it up; unplug from network; turn it off

      • Install OS and service packs offline
      • Back up data (encrypted) and store backups elsewhere to lessen data loss.
      • Keep up to date with latest patches for OS and applications.

        This fortifies your computer, hopefully plugging more holes than it creates.

      • Encrypt sensitive data always.
      • Block other computers from connecting to yours.

        firewall

      • Allow only authorized users on your computer, and restrict their access.
      • Be wary of inserting media from any source.
      • Be wary of visiting web sites, clicking on web links in email.
      • Don't share accounts and passwords.
      • Watch system activity through logs and process monitors.
      • Become familiar with security tools.
      • Use strong passwords, and change them regularly.
      • Perform regular checks for vulnerabilities.
  2. Windows Security Tools
    1. Microsoft Updates
    2. Microsoft Tools

      Be very careful about trusting results:

      1. Basic
        • Deter/Prevent:

          Windows Update, Time Service, Routing and Remote Access, LocalService, NetworkService, Runas, ntbackup

        • Probe/Monitor/Inspect:

          net user/group/localgroup, Active Directory Users and Groups, Event Viewer, EventCombMT, systeminfo, auditpol, Security Configuration Manager,

        • Defend/Fix:

          Malicious Software Removal, Security Configuration Manager, ntbackup

      2. Network tools

        netstat -anob, nbtstat, ping, tracert, arp, netsh, ipconfig

      3. File

        dir /ah, dir /od, dir /tc, findstr, cacls

      4. Services

        net start/stop, sc, services.msc

      5. Process

        tasklist, taskkill, schtasks

    3. Firewall

      Windows Firewall; Routing and Remote Access; third-party (e.g., ZoneAlarm)

      ingress and egress; whitelists vs. blacklists

    4. Antivirus

      signature problems (timeliness, morphing); ease of disabling

    5. Encryption

      Bitlocker (Vista Enterprise and Ultimate only); TrueCrypt

      data at rest and in motion

    6. Vulnerability

      Microsoft Baseline Security Analyzer; Nessus; nmap; metasploit (dangerous!)

    7. Helix (www.e-fense.com)
  3. Hands-on Time
    1. Update windows (note Microsoft Update)
    2. Install and configure VSE
    3. Use ntbackup
    4. Use eventvwr and configure auditing
    5. Show tasks
    6. Show scheduled tasks
    7. Show services and accounts that they logon as
    8. Show network and which process owns what port
    9. Show files, hidden included
    10. Set groups and file permissions
Cleanup
  1. Clone the disk drives back to master