Free Guides
Language Tutorials
CompTIA A+ Study Guide (220-601 and 220-602)
Introduction:
Securing the operating system and utilizing the correct tools to combat
threats is a major part of computer security. In this section of the
guide, we will take a look at some of the tools and processes that
should be used to secure a system.
CMOS:
Although not part of the operating system, this seemed like the most
appropriate section to include CMOS security. By default, anyone can
boot your computer, access your CMOS settings, and have a field day in
the setup program. To prevent this, many CMOS programs allow you to
create a password in order to access the setup utilities. Some also
allow you to create a password that must be entered in order to boot to
the operating system. This gives an added layer of security by forcing a
person to enter the CMOS password and then the local/network username
and password after the operating system loads.
File System:
When installing Windows 2000/2003/XP, you will basically be choosing
between the FAT32 and NTFS file systems. FAT32 is OK for home systems,
but should never be used in a business environment. This is because
FAT32 offers no native file level security. NTFS, on the other hand,
offers file and folder permissions and encryption. With NTFS you can set
permissions on shares, folders, and files that specify which groups and
users have access, and what level of access is permitted on NTFS
partitions. As for encryption, NTFS supports Microsoft's Encrypting File
System which prevents unauthorized access to file contents. The concept
of encryption will be discussed in the next tutorial.
User Accounts:
All current versions of Windows have local user accounts and groups that
determine the user's ability to perform particular functions on their
computer. Administrators can lock a computer down so that the user can
only perform specific functions, or the user could be a member of the
Administrators group and have full control of the system. You do not
need to know the specific groups and permissions for the exam, but you
need to know what they are and how local accounts, groups, and
permissions are different from the network accounts, groups, and
permissions.
Software Firewalls:
A firewall is either a hardware (to be discussed in another section) or
software entity (or a combination of both) that protects a network or
computer by stopping network traffic from passing through it. In most
cases, a firewall is placed on the network to allow all internal traffic
to leave the network or computer (email to the outside world, web
access, etc.), but stop unwanted traffic from the outside from entering
the internal network or computer. This is achieved by granting and
denying access to various ports. While there are many 3rd party software
firewalls available, we will be looking at the one built into Windows XP
which is aptly named Windows Firewall.
To access the Windows Firewall, go to the control panels, click the
Security Center icon, and then click the Windows Firewall link in the
Windows Security Center window. You should see this:
In the Window above, you can turn the firewall off. If you click on the Exceptions tab, you will see this:
This window lists the
applications that are blocked (unchecked) and allows you to choose which
ones to unblock. The default blocks may cause problems with some
applications in which case, you may have to go in here and unblock them.
This window also allows you to add programs and ports that aren't
currently listed.
Click on the Advanced tab and you will see this:
Here you can select the
connections that you wish the firewall to protect. You can also set up
security logging, configure ICMP (PING), or reset all settings to
default.
Dealing With Spam:
There are 2 basic tools for fighting spam; software and education. Let's
take a look at some of the options available:
- Email Filters - There are a variety of email filters available that use algorithms and/or user defined rules to filter junk mail. Services like AOL, Hotmail, Gmail, and others have built-in spam detection filters. Email clients such as Microsoft's Outlook have built-in filtering capabilities, but also offer user configurable rules to filter mail as well. The problem with any type of filtering or rule system is that they can sometimes filter out emails that you do want. Larger organizations often use 3rd party solutions that filter mail at the network level before it ever gets to the client computers.
- Education - The best way to avoid spam is for the spammers to never be aware of your email address. One of the easiest ways to ensure your inbox will be flooded with spam is to post your email address on the internet. When you sign up for an account at some sites, your email address maybe publicly available, or if you post your email address in a newsgroup to get feedback from people, you are putting yourself at risk as well. Spammers use automated bots to scour the internet looking for email addresses. When one is found, it is added to their mailing list. These lists are then often sold to other spammers as well. Spammers often times send out millions of emails to random email addresses and when they get a response, they know they have a "live one" which they will either flood with spam or sell to someone else. It is very important to educate users about the dangers of making their email address publicly available. Users often should be instructed to be careful with who they share this information with, and to make sure never to respond to questionable email from people they don't know.
Dealing
With Viruses, Trojans, and Worms:
While spam is a huge nuisance, viruses, worms, and trojans are typically
a much more critical issue because they can severely damage a system, or
even an entire network. Just like above, the solution to dealing with
these problems is software and education. Let's take a look at the
options available:
- Anti-virus Software - There are many different brands of Anti-Virus software used to detect and eliminate viruses on computers. Some runs on servers, some are client-based, and others run on firewalls and other devices. A good Anti-virus program not only has the ability to clean viruses and worms when found, but actively scans email, downloads, running applications, etc., to prevent them from being executed in the first place. Virus definition files are what tell the anti-virus software what to look for and how to fix a particular virus or worm if found. Because new viruses are being released all of the time, it is critical to keep the virus definition files up to date.
- Education - One of the most common ways that viruses are spread occurs when a user opens an email attachment containing a virus. Users should be taught to never open an attachement from somebody they don't know. They should also be instructed not to download files from untrusted sites as they can contain viruses, worms, and trojans. Administrators in larger organizations can configure policies to prevent users from installing unwanted software that may be infected.
Dealing
With Spyware, Adware, and Grayware:
Most spyware and adware is installed by the user. The user may not know
that the neat utility they are downloading has spyware or adware
attached to or hidden in it, but the end result is the same. The best
way to combat these types of applications is to simply not install them
and to educate users about the dangers of installing seemingly harmless
applications. If you believe that your system has been infected with
adware or spyware, first go to the Add/Remove programs control panel and
remove all applications that you know do not belong. The next line of
defense is to use a 3rd party spyware removal software package such as
Spybot or Ad-aware. In fact, you should probably used more than one.
Like anti-virus software, these applications have definition files that
should be updated before every scan.
Here we are updating our
definition file in Ad-aware. Ad-aware is free for personal use, but if
you get the professional version, you can detect spyware and adware
before it is installed.
As was mentioned in the Security Threats section of this guide, grayware
may or may not be a problem. It is up to the individual company to
determine which applications are acceptable and which are not. Users
should be educated as to the detrimental effects (i.e. network
performance) of using grayware applications.
Operating System Updates:
It is important to keep your system service packed and install security
updates from the operating system vendor. Windows Update is a service
provided in Windows 2000/2003/XP that keeps track of updates installed
on your system and will prompt you when additional updates are
available. These updates often add additional security tools as was the
case with Windows XP Service Pack 2, and usually correct exploitable
flaws in the operating system.
There are a couple of ways to configure updates. The easiest way is to
have Windows check with Microsoft to see which updates are available for
your system and automatically install them. To do this, go to the
control panels and open Automatic Updates.
The first option will
automatically install Windows updates when available in the background.
A major issue with this setting is that most updates will require you to
restart your system. Windows will periodically interrupt you after the
install telling you that it wants to restart which can be annoying if
you are in the middle of a project. You can either set a convenient date
and time when you aren't working for the regular updates, or there are a
couple of other options. First, you can select the next option which
allows automatically downloads the files, but lets you to choose when to
install the updates. In this case, Windows will notify you via an icon
in the system tray when updates are available. The option below that
won't automatically download or install the updates, but will prompt you
in the system tray. The final option is to turn Automatic Updates off.
If
for some reason you have turned automatic updates off, you should
manually check for updates by clicking on your start button and
selection Microsoft Update as shown to the right. Notice there is a
Windows Update and a Microsoft Update. Windows Update is the predecessor
of the newer Microsoft Update, however, clicking on either of these
takes you to the same page on Microsoft's web site. You can also get to
this web page by clicking the Windows Update Web Site link in the
Automatic Updates control panel applet shown above.
Once at
this page, you can scan your system for available updates and select the
ones that you wish to download and install.
Auditing Security:
One of the best tools for auditing security is the Event Viewer. This
application logs the application, system, and security events on your
system. While the application and system logs are great tools for
troubleshooting problems with applications and the operating system
problems, the security section offers a wealth of useful information for
finding security issues. To get to the event viewer, double click on the
Administrative Tools control panel applet. The double-click on the Event
Viewer shortcut.
This is
the event viewer window. We have already clicked on Security on the left
menu (Note that if you have IE 7 installed, Internet Explorer will also
appear on the left menu). After selecting Security, we see a list of
security events that have been recorded. We have a failure showing. To
check this out, simply double-click on the Failure Audit item and more
information about the event will be displayed as shown below.
Here we
have a description of what the problem is and a link to Microsoft's
knowlegebase page for information on how to deal with this event.
By default, none of these events show up in the security section of the
event viewer - we have to go turn them on first. To do this, we need to
go back to the Administrative Tools section of the control panels and
select Local Security Settings. On the left menu, click Local Policies
and then Audit Policy. The right pane will show the audit policies
currently in effect. Simply double-click on the policy to configure it.
