Upload
others
View
8
Download
0
Embed Size (px)
Citation preview
Information Security –Server Management
Page 1
Windows Share Permissions (in XP)
7. Select Share this folder
8. Click on the Permissions tab
1. Create users and groups with Computer Manager (Jim, Susan, Research Group)
2. Navigate to My Documents 3. Right click and create folder titled Library 4. Open Library and create another folder
within it titled Research 5. Right Click on Library 6. Click on Sharing and Security…
Information Security –Server Management
Page 2
Remove Everyone
9. Click Add
10. Change the location to your local system 11. Type the name of the user or group– for this example, type Research Group 12. Click OK
Information Security –Server Management
Page 3
13. Select Full Control for the Research Group
14. Click Apply and OK 15. Notice that now your folder has an icon of a hand beneath it. This means that this is a Shared
folder.
16.
Information Security –Server Management
Page 4
Windows Security Permissions (XP)
Add the Research Group to Library folder and assign default permissions.
1. Navigate to the Library folder you created in the previous exercise 2. Right click and select Sharing and Security… 3. Click on the Security tab
Information Security –Server Management
Page 5
4. Click Add 5. Change the Location to your local computer and type Research Group for the object name. 6. Take the default permissions (Read & Execute, List Folder Contents, Read). Click OK.
Check Effective Permissions
7. Navigate to the Library folder 8. Right click and select Sharing and Security… 9. Click on the Security tab 10. Click on Advanced
Information Security –Server Management
Page 6
11. Click on Effective Permissions 12. Click on Select
13. Change your location to the local computer 14. Type Susan for the object name.
Information Security –Server Management
Page 7
15. Click OK and close all dialog boxes.
View Inherited Permissions
16. Navigate to the Research folder under Library 17. Right click and select Sharing and Security… 18. Click on the Security tab 19. You will see that Research Group is already listed as having rights
20. Click on Research Group and Click on Remove 21. You will get an error stating that this group cannot be removed because it is inheriting rights from
it’s parent. 22. Click OK to close the dialog box
Information Security –Server Management
Page 8
Assign Explicit Permissions for Susan at the Research Folder
23. Click Add and change the location to your local computer 24. Type Susan in the object name box, click OK
25. Select Full Control in the Permissions box, Click OK
Information Security –Server Management
Page 9
Check Effective Rights for Susan on the Research Folder
26. Navigate to the Research folder under Library 27. Right click and select Sharing and Security… 28. Click on the Security tab 29. Click on Advanced 30. Click on Effective Permissions
Information Security –Server Management
Page 10
31. Change your location to the local computer 32. Type Susan for the object name. 33. Note that Susan has Full Control to this folder
Information Security –Server Management
Page 11
Google Scanning
1. Search within a site for all files with a particular file type site:http://security.vpit.txstate.edu pdf
2. Search within a site for all files with a particular file type with a particular set of characters. site:http://security.vpit.txstate.edu pdf password
Information Security –Server Management
Page 12
Windows Event Viewer
1. Open Computer Managent and drill down to System Tools -> Event Viewer 2. Discuss each type of log and significance along with configuration options
Information Security –Server Management
Page 13
Identity Finder Scanning
1. Launch Identity Finder • Start -> All Programs -> Identity Finder
2. Click on the Locations tab • Default file search location is My Documents
3. Select click Custom Folders and then click Enable Custom Folder Search
Information Security –Server Management
Page 14
4. Click on the Browse button for the Folder field and choose Desktop; click OK
5. Once the selected location displays in the Folder field, click Add
6. The location will be copied to the Folder Location, Click Apply and OK
7. Click ‘Apply’ and then ‘OK’
8. Go to the Main tab and click on the Start button to begin scanning
Information Security –Server Management
Page 15
9. Once the search is completed, ID Finder Search Summary is displayed
Click Advanced
10. If a file containing an Identity Match is located after a scan, the results specifying the location
of the file and the match that was found are displayed
Information Security –Server Management
Page 16
11. Go to the Main tab a. There are three options available for users to choose what action they want to take
on the file with an identity match: i. Shred: completely and permenantly deletes file from your computer
ii. Quaratine: moves file to a specific location iii. Ignore: leaves file as it is
12. Click on a result to select it for deletion
Remember: Once shredded Files/Folders cannot be recovered
13. Click Yes to confirm that you want to delete the file
Information Security –Server Management
Page 17
14. Click OK
15. Close Identity Finder 16. Click No on the Save Results pop-up box
Information Security –Server Management
Page 18
Sysinternals
1. Download and run TCPview.exe from Microsoft Sysinternal site: http://live.sysinternals.com/
Information Security –Server Management
Page 19
2. Download and run Autoruns.exe from http://live.sysinternals.com
3. Download and run Procmon.exe from http://live.sysinternals.com
Information Security –Server Management
Page 20
Scanning with Windows Defender
1. Click on Start -> All Programs -> Windows Defender
2. Click on the arrow next to ‘Scan’
3. Choose ‘Custom Scan’
Information Security –Server Management
Page 21
4. Choose ‘Scan selected drives and folders’ Click the’ Select’ button
5. Choose‘---------‘ and click ‘Ok’
6. Close Windows Defender once the scan is finished
Information Security –Server Management
Page 22
Information Security –Server Management
Page 23
Microsoft Baseline Security Analyzer
1. Start -> All Programs -> Microsoft Baseline Securirty Analyzer
2. Click on ‘Scan a computer’
3. Make sure to check these boxes: • Check for Windows administrative vulnerabilities • Check for weak passwords • Check for IIS administrative vulnerabilities • Check for SQL administrative vulnerabilities • Check for security updates
4. Click the ‘Start Scan’ button
Information Security –Server Management
Page 24
5. Once the scan is completed, a detailed report will be generated
6. You can look at the Result details
7. If there are any vulnerabilities discovered, click on
How to corrrect this
8. Click ‘OK’ to close the program
to view solutions
Information Security –Server Management
Page 25
Using Windows XP Professional Security Checklist
Verify that all Disk partitions are Formatted with NTFS
NTFS partitions offer access controls and protections that aren't available with the FAT, FAT32, or FAT32x file systems. Make sure that all partitions on your computer are formatted using NTFS. If necessary, use the Convert utility to non-destructively convert your FAT partitions to NTFS.
1. Check the status of your Disk partitions
Protect File Shares
By default, Windows XP Professional systems that are not connected to a domain use a network access model called "Simple File Sharing," in which all attempts to log on to the computer from across the network will be forced to use the Guest account. This means that network access through Server Message Block (SMB, used for file and print access), as well as Remote Procedure Call (RPC, used by most remote management tools and remote registry access) will be available only to the Guest account.
In the Simple File Sharing model, file shares can be created so that access from the network is read-only or access from the network is able to read, create, change, and delete files. Simple File Sharing is intended for use on a home network and behind a firewall, such as the one provided by Windows XP. If you are connected to the Internet, and are not operating behind a firewall,
Information Security –Server Management
Page 26
you should remember that any file shares you create might be accessible to any user on the Internet.
The Classic security model is used if your Windows XP Professional computer is joined to a domain or if Simple File Sharing is disabled. In the Classic security model, users who attempt to log on to the local computer from across the network must authenticate as themselves and are not mapped to the Guest account. File shares should be created so that access from the network is granted only to the appropriate groups and/or individual users.
1. Go to Computer Management and drill down under Shared Folders
2. Right click on share to stop sharing
Use Account Passwords
To protect users who do not password-protect their accounts, Windows XP Professional accounts without passwords can be used only to log on at the physical computer console. By default, accounts with blank passwords can no longer be used to log on to the computer remotely over the network or for any other logon activity except at the main physical console logon screen. For example, you cannot use the secondary logon service (RunAs) to start a program as a local user with a blank password.
Assigning a password to a local account removes the restriction that prevents logging on over a network. It also permits that account to access any resources it is authorized to access, even over a network connection. As a result, it is better to leave a blank password assigned to an
Information Security –Server Management
Page 27
account rather than assigning a weak, easily guessed password. When assigning account passwords, make sure the password is at least eight characters long and that it includes at least one punctuation mark or non-printing ASCII character within the first seven characters. The longer the password, the stronger it is.
Caution: If your computer is not in a physically secured location, it is recommended that you assign passwords to all local user accounts. Failure to do so allows anyone with physical access to the computer to easily log on by using an account that does not have a password. This is especially important for portable computers, which should always have strong passwords on all local user accounts. Note: This restriction does not apply to domain accounts. It also does not apply to the local Guest account. If the Guest account is enabled and has a blank password, it will be permitted to log on and access any resource authorized for access by the Guest account.
If you want to disable the restriction against logging on to the network without a password, you can do so through Local Security Policy.
1. Go to Computer Manager, drill down under Local Users and Groups, create accounts and assign passwords here. Disable or delete unnecessary accounts here, such as Guest. Always rename the built in Admin account
.
You should review the list of active accounts (for both users and programs) on the system in the Computer Management snap-in. Disable any non-active accounts and delete any accounts that are no longer required.
This setting recommendation applies only to Windows XP Professional computers that belong to a domain or to computers that do not use the Simple File Sharing model.
On Windows XP Professional systems that are not connected to a domain, users who attempt to log on from across the network will be forced to use the Guest account by default. This change is designed to prevent hackers attempting to access a system across the Internet from logging on
Information Security –Server Management
Page 28
by using a local Administrator account that has no password. To use this feature, which is part of the Simple File Sharing model, the Guest account must be enabled on all Windows XP computers that are not joined to a domain. For those computers that are joined to a domain, or for unjoined computers that have turned off the Simple File Sharing model, the Guest account should be disabled. This will prevent users attempting to log on to the computer from across the network from using the Guest account.
Set Stronger Password Policies (Note: some of these policies are not required by DIR and not enforced by Texas State University)
To protect users who do not password-protect their accounts, Windows XP Professional accounts without passwords can be used only to log on at the physical computer console. By default, accounts with blank passwords can no longer be used to log on to the computer remotely over the network or for any other logon activity except at the main physical console logon screen.
Note: This restriction does not apply to domain accounts. It also does not apply to the local Guest account. If the Guest account is enabled and has a blank password, it will be permitted to log on and access any resource authorized for access by the Guest account.
Use the Local Security Policy snap-in to strengthen the system policies for password acceptance. Microsoft suggests that you make the following changes:
Set the minimum password length to at least eight characters. The longer, the stronger.
Set a minimum password age appropriate to your network (typically between 1 and 7 days).
Set a maximum password age appropriate to your network (typically no more than 42 days).
Set a password history maintenance (using the "Remember passwords" radio button) of at least six.
Set Account Lockout Policy (Note: some of these policies are not required by DIR and not enforced by Texas State University)
Windows XP Professional includes an account lockout feature that will disable an account after an administrator-specified number of logon failures. For example, enable local account lockout after 5-10 failed attempts, reset the count after not less than 30 minutes, and set the lockout duration to "Forever (until admin unlocks)." If that's too aggressive, consider permitting the account to automatically unlock after a certain period of time.
There are two common goals for using account lockout: one is to make it obvious that multiple attempts have been made to log on to a user account with an invalid password; the second is to protect accounts from attempts to guess a password by dictionary attacks or iterative guessing. There is no one correct setting here that will apply to all environments. Consider reasonable settings for your environment.
Disable Unnecessary Services
After installing Windows XP, you should disable any network services not required for the computer. In particular, you should consider whether your computer needs any IIS Web
Information Security –Server Management
Page 29
services. By default, IIS is not installed as part of Windows XP and should be installed only if its services are specifically required.
Install Antivirus Software and Updates
One of the most important things for protecting systems is to use antivirus software and ensure that it is kept up-to-date. All systems on the Internet, a corporate Intranet, or a home network should have antivirus software installed.
Keep up-to-Date on the Latest Security Updates
The Auto Update feature in Windows XP can automatically detect and download the latest security fixes from Microsoft. Auto Update can be configured to automatically download fixes in the background and then prompt the user to install them once the download is complete.
To configure Auto Update, click System in Control Panel and select the Automatic Updates tab. Choose the first notification setting to download the updates automatically and receive notification when they are ready to be installed.