A short talk on Windows security for the SEC module

Slides available at http://www.cs.nott.ac.uk/~mvr/G53SEC

In Windows, it is possible to...

Set permissions for: Users – Permissions for individual users Computers – Permissions for individual

computers Groups – Permissions for Groups of users

or computers

Set permissions on: Files – Permissions for individual files Folders – Permissions for folders

(directories) & their contents Printers– Permissions for printers

Right click on folder, file or printer and select properties, then security tab

Files & subfolders within folders inherit permissions from their parent

See help and support Center on how to create accounts

Go to the Control Panel Click on Security Center (sic) Click on Windows Firewall

Microsoft release regular updates and patches to secure vulnerabilities

http://www.microsoft.com/technet/security/default.mspx and for links to current patches and service packs

Windows Update from Start Menu

The Web browser insecurity

‘Iceberg’

It represents the number ofInternet users at risk because they don’t usethe latest most secure Webbrowsers and plug-ins to

surf the Web.

More than 600 million users are at risk

In January 2005, less than 10 million infected machines.

In January 2006, Professor Merrick Furst from the Georgia Tech’s College of Computing explained at least 7 percent of the Internet was infected. For him typical numbers of conscripted machines ranged from around 75 million to 100 million.

By January 2007, the figure was between 100 and 150 million.

October 2009 the total is anywhere up to 80% of connected devices!

There are literally dozens of different ways a computer can become infected with spyware, viruses and other malware. Some of the common ways are:

Accepting without reading – the user simply accepts what he or she sees on the screen without reading the prompt and/or understand what it's asking.

Opening e-mail attachments Another very common way people become infected with viruses

and other spyware is by opening e-mail attachments, even when from a co-worker, friend, or family member. E-mail addresses can be easily faked and even when not faked your acquaintance may unsuspectingly be forwarding you an infected file.

Not running the latest updates Many of the updates, especially those associated with Microsoft

Windows and other operating systems and programs, are security updates.

Pirating software, music and/or movies If you or someone on your computer is participating in underground

places on the Internet where you're downloading copyrighted music, movies, software, etc. for free, often many of the files can contain viruses, spyware and/or malicious software.

No anti-virus spyware scanner If you're running a computer with Microsoft Windows it's highly

recommended you have some form of anti-virus and spyware protection on that computer to help clean it from any infections currently on the computer and to help prevent any future infections.

Downloading infected software Finally, downloading any other software from the Internet can also

contain viruses and other malware. When downloading any type of software (programs, utilities, games, updates, demos, etc.), make sure you're downloading the software from a reliable source and that while installing it you're reading all prompts about what the program is putting on your computer.

Most, if not all of these problems can be avoided by using a standard User account, as opposed to those with Administrator privileges.

Browser hijacksSocial Engineering Identity theftAdvance fee or ‘419’ scamsPhishingTargeted Trojans

In 2007, the UK’s Fraud Prevention Service CIFAS identified over 65,000 victims of identity theft.

For research purposes, the Chief Security Analyst for a leading AV firm created a Hotmail account using a colleague’s name. Using this spoof identity, he easily secured sensitive commercial and personal information from a range of email correspondents.

A Senior Analyst for another firm exploring 419 scams replied to spam emails and was ‘rewarded’ with an authentic-looking cheque for $78,000. He was directed to deposit the cheque, keep 10% and wire the balance to Hong Kong. Had he done so, the cheque would have bounced and he would have lost over $70,000.

Many cases have been reported where auction website accounts have been hijacked, and where phishing emails claiming to be from online payment portals have aimed to steal users’ login names and passwords.

A professional footballer recorded in his blog that he was training with a rival team. His club found out and sacked him – demonstrating just how difficult it is to control access to information once it has been posted on the Internet.

Similarly, a company employee posted photos of himself in the pub on his social networking profile – when he claimed to be absent from work ill. He lost his job.

As a research exercise, IT security company Sophos set up a Facebook profile for a plastic frog. 82 people replied to Friend Requests and handed over personal information of potential value to cyber-criminals.

Also as a research exercise, the BBC deployed a program to collect personal data from Facebook users, who believed the program to be a harmless application – just like thousands of tests, quizzes, jokes etc already available on the Internet.

Windows security is the start of the solution, not the be all & end all

Most commercial sector organisations are using hardware solutions in addition to Windows security features

Awareness of security issues is important for everyone within an organisation

http://www.nottingham.ac.uk/is/about/policies/documents/local/Secpolicy07.pdf

http://www.microsoft.com/technet/Security/tools/default.mspx

http://www.microsoft.com/windowsxp/using/security/learnmore/accesscontrol.mspx

http://www.petri.co.il/ http://www.securityfocus.org/ Google etc…..

Computer Management - User Accounts

Local Security Policy – Audit Logon etc..

Event Viewer – logs System, Security and Application events

Local User Manager – add/edit users & groups

BE AWARE! – Security issues are by and large caused by lack of awareness. Ask yourself the question “Will I cause any harm to the system or other users?”

COMMON SENSE! – Common sense will help in deciding whether something you are about to do is a security risk

“If it sounds to good to be true, then it probably is” – Most scams, be they in the physical or virtual world, count on greed or foolishness to succeed. Very rarely do you ever get something for nothing