Post on 11-May-2015
Company
LOGOBobby McConnell Matt Mewborn
Challenges in Securing Windows
WINDOWS SECURITY
Survival Rate of a windows machine is between 30-45 minutes.
On average Linux is more secure.
There is no such thing as a “secure” operating system.
Port Scanning
Hackers Use port scanners to find open ports on systems.
Over 1 Billion port scans are reported every month.
Those 1 billion reports are reported by only a small portion of internet users.
Common Ports Well Known Ports (0 - 1023) Registered Ports (1024 - 49151) Dynamic and/or Private Ports
(49152 - 65535)
IP Spoofing
IP spoofing occurs when an attacker fakes their IP address so the receiver thinks it is sent from a location that it is not actually from.
Five Defenses Key Based
authentication Deny private IP
addresses Filter inbound/outbound
traffic Routers reject packets
outside local network Enable encryption
Source Routing
Source routing is an IP option that directs incoming and outgoing packets.
Results Control of network clients Control of network servers Access to private information Malicious actions possible
Man In The Middle
Attacker finds open connections in your network that causes:
Clients are at risk Privacy is violated Secure material can be
stolen
Defenses Message Encryption Strong encryption
authentication Session checksums and
shared secrets File encryption
DNS Poisoning
Defenses Use updated DNS Separate DNS
Servers Restrict Zone
Transfers Identify transfer
sources Restrict DNS updates Restrict DNS service
DNS Poisoning is the sending of falsified DNS to divert traffic to the attackers address instead of the correct one.
Password Cracking
Ways To Crack Guessing- simply
guess the password Brute Force- try every
possible solution Dictionary- Use
common words
Defense
The only defense is a strong password such as: Dit2kuwt6pp!
Password Guidelines
Minimum length of at least seven characters
Must include both upper and lower case characters
Must include numeric characters
Must include punctuation
Virus
A computer virus is a malicious program that generally copies itself in order to gain access to other locations on local networks.
The best defense is anti-virus software
Trojan Horse
A Trojan Horse is a program in which malicious or harmful code is hidden in seemingly friendly software. This in return gives a hacker access to your machine
Worms
A computer worm is used to: use bandwidth in a network, deliver a payload to destroy a network, or gain access to email and other data for personal gain.
Defenses for Windows
Firewall Anti-Virus software Virtual Private
Networks (VPN) Anti-Spyware
software Strong passwords Informed Users
Credits
All information used in this presentation is provided from the paper “Challenges in Securing Windows” by: Bobby McConnel & Matt MewbornAll outside sources are cited in that paper.