Company

LOGOBobby McConnell Matt Mewborn

Challenges in Securing Windows

WINDOWS SECURITY

Survival Rate of a windows machine is between 30-45 minutes.

On average Linux is more secure.

There is no such thing as a “secure” operating system.

Port Scanning

Hackers Use port scanners to find open ports on systems.

Over 1 Billion port scans are reported every month.

Those 1 billion reports are reported by only a small portion of internet users.

Common Ports Well Known Ports (0 - 1023) Registered Ports (1024 - 49151) Dynamic and/or Private Ports

(49152 - 65535)

IP Spoofing

IP spoofing occurs when an attacker fakes their IP address so the receiver thinks it is sent from a location that it is not actually from.

Five Defenses Key Based

authentication Deny private IP

addresses Filter inbound/outbound

traffic Routers reject packets

outside local network Enable encryption

Source Routing

Source routing is an IP option that directs incoming and outgoing packets.

Results Control of network clients Control of network servers Access to private information Malicious actions possible

Man In The Middle

Attacker finds open connections in your network that causes:

Clients are at risk Privacy is violated Secure material can be

stolen

Defenses Message Encryption Strong encryption

authentication Session checksums and

shared secrets File encryption

DNS Poisoning

Defenses Use updated DNS Separate DNS

Servers Restrict Zone

Transfers Identify transfer

sources Restrict DNS updates Restrict DNS service

DNS Poisoning is the sending of falsified DNS to divert traffic to the attackers address instead of the correct one.

Password Cracking

Ways To Crack Guessing- simply

guess the password Brute Force- try every

possible solution Dictionary- Use

common words

Defense

The only defense is a strong password such as: Dit2kuwt6pp!

Password Guidelines

Minimum length of at least seven characters

Must include both upper and lower case characters

Must include numeric characters

Must include punctuation

Virus

A computer virus is a malicious program that generally copies itself in order to gain access to other locations on local networks.

The best defense is anti-virus software

Trojan Horse

A Trojan Horse is a program in which malicious or harmful code is hidden in seemingly friendly software. This in return gives a hacker access to your machine

Worms

A computer worm is used to: use bandwidth in a network, deliver a payload to destroy a network, or gain access to email and other data for personal gain.

Defenses for Windows

Firewall Anti-Virus software Virtual Private

Networks (VPN) Anti-Spyware

software Strong passwords Informed Users

Credits

All information used in this presentation is provided from the paper “Challenges in Securing Windows” by: Bobby McConnel & Matt MewbornAll outside sources are cited in that paper.