Course ILT Security Unit objectives Configure operating system and file system security Install a...
-
Upload
emmeline-amanda-chandler -
Category
Documents
-
view
218 -
download
1
Transcript of Course ILT Security Unit objectives Configure operating system and file system security Install a...
Cou
rse
ILT
Security
Unit objectives Configure operating system and file
system security Install a fingerprint scanner and card
reader Manage the human aspects of security
Cou
rse
ILT
Topic A
Topic A: Operating system security Topic B: Security hardware Topic C: The human aspects of
security
Cou
rse
ILT
User accounts
Object that represents a user of the computer– Name, password, group membership
User Administrator Guest
Cou
rse
ILT
Groups
Management tool for applying security settings to multiple users
Users Administrators Power Users
Cou
rse
ILT
Active Directory
Management framework Centralized database of security data Domains Forests Organizational units
Cou
rse
ILT
Activity A-1
Securing access to the operating system
Cou
rse
ILT
File system security
Logical organization scheme for files Windows supports:
– File Allocation Table (FAT)– FAT32– NTFS
Only NTFS supports security
Cou
rse
ILT
NTFS advantages
Larger disks Security Compression and encryption Disk quotas Recovery logging
Cou
rse
ILT
Activity A-2
Choosing the correct file systemfor security
Cou
rse
ILT
NTFS security
Security tab in Properties dialog box Permissions are cumulative Explicit permissions override inherited
permissions Permissions are inherited unless
blocked Set permissions on folders and files
Cou
rse
ILT
NTFS permissions
Full control Modify Read and Execute List Folder Contents Read Write Special Permissions
Cou
rse
ILT
Enabling the Security tab
1. Open Windows Explorer
2. Choose Tools, Folder Options
3. Activate the View tab
4. Clear the checkbox beside Use simple file sharing
5. Click OK
Cou
rse
ILT
Activity A-3
Configuring file access restrictions
Cou
rse
ILT
Encryption
Scrambling of data Public key cryptography
– Pairs of keys– Whichever encrypts, the pair decrypts
Encrypting file system (EFS)
Cou
rse
ILT
Activity A-4
Encrypting files
Cou
rse
ILT
Authentication mechanisms
Biometric devices Smart cards Fobs Digital certificates
Cou
rse
ILT
Authentication
Identity validated Workgroup vs. domain Local computer vs. domain Network authentication
Cou
rse
ILT
Protocols
Kerberos v5– Supported by: Windows 2000, Windows
XP, and Windows Server 2003
NTLM– Supported by Windows NT, Windows 9x
Cou
rse
ILT
Activity A-5
Understanding authentication technologies
Cou
rse
ILT
Security policies
Password Policy Account Lockout Policy Audit Policy User Rights Assignments Security Options Encrypting File System Software Restriction Policies IP Security Policies
Cou
rse
ILT
Activity A-6
Using local security policies to setpassword restrictions
Cou
rse
ILT
Topic B
Topic A: Operating system security Topic B: Security hardware Topic C: The human aspects of
security
Cou
rse
ILT
A fingerprint scanner
Cou
rse
ILT
Activity B-1
Installing a fingerprint reader
Cou
rse
ILT
Smart card and reader
Cou
rse
ILT
Installing IdentiPHI Basic
1. Install the card reader and its drivers
2. Install the IdentiPHI Basic software
3. Configure IdentiPHI Basic to accept smart cards
4. Enroll a smart card and set a secure PIN for that card
Cou
rse
ILT
Activity B-2
Installing a card reader
Cou
rse
ILT
Activity B-3
Installing the IdentiPHI Basic software
Cou
rse
ILT
Activity B-4
Configuring IdentiPHI Basic to accept smart cards
Cou
rse
ILT
Activity B-5
Enrolling a smart card with IdentiPHI
Cou
rse
ILT
Activity B-6
Using a smart card
Cou
rse
ILT
Activity B-7
Uninstalling the smart card readerand software
Cou
rse
ILT
Fobs
Keychain sized devices Creates a rolling code Might need username and password,
in addition to fob number Rolling code not random
Cou
rse
ILT
Topic C
Topic A: Operating system security Topic B: Security hardware Topic C: The human aspects of
security
Cou
rse
ILT
Alleviate security weaknesses
Restrict physical access to sensitive systems and data
Create an automated backup schedule Manage data destruction Create a corporate security policy Manage social engineering attacks
Cou
rse
ILT
Physical access restrictions
Lock server rooms Lock PC cases and peripherals Use cameras or motion-sensor alarms Station guards in ultra-sensitive areas
Cou
rse
ILT
Activity C-1
Implementing physical access restrictions
Cou
rse
ILT
Backup
Use to create copies of your files Recover files after system failure Back up any critical data before you
begin troubleshooting Windows Backup is a GUI utility
– Archive selected files and folders– Restore archived files and folders – Make copy of computer’s system state– Copy your computer’s system partition,
boot partition, and files needed to start up the system
Cou
rse
ILT
Backup utility in Windows XP
Cou
rse
ILT
Backup modes
Wizard mode — walk you step-by-step through the process
Advanced mode — provides complete control over file and folder selection
Cou
rse
ILT
Backup utility in Advanced Mode
Cou
rse
ILT
Backup types
Copy Daily Differential Incremental Normal
Cou
rse
ILT
Activity C-2
Backing up files using Wizard mode
Cou
rse
ILT
Activity C-3
Restoring information from a backup
Cou
rse
ILT
Scheduling backups
Daily Weekly Monthly At predefined times On predefined days
continued
Cou
rse
ILT
Scheduling backups, continued
Cou
rse
ILT
Activity C-4
Scheduling a backup
Cou
rse
ILT
Data destruction and migration
Destruction utilities Removable media and drives Paper records Data migration
Cou
rse
ILT
Activity C-5
Examining data destruction techniques
Cou
rse
ILT
Corporate security policies
Contract between company and employees
Heightens awareness Demonstrates commitment Spells out permitted and prohibited
uses of company resources, plus repercussions
Intrusion handling plans Regularly review and update
Cou
rse
ILT
Activity C-6
Considering corporate security policies
Cou
rse
ILT
Social engineering attacks
Social engineering includes:– Tricking users into divulging sensitive
information– Phishing– Dumpster diving– Shoulder surfing– Trojan horse attachments– Sneaking into secure areas through
deception
Training and awareness are best defenses
Cou
rse
ILT
Malicious software
Virus Worm Trojan horse Spam Spyware Adware Grayware
Cou
rse
ILT
Prevention
Training Corporate security policy Antivirus software
Cou
rse
ILT
Activity C-7
Managing social engineering attacks
Cou
rse
ILT
Network security
Firewalls Password management Account management Incidence reporting
Cou
rse
ILT
Activity C-8
Examining network security
Cou
rse
ILT
Unit summary
Configured operating system and file system security
Installed a fingerprint scanner and card reader
Managed the human aspects of security