EDUCAUSE 2006: Workshop 09F.


86 views
Uploaded on:
Category: Fashion / Beauty
Description
EDUCAUSE 2006: Course 09F . Powerful Security Hones for Advanced education WINDOWS SECURITY John Bruggeman Chief of Data Frameworks Hebrew Union School – Jewish Foundation of Religion. Windows Security !. Motivation Top Vulnerabilities in Windows Frameworks (Is there anything new?)
Transcripts
Slide 1

EDUCAUSE 2006: Seminar 09F Effective Security Practices for Higher Education WINDOWS SECURITY John Bruggeman Director of Information Systems Hebrew Union College – Jewish Institute of Religion

Slide 2

Windows Security ! Plan Top Vulnerabilities in Windows Systems (Is there anything new?) Frequent Security mix-ups (Avoid being 0wn3d by a b0t) Patching Windows (What happened to cleaning them?) Hardening Windows (Tempered Glass doesn’t number!) Tools and Tips (What do the Pro’s utilization and Hackers use?)

Slide 3

Windows Security !? Top Vulnerabilities in Windows Systems From the SANS site www.sans.org Windows Services Internet Explorer Windows Libraries MS Office and Outlook Express Windows Configuration Weaknesses

Slide 4

Windows Security !? Top Vulnerabilities in Windows Systems From the SANS site www.sans.org Windows Services Critical Vulnerabilities were found in these administrations in 2005 MSDTC and COM+ (MS05-051) Print Spooler (MS05-043) Plug and Play (MS05-047, 039) Server Message Block Service (MS05-027, 011) Exchange SMTP Service (MS05-021) Message Queuing Service (MS05-017) License Logging Service (MS05-010) What to do? Cripple Service if conceivable Scan for Vulnerabilities PATCH

Slide 5

Windows Security !? From the SANS Website www.sans.org 2) Internet Explorer Multiple vulnerabilities were found in 2005 in IE Cummulative Security Patch (MS05-052, 038, 025, 020, 014,) JView Profile Remote Code Execution (MS05-037) Windows Shell Remote Code Execution (MS05-008) How to relieve On XP, introduce SP2 On 2000, NT, keep patches current Use DropMyRights from MS to lower IE benefits Check your Broswer Helper Objects (BHO) for spyware Disable Scripting and ActiveX

Slide 6

Windows Security !? From the SANS Website www.sans.org 3) Windows Libraries DLL’s can have support flood vulnerabilities Vulnerabilties found in 2005 Windows Graphic Rendering Engine (MS05-053) Microsoft Direct Show (MS05-036) HTML Help remote code executive (MS05-026, 001) Web View remote code executive (MS05-024) Windows Shell remote code (MS05-049, 016) PNG Image Processing remote code (MS05-009) Patch your framework and output for vulnerabitlites Use minimum benefits where conceivable Filter IP ports 135-139, 445, Use an IPS and IDS

Slide 7

Windows Security !? From the SANS Website www.sans.org 4) MS Office and Outlook Express Attack vectors are email connections, site reports, and news servers Several basic vulnerabilities in 2005 Cumulative Security for Outlook Express (MS05-030) Microsoft OLE and COM remote (MS05-012) MS Office XP remote code executive (MS05-005) MS Access – no patch yet accessible Check your frameworks with a weakness scanner Mitigate by fixing, cripple IE highlight of opening Office records Configure Outlook with improved security

Slide 8

Windows Security !? From the SANS Website www.sans.org 5) Windows arrangement Weaknesses Weak passwords on records or system offers LAN Manager hashes are frail and ought to be supplanted with more grounded more present hash methods Default design for servers and applications can open machines to secret key speculating. MSDE ships with SA record set with a clear secret word. A few worms exploit this, Voyager, Alpha Force, SQL Spida utilization known frail designs to spread Enforce an in number secret key arrangement Prevent Windows from putting away the LM hash in AD or the SAM Disable NULL shares and confine mysterious access

Slide 9

Windows Security !?% Frequent Mistakes made in Windows Security Deirdre Hurley www.sans.org/reading_room/whitepapers/windows/1016.php Allowing Null Sessions Weak Lockout Policies Weak Account Policies Multiple Trust connections Multiple Domain administrator records Audit logs killed Automatic Updates killed

Slide 10

Windows Security !?% Frequent Mistakes made in Windows Security Allowing Null Sessions What is a Null session? Net utilization \\10.1.1.1\ipc$ “”/user:”” So what? You can download usernames, login data, lockout approach data, and so forth. How would you cripple one? MS Security Policy MMC snap-in Update registry key \\HKLM\System\CurrentControlSet\Control\Lsa\RestrictAnonymous Tools to test www.securityfriday.com/apparatuses/GetAcct.html

Slide 11

Windows Security !?% Frequent Mistakes made in Windows Security Weak Lockout Policies If you don’t have one then animal power assaults can succeed If you do have one it turns out to be more troublesome Suggested levels Enable Account Lockout Threshold at 5 endeavors Enable Account Lockout Duration to 30 minutes Disable Reset Account Lockout Threshold after Also, empower Administrator account lockout Get the ADSI Edit Snap-in from Windows 2000 bolster devices http://support.microsoft.com/kb/885119/en-us

Slide 12

Windows Security !?% Frequent Mistakes made in Windows Security Weak Account Policies Be mindful, neighborhood account strategies on 2000 over ride space account arrangements Some administrators make nearby clients to match area clients Forget to set the neighborhood Administrator secret word, here and there abandoning it clear General standards for records and passwords Maximum watchword age 90 days Minimum secret key age 5 days Minimum secret key length of no less than 7 characters, 14 for Administrators Password Uniqueness – recall 13 passwords

Slide 13

Windows Security !?% Frequent Mistakes made in Windows Security Multiple Trust connections Limit the quantity of trusts in your area Fewer crevices, less that must be protected Windows 2000 Tool to figure out what believes you have NT Resource Kit - NLTEST

Slide 14

Windows Security !?% Frequent Mistakes made in Windows Security Multiple Domain administrator records Avoid the slip-up of having three or four (or more) Domain records, or having space benefits with “normal” clients Use the act of slightest benefits for all records Change default passwords for commonplace records Backup programming ArcServe, Tivoli, BackupExec Test records Test, sham, Lab accounts Administrator accounts

Slide 15

Windows Security !?% Frequent Mistakes made in Windows Security Audit logs killed By default review logs are killed Hackers have devices like DUMPACL and DumpSec to see whether inspecting is turned on or off Recommend settings for Auditing Account logon occasions (Success and Failures) Logon Events Account Management Policy Changes System Events Object Access (Success and Failures) Files, organizers, and registry keys should then be set

Slide 16

Windows Security !?% Frequent Mistakes made in Windows Security Updates killed SANS, Gartner Group, others report that 80-90% of assaults are from known vulnerabilities. SQL Slammer, W32.Slammer in 2005 assaulted a known powerlessness that had a patch accessible 6 months before it hit. Need to fix frameworks and keep them current Does oblige a patch administration methodology Will oblige time Payoff is less downtime

Slide 17

Windows Security !?%# Patching Windows Rod Gode, UC Davis IT Security Symposium 2005 What to Patch and How to Patch Options Commercial Microsoft Provided Deployment and Testing Get some test machines Verification MBSA

Slide 18

Windows Security !?%# Patching Windows What to Patch OS Applications BIOS Firmware Types of Patches from MS Hotfix, Update, Critical Update, Security Patch, Update Roll-up, Service Pack

Slide 19

Windows Security !?%# How to Patch Develop a Plan Hardware and Software Inventory Patch administration Policy & Process Include a warning procedure Track & check patch level Download and test patches preceding sending Deploy patches Audit workstations for consistence

Slide 20

Windows Security !?%# How to Patch Tools from Microsoft (MS) Analysis device from MS, Microsoft Baseline Security Analyzer (MBSA) Online overhaul administrations – Microsoft Update, Windows Update, or Download Center Push/Management apparatuses WSUS server, SMS server, Group Policies

Slide 21

Windows Security !?%# How to Patch Tools from Microsoft Update is unique in relation to Windows Update MU upgrades all MS items not simply windows Office redesigns, Server item fixes WSUS is overhauled SUS server New form turning out, WSUS 3.0 in Beta now www.microsoft.com/wsus Target customer introduces, particular customer fixing, uninstall alternatives

Slide 22

Windows Security !?%# How to Patch Commercial Tools Altiris Patch Management www.altiris.com BigFix Patch Manager www.bigfix.com Ecora Patch Manager www.ecora.com LanDesk Patch Management www.landesk.com

Slide 23

Windows Security !?%# Deployment Options WSUS and SMS Group Policy choices (2000 & XP just) Create an Install Package (MSI document) containing the patch, see KB article 257718 on the best way to do this Store the MSI record on a system offer Assign the patch to bunches by means of a gathering arrangement Chose the appointed distributed technique Patch will be introduced on relegated PCs utilizing the Windows introduced project Slipstream Create a picture w/administration packs and patches

Slide 24

Windows Security !?%# Testing and Verification Patch frameworks are not flawless, you have to test after patches have been connected Tools Microsoft Baseline Security Analyzer 2.0 Used for Windows 2000 + SP3 and later Office XP and later Exchange 2000 and later Microsoft Baseline Security Analyzer 1.2.1 Office 200 Exchange 5.0 and 5.5

Slide 25

Windows Security !?%# Testing and Verification Commercial Tools BindView - www.bindview.com Computer Associates - www.ca.com Network Associates – www.nai.com Symantec – www.symantec.com Trend Micro – www.trendmicro.com Foundstone – www.foundstone.com

Slide 26

Windows Security !! Solidifying Windows Advanced Information Assurance Handbook, CERT Hardening strategies Limit administrations Limit applications Limit conventions Intrusion Protection procedures Software alternatives to screen document changes Host based firewalls Tools from Microsoft .:tslides

Recommended
View more...