IS493 INFORMATION SECURITY TUTORIAL # 1 (S1-1435-1436) ASHRAF YOUSSEF.

IS493 IN

FORMAT

ION

SECURITY

TUTO

RIAL #

1

(S1-1

435-1436)

ASHRAF YO

USSEF

LAB#: 1

Securing your system

1.1: TENABLE NESSUS Nessus currently works on

Windows, Linux, and Mac.

It is a vulnerability scanner,

It can scan a targeted system or a range of systems

It identifies any vulnerabilities or weaknesses.

CONTI…

Nessus has two parts

Server, which is already set up,

Client which you will be working with.

When you first lunch the Nessus client you need to connect to the server.

CONTI…

Chose Single host, and type in your PC’s IP address.

Nessus will generate a whole report about the scanned system.

1.2: RUN THE MICROSOFT BASELINE SECURITY ANALYZER (MBSA) MBSA currently works with Microsoft Windows OS.

YOU CAN

scan a system and

identify weaknesses and misconfigurations.

CONTI…

To run MBSA, follow these steps:

Log in with administrator privileges

Download the latest version of MBSA from

http://technet.microsoft.com/en-us/security/cc184924.aspx.

CONTI…

Choose the option ‘Scan a computer’.

The default computer to scan will be the one you are sitting at.

You can change this to another on the network by specifying either the computer’s name or IP.

Click Start Scan.

CONTI…

View the report that is given when the scan finishes.

The report will include information on missing security updates,

Service packs for the operating system and

Microsoft applications.

CONTI…

It will also identify any user accounts that have

blank or simple passwords,

firewall status,

the number of local administrators configured,

unnecessary services.

FIGURE 1.1 MBSA

FIGURE 1.2 RESULTS OF MBSA

1.3: CONFIGURE WINDOWS AUTOMATIC UPDATES One of the most important things you can do to keep your

systems secure is to keep them up-to-date.

Start the System applet by choosing Start Control Panel System. *Switch the view to Classic mode

Click the Automatic Updates tab.

Check the Keep My Computer Up To Date option (with some service packs, this becomes simply an Automatic radio button).

LAB#: 2

Identifying running processes, ports, and services

INTRODUCTION

It is important to know what processes are running on a machine at any given time.

In addition to the programs that a user may be using, there are always many others

that are required by the operating system, the network, or other applications.

2.1: IDENTIFY RUNNING PROCESSES ON A WINDOWS-BASED MACHINE All recent versions of Windows include the Task Manager to

allow you to see what is running.

1. Right-click an empty location in the Windows Taskbar.

2. Choose Task Manager from the pop-up menu that appears.

CONTI…

Examine the list and

look for anything out of the ordinary.

After doing this a few times,

you will become familiar with what is normally there and

will be able to spot oddities quickly.

2.2: USING PROCESSES EXPLORER TO IDENTIFY RUNNING PROCESSES, PORTS AND SERVICES Process Explorer is a system monitoring and examination

utility

It can be used as the first step in debugging software or system problems.

To use Process Explorer follow these steps:

Download Process Explorer from Google

Then double click on “procexp” on your desktop

Click Ctrl+L. a lower panel will show up.

FIGURE 2.1 PROCESS EXPLORER.

Click Ctrl+I,

System information window will appear showing statistics and graphs about the system.

Click on any process from the top window (e.g. svchost.exe), and

right click on it and chose ‘properties’.

FIGURE2.2 SYSTEM INFORMATION FROM PROCESS EXPLORER

LAB#: 3

Windows system

LAB#: 3

In this Lab, you will be learning some important security aspects in the Windows system;

This lab will go over users and permissions, sharing and folders permissions.

3.1: ADDING NEW USER IN WINDOWS

You will be creating new user on your windows system, to do so follow these steps:

CONTI…

Choose Start Control Panel.

Double click ‘User Accounts’.

Click the Create a New Account link.

Enter a name for the account.

Select the type of account you want to create for Windows.

Click the Create Account button.

Close the Control Panel.

FIGURE 3.1 ADDING A USER.

3.2: IDENTIFY USER ACCOUNTS WITH ADMINISTRATOR ACCESS IN WINDOWS XP

User management is simplified by adding users to groups.

To see which users are members of the Administrators group, follow these steps:

CONTI…

Choose Start Run Click on Start enter compmgmt.msc, then click on the OK button

Within the left frame, expand Local Users and Groups and then expand Groups, as shown in Figure 3.2.

CONTI…

Double-click Administrators and a list of users appears.

You can use the Add or Remove button to place users in this group or take them from it, respectively.

Exit the Computer Management console.

Exit Control Panel.

FIGURE 3.2 EXPAND THE GROUPS FOLDER TO SEE THE LOCAL GROUPS.

3.3: HIDE AND ACCESS A WINDOWS SHARE

This lab requires two Windows workstations.

A simple method for “protecting” shares is to make them hidden.

To hide a share in Windows, you use the dollar sign character ($) as the last character of its name.

It will then no longer appear in listings and will need to be referred to specifically to be accessed.

CONTI… Follow these steps:

On Computer1, choose to share the C:\WINDOWS directory, and name the share DATA$.

On Computer2, look for the share.

Use My Network Places (or Network Neighborhood on older Windows operating systems) to look for the share.

You should not be able to see the share because the name ends with $.

CONTI…

Right-click My Network Places and choose Map Network Drive.

In the Path box, type \\Computer1\DATA$

Click OK.

You should now be able to access the share.

3.4: SECURING THE WINDOW’S USER’S ACCOUNTS DATABASE The Windows XP accounts database can be secured through

encryption to prevent it from being compromised.

To perform this action, follow these steps:

Choose Start Run.

Type keyword “syskey” and press Enter.

Click Update.

CONTI…

Choose Password Startup.

Enter a password that you want to require during startup.

Enter the same password in the Confirm box.

Click OK.

Note the warning—once encryption is enabled, it cannot be disabled.

FIGURE 3.3 USE ENCRYPTION TO SECURE THE WINDOWS XP ACCOUNT DATABASE.

3.5: CHANGING ACL FOR A FOLDER

Access Control Lists apply only to files stored on an NTFS formatted drive

Each ACL determines which users (or groups of users) can read or edit the file.

When a new file is created it normally inherits ACL's from the folder where it was created.

CONTI…

The easy way in Windows is by right clicking on the folder and changing the privileges, to do so follow these steps:

Double click the folder ‘My Document’, and then create new folder in it.

Right click on the new folder, and chose ‘properties’.

CONTI…

Click on the 3rd tap ‘Security’.

You will see all users, including the user you have created. Click on any user.

User’s permissions are displayed in the bottom window; you can change any permission by clicking on ‘Allow’ or ‘Deny’.

Click on advanced and explore what other options you can perform.

THANKS !

TUTORIAL DELIVERED BY :

Ashraf YoussefIS dept

College of Computer and Information Sciences (CCIS),

King Saud University ,Riyadh ,

Kingdom of Saudi Arabia.Mobile: 0507181787

E-mail : [email protected]