Windows XP Security II - PowerPoint PPT Presentation

1 / 96
About This Presentation
Title:

Windows XP Security II

Description:

SUSAdmin can only be installed on Windows 2000 or 2003 Server ... With Windows XP, Microsoft introduced a new feature called 'Simple File Sharing' ... – PowerPoint PPT presentation

Number of Views:169
Avg rating:3.0/5.0
Slides: 97
Provided by: lauries8
Category:

less

Transcript and Presenter's Notes

Title: Windows XP Security II


1
Windows XP Security II
  • Laurie Walters
  • lwalters_at_psu.edu

2
XP Security II Seminar Objectives
  • System Security II
  • Software Update Services (SUS) Patching
  • Automatic Updates on Standalone Machines
  • Installing SUSAdmin
  • Configuring SUSAdmin
  • Approving Updates
  • Installing SUSClient
  • Configuring SUSClient to update from server via
    AD OU Group Policy
  • Simple File Sharing
  • Simple File Sharing Overview
  • Setting Up SFS Shares
  • SFS Is Not Secure
  • Disabling SFS

3
XP Security II Seminar Objectives
  • System Security II (Continued)
  • NTFS Permissions
  • Definitions
  • Changing Default Permissions
  • NTFS Rules Additive Permissions and Deny
    Permissions
  • Removing Access to Common Executables
  • Windows Security Templates Policies
  • Creating a New Security Template
  • Defining Your Security Settings
  • Using the Security Configuration and Analysis
    Tool
  • Applying Security Templates
  • Security Policies

4
XP Security II Seminar Objectives
  • Network Security
  • IPSEC filtering
  • IP Security Overview
  • Starting IPSec Service
  • Installing an IPSec Policy
  • Creating a Custom IPSec Policy
  • Application Security
  • Services to Shut Off
  • Disabling Un-necessary Services
  • Use Secure Services
  • Specific XP Services to Disable

5
XP Security II Seminar Objectives
  • Application Security
  • Remote Desktop / Remote Assistance
  • Remote Assistance Overview
  • Disabling Remote Assistance
  • Setting Up Remote Desktop
  • Changing Default Remote Desktop Port
  • Disabling Remote Desktop
  • Using HFNetChk and Baseline Security Analyzer
  • HFNetChk Overview
  • Microsoft Baseline Security Analyzer Overview
  • Reading Logs
  • System LogFile Locations
  • IIS LogFile Locations
  • Conclusion

6
XP Security II Seminar Objectives
  • System Security II
  • Software Update Services (SUS) Patching
  • Simple File Sharing
  • NTFS Permissions
  • Windows Security Templates Policies
  • IPSEC filtering
  • Application Security
  • Services to Shut Off
  • Remote Desktop / Remote Assistance
  • Using HFNetChk and Baseline Security Analyzer
  • Reading Logs

7
Windows XP Security II
  • System Security II
  • Software Update Services (SUS) Patching
  • Automatic Updates on Standalone workstations
  • Installing SUSAdmin
  • Configuring SUSAdmin
  • Synchronizing SUS
  • Approving Updates
  • Installing SUSClient
  • Configuring SUSClient to update from server via
    AD OU Group Policy
  • Simple File Sharing
  • NTFS Permissions
  • Windows Security Policies
  • Network Security
  • Application Security

8
Automatic Updates on Standalone Workstations
9
Installing SUSAdmin
  • SUS has two portions
  • Server (SUSAdmin)
  • Client (Automatic Updates Client)
  • SUSAdmin can only be installed on Windows 2000 or
    2003 Server
  • It is recommended that SUSAdmin be installed on
    Standalone Server (Not domain controller or
    application server)
  • Install Server Software from http//download.mic
    rosoft.com/download/0/b/9/0b97f864-2408-4748-ad96-
    3691e2451006/SUS10SP1.exe
  • Read SUS Deployment Whitepaper
    http//www.microsoft.com/windowsserversystem/sus/s
    usdeployment.mspx

10
(No Transcript)
11
Configuring SUSAdmin
  • On SUSAdmin Server, open following URL
  • http//localhost/SUSAdmin
  • Welcome screen will appear. Click on Set
    Options in left frame.
  • Choose whether to maintain the updates on a MS
    Windows Update Server or save the updates to a
    local folder.
  • If updates saved to local folder, choose
    Locales (Languages) for install packages. Only
    use minimum necessary languages to reduce
    download time of updates
  • It is recommended that you use SSL for SUS.
    Instructions on enabling SSL for SUS can be found
    in the MS SUS Whitepaper on page 25.

12
Synchronizing SUS
  • Click on Synchronize Server on left frame.
  • On right side of page, click on Synchronization
    Schedule
  • Choose when synchronization should occur (weekly,
    daily, etc).
  • Recommended setting daily
  • Click on Synchronize now
  • Catalog Download Progress will appear. It will
    appear to hang on 100 with a cancel button
    below. Do not cancel!
  • Next, it will start downloading the actual updates

13
Approving Updates
  • Click on Approve Updates in left hand pane.
  • All available updates that have been downloaded
    will be listed with one of the following status
  • New (recently downloaded and not approved)
  • Approved (approved and available for download by
    client computers)
  • Not Approved (Declined by SUS administrator and
    will not be made available for client computers)
  • Updated (A change has been made to an update)
  • Temporarily Unavailable (Update package or a
    dependency is not available)
  • Check the box next to the updates you have
    previously examined in a test environment and
    want to approve for distribution to your client
    computers.

14
Installing SUSClient
  • Client can be downloaded from http//www.microsof
    t.com/windows2000/downloads/recommended/susclient/
    default.asp
  • Client can be installed on
  • Windows 2000 Professional with Service Pack (SP)
    2 (already included with W2K SP3)
  • Windows 2000 Server with SP2
  • Windows 2000 Advanced Server with SP2
  • Windows XP Professional (already included with XP
    SP1)
  • Windows XP Home Edition

15
Configuring SUSClient to update via AD OU Group
Policy
  • Type dsa.msc on an Active Directory Domain
    Controller.
  • Right click the OU or domain where you want to
    create the policy
  • Choose properties
  • Click the Group Policy tab and click new
  • Type a name for the policy and click edit.
  • Double click either Computer or User
    Configuration (Settings) and right-click on
    Administrative Templates
  • Choose Add/Remove Templates, and then click Add
  • If you dont already see wuau in the list of
    current policy templates, click the add button at
    the bottom of the screen.
  • Navigate to \Systemroot\Windir\inf\WUAU.adm
  • Click Open

16
(No Transcript)
17
Configuring SUSClient to update via AD OU Group
Policy (Cont.)
  • In Group Policy Editor, Click on Computer
    Configuration in left hand pane.
  • Click next to Administrative Templates to
    expand it.
  • Click Next to Windows Components
  • Click on Windows Update
  • Configure options in right hand pane
  • Configure Automatic Updates
  • Specify intranet Microsoft update service
    location
  • Reschedule Automatic Updates scheduled
    installations
  • No auto-restart for scheduled Automatic Updates
    installations
  • SUS can be set up via Registry entries if you
    arent using Active Directory. Please see page
    61 of the SUS Whitepaper for installation
    instructions.

18
Windows XP Security II
  • System Security II
  • Software Update Services (SUS) Patching
  • Simple File Sharing
  • Simple File Sharing Overview
  • Setting Up SFS Shares
  • SFS Is Not Secure
  • Disabling SFS
  • NTFS Permissions
  • Windows Security Templates and Policies
  • Network Security
  • Application Security

19
XP Simple File Sharing
  • With Windows XP, Microsoft introduced a new
    feature called Simple File Sharing
  • By default with Simple File Sharing, no files or
    folders on the hard drive are shared with other
    network users.
  • Simple File Sharing enabled by default in
  • XP Home This feature cannot be disabled in XP
    Home Edition.
  • XP Pro Only enabled in workstation / standalone
    mode. It may be disabled in this mode. When an
    XP Pro machine is joined to a domain, this
    feature is automatically disabled, and uses
    standard NTFS permissions instead.

20
Setting Up Shares Using Simple File Sharing
  • To share a folder with simple file sharing
    enabled, right click on folder and choose
    properties and select the sharing tab.
  • To share files/folders with other users on the
    same machine, drag the desired items to the
    Shared Documents folder
  • To share file(s) or folder(s) with other network
    users, (use the network setup wizard) and then
    give share a name. There is a check box to
    Allow network users to change my files This
    is not recommended!!!

21
XP Simple File Sharing Is Not Very Secure!
  • Simple File Sharing does not use passwords or
    access restrictions.
  • Everything that is shared is accessible by
    everyone on the network.
  • If Allow network users to change my files is
    checked, others have write privileges to the
    folder without any access controls.
  • This is a good way for viruses to spread!
  • If any folders or files are shared, it is
    recommended that you do not use simple file
    sharing.

22
Simple File Sharing Enabled
23
Disabling XP Simple File Sharing
  • To disable simple file sharing, open up Windows
    Explorer or My Computer folder. Under the Tools
    Menu, Select Folder Options. Choose the View
    Tab. Scroll down to Use Simple File Sharing
    and uncheck the box.

24
Disabling Simple File Sharing
25
Simple File Sharing Disabled
26
Security (NTFS Permissions) Tab Appears After
Disabling SFS
27
Windows XP Security II
  • System Security II
  • Software Update Services (SUS) Patching
  • Simple File Sharing
  • NTFS Permissions
  • Definitions
  • Changing Default Permissions
  • NTFS Rules Additive Permissions and Deny
    Permissions
  • Removing Access to common executables
  • Windows Security Templates Policies
  • Network Security
  • Application Security

28
NT File ACLs (Permissions) For Shared Files
  • NTFS uses DACLs (Discretionary Access Control
    Lists) to determine authorization
  • An individual object in an Access Control Lists
    us known as an Access Control Entry (ACE).
  • Generically, a collection of ACLs can be
    referred to as permissions
  • Microsoft default for permissions has been
    Usability over security
  • For security purposes it is prudent to restrict
    access to everyone and anonymous users where
    possible.

29
Changing Default NTFS Permissions
  • After applying service pack, replace Everyone
    with Full Control to Administrators on pertinent
    files/folders
  • Folders created by OS generally have correct
    permissions. Any folders created by you will
    inherit root folder permissions by default which
    is Everyone has Full Control
  • Note Always add administrator(s) with full
    control before taking away full control for
    everyone.
  • Add Authenticated Users give them desirable
    permissions
  • E.g. RWXD or RX

30
NTFS ACL Rule 1 ACL Permissions Are Additive
  • Example Your account is a member of two groups
    Backup Operators and Users.
  • The Users group is not listed in the group of
    people allowed access to the folder. However,
    the Backup Operators group has permissions listed
    as RWXD.
  • Result You have RWXD permissions for this
    folder.

31
NTFS ACL Rule 2 Deny Explicitly Overwrites Any
Allow Permissions
  • Example Your account is again a member of two
    groups Backup Operators and Users
  • The Users group has an explicit deny flag set for
    the folder. The Backup Operators Group is set to
    RWXD.
  • Result You will not be able to access this
    folder!

32
Remove Access to Known Command Line Executables
From Everyone
  • Grant ACLs for authenticated users only for the
    following C\Winnt\System32 executables
  • Cmd.exe
  • Command.com
  • Ftp.exe
  • Regedit.exe
  • Regedt32.exe
  • Telnet.exe
  • Tftp.exe

33
Windows XP Security II
  • System Security II
  • Simple File Sharing
  • NTFS Permissions
  • Windows Security Templates Policies
  • Security Policies Overview
  • Account / Password Policies
  • Auditing Policies
  • User Rights Assignment
  • Security Policies
  • Network Security
  • Application Security

34
Security Policies
  • Control Panel ? Classic View ? Administrative
    Tools ? Local Security Policy
  • Policies Include
  • Account Policies, Local Policies, Security
    Options, Public Key Policies, Software
    Restriction, IPSEC

35
Security Templates
  • Template A predefined stencil of computer
    settings which can be quickly and/or
    automatically applied.
  • Microsoft has predefined some computer security
    templates
  • Designed to lock down settings and make the
    computers more secure.
  • They are located at SystemRoot\Security\Templat
    es and are kept as .ini files.
  • You can directly edit the .ini files in notepad
    if you wish
  • You can use the MS templates, but it is suggested
    that you create a new template and define the
    security settings
  • Then use the Security Configuration and Analysis
    tool to compare your settings to MS recommended
    settings.

36
Creating a New Security Template
  • Go to the Start Menu and choose Run. Type mmc
    in the box and press enter.
  • Under the file menu, select Add/Remove Snap-in
    and select the add button when it appears
  • Click the Security Templates from the Add
    Standalone Snap-in Window
  • Click ok and the close button
  • The Security Templates button will now appear in
    the left pane of the MMC console window.
  • Right click on the location of the templates and
    select New Template Next, type in the name of
    your template and a description.

37
Creating a New Security Template
38
Defining your Security Settings
  • Click on the Sign next to the name of your
    newly created security template and navigate
    through the entries.
  • Change the security settings you see fit.
  • Once you have done so, right click on the name of
    your security template and choose Save As to
    save your settings to a file.
  • Extensive information about security settings
    will be discussed in following section of seminar.

39
Opening the Security Configuration and Analysis
Tool
  • Open the MMC and add the Security Configuration
    and Analysis Snap-In exactly as you added the
    Security Templates Snap-In.
  • Right Click on the Security Configuration and
    Analysis in the left pane. Choose Open
    Database and type in a filename for a new
    database you will be creating to compare your
    security settings in.
  • Next, you will see an import template dialog
    box. Choose the name of the template you want to
    compare your settings to (e.g. HISECWS). Click
    on Open.

40
Using the Security Configuration and Analysis Tool
  • Right-click on the tool and choose Analyze
    Computer Now It will put a check mark next to
    any of your settings that it deems sufficiently
    match the MS predefined template and an X next to
    those that do not.
  • To apply all settings from a MS template to your
    computer, right-click on the Tool and Click
    Configure Computer Now. Warning, this applies
    MS settings over yours, which is Non-reversible!
    Use Caution!

41
Applying Security Templates
  • Security templates should be applied both for
    domain settings and local settings (in case the
    domain is not available).
  • You can apply the templates manually to the local
    system or though the secedit command (you can
    use a batch file at logon to automatically apply
    the desired template).
  • You can also apply domain security settings for
    domain to automatically be applied to all
    computers the domain.

42
Importing a template into Active Directory
  • You can set templates for Organizational Units in
    the following manner on an AD Domain Controller
  • Open Administrative Tools in the Control Panel
    and select Active Directory Users and Computers
  • Right-click on the Organizational Unit that
    requires the security policy. Select properties
  • Click on the Group Policy Tab. Select New and
    type in the name of the new policy you will be
    adding
  • Click on the Edit button and the Group Policy
    Object Editor will appear
  • Click the next to Computer Configuration.
    Then, Click the to expand the Windows Settings
  • Right click on Security Settings and choose
    Import Policy
  • Select the template that you wish to be applied
    to the OU and click on Open to import the policy.

43
Local Security Settings
44
Account / Password Policies
  • Password History (X passwords remembered)
  • Default 0, Recommended 5
  • Maximum Password Age (X days)
  • Default 42 days, Recommended ?
  • Minimum Password Age
  • Default 0 days, Recommended ?
  • Password Length
  • Default 0, Recommended 7

45
Password Policies (cont.)
  • Password Must Meet Complexity Requirements
  • ¾ of the following lower case, upper case,
    numbers, symbols AND passwords cannot contain
    user name or any part of full name.
  • Default Disabled, Recommended Enabled
  • Store passwords using reversible encryption for
    all users in the domain
  • Default Disabled

46
Account Lockout Policy
  • Account Lockout Duration
  • Recommended 15 minutes or longer
  • Account Lockout Threshold
  • Recommended 5 attempts or lower
  • Reset Account After
  • Recommended 15 minutes or longer

47
Auditing Policies
  • By default, nothing is audited in XP!
  • Audit Account Logon Events Records response of
    a domain controller to authenticate a network
    user.
  • Recommended Success / Failure
  • Audit Account Management Audits account changes
    such as renaming, enabling/disabling, password
    changes, creation, deletion, etc.
  • Recommended Success / Failure

48
Auditing Policies (Cont.)
  • Audit directory service access logs events of
    standard active directory objects
  • Recommended Failure
  • Audit Logon Events Records user authentication
    for local machine or domain controllers
  • Recommended Success / Failure
  • Audit Object Access Allows setting of auditing
    on files or directories (you must set each
    directory/file separately).
  • Recommended Varies

49
Auditing Policies (Cont.)
  • Audit Policy Change Audits additions,
    deletions, and changes made to local and domain
    security policies
  • Recommended Success / Failure
  • Audit Privilege Use Audits special privileges
    assigned to a user, privileged services that are
    called, and privileged object operation
  • Recommended Failure (Auditing success will fill
    up logs very quickly!)

50
Auditing Policies (Cont.)
  • Audit Process Tracking Audits processes
    (creation, exits, and resources)
  • Recommended Failure or None
  • Audit System Events Audits events going on
    within the physical system that can affect
    security or logging (shutdowns, reboots, clearing
    of logs)
  • Recommended Failure (can fill up logs VERY
    quickly)

51
Auditing Recap
  • Audit success, failure of
  • Logon events
  • Account management
  • Policy change
  • Object Access
  • Audit failure of
  • Privilege use
  • Process tracking
  • System events

52
User Rights Assignment
  • Access this computer from the network
  • Default includes everyone in Windows NT
  • You can remove Everyone and add desired users
  • Other User Rights Assignment options include who
    is allowed to
  • Back up files,
  • Increase quotas,
  • Log on locally,
  • Shut down the system,
  • Take ownership of files of other users

53
User Rights Assignment (Cont.)
  • Bypass Traverse Checking Allows access to files
    and folders regardless of users permission to
    parent folder for users included in list.
  • This setting basically nullifies Inherit parent
    permissions
  • E.g. if you remove Everyone, then anyone not in
    one of the listed groups will access files based
    on parent inheritance, not individual file
    permissions.

54
Security Options Accounts
  • Only those that should be changed are listed
    here.
  • Guest Account Status
  • Should be set to disabled. If it is not, please
    change this policy status to disabled
  • Administrator Account Status
  • May be disabled
  • Rename Guest Account
  • Recommended!
  • Rename Administrator Account
  • Recommended!
  • Limit Local use of blank passwords to console
    logon
  • Do not change this to disabled!!!

55
Security Options Devices
  • Restrict access of CD Rom and Floppy to locally
    logged on User Recommended especially if running
    Remote Desktop or IIS is installed (e.g. A
    windows setup disk is left in the cd drive).

56
Security Options Interactive Logon
  • Do Not Display Last User Name in Logon Screen
    Change to enabled (Users must know username and
    pw).
  • Message text/title for users attempting to log on

57
Security Options Network Access
  • Do not allow anonymous enumeration of SAM
    Accounts, Do not allow anonymous enumeration of
    SAM account and Shares Should be set to enabled
  • If not enabled, local/domain accounts can be
    enumerated via the NetBIOS protocol
  • Scripts / Lophtcrack can then be used to
    determine passwords associated with userid
  • Let Everyone permissions apply to anonymous user
    should be disabled
  • Remotely accessible registry paths if possible,
    remove ALL paths.

58
Security Options Network Security
  • Force logoff when logon hours expire should be
    enabled.

59
Security Options Shutdown
  • Allow system to be shut down without users having
    to log on disable this option.
  • Clear Virtual Memory Pagefile when Shutting Down
    Enable this option

60
Windows XP Security II
  • System Security II
  • Network Security
  • IPSEC filtering
  • IP Security Overview
  • Starting IPSec service
  • Installing IPSec Policy
  • Creating a Custom IPSec Policy
  • Application Security

61
IP Security Filtering
  • IP filtering using IPSEC allows the computer
    administrator to create a list of connections
    allowed or disallowed based on a number of rules
    such as port number, source, or destination.
  • For example, you can block all NetBios traffic
    external to PSU but allow connections from the
    Penn State address space.

62
Starting the IPSEC Service
  • In the Control Panel, open Administrative Tools
    and then Services. Make sure that IPSEC Policy
    Agent is Started and Set to Automatic.

63
Installing IPSEC Policy
  • Next, open the Control Panel ? Administrative
    Tools ? Local Security Policy. Right click on
    IP Security Policies on local machine. From
    the menu that appears, choose All Tasks.
    Select Import Policies and browse to the
    location of the IPSEC policy.
  • The policy should now appear in the list on the
    right hand side. Right click the new policy and
    select Assign.

64
Installing An IPSec Policy
65
Creating a Custom IPSEC Policy
  • Open up the XP Help and Support button and click
    on Add or edit IPSec filters
  • This help guide will walk you step by step
    through configuring custom IPSEC filters.

66
Common Breaches of System Security
  • Most breaches are a result of this aspect!
  • Open Network Shares
  • Incorrect ACLS
  • No Auditing / Logging
  • Weak Passwords (Lophtcrack)
  • Policies not set correctly

67
XP Security II Seminar Objectives
  • System Security II
  • Simple File Sharing
  • NTFS Permissions
  • Windows Security Policies
  • Network Security
  • IPSEC filtering
  • Application Security
  • Services to Shut Off
  • Remote Desktop / Remote Assistance
  • Using HFNetChk and Baseline Security Analyzer
  • Reading Logs

68
Windows XP Security II
  • System Security II
  • Network Security
  • Application Security
  • Services to Shut Off
  • Disabling un-necessary services
  • Use Secure Services
  • Specific XP Services to disable
  • Remote Desktop / Remote Assistance
  • Using HFNetChk and Baseline Security Analyzer
  • Reading Logs

69
Application Security
  • Check for patches for all software (Application
    patches should be applied before system is placed
    on network)
  • Adding remote access software increases risk of
    breaches
  • Backdoors
  • Warez servers
  • SMTP servers
  • Admin tools for dDos attacks
  • Scanners/automated scripts disguised as innocent
    files
  • OS files removed

70
Services
  • Disable any that you are not using
  • SMTP
  • RAS (including VNC, Timbuktu, Terminal Services)
  • HTTPD (IIS) Caution - May be installed with
    Network Monitoring Tools in 2000/XP
  • FTP/tFTP
  • Telnetd
  • Service Distribution Do NOT install all services
    on one machine!
  • Do Not install on PDC/ BDC

71
Use Secure Services
  • Plugins for Email (Kerberos, PGP)
  • SSh vs. Telnet
  • HTTPS vs. HTTP
  • Scp vs. FTP
  • Use Secure services wherever possible.

72
XP Services
  • Accessed from Control Panels ? Classic View ?
    Administrative Tools ? Services
  • If not needed, stop and set to manual
  • Remote Registry
  • Remote Desktop
  • Remote Access Auto Connection Manager
  • NetMeeting Remote Desktop Sharing
  • SSDP (Universal Plug and Play)
  • TCP Port 5000
  • UDP Port 1900

73
Windows XP Security II
  • System Security II
  • Network Security
  • Application Security
  • Services to Shut Off
  • Remote Desktop / Remote Assistance
  • Remote Assistance Overview
  • Disabling Remote Assistance
  • Remote Desktop Overview
  • Setting Up Remote Desktop
  • Changing Default Remote Desktop Port
  • Disabling Remote Desktop
  • Using HFNetChk and Baseline Security Analyzer
  • Reading Logs

74
Remote Assistance
  • Designed to allow others to take control of your
    computer to assist in troubleshooting and even
    fix problems.
  • Turn this off until it is needed!
  • Control Panel ? Classic View ? System ? Remote
    tab ? Settings button
  • Administrators group can connect to the computer
    by default.

75
Disabling Remote Assistance
  • To disable uncheck one of the following
  • Allow Remote Assistance invitations to be sent
    from this computer
  • Under Advanced button, Allow this computer to be
    controlled remotely

76
Remote Desktop
  • Other computers can access your windows session
    by remotely logging in to your computer with a
    valid username and password
  • This feature is based on Terminal Services
    session data is sent encrypted.
  • (E.g. you can leave your machine logged in at
    work and then log on to Remote Desktop at home to
    control your computer).
  • Logging on remotely locks screen locally

77
Setting Up Remote Desktop
  • On host computer, navigate to the Control Panel
    and choose the System icon. Click on the Remote
    tab.
  • Check the box for Allow Users to connect remotely
    to this computer.
  • Click on the settings button to change which
    users have remote access.

78
Setting Up Remote Desktop
  • To open Remote Desktop Client
  • On connecting computer if XP, navigate to the
    Start Menu ? Accessories ? Communications ?
    Remote Desktop Connection
  • On a non-XP Windows machine, insert the XP CD
    into the CD Rom drive. When the Welcome page
    appears, click Perform additional tasks, and then
    choose Set up Remote Desktop Connection
  • You will need to enter the IP address of machine
    you are connecting to, and your username and
    password on that machine.

79
Remote Desktop Connection
  • Click the options button to expand so additional
    options (username and password, domain, display
    options, etc are shown).

80
Changing Remote Desktop Port
  • By default, Remote Desktop (and Terminal
    Services) runs on port 3389.
  • You can add security by obscurity by changing
    the default port.
  • You need to
  • Make a simple registry change on the host
    computer (see)
  • http//support.microsoft.com/default.aspx?scidkb
    EN-US306759
  • Add portnumber after IP address on connector for
    client.

81
Entering Remote Desktop Port in Client
  • In example, 10.0.0.1 is theoretical IP Address
    and 8337 is port that Remote Desktop was changed
    to.

82
Disabling Remote Desktop
  • If not needed, do not run this feature.
  • Control Panel ? Classic View ? System ? Remote
    tab ? Settings button
  • Uncheck Allow others to connect remotely to this
    computer
  • All Remote Access Services should log all traffic

83
Windows XP Security II
  • System Security II
  • Network Security
  • Application Security
  • Services to Shut Off
  • Remote Desktop / Remote Assistance
  • Using HFNetChk and Baseline Security Analyzer
  • HFNetchk Overview
  • Microsoft Baseline Security Analyzer Overview
  • Reading Logs

84
HFNetchk
  • Command Line utility which tells you if you are
    up to date on patches.
  • Every time you run HFNetchk, it will attempt to
    connect to Microsoft to download an up to date
    XML document which indicates what patches should
    be on your machine.
  • If the network is unavailable, it will use
    configuration already saved to your hard disk.
  • You can download HFNetchk from
    http//support.microsoft.com/default.aspx?scidkb
    en-us303215

85
Baseline Security Analyzer
  • http//www.microsoft.com/technet/treeview/default.
    asp?url/technet/security/tools/Tools/MBSAhome.asp
  • Checks for hotfixes and security
    misconfigurations on systems.
  • Scan by machine name or IP Address(es) Can scan
    multiple computers at a time.

86
Windows XP Security II
  • System Security II
  • Network Security
  • Application Security
  • Services to Shut Off
  • Remote Desktop / Remote Assistance
  • Using HFNetChk and Baseline Security Analyzer
  • Reading Logs
  • System Logfile locations
  • IIS Logfile location

87
Reading Logs
  • Event Viewer (eventvwr)
  • System
  • Application
  • Security
  • IIS Logs (c\winnt\system32\logfiles)
  • W3SVC1, etc.
  • If you do not look through logs you may not
    notice anything is going on!

88
XP Security II Seminar Objectives
  • System Security II
  • Software Update Services (SUS) Patching
  • Automatic Updates on Standalone Machines
  • Installing SUSAdmin
  • Configuring SUSAdmin
  • Approving Updates
  • Installing SUSClient
  • Configuring SUSClient to update from server via
    AD OU Group Policy
  • Simple File Sharing
  • Simple File Sharing Overview
  • Setting Up SFS Shares
  • SFS Is Not Secure
  • Disabling SFS

89
XP Security II Seminar Objectives
  • System Security II (Continued)
  • NTFS Permissions
  • Definitions
  • Changing Default Permissions
  • NTFS Rules Additive Permissions and Deny
    Permissions
  • Removing Access to Common Executables
  • Windows Security Templates Policies
  • Creating a New Security Template
  • Defining Your Security Settings
  • Using the Security Configuration and Analysis
    Tool
  • Applying Security Templates
  • Security Policies

90
XP Security II Seminar Objectives
  • Network Security
  • IPSEC filtering
  • IP Security Overview
  • Starting IPSec Service
  • Installing an IPSec Policy
  • Creating a Custom IPSec Policy
  • Application Security
  • Services to Shut Off
  • Disabling Un-necessary Services
  • Use Secure Services
  • Specific XP Services to Disable

91
XP Security II Seminar Objectives
  • Application Security
  • Remote Desktop / Remote Assistance
  • Remote Assistance Overview
  • Disabling Remote Assistance
  • Setting Up Remote Desktop
  • Changing Default Remote Desktop Port
  • Disabling Remote Desktop
  • Using HFNetChk and Baseline Security Analyzer
  • HFNetChk Overview
  • Microsoft Baseline Security Analyzer Overview
  • Reading Logs
  • System LogFile Locations
  • IIS LogFile Locations
  • Conclusion

92
Windows Is a Popular OS to Hack
  • Millions of lines of code
  • All aspects add to increase security
  • ACLS, Services and Applications run among most
    important
  • Frequent patching and examination of logs is a
    must
  • Also consider other means to secure
  • Apply ideas to workstations in department as well
  • Spend extra time setting up a machine when you
    have time rather than rebuilding when downtime is
    highly inconvenient

93
Appendix 1 File and Folder Permissions
94
Appendix 2 PSU Security Policies
  • Located at http//sos.its.psu.edu/policy.html

95
Appendix 3 Additional Resources
  • SANS guidelines
  • //common/docs/SANS
  • NSA Guide to Securing W2K
  • nsa2.www.conxion.com/win2k/download.htm
  • Microsoft Windows 2000 Server Security Guide
  • http//www.microsoft.com/technet/security/prodtech
    /windows/windows2000/staysecure/Default.asp
  • Microsoft SUS Whitepaper
  • http//www.microsoft.com/windowsserversystem/sus/s
    usdeployment.mspx

96
Note
  • Powerpoint slides to this and other seminars,
    links to utilities, patches, and suggestions for
    securing Windows operating systems and
    applications can be found at http//www.personal.
    psu.edu/lxm30/windows/windows.html
Write a Comment
User Comments (0)
About PowerShow.com