Microsoft%20Security%20Resources - PowerPoint PPT Presentation

About This Presentation
Title:

Microsoft%20Security%20Resources

Description:

Weekly scan. Nightly Live Update. Application requires a password to remove. Real-time scan settings are locked. Help! I've been hacked ... – PowerPoint PPT presentation

Number of Views:47
Avg rating:3.0/5.0
Slides: 13
Provided by: scie5
Learn more at: http://www.cs.cmu.edu
Category:

less

Transcript and Presenter's Notes

Title: Microsoft%20Security%20Resources


1
Microsoft Security Resources

2
URLs for this talk
  • All URLs mentioned in this talk can be found
    here
  • http//www.cs.cmu.edu/help/security/pc_talk.html

3
Active Directory / Group Policy
  • Windows 2000, XP clients only
  • Automate client security settings
  • Policies at the Site, Domain, OU, local level
  • Delegation of Organizational units

4
Local Policy Settings
  • Most of the same functions as Active Directory
    based policy, but applied on a per machine basis.
  • IPSec based TCP/IP filtering for common types of
    network traffic (Netbios, HTTP, etc.)
  • IPSEC Policies can be downloaded from
    http//www.cs.cmu.edu/help/security/pc/windows_se
    curity.html

5
Software Update Services
  • Local version of Windows Update
  • Ability to block patches
  • Patches download from a local server
  • Client must initiate installation
  • Settings applied via a Domain Group Policy
  • Evaluating Shavlik HFnetChkPro for automated
    patch management for infrastructure servers

6
IIS Security
  • IIS Lockdown Wizard removes legacy components
    and tightens folder security on the IIS directory
    structure.
  • URLScan - ISAPI filter which reads incoming http
    requests and filters requests which do not meet
    the proper criteria.
  • Configurable via .INI file

7
SQL Security
  • Reset the SA password
  • Apply Service packs and critical security
    hotfixes
  • Proper validation of form fields that access SQL
    databases.

8
Terminal Services Security
  • Port 3389 is blocked
  • Requires Cisco VPN client to access a
    workstation/server running Terminal Services

9
Microsoft Baseline Security Analyzer
  • Checks for security misconfiguration and missing
    security patches.
  • Developed by Shavlik technologies (HFnetchk).
  • Output from the tool should be kept in a secure
    area or external media.

10
Anti-Virus Software
  • All PCs should have Symantecs Anti-virus
    corporate edition installed.
  • Machines installed by SCS facilities have the
    following settings pre-applied (via GRC.DAT)
  • Weekly scan
  • Nightly Live Update
  • Application requires a password to remove
  • Real-time scan settings are locked

11
Help! Ive been hacked
  • Clauss will usually provide port information
    (where a malicious process is listening)
  • Process to port mapping. Use netstat aon (XP
    only).
  • Fport (available from Foundstone)
  • TCPview(available from Sysinternals.com)
  • Kill the malicious process(es). Patch the
    machine, reset passwords, remove artifacts.

12
Help! Ive been hacked (cont.)
  • In a lot of cases, it is easier to just wipe and
    reinstall the machine, rather than doing a
    detailed analysis.
  • Domain and Unix passwords should still be reset,
    since keystroke loggers are fairly common.
  • Detailed help on cleaning hacked machines
  • http//www.cs.cmu.edu/help/security/pc/break_ins.
    html
Write a Comment
User Comments (0)
About PowerShow.com