Securing Operating Systems

Module 2

Simplifying Security.

1 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
 May 21, 2011
Malware Contamination on Windows 7 High, While for XP Low
In its latest edition of Security Intelligence Report that Microsoft released on May 12, 2011, the company reveals that the
infection rate on Windows 7 rose over 30% in H2‐2010, while that on Windows XP dropped over 20%.
Says Principal Group Program Manager Jeff Williams for Microsoft Malware Protection Center, the rate of contamination on
Windows 7 increased, that's because of more malware attacks prevailing in cyber space. Computerworld.com published this
on May 12, 2011.
Notably, during July‐December 2010, there was a mean rate of more than 4 32‐bit Windows 7 computers getting infected
for every 1,000 such computers, a rise of 33% compared to about 3 such PCs getting infected for every 1,000 during H1‐
2010. http://www.spamfighter.com

2 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
 Mac Malware Goes From Game
to Serious

May 11, 2011

Apple ‐‐ and many Mac users ‐‐ argue that Mac OS X has a special recipe for security that makes it less
likely to be infected with malware. Many security researchers counter that the Mac's seeming
immunity stems not from its security, but from its lack of market share.
The debate may finally be settled.
The emergence of a serious malware construction kit for the Mac OS X seems to mimic a 2008
prediction by a security researcher. The prediction comes from a paper written in IEEE Security &
Privacy (in .pdf), which used game theory to predict that Macs would become a focus for attackers as
soon as Apple hit 16 percent market share.
Last week, security researchers pointed to a construction kit for creating Trojans for the Mac OS X as a
major issue for Mac users. Currently, three countries ‐‐ Switzerland, Luxembourg and the United
States ‐‐ have Mac market share around that level.
http://www.csoonline.com

3 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Module Objectives
System Security How to Hide Files and Folders?
Threats to System Security Windows Security Tools
How Does Malware Propagate? Guidelines for Securing Mac OS X
Guidelines for Windows Operating
Resources on the Internet for
System Security
Computer Security
Two‐Way Firewall Protection in
Windows Operating System Security
Checklists
Windows Encrypting File System (EFS)

4 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
 Module Flow
Guidelines for Securing
System Security
Mac OS X

Windows Security Threats to System

Tools Security

Windows Encrypting How Does

File System (EFS) Malware Propagate?

Guidelines for Windows OS Security

5 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
System Security

Every operating Software vendors

system and usually develop
application is patches to address
subject to these flaws
security flaws

Users have to System

compromise can
install the
patches and be prevented by
applying security
configure the
software patches in a
timely manner

6 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
 Module Flow
Guidelines for Securing
System Security
Mac OS X

Windows Security Threats to System

Tools Security

Windows Encrypting How Does

File System (EFS) Malware Propagate?

Guidelines for Windows OS Security

7 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Threats to System Security
Virus Worm Backdoor

A program that replicates by A self‐replicating virus An unauthorized mean of

copying itself to other that does not alter files accessing the system and
programs, system boot sectors,
or documents, and alters or
but resides in computer bypassing the security
damages the computer files and memory and replicates mechanisms
applications itself

Rootkit Trojan Logic Bomb

A set of programs or A program that seems A program that releases a

utilities that allows to be legitimate but acts virus or a worm
someone to maintain maliciously, when
root‐level access to the executed
system

8 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
 Threats to System Security
Keylogger
Keylogger is a hardware device
or small software program that
Spyware monitors and records each
Spyware includes Trojans and keystroke on a user's
other malicious software that computer keyboard
steals personal information
from the system without the
users’ knowledge. Example:
Keylogger

Password Cracking
Password cracking is the process
of identifying or recovering an
unknown or forgotten password

9 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
 Password Cracking
Password cracking is the process of identifying or recovering an unknown or forgotten password

Brute Dictionary Shoulder Social

Guessing
Forcing Attack Surfing Engineering

Trying different Trying combinations It uses a pre‐ Watching someone Tricking people to
passwords until of all the characters defined list of type the password reveal their password
one works until the correct words or other information
password is that can be used to
discovered guess the password

Original Connection

Victim Sniff Attacker gets the Server

password of the victim

Attacker

10 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
 Module Flow
Guidelines for Securing
System Security
Mac OS X

Windows Security Threats to System

Tools Security

Windows Encrypting How Does

File System (EFS) Malware Propagate?

Guidelines for Windows OS Security

11 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
How Does Malware Propagate?

Through Email Through USB Through Infected

Attachments Memory Sticks Websites

Emails containing A virus create an Visiting compromised

attachments may autorun.inf file that is a sites may result in
include malware system hidden and a installation of
read‐only file malicious software,
Clicking the When the user opens the designed to steal
attachment installs a pen drive files, the personal information,
malicious program on autorun.inf is executed on users computer
the computer and copies the virus files
into the system

12 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
How Does Malware
Propagate ?

http://www.sonicwall.com

13 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
How Does Malware Propagate?
Through Fake Codec

If the user is prompted to download and install a

decoder to watch the video, the codec may be a
malicious program that would be downloaded onto
the system

Through Shared Folders

Malware may propagate via network shares

The malware can spread by creating copies of itself in
shared folders

14 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
How Does Malware Propagate?
Through Fake Antivirus

Antivirus 2009 is a fake antivirus that performs a fake

scan of the users’ system and shows viruses that are
not present on the system
Clicking the Register or Scan buttons downloads
malware onto the system

Through Downloads

Downloading software, music, photos, and videos from

untrusted websites may also cause downloading a
malicious file infected with a virus, worm, Trojan, etc.
A large number of malicious applications are available
over the Internet with a description that may trick
users into downloading them

15 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
How Does Malware Propagate?
Peer‐to‐peer (P2P) file sharing enables sharing
of music, audio, images, documents, and
software programs between two computers
over the Internet
Shared files may contain security risks such as
viruses, spyware, and other malicious software
Attackers can share malware disguised as a
useful application
P2P networks can be used to illegally distribute
the copyrighted material that may attract civil
and/or criminal penalties

http://www.entertane.com

16 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
 Module Flow
Guidelines for Securing
System Security
Mac OS X

Windows Security Threats to System

Tools Security

Windows Encrypting How Does

File System (EFS) Malware Propagate?

Guidelines for Windows OS Security

17 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
 Guidelines for Windows
Operating System Security

Lock the System, When

Apply Software Security Patches Kill Unnecessary Processes
Not in Use

Create Strong User Password Use Windows Firewall Configure Audit Policy

Disable the Guest Account Use NTFS Hide Files and Folders

Use Windows Encrypting File

Lock Out Unwanted Guests Disable Simple File Sharing
System

Rename the Administrator Use Windows User Account

Enable BitLocker
Account Control (UAC)

Implement Malware
Disable Start up Menu Disable Unnecessary Services
Prevention

18 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Lock the System When Not in Use
Press the ‘Windows’ and ‘L’ keys together on the keyboard to lock the system
Click Start   Lock
Right‐click on the Desktop and select Personalize  Screensaver  select the time and
check “On resume, display logon screen”

19 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Create a Strong User Password

1. To create a password, go to Start  Control Panel  Select User Accounts  click

Manage another account

2. Click User name for whom the password has to be changed and choose Create a
password (If the password is already set, this option will be Change your password )

3. In the Create a password for user’s account window, type the password to be assigned
to the selected user and confirm the password

4. Provide a password hint (optional)

5. If a password is already assigned to the user account and are trying to change it,
Windows will ask you to verify the current password

6. Click the Create/Change Password button

Note: Use strong passwords for logging into the system

20 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Change Windows User Password:
Windows 7

21 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Disable the Guest Account:
Windows 7
Click Start  right click Computer  select
Manage
When the Computer Management window
opens, go to Local Users and Groups 
Users
Verify that the Guest account is disabled by
looking at the icon
If the account is not disabled, double‐click
the account name to open its Properties
window
In the Guest account's properties window
 select the checkbox next to Account is
disabled  click OK

22 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Lock Out Unwanted Guests in
Windows 7
Go to Control Panel  click
Administrative Tools

Double‐click the Local Security

Policy  Account Policies
double‐click the Account
Lockout Policy  double‐click
Account Lockout Threshold

At the Account lockout threshold

Properties window, enter the
number of invalid logins (e.g., 3)

Click OK and Close

23 Copyright ©
by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Rename the Administrator
Account in Windows 7
Click Start  right click Computer  click
Manage
In the Computer
Management window  click
Local Users and Groups 
select Users

Right click on user Admin or Administrator 

select Rename  type the new name for
account and click OK

24 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Disable Start up Menu in Windows 7
Right click on the Taskbar  select
Properties  click Start Menu tab
Uncheck both Store and display recently
opened programs in the Start menu and
Store and display recently opened items
in the Start menu and the taskbar  click
Apply  click OK

25 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Windows Updates in
Windows 7
• Windows Updates

Click Start  Control

Panel  select System
and Security

Select Windows Update

 Change Settings

Choose how Windows can

install updates

26 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
 Pointers for Updates
Choose to be notified by
Always patch the OS and
the vendor about
applications to the latest
vulnerability
patch levels
announcements

Ensure that you are

Do not open executable
downloading patches only
files from sources of
from authentic sources ‐‐
questionable integrity
preferably the vendor site

Use patch
Do not send patches management tools for
through email easier updating–there
are several free tools

27 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Apply Software Security Patches
Software updates are used to keep the OS and other
1 software up‐to‐date

2 Updates must be installed from the vendor’s website

3 Updates can be installed automatically or manually

Automatic updates can be installed on a scheduled

4 basis

5 The update process can be hidden and restored

28 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Configuring Windows Firewall in
Windows 7
Open Windows Firewall by clicking the Start button  click Control Panel
In the search box, type Firewall  click Windows Firewall
In the left pane, click Turn Windows Firewall ON or OFF

29 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Adding New Programs in Windows
Firewall in Windows 7
1. Click Start  Control Panel  type Firewall in the
search box  press Enter
2. Click Allow a program through Windows Firewall
3. Click Change Settings

30 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Adding New Programs in Windows
Firewall in Windows 7
4. Click Allow another Program
5. The Add A Program window opens, which lists pre‐installed programs 
Click Browse to add a program (if required)

31 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Adding New Programs in Windows
Firewall in Windows 7
6. Navigate to the Location of the program  select its executable file  click Open
7. Click Add  click OK to exit the Windows Firewall

The change is applied to the list of added programs

32 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Removing/Disabling Programs Rules
from the Windows Firewall in Windows 7
Click Start  Control Panel  search
Windows Firewall  go to Allow a
Program through Windows Firewall 
click Change Settings
Select the rule you want to
Remove/Disable
To Disable any rule for any specific
network location, uncheck its
respective checkbox  click OK
To remove any program completely
from the allowed program list, click
Remove  click YES  click OK

33 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Creating a New Windows Firewall
Rule in Windows 7
Advance settings in Windows Firewall allow users to create custom rules
Steps to create a new rule:
1. Click Start  Control Panel  search for firewall  click Check Firewall Status  click
Advanced Settings

34 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Creating a New Windows Firewall
Rule in Windows 7
2. In the Windows Firewall with Advanced Security window, click Inbound Rules  click New Rule
3. The New Inbound Rule Wizard opens  select the type of rule (Program, Port, Predefined, and Custom
rules) you would like to create  click Next

35 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Creating a New Windows Firewall
Rule in Windows
4. Select the type of protocol (TCP/UDP) and provide the port numbers or select the option All
Local Ports for the rule you want to be applied  click Next
5. Decide what Action to take when a connection matches the specified condition (here, Allow
the Connection)  click Next

36 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Creating a New Windows Firewall
Rule in Windows 7
6. Select a Profile for which the rule has to be applied  click Next
7. Give a Name to the newly created Rule and description (optional)  click Finish
The rule is created and it allows TCP Inbound traffic to all the ports.
Note: To create a rule for Outbound traffic, follow the same steps. But select UDP protocol
and enter 5679 as the port number

37 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Two-Way Firewall Protection in
Windows
Click the Start button  type wf.msc
or Firewall in search bar  press
Enter
Click the Windows Firewall with
Advanced Security icon
This management interface displays
the inbound and outbound rules
Click Windows Firewalls Properties
A dialog box with several tabs will
appear
For each profile‐‐Domain, Private, and
Public‐‐change the setting to Block,
and then click OK

38 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
 Always Use NTFS
NTFS file system provides better performance and security for data on hard disks and partitions than
the FAT file system
Convert partitions that use the earlier FAT16 or FAT32 file system to NTFS by using the convert
command

Click Start  All Programs 

Close any open programs Accessories, right‐click
running on the partition or Command Prompt, and then
logical drive to be click Run as administrator.
converted Type the password or provide
confirmation if prompted

In the Command Prompt,

type convert drive_letter:
Type the name of the
/fs:ntfs, where
volume you want to convert,
drive_letter is the letter of
and then press ENTER
the drive to be converted to
NTFS, and then press ENTER

Note: Converting a partition from FAT to NTFS does not affect the data on it.
You need to restart the computer for the NTFS conversion if the partition
contains system files.

39 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
 Module Flow
Guidelines for Securing
System Security
Mac OS X

Windows Security Threats to System

Tools Security

Windows Encrypting How Does

File System (EFS) Malware Propagate?

Guidelines for Windows OS Security

40 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.