Franske ITC-2000 Security Lab: Difference between revisions

From ITCwiki
Jump to navigation Jump to search
No edit summary
No edit summary
Line 42: Line 42:


=Manage Anti-Malware Software=
=Manage Anti-Malware Software=
 
# Recent versions of the Windows operating system include a free built-in anti-malware utility called Windows Defender. Read about this utility on the [http://windows.microsoft.com/en-us/windows/using-defender#1TC=windows-7 Microsoft Windows Defender] site.
# One advantage of the Windows Defender utility is that it is kept up to date with current malware definitions through the same Windows Update process as other parts of your operating system.
# Complete a "quick scan" of your system using Windows Defender by following the instructions on the [http://windows.microsoft.com/en-us/windows/scan-for-spyware-unwanted-software#1TC=windows-7 Microsoft site].
# Sometimes a system is so compromised that anti-malware software running through the OS itself might be compromised as well and unable to detect or remove the malware. In these cases it's usually best to just format the computer and start with a fresh OS install but if you want to try and clean up the system your best option is to boot directly into an anti-malware program runnign from a CD or USB drive instead of into the OS itself and scan the system in "offline" mode. One such free program is the "Windows Defender Offline" software. Because this is offline it does not receive any updates after you download it so you would want to download a fresh copy each time you want to scan a system. It would also be the most secure to download the software and burn the CD or USB drive on a system known to be uninfected.
# Sometimes a system is so compromised that anti-malware software running through the OS itself might be compromised as well and unable to detect or remove the malware. In these cases it's usually best to just format the computer and start with a fresh OS install but if you want to try and clean up the system your best option is to boot directly into an anti-malware program runnign from a CD or USB drive instead of into the OS itself and scan the system in "offline" mode. One such free program is the "Windows Defender Offline" software. Because this is offline it does not receive any updates after you download it so you would want to download a fresh copy each time you want to scan a system. It would also be the most secure to download the software and burn the CD or USB drive on a system known to be uninfected.
# Visit the [http://windows.microsoft.com/en-us/windows/what-is-windows-defender-offline Windows Defender Offline] site and read about the program
# Visit the [http://windows.microsoft.com/en-us/windows/what-is-windows-defender-offline Windows Defender Offline] site and read about the program

Revision as of 01:12, 30 October 2014

Manage Windows Users and Groups

  1. Open the "Computer Management" control panel
  2. Click on the "Users" option under "Local Users and Groups"
  3. You should now see a listing of all users on your system in the right hand pane of the window.
  4. One way that attackers may exploit your system is by using account credentials which you are not in need of. One such example is the default "Guest" account.
    1. To disable this account right click on the account name and choose properties.
    2. Place a check mark nets to the "Account is disabled" option
    3. Click the "OK" button
    4. Notice that the Guest account icon is now different than active accounts on the system
  5. Create a new user account through the computer management window
    1. Right click on an open area in the user listing pane of the window and select "New User..."
    2. Create a new user with "ITC Limited" as the username and full name.
    3. Set the password for the user to "Password01!!"
    4. Make sure that the "User must change password at next login" box is unchecked and the "Password never expires" box is checked.
    5. Click "Create"
  6. Create a new group through the computer management window
    1. Click on the "Groups" option under "Local Users and Groups" in the left side pane of the window
    2. Right click on an open area in the group listing pane of the window and select "New Group..."
    3. Create a new group named "ITC Limited"
    4. Click the "Add..." button and enter the user name "ITC Limited" and click "OK" to add the ITC Limited user to the new group
    5. Click the "Create" button to create the group
  7. Open the "Users" group by double clicking on the group name
  8. Notice that the ITC Limited user is automatically added as a member of this group as well.
  9. Click "Cancel" to close the Users group window.
  10. Close the computer management window

Manage File and Folder Permissions

Manage Windows Firewall

  1. Open the Windows Firewall from inside the "System and Security" control panel
  2. Click the "Allow a program of feature through Windows Firewall" link on the left side of the screen.
    • This window provides a basic interface to the Windows Firewall. Programs and features can be allowed through the firewall by placing a check mark to the left of the program or feature and then checking one or both boxed to the right providing access when your computer is connected to Home/Work or Public networks. Explore the current settings and determine what programs or features are currently allowed through the firewall on your system.
  3. Press the back button to return to the general Windows Firewall control panel window
  4. Click the "Advanced settings" link on the left side of the window
  5. Right click on the first "File and Printer Sharing (Echo Request - ICMPv4-In)" rule and select "Properties"
  6. Explore how this rule was created
    1. Click the "Advanced" tab and check which profiles this rule applies to
    2. Click the "Customize..." button in the "Interface types" section and see what interface types this rule applies to, then click OK to close this window
    3. Click the "Programs and Services" tab and check which programs and services the rule applies to.
    4. Click the "Protocols and Ports" tab and then the "Customize" button in the ICMP settings section and check to see which ICMP messages the rule applies to
  7. Close all windows

Manage Anti-Malware Software

  1. Recent versions of the Windows operating system include a free built-in anti-malware utility called Windows Defender. Read about this utility on the Microsoft Windows Defender site.
  2. One advantage of the Windows Defender utility is that it is kept up to date with current malware definitions through the same Windows Update process as other parts of your operating system.
  3. Complete a "quick scan" of your system using Windows Defender by following the instructions on the Microsoft site.
  4. Sometimes a system is so compromised that anti-malware software running through the OS itself might be compromised as well and unable to detect or remove the malware. In these cases it's usually best to just format the computer and start with a fresh OS install but if you want to try and clean up the system your best option is to boot directly into an anti-malware program runnign from a CD or USB drive instead of into the OS itself and scan the system in "offline" mode. One such free program is the "Windows Defender Offline" software. Because this is offline it does not receive any updates after you download it so you would want to download a fresh copy each time you want to scan a system. It would also be the most secure to download the software and burn the CD or USB drive on a system known to be uninfected.
  5. Visit the Windows Defender Offline site and read about the program
  6. A copy of the program has already been used to create an ISO file which is in the D:\CNT Files\ITC 2000\Windows Defender Offline\" folder on your host computer.
  7. Power down your VM and put the "2014-10-29-WDO_Media32.iso" file into the virtual CD/DVD drive of your VM
  8. Restart your VM and boot it from the virtual CD/DVD drive to start the Windows Defender Offline software
  9. Run a scan of your VM using the Windows Defender Offline software