Franske ITC-2000 Security Lab: Difference between revisions

From ITCwiki
Jump to navigation Jump to search
No edit summary
 
(5 intermediate revisions by the same user not shown)
Line 17: Line 17:
## Click on the "Groups" option under "Local Users and Groups" in the left side pane of the window
## Click on the "Groups" option under "Local Users and Groups" in the left side pane of the window
## Right click on an open area in the group listing pane of the window and select "New Group..."
## Right click on an open area in the group listing pane of the window and select "New Group..."
## Create a new group named "ITC Limited"
## Create a new group named "ITC Limited Group"
## Click the "Add..." button and enter the user name "ITC Limited" and click "OK" to add the ITC Limited user to the new group
## Click the "Add..." button and enter the user name "ITC Limited" and click "OK" to add the ITC Limited user to the new group
## Click the "Create" button to create the group
## Click the "Create" button to create the group
Line 26: Line 26:


=Manage File and Folder Permissions=
=Manage File and Folder Permissions=
# Create two new folders on your system in the C:\ drive
# Create a few files inside of each folder
# Read this [http://www.uwec.edu/Help/drives/permissions.htm introduction to file and folder permissions] document
# Based on what you have read change some of the file and folder permissions for the files and folders you created above. Specifically try setting some different types of permissions for the new ITC Limited user you created.
# Log off of your administrative account and log on to the ITC Limited user account
# Try accessing and modifying the files and folders you created above
# Verify that you only have the permissions which you set


=Manage Windows Firewall=
=Manage Windows Firewall=
Line 42: Line 49:


=Manage Anti-Malware Software=
=Manage Anti-Malware Software=
# Recent versions of the Windows operating system include a free built-in anti-malware utility called Windows Defender. Read about this utility on the [http://windows.microsoft.com/en-us/windows/using-defender#1TC=windows-7 Microsoft Windows Defender] site.
# For this part of the lab you will need an Internet connection for your laptop. Use a patch cord to connect your system to the ITC network jacks (ask your instrucdtor) on your desk.
# One advantage of the Windows Defender utility is that it is kept up to date with current malware definitions through the same Windows Update process as other parts of your operating system.
# Windows 8 includes built-in anti-virus and anti-malware protection but older versions of Windows can be protected by third party software or the free Microsoft Security Essentials software.
# Complete a "quick scan" of your system using Windows Defender by following the instructions on the [http://windows.microsoft.com/en-us/windows/scan-for-spyware-unwanted-software#1TC=windows-7 Microsoft site].
# Download and install a copy of the [http://windows.microsoft.com/en-us/windows/security-essentials-all-versions Microsoft Security Essentials] software on your system.
# Update the malware definitions to the latest version
# Run a "quick scan" of your system
# Sometimes a system is so compromised that anti-malware software running through the OS itself might be compromised as well and unable to detect or remove the malware. In these cases it's usually best to just format the computer and start with a fresh OS install but if you want to try and clean up the system your best option is to boot directly into an anti-malware program runnign from a CD or USB drive instead of into the OS itself and scan the system in "offline" mode. One such free program is the "Windows Defender Offline" software. Because this is offline it does not receive any updates after you download it so you would want to download a fresh copy each time you want to scan a system. It would also be the most secure to download the software and burn the CD or USB drive on a system known to be uninfected.
# Sometimes a system is so compromised that anti-malware software running through the OS itself might be compromised as well and unable to detect or remove the malware. In these cases it's usually best to just format the computer and start with a fresh OS install but if you want to try and clean up the system your best option is to boot directly into an anti-malware program runnign from a CD or USB drive instead of into the OS itself and scan the system in "offline" mode. One such free program is the "Windows Defender Offline" software. Because this is offline it does not receive any updates after you download it so you would want to download a fresh copy each time you want to scan a system. It would also be the most secure to download the software and burn the CD or USB drive on a system known to be uninfected.
# Visit the [http://windows.microsoft.com/en-us/windows/what-is-windows-defender-offline Windows Defender Offline] site and read about the program
# Visit the [http://windows.microsoft.com/en-us/windows/what-is-windows-defender-offline Windows Defender Offline] site and read about the program
# A copy of the program has already been used to create an ISO file which is in the D:\CNT Files\ITC 2000\Windows Defender Offline\" folder on your host computer.
# Download the Windows Defender Offline software onto your laptop and use it to create a bootable USB drive. Normally you would not want to do this on the machine you want to scan because if it is infected the infection could prevent the software from correctly operating but for demonstration purposes we'll build the bootable USB drive and scan the same system.
# Power down your VM and put the "2014-10-29-WDO_Media32.iso" file into the virtual CD/DVD drive of your VM
#* Note that creating the WDO USB drive will wipe all the data from your USB drive so make sure to backup any of your data to another location first. After completing the lab you can format the USB drive again and copy your data back onto the drive.
# Restart your VM and boot it from the virtual CD/DVD drive to start the Windows Defender Offline software
# Power down your laptop and put the bootable USB drive into your system
# Run a scan of your VM using the Windows Defender Offline software
# Restart your laptop and boot it from the USB drive to start the Windows Defender Offline software
# Run a scan of your system using the Windows Defender Offline software

Latest revision as of 16:29, 29 March 2016

Manage Windows Users and Groups

  1. Open the "Computer Management" control panel
  2. Click on the "Users" option under "Local Users and Groups"
  3. You should now see a listing of all users on your system in the right hand pane of the window.
  4. One way that attackers may exploit your system is by using account credentials which you are not in need of. One such example is the default "Guest" account.
    1. To disable this account right click on the account name and choose properties.
    2. Place a check mark nets to the "Account is disabled" option
    3. Click the "OK" button
    4. Notice that the Guest account icon is now different than active accounts on the system
  5. Create a new user account through the computer management window
    1. Right click on an open area in the user listing pane of the window and select "New User..."
    2. Create a new user with "ITC Limited" as the username and full name.
    3. Set the password for the user to "Password01!!"
    4. Make sure that the "User must change password at next login" box is unchecked and the "Password never expires" box is checked.
    5. Click "Create"
  6. Create a new group through the computer management window
    1. Click on the "Groups" option under "Local Users and Groups" in the left side pane of the window
    2. Right click on an open area in the group listing pane of the window and select "New Group..."
    3. Create a new group named "ITC Limited Group"
    4. Click the "Add..." button and enter the user name "ITC Limited" and click "OK" to add the ITC Limited user to the new group
    5. Click the "Create" button to create the group
  7. Open the "Users" group by double clicking on the group name
  8. Notice that the ITC Limited user is automatically added as a member of this group as well.
  9. Click "Cancel" to close the Users group window.
  10. Close the computer management window

Manage File and Folder Permissions

  1. Create two new folders on your system in the C:\ drive
  2. Create a few files inside of each folder
  3. Read this introduction to file and folder permissions document
  4. Based on what you have read change some of the file and folder permissions for the files and folders you created above. Specifically try setting some different types of permissions for the new ITC Limited user you created.
  5. Log off of your administrative account and log on to the ITC Limited user account
  6. Try accessing and modifying the files and folders you created above
  7. Verify that you only have the permissions which you set

Manage Windows Firewall

  1. Open the Windows Firewall from inside the "System and Security" control panel
  2. Click the "Allow a program of feature through Windows Firewall" link on the left side of the screen.
    • This window provides a basic interface to the Windows Firewall. Programs and features can be allowed through the firewall by placing a check mark to the left of the program or feature and then checking one or both boxed to the right providing access when your computer is connected to Home/Work or Public networks. Explore the current settings and determine what programs or features are currently allowed through the firewall on your system.
  3. Press the back button to return to the general Windows Firewall control panel window
  4. Click the "Advanced settings" link on the left side of the window
  5. Right click on the first "File and Printer Sharing (Echo Request - ICMPv4-In)" rule and select "Properties"
  6. Explore how this rule was created
    1. Click the "Advanced" tab and check which profiles this rule applies to
    2. Click the "Customize..." button in the "Interface types" section and see what interface types this rule applies to, then click OK to close this window
    3. Click the "Programs and Services" tab and check which programs and services the rule applies to.
    4. Click the "Protocols and Ports" tab and then the "Customize" button in the ICMP settings section and check to see which ICMP messages the rule applies to
  7. Close all windows

Manage Anti-Malware Software

  1. For this part of the lab you will need an Internet connection for your laptop. Use a patch cord to connect your system to the ITC network jacks (ask your instrucdtor) on your desk.
  2. Windows 8 includes built-in anti-virus and anti-malware protection but older versions of Windows can be protected by third party software or the free Microsoft Security Essentials software.
  3. Download and install a copy of the Microsoft Security Essentials software on your system.
  4. Update the malware definitions to the latest version
  5. Run a "quick scan" of your system
  6. Sometimes a system is so compromised that anti-malware software running through the OS itself might be compromised as well and unable to detect or remove the malware. In these cases it's usually best to just format the computer and start with a fresh OS install but if you want to try and clean up the system your best option is to boot directly into an anti-malware program runnign from a CD or USB drive instead of into the OS itself and scan the system in "offline" mode. One such free program is the "Windows Defender Offline" software. Because this is offline it does not receive any updates after you download it so you would want to download a fresh copy each time you want to scan a system. It would also be the most secure to download the software and burn the CD or USB drive on a system known to be uninfected.
  7. Visit the Windows Defender Offline site and read about the program
  8. Download the Windows Defender Offline software onto your laptop and use it to create a bootable USB drive. Normally you would not want to do this on the machine you want to scan because if it is infected the infection could prevent the software from correctly operating but for demonstration purposes we'll build the bootable USB drive and scan the same system.
    • Note that creating the WDO USB drive will wipe all the data from your USB drive so make sure to backup any of your data to another location first. After completing the lab you can format the USB drive again and copy your data back onto the drive.
  9. Power down your laptop and put the bootable USB drive into your system
  10. Restart your laptop and boot it from the USB drive to start the Windows Defender Offline software
  11. Run a scan of your system using the Windows Defender Offline software