Brooklyn Technical High School



Name: [pic] Per: [pic]

CLASS: Networking DATE: Friday May 20th 2011

TOPIC: Disabling non-essential services

AIM: What are the differences between virus, worms, zombies, Trojans, etc?

H.W. # 83:

1) What is the benefit of disabling non-essential services?

2) What is the term given to enabling only services for only those users entitled to it?

DO NOW:

Short or blank passwords are easy to crack. Let’s specify a minimum length for a password on our computers.

1) Go to Control Panel, then Administrative Tools, Local Security Policy, Account Policies, Password Policy. Double click Minimum Password Length. Change the characters value from 0 to 4. Click OK.

PROCEDURE:

Write the AIM and DO NOW.

Get students working!

Take attendance.

Go Over HW

Collect HW

Go over the Do Now

Question:

What is the defense against viruses?

[pic]

Assignment #1:

Privilege Escalation is the malicious event when a user is able to obtain privileges or capabilities beyond what they were assigned or which they are authorized to have or use. Go to this link take a look at an example of privilege escalation.

Assignment #2:

Try this on your own computer.

1) Look at the time on your computer

2) Go to Start Run, CMD, type at \\server 3:15p /interactive “notepad.exe”

3) In #2, replace \\server with your computer name for example \\BT4E14-39

4) In #2, replace 3:15p with 2 minutes past the current time on your computer.

5) Wait the 2 minutes and see what happens.

6) Open up the Task Manager. Check to see if notepad is one of the processes running.

7) Ask your immediate neighbor if you can use the at command on his server. If your neighbor agrees execute the same command from your computer to activate notepad on their server.

8) The interactive option is used to see the process. Omitting the interactive option runs the process in the background invisibly.

9) Type at /? to see the various switches that can be used with the at command

Sample Test Questions:

1) Which of the following best describes the at command?

A) A program that can execute commands and other programs needed to install program updates

B) A program that can schedule commands and other programs to run on a computer at a specific time and date

C) A Resource Kit utility than can schedule commands and programs to run on a computer at a specific time and date

D) A Trojan horse that can schedule commands and programs to run on a computer at a specific date and time.

2) What switch allows the user to see the process that started with the at command?

A) /delete B) /interaction C) /interactive D) /visible

3) Which of the following is a legitimate use for the at command?

A) scheduling backups B) scheduling virus scans C) scheduling updates D) all of the above

Assignment #3:

Research the following computer virus variants:

1) Boot Sector Virus

2) Polymorphic Virus

3) Macro Virus

4) Stealth Virus

5) Armored Virus

6) Retro Virus

7) Phage Virus

8) Companion Virus

9) Multipartite Virus

Assignment #4:

After using authentication to verify that a user requesting access is who he claims to be, the next logical step is to restrict the user to accessing only the resources essential for him to do his job. This is known as access control. Access control consists of mechanisms for limiting access to resources based on users’ identities and their membership in various groups. When an operating system is configured to restrict a user’s access, most operating systems store this information in an access control list. An ACL is a table in the operating system that contains the access rights each subject has to a particular system object such as a folder or file.

Assignment #5:

Your computer should be set up for more than one user. If your computer is not set up this way, open the User Accounts window from Control Panel then add an account. Also, in Control Panel, open the Folder Options dialog box. On the View tab, deselect the “Use simple file sharing (Recommended)” check box.

1) Right-click the Start button, and then click on Explore on the shortcut menu to open Windows Explorer.

2) Create a folder name Folder3

3) Start Microsoft Word, and then create a document that includes your name and today’s date.

4) Save this document as File3-5 in Folder3. Close Word.

5) Use Windows Explorer to locate and right-click Folder3. Then click Properties on the shortcut menu. The Folder3 Properties dialog box opens.

6) Click the Security tab. Then click each user and group to view the permissions they have with this folder.

7) To add a group that has permissions to this folder, click Add.

8) Click Advanced and then Find Now.

9) Click Remote Desktop Users and then click OK.

10) Click OK again to close the Select User or Groups dialog box.

11) Click the Remote Desktop Users group and then write down the permissions they have by default over this folder.

12) Make sure the Folder3 Properties dialog box is open to the Security tab.

13) Click the Advanced button.

14) Click Remote Desktop Users and then click Edit.

15) To give this group permission over this folder, click the Allow check box next to Delete. Then click OK.

16) Click OK to close the Advanced Security Settings dialog box.

17) Select the Remote Desktop Users group and note that their permissions are now changed.

18) Click Ok to close all Windows.

Assignment #6:

Handling the permissions for individual users and sometimes even groups can be a time-consuming task. Instead of setting permissions for each user or group, you can assign permissions to a position or role, and then assign users and other objects to that role. The users and objects inherit all of the permissions for that role. This model is known as Role Based Access Control (RBAC).

A more restrictive model is known as Mandatory Access Control (MAC). IN this model, the subject is not allowed to give access to another subject to use an object. Instead all controls are firmly fixed in one place and there is no flexibility at the object level.

The least restrictive model is Discretionary Access Control (DAC). IN this setting, one subject can adjust the permissions for other subjects over objects.

Sample Test Questions:

1) You have been assigned a mentor a junior administrator and bring him up to speed quickly. The topic you’re currently explaining is authentication. Which method uses a KDC to accomplish authentication for users, programs or systems?

A) CHAP B) Kerberos C) Biometrics D) Smart Cards

2) Of the following types of security, which would be primarily concerned with someone stealing the server from the premises?

A) Physical Security B) Operational Security C) Management and Policy D) Authentication

3) Upper Management has suddenly become concerned about Security. As the senior network administrator, you are asked to suggest changes that should be implemented. Which of the following access methods should you recommend if the method is to be one that is primarily based on pre-established access and can’t be changed by users?

A) MAC B) DAC C) RBAC D) Kerberos

4) After a careful risk analysis, the value of your company’s data has been increased. Accordingly, you’re expected to implement authentication solutions that reflect the increased value of the data. Which of the following authentication methods uses more than one authentication process for a logon?

A) Multi-factor B) Biometrics C) Smart Card D) Kerberos

5) Which of the following IP addresses is within the private address range?

A) 192.1.1.5 B) 192.168.0.10 C) 192.225.5.1 D) 192.255.255.255

6) Which of the following protocols allows an organization to present a single TCP/IP address to the Internet while utilizing private IP addressing across the LAN?

A) NAT B) VLAN C) DMZ D) Extranet

7) You are the administrator for Mercury Technical. Due to several expansions, the network has grown exponentially in size within the past two years. Which of the following is a popular method for breaking a network into smaller private networks that can coexist on the same wiring and yet be unaware of each other?

A) VLAN B) NAT C) MAC D) Security Zone

8) Of the following services, which one would be most likely to utilize a retinal scan?

A) Auditing B) Authentication C) Access Control D) Data confidentiality

9) A user complains that his system has been infected with a new virus. Which of the following would be a first step to take in addressing and correcting the problem?

A) Verifying that the most current virus definition file is installed

B) Reformatting the hard disk

C) Re-installing the operating system

D) Disabling the user’s e-mail account

Assignment #7:

A logical first step in establishing a defense against computer attacks is to turn off all non-essential systems. With information security, disabling systems that are not necessary restricts entry points the attackers can use.

Some programs are written to run in the background of the operating system. A background program is not prominently displayed on the screen and does not require user input as a regular foreground program does. Instead the background program waits in the computer’s random access memory (RAM) until the user presses a specific combination of keys known as a hot key.

These background programs usually perform tasks for the operating systems such as managing network connections. In Microsoft Windows, a background program is called a process. The process provides a service to the operating system, which is indicated by a service name. Open the Task Manager and look at the status of processes listed. To get a description of a service, go to Control Panel, Administrative Tools, Services, click on a service and you can see a description of that service.

A service can be set to one of 3 modes.

• Automatic

• Manual

• Disabled

Stopping and then starting a service is sometimes called a restart

Services provide a valuable tool for an attacker to use against a system. Because these services run in the background without any user intervention, an attacker can take advantage of them to launch an attack. Attaching an attack to a service that is already functioning and is hidden from the user is an ideal setting for attackers. If you disable the services you don’t need, you eliminate a vulnerability in your computer system.

• Disabling a service can also free up RAM. Disabling all non-essential services can free anywhere from 12MB to 70MB of RAM depending on the system

The combination of an IP address and a port number is known as a socket; the IP address is separated from the port number by a colon, as in 198.146.118.20:80. Because many services use a port number for communications, disabling non-essential services closes these ports and results in fewer entry points into the system.

One of the first tasks in establishing a security baseline is to stop unnecessary services. This not only denies attackers a background program to which they can attach malicious code, but also closes ports that can be openings for attacks themselves.

Mini-lab:

1) On a Windows XP computer, click Start and then click Run. The Run dialog box opens.

2) Type msconfig and then press Enter to display the System Configuration Utility dialog box.

3) Click the Services tab. Scroll down to see which services are running or stopped. List the services that you consider essential and explain why?

4) Click Cancel.

Sample Test Questions:

1) You can start to build defenses for your information systems by creating security

A) foundations B) baselines C) pillars D) planes

2) In Microsoft Windows, the name of the background program, such as Svchost.exe, is called a

A) process B) service C) display service D) parent service

3) Stopping and then starting again a service is sometimes called a

A) restart B) disable C) process D) reable

4) A non-security advantage of disabling a service is sometimes called a

A) ROM is preserved B) the operating system can be performed fewer functions

C) communication with firmware is enhanced D) it frees up RAM

True or False:

1) Port 80 identifies the service as Web traffic (HTTP)

-----------------------

[pic]

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download