windows xp security ii n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Windows XP Security II PowerPoint Presentation
Download Presentation
Windows XP Security II

Loading in 2 Seconds...

play fullscreen
1 / 96

Windows XP Security II - PowerPoint PPT Presentation


  • 316 Views
  • Uploaded on

Windows XP Security II. Laurie Walters lwalters@psu.edu. XP Security II Seminar Objectives. System Security II Software Update Services (SUS) & Patching Automatic Updates on Standalone Machines Installing SUSAdmin Configuring SUSAdmin Approving Updates Installing SUSClient

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Windows XP Security II' - benjamin


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
windows xp security ii

Windows XP Security II

Laurie Walters

lwalters@psu.edu

xp security ii seminar objectives
XP Security II Seminar Objectives
  • System Security II
    • Software Update Services (SUS) & Patching
      • Automatic Updates on Standalone Machines
      • Installing SUSAdmin
      • Configuring SUSAdmin
      • Approving Updates
      • Installing SUSClient
      • Configuring SUSClient to update from server via AD OU Group Policy
    • Simple File Sharing
      • Simple File Sharing Overview
      • Setting Up SFS Shares
      • SFS Is Not Secure
      • Disabling SFS
xp security ii seminar objectives1
XP Security II Seminar Objectives
  • System Security II (Continued)
    • NTFS Permissions
      • Definitions
      • Changing Default Permissions
      • NTFS Rules: Additive Permissions and Deny Permissions
      • Removing Access to Common Executables
    • Windows Security Templates & Policies
      • Creating a New Security Template
      • Defining Your Security Settings
      • Using the Security Configuration and Analysis Tool
      • Applying Security Templates
      • Security Policies
xp security ii seminar objectives2
XP Security II Seminar Objectives
  • Network Security
    • IPSEC filtering
      • IP Security Overview
      • Starting IPSec Service
      • Installing an IPSec Policy
      • Creating a Custom IPSec Policy
  • Application Security
    • Services to Shut Off
      • Disabling Un-necessary Services
      • Use Secure Services
      • Specific XP Services to Disable
xp security ii seminar objectives3
XP Security II Seminar Objectives
  • Application Security
    • Remote Desktop / Remote Assistance
      • Remote Assistance Overview
      • Disabling Remote Assistance
      • Setting Up Remote Desktop
      • Changing Default Remote Desktop Port
      • Disabling Remote Desktop
    • Using HFNetChk and Baseline Security Analyzer
      • HFNetChk Overview
      • Microsoft Baseline Security Analyzer Overview
    • Reading Logs
      • System LogFile Locations
      • IIS LogFile Locations
  • Conclusion
xp security ii seminar objectives4
XP Security II Seminar Objectives
  • System Security II
    • Software Update Services (SUS) & Patching
    • Simple File Sharing
    • NTFS Permissions
    • Windows Security Templates & Policies
    • IPSEC filtering
  • Application Security
    • Services to Shut Off
    • Remote Desktop / Remote Assistance
    • Using HFNetChk and Baseline Security Analyzer
    • Reading Logs
windows xp security ii1
Windows XP Security II
  • System Security II
    • Software Update Services (SUS) & Patching
      • Automatic Updates on Standalone workstations
      • Installing SUSAdmin
      • Configuring SUSAdmin
      • Synchronizing SUS
      • Approving Updates
      • Installing SUSClient
      • Configuring SUSClient to update from server via AD OU Group Policy
    • Simple File Sharing
    • NTFS Permissions
    • Windows Security Policies
  • Network Security
  • Application Security
installing susadmin
Installing SUSAdmin
  • SUS has two portions:
    • Server (SUSAdmin)
    • Client (Automatic Updates Client)
  • SUSAdmin can only be installed on Windows 2000 or 2003 Server
  • It is recommended that SUSAdmin be installed on Standalone Server (Not domain controller or application server)
  • Install Server Software from: http://download.microsoft.com/download/0/b/9/0b97f864-2408-4748-ad96-3691e2451006/SUS10SP1.exe
  • Read SUS Deployment Whitepaper: http://www.microsoft.com/windowsserversystem/sus/susdeployment.mspx
configuring susadmin
Configuring SUSAdmin
  • On SUSAdmin Server, open following URL:
    • http://localhost/SUSAdmin
  • Welcome screen will appear. Click on “Set Options” in left frame.
    • Choose whether to maintain the updates on a MS Windows Update Server or save the updates to a local folder.
    • If updates saved to local folder, choose “Locales” (Languages) for install packages. Only use minimum necessary languages to reduce download time of updates
  • It is recommended that you use SSL for SUS. Instructions on enabling SSL for SUS can be found in the MS SUS Whitepaper on page 25.
synchronizing sus
Synchronizing SUS
  • Click on Synchronize Server on left frame.
  • On right side of page, click on “Synchronization Schedule”
    • Choose when synchronization should occur (weekly, daily, etc).
    • Recommended setting = daily
  • Click on Synchronize now
    • Catalog Download Progress will appear. It will appear to “hang” on 100% with a cancel button below. Do not cancel!
    • Next, it will start downloading the actual updates
approving updates
Approving Updates
  • Click on “Approve Updates” in left hand pane.
  • All available updates that have been downloaded will be listed with one of the following status:
    • New (recently downloaded and not approved)
    • Approved (approved and available for download by client computers)
    • Not Approved (Declined by SUS administrator and will not be made available for client computers)
    • Updated (A change has been made to an update)
    • Temporarily Unavailable (Update package or a dependency is not available)
  • Check the box next to the updates you have previously examined in a test environment and want to approve for distribution to your client computers.
installing susclient
Installing SUSClient
  • Client can be downloaded from: http://www.microsoft.com/windows2000/downloads/recommended/susclient/default.asp
  • Client can be installed on:
    • Windows 2000 Professional with Service Pack (SP) 2 (already included with W2K SP3)
    • Windows 2000 Server with SP2
    • Windows 2000 Advanced Server with SP2
    • Windows XP Professional (already included with XP SP1)
    • Windows XP Home Edition
configuring susclient to update via ad ou group policy
Configuring SUSClient to update via AD OU Group Policy
  • Type dsa.msc on an Active Directory Domain Controller.
    • Right click the OU or domain where you want to create the policy
    • Choose properties
  • Click the Group Policy tab and click new
  • Type a name for the policy and click edit.
    • Double click either Computer or User Configuration (Settings) and right-click on Administrative Templates
  • Choose Add/Remove Templates, and then click Add
    • If you don’t already see wuau in the list of current policy templates, click the add button at the bottom of the screen.
    • Navigate to \Systemroot\Windir\inf\WUAU.adm
    • Click Open
configuring susclient to update via ad ou group policy cont
Configuring SUSClient to update via AD OU Group Policy (Cont.)
  • In Group Policy Editor, Click on Computer Configuration in left hand pane.
    • Click + next to Administrative Templates to expand it.
    • Click + Next to Windows Components
    • Click on Windows Update
  • Configure options in right hand pane:
    • Configure Automatic Updates
    • Specify intranet Microsoft update service location
    • Reschedule Automatic Updates scheduled installations
    • No auto-restart for scheduled Automatic Updates installations
  • SUS can be set up via Registry entries if you aren’t using Active Directory. Please see page 61 of the SUS Whitepaper for installation instructions.
windows xp security ii2
Windows XP Security II
  • System Security II
    • Software Update Services (SUS) & Patching
    • Simple File Sharing
      • Simple File Sharing Overview
      • Setting Up SFS Shares
      • SFS Is Not Secure
      • Disabling SFS
    • NTFS Permissions
    • Windows Security Templates and Policies
  • Network Security
  • Application Security
xp simple file sharing
XP Simple File Sharing
  • With Windows XP, Microsoft introduced a new feature called “Simple File Sharing”
  • By default with Simple File Sharing, no files or folders on the hard drive are shared with other network users.
  • Simple File Sharing enabled by default in:
    • XP Home: This feature cannot be disabled in XP Home Edition.
    • XP Pro: Only enabled in workstation / standalone mode. It may be disabled in this mode. When an XP Pro machine is joined to a domain, this feature is automatically disabled, and uses standard NTFS permissions instead.
setting up shares using simple file sharing
Setting Up Shares Using Simple File Sharing
  • To share a folder with simple file sharing enabled, right click on folder and choose properties and select the sharing tab.
    • To share files/folders with other users on the same machine, drag the desired items to the “Shared Documents” folder
    • To share file(s) or folder(s) with other network users, (use the network setup wizard) and then give share a name. There is a check box to “Allow network users to change my files” – This is not recommended!!!
xp simple file sharing is not very secure
XP Simple File Sharing Is Not Very Secure!
  • Simple File Sharing does not use passwords or access restrictions.
  • Everything that is shared is accessible by everyone on the network.
  • If “Allow network users to change my files” is checked, others have write privileges to the folder without any access controls.
  • This is a good way for viruses to spread!
  • If any folders or files are shared, it is recommended that you do not use simple file sharing.
disabling xp simple file sharing
Disabling XP Simple File Sharing
  • To disable simple file sharing, open up Windows Explorer or My Computer folder. Under the Tools Menu, Select Folder Options. Choose the View Tab. Scroll down to “Use Simple File Sharing” and uncheck the box.
windows xp security ii3
Windows XP Security II
  • System Security II
    • Software Update Services (SUS) & Patching
    • Simple File Sharing
    • NTFS Permissions
      • Definitions
      • Changing Default Permissions
      • NTFS Rules: Additive Permissions and Deny Permissions
      • Removing Access to common executables
    • Windows Security Templates & Policies
  • Network Security
  • Application Security
nt file acls permissions for shared files
NT File ACLs (Permissions) For Shared Files
  • NTFS uses DACLs (Discretionary Access Control Lists) to determine authorization
  • An individual object in an Access Control Lists us known as an Access Control Entry (ACE).
  • Generically, a collection of ACL’s can be referred to as permissions
  • Microsoft default for permissions has been : Usability over security
  • For security purposes it is prudent to restrict access to everyone and anonymous users where possible.
changing default ntfs permissions
Changing Default NTFS Permissions
  • After applying service pack, replace “Everyone” with Full Control to Administrators on pertinent files/folders
  • Folders created by OS generally have correct permissions. Any folders created by you will inherit root folder permissions by default which is Everyone has Full Control
    • Note: Always add administrator(s) with full control before taking away full control for everyone.
    • Add Authenticated Users; give them desirable permissions
      • E.g. RWXD or RX
ntfs acl rule 1 acl permissions are additive
NTFS ACL Rule 1: ACL Permissions Are Additive
  • Example: Your account is a member of two groups: Backup Operators and Users.
    • The Users group is not listed in the group of people allowed access to the folder. However, the Backup Operators group has permissions listed as RWXD.
    • Result: You have RWXD permissions for this folder.
ntfs acl rule 2 deny explicitly overwrites any allow permissions
NTFS ACL Rule 2: “Deny” Explicitly Overwrites Any “Allow” Permissions
  • Example: Your account is again a member of two groups: Backup Operators and Users
  • The Users group has an explicit deny flag set for the folder. The Backup Operators Group is set to RWXD.
  • Result: You will not be able to access this folder!
remove access to known command line executables from everyone
Remove Access to Known Command Line Executables From “Everyone”
  • Grant ACL’s for authenticated users only for the following C:\Winnt\System32 executables:
      • Cmd.exe
      • Command.com
      • Ftp.exe
      • Regedit.exe
      • Regedt32.exe
      • Telnet.exe
      • Tftp.exe
windows xp security ii4
Windows XP Security II
  • System Security II
    • Simple File Sharing
    • NTFS Permissions
    • Windows Security Templates & Policies
      • Security Policies Overview
      • Account / Password Policies
      • Auditing Policies
      • User Rights Assignment
      • Security Policies
  • Network Security
  • Application Security
security policies
Security Policies
  • Control Panel  Classic View  Administrative Tools  Local Security Policy
  • Policies Include:
    • Account Policies, Local Policies, Security Options, Public Key Policies, Software Restriction, IPSEC
security templates
Security Templates
  • Template: A predefined “stencil” of computer settings which can be quickly and/or automatically applied.
  • Microsoft has predefined some computer security templates
    • Designed to lock down settings and make the computers more secure.
    • They are located at: %SystemRoot%\Security\Templates and are kept as .ini files.
    • You can directly edit the .ini files in notepad if you wish
  • You can use the MS templates, but it is suggested that you create a new template and define the security settings
  • Then use the Security Configuration and Analysis tool to compare your settings to MS recommended settings.
creating a new security template
Creating a New Security Template
  • Go to the Start Menu and choose Run. Type “mmc” in the box and press enter.
  • Under the file menu, select “Add/Remove Snap-in” and select the add button when it appears
  • Click the Security Templates from the Add Standalone Snap-in Window
  • Click ok and the close button
  • The Security Templates button will now appear in the left pane of the MMC console window.
  • Right click on the location of the templates and select “New Template” Next, type in the name of your template and a description.
defining your security settings
Defining your Security Settings
  • Click on the + Sign next to the name of your newly created security template and navigate through the entries.
  • Change the security settings you see fit.
  • Once you have done so, right click on the name of your security template and choose “Save As” to save your settings to a file.
  • Extensive information about security settings will be discussed in following section of seminar.
opening the security configuration and analysis tool
Opening the Security Configuration and Analysis Tool
  • Open the MMC and add the Security Configuration and Analysis Snap-In exactly as you added the Security Templates Snap-In.
  • Right Click on the Security Configuration and Analysis in the left pane. Choose “Open Database” and type in a filename for a new database you will be creating to compare your security settings in.
  • Next, you will see an “import template” dialog box. Choose the name of the template you want to compare your settings to (e.g. HISECWS). Click on Open.
using the security configuration and analysis tool
Using the Security Configuration and Analysis Tool
  • Right-click on the tool and choose “Analyze Computer Now” It will put a check mark next to any of your settings that it deems sufficiently match the MS predefined template and an X next to those that do not.
  • To apply all settings from a MS template to your computer, right-click on the Tool and Click “Configure Computer Now”. Warning, this applies MS settings over yours, which is Non-reversible! Use Caution!
applying security templates
Applying Security Templates
  • Security templates should be applied both for domain settings and local settings (in case the domain is not available).
  • You can apply the templates manually to the local system or though the “secedit” command (you can use a batch file at logon to automatically apply the desired template).
  • You can also apply domain security settings for domain to automatically be applied to all computers the domain.
importing a template into active directory
Importing a template into Active Directory
  • You can set templates for Organizational Units in the following manner on an AD Domain Controller:
    • Open Administrative Tools in the Control Panel and select Active Directory Users and Computers
    • Right-click on the Organizational Unit that requires the security policy. Select properties
    • Click on the Group Policy Tab. Select New and type in the name of the new policy you will be adding
    • Click on the Edit button and the Group Policy Object Editor will appear
    • Click the + next to Computer Configuration. Then, Click the + to expand the Windows Settings
    • Right click on Security Settings and choose “Import Policy”
    • Select the template that you wish to be applied to the OU and click on Open to import the policy.
account password policies
Account / Password Policies
  • Password History (X passwords remembered)
    • Default = 0, Recommended = 5
  • Maximum Password Age (X days)
    • Default = 42 days, Recommended = ?
  • Minimum Password Age
    • Default = 0 days, Recommended = ?
  • Password Length
    • Default =0, Recommended = 7
password policies cont
Password Policies (cont.)
  • Password Must Meet Complexity Requirements
    • ¾ of the following: lower case, upper case, numbers, symbols AND passwords cannot contain user name or any part of full name.
    • Default = Disabled, Recommended = Enabled
  • Store passwords using reversible encryption for all users in the domain
    • Default = Disabled
account lockout policy
Account Lockout Policy
  • Account Lockout Duration
    • Recommended: 15 minutes or longer
  • Account Lockout Threshold
    • Recommended: 5 attempts or lower
  • Reset Account After
    • Recommended: 15 minutes or longer
auditing policies
Auditing Policies
  • By default, nothing is audited in XP!
  • Audit Account Logon Events – Records response of a domain controller to authenticate a network user.
    • Recommended: Success / Failure
  • Audit Account Management – Audits account changes such as renaming, enabling/disabling, password changes, creation, deletion, etc.
    • Recommended: Success / Failure
auditing policies cont
Auditing Policies (Cont.)
  • Audit directory service access – logs events of standard active directory objects
    • Recommended = Failure
  • Audit Logon Events – Records user authentication for local machine or domain controllers
    • Recommended = Success / Failure
  • Audit Object Access – Allows setting of auditing on files or directories (you must set each directory/file separately).
    • Recommended = Varies
auditing policies cont1
Auditing Policies (Cont.)
  • Audit Policy Change – Audits additions, deletions, and changes made to local and domain security policies
    • Recommended = Success / Failure
  • Audit Privilege Use – Audits special privileges assigned to a user, privileged services that are called, and privileged object operation
    • Recommended = Failure (Auditing success will fill up logs very quickly!)
auditing policies cont2
Auditing Policies (Cont.)
  • Audit Process Tracking – Audits processes (creation, exits, and resources)
    • Recommended = Failure or None
  • Audit System Events – Audits events going on within the physical system that can affect security or logging (shutdowns, reboots, clearing of logs)
    • Recommended = Failure (can fill up logs VERY quickly)
auditing recap
Auditing Recap
  • Audit success, failure of:
    • Logon events
    • Account management
    • Policy change
    • Object Access
  • Audit failure of:
    • Privilege use
    • Process tracking
    • System events
user rights assignment
User Rights Assignment
  • “Access this computer from the network”
    • Default includes everyone in Windows NT
    • You can remove Everyone and add desired users
  • Other User Rights Assignment options include who is allowed to:
    • Back up files,
    • Increase quotas,
    • Log on locally,
    • Shut down the system,
    • Take ownership of files of other users
user rights assignment cont
User Rights Assignment (Cont.)
  • Bypass Traverse Checking – Allows access to files and folders regardless of user’s permission to parent folder for users included in list.
  • This setting basically nullifies “Inherit parent permissions”
  • E.g. if you remove “Everyone”, then anyone not in one of the listed groups will access files based on parent inheritance, not individual file permissions.
security options accounts
Security Options: Accounts
  • Only those that should be changed are listed here.
  • Guest Account Status
    • Should be set to disabled. If it is not, please change this policy status to disabled
  • Administrator Account Status
    • May be disabled
  • Rename Guest Account
    • Recommended!
  • Rename Administrator Account
    • Recommended!
  • Limit Local use of blank passwords to console logon
    • Do not change this to disabled!!!
security options devices
Security Options: Devices
  • Restrict access of CD Rom and Floppy to locally logged on User –Recommended especially if running Remote Desktop or IIS is installed (e.g. A windows setup disk is left in the cd drive).
security options interactive logon
Security Options: Interactive Logon
  • “Do Not Display Last User Name in Logon Screen” – Change to enabled (Users must know username and pw).
  • Message text/title for users attempting to log on
security options network access
Security Options: Network Access
  • Do not allow anonymous enumeration of SAM Accounts, Do not allow anonymous enumeration of SAM account and Shares – Should be set to enabled
    • If not enabled, local/domain accounts can be enumerated via the NetBIOS protocol
    • Scripts / Lophtcrack can then be used to determine passwords associated with userid
    • Let Everyone permissions apply to anonymous user – should be disabled
  • Remotely accessible registry paths – if possible, remove ALL paths.
security options network security
Security Options: Network Security
  • Force logoff when logon hours expire – should be enabled.
security options shutdown
Security Options: Shutdown
  • Allow system to be shut down without users having to log on – disable this option.
  • Clear Virtual Memory Pagefile when Shutting Down – Enable this option
windows xp security ii5
Windows XP Security II
  • System Security II
  • Network Security
    • IPSEC filtering
      • IP Security Overview
      • Starting IPSec service
      • Installing IPSec Policy
      • Creating a Custom IPSec Policy
  • Application Security
ip security filtering
IP Security Filtering
  • IP filtering using IPSEC allows the computer administrator to create a list of connections allowed or disallowed based on a number of rules such as port number, source, or destination.
  • For example, you can block all NetBios traffic external to PSU but allow connections from the Penn State address space.
starting the ipsec service
Starting the IPSEC Service
  • In the Control Panel, open Administrative Tools and then Services. Make sure that IPSEC Policy Agent is Started and Set to Automatic.
installing ipsec policy
Installing IPSEC Policy
  • Next, open the Control Panel  Administrative Tools  Local Security Policy. Right click on “IP Security Policies on local machine”. From the menu that appears, choose “All Tasks”. Select “Import Policies” and browse to the location of the IPSEC policy.
  • The policy should now appear in the list on the right hand side. Right click the new policy and select “Assign”.
creating a custom ipsec policy
Creating a Custom IPSEC Policy
  • Open up the XP Help and Support button and click on Add or edit IPSec filters
  • This help guide will walk you step by step through configuring custom IPSEC filters.
common breaches of system security
Common Breaches of System Security
  • Most breaches are a result of this aspect!
  • Open Network Shares
  • Incorrect ACLS
  • No Auditing / Logging
  • Weak Passwords (Lophtcrack)
  • Policies not set correctly
xp security ii seminar objectives5
XP Security II Seminar Objectives
  • System Security II
    • Simple File Sharing
    • NTFS Permissions
    • Windows Security Policies
  • Network Security
    • IPSEC filtering
  • Application Security
    • Services to Shut Off
    • Remote Desktop / Remote Assistance
    • Using HFNetChk and Baseline Security Analyzer
    • Reading Logs
windows xp security ii6
Windows XP Security II
  • System Security II
  • Network Security
  • Application Security
    • Services to Shut Off
      • Disabling un-necessary services
      • Use Secure Services
      • Specific XP Services to disable
    • Remote Desktop / Remote Assistance
    • Using HFNetChk and Baseline Security Analyzer
    • Reading Logs
application security
Application Security
  • Check for patches for all software (Application patches should be applied before system is placed on network)
  • Adding remote access software increases risk of breaches
    • Backdoors
    • Warez servers
    • SMTP servers
    • Admin tools for dDos attacks
    • Scanners/automated scripts disguised as innocent files
    • OS files removed
services
Services
  • Disable any that you are not using
    • SMTP
    • RAS (including VNC, Timbuktu, Terminal Services)
    • HTTPD (IIS) – Caution - May be installed with Network Monitoring Tools in 2000/XP
    • FTP/tFTP
    • Telnetd
  • Service Distribution: Do NOT install all services on one machine!
  • Do Not install on PDC/ BDC
use secure services
Use Secure Services
  • Plugins for Email (Kerberos, PGP)
  • SSh vs. Telnet
  • HTTPS vs. HTTP
  • Scp vs. FTP
  • Use Secure services wherever possible.
xp services
XP Services
  • Accessed from: Control Panels  Classic View  Administrative Tools  Services
  • If not needed, stop and set to manual:
    • Remote Registry
    • Remote Desktop
    • Remote Access Auto Connection Manager
    • NetMeeting Remote Desktop Sharing
    • SSDP (Universal Plug and Play)
      • TCP Port 5000
      • UDP Port 1900
windows xp security ii7
Windows XP Security II
  • System Security II
  • Network Security
  • Application Security
    • Services to Shut Off
    • Remote Desktop / Remote Assistance
      • Remote Assistance Overview
      • Disabling Remote Assistance
      • Remote Desktop Overview
      • Setting Up Remote Desktop
      • Changing Default Remote Desktop Port
      • Disabling Remote Desktop
    • Using HFNetChk and Baseline Security Analyzer
    • Reading Logs
remote assistance
Remote Assistance
  • Designed to allow others to take control of your computer to assist in troubleshooting and even fix problems.
  • Turn this off until it is needed!
  • Control Panel  Classic View  System  “Remote” tab  “Settings” button
  • Administrators group can connect to the computer by default.
disabling remote assistance
Disabling Remote Assistance
  • To disable uncheck one of the following:
    • “Allow Remote Assistance invitations to be sent from this computer”
    • Under Advanced button, “Allow this computer to be controlled remotely”
remote desktop
Remote Desktop
  • Other computers can access your windows session by remotely logging in to your computer with a valid username and password
  • This feature is based on Terminal Services; session data is sent encrypted.
  • (E.g. you can leave your machine logged in at work and then log on to Remote Desktop at home to control your computer).
  • Logging on remotely locks screen locally
setting up remote desktop
Setting Up Remote Desktop
  • On host computer, navigate to the Control Panel and choose the System icon. Click on the Remote tab.
    • Check the box for Allow Users to connect remotely to this computer.
    • Click on the settings button to change which users have remote access.
setting up remote desktop1
Setting Up Remote Desktop
  • To open Remote Desktop Client:
    • On connecting computer if XP, navigate to the Start Menu  Accessories  Communications  Remote Desktop Connection
    • On a non-XP Windows machine, insert the XP CD into the CD Rom drive. When the Welcome page appears, click Perform additional tasks, and then choose Set up Remote Desktop Connection
  • You will need to enter the IP address of machine you are connecting to, and your username and password on that machine.
remote desktop connection
Remote Desktop Connection
  • Click the options button to expand so additional options (username and password, domain, display options, etc are shown).
changing remote desktop port
Changing Remote Desktop Port
  • By default, Remote Desktop (and Terminal Services) runs on port 3389.
  • You can add “security by obscurity” by changing the default port.
  • You need to:
    • Make a simple registry change on the host computer (see:)

http://support.microsoft.com/default.aspx?scid=kb;EN-US;306759

    • Add :portnumber after IP address on connector for client.
entering remote desktop port in client
Entering Remote Desktop Port in Client
  • In example, 10.0.0.1 is theoretical IP Address and :8337 is port that Remote Desktop was changed to.
disabling remote desktop
Disabling Remote Desktop
  • If not needed, do not run this feature.
  • Control Panel  Classic View  System  “Remote” tab  “Settings” button
  • Uncheck “Allow others to connect remotely to this computer”
  • All Remote Access Services should log all traffic
windows xp security ii8
Windows XP Security II
  • System Security II
  • Network Security
  • Application Security
    • Services to Shut Off
    • Remote Desktop / Remote Assistance
    • Using HFNetChk and Baseline Security Analyzer
      • HFNetchk Overview
      • Microsoft Baseline Security Analyzer Overview
    • Reading Logs
hfnetchk
HFNetchk
  • Command Line utility which tells you if you are up to date on patches.
  • Every time you run HFNetchk, it will attempt to connect to Microsoft to download an up to date XML document which indicates what patches should be on your machine.
  • If the network is unavailable, it will use configuration already saved to your hard disk.
  • You can download HFNetchk from: http://support.microsoft.com/default.aspx?scid=kb;en-us;303215
baseline security analyzer
Baseline Security Analyzer
  • http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/Tools/MBSAhome.asp
  • Checks for hotfixes and security misconfigurations on systems.
  • Scan by machine name or IP Address(es) – Can scan multiple computers at a time.
windows xp security ii9
Windows XP Security II
  • System Security II
  • Network Security
  • Application Security
    • Services to Shut Off
    • Remote Desktop / Remote Assistance
    • Using HFNetChk and Baseline Security Analyzer
    • Reading Logs
      • System Logfile locations
      • IIS Logfile location
reading logs
Reading Logs
  • Event Viewer (eventvwr)
    • System
    • Application
    • Security
  • IIS Logs (c:\winnt\system32\logfiles)
    • W3SVC1, etc.
  • If you do not look through logs you may not notice anything is going on!
xp security ii seminar objectives6
XP Security II Seminar Objectives
  • System Security II
    • Software Update Services (SUS) & Patching
      • Automatic Updates on Standalone Machines
      • Installing SUSAdmin
      • Configuring SUSAdmin
      • Approving Updates
      • Installing SUSClient
      • Configuring SUSClient to update from server via AD OU Group Policy
    • Simple File Sharing
      • Simple File Sharing Overview
      • Setting Up SFS Shares
      • SFS Is Not Secure
      • Disabling SFS
xp security ii seminar objectives7
XP Security II Seminar Objectives
  • System Security II (Continued)
    • NTFS Permissions
      • Definitions
      • Changing Default Permissions
      • NTFS Rules: Additive Permissions and Deny Permissions
      • Removing Access to Common Executables
    • Windows Security Templates & Policies
      • Creating a New Security Template
      • Defining Your Security Settings
      • Using the Security Configuration and Analysis Tool
      • Applying Security Templates
      • Security Policies
xp security ii seminar objectives8
XP Security II Seminar Objectives
  • Network Security
    • IPSEC filtering
      • IP Security Overview
      • Starting IPSec Service
      • Installing an IPSec Policy
      • Creating a Custom IPSec Policy
  • Application Security
    • Services to Shut Off
      • Disabling Un-necessary Services
      • Use Secure Services
      • Specific XP Services to Disable
xp security ii seminar objectives9
XP Security II Seminar Objectives
  • Application Security
    • Remote Desktop / Remote Assistance
      • Remote Assistance Overview
      • Disabling Remote Assistance
      • Setting Up Remote Desktop
      • Changing Default Remote Desktop Port
      • Disabling Remote Desktop
    • Using HFNetChk and Baseline Security Analyzer
      • HFNetChk Overview
      • Microsoft Baseline Security Analyzer Overview
    • Reading Logs
      • System LogFile Locations
      • IIS LogFile Locations
  • Conclusion
windows is a popular os to hack
Windows Is a Popular OS to “Hack”
  • Millions of lines of code
  • All aspects add to increase security
    • ACLS, Services and Applications run among most important
    • Frequent patching and examination of logs is a must
    • Also consider other means to secure
    • Apply ideas to workstations in department as well
  • Spend extra time setting up a machine when you have time rather than rebuilding when downtime is highly inconvenient
appendix 2 psu security policies
Appendix 2: PSU Security Policies
  • Located at: http://sos.its.psu.edu/policy.html
appendix 3 additional resources
Appendix 3: Additional Resources
  • SANS guidelines
    • /:/common/docs/SANS
  • NSA Guide to Securing W2K
    • nsa2.www.conxion.com/win2k/download.htm
  • Microsoft Windows 2000 Server Security Guide
    • http://www.microsoft.com/technet/security/prodtech/windows/windows2000/staysecure/Default.asp
  • Microsoft SUS Whitepaper:
  • http://www.microsoft.com/windowsserversystem/sus/susdeployment.mspx
slide96
Note
  • Powerpoint slides to this and other seminars, links to utilities, patches, and suggestions for securing Windows operating systems and applications can be found at: http://www.personal.psu.edu/lxm30/windows/windows.html