Application Security Course Project2

madhu_ladu10

winsec_ppt08_l03.pptx

Home >Computer Science homework help >Application Security Course Project2

Security Strategies Windows Platforms and Applications

Lesson 3

Protecting Microsoft Windows Systems

www.jblearning.com

Learning Objectives

Set up encryption in a given organization to secure Windows environment.

Install controls to protect a given Windows system from malware.

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Key Concepts

Setting BitLocker and file, folder, and volume level encryption

Setting up secure communication protocols

Security certificate

Public key infrastructure (PKI)

Installing antivirus and anti-spyware software

Maintaining a malware free Windows system

Scanning and auditing Windows systems

Tools and techniques for malware cleanup

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

DISCOVER: CONCEPTS

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Secure Communications

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Most communication protocols send data without encrypting it. Unencrypted data is data “in the clear”. Data that is encrypted in the clear is easily intercepted. Any computer or network device between the sender and receiver can read and change any message.

Normal communication protocols don’t use encryption

Network traffic can be seen

Secure communication protocols use encryption

Only someone with decryption key can see message’s content

Different encryption options are available

Network traffic can be viewed and changed

Encryption Protocols in Windows

Secure Sockets Layer (SSL) or Transport Layer Security (TLS)

Virtual private network

Internet Protocol Security (IPSec) with Layer 2 Tunneling Protocol (L2TP)

Point-to-Point Tunneling Protocol (PPTP)

Secure Socket Tunneling Protocol (SSTP)

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Windows supports several protocols that provide encryption services. Common Windows secure protocols include:

SSL/TLS - One of the most common types of encrypted communication is the transport layer security protocol—Transport Layer Security (TLS). TLS was formally called secure sockets layer (SSL), and was originally introduced to secure web application communication. TLS provides the secure channel for the hypertext transfer protocol secure (HTTPS) for secure web pages. TLS creates an encrypted tunnel between a web client, most commonly a web browser, and a web server. All data sent back and forth between the server and the client is encrypted. The client and server negotiate a cipher and then exchange a key using public key cryptography. Once the key has been securely exchanged, both sides use the symmetric key for subsequent communications. Although SSL/TLS was created for web application communication, it is commonly used in many applications, including remote desktop, database connections, and any network connections that require exchanging encrypted data.

Encryption Protocols in Windows (Continued)

Wireless Security

Wired Equivalent Privacy (WEP)

Wi-Fi Protected Access (WPA)

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Windows supports several protocols that provide encryption services. Common Windows secure protocols include:

Encryption Algorithms

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

There are two main types of encryption algorithms: symmetric and asymmetric.

Symmetric algorithms use the same key to encrypt and decrypt data. In general, symmetric algorithms are faster than asymmetric algorithms of the same strength. For large amounts of data or frequent encryption or decryption cycles, symmetric algorithms are preferable to asymmetric algorithms because of the faster execution time. The main problem with using symmetric algorithms in distributed applications, such as web applications or virtual private network (VPNs), is getting the same key to both server and client. If you can’t get the encryption key to a client in a secure manner then you can’t create secure connection.

Asymmetric algorithms use two related keys—one key to encrypt data and another key to decrypt data. Asymmetric encryption simplifies the key exchange problem but is slower and requires substantial overhead to maintain connections.

Symmetric encryption

Same key to encrypt and decrypt

Asymmetric encryption (public key)

Private and public keys for encryption and decryption

Faster

Difficult to distribute keys

Slower

Easy to distribute keys

Security Certificates

Solutions to balance encryption algorithms strengths

Use asymmetric encryption to exchange a symmetric key.

Use symmetric encryption after key exchanges further messages.

Security certificate

Use identity information in addition to public key for encryption.

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Server Certificates

Purchase a certificate

Use Internet information server (IIS) to request a server certificate.

Send request to issuer.

Import purchased certificate into IIS.

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Server Certificates (Continued)

Create your own using Active Directory certificate services

Use IIS to create a self-signed certificate.

Export the certificate from IIS.

Import the certificate to each client.

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Self-Signed Certificate

Create Certificate

Export Certificate

Import Certificate on Clients

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

The process to create and distribute self-signed certificates involves these steps:

Create self-signed certificate in IIS

Export certificate

Import self-signed certificate into Web Browser’s Trusted Root Certificate Authorities list for each client

Public Key Infrastructure (PKI)

How it works:

General approach to handling keys

Uses trusted entities and certificates

Trusted entity—Certificate Authority (CA)

To set up a connection:

Get a certificate from a CA for the connection target.

Decrypt the certificate using the CA’s public key.

The decrypted certificate contains the public key of the connection target.

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

The general approach to handling keys using trusted entities and digital certificates has been formalized into a strategy called the public key infrastructure (PKI). PKI is the collection of hardware, software, policies and procedures needed to manage digital certificates.

The PKI process starts with a list of trusted entities and their public keys. A trusted entity is generally a certificate authority (CA) or a defined trusted source. Each computer system contains a list of public keys of trusted entities. A document that is encrypted with a trusted entity’s private key can be decrypted with the same entity’s public key.

When setting up a connection, you would first obtain a security certificate from a trusted entity. The formal PKI process would require you to request a certificate for the connection’s target (other end) from the PKI registration authority (RA). The RA authenticates you and directs the CA to issue the certificate. You would decrypt the certificate using the CA’s public key to decrypt the certificate. The certificate would contain the public key for the target. Once you have the target’s public key you can use that to encrypt messages that only the target can decrypt with its private key.

Purpose of Malware

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Malware was first introduced to computers and networks as “harmless” experiments or pranks. In fact, the earliest examples of programs that later came to be known as malware really were not malicious at all. The earliest malware developers were mostly interested in learning what novel computer programs could accomplish. Today, most malware satisfies more dubious purposes. Current malware generally exists to fulfill one more more of the following purposes:

Disrupt computer operations – Malware programs can overwhelm a computer's ability to run other programs or communicate with other computers or devices. They can also damage or even remove critical operating system components that other programs need to operate. Malware can also alter or delete memory or disk content that programs need to run. Most of the actions malware takes to disrupt computer operation results in unexpected conditions that programs cannot handle. The result is unexpected program behavior or even crashed programs.

Gather sensitive information – Many types of malware programs operate without announcing themselves. They search for sensitive data, such as financial data and personal identification data. It stores any data it finds or sends it to the malware creator using the computer's network connection. There are many places users store sensitive information, including browser cache, files on disk, and even in memory. Malware programs know where to look for the most common sensitive data.

Gain unauthorized access to restricted computer resources – The third main purpose of malware is to provide a way for attackers to access computers and other network resources. Malware written for this purpose will exploit vulnerabilities to get inside a protected network. It will then take some action that results in a new access method for an attacker. In effect, this type of malware opens a new door to a restricted computer.

Malware may exist to carry out specific attacks or to accomplish only one step in more complicated attacks. For example, malware can often help attackers identify likely victims for a subsequent attack. Attackers routinely use many types of tools to carry out attacks. Malware is just one tool in their arsenals.

Disrupt computer operations

Gather sensitive information

Gain unauthorized access

Types of Malware

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Programs that generate funds

Ransomware: slows down the computer, encrypts files, or restricts acesss until a payment has been made

Programs that spread

Trojan horse: masquerades as a useful program

Virus: infects other programs

Worm: self-contained program

Programs that hide

Rootkit: modifies programs to hide its presence

Spyware: covertly collects information

Indications of Malware

Advertising pop-ups frequently appear, one right after another

Additional toolbars in Web browser that you cannot remove

Web browser visits sites without you directing it to visit the sites

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

The most effective malware, or malicious software, does its job without alerting you of its presence. Unless the purpose of the malware is to be destructive or disruptive to your ability to use your computer you shouldn’t even know if it’s there. If good malware attempts to run undetected, how do you know if you’re infected?

The warning signs indicated above shows that your computer may be infected with malware.

Indications of Malware (Continued)

Changes to Web browser settings that result in home page not opening or other unexpected Web browser behavior

Computer operates more and more slowly and you don’t know why

Computer suddenly crashes more often

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

DISCOVER: PROCESS

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Encrypted Data Transmission

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Encryption process for communications is as follows:

The sender uses the key to encrypt a plaintext message. The encryption process produces unreadable ciphertext.

The ciphertext message is sent to the receiver.

The receiver uses the same key to decrypt the ciphertext and create the original plaintext message.

Virtual Private Network (VPN)

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Many organizations of all sizes use secure VPNs to allow remote users to connect to secure resources across the Internet. Since the secure VPN ensures all traffic is encrypted at the endpoints, no unencrypted data is ever sent across the insecure network in the clear.

VPNs are useful when connecting users or other servers to your network and a part of the transport network is insecure. The most common example of an insecure network is the Internet. Secure VPNs allow remote users to exchange confidential data across the Internet without risking disclosure or modification. This assurance comes from the fact that all traffic in the secure VPN tunnel is encrypted.

Another advantage to VPNs is that the applications do not need to handle the encryption. The secure VPN tunnel looks like just another network connection to the application software.

How Malware Spreads

Opening infected e-mail messages

Opening infected documents

Over the network and via e-mail address books

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

How Malware Spreads (Continued)

Following unknown links

Images

Embedded links in e-mail messages

Social media abbreviated links

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Procedure for Protecting Computers

To be effective:

Keep antivirus/anti-malware software and definition files up to date

Periodically scan computers for malware

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

As soon as you install anti-malware software you must establish a procedure to update the software and malware data, and scan your computers for malware periodically. Check for program and data updates daily and scan your computers at least weekly.

DISCOVER: ROLES

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Key Roles Involve in Encryption Setting

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Information Technology (IT)

Systems Administrator

Security Administrator

Human Resource (HR)

End Users

Database Administrator

Key Roles Responsible for Malware-Free Environment

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Information Technology (IT)

Security Administrator

Human Resource (HR)

Security Awareness Trainer

End User

DISCOVER: CONTEXT

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Encryption for Compliance

Many regulations mandate encryption for transmitting sensitive data:

Health Insurance Portability and Accountability Act (HIPAA)–Private medical information

Gramm-Leach-Bliley Act (GLBA)–Financial information

Payment Card Industry Data Security Standards (PCI DSS)–Payment card information

Multiple state laws–Personal information

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Many laws and regulations require that data be encrypted before being transmitted across a network. These requirements include:

HIPAA (Health Insurance Portability and Availability Act) requires that any personal medical information be encrypted.

GLBA (Graham-Leach-Bliley Act) requires that financial transaction information be encrypted.

PCI DSS (Payment Card Industry Data Security Standards) requires any payment card information be encrypted.

Several U.S. states, including California, Massachusetts, and Nevada requires all personal identification information be encrypted.

Many government legislatures are increasingly expanding the scope of information that must be encrypted. In general, any information that identifies or describes an individual or is a corporation’s sensitive information must be encrypted before being transmitted across any unsecured network.

Common Areas of Malware Attacks

Non-descript e-mail messages

E-mail messages you don’t recognize or expect

Unusual documents

Attached documents with no explanation

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Common Areas of Malware Attacks (Continued)

Embedded links

Hidden behind text label

Abbreviated links

Shortened to ‘save space’

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Higher Learning University (HLU) Cleans Up Malware

Adopted a policy to clean malware from all computers

HLU started with student laptops

All laptops must:

Install approved anti-malware software

Do checks and scans frequently

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

HLU adopted a new policy that ensured all HLU computers are malware free. Malware support costs have grown over the last five years to become the leading type of helpdesk request.

HLU decided to start with the most volatile and uncontrolled group of computers—student laptops. Of all the different types of computers in the HLU environment, student laptop malware problems required more helpdesk resources than any other group. HLU determined that proactively addressing student laptop malware infections would save the helpdesk $65,000 annually in labor costs.

As a pre-requisite to connecting to HLU’s network, all student laptops must demonstrate that they meet the minimum requirements:

Each laptop must have current anti-malware software installed, selected from a list of HLU approved products.

Anti-malware software must be configured to check for software and data updated daily, and immediately download and install any new updates.

Software should perform a scheduled weekly complete malware scan to ensure the computer is malware free. Students should report any reported malware found during scans or during normal operation to the HLU helpdesk.

As a result of being proactive and eradicating malware on student laptops the HLU helpdesk saved $44,000 in personnel costs during the first semester. They expect to exceed their estimates of labor savings in the first year.

DISCOVER: RATIONALE

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

PKO Bank Polski

One of Poland’s largest banks

PKO’s needs

Authorize users, devices, and applications

Protect documents and e-mail messages

Central administration

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

PKO Bank Polski is one of the largest banks in Poland.

PKO needed a solution to authorize users, devices, and applications. They also wanted to protect documents and e-mail messages. PKO decided a centralized PKI solution could provide the capabilities and assurances they needed.

After a thorough evaluation, the PKO deployed Windows Server 2008 with its built-in support for PKI and System Center Operations Manager 2007.

The centralized authentication increases security by providing authorized access to both information and bank facilities. PKO has already seen several benefits from its Windows server–based PKI solution, including better security, faster decision making, easier management, and a highly scalable infrastructure.

Reference: https://www.microsoft.com/casestudies/Case_Study_Detail.aspx?CaseStudyID=4000002019

PKO Bank Polski (Continued)

Solution–Windows Server 2008

With System Center Operations Manager 2007

Improved security and efficiency

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

PKO Bank Polski is one of the largest banks in Poland.

After a thorough evaluation, the PKO deployed Windows Server 2008 with its built-in support for PKI and System Center Operations Manager 2007.

Reference: https://www.microsoft.com/casestudies/Case_Study_Detail.aspx?CaseStudyID=4000002019

HLU Sees Overall Malware Decrease

HLU’s malware-free policy had unexpected results

Many network computer infections started with student laptops

Overall malware activity dropped

Helpdesk savings exceeded expectations

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

HLU adopted a malware-free policy and first deployed it to student laptops. The decision to start with student laptops was made because student calls related to malware made to the helpdesk dominated the call volume. The plan was to reduce the amount of time spent on student malware problems and instead spend the time saved in protecting the HLU servers and internal workstations. At the end of the first semester HLU discovered unexpected results.

Instead of just seeing a decrease in student laptop malware infection helpdesk calls, all malware-related calls reduced in number. Research concluded that most of the malware introduced into HLU’s environment originated with insecure student laptops. Enforcing the malware-free policy for laptops helped make the rest of the HLU environment more secure as well.

Summary

Setting BitLocker and file, folder, and volume level encryption

Setting up secure communication protocols

Security certificate

Public key infrastructure (PKI)

Installing antivirus and anti-spyware software

Maintaining a malware free Windows system

Scanning and auditing Windows systems

Tools and techniques for malware cleanup

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Virtual Labs

Configuring BitLocker and Windows Encryption

Identifying and Removing Malware from Windows Systems

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Use the following script to introduce the first lab:

“In this lesson, you explored the use of encryption to secure Windows environments. You learned about encryption concepts, secure communication protocols, security certificates, and public key infrastructure (PKI).

In the lab for this lesson, Configuring BitLocker and Windows Encryption, you will use the Microsoft Encrypting File System (EFS) to encrypt files and folders on a Windows Server 2012 machine. You will document the success or failure of your encryption efforts. You will install Microsoft BitLocker Drive Encryption, a data protection feature that is used to resist data theft and the risk of exposure from lost, stolen, or decommissioned computers. You will encrypt a data drive on the server and decrypt it using a recovery key.”

Use the following script to introduce the second lab:

“In this lesson, you explored types of malware, such as viruses and spyware, and learned to identify common warning signs or indications of malware infections. Then you learned about controls that protect Windows systems from malware, such as antivirus and anti-spyware software.

In the lab for this lesson, Identifying and Removing Malware from Windows Systems, you will use AVG Business Edition, an antivirus and anti-malware tool, to identify malware from an infected Windows 2012 workstation. You will research remediation for the malware identified by the scan, and take actions to remove those programs. You also will use Windows Defender to perform the same actions on a Windows 2008 workstation.”

OPTIONAL SLIDES

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Object Properties Page

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Server Manager—Features

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Install New BitLocker Feature

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Confirm BitLocker Installation

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Completed BitLocker Installation

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Object Properties—Advanced Attributes

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Enabling BitLocker

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

BitLocker Management Tool

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

BitLocker Authentication Options

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Enabling BitLocker To Go

Page ‹#›

Security Strategies in Windows Platforms and Applications

www.jblearning.com

Secure Web Application Connection

Page ‹#›

Security Strategies in Windows Platforms and Applications