Windows Security Day 5

In this module we are going to look at legacy Windows Desktops. This includes Windows 98 andMe, which are similar. The most important thing to know about Windows 98 and ME is there is nofile security and there is no authentication necessary. Even if you configure the system for multipleusers and have a password screen at bootup, anyone can hit “Cancel” and still get in. Access to filesdepends on access to the machine.
Nội dung trích xuất từ tài liệu:
Windows Security Day 5 Windows Security Day 5 Security Essentials The SANS Institute Windows 98/ME Security - SANS ©2001 1This page intentionally left blank. 1-1 Agenda • Windows Legacy Desktops – Overview – Security Issues • Windows NT – Overview – Security Issues • Windows 2000 – Overview – Security Issues • Windows 2000/XP Desktops Windows Legacy Desktop Security - SANS ©2001 2This page intentionally left blank. 1-2 Agenda (cont.) • Windows Backups • Windows Auditing • IIS – Overview – Security Windows Legacy Desktop Security - SANS ©2001 3This page intentionally left blank. 1-3 Windows Legacy Desktops Security Windows 98/ME Security - SANS ©2001 4In this module we are going to look at legacy Windows Desktops. This includes Windows 98 andMe, which are similar. The most important thing to know about Windows 98 and ME is there is nofile security and there is no authentication necessary. Even if you configure the system for multipleusers and have a password screen at bootup, anyone can hit “Cancel” and still get in. Access to filesdepends on access to the machine. If you use passwords and have two users, each can see all of theother’s files on the hard drive, and open any of them. There are three security techniques you canuse; two enforce security for Windows 98/Me: physical security and encryption and the other isreactive.Let’s look at an example. Joe travels around the world on business. His laptop is protected byphysical security. Since he travels a lot, he tries to keep his laptop bag with him at all times. Still,there are times when Joe leaves it in the hotel room, or accesses the Internet and just hopes. Securityfor most Windows 98/ME users amounts to hope and nothing more.This section will suggest the addition of a layer of security encryption and introduce tools which canhelp you determine what is happening with your Windows 98/ME system. 1-4 Windows Tools • System Configuration Editor • Startup • System File Checker • File Compare • File Attributes Windows Legacy Desktop Security - SANS ©2001 5The first section of this course will be to learn some new tools that give us information about oursystem. Since everything we see will be inherited from the system’s startup processes, let’s coverthe elevator version of the status. From the Power On Self Test (POST) by the ROM BIOS, we go tothe disk and the secondary loader (IO.SYS) which loads the logo.sys (the logo screen). At this point,a database called the registry, is consulted for system information. Virtual Device Drivers (VxDs)come next, followed by an army of DLLs (Dynamic Link Libraries) which are actually programs. Ifyour system is configured for multiple users, this is the point at which you log in and your personalpassword file is examined, which is located at Windows.pwl and if you have a userprofile it is loaded from the user portion of the registry database, which isWindowsProfiles\user.dat If you have never looked at your profile, I highlyrecommend a tour. Finally, if your system.ini has this line, shell=Explorer.exe, and you shutdowncleanly the last time you used Windows, your Windows Explorer will come up after you boot.Understanding your system and knowing how it operates are critical in order to properly secure thatsystem. 1-5 Windows Legacy Desktop Security - SANS ©2001 6Start up files are critical to the operation of your system. If they are modified, the system may beunbootable, or you may run a virus or Trojan horse program without your knowledge every time youboot. You should learn the normal contents of your startup files so that you will recognize possibleproblems and intrusions.Before modifying your startup, it is always a really good idea to back up your registry! I start thescanregw program with the run command: Start → Run → scanregw. It will then scan yourregistry and give you an op ...