Wednesday, November 11, 2009

Audit Policy Settings Basic to In-depth Home Computer Security Guide Page 24

Search Engine Optimization and SEO Tools

Audit Policy Settings

User can set the Audit Policy Setting to determine the security events to report the user or system activity. For example, the user can choose to audit failed logon attempts, which might indicate that someone is trying to log on with an invalid password (perhaps using a program to automate the attack). Or user might want to monitor the use of a particular sensitive file. The user can also choose to monitor changes to user accounts and passwords, changes to security policies, and use of privileges that might reveal that someone is trying to "administer" user’s computer—perhaps not with user’s best interests in mind.
Unlike the other logs that appear in Event Viewer, the Security log is disabled by default in Windows XP Professional and Windows 2000. No events are written to the Security log until the user enable auditing, which is done via Local Security Settings. (In Windows XP Home Edition, security auditing is enabled for certain events. Because Home Edition doesn't include Local Security Settings, user cannot change which events are audited unless he use a tool like Auditpol.exe, which is included in the Windows 2000 Resource Kit.) Even if the user sets up auditing for files, folders, or printers, the events he specified aren't recorded unless he also enables auditing by setting a high-level audit policy in
Local Security Settings.

To edit the Audit Policy Setting Start menu\Settings\Control Panel\Administrative Tools\Local Security Settings\local Policies\Audit Policy and check the boxes accordingly

The following table gives the Audit policy available in Windows Operating System with their respective descriptions.

Table-1: Audit Policies for Security Events

Policy Description
Audit account Account logon events occur when a user attempts to log on or log off
logon events across the network, authenticating to a local user account.

Audit account Account management events occur when a user account or security
management group is created, changed, or deleted; when a user account is
renamed, enabled, or disabled; or when a password is set or changed.

Audit directory Directory service access events occur when a user attempts to access
service access an Active Directory object. (If the computer is not part of a Windows
domain, these events won't occur.)

Audit object Logon events occur when a user attempts to log on or log off a
events workstation interactively.

Audit object Object access events occur when a user attempts to access a file,
access folder, printer, registry key, or other object that is set for auditing.

Audit policy Policy change events occur when a change is made to user rights
change assignment policies, audit policies, trust policies, or password

Audit privilege Privilege use events occur when a user exercises a user right (other
use Than logon, logoff, and network access rights, which trigger other
types of

Audit process Process tracking includes events such as program activation, handle
tracking duplication, indirect object access, and process exit. Although this
policy generates a large number of events to wade through, it can
provide useful information, such as which program a user used to
access an object.

Audit system System events occur when a user restarts or shuts down the computer
events or when an event affects the system security or the Security log.

Local Security Settings has some additional policies that affect auditing, but they're not in the Audit Policy folder. Instead, look to the Security Settings\Local Policies\ Security Options folder for these policies:

• Audit: Audit the user of Backup and Restore privilege. Enable this policy if the user wants to know when someone uses a backup program to back up or restore files. To make this policy effective, user must also enable Audit Privilege Use in the Audit Policy folder.

• Audit: Shut down system immediately if unable to log security audits.

• Audit: Audit the access of global system objects. This policy affects auditing of obscure objects (mutexes and semaphores, for example) that aren't used in most home and small business networks; users can safely ignore it.

The user should only enable the audit policies which he requires to monitor. As it is a time-consuming process and can waste a lot of resources. When the auditing is enabled, the system must write an event record to the Security log for each audit check the system performs. This activity can degrade the computer’s performance. There is absolutely no need to enable them all, it’s purely on the requirement of the user, like Audit Directory Service Access is not required for the home user who is not connected to any Windows Active Directory network.

In addition, indiscriminate auditing adds to log many events that might be of little value to the user, thereby making the real security issues more difficult to find. And because the Security log has a fixed size, filling it with unimportant events could displace other, more significant events.

Here are some suggestions for what user should consider auditing:

• Audit failed logon attempts, which might indicate that someone is trying to log on with various invalid passwords.

• If the user is concerned about someone using a stolen password to log on, audit successful logon events.

• To detect use of sensitive files (such as a payroll data file, for example) by unauthorized users, audit successful read and write access as well as failed attempts to use the file by suspected users or groups.

• If the user use his computer as a Web server, he will want to know whether an attacker has defaced his Web pages. By auditing write access to the files that make up the Web pages, user will know whether his site has been vandalized.

• To detect virus activity, audit successful write access to program files (files with .exe, .com, and .dll file name extensions).

• If the user is concerned that someone is misusing administrative privileges, audit successful incidents of privilege use, account management, policy changes, and system events.

Event Viewer

A component a user can use to view and manage event logs, gather information about hardware and software problems, and monitor security events. It maintains logs of three kinds: application, system, and security.

Checkout for the security logs in event viewer regularly.

To open Event Viewer follow steps given below:

Start menu\Setting\Control Panel\Administrative Tools\ Event Viewer

Thats the End of Tutorial in Future I will update this tutorial.

Various Techniques Used by Hackers to Retrieve Passwords Basic to In-depth Home Computer Security Guide Page 23

Various Techniques Used by Hackers to Retrieve Passwords

·One way of stealing the password is standing behind an individual and over looks their password while they are typing it or search for the papers where they have written the password.

·Another way of stealing the password is through guesses. Hackers try all the possible combinations with the help of personal information of an individual.

·When there are large number of combinations of passwords, the hackers uses fast processors and some software tools to crack the password. This method of cracking password is known as “Brute force attack”.

·Hackers also try all the possible words in an dictionary to crack the password with the help of some software tools. This is called a “dictionary attack”.

Sample password:

IJ!5iS@g0odP4s5wD ---->This is a good password

administrator123 --->bad password

Password Policy

It’s a general practice of users to keep the same password for life long; rather users should change their passwords regularly.

Password should be complex and change regularly. Password policy setting controls the complexity of the password. To edit the password policy setting, go to Start menu\Settings\Control Panel\Administrative Tools\Local Security Setting\Account Policy\Password Policy\ set each and every option

• Enforce Password History

• Maximum Password Age

• Minimum Password Age

• Minimum Password Length

• Password Must Meet Complexity Requirement

Whenever the user is required to use a password, he should use a strong password that conforms to the following Countermeasures:

• At least seven characters in length (the longer the better)

• Includes upper and lower case letters, numerals, symbols

• Has at least one symbol character in the second through sixth position

• Has at least four different characters in given password (no repeats)

• Looks like a sequence of random letters and numbers

• Don’t use any part of logon name for the password

• Don’t use any actual word or name in ANY language

• Don’t use numbers in place of similar letters

• Don’t reuse any portion of old password

• Don’t use consecutive letters or numbers like "abcdefg" or "234567"

• Don’t use adjacent keys on the keyboard like "qwerty"

A good way to create a strong password is by using the first letters of a phase that user can easily remember.

Login settings

Windows NT, 2000 and XP come with many built in users and groups. These include the Administrator, Backup Operator, Guest, Power User and many more. The purpose of these groups is to enhance the abilities of a user without having to make that user an Administrator. However, due to the powers granted to these groups any user that is a member of one can become an Administrator. All unnecessary users must be disabled.

To disable unwanted accounts follow the steps as follows. Go to Start menu\Settings\Control Panel\Administrative Tools\Computers Management\Local Users and Groups\Users. Double click the account user want to disable and Check the box see Figure-15.

Figure-16: Account is disabled


Defensive Measures at Data Layer Basic to In-depth Home Computer Security Guide Page 22

Defensive Measures at Data Layer

This is the fourth and core layer of the defense in depth model. The defensive measures that have to be taken at this layer are:

§User must backup his important files

§Use encryption to ensure confidentiality of sensitive data

§File Checksum

§Password Policy

§Login Settings

§Audit Policy Settings

§Event Viewer

User must backup his Important Files

Taking backups of important files is one of the important safety measures to be taken. It’s like keeping a spare tyre in the car while driving. Imagine the situation when one of the car’s tyre punctures and when driver is about to change that, he come to know that he does not have a spare tyre with him? Or what happens if the computer system malfunctions or is destroyed by a successful attacker?

Backing up data is a task user should perform regardless of whether his system is secured or not. As far as security is concerned, this is the last line of defense. If someone gains access to the system and delete files, then user will need to restore them from backup.

Confused!!!- Which file to save and which not. Here is a help to discriminate between the two. Generally files are divided in two broad categories:

• Files which can be replaced: like basic operating system or application files.

• Files which can’t be replaced: like family pictures, letters, invoices and account records etc.

Although it is the best practice to backup the whole system, but the constraint is of space available on the backup media. User can backup data to an external or removable hard drive, a personal tape drive, Zip or Jazz drive, CDburner or a DVD-burner or bare minimum on to floppy. If user has a CD-writer (which may take more than one CD to take full backup) or DVD-writer he can conveniently take the full backup of his system. But if user does not have these two then he has to decide formerly about the files he wants to take backup and according to the space requirement he can select his backup media.

Every Operating System provides the feature to take backups on different media. Apart from that different applications are also available which can take the backups like the application which come with CD- writer or DVD-writer.

There is an in-built program that comes with Windows Operating System which is called as “Backup”. It is located at Start>Programs>Accessories>System Tools, and is quite easy to operate. User just has to select the files for backup and the destination where he want to store.

How and where should user store his backup media after he backup data to them? Well, user needs to store them in a safe place—remember that they contain files that are virtually irreplaceable if lost or damaged. If user does not have a secure storage area, it must not let this to prevent him from doing regular backups: any backup is better that no backup!

The definition of regularity depends on the comfort level of the user, i.e. how much work is one prepared to lose? A daily backup would be ideal but a weekly backup might be more viable.

Use encryption to ensure confidentiality of sensitive data

With the newer versions of Windows, i.e. Windows 2000 and XP, the user can use the Encrypting File System (EFS) to encrypt important data files. By using such encryption, an intruder who gets through the entire defense in depth layers and tries to access encrypted files or folders will be prevented from doing so. The intruder will receive an access denied message if he tries to open, copy, move, or rename an encrypted file or folder, unless the intruder has determined the UID and password of either the system administrator or the user who created the encrypted file.

Once a file or folder is encrypted, the user can work with the encrypted file or folder just as he would with any other file and folder since encryption is transparent to the user that encrypted the file. This means that the user does not have to decrypt the encrypted file before using it.

A file or a folder can be encrypted, subject to the following constraints, by using Explorer selecting the file/folder and clicking on the “Encrypt contents to secure data” attribute on the advanced features of the properties page:

• Can only encrypt files and folders on NTFS file system volumes.

• Compressed files or folders cannot be encrypted.

• System files cannot be encrypted.

If the user should ever lose their file encryption certificate and associated private key (through disk failure or any other reason), then data recovery is available through the person who is the designated recovery agent.

Of course if the use of EFS is not an option, then a knowledgeable user could use PGP for this sort of encryption. However, using PGP would not be transparent like using EFS. PGP Freeware is available for non-commercial use.

Apart form these; if the user is not using EFS or PGP, then he should use at least NTFS (NT File System), which gives file level user security. Windows 9x does not support NTFS file system, a user should have at least Windows NT or above to use NTFS.

File checksum

File Checksum is a utility that computes MD5 or SHA1 cryptographic hashes for files. The File Checksum utility can generate MD5 or SHA-1 hash values for files to compare the values against a known good value. It can compare hash values to make sure that the files have not been changed. It can also compute hashes of all critical files and save the values in an XML file database. It could be used to check the changes or compromise of the computer against the XML database to determine which files have been modified.

Users are advised to calculate checksum of all the system files and compare them regularly against the threat of Trojans or backdoors.

Password Policies

Importance of a password

·Password represents the identity of an individual for a system.

·This helps individuals protect personal information from being viewed by unauthorized users. Hence it is important to secure passwords.

·Passwords acts like a barrier between the user and his personal information.


·Use at least 8 characters or more to create a password. More number of characters we use, more secure is our password.

·Use various combinations of characters while creating a password. For example, create a password consisting of a combination of lower case, uppercase, numbers and special characters etc.

·Avoid using the words from dictionary. They can be cracked easily.

·Create a password such that it can be remembered. This avoids the need to write passwords somewhere, which is not advisable.

·A password must be difficult to guess.

Countermeasures for Choosing a Good Password and Safeguarding Passwords

·Do not use a password that represents you personal information like nicknames, phone numbers, date of birth etc.

· Change the password once in a month or when you suspect someone knows the password.

·Do not use a password that was used earlier.

·Be careful while entering password when someone is sitting beside you.

·Never write a password on paper to store it. The brain is the best place to store it.

· Do not reveal your password to anyone, not even to the system administrator.

· Store the passwords on computer with the help of an encryption utility.

·Do not use the name of things located around you as passwords for your account.


Security Zones Basic to In-depth Home Computer Security Guide Page 21

Security Zones

IE uses a capabilities/trust model called Zone Security. In this model, Web sites are permitted to perform certain actions based on the following zones.

• Restricted sites Zone-This zone contains web sites that could potentially damage user’s data.

• Trusted sites zone-This zone contains web sites that user can trust not to damage his computer or data.

• Local Intranet Zone- This zone contains all web sites that are on organization’s intranet.

• Internet Zone- This zone contains all web sites that user haven’t placed in other zones.

Figure-12: Security zones in Internet Explorer

Each zone has an assigned security level (High, Medium, Medium-Low, or Low). Users can modify the security level for each zone, but IE will warn them if they attempt to assign a zone, a security level lower than the recommended minimum level.

Disable ActiveX and Java Scripts

Malicious web scripts can get to a web browser when a web developer sends such damaging code as part of the web server’s response. This malicious code is then executed on the host running the browser.

Unfortunately the problem is by disabling these features; the user may find it frustrating that certain sites can no longer be effectively browsed. If the user cannot live without being able to run these scripts, then an alternative is to use a commercial anti-virus scanner that affords some level of protection against malicious scripts.

Choose the following options for safety:

Open Internet Explorer.

On the menu select Tools à Internet Options.

• Click on the Security tab.

• With the Internet zone highlighted, click the Custom Level button.

• Make the following modifications to the Internet zone:

• Under ActiveX controls and plug-ins, set Script ActiveX controls marked safe for scripting to Disable

• Under Scripting, set Active scripting to Disable (This will disable all scripting, including ActiveX. If this impacts required functionality, change the setting to Prompt)

• Under Scripting, set Scripting of Java applets to Disable

By default Trusted sites zone is assigned low security level, since this zone is intended for highly trusted sites, such as the sites of trusted business partners. User can also customize the settings by clicking on Custom level tab.

To add sites to this zone

• Click on Trusted sites icon

• Click on sites tab to add the trusted web site name

• Select Require server verification (HTTPS for all sites in this zone - This ensures that connections to the site are completely secure

• By default, the Restricted sites zone is assigned High security level. Assign sites to this zone as described earlier.

• Click on OK to return to the Internet Options box, and then click OK.

Other Security Settings in IE

IE contains many other security-related settings. Guidance on implementing a few of particular interest is as follows:

• Open Internet Explorer

• On the menu select Tools Internet Options

• Click on the Advanced tab

• Under Security, check the box for Check for server certificate revocation. This causes IE to verify that a Web site’s digital certificate has not been revoked before accepting it as legitimate and current

• Under Security, check the box for Empty Temporary Internet Files folder when browser is closed. This causes IE to delete temporary files after the browser session is finished; these files could inadvertently contain sensitive information.

Figure-13: Other Security Settings for IE

• Click on the Privacy tab, and then click the Advanced button

• Check the Override automatic cookie handling box. This allows different settings to be made for handling first-party and third-party cookies

• Change the Third-party Cookies setting from Accept to Prompt.

This setting causes IE to prompt the user to accept each third-party cookie that is presented to the system.

For more information on Internet Explorer look at the home page of IE at

Secure Site Identification

When buying online, the user must be sure doing business on secure Web sites. Unscrupulous "hackers" can exploit insecure sites to steal user’s personal and important information such as credit card number. This information could be used to steal user’s identity.

Most e-commerce Web sites secure user’s personal information by encrypting or scrambling the data. Netscape and Internet Explorer users can check Web site security by following these instructions:

1. Look for the Lock symbol

Check the status bar at the bottom of the Web browser window for an unbroken lock symbol. This means user’s personal information is scrambled, and no one can read it but the e-business he has contacted.

2. Look for "https" in the Web Site's Address

Secure sites will change their beginning from "http" to “https” if the information is about to pass through a secure channel. The "s" stands for "secure" and indicates that information will travel the Internet in encrypted form.

Since user’s data is encrypted or scrambled, it can't be read during transmission. For example in when user enters the login and password information, the address bar indicates a change from “http” to “https” and also shows the following message before forwarding the information See Figure-13.

Figure -14: Message for secure connection

This warning message is generally ignored by the user or they just select it not to show in future, which is a bad practice. Whenever a security confirmation is made, user should verify the server’s digital certificate.

Check the Certificate

Double-click on the lock symbol to view the security certificate. Make sure the certificate is "Issued to" the Web site and the "Valid from" dates are current. User can also see the certificate from File à Properties and then choose certificates.

Figure-15: Checking the validity of a certificate

The certificate should be checked for the issuer, to whom it has been issued and validity period of the issued certificate (as shown in the figure-14 above).


Mozilla Firefox Basic to In-depth Home Computer Security Guide Page 20

Mozilla Firefox:

This is the second most popular web browser that people use to access the Internet and
consequently needs coverage as well. The following instructions are for Mozilla Firefox running on a Microsoft Windows machine. The most popular version 1.5 and 2.0 all offers.

1. Pop-up Blockers:

As with IE, Mozilla Firefox, henceforth Firefox, also provides a Pop-up blocker. This can be accessed by clicking 'Tools|Options' menu and then clicking the 'Content' tab. Check the 'Block pop-up windows' check box and then click on the 'Exceptions' button to add a few websites from whom pop-ups may be allowed.

2. Java Script Control:

Java Scripts are used to provide the active content of a website. Since they are based on the principle of triggering a piece of program depending on the user input, they execute the moment a user clicks or inputs some data anywhere in the page. This is one of the methods used by malicious code programmers to get into a system and thus poses a threat. Firefox allows for the control of the Java Script execution. Click on the 'Tools|Options' menu item and then click on the 'Content' tab and check the 'Enable Java Script' check box. The default setup provided by Firefox should offer sufficient functionality and need not be worried about to tinker with.

3. History:

The access to the settings of the history of pages visited is held in the 'Privacy' tab of the Firefox options. It is advised to change the 'Remember visited pages for the last ___ days' box to a 0 (zero) value. Uncheck the 'Remember what I enter in forms and the search bar' box. This guarantees that none of your searches are stored in your cache that may be accessed by someone else.

4. Cookies:

Access to the cookies settings can be found in the 'Privacy' tab of the Firefox options. Firefox offers control of cookies by allowing the user the choose whether or not to accept cookies at all. A user may choose the 'Exceptions' and then choose to allow, temporarily allow or block cookies from a website. This setting is offered irrespective of the user's choice to allow/disallow a cookie. User discretion is advised here to allow or cookies at all and then give selective accept/deny to cookies.

5. Private Data:

Firefox allows you to clear all private data, Browsing History, Download History, Saved Forms Information etc. Automatically every time you close a session rather than you manually doing it. We can achieve this by clicking the 'Tools|Options' menu item and then clicking the 'Privacy' tab. Under the 'Private Data' section, check the 'Always clear my private data when I close Firefox' check box. The 'Settings' control offers you the control of what gets deleted upon every exit. Remember to check the cookies to be cleared. However, whether or not to clear the saved passwords depends on the user's preference to use the Password Manager facility. The 'Ask me before clearing private data' option prompts you to decide to clear private data at session close. A check mark indicates a prompt each time st session close.

Countermeasures for using the browsers safely

•Maintain an updated operating system with all security patches installed.

• Update the web browser before browsing the net.

• Run the anti-spy ware program depending upon the usage of the system.

Note: Spy ware is software that gathers information about a user while browsing the Internet and transmits the information to an individual who is responsible for introducing spy ware into the system.

• Maintain an updated AntiVirus software to protect the system from viruses.

• Set the operating system to display file extensions. For Microsoft Windows the settings should be made as shown below.

Go to My Computer --> Tools --> Folder Options -->In the View tab un check the option Hide file extensions for known file types.

• Always use trusted websites for browsing.

• Do not give your personal information over Internet.

• Avoid filling forms that came through email that ask for personal information.

• Always ensure that website offers security before submitting personal information through web browser. This can be done by checking the web address in the address bar which should begin with “https://” rather than “http://”.

• Do not click on the web link that has come via email. Instead go to main website by typing the address in the address bar.

• Never open a link in an email that asks for updating account/personal information.

• Avoid Phishing scams.

Note : Phishing is a process of attracting Internet users to a fake Web site by using authentic looking email with the real organization's logo, in an attempt to steal passwords, personal information, or for introducing virus in to the system.

• Block pop up windows while browsing Internet. Some pop-up messages may contain helpful information but most of the time they are advertisements with possibly some hidden code which is introduced by a hacker.

• Always clear private data after completing Internet browsing and do NOT save your login information.

•Always keep the firewall on.

• Turn off the computer or disconnect it from the network when not in use.


Securing Web Browser Basic to In-depth Home Computer Security Guide Page 19

Securing Web Browser

Web browsers are capable of parsing active code in many forms, including JavaScript, ActiveX, and Java code. These are automatically downloaded and executed by web browser. Malicious individuals often take advantage of this to attack systems, distribute malicious code, or negatively impact systems. Microsoft Internet Explorer (IE) is installed as a default component of Windows Operating System and is closely integrated with it. Because of this, an exploitation of IE can seriously impact the underlying Windows installation, so it is critical to stay current with all IE updates. IE updates can be acquired through the Windows Update and Automatic updates features as described earlier.

Need for Securing the Browser

Since Internet Browser is the primary interface through which users connect to the Internet, there is a need to secure the web browser. Increasing the security of the browser, allows us to access trusted sites while disallowing access to possibly harmful ones.

Browser setting for Internet Explorer and Mozilla Firefox

Microsoft Internet Explorer

We shall briefly discuss the various security settings that Microsoft Internet Explorer (IE) offers. Owing to little difference in the versions of IE, we shall discuss the versions up to and including IE6.0 and IE7.0 separately.

1. Pop-up Blockers:

In IE6.0, click on Tools Pop-up Blocker. Turn on the pop-up blocker. The previously greyed 'Popup Blocker Settings' will be activated. If the pop-up blocker was already active then all you need is to look into the settings. It is advised to keep this list empty (i. e. block all pop-ups) and as you browse the web you will get notifications of any blocked web pages and you may then choose to let a few legitimate pop-ups through. This allows you control over the unwanted, annoying and possibly malicious pop-ups from opening. The 'Filter Level' in the pop-up blocker setting lets you control the extent of pop-up blocker intervention. For more information on pop-ups click on the 'Pop-up Blocker FAQ' at the lower left corner of the 'Pop-up Blocker Settings' window.

2. Trusted and Untrusted Websites:

Click on Tools|Internet Options to open the options window of IE. Click on the Security tab to open the security settings related to web pages. On this page you will have the choice of rating websites based on the suitability of the website contents. The 'Intranet Sites' are not of much use in the home environment. 'Trusted Sites' are the sites that you prefer to have relaxed access criteria. The 'Restricted Sites' are those whose content are inappropriate to be viewed and are consequently blocked if attempts to access these are initiated. 'Internet' encompassed the websites that are not put into any of these categories. Adding of websites to 'Trusted' and 'Restricted' areas is just a matter
of clicking the 'Sites' control and keying in the address of the website.

A note of caution though is to be remembered. A 'HIGH' security level provides high security at the cost of functionality. Similarly, a 'LOW' security level offers high functionality at the cost of security. Consequently, both these settings should be used with sound judgment.

3. Privacy Settings:

A website sets cookies (files that store user related information in your computer) to provide for added functionality in terms of access to the website content. However, since these cookies store information such as credit card details from an on line e-commerce site or user names and passwords, they need to be given a thought on whether or not a cookie should be allowed to be set by a website. The 'Privacy' tab in the IE6.0 options window ( Tools|Internet Options) offer for 6 levels of settings with increasing privacy protection. The 'Low' level is least intrusive but also least secure. Contrastingly, the 'Block All Cookies' setting block any cookie from being set and prevents websites from reading the existing cookies as well.

It is advised to delete all cookies those have been set by a website at the end of every browsing session. One can achieve this objective by clicking the 'Delete Cookies' command button on the 'General' tab of the options window.

4. Content Advisor:

The content advisor allows users view a website depending upon the content of the website. The content filtering is done on the following four criteria: Language, Nudity, Sex and Violence. These are particularly useful for restricting access to certain websites when a child is accessing the Internet. Click on the 'Content' tab of the IE potions window and then click on the 'Enable' button in the 'Content Advisor' section. In the window that opens, move the slider bars to adjust the extent of permissible content. The 'Approved Sites' tab lists those websites that are allowed irrespective of the settings in the 'Ratings' tab.

5. Private Data:

It is advisable to clear the cached cookies, pages visited and the temporary information created during a browser session. This results in clearing of information that would otherwise be left back in your system and might be used by a malicious user should he find an entry into your system. We can do this by opening the IE options window and click on the following entries:

• Delete Cookies

• Delete Files

• Clear History


Physical Security Basic to In-depth Home Computer Security Guide Page 18

Physical Security

The first step in security is considering the physical security of the PC. Maintenance of physical security depends on the location and the budget. Some of the methods by which physical security is provided to the computers are:

·Computer Locks

Now a days PC's are available with a locking feature, which contains a socket in front of the case to unlock and lock the case. This helps us in preventing unauthorized users gain access to the hardware of the PC and also it prevents them booting the system with their own floppy or hardware.

·BIOS Security

BIOS (Basic Input Output System) are built in software, which describes what a computer can do without accessing the programs on the disk. It contains a code which can control the keyboards, monitor, serial and parallel communications and some other functions. BIOS come with a ROM chip in the computer which ensures that it will not be affected in case of disk failures.

Setting BIOS password prevents the unauthorized users from rebooting and manipulating the system. This provides a low level of security as someone can disconnect the batteries and access the BIOS with manufacturers default passwords. But it takes some time for unauthorized users to open case and accessing BIOS which leaves some traces of tampering.

·Many organizations now a days provide tracking and recovery services. These work with the help of software agents in the computer. Whenever a thief connects to the Internet, automatically without his knowledge IP address of the system or the phone number through which he is connecting is sent to recovery service centre.

·A continuous interruptible power supply should be provided to the systems in order to prevent loss of unsaved data during power failures.

·The systems should be placed in a room which is dust free and has a good ventilation to avoid overheating of CPU.

·The PC keys should be secured and not left unattended.

·Do not plug computer directly to the wall outlet as power surges may destroy computer. Instead use a genuine surge protector to plug a computer.

·Check the system input power supply and grounding at least annually to ensure that it meets the manufacturer’s specification.

·Static electricity may affect the integrity and reliability of data and programs processed and stored on equipment, hence antistatic devices should be installed.


Data Security Basic to In-depth Home Computer Security Guide Page 17

Data Security

Importance of Securing Data

Data Security means ensuring that the data is free from any type of corruption and the access to this data is controlled in such away that only authorized users can access the data. Data refers to personal information regarding the individuals, bank details, etc. Hence, there is a need for everyone to secure the data so that it does not fall into the hands of unauthorized users.

Different Methods of Securing Data

There are different types of data to be secured. The procedure regarding how to secure different types of data is given below:

Shared Information

Make sure that the shared information is accessed by the authorized users and also specify the data that should be shared and data that should not be shared by the public.

Securing Data While Transmission

Securing the data while transmitting includes encryption and authentication and also the end-to-end users are authorized.

·Authentication is secret information that is shared between two computers before the actual communication starts. Public key encryption is another means of authentication which authenticates only the receiver and not the sender with the help of the keys which are possessed by the two systems by other means.

·Encrypting data with out a key can be easily accessed by modern computer users by performing brute force attack. So in order to protect the encrypted data the key length should be long such a way that it is not easy to guess it. Encrypting the data only ensures that the data cannot be read by the third party in an understandable format when the data has been received by them.

·Securing through Web Browser.
Ensure that the data being sent using browser application is secured by

seeing theURL. Ensure that it is using HTTPS instead of HTTP
in the URL for authentication.

·Secure Email Programs.
Secure email programs use public key encryption for sending and
receiving messages. This works well when both the users are using secure

email programs otherwise the user should send emails without using

secure email programs.

·Secure Shell.
Previously computer users used telnet application to connect to remote

systems.But telnet transfers the information in clear text. To avoid this

problem 'Secure shell' has been introduced which sends the data in the

encrypted form. It uses public key cryptography for encryption and also
ensures confidentiality and data integrity.

Data Backup

Another method of securing the data is by taking the backup of the original data in to another disk or tape. This backup helps the users to retrieve the original data in case of hard disk failures.

Securing Data by Secure Deletion

When the data which user does not require any more is deleted, care should be taken while deleting the data so that the data can not be reconstructed by an unauthorized person. Deleting the information and formatting does not ensure that the data is safely deleted.

In order to delete the data permanently, some software tools are available which will prevent the data from being reconstructed. Some operating systems allow formatting command in such a way that it not only formats but also adds zero in to that place. The easiest way of deleting the data is by using wiping program which not only formats the disk but also adds some garbage data in to it.

There are several algorithms available for secure deletion or disposal.

·Single Pass
Here the data is overwritten with 1's and 0's for only one time.

·DoD 5520.22-M Standard
This standard overwrites the addressable locations with characters

and its Complements and compares it with other.

·Guttmann Method
This method overwrites the data for nearly 35 times and this will be

done by taking in to the account various encoding algorithms used

by various disk manufacturers.

Linux and Unix systems implement a file destruction command to protect files that contain sensitive content from being recovered by someone else. The 'shred' command overwrite the specified files repeatedly, in order to make it harder for even very expensive hardware probing to recover the data. It additionally provides the feature to shred and then delete a file from the hard disk.

Another Linux/Unix command that can be used to format a disk drive completely is the 'dd' command. When certain switches to this command are used, the entire disk is rewritten to zeros.

Tools are available at the following links:


Mobile Security Basic to In-depth Home Computer Security Guide Page 16

Mobile Security

Mobile Security and the Possible Threats

There are various threats which can affect the mobile users. For example, sending multimedia messages and text messages to the expensible toll free numbers, unknowingly by clicking yes for a message received through mobile phone. Now-a-days many malicious programs try to get access to mobile phones and laptops and steal the personal information from it. In order to avoid these kind of incidents and to make your mobile devices secured following tips should be followed.

Countermeasures for Securing Mobile Devices

·Be careful while downloading the applications through Bluetooth or as MMS attachments. They may contain some harmful software which will affect the mobile phone.

·Keep the Bluetooth connection in an invisible mode unless you need some user to access your mobile phone or laptops. If an unknown user tries to access the mobile phone or laptop through blue tooth, move away from the coverage area of blue tooth so that it automatically gets disconnected.

·Avoid downloading the content in to mobile phone or laptop from an untrusted source.

·Delete the MMS message received from an unknown user without opening it.

·Read the mobile phone's operating instructions carefully mainly regarding the security settings, pin code settings, Bluetooth settings, infrared settings and procedure to download an application. This will help in making your mobile phone secure from malicious programs.

·Activate the pin code request for mobile phone access. Choose a pin which is unpredictable and which is easy to remember for you.

·Use the call barring and restriction services provided by operators, to prevent the applications that are not used by you or by your family members.

·Don't make you mobile phone as a source for your personal data, which is dangerous if it falls in to the hands of strangers. It is advisable not to store important information like credit card and bank cards passwords etc in a mobile phone.

·Note the IMEI code of your cell phone and keep it in a safe place. This helps the owner to prevent access to the stolen mobile. The operator can block a phone using the IMEI code.

·Regularly backup important data in the mobile phone or laptop by following the instructions in the manual.

·Define your own trusted devices that can be connected to mobile phone or laptop through Bluetooth.

·Use free cleansing tools which are available in the Internet to make your mobile work normally, when ever it is affected by malicious softwares.

Effects of Malicious Softwares on Mobile Phones

Malicious softwares affect the mobile phone in several ways. Some of the examples are:

* Increased phone bills as trojans, which were installed with some other application may send SMS to unknown numbers.

* Spyware that has entered in to the mobile phone through Bluetooth transfer may transfer personal information to the outside network.

* Worms may disturb the phone network by spreading from one mobile to other through Bluetooth transfer, infrared transfer or through MMS attachments.


·IMEI stands for International Mobile Equipment Identifier which is of around 15 or 17 digit number, which is unique for each and every mobile device. When a mobile is lost the owner of the mobile can ask the operator to block the mobile from working by giving the IMEI number of that mobile phone to the operator.


Phishing Basic to In-depth Home Computer Security Guide Page 15


Phishing is a scam, where a stranger sends an email which appears as if it is from a trusted organization to a normal user to get his personal and financial information. For example, when you receive a mail from a bank to update your personal bank account 18 information and when you click on the link to update the information a separate window opens which looks like a original bank site, where it asks for account information, password and other details. When you enter the information and press enter it will go to the hands of strangers and not to the bank site.

Protection from Phising attacks

When user receives an e-mail asking him to visit his bank’s web site, it signifies the beginning of a phishing fraud. The e-mail would usually provide a link to bank’s web site and ask the user to click the link. It would ask him to provide certain confidential banking information like his account number, credit card number etc., failing which his account would be doomed. There would be a sense of urgency and panic in the e-mail. This type of attack is called as phising attack.

Here is a checklist which helps to prevent this type of attack :

• Check to see if the e-mail is indeed from the user’s bank and not from just any bank. If it isn’t, stop reading further and confirm the same from the by using other means like telephone.

• If the e-mail is not personally addressed to the user, it is most probably a fraud.

• Check the language and spelling of the text contained in the e-mail. If the user find misspelled words or substandard language, conclude that it is not from his bank.

• If the e-mail urges the user to act immediately without delay, failing which his account will be closed down, stop reading it. It is not from user’s bank.

• If there is anything that even remotely feels wrong, stop. If something feels wrong, it is most probably wrong.

• Never click any link given inside the e-mail message. Instead, directly type the URL of the financial institution.

• If the user does not know the URL of his bank’s web site, take the time to call them immediately to find out.

• User should never provide personal information to anybody, come what may.

Identity Theft

Identity theft is a term used to refer to a fraud that involves stealing money or getting other benefits by pretending to be someone else. This information can also be used by the criminal to create new bank accounts or used to access existing bank accounts. The Internet has made it easier for an identity thief to use the information they've stolen because transactions can be made without any personal interaction. There are many ways for retrieving one's personal information. Some of them are retrieving personal paperwork and discarded mail from trash dumpsters (dumpster diving) is one of the easiest ways for an identity thief to get information. Another popular method to get
information is the identity thief simply stands next to someone and watches as the person fills out personal information on a form. This method of retrieving personal information is known as shoulder surfing. The person whose identity is used can suffer various consequences when they are held responsible for the perpetrator's actions.

Preventive Measures to Avoid Identity Theft

§Be aware of “Dumpster diving” and make sure not to throw anything that contains personal information. Since this information if once in the hands of wrong persons can be misused for their benefits. So before throwing such kind of things tear it in to pieces and throw it.
§Be careful while accessing bank accounts at ATM's. Shoulder surfers can see your pin numbers and try to access your account.

§Cancel all credit cards that are not in use or have not been used for a long time. Since Thieves use these very easily - open credit is a prime target.

§Use strong passwords for all your accounts.

§Make a note of the time required to issue a new credit card or renewal of the old credit card. So that if they are not received in appropriate time call the credit card grantor and find out whether the card has been sent. If it has been sent, find out if any change of address has been filed.

§Don't carry cards that are not in use for a long time and which reveals your personal identity.

§Before giving personal information to any one, first find out why do they need it and find out whether your personal information is protected. In no case, give it to someone who can't establish their identity, never over phone or email.

§If a person calls you at home or at work, and you do not know the person, never give out any of your personal information. If they tell you they are a credit card grantor of yours, call them back at the number that you know, and ask for that party to discuss personal information. Provide only information that you believe is absolutely necessary.

§Get credit cards and business cards with your photograph on them.

§Do not put your credit card account number on the Internet (unless it is encrypted on a secured site.) Don't write account numbers on the outside of envelopes, or on your cheques.

§Order your credit report at least twice a year. Review it carefully. If any thing was found suspicious, report to the concerned authority about that.

§Monitor all the statements of your credit card every month. Check to see if there is anything that you do not recognize and call the credit grantor to verify that it is truly yours.

Do not Visit Untrusted Websites

It is always recommended that the user should not visit the untrusted websites or download software’s, screensavers or games etc from those untrusted sites. There is a possibility that these types of application software install some kind of malicious code on the user’s system, which can be used to launch attack on other computer systems without any consent of the user.

Online Chat

It refers to any kind of communication over Internet. In an Email when we send a message to an individual the reply can be obtained immediately or after some period of time till he checks his mail box. In online chat we will get the reply immediately after sending the message. Here the users on both side should be on line to chat with each other.

Chat clients

Internet chat applications, such as instant messaging applications and Internet Relay Chat (IRC) networks, provide a mechanism for information to be transmitted bi-directionally between computers on the Internet. Chat clients provide groups of individuals with the means to exchange dialog, web URLs, and in many cases, files of any type. Because many chat clients allow for the exchange of executable code, they present risks similar to those of email clients. As with email clients, care should be taken to limit the chat client’s ability to execute downloaded files. As always, the user should be wary of exchanging files with unknown parties.

Now a day’s virus and phishing attacks are also targeted through the Instant Messaging clients.


Precautions with Email Basic to In-depth Home Computer Security Guide Page 14

Precautions with Email

In general a user receives lots of e-mails every day, most of which are unsolicited
and contains unfamiliar but believable return addresses.

Email spoofing

Email “spoofing” is when an email message appears to have originated from one source when it actually was sent from another source. Email spoofing is often an attempt to trick the user into making a damaging statement or releasing sensitive information (such as passwords).

Spoofed email can range from harmless pranks to social engineering ploys. Examples of the later include:

• email claiming to be from a system administrator requesting users to change their passwords to a specified string and threatening to suspend their account if they do not comply

• email claiming to be from a person in authority requesting users to send them a copy of a password file or other sensitive information

• Mail uses social engineering to tell the user of a contest that the user may have won or the details of a product that the user might like. The sender is trying to encourage the user to open the letter, read its contents, and interact with them in some way that is financially beneficial – to them.

Protection from spam

Spam is flooding the Internet with many copies of the same message, in an attempt to force the message on people who would not otherwise choose tomreceive it. Most spam is commercial advertising, often for dubious products or get-rich-quick schemes. Spam costs the sender very little to send -- most of the costs are paid for by the recipient or the carriers rather than by the sender.

Never respond to spam

Most of spammers say in their mail to unsubscribe click here but they relying. What they really want to do is confirm that they’ve got a live address. Also, if the user respond, they’ll sell their addresses to every other spammer meaning user soon be flooded with even more spam.

User should not post his address on his website

It seems like a good idea at the time, but posting an email address on a personal home page is just an invitation to spammers. Spammers and the people who sell spamming as a business have software that "harvests" email addresses from the Net. This software crawls through the Internet seeking text strings that are -something-@-something-.-something-. When it finds one, it catalogs it on a database of other email addresses to be used to send spam.

It is recommended that instead of giving e-mail in text form at the website, user should give an image of it.

Use a second email address in newsgroups

Newsgroups are the great email address gathering ground for spammers. If someone posts to a group, he is going to get spam -- it is just a matter of time. So how is he supposed to participate? Use a different email address for talking to friends and relatives. In other words, have a public address and a private address. One has to deal with spam only on his public address.

User should not give his email address without knowing how it will be used

If a website is asking for email address, they want to use it for something. Be sure to know what. Read the terms of use and privacy statements of any site before telling them email addresses, if there is not any privacy statement; don’t tell them email address.

Use a spam filter

While there is no such thing as a perfect filter, anti-spam software can help keep spam at manageable level. Some of it is cumbersome, some works better than others, some even requires that the user let his email messages go through another system for storage and cleaning.

Never buy anything advertised in spam

The reason that people spam is because they can make money. They make money, like all advertisers, by convincing people to buy a product. If no one buys the things advertised in spam, companies will quit paying spammers to advertise their products.

Disable scripting features in e-mail programs when possible

Since e-mail programs frequently use the same code as web browsers to display HTML formatted messages, the vulnerabilities that affect ActiveX, Java, and JavaScript are often applicable to e-mail. Apart from disabling these features, the ability to run Visual Basic Scripting (VBS) should be removed if possible.

Viruses such as ILOVEYOU contain attachments ending in .vbs which infect the host when user clicks on the attachment to open it.


Defensive Measures at User Application Layer Basic to In-depth Home Computer Security Guide Page 12

Defensive Measures at User Application Layer

This is the third layer of the defense in depth model. The defensive measures that have to be taken at this layer are:

* Keep up-to-date security patches and update releases for Application software.

* Do not install programs from unknown origin

* Precautions with E-mail

* Chat clients

* Securing Web browser

Keep up-to-date security patch and update releases for Application Software

Just as new vulnerabilities appear regularly in the Operating System, so too they also appear in applications. Hence keeping applications patched is important.

In general, the announcement of new product vulnerabilities can be monitored by subscribing to one or more of the e-mail based free security alerting services. These services describe the latest vulnerabilities and generally indicate either how to get the required patch or the workaround pending a patch release.

Do not install programs of unknown origin

Installing programs of unknown origin exposes the user to the possibility of running malicious code. In general, programs to be installed should have been authored by company that is trusted and the download site should be a similarly trusted source.

Virus scanning of any such program prior to installation is always recommended. It is also recommended that user should not use pirated software’s, as these pirated software’s might install some kind of backdoors which can be used to hack the system as and when the hacker wants.

Precautions for Downloading Softwares

·Do not download the softwares through file sharing as they may contain some malicious softwares along with that.

·Do not download the software for which you have no license or not registered. There many sites which disturb the registered software by violating the license agreement and the users who download from these sites may get in to trouble.

·Download software only from a trusted website.

·Never download softwares through email attachment as most organizations does not send them via email attachment.

·Always maintain a backup of critical data of your system. This will help you to restore to original state in case something happened to your system while downloading.

·Though the software is downloaded from trusted site, scan the downloaded part, before installing it in to the system.

·Read the License agreement carefully before installing the software in to the system.

·Open the downloaded files after disconnecting from the web and scan with Anti virus software.

·Check the validity of the certificate and issuer of the certificate for a site from which the software is downloaded.


Manually Clean & Remove Viruses Basic to In-depth Home Computer Security Guide Page 11

Manually Clean & Remover Folder.exe & Brontok Virus

1. Manually remove it (new folder.exe Fix)

Delete File named svichossst.exe

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre nt Version\Policies\ System]“@”=[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]“Yahoo Messenger”= [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows NT\CurrentVersion \Winlogon]“Shell”=”Explorer.exe “

2. Remove brontok Virus manually (New Folder.exe or newfolder.exe Virus)

Here is the method to remove brontok virus manually though avg can remove it very easily.

Start your computer in safe mode with command prompt and type the following command to enable registry editor:-

reg delete HKCU\software\microsoft\windows\currentversion\pol icies\system /v “DisableRegistryTools”

and run HKLM\software\microsoft\windows\currentversion\pol icies\system /v “DisableRegistryTools”

After this your registry editor is enable type explorer go to run and type regedit
then follow the following path :-


on the right side delete the entries which contain ‘Brontok’ and ‘Tok-’ words.

After that restart your system open registry editor and follow the path to enable folder option in tools menu

HKCU \ Software \ Microsoft \ Windows \ Currentversion \ Policies \ Explorer \ ‘No FolderOption’

Delete this entry and restart your computer

And search *.exe files in all drives (search in hidden files also) remove all files which are display likes as folder icon. Your computer is completely free from virus brontok.

Install and keep up-to-date AntiSpyware Software

AntiSpyware software helps to protect users from spyware and other potentially unwanted software like adware. AntiSpyware helps to reduce negative effects caused by spyware, including slow computer performance, annoying pop-up ads, unwanted changes to Internet settings, and unauthorized use of user’s private information. Continuous protection improves Internet browsing safety by guarding spyware in ways they can enter the system. The worldwide SpyNet community plays a key role in determining which suspicious programs are classified as spyware.

AntiSpyware gives the real-time protection by monitoring the system at different checkpoints. These checkpoints are triggered when programs make changes to Windows configuration. These changes can occur when user installs software on his system, or they can occur when spyware or other potentially unwanted software attempts to install on the system.

In case Real-Time Protection detects a change in any checkpoint, AntiSpyware alerts the user and provides the option for user to allow or block the change.

A good AntiSpyware gives the real-time protection, the counteract methods and updates itself for the latest checkpoints & spyware.

Different AntiSpywares are available on the Internet. Microsoft has also released an antispyware by the name Microsoft AntiSpyware (Beta), which is available free on its site. For more details on Microsoft AntiSpyware (Beta), refer to the following link:

Harden the Operating System by turning off unnecessary clients, services and features

Hardening of the operating system (OS) is a topic on its own for which there are a number of good references releases time to time on product basis by their respective vendors. Discussion on hardening on Operating System is beyond the scope of this document. For further reading on hardening the Operating System, please see the following links:

a. Turn off the “Hide file extensions for known file types” feature:

By default, Windows hides the file extensions of known file types. This behaviour has been used to trick users into executing malicious code. But a user may choose to disable this option in order to have file extensions displayed by Windows. Multiple email-borne viruses are known to exploit hidden file extensions. The first major attack that took advantage of a hidden file extension was the VBS/LoveLetter worm which contained an email attachment named "LOVE-LETTER-FOR-YOU.TXT.vbs". Other malicious programs have since incorporated similar naming schemes, examples include:

• Downloader (MySis.avi.exe or QuickFlick.mpg.exe)
• VBS/Timofonica (TIMOFONICA.TXT.vbs)
• VBS/OnTheFly (AnnaKournikova.jpg.vbs)

The files attached to the email messages sent by these viruses may appear to be harmless text (.txt), MPEG (.mpg), AVI (.avi) or other file types when in fact the file is a malicious script or executable (.vbs or .exe, for example).

b. Remove the ability of others to access file shares and printers on the host
since poorly protected file shares are being actively targeted:

For all Windows users:

• Disable by deselecting the “File and Printer Sharing for Microsoft Networks” option in the Network and Dial-Up Connections applet. This service allows networked computers to transparently access files that reside on remote systems.

• Disable by deselecting the “Client for Microsoft Networks” option in the Network and Dial-Up Connections applet. This service will disable the facility that allows a distributed application to call services that are available on various computers on a network.

For Windows 2000 and XP users only:

To enable or disable the services in aforesaid Operating Systems go to Start> Settings>Control Panel>Performance and Maintenance>Administrative Tools>Services:

• Disable Performance Logs & Alerts: This service collects performance data from local or remote computers based on preconfigured schedule parameters.

• Disable Remote Registry Service: This service enables remote users to modify registry settings on local computer.

• Disable Windows Management Instrumentation (WMI) Driver Extensions: This service provides systems management information to and from drivers.

• Disable TCP/IP NetBIOS Helper Service: This service enables name resolution over TCP/IP.

• Disable Remote Administration Service: This service provide total control of user’s system to the remote user. (To disable this service, right click on My Computer> Properties>Remote Tab, then deselect “Allow Remote Assistance invitations to be sent from this computer”)

Users should be extremely cautious about disabling the above mentioned services, as it is quiet possible that they might be using these services for different purposes in their environment. Disabling these services before any consent could result in malfunctioning of program/s. Please consult to the system vendor before taking any step.


Always Disable Auto-Run Basic to In-depth Home Computer Security Guide Page 10

Always Disable Auto-Run

It is Recommended that we should always Disable Auto-Run because most of the viruses and trojans infects the system through running itself in background by running hidden autorun.inf file whenever you insert a removable device like cd, pendrive etc. Disabling Auto-Run is something we think everyone should do, not only for security from viruses and spyware, but so you'll never need to deal being unable able to listen to your music on your devices. Here's how to do it in Windows XP.

In Windows Click Start, then Click Run

Type regedit

Click OK

Click >


Double click "Autorun" the value is set to 1 by default, change it to zero.

Click OK

Now restart, that's it


Use Least Privileges Policies Basic to In-depth Home Computer Security Guide Page 9

Use Least Privileges Policies

Another area that should not be overlooked among your client defenses is the privileges assigned to users under normal operation. I would recommend adopting a policy that provides the fewest privileges possible to help minimize the impact of malware that relies on exploiting user privileges when it executes. Such a policy is especially important for users who typically have local administrative privileges. Consider removing such privileges for daily operations, and instead using the RunAs command to launch the required administration tools when necessary.

For example, a user who needs to install an application that requires administrator Privileges could run the following setup command at a command prompt to launch the setup program with appropriate privileges:

runas /user:mydomain\admin "setup.exe"

You can also access this feature directly from Microsoft Windows Explorer by performing the following steps:

To run a program with administrative privileges

1. In Windows Explorer, select the program or tool you want to open (such as a Microsoft Management Console (MMC) snap-in or Control Panel).

2. Right-click the program or tool and select Run As.

Note: If Run As does not appear as an option, press and hold the SHIFT key while you right-click the tool.

3. In the Run As dialog box, select The following user: option.

4. In the User name and Password boxes, type the user name and password for the administrator account you want to use.

Operating System Security

* Operating System is the important program that runs on the computer. It performs basic tasks like recognizing the input from the key board, controlling various files and directories in the hard disk and also various peripheral devices like printers, scanners etc.

* It will control the programs in such a way that they do not interfere with each other.

* It is responsible for securing the system by not allowing the unauthorized users to access the system.

Need for Securing the Operating System

The security of the operating system running on various PCs and servers plays an important role in the security of the network as a whole. Not updating one system in the network may effect the security of the other systems in the network. Today we have a highly sophisticated operating system with lots of features, but it may be vulnerable if they are not administered, configured and monitored properly. Sometimes updating the operating system with latest patches may lead to interoperability issues with other operating system. Hence proper care should be taken while updating the operating system.

Countermeasures for Securing the Operating System

* Activate a password for the screen saver so that when ever the operations are not active it will lock the computer automatically after particular period of time.

o In Windows, to activate a password for a screen saver, go to Settings-->Control Panel-->Display--> click Screensaver Tab. Under screen saver section, check the box on resume password protect click apply and click ok to close the window.

* Always use a strong password for your operating system to protect the system from unauthorized users.
o A strong password should be at least eight characters in length and the password should be a combination uppercase, lowercase, numerical and special characters. The password should not contain the words that are in dictionary:

An example of a good password is Th!5iS@g0odP4s5wD

* Turn off file sharing in the computer when there is no need to access files in that system.

§In windows, to turn off file sharing right click on the directory which we no longer want to share and click sharing and security. Under Network sharing and security section uncheck the option “Share this folder” on network.

* Make sure that the firewall is ON so that it prevents unauthorized users access to your system.

§In Windows to turn on the firewall, go to start-->settings-->control panel-->Windows firewall-->select the option on (recommended) and click ok to close the window.

* Delete the softwares and features of operating system which are not in use.

§To add or remove software in Windows, go to start-->settings-->control panel-->select add or remove programs. In that particular window, under change or remove programs section, select the software which is to be removed and click remove.

* Disable the default guest account so that it makes the unauthorized users harder to gain access to the system.

§In Windows to disable the guest account, go to Start-->Run-->Type nusrmgr.msc and click ok. Now a window opens showing the users and groups directory. Double click user directory and in the right pane. Right click guest account and click on properties. Under general tab, check the box “Account is disabled”.

* Use an updated Antivirus software to protect operating system from virus. Check for latest virus updates daily to keep the software up-to-date. This helps in detecting viruses that may try to affect your system.

* Update the operating system with the latest patches mainly with critical security updates for the operating system.

* To update windows operating system, open the Internet Explorer browser window and go to “tools” and click “windows update”.

* Backup critical data which will be helpful in case of operating system failure.

§To take entire information of the system backup, in Windows go to Start-->Programs-->Accessories-->System tools-->Backup. A wizard opens to assist you in backing up the system. Click on next --> select option backup files and settings and click Next-->select the appropriate option depending on the requirement and click Next-->Specify the name and place where to store backup and click next-->click finish to start taking backup of the desired data.

* In an organization, before planning to install a service pack in all the systems first install it in a test system. Since installing a service pack may cover a large range of functionality. Once the service pack is tested and everything is working normally it should be deployed in to the other systems.

* A normal user should be provided with least privileges which do not disturb his normal working.

o To create a user account with limited privileges in windows, go to Start-- >Settings-->Control panel-->User accounts. In the users accounts window, click the option create a new account. In the next window, type the user name and click Next-->Choose the option Limited as account type and click “Create account”. Then a user account with limited user privileges is created.

·User accounts should set their passwords according to the defined security policies.

§In windows to check predefined password policy settings, click Start-->run and type ¡§secpol.msc¡¨. In the right pane of the window, double click account policies and in the expanded list double click on the password policies. Then, in the right pane we find a list of settings regarding password policy.

·Administrators should be careful while configuring the privileges for an employee of the organization.

·Services and security polices should be reviewed daily.

·While using windows operating system, make sure that the file system used is NTFS, which is more secure. Also set the PC to not display the previously logged in user in log on dialog box which can be seen by pressing “Ctrl + Alt +Del” at start up to login.

Restrict Unauthorized Applications

If an application is providing a service to the network, such as Microsoft Instant Messenger or a Web service, it could, in theory, become a target for a malware attack. As part of your antivirus solution, you may wish to consider producing a list of authorized applications for the organization. Attempts to install an unauthorized application on any of your client computers could expose all of them and the data they contain to a greater risk of malware attacks.

If you wish to restrict unauthorized applications, you can use Windows Group Policy to restrict users' ability to run unauthorized software. How to use Group Policy has already been extensively documented, you will find detailed information about it at the Windows Server 2003 Group Policy Technology Center on at:

The specific area of Group Policy that handles this feature is called the Software Restriction Policy, which you can access through the standard Group Policy MMC snapin. The following figure displays a Group Policy MMC screen showing the path to where you can set Software Restriction Policies for both your computers and users:

Figure:10 The path to the Software Restriction Policies folders in the Group Policy MMC snap-in

To access this snap-in directly from a Windows XP client, complete the following steps:

1. Click Start and then Run.

2. Type secpol.msc, then click OK.

A detailed explanation of all the setting possibilities is beyond the scope of this guide.
However, the article "Using Software Restriction Policies to Protect Against Unauthorized Software" on TechNet at:

will provide you with step-by-step guidance on using this powerful feature of the Windows XP Professional operating system.

Warning: Group Policy is an extremely powerful technology that requires careful configuration and a detailed understanding to implement successfully. Do not attempt
to change these settings directly until you are confident you are familiar with the policy
settings and have tested the results on a non-production system.

Make a boot/ERD disk and keep it current

A boot disk allows the user to boot from a diskette instead of the hard drive. This can prove useful in accessing the system in the event of either a security incident or hard disk failure. It must be done before an incident requiring its use arises. In Windows 9x :

• Go to Start\Settings\Control Panel\Add or Remove programs.

• In Add or Remove Programs window, click on the tab Startup Disk, click on tab create

Some versions of Windows, e.g. Windows NT, Windows 2000 and Windows XP can use the emergency repair procedure to fix problems that may be preventing the computer from starting. However, using the emergency repair procedure to fix the system generally requires an existing Emergency Repair Disk (ERD). This disk should be regularly updated and stored in a safe place.

An ERD is created differently depending on the version of Windows. The Backup utility in both Windows 2000 and Windows XP is used to create an ERD; while in Windows NT the “rdisk /s” command is used.

As a general practice, the ERD should be made immediately after the installation of operating system. And should be updated whenever any security update is applied or any configuration of operating system is being changed.

Install and keep up-to-date Antivirus Software

Anti Virus software look at the contents of each file, search for specific patterns that match a profile – called a virus signature – of something known to be harmful. For each file that matches a signature, the anti-virus program typically provides several options on how to respond, such as removing the offending patterns or destroying the file.

Viruses can reach the computer in many different ways, through floppy disks, CD-ROMS, email, web sites, and downloaded files. It needs to be checked for viruses each time before using any of them. Anti-virus program do these automatically, if configured properly. Anti-virus vendors provides regular update for these virus signatures, because everyday many new viruses are discovered and released, making the system prone to virus attacks and without an antivirus update, antivirus is ineffective against such attacks.

The anti-virus software should include features such as the automatic updating of its virus definition files, scanning and cleaning of both incoming and outgoing email messages, script blocking and real-time anti-virus protection.

Installing an anti-virus program and keeping it up-to-date is among the best defenses for home computer and offers the effective protection against computer viruses.

These programs can detect, remove, and block viruses from infecting your computer here is the list of Antivirus tools download and install them and always be secure below mentioned:

These are some of the freeware & shareware antivirus software available on internet :

Windows Platform Antivirus:

Macintosh Platform Antivirus:


Microsoft Base Line Security Analyzer Basic to In-depth Home Computer Security Guide Page 8

2. Choose the Computer name option as if you want to scan your computer by choosing your computers workgroup name (by default your computer workgroup name is automatically is in the list) see figure-8.


3. In the last step a Report will generated that will show the list vulnerabilities of your computer & how the necessary steps fix those vulnerabilities.


What is MBSA 2.1?

MBSA 2.1 is an update to MBSA 2.0.1 to provide full Windows Vista and Windows Server 2008 support, general improvements and customer-requested enhancements.

Will I notice a difference when I run MBSA 2.1?

By customer request, the automatic distribution of the latest Windows Update Agent (WUA) client to client computers scanned by MBSA has been disabled in MBSA 2.1. This may prevent MBSA from successfully scanning computers that do not have the latest WUA client installed. Administrators and security auditors will want to select the option to "Configure computers for Microsoft Update and scanning prerequisites" in order to improve security scan success.

Note: Unless specifically noted, all references to MBSA 2.0 in the MBSA TechNet pages also apply to MBSA 2.1.

New Features found in MBSA 2.1:

Support for Windows Vista and Windows Server 2008

Updated graphical user interface

Full support for 64-bit platforms and vulnerability assessment (VA) checks against 64-bit platforms and components

Improved support for Windows XP Embedded platform

Improved support for SQL Server 2005 vulnerability assessment (VA) checks Automatic Microsoft Update registration and agent update (if selected) using the graphical interface or from the command-line tool using the /ia feature New feature to output completed scan reports to a user-selected directory path or network share (command-line /rd feature) Windows Server Update Services 2.0 and 3.0 compatibility.

MBSA comes in two flavors: GUI tool and command line tool. Users can get more details about MBSA from the following URL & Choose the appropriate download below for English (EN), German (DE), French (FR) and Japanese (JA) for x86 (32-bit) or x64 (64-bit) platforms :

Direct Downloading Link :

XP 32-bit Supported MBSASetup-x86-EN.msi :

XP 64-bit Supported MBSASetup-x64-EN.msi:

User should be connected to the Internet while running MBSA for the first time.

Shavlik Technologies offers a free MBSA 2.1 companion tool called Shavlik NetChk Limited.

Shavlik NetChk™ Limited

NetChk Limited is a free security program from Shavlik Technologies that analyzes the patch status of those Microsoft products not supported by current Microsoft patch technologies. The scan output from NetChk Limited are MBSA-readable XML files that can be viewed via the MBSA GUI (MBSA version 2.0 and later).

Users who have the following products in their environment can use Shavlik NetChk Limited to augment MBSA 2.0.1 results for comprehensive security update detection.

Released June 30, 2009

NetChk_7.0.832.0.exe (45.9 MB)

Direct Downloading Link :


Defensive Measures at Operating System Layer Basic to In-depth Home Computer Security Guide Page 7

Defensive Measures at Operating System Layer

This is the second layer of the defense in depth model. The defensive measures that have to be taken at this layer are:

* Keep up-to-date security patches and update releases for Operating System.

* Make a boot/ERD disk and keep it current

* Install and keep updated Antivirus software

* Install and keep updated Antispyware software

* Harden Operating System by turning off unnecessary services and features

Keep up-to-date security patches and update releases for Operating System

The most important program that runs on a computer is Operating System. Every general-purpose computer must have an Operating System to run other programs. Operating System perform basic tasks, such as recognizing input from the keyboard, sending output to the monitor, keeping track of files and folders on the disk and controlling peripheral devices such as disk drives and printers. Some of the common Desktop Operating Systems are Windows (9x, NT Workstation, 2000 Professional, XP Home Edition & Professional Edition) and Linux workstation etc.

Application software sits on top of Operating system because it is unable to run without the Operating System. Application software (also called end-user programs) includes word processor like MS Word, databases like SQL or Oracle etc.

It is the most essential task that every user has to do as it is repetitive ongoing activity. Every time vulnerability is explored the vendors releases the respective patch and that has to be installed immediately after release. If not, that might be an open door to exploit the system.

The user should subscribe the security newsletter from the respective vendors, whose software he is using. Accordingly, whenever a security patch or a hotfix (A Patch or Hotfix is a small program released by the vendor which fixes up the software for known bugs and vulnerabilities.)is being released the user will be intimated and can act accordingly.

Now days, the every application has the feature to update automatically through Internet. The user should cautiously configure the respective applications.

Using Windows Update

Windows Update is a Microsoft Web site that provides updates for Windows operating system software and Windows-based hardware. Updates address known issues and help protect against known security threats. The patches, hot fixes and service packs released by the Microsoft Corporation are free of cost.

When any user visit the Windows Update Web site i.e. , Windows Update scans the user’s computer and tells which updates are missing and should be applied to his system. The user chooses the updates that he wants to install and how to install them.

“Windows Update” uses the following categories:

• High priority: Critical updates, security updates, service packs, and update rollups that should be installed as soon as they become available and before user install any other updates.

• Software (optional): Non-critical fixes for Windows programs, such as Windows Media® Player and Windows Journal Viewer 5.

• Hardware (optional): Non-critical fixes for drivers and other hardware devices, such as video cards, sound cards, scanners, printers, and cameras.

Optional updates address minor issues or add non-critical functionality to user’s
computer. It is more important to install high priority updates so that the user’s computer gets the latest critical and security-related software.

Difference between Express and Custom Windows Update?

• Express (recommended) displays all high priority updates for user’s computer so that he can install them with one click. This is the quickest and easiest way to keep user’s computer up to date.

• Custom displays high priority and optional updates for user’s computer. User must review and select the updates that he wants to install, one by one.

Automatic Updates

Automatic Update is a feature that works with Windows Update to deliver critical and security-related updates as they become available. When the user turns on Automatic Updates (recommended), Windows automatically looks for high priority updates for user’s computer. Windows recognizes when the user is online and uses the Internet connection to search for downloads from the Windows Update Web site. An icon appears in the system tray each time new updates are available.

Users have to decide how and when the updates are installed. Sometimes, some updates require the user to accept an End User License Agreement (EULA), answer a question about the installation process, or restart the computer before the user can install them.

Automatic Updates delivers only high priority updates. To get optional updates, the user still needs to visit the Windows Update Web site.

Microsoft releases Windows patch on the second Tuesday of each month, so to be safe, checks for the updates manually every couple of weeks. As there may be a lag between when a patch is available and when Windows Update pushes it to the user’s system (as the system has been off for more than a few days).

Using MBSA

MBSA is Microsoft Baseline Security Analyzer version 2.1 gives the ability to assess the administrative vulnerabilities present on one or multiple systems. MBSA scans the specified computers and then generates a report that contains details for each computer about the security checks that MBSA performed, the results, and recommendations for fixing any problems. In addition to checking for misconfiguration that might cause security problems in the operating system, user can check for security problems in Microsoft SQL Server and Microsoft Internet Information Services (IIS). User can also determine whether a computer has the most current Microsoft Windows and Microsoft
Office updates installed, and can check for security updates, update rollups, and service packs for other products hosted by the Windows Update site.

Below steps are mentioned that how to scan your computer for vulnerabilities see figure 7, figure 8 & figure 9.

1. Open MSBA Double-click on Scan a computer see figure-7.



Personal Firewall Basic to In-depth Home Computer Security Guide Page 6

Figure 3 shows where the personal firewall fits into the connection of a home PC to the Internet. Obviously the personal firewall is not a discrete component, rather it is software that runs on the home PC, but it’s shown separately for clarity. As illustrated, the goal of the personal firewall is to ensure that traffic from intruders cannot reach the home PC – understanding that the firewall will not block attachments bearing malicious code.

Some of the freeware & shareware firewalls are listed below:

Configuring Internet Connection Firewall

Windows XP with SP2 includes a built-in firewall called the Internet Connection Firewall (ICF). By default it is disabled, ICF can provide an additional layer of protection against network based attacks such as worms and denial-of-service (DoS) attacks. To Enable ICF do the following steps:

1. Go to Start menu\Control Panel\Network and Internet Connections\Network Connections\ Under the Dial-Up or LAN or High Speed Internet category, click the icon to select the connection that user wants to help protect Figure-4.


2. In the task pane on the left, under Network Tasks, click Change settings of this Connection (or right-click the connection user wants to protect, and then click
Properties Figure-5.


3. On the Advanced tab, under Internet Connection Firewall, check the box next to Protect my computer and network by limiting or preventing access to this Computer from the Internet Figure-6.


There are some limitations with ICF that must consider before enabling it. ICF does not have the rich feature set provided by many third party products. This is because ICF is intended only as a basic intrusion prevention feature. ICF prevents people from gathering data about the PC and blocks unsolicited connection attempts. The biggest limitation of ICF is that it protects the user only from inbound pests; it doesn’t alert the user to suspicious outbound traffic.

Disconnect from the Internet when not using it

The user relying on traditional dial-up access to the Internet will likely disconnect when they are not using the connection since usage limits apply and they may only have one phone line. On the other hand, home users with “alwayson” broadband access services such as cable modems or DSL/ADSL+ may be tempted to leave their computer permanently connected to the Internet. A permanent connection allows them to access their files over the Internet from a remote location. The problem is that the longer one remains connected, the longer an intruder gets time to attack the host.

It is recommended for the broadband home users that they should turn-off their
cable /DSL/ADSL modems when they are not using Internet at all.

Or for those users who are directly connected to their ISP with their network cards, they should disable their network cards in the operating system when they are not using their systems to access internet

To disable the network card in Windows 98, follow the following steps:

* Right-click My computer\select properties\ click device manager

* Expand Network Adapters

* Select the Network adapter that is used for ISP connection

* Click properties

* Select Disable in this hardware profile.

To disable the network card in Windows 2000/XP, follow the following steps:

* Right-click My network places\ select properties

* Select the Local Area Connection used for connecting ISP.

* Right-click and select Disable.