Transcript Cyber-Patriot-Training-4-December
Cyber Patriot Training 4 December 2010
Vulnerability Number Local Security Policy User & Group Security User & Group Security User & Group Security Vulnerable Services User & Group Security Backdoor/Virus/Malware Backdoor/Virus/Malware Backdoor/Virus/Malware Backdoor/Virus/Malware Backdoor/Virus/Malware Vulnerable Services File and Folder Configuration Backdoor/Virus/Malware Backdoor/Virus/Malware Vulnerable Services Patches and Updates
Results
78% 78% 67% 67% 65% 63% 62% 61% 53% 0%
Percent Vulns Fixed in Category
83% 81% 81% 81% 80% 79% 78%
Local Security Policy
• More of the same, look at the policies
Users and Group Security
• Check group membership, disable unknown users
Vulnerable Services
• Control Panel/Administrative Tools/Services • Turn off everything that is not needed. If not sure what the service is, look it up • Use Process Explorer – http://technet.microsoft.com/en us/sysinternals/bb896653.aspx
Backdoor/Virus/Malware
• • • • • • Check registry with regedit – HKLM\Software\Micrsoft\Windows\CurrentVersion\Run – HKCU\Software\Micrsoft\Windows\CurrentVersion\Run Look in C:\Program Files Dump Temporary Internet Files Clear History Download and run – http://www.malwarebytes.org
Dump temp folders under windows and user
Backdoor/Virus/Malware
– http://free.antivirus.com/hijackthis/ – http://www.safer-networking.org/en/download/ – http://www.microsoft.com/security_essentials – http://www.avg.com/us-en/download-trial – http://www.free-av.com/ – http://www.pctools.com/free-antivirus/ – http://download.cnet.com/Avast-Free Antivirus/3000-2239_4-10019223.html
File and Folder Configuration
• • • Not sure what they want here Check security settings Turn off all shares not needed (probably what they are looking for)
Patches and Updates
• • Do windows updates immediately, they take time, do them while you are doing other things – Don’t dLo anything that will require a reboot!!!
– Security updates shouldn’t require update or select reboot later Download from Technet ahead of time – http://technet.microsoft.com/en us/bb403698.aspx
– Not sure if you need to do updates as in IE7 to IE8 • Would say you SHOULD update but up to you
Ubuntu
• • • • • Show running processes – top or ps Stop running processes – kill by pid Check scheduled tasks – Crontab -l or –e – su to root and check crontab chmod to change file permissions chown to change file owner
Ubuntu Continued
• • • • Check ftp configuration file – /etc – Probably something like: vsftpd.conf
– No anonymous login – No root login Turn off telnet as well Same thing for ssh – /etc/ssh then ssh_config or sshd_config To restart a service – service servicename(d) restart (vsftpd, sshd)
Ubuntu
• • • • chkconfig – shows current configuration of services, etc Shows file sharing – http://www.simplehelp.net/2007/05/19/how-to share-files-and-folders-in-ubuntu/ sudo is the same as running as root Antivirus for Ubuntu – http://free.avg.com/us-en/download.prd-alf