Protect Application and System Software
Protect Application and System Software
Administration
Level - I
This learning unit is developed to provide the trainees the necessary information regarding the
following content coverage and topics:
Modifying default user settings to conform security policy
Modifying previously created user settings to update security policy
Ensuring legal notices displayed at logon
Accessing information service
This unit will also assist you to attain the learning outcomes stated in the cover page.
Specifically, upon completion of this learning guide, you will be able to:
Document and report client requirements
Meet client requirements in line with organizational requirements.
User access control (UAC) is defined as the capacity of an organization and its systems to
allow or deny a user or an object access to its systems and resources. A user can be restricted
from accessing a program, database or file. An object in this definition represents passive
entities such as a system or a process. Systems and processes under the UAC are also restricted
from accessing other processes and programs.
User Account Control (UAC) helps prevent malware from damaging a PC and helps
organizations deploy a better-managed desktop. With UAC, apps and tasks always run in the
security context of a non-administrator account, unless an administrator specifically authorizes
administrator-level access to the system. UAC can block the automatic installation of
unauthorized apps and prevent inadvertent changes to system settings.
UAC allows all users to log on to their computers using a standard user account. Processes
launched using a standard user token may perform tasks using access rights granted to a
standard user.
1.1.2. Components of User Access Control
1. User access—users must reveal their identity to the system. This means that the user needs to
tell the system who he/she is. This is done by using a username.
2. Object access—the system must identify the object requesting access to the system using a
matching identifier previously stored within its database. Identification is achieved by the use of
identifiers such as computer names, MAC addresses, IP (Internet Protocol) addresses, or Process
Identification (PI) numbers.
1.3. User account control process and interaction
User Account Control (UAC) is a fundamental component of Microsoft's overall security vision.
UAC helps mitigate the impact of malware
The following shows how the logon process for an administrator differs from the logon process
for a standard user.
Here's how to turn User Account Control (UAC) on or off in Windows 10 and later:
1. Type UAC in the search field on your taskbar. (If the search field isn't visible, right-click
the Start button and choose Search.)
Desktop apps in Windows 10 don’t run with administrator permissions and consequently can’t
make automatic changes to an operating system. When a desktop app wants to make system
changes (such as modifications that affect other user accounts, modifications of system files and
folders, or installation of new software), Windows 10 issues what’s called a UAC confirmation
dialog box, where users can confirm whether they want those changes to be made.
If the user clicks No, the changes won’t be made. If the user clicks Yes, the app receives
administrator permissions and makes the system changes it’s programmed to make.
Local Policies. These policies apply to a computer and include the following types of
policy settings:
Before you use password strength checkers, you need to understand a critical aspect of identity
and access management: password best practices. After all, what good is a password validation
tool if you don’t know how to compose a strong password?
Other password security best practices include:
Don’t Allow Repeated Passwords
The more a password appears across the web, the more likely it ends up in hackers’ hands
through other
Don’t Allow The Sharing of Passwords
This remains a persistent problem across enterprises of all sizes. Employees can and will share
their passwords with others breaches
Don’t Incorporate Personal Information into Your Passwords
Of course, you should only use password strength checkers which you can trust. Obviously, a
trustworthy validation tool should never store your passwords in any capacity; they should only
process your passwords in the browser.
The Comparitech Password Strength Test provides a strong baseline for other password strength
checkers. For example, the test can demonstrate how long hackers need to crack the inputted
password.
This test evaluates passwords based on complexity, length, and can determine whether the
password appears in the list of most commonly used passwords
A. My1Login Password Strength Test
Much like the password checker above, the My1Login Password automatically hashes the
password inputted;
A. Thycotic Password Strength Checker
The Thycotic Password Strength Checker can also recognize the most common passwords and
warns against them
1.7. Identify Security Gaps
1.7.1. Authenticating Users
Before a user can log on to a computer running Windows, connect to a shared folder, or browse a
protected Web site, the resource must validate the user’s identity using a process known as
authentication.
Windows supports a variety of authentication techniques, including
In addition, Windows can authenticate users with the local user database.
Authentication is the process of identifying a user. In home environments, authentication is often
as simple as clicking a user name at the Windows 10 logon screen. However, in enterprise
environments, almost all authentication requests require users to provide both a user name(to
identify themselves) and a password (to prove that they really are the user they claim to be).
Smart Card
Windows 10 also supports authentication using a smart card. The smart card, which is about the
size of a credit card, contains a chip with a certificate that uniquely identifies the user. So long as
a user doesn’t give the smart card to someone else, inserting
Biometrics
Biometrics is another popular form of authentication. Although a password proves your identity
by testing “something you know” and a smart card tests “something you have,” biometrics test
“something you are” by examining a unique feature of your physiology. Today the most
common biometric authentication mechanisms are fingerprint readers (now built into many
mobile computers) and retinal scanners.
Note: You will need to be an administrator to open the Local Group Policy Editor.
The Local Group Policy Editor is a Microsoft Management Console (MMC) snap-in that gives a
single user interface through which all the Computer Configuration and User Configuration
settings of Local Group Policy objects can be managed. The Local Security Policy settings are
among the security settings contained in the Local Group Policy Editor. An administrator can use
these to set policies that are applied to the computer. In this project, you will view and change
local security policy settings. Run type mmc--- file add/remove snap in--- select group policy
object-----add—browse---user—select administrator- ok
1. Click Start.
2. Type secpol.msc into the Search box and then click secpol.
Note: You may be prompted at this point for an administrator password or confirmation.
3. First create a policy regarding passwords. Expand Account Policies in the left pane and
then expand Password Policy.
4. Double-click Enforce password history in the right pane. This setting defines how many
previously used passwords Windows will record. This prevents users from “recycling”
old passwords.
5. Change passwords remembered to 4.
6. Click OK.
7. Double-click Maximum password age in the right pane. The default value is 42,
meaning that a user must change his password after 42 days.
8. Change days to 30. After changing it to 30, take a screenshot and paste it below this step.
Make sure your VM number in the top left is visible in the screenshot or no credit will be
given for this step.
. Destructive Software
2.1.1. What is destructive software’s
Destructive software isreferred toasmalware (malicious software) and the term includes viruses,
worms, logicbombs,rootkits, Trojan horses, adware, key stroke loggers and spyware
application.
2.1.2. The Common Types of Destructive Software
Adware and spyware disrupt your privacy and can slow down your computer as well as
contaminate your operating system or data files
Spyware
Software that obtains information from a user's computer without the user's knowledge or
consent
2.1.3. Types of Viruses
Viruses are split into different categories, depending on what they do. Here are a few categories
of viruses:
Boot Sector Virus
The Boot Sector of a PC is a part of your computer that gets accessed first when you turn it on. It
tells Windows what to do and what to load. It's like a "Things To Do" list. The Boot Sector is
also known as the Master Boot Record. A boot sector virus is designed to attack this, causing
your PC to refuse to start at all!
File Virus
A file virus, as its name suggests, attacks files on your computer. Also attacks entire programs,
though.
Macro Virus
These types of virus are written specifically to infect Microsoft Office documents (Word, Excel
PowerPoint, etc.) A Word document can contain a Macro Virus. You usually need to open a
document in a Microsoft Office application before the virus can do any harm.
Electronic Mail (Email) Virus
Email can be used to transmit any of the above types of virus by copying and emailing itself to
every address in the victim’s email address book, usually within an email attachment. Each time
a recipient opens the infected attachment, the virus harvests that victim’s email address book and
repeats its propagation process.
1. Norton 360 – Best antivirus for individual PC and Mac users. Delivers well-regarded
internet security that can include ID theft protection with LifeLock.
2. TotalAV – Best antivirus for web browsing protection. Actively scans for suspicious
websites and monitors for criminal use of your private information.
3. Intego Antivirus – Best web protection for Mac users. The company is a rarity,
focusing its services and builds primarily on OSX and iOS devices.
4. McAfee Total Protection – Offers well-respected protection for individuals or families.
5. VIPRE Antivirus – Consistently scores above more well-known brands in independent
testing lab analyses.
6. Bitdefender Internet Security – Maintains consistently reliable performance and
includes a webcam protection tool.
7. Kaspersky Lab Internet Security – Best selection of features. Includes a secure,
encrypted browser for online shopping.
8. Avira Antivirus – Blocks phishing attacks on social media and email.
9. Avast – Analyzes app behavior for potential malicious activity
2.1.6. Schedule a scan in Microsoft Defender Antivirus
4. Click the link to review the License Agreement. If you agree to its terms, click
Continue.
Lap Test -3
Instructions: Given necessary templates, tools and materials you are required to perform the
Following tasks
1. .Turn on your Windows Defender Firewall
2. Turn on User Account Control
Phishing emails are a type of spam cybercriminals send to many people, hoping to “hook” a few
people. Phishing emails trick victims into giving up sensitive information like website logins or
credit card information.
Adam Kujawa, Director of Malwarebytes Labs, says of phishing emails: “Phishing is the simplest kind of
cyberattack and, at the same time, the most dangerous and effective. That is because it attacks the most
vulnerable and powerful computer on the planet: the human mind.”
B. Tech support scams
In a tech support scam, the spam message indicates that you have a technical problem and you should
contact tech support by calling the phone number or clicking a link in the message
Spoofed emails mimic, or spoof, an email from a legitimate sender, and ask you to take some
sort of action. Well-executed spoofs will contain familiar branding and content, often from a
large well-known company such as PayPal or Apple. Common email spoofing spam messages
include:
D. Current event scams
Hot topics in the news can be used in spam messages to get your attention.
E. Malspam
Short for “malware spam” or “malicious spam,” is a spam message that delivers malware to your device
F. Spam calls and spam texts
Have you ever received a robocall? That’s call spam. A text message from an unknown sender
urging you to click an unknown link? That’s referred to as text message spam or “smishing,” a
combination of SMS and phishing.
3.1. How can I stop spam?
While it may not be possible to avoid spam altogether, there are steps you can take to help
protect yourself against falling for a scam or getting phished from a spam message:
Learn to spot phishing
To protect yourself, learn to check for some key signs that a spam message isn’t just annoying—
it’s a phishing attempt:
1. Sender’s email address: If an email from a company is legitimate, the sender’s email
address should match the domain for the company they claim to represent. Sometimes
these are obvious, like [email protected], but other times the changes are less
noticeable, like [email protected] instead of paypal.com.
2. Links: Beware of all links, including buttons in an email. If you get a message from a
company with whom you have an account, it’s wise to log in to your account to see if
Install cybersecurity
In the event that you click a bad link or download malware sent to you via spam, good cybersecurity
software will recognize the malware and shut it down before it can do any damage to your system or
network.
Use two factor-authentication (2FA)
With two-factor or multi-factor authentication, even if your username and password are
compromised via a phishing attack, cybercriminals won’t be able to get around the additional
authentication requirements tied to your account. Additional authentication factors include secret
questions or verification codes sent to your phone via text message.
A spam filter is a program used to detect unsolicited, unwanted and virus-infected emails and
prevent those messages from getting to a user's inbox. Like other types of filtering programs, a
spam filter looks for specific criteria on which to base its judgments.
3.1.1. What are the different types of spam filters?
There are many different types of spam filters. The most frequently used filters include the
following:
Blocklist filters. Blocklist filters block spam emails from senders that have been added to a
comprehensive spammers list.
Content filters. Content filters examine the contents of each email and use that information to
decide whether it is spam or not
Header filters. Header filters analyze email headers to determine if they originated from a
legitimate source