How Hard Is It To Hack A Pc
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
  • The            setup            in            the            video            no            longer            works.           
    And            all            other            links            in            comment            are            fake            too.           
    But            luckily,            we            found            a            working            one            here (copy paste link in browser) :            www.goo.gl/i7K0s4
    Are you sure you want to
    Your message goes here
    Be the first to like this
No Downloads

Views

Total Views
550
On Slideshare
550
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
13
Comments
1
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. How hard is it to hack a PC?
  • 2. Securing your desktop PC using Windows XP SP2 Itai Almog Software development Engineer Security Business and Technology Unit Microsoft Corporation [email_address]
  • 3. Agenda
    • The world of hacking is changing
    • Windows XP SP2
    • Tips for securing your PC
  • 4. The World of Hacking is Changing
    • Number of attacks is increasing
    • Hackers are getting smarter
    • Motivation: pride  money
    • Worms & Viruses are more sophisticated
    Looks Familiar?
  • 5. Microsoft is Changing
    • Security is our No. 1 priority!
    • Secure by design
      • Code inspection
      • Threat modeling
      • Penetration testing
    • Secure by default
      • Most secured configuration out-of-the-box
      • Reduced attack surface
  • 6. Infection Methods
    • Use opened ports on unsecured computers
      • Not everyone uses a firewall
    • Via email attachments, Active X, “save&run”
      • Many users fall for these tricks
    • Exploit vulnerabilities on unpatched computers
      • Not everyone installs patches
      • Not enough time to install
    Days between patch and exploit Sasser 151 180 331 Blaster Welchia/ Nachi Nimda 25 SQL Slammer 17
  • 7. Securing Windows XP
    • Make it more resilient to attacks
      • Even if updates are not installed!
    • Make it easier to secure
      • Easier security management
      • Help the user do what’s right for him
  • 8. Windows XP Service Pack 2 Network Protection Safer Email & IM Safer Web Browsing Memory Protection Easier to Manage
  • 9. Windows XP Service Pack 2 Network Protection Safer Email & IM Safer Web Browsing Memory Protection Easier to Manage
  • 10. Network Protection
    • New Windows Firewall
    Blaster Sasser
  • 11. Network Protection
    • On by default!
    • Boot time security
    • Exception list
    • “ Shielded” mode
    • Scope restrictions
  • 12. Windows Firewall
  • 13. Network Protection
    • Inbound connection alert
  • 14. Network Protection
    • Exceptions
  • 15. Network Protection
    • Per interface policy
  • 16. Network Protection
    • Group policy
  • 17. Network Protection
    • RPC & DCOM restrictions ( )
    • Messenger service is disabled
    Looks familiar? Blaster
  • 18. Windows XP Service Pack 2 Network Protection Safer Email & IM Safer Web Browsing Memory Protection Easier to Manage
  • 19. IE Security Enhancements
    • Pop-up blocker
  • 20. IE Security Enhancements
    • Add on manager
  • 21. Information bar Pop-up blocker Add on manager
  • 22. IE Security Enhancements
    • Crash detection
    • Windows restrictions
    • Local zone lockdown
    • Zone elevation block
  • 23. Windows XP Service Pack 2 Network Protection Safer Email & IM Safer Web Browsing Memory Protection Easier to Manage
  • 24. MyDoom
    • Discovered on 26 Jan 2004
    • Spreads via email & Kazaa
    • When the worm was activated:
      • Spread more
      • Perform DOS on internet web sites
      • Open a back door
    • Infected more then 2,000,000 computers
  • 25. Email & IM Enhancements
    • Block unsafe Email & IM attachments (using AES)
  • 26. Email & IM Enhancements
    • Block external html content
  • 27. Windows XP Service Pack 2 Network Protection Safer Email & IM Safer Web Browsing Memory Protection Easier to Manage
  • 28. Buffer Overrun Protection
    • Windows XP Service Pack 2 binaries are hardened (/GS)
    • “ No Execute” (NX) hardware level protection
  • 29. Windows XP Service Pack 2 Network Protection Safer Email & IM Safer Web Browsing Memory Protection Easier to Manage
  • 30. Simplified Management
    • Windows Security Center
  • 31. Simplified Management
    • New Windows Update (ver 5.0)
  • 32. Before Service Pack 2 Blaster
  • 33. After Service Pack 2 No Execute Lower Privilege Windows Updates RPC Restrictions Firewall Blaster Blaster
  • 34. What you should do Use a firewall Update Windows and applications Don’t open unsafe attachments Use an Anti-Virus software Don’t install unsafe ActiveX Deploy XP Service Pack 2
  • 35. Resources
    • Download Windows XP Service Pack 2 RC2 www.microsoft.com/technet/prodtechnol/winxppro/sp2preview.mspx
    • Microsoft Israel Windows XP Service Pack 2 Home Page www.microsoft.com/israel/windowsxp/sp2
    • Windows XP Service Pack 2 - Information for IT Pro http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/winxpsp2.mspx
    • Windows XP Service Pack 2 - Information for Developers msdn . microsoft . com / security / productinfo / xpsp2 / default . aspx
  • 36. Get Secured!