SlideShare a Scribd company logo

Unit+six+ +windows+file+protections+and+monitoring

Erdo Deshiant Garnaby
Erdo Deshiant Garnaby

windows+file+protections+and+monitoring

Internet
1 of 30
Download to read offline
AIR FORCE ASSOCIATION’S NATIONAL YOUTH CYBER EDUCATION PROGRAM CYBERPATRIOT www.uscyberpatriot.org UNIT SIX Windows File Protections and Monitoring
AIR FORCE ASSOCIATION’S NATIONAL YOUTH CYBER EDUCATION PROGRAM CYBERPATRIOT www.uscyberpatriot.org SECTION ONE Windows File Protections 1
© Air Force Association • 3 Goals of information security: ‐ Maintain information confidentiality • Making sure only approved users have access to data ‐ Maintain information integrity • Data Integrity: assurance that information has not been tampered with or corrupted between the source and the end user • Source Integrity: assurance that the sender of the information is who it is supposed to be ‐ Maintain information availability • Ensuring data is accessible by approved users when needed The CIA Triad (Review) Source: http://www.techrepublic.com/blog/it-security/the-cia-triad/
© Air Force Association • Important tool for ensuring data integrity and confidentiality • More customizable than the blanket set of permissions given to users by adding them to either the Users or Administrators group • Use to restrict access or editing rights to specific data on shared resources • Can be customized by individual user or by user group 3 File Permissions
© Air Force Association • Full Control ‐ Administrator level access ‐ Users can make every possible change to a selected file or the contents of a selected folder • Modify ‐ Allows users to change a file’s content, but not its ownership ‐ Users cannot delete the file • Read & Execute ‐ Allows users to open and run programs • List Folder Contents ‐ Allows users to view the names of files stored in the selected folder • Write ‐ Allows users to make changes to a file and overwrite existing content • Read ‐ Allows users to view the attributes of a file or folder, but not edit it 4 Types of File Permissions
© Air Force Association • Use inheritable permissions to apply the same security settings to all of the files (child objects) in a folder (parent object) 5 Parent and Child Objects Parent object Child objects Parent object Child objectsParent object Child objects
© Air Force Association • By default, objects within a folder, known as child objects, inherit permission settings from their containing folder, known as the parent object • You can turn off inheritable permissions and customize who gets what kind of access to certain folders, subfolders, or documents • Depending on how many users need access to a sensitive file or folder and how many of the files in a folder need to be restricted, there are several ways to apply permissions ‐ E.g. If you want certain users or groups to be denied access to all but a few files within a folder, it is quickest to apply a restrictive permission setting to the parent object (folder). Once you have denied those users’ access to all of the files in the folder, you can go to the individual files you do want them to have access to and override the permissions those files inherited from the parent folder. 6 Inheritable Permissions
© Air Force Association • To apply the same permissions to all of the contents of a folder, Right-click the folder → Select Properties → Click the Security tab • Edit the permissions of an entire group by highlighting it and checking the appropriate boxes • Edit the permissions of a specific user (or subgroups you have created) by using the “Add…” button to add him/her to the Group or Usernames box and then checking the appropriate boxes 7 Customizing Permissions 1. 2. 3. 4.
© Air Force Association • To remove permissions inherited from a parent and create custom settings, Click the “Advanced” button from the Security tab → Click Change Permissions → Uncheck the “Include inheritable permissions…” box • Customize permissions for individual users and/or groups using the “Add…” button. • To extend your new settings to all of the child object or to extend permissions to the child objects in a folder, check the “Replace all child objects….” button 8 Customizing Permissions 1. 2. 3.
© Air Force Association • Another method of protecting information confidentiality and integrity • Much quicker than setting file permissions and can be used to control access to documents shared with people outside your network • Open a Microsoft Word document → Click the Window button → Prepare → Encrypt Document 9 MS Office File Encryption
© Air Force Association • Encrypt multiple files and files of different types (.doc, .mp4, etc.) at once by zipping (compressing) them in 7-Zip or another zipping program • To install 7-zip, go to: www.7-zip.org • Zipping also condenses the size of files, making them easier to transfer across the Internet or fit on a USB drive • Open your Documents→ Select Files → Right-Click → 7-Zip → Add to Archive → Use the Encryption section to add a password to the .zip file 10 7-Zip Zipped File Encryption 1. 2.
© Air Force Association • Ensure data remain available to users during and after a natural disaster, power outage, hardware failure or hacking attack • If your system is breached and files lose their integrity, backups can be restored to allow users to work with the latest untampered versions of files • Windows allows you to create three types of backups: ‐ System Repair Disc: • Contains only the system files needed to install/restore Windows to a computer without a functioning OS • Can be followed with a system image to restore everything else ‐ System image: • Contains files and programs on your system and Windows system files and settings • When you boot a computer with a functioning OS from a system image, the entire system will be automatically restored ‐ “Full” Backup • Saves the program files, folders, and documents you have selected to back up, so they can be later restored to a machine with a functioning OS • Much smaller file size than system repair discs, so can be run more frequently 11 Windows Backup Options Sources: http://windows.microsoft.com/en-us/windows7/what-is-a-system-image, http://windows.microsoft.com/en-us/windows7/create-a-system-repair-disc, http://windows.microsoft.com/en-us/windows/back-up-files#1TC=windows-7
© Air Force Association • Control Panel  System and Security  Backup your computer • Use the buttons on the left to launch the setup wizards for system images and system repair disc • Use the change settings button to set-up regular, automatic “full backups” 12 Creating Backups 1. 2. Sources: http://windows.microsoft.com/en-us/windows7/what-is-a-system-image, http://windows.microsoft.com/en-us/windows7/create-a-system-repair-disc, http://windows.microsoft.com/en-us/windows/back-up-files#1TC=windows-7
AIR FORCE ASSOCIATION’S NATIONAL YOUTH CYBER EDUCATION PROGRAM CYBERPATRIOT www.uscyberpatriot.org SECTION TWO Windows Auditing 13
© Air Force Association • Security tool that allows you to view records of changes and other events that have happened on a computer • Used by cybersecurity professionals to monitor system changes and the inner workings and less visible processes run by a computer • Control Panel → System and Security → Administrative Tools → Event Viewer Event Viewer 14 Source: http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sag_seconceptsimpaudbp.mspx?mfr=true
© Air Force Association • Security logs can be a useful last defense against attacks and a tool for forensics investigations into the source of a past attack or unauthorized entry • Customize what security logs are kept by setting Audit Policies Windows Logs 15 Events logged by programs Any successful or unsuccessful logon attempts Events that occurred during installation Events logged by system components Events forwarded from other computers Source: http://technet.microsoft.com/en-us/library/hh824819.aspx
© Air Force Association • Control Panel →System and Security → Administrative Tools → Local Security Policy → Local Policies → Audit Policy ‐ Success: generates an event when the requested action succeeds ‐ Failure: generates an event when the requested action fails ‐ No Auditing: does not generate an event for the action • Right click the Security Setting column → Properties → Success, Failure Audit Policy Settings 16 1. 2.
© Air Force Association • Must be set and enabled for logs to be available in the Event Viewer ‐ Account logon events: Attempts to log into system accounts ‐ Account management: Account creation or deletion, password changes, user group changes ‐ Directory service access: Changes to shared resources on a network ‐ Logon events: Attempts to log into a specific shared computer ‐ Object access: Access to sensitive, restricted files ‐ Policy change: Attempts to change local security policies, user rights, and auditing policies ‐ Privilege use: Attempts to execute restricted system changes ‐ Process tracking: Attempts to modify program files, which have rewritten or disrupted program processes (*key to detecting virus outbreaks) ‐ System events: Computer shutdowns or restarts Audit Policy Settings 17 *Recommended for Windows 7 users and Windows Server 2008 users *Recommended only for Windows Server 2008 users Sources: http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sag_seconceptsimpaudbp.mspx?mfr=true , http://technet.microsoft.com/en-us/library/dd277311.aspx , http://technet.microsoft.com/en-us/library/dn487457.aspx
AIR FORCE ASSOCIATION’S NATIONAL YOUTH CYBER EDUCATION PROGRAM CYBERPATRIOT www.uscyberpatriot.org SECTION THREE Performance Monitoring 18
© Air Force Association • Allows you to track the use and performance of hardware and software resources on a system • Allows you to view real-time and historical data ‐ Stop problems as they’re happening ‐ Predict future problems ‐ Conduct forensics to close vulnerabilities and stop intrusions of the same type from happening again • Allows you to decide if hardware or software needs updating • Allows you to determine if unknown programs and/or malware are running • Allows you to monitor and restrict user access Performance Monitoring 19
© Air Force Association • Shows programs, services, and processes currently running • Shows network activity and resource utilization • Right Click on the Menu Bar → Task Manager or press Ctrl + Alt + Del and Select “Start Task Manager” Task Manager 20 Applications: programs you interact with on the desktop Processes: Files (.exe) that control applications Services: processes that do not interact with the desktop (e.g. hardware drivers) Source: http://superuser.com/questions/209654/whats-the-difference-between-an-application-process-and-services
© Air Force Association • Three tasks: 1. Close programs that are not responding 2. Check if an unnecessary piece of software is running 3. Find the process that is associated with certain software, so you do not shut it down when looking for illegitimate services Task Manager – Applications Tab 21 Not Responding 1. 2. 3.
© Air Force Association • Some processes are essential for Windows and should not be shut down • Some malware are not visible as applications and can only be ended by shutting down associated services • Lookup processes to determine whether they are legitimate: www.processlibrary.com 22 Task Manager – Processes Tab Use either of these shutdown crashed or malicious processes Click this to see process run by the SYSTEM or other active users (Right-click)
© Air Force Association • List of processes running in the background • Click the “Services” button to manage services in advanced window 23 Task Manager – Services Tab
© Air Force Association • Services are programs that run invisibly and automatically in the background ‐ E.g. Windows Defender and Windows Firewall Monitoring Services 24 Status: ‐ Started: Currently running ‐ Blank: Not running Startup Type (how services start when the computer is booted up): ‐ Automatic: Starts when computer is booted up ‐ Manual: Starts when prompted to by user ‐ Disabled: Cannot be re-enabled automatically or manually by regular users (only Admins)
© Air Force Association • Two reasons to disable services: 1. Unnecessary • E.g. Spotify or other programs that decrease student/worker efficiency 2. Insecure • E.g. Remote Desktop Services or others than allow people to access your file systems from outside the organization’s networks • To disable a service or otherwise change its startup type, right-click it and select “Properties” Disabling Services 25 1. 2. Source: http://www.techrepublic.com/blog/10-things/10-plus-windows-7-services-you-may-not-need/
© Air Force Association • Monitors current and past resource use • Shows CPU usage by core ‐If your computer has multiple cores, you will see multiple CPU graphs ‐The more cores your computer has, the higher its processing power Task Manager: Performance Tab 26 Show the current usage of your CPU and memory out of the total available on your computer. Shows CPU usage over time. A high percentage indicates a program or process might not be responding. Ending that process or program should improve performance. Source: http://windows.microsoft.com/en-us/windows/see-details-computers-performance-task-manager#1TC=windows-7
© Air Force Association Task Manager: Performance Tab (cont.) 27 Displays the amount of RAM being used over time. Extremely high values could indicate hidden malware is operating on your system. Provides details on how RAM is being used. Cached RAM is used by system resources, available RAM is the amount immediately available for use by processes, drivers, or the OS, and free RAM is unused or does not contain useful information Lists how much memory is being used by the OS as a whole. If these numbers are very high, Windows might be corrupt or there is a piece of malware that is hampering its ability to run effectively. Source: http://windows.microsoft.com/en-us/windows/see-details-computers-performance-task-manager#1TC=windows-7
© Air Force Association • Network connectivity problems can arise from a broken router, switch, or cable, or from the computer itself ‐ The Networking tab will allow you to check whether the computer is the origin of the problem 28 Task Manager: Networking Tab Source: http://www.bleepingcomputer.com/tutorials/how-to-use-the-windows-task-manager/#networking Lists the names of your connections and tells you the percentage of your overall network that each connection is utilizing, the speed of the link, and whether or not that link is fully connected. Shows network performance over time. If utilization is very high one or more programs on your may be eating up all of your available bandwidth. Or, if you are not currently using any programs connected to the Internet, a high number could indicate you have malware on your computer or that an intruder is accessing your computer remotely.
© Air Force Association • Shows you all of the users currently logged on to the system • Allows you to “disconnect” users ‐ Terminate the user’s connection without shutting down the programs they were running • Allows you to “logoff” users ‐ Log the user off the computer completely and terminate any running programs Task Manager: Users Tab 29 Source: http://www.bleepingcomputer.com/tutorials/how-to-use-the-windows-task-manager/#networking

Recommended

Unit+nine+ +additional+topics+and+resources
Unit+nine+ +additional+topics+and+resourcesUnit+nine+ +additional+topics+and+resources
Unit+nine+ +additional+topics+and+resourcesErdo Deshiant Garnaby
 
microsoft+windows+security
microsoft+windows+securitymicrosoft+windows+security
microsoft+windows+securityErdo Deshiant Garnaby
 
Unit+seven+ +introduction+to+linux+and+ubuntu
Unit+seven+ +introduction+to+linux+and+ubuntuUnit+seven+ +introduction+to+linux+and+ubuntu
Unit+seven+ +introduction+to+linux+and+ubuntuErdo Deshiant Garnaby
 
Unit+three+ +computer+basics+and+virtual+machines
Unit+three+ +computer+basics+and+virtual+machinesUnit+three+ +computer+basics+and+virtual+machines
Unit+three+ +computer+basics+and+virtual+machinesErdo Deshiant Garnaby
 
Lesson 3 - Understanding Native Applications, Tools, Mobility, and Remote Man...
Lesson 3 - Understanding Native Applications, Tools, Mobility, and Remote Man...Lesson 3 - Understanding Native Applications, Tools, Mobility, and Remote Man...
Lesson 3 - Understanding Native Applications, Tools, Mobility, and Remote Man...Gene Carboni
 
Ch1 2
Ch1 2Ch1 2
Ch1 2Sumit Tambe
 
Lesson 5 - Managing Devices
Lesson 5 - Managing DevicesLesson 5 - Managing Devices
Lesson 5 - Managing DevicesGene Carboni
 
Lesson 4 - Managing Applications, Services, Folders, and Libraries
Lesson 4 - Managing Applications, Services, Folders, and LibrariesLesson 4 - Managing Applications, Services, Folders, and Libraries
Lesson 4 - Managing Applications, Services, Folders, and LibrariesGene Carboni
 

Recommended

Unit+nine+ +additional+topics+and+resources
Unit+nine+ +additional+topics+and+resourcesUnit+nine+ +additional+topics+and+resources
Unit+nine+ +additional+topics+and+resourcesErdo Deshiant Garnaby
 
microsoft+windows+security
microsoft+windows+securitymicrosoft+windows+security
microsoft+windows+securityErdo Deshiant Garnaby
 
Unit+seven+ +introduction+to+linux+and+ubuntu
Unit+seven+ +introduction+to+linux+and+ubuntuUnit+seven+ +introduction+to+linux+and+ubuntu
Unit+seven+ +introduction+to+linux+and+ubuntuErdo Deshiant Garnaby
 
Unit+three+ +computer+basics+and+virtual+machines
Unit+three+ +computer+basics+and+virtual+machinesUnit+three+ +computer+basics+and+virtual+machines
Unit+three+ +computer+basics+and+virtual+machinesErdo Deshiant Garnaby
 
Lesson 3 - Understanding Native Applications, Tools, Mobility, and Remote Man...
Lesson 3 - Understanding Native Applications, Tools, Mobility, and Remote Man...Lesson 3 - Understanding Native Applications, Tools, Mobility, and Remote Man...
Lesson 3 - Understanding Native Applications, Tools, Mobility, and Remote Man...Gene Carboni
 
Ch1 2
Ch1 2Ch1 2
Ch1 2Sumit Tambe
 
Lesson 5 - Managing Devices
Lesson 5 - Managing DevicesLesson 5 - Managing Devices
Lesson 5 - Managing DevicesGene Carboni
 
Lesson 4 - Managing Applications, Services, Folders, and Libraries
Lesson 4 - Managing Applications, Services, Folders, and LibrariesLesson 4 - Managing Applications, Services, Folders, and Libraries
Lesson 4 - Managing Applications, Services, Folders, and LibrariesGene Carboni
 
Lesson 1 - Introducing, Installing, and Upgrading Windows 7
Lesson 1 - Introducing, Installing, and Upgrading Windows 7Lesson 1 - Introducing, Installing, and Upgrading Windows 7
Lesson 1 - Introducing, Installing, and Upgrading Windows 7Gene Carboni
 
Unit+eight+ +ubuntu+security
Unit+eight+ +ubuntu+securityUnit+eight+ +ubuntu+security
Unit+eight+ +ubuntu+securityErdo Deshiant Garnaby
 
Lesson 2 - Understanding Operating System Configurations
Lesson 2 - Understanding Operating System ConfigurationsLesson 2 - Understanding Operating System Configurations
Lesson 2 - Understanding Operating System ConfigurationsGene Carboni
 
Chapter 8 Operating Systems And Utility Programs
Chapter 8 Operating Systems And Utility ProgramsChapter 8 Operating Systems And Utility Programs
Chapter 8 Operating Systems And Utility Programsnorzaini
 
Configuring Devices in Windows
Configuring Devices in WindowsConfiguring Devices in Windows
Configuring Devices in WindowsAmir Villas
 
1 5 system software and computer management
1 5 system software and computer management1 5 system software and computer management
1 5 system software and computer managementQondileRamokgadi
 
Week 6
Week 6Week 6
Week 6Joey Pierce
 
Working with Applications
Working with ApplicationsWorking with Applications
Working with ApplicationsAmir Villas
 
The Boot Process
The Boot ProcessThe Boot Process
The Boot ProcessAmir Villas
 
Disabling windows file protection
Disabling windows file protectionDisabling windows file protection
Disabling windows file protectionJhonathansmrt Smart
 
Ict 5
Ict 5Ict 5
Ict 5Mudasirbaloch
 
Ch 20
Ch 20Ch 20
Ch 20National American University
 
Lesson 8 - Understanding Backup and Recovery Methods
Lesson 8 - Understanding Backup and Recovery MethodsLesson 8 - Understanding Backup and Recovery Methods
Lesson 8 - Understanding Backup and Recovery MethodsGene Carboni
 
Lesson 7 - Maintaining, Updating, and Protecting
Lesson 7 - Maintaining, Updating, and ProtectingLesson 7 - Maintaining, Updating, and Protecting
Lesson 7 - Maintaining, Updating, and ProtectingGene Carboni
 
Linux webmin
Linux webminLinux webmin
Linux webminSonam Sharma
 
Red Hat Training
Red Hat TrainingRed Hat Training
Red Hat TrainingOpen Source Group
 
9781111306366 ppt ch5
9781111306366 ppt ch59781111306366 ppt ch5
9781111306366 ppt ch5Dr. Ahmed Al Zaidy
 
Ch03
Ch03Ch03
Ch03Raja Waseem Akhtar
 
Win8guide
Win8guideWin8guide
Win8guideROHIT KUMAR
 
Structure of operating system
Structure of operating systemStructure of operating system
Structure of operating systemRafi Dar
 
Unit+two+ +cyber+ethics+and+online+safety
Unit+two+ +cyber+ethics+and+online+safetyUnit+two+ +cyber+ethics+and+online+safety
Unit+two+ +cyber+ethics+and+online+safetyErdo Deshiant Garnaby
 
Unit+seven+ +introduction+to+linux+and+ubuntu
Unit+seven+ +introduction+to+linux+and+ubuntuUnit+seven+ +introduction+to+linux+and+ubuntu
Unit+seven+ +introduction+to+linux+and+ubuntuErdo Deshiant Garnaby
 

More Related Content

What's hot

Lesson 1 - Introducing, Installing, and Upgrading Windows 7
Lesson 1 - Introducing, Installing, and Upgrading Windows 7Lesson 1 - Introducing, Installing, and Upgrading Windows 7
Lesson 1 - Introducing, Installing, and Upgrading Windows 7Gene Carboni
 
Lesson 2 - Understanding Operating System Configurations
Lesson 2 - Understanding Operating System ConfigurationsLesson 2 - Understanding Operating System Configurations
Lesson 2 - Understanding Operating System ConfigurationsGene Carboni
 
Chapter 8 Operating Systems And Utility Programs
Chapter 8 Operating Systems And Utility ProgramsChapter 8 Operating Systems And Utility Programs
Chapter 8 Operating Systems And Utility Programsnorzaini
 
Configuring Devices in Windows
Configuring Devices in WindowsConfiguring Devices in Windows
Configuring Devices in WindowsAmir Villas
 
1 5 system software and computer management
1 5 system software and computer management1 5 system software and computer management
1 5 system software and computer managementQondileRamokgadi
 
Working with Applications
Working with ApplicationsWorking with Applications
Working with ApplicationsAmir Villas
 
The Boot Process
The Boot ProcessThe Boot Process
The Boot ProcessAmir Villas
 
Disabling windows file protection
Disabling windows file protectionDisabling windows file protection
Disabling windows file protectionJhonathansmrt Smart
 
Lesson 8 - Understanding Backup and Recovery Methods
Lesson 8 - Understanding Backup and Recovery MethodsLesson 8 - Understanding Backup and Recovery Methods
Lesson 8 - Understanding Backup and Recovery MethodsGene Carboni
 
Lesson 7 - Maintaining, Updating, and Protecting
Lesson 7 - Maintaining, Updating, and ProtectingLesson 7 - Maintaining, Updating, and Protecting
Lesson 7 - Maintaining, Updating, and ProtectingGene Carboni
 
Structure of operating system
Structure of operating systemStructure of operating system
Structure of operating systemRafi Dar
 

What's hot (20)

Lesson 1 - Introducing, Installing, and Upgrading Windows 7
Lesson 1 - Introducing, Installing, and Upgrading Windows 7Lesson 1 - Introducing, Installing, and Upgrading Windows 7
Lesson 1 - Introducing, Installing, and Upgrading Windows 7
 
Unit+eight+ +ubuntu+security
Unit+eight+ +ubuntu+securityUnit+eight+ +ubuntu+security
Unit+eight+ +ubuntu+security
 
Lesson 2 - Understanding Operating System Configurations
Lesson 2 - Understanding Operating System ConfigurationsLesson 2 - Understanding Operating System Configurations
Lesson 2 - Understanding Operating System Configurations
 
Chapter 8 Operating Systems And Utility Programs
Chapter 8 Operating Systems And Utility ProgramsChapter 8 Operating Systems And Utility Programs
Chapter 8 Operating Systems And Utility Programs
 
Configuring Devices in Windows
Configuring Devices in WindowsConfiguring Devices in Windows
Configuring Devices in Windows
 
1 5 system software and computer management
1 5 system software and computer management1 5 system software and computer management
1 5 system software and computer management
 
Week 6
Week 6Week 6
Week 6
 
Working with Applications
Working with ApplicationsWorking with Applications
Working with Applications
 
The Boot Process
The Boot ProcessThe Boot Process
The Boot Process
 
Disabling windows file protection
Disabling windows file protectionDisabling windows file protection
Disabling windows file protection
 
Ict 5
Ict 5Ict 5
Ict 5
 
Ch 20
Ch 20Ch 20
Ch 20
 
Lesson 8 - Understanding Backup and Recovery Methods
Lesson 8 - Understanding Backup and Recovery MethodsLesson 8 - Understanding Backup and Recovery Methods
Lesson 8 - Understanding Backup and Recovery Methods
 
Lesson 7 - Maintaining, Updating, and Protecting
Lesson 7 - Maintaining, Updating, and ProtectingLesson 7 - Maintaining, Updating, and Protecting
Lesson 7 - Maintaining, Updating, and Protecting
 
Linux webmin
Linux webminLinux webmin
Linux webmin
 
Red Hat Training
Red Hat TrainingRed Hat Training
Red Hat Training
 
9781111306366 ppt ch5
9781111306366 ppt ch59781111306366 ppt ch5
9781111306366 ppt ch5
 
Ch03
Ch03Ch03
Ch03
 
Win8guide
Win8guideWin8guide
Win8guide
 
Structure of operating system
Structure of operating systemStructure of operating system
Structure of operating system
 

Viewers also liked

Unit+two+ +cyber+ethics+and+online+safety
Unit+two+ +cyber+ethics+and+online+safetyUnit+two+ +cyber+ethics+and+online+safety
Unit+two+ +cyber+ethics+and+online+safetyErdo Deshiant Garnaby
 
Unit+seven+ +introduction+to+linux+and+ubuntu
Unit+seven+ +introduction+to+linux+and+ubuntuUnit+seven+ +introduction+to+linux+and+ubuntu
Unit+seven+ +introduction+to+linux+and+ubuntuErdo Deshiant Garnaby
 
introduction to cyber patriot and cyber security
introduction to cyber patriot and cyber securityintroduction to cyber patriot and cyber security
introduction to cyber patriot and cyber securityErdo Deshiant Garnaby
 
Unit+four+ +principles+of+cybersecurity
Unit+four+ +principles+of+cybersecurityUnit+four+ +principles+of+cybersecurity
Unit+four+ +principles+of+cybersecurityErdo Deshiant Garnaby
 

Viewers also liked (7)

Unit+two+ +cyber+ethics+and+online+safety
Unit+two+ +cyber+ethics+and+online+safetyUnit+two+ +cyber+ethics+and+online+safety
Unit+two+ +cyber+ethics+and+online+safety
 
Unit+seven+ +introduction+to+linux+and+ubuntu
Unit+seven+ +introduction+to+linux+and+ubuntuUnit+seven+ +introduction+to+linux+and+ubuntu
Unit+seven+ +introduction+to+linux+and+ubuntu
 
Unit+eight+ +ubuntu+security
Unit+eight+ +ubuntu+securityUnit+eight+ +ubuntu+security
Unit+eight+ +ubuntu+security
 
Cyber Ethics
Cyber EthicsCyber Ethics
Cyber Ethics
 
introduction to cyber patriot and cyber security
introduction to cyber patriot and cyber securityintroduction to cyber patriot and cyber security
introduction to cyber patriot and cyber security
 
Computer Security Hacking
Computer Security HackingComputer Security Hacking
Computer Security Hacking
 
Unit+four+ +principles+of+cybersecurity
Unit+four+ +principles+of+cybersecurityUnit+four+ +principles+of+cybersecurity
Unit+four+ +principles+of+cybersecurity
 

Similar to Unit+six+ +windows+file+protections+and+monitoring

Backing up your data
Backing up your dataBacking up your data
Backing up your dataaaberra
 
Joe Buonomo-ASQ Presentation
Joe Buonomo-ASQ PresentationJoe Buonomo-ASQ Presentation
Joe Buonomo-ASQ PresentationJoe Buonomo
 
Best Practices for Data Sharing (CHPC 2019 - South Africa)
Best Practices for Data Sharing (CHPC 2019 - South Africa)Best Practices for Data Sharing (CHPC 2019 - South Africa)
Best Practices for Data Sharing (CHPC 2019 - South Africa)Globus
 
Lesson 9: Managing Files
Lesson 9: Managing FilesLesson 9: Managing Files
Lesson 9: Managing FilesMahmmoud Mahdi
 
old file system/traditional file sysytem
old file system/traditional file sysytemold file system/traditional file sysytem
old file system/traditional file sysytemjizaka
 
Information management
Information managementInformation management
Information managementDeepak John
 
CH12-CompSec4e.pptx
CH12-CompSec4e.pptxCH12-CompSec4e.pptx
CH12-CompSec4e.pptxams1ams11
 
Dataverse Permissions Demystified - PowerAddicts BE 11-2022.pptx
Dataverse Permissions Demystified - PowerAddicts BE 11-2022.pptxDataverse Permissions Demystified - PowerAddicts BE 11-2022.pptx
Dataverse Permissions Demystified - PowerAddicts BE 11-2022.pptxRebekka Aalbers-de Jong
 
7-Backups of security Devices-03-06-2023.ppt
7-Backups of security Devices-03-06-2023.ppt7-Backups of security Devices-03-06-2023.ppt
7-Backups of security Devices-03-06-2023.pptabhichowdary16
 
Net essentials6e ch9
Net essentials6e ch9Net essentials6e ch9
Net essentials6e ch9APSU
 
Net essentials6e ch9
Net essentials6e ch9Net essentials6e ch9
Net essentials6e ch9APSU
 
Controlling Delegation of Windows Servers and Active Directory
Controlling Delegation of Windows Servers and Active DirectoryControlling Delegation of Windows Servers and Active Directory
Controlling Delegation of Windows Servers and Active DirectoryZoho Corporation
 
Remo Outlook Backup and Migrate
Remo Outlook Backup and MigrateRemo Outlook Backup and Migrate
Remo Outlook Backup and MigrateRemo Software
 
The basics of remote data replication
The basics of remote data replicationThe basics of remote data replication
The basics of remote data replicationFileCatalyst
 
Windows File Auditing Cheat Sheet ver Oct 2016 - MalwareArchaeology
Windows File Auditing Cheat Sheet ver Oct 2016 - MalwareArchaeologyWindows File Auditing Cheat Sheet ver Oct 2016 - MalwareArchaeology
Windows File Auditing Cheat Sheet ver Oct 2016 - MalwareArchaeologyMichael Gough
 

Similar to Unit+six+ +windows+file+protections+and+monitoring (20)

Backing up your data
Backing up your dataBacking up your data
Backing up your data
 
Joe Buonomo-ASQ Presentation
Joe Buonomo-ASQ PresentationJoe Buonomo-ASQ Presentation
Joe Buonomo-ASQ Presentation
 
Best Practices for Data Sharing (CHPC 2019 - South Africa)
Best Practices for Data Sharing (CHPC 2019 - South Africa)Best Practices for Data Sharing (CHPC 2019 - South Africa)
Best Practices for Data Sharing (CHPC 2019 - South Africa)
 
Lesson 9: Managing Files
Lesson 9: Managing FilesLesson 9: Managing Files
Lesson 9: Managing Files
 
old file system/traditional file sysytem
old file system/traditional file sysytemold file system/traditional file sysytem
old file system/traditional file sysytem
 
Pace IT - Basic OS Security Settings (Part 2)
Pace IT - Basic OS Security Settings (Part 2)Pace IT - Basic OS Security Settings (Part 2)
Pace IT - Basic OS Security Settings (Part 2)
 
Information management
Information managementInformation management
Information management
 
CH12-CompSec4e.pptx
CH12-CompSec4e.pptxCH12-CompSec4e.pptx
CH12-CompSec4e.pptx
 
Document management and collaboration system
Document management and collaboration systemDocument management and collaboration system
Document management and collaboration system
 
Dataverse Permissions Demystified - PowerAddicts BE 11-2022.pptx
Dataverse Permissions Demystified - PowerAddicts BE 11-2022.pptxDataverse Permissions Demystified - PowerAddicts BE 11-2022.pptx
Dataverse Permissions Demystified - PowerAddicts BE 11-2022.pptx
 
7-Backups of security Devices-03-06-2023.ppt
7-Backups of security Devices-03-06-2023.ppt7-Backups of security Devices-03-06-2023.ppt
7-Backups of security Devices-03-06-2023.ppt
 
Aix 400
Aix 400Aix 400
Aix 400
 
Net essentials6e ch9
Net essentials6e ch9Net essentials6e ch9
Net essentials6e ch9
 
Net essentials6e ch9
Net essentials6e ch9Net essentials6e ch9
Net essentials6e ch9
 
Controlling Delegation of Windows Servers and Active Directory
Controlling Delegation of Windows Servers and Active DirectoryControlling Delegation of Windows Servers and Active Directory
Controlling Delegation of Windows Servers and Active Directory
 
Remo Outlook Backup and Migrate
Remo Outlook Backup and MigrateRemo Outlook Backup and Migrate
Remo Outlook Backup and Migrate
 
EndPoint Vault (Demo Walkthrough)
EndPoint Vault (Demo Walkthrough)EndPoint Vault (Demo Walkthrough)
EndPoint Vault (Demo Walkthrough)
 
The basics of remote data replication
The basics of remote data replicationThe basics of remote data replication
The basics of remote data replication
 
Windows File Auditing Cheat Sheet ver Oct 2016 - MalwareArchaeology
Windows File Auditing Cheat Sheet ver Oct 2016 - MalwareArchaeologyWindows File Auditing Cheat Sheet ver Oct 2016 - MalwareArchaeology
Windows File Auditing Cheat Sheet ver Oct 2016 - MalwareArchaeology
 
ppt ch10
ppt ch10ppt ch10
ppt ch10
 

Recently uploaded

Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts servicevipmodelshub1
 
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With RoomVIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Roomgirls4nights
 
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Deliverybabeytanya
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Dana Luther
 
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With RoomVIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Roomdivyansh0kumar0
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Roomishabajaj13
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMgdsc13
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一Fs
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)Damian Radcliffe
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一Fs
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012rehmti665
 
Russian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsRussian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsstephieert
 
Denver Web Design brochure for public viewing
Denver Web Design brochure for public viewingDenver Web Design brochure for public viewing
Denver Web Design brochure for public viewingbigorange77
 

Recently uploaded (20)

Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
 
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With RoomVIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
 
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
 
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICECall Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
 
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With RoomVIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
 
Call Girls Service Dwarka @9999965857 Delhi 🫦 No Advance VVIP 🍎 SERVICE
Call Girls Service Dwarka @9999965857 Delhi 🫦 No Advance VVIP 🍎 SERVICECall Girls Service Dwarka @9999965857 Delhi 🫦 No Advance VVIP 🍎 SERVICE
Call Girls Service Dwarka @9999965857 Delhi 🫦 No Advance VVIP 🍎 SERVICE
 
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITM
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
 
Russian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsRussian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girls
 
Denver Web Design brochure for public viewing
Denver Web Design brochure for public viewingDenver Web Design brochure for public viewing
Denver Web Design brochure for public viewing
 

Unit+six+ +windows+file+protections+and+monitoring

  • 1. AIR FORCE ASSOCIATION’S NATIONAL YOUTH CYBER EDUCATION PROGRAM CYBERPATRIOT www.uscyberpatriot.org UNIT SIX Windows File Protections and Monitoring
  • 2. AIR FORCE ASSOCIATION’S NATIONAL YOUTH CYBER EDUCATION PROGRAM CYBERPATRIOT www.uscyberpatriot.org SECTION ONE Windows File Protections 1
  • 3. © Air Force Association • 3 Goals of information security: ‐ Maintain information confidentiality • Making sure only approved users have access to data ‐ Maintain information integrity • Data Integrity: assurance that information has not been tampered with or corrupted between the source and the end user • Source Integrity: assurance that the sender of the information is who it is supposed to be ‐ Maintain information availability • Ensuring data is accessible by approved users when needed The CIA Triad (Review) Source: http://www.techrepublic.com/blog/it-security/the-cia-triad/
  • 4. © Air Force Association • Important tool for ensuring data integrity and confidentiality • More customizable than the blanket set of permissions given to users by adding them to either the Users or Administrators group • Use to restrict access or editing rights to specific data on shared resources • Can be customized by individual user or by user group 3 File Permissions
  • 5. © Air Force Association • Full Control ‐ Administrator level access ‐ Users can make every possible change to a selected file or the contents of a selected folder • Modify ‐ Allows users to change a file’s content, but not its ownership ‐ Users cannot delete the file • Read & Execute ‐ Allows users to open and run programs • List Folder Contents ‐ Allows users to view the names of files stored in the selected folder • Write ‐ Allows users to make changes to a file and overwrite existing content • Read ‐ Allows users to view the attributes of a file or folder, but not edit it 4 Types of File Permissions
  • 6. © Air Force Association • Use inheritable permissions to apply the same security settings to all of the files (child objects) in a folder (parent object) 5 Parent and Child Objects Parent object Child objects Parent object Child objectsParent object Child objects
  • 7. © Air Force Association • By default, objects within a folder, known as child objects, inherit permission settings from their containing folder, known as the parent object • You can turn off inheritable permissions and customize who gets what kind of access to certain folders, subfolders, or documents • Depending on how many users need access to a sensitive file or folder and how many of the files in a folder need to be restricted, there are several ways to apply permissions ‐ E.g. If you want certain users or groups to be denied access to all but a few files within a folder, it is quickest to apply a restrictive permission setting to the parent object (folder). Once you have denied those users’ access to all of the files in the folder, you can go to the individual files you do want them to have access to and override the permissions those files inherited from the parent folder. 6 Inheritable Permissions
  • 8. © Air Force Association • To apply the same permissions to all of the contents of a folder, Right-click the folder → Select Properties → Click the Security tab • Edit the permissions of an entire group by highlighting it and checking the appropriate boxes • Edit the permissions of a specific user (or subgroups you have created) by using the “Add…” button to add him/her to the Group or Usernames box and then checking the appropriate boxes 7 Customizing Permissions 1. 2. 3. 4.
  • 9. © Air Force Association • To remove permissions inherited from a parent and create custom settings, Click the “Advanced” button from the Security tab → Click Change Permissions → Uncheck the “Include inheritable permissions…” box • Customize permissions for individual users and/or groups using the “Add…” button. • To extend your new settings to all of the child object or to extend permissions to the child objects in a folder, check the “Replace all child objects….” button 8 Customizing Permissions 1. 2. 3.
  • 10. © Air Force Association • Another method of protecting information confidentiality and integrity • Much quicker than setting file permissions and can be used to control access to documents shared with people outside your network • Open a Microsoft Word document → Click the Window button → Prepare → Encrypt Document 9 MS Office File Encryption
  • 11. © Air Force Association • Encrypt multiple files and files of different types (.doc, .mp4, etc.) at once by zipping (compressing) them in 7-Zip or another zipping program • To install 7-zip, go to: www.7-zip.org • Zipping also condenses the size of files, making them easier to transfer across the Internet or fit on a USB drive • Open your Documents→ Select Files → Right-Click → 7-Zip → Add to Archive → Use the Encryption section to add a password to the .zip file 10 7-Zip Zipped File Encryption 1. 2.
  • 12. © Air Force Association • Ensure data remain available to users during and after a natural disaster, power outage, hardware failure or hacking attack • If your system is breached and files lose their integrity, backups can be restored to allow users to work with the latest untampered versions of files • Windows allows you to create three types of backups: ‐ System Repair Disc: • Contains only the system files needed to install/restore Windows to a computer without a functioning OS • Can be followed with a system image to restore everything else ‐ System image: • Contains files and programs on your system and Windows system files and settings • When you boot a computer with a functioning OS from a system image, the entire system will be automatically restored ‐ “Full” Backup • Saves the program files, folders, and documents you have selected to back up, so they can be later restored to a machine with a functioning OS • Much smaller file size than system repair discs, so can be run more frequently 11 Windows Backup Options Sources: http://windows.microsoft.com/en-us/windows7/what-is-a-system-image, http://windows.microsoft.com/en-us/windows7/create-a-system-repair-disc, http://windows.microsoft.com/en-us/windows/back-up-files#1TC=windows-7
  • 13. © Air Force Association • Control Panel  System and Security  Backup your computer • Use the buttons on the left to launch the setup wizards for system images and system repair disc • Use the change settings button to set-up regular, automatic “full backups” 12 Creating Backups 1. 2. Sources: http://windows.microsoft.com/en-us/windows7/what-is-a-system-image, http://windows.microsoft.com/en-us/windows7/create-a-system-repair-disc, http://windows.microsoft.com/en-us/windows/back-up-files#1TC=windows-7
  • 14. AIR FORCE ASSOCIATION’S NATIONAL YOUTH CYBER EDUCATION PROGRAM CYBERPATRIOT www.uscyberpatriot.org SECTION TWO Windows Auditing 13
  • 15. © Air Force Association • Security tool that allows you to view records of changes and other events that have happened on a computer • Used by cybersecurity professionals to monitor system changes and the inner workings and less visible processes run by a computer • Control Panel → System and Security → Administrative Tools → Event Viewer Event Viewer 14 Source: http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sag_seconceptsimpaudbp.mspx?mfr=true
  • 16. © Air Force Association • Security logs can be a useful last defense against attacks and a tool for forensics investigations into the source of a past attack or unauthorized entry • Customize what security logs are kept by setting Audit Policies Windows Logs 15 Events logged by programs Any successful or unsuccessful logon attempts Events that occurred during installation Events logged by system components Events forwarded from other computers Source: http://technet.microsoft.com/en-us/library/hh824819.aspx
  • 17. © Air Force Association • Control Panel →System and Security → Administrative Tools → Local Security Policy → Local Policies → Audit Policy ‐ Success: generates an event when the requested action succeeds ‐ Failure: generates an event when the requested action fails ‐ No Auditing: does not generate an event for the action • Right click the Security Setting column → Properties → Success, Failure Audit Policy Settings 16 1. 2.
  • 18. © Air Force Association • Must be set and enabled for logs to be available in the Event Viewer ‐ Account logon events: Attempts to log into system accounts ‐ Account management: Account creation or deletion, password changes, user group changes ‐ Directory service access: Changes to shared resources on a network ‐ Logon events: Attempts to log into a specific shared computer ‐ Object access: Access to sensitive, restricted files ‐ Policy change: Attempts to change local security policies, user rights, and auditing policies ‐ Privilege use: Attempts to execute restricted system changes ‐ Process tracking: Attempts to modify program files, which have rewritten or disrupted program processes (*key to detecting virus outbreaks) ‐ System events: Computer shutdowns or restarts Audit Policy Settings 17 *Recommended for Windows 7 users and Windows Server 2008 users *Recommended only for Windows Server 2008 users Sources: http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sag_seconceptsimpaudbp.mspx?mfr=true , http://technet.microsoft.com/en-us/library/dd277311.aspx , http://technet.microsoft.com/en-us/library/dn487457.aspx
  • 19. AIR FORCE ASSOCIATION’S NATIONAL YOUTH CYBER EDUCATION PROGRAM CYBERPATRIOT www.uscyberpatriot.org SECTION THREE Performance Monitoring 18
  • 20. © Air Force Association • Allows you to track the use and performance of hardware and software resources on a system • Allows you to view real-time and historical data ‐ Stop problems as they’re happening ‐ Predict future problems ‐ Conduct forensics to close vulnerabilities and stop intrusions of the same type from happening again • Allows you to decide if hardware or software needs updating • Allows you to determine if unknown programs and/or malware are running • Allows you to monitor and restrict user access Performance Monitoring 19
  • 21. © Air Force Association • Shows programs, services, and processes currently running • Shows network activity and resource utilization • Right Click on the Menu Bar → Task Manager or press Ctrl + Alt + Del and Select “Start Task Manager” Task Manager 20 Applications: programs you interact with on the desktop Processes: Files (.exe) that control applications Services: processes that do not interact with the desktop (e.g. hardware drivers) Source: http://superuser.com/questions/209654/whats-the-difference-between-an-application-process-and-services
  • 22. © Air Force Association • Three tasks: 1. Close programs that are not responding 2. Check if an unnecessary piece of software is running 3. Find the process that is associated with certain software, so you do not shut it down when looking for illegitimate services Task Manager – Applications Tab 21 Not Responding 1. 2. 3.
  • 23. © Air Force Association • Some processes are essential for Windows and should not be shut down • Some malware are not visible as applications and can only be ended by shutting down associated services • Lookup processes to determine whether they are legitimate: www.processlibrary.com 22 Task Manager – Processes Tab Use either of these shutdown crashed or malicious processes Click this to see process run by the SYSTEM or other active users (Right-click)
  • 24. © Air Force Association • List of processes running in the background • Click the “Services” button to manage services in advanced window 23 Task Manager – Services Tab
  • 25. © Air Force Association • Services are programs that run invisibly and automatically in the background ‐ E.g. Windows Defender and Windows Firewall Monitoring Services 24 Status: ‐ Started: Currently running ‐ Blank: Not running Startup Type (how services start when the computer is booted up): ‐ Automatic: Starts when computer is booted up ‐ Manual: Starts when prompted to by user ‐ Disabled: Cannot be re-enabled automatically or manually by regular users (only Admins)
  • 26. © Air Force Association • Two reasons to disable services: 1. Unnecessary • E.g. Spotify or other programs that decrease student/worker efficiency 2. Insecure • E.g. Remote Desktop Services or others than allow people to access your file systems from outside the organization’s networks • To disable a service or otherwise change its startup type, right-click it and select “Properties” Disabling Services 25 1. 2. Source: http://www.techrepublic.com/blog/10-things/10-plus-windows-7-services-you-may-not-need/
  • 27. © Air Force Association • Monitors current and past resource use • Shows CPU usage by core ‐If your computer has multiple cores, you will see multiple CPU graphs ‐The more cores your computer has, the higher its processing power Task Manager: Performance Tab 26 Show the current usage of your CPU and memory out of the total available on your computer. Shows CPU usage over time. A high percentage indicates a program or process might not be responding. Ending that process or program should improve performance. Source: http://windows.microsoft.com/en-us/windows/see-details-computers-performance-task-manager#1TC=windows-7
  • 28. © Air Force Association Task Manager: Performance Tab (cont.) 27 Displays the amount of RAM being used over time. Extremely high values could indicate hidden malware is operating on your system. Provides details on how RAM is being used. Cached RAM is used by system resources, available RAM is the amount immediately available for use by processes, drivers, or the OS, and free RAM is unused or does not contain useful information Lists how much memory is being used by the OS as a whole. If these numbers are very high, Windows might be corrupt or there is a piece of malware that is hampering its ability to run effectively. Source: http://windows.microsoft.com/en-us/windows/see-details-computers-performance-task-manager#1TC=windows-7
  • 29. © Air Force Association • Network connectivity problems can arise from a broken router, switch, or cable, or from the computer itself ‐ The Networking tab will allow you to check whether the computer is the origin of the problem 28 Task Manager: Networking Tab Source: http://www.bleepingcomputer.com/tutorials/how-to-use-the-windows-task-manager/#networking Lists the names of your connections and tells you the percentage of your overall network that each connection is utilizing, the speed of the link, and whether or not that link is fully connected. Shows network performance over time. If utilization is very high one or more programs on your may be eating up all of your available bandwidth. Or, if you are not currently using any programs connected to the Internet, a high number could indicate you have malware on your computer or that an intruder is accessing your computer remotely.
  • 30. © Air Force Association • Shows you all of the users currently logged on to the system • Allows you to “disconnect” users ‐ Terminate the user’s connection without shutting down the programs they were running • Allows you to “logoff” users ‐ Log the user off the computer completely and terminate any running programs Task Manager: Users Tab 29 Source: http://www.bleepingcomputer.com/tutorials/how-to-use-the-windows-task-manager/#networking