Changes

Jump to: navigation, search

SEC520/labs/Lab 5

3,341 bytes removed, 17:50, 31 January 2018
no edit summary
<h1> <span class="mw-headline">Hardening Windows</span></h1>
<a name="Introduction" id="Introduction"></a><h2> <span class="mw-headline">Introduction</span></h2>
<br />
In the previous two labs, you should have learned how to penetrate your vulnerable Windows 2003 server using a variety of vulnerability testing strategies. In this lab, students will learn how to make their Windows servers less vulnerable to these types of attacks (i.e. <b>hardening</b> the Windows 2003 server):<br /><br />
</dd></dl>
<br /><br />
<a name="Objectives" id="Objectives"></a><h2> <span class="mw-headline">Objectives</span></h2>
<ol>
<li>Setup and maintain <b>User Account and Auditing (logging) Policies</b>i (including shutting down any unnecessary services).
<p><br>
</p>
<a name="Required_Materials_.28Bring_to_All_Labs.29" id="Required_Materials_.28Bring_to_All_Labs.29"></a><h2> <span class="mw-headline">Required Materials (Bring to All Labs)</span></h2>
<ul>
<li> <b>SATA Hard Disk</b> (in removable disk tray).
<p><br>
</p>
<a name="Prerequisites" id="Prerequisites"></a><h2> <span class="mw-headline">Prerequisites</span></h2><ul><li> <a href="[https://scs.senecac.on.ca/~fac/sec520/labs/SEC520_Lab_4.html">SEC520 Lab 4</a>]
</li></ul>
<p><br>
</p>
<a name="Linux_Command_Online_Reference" id="Linux_Command_Online_Reference"></a><h2> <span class="mw-headline">Online Tools and References</span></h2>
<ul>
<li><a href="[http://www.windowsecurity.com/articles/security-configuration-wizard-windows-server-2003-sp1.html" target="_new">Security Configuration Wizard (Service Pack 1 - Windows 2003 Server)</a>]</li> <li><a href="[http://www.windowsecurity.com/articles/understanding-windows-ntfs-permissions.html" target="_new">NTFS (Setting up Share Permissions)</a>]</li> <li><a href="[http://support.microsoft.com/kb/327838" target="_new">Automating Updates - Windows 2003 Server</a>]</li> <li><a href="[https://www.sans.org/media/score/checklists/ID-Windows.pdf" target="_new">Intrusion Discovery (Windows)</a>]</li>
</ul>
<p><br>
</p>
<a name="Resources_on_the_web" id="Resources_on_the_web"></a><h2> <span class="mw-headline">Course Notes</span></h2>
<ul>
<li><a href="[http://cs.senecac.on.ca/%7Efac/sec520/slides/sec520_w8_l1.odp" target="_new">odp</a> ] | <a href="[http://cs.senecac.on.ca/%7Efac/sec520/slides/sec520_w8_l1.pdf" target="_new">pdf</a> ] | <a href="[http://cs.senecac.on.ca/%7Efac/sec520/slides/sec520_w8_l1.ppt" target="_new">ppt</a> ] (Slides: Hardening Windows 2003 Server)</li><li><a href="[http://lcweb.senecac.on.ca:2052/assetviewer.aspx?bookid=12602&chunkid=978290911&rowid=177" target="_new">Hardening Windows Second Edition (E-book)</a> ] (Chapter 5)</li> <li>YouTube Video: <a href="[http://www.youtube.com/watch?v=df1_yx2fa8g" target="_new">Security Configuration Wizard 2003</a>]</li>
</ul>
<p><br>
</p>
<a name="Performing_Lab_2" id="Performing_Lab_2"></a><h1> <span class="mw-headline">Performing Lab 5</span></h1><a name="Task1" id="Investigation_1:_How_to_Perform_a_Fedora_DVD_Install_on_Your_Removable_Hard_Drive"></a><h2> <span class="mw-headline">Task #1: Setting Account &amp; Auditing Policies (Security Configuration Wizard)</span></h2>
<br />
The Security Configuration Wizard (<b>SCW</b>) is a tool to allow the adminstrator to control or "lock down" your Windows 2003 server in terms of:<ul><li>Which services can be turned on and off</li><li>Which users have access to running services</li><li>Service policies</li></ul>
In this section, you will learn to install, configure and implement security policies using <b>SCW</b>.
<br /><br />
<div class="messagebox" style="background-color: #f9f6b7; border: 1px solid #c4c295; color: black; padding: 5px; margin: 1ex 0; min-height: 35px; padding-left: 45px;"><div style="float: left; margin-left: -40px;"><a href="/wiki/index.php/File:Important.png" class="image" title="Important.png"><img alt="" src="35px-Idea.png" width="35" height="35" border="0" {{Admon/></a></div><div><b>tip|Locking Down the Server's BIOS</b><br />|The system adminstrator should prevent the server's BIOS from bootin from removable drives, and setup a BIOS password to limit access to editing the server's BIOS. Since you are using the college's computers, you are not able to lock down the BIOS, but it is worth mentioning when you are securing computers in the future.</div></div>|}}
<br />
INSTRUCTIONS:
<br />
<div class="messagebox" style="background-color: #f9f6b7; border: 1px solid #c4c295; color: black; padding: 5px; margin: 1ex 0; min-height: 35px; padding-left: 45px;"><div style="float: left; margin-left: -40px;"><a href="/wiki/index.php/File:Important.png" class="image" title="Important.png"><img alt="" src="35px-Important.png" width="35" height="35" border="0" {{Admon/></a></div><div><b>important|Service Pack 1 Required</b><br />|In order to install, setup and configure the Security Configuration Wizard, you need to install Service Pack 1 on your Windows 2003 server before proceeding with this section.<br /><br />In order to <b>install Service Pack 1</b>, you need to download and install</b>. Here is a link to obtain Service Pack 1:<br /><a href="[http://technet.microsoft.com/en-us/windowsserver/bb463273.aspx">http://technet.microsoft.com/en-us/windowsserver/bb463273.aspx</a> </div></div>] |}}
<br />
<ol>
<li>It may a few minutes for <b>SCW</b> to process the default settings.<br /> Click <b>View Configuration</b> and then click <b>Next</b> in order to view the <i>various roles</i>, <i>running applications</i> and <i>open ports</i> on your current server.</li>
</ol>
<div class="messagebox" style="background-color: #f9f6b7; border: 1px solid #c4c295; color: black; padding: 5px; margin: 1ex 0; min-height: 35px; padding-left: 45px;"><div style="float: left; margin-left: -40px;"><a href="/wiki/index.php/File:Important.png" class="image" title="Important.png"><img alt="" src="35px-Idea.png" width="35" height="35" border="0" {{Admon/></a></div><div><b>tip|Security Policy Template</b><br />|<b>SCW</b> allows security settings to be saved in a file, that can be used to import into other newly-installed or exising Window 2003 servers in order to save time...</div></div>|}}
<br />
<li>Click <b>Next</b> to proceed to the last (verification) dialog box, and click <b>Next</b> to proceed with setting the various parts of your current server's security policy.</li>
</ol>
<div class="messagebox" style="background-color: #f9f6b7; border: 1px solid #c4c295; color: black; padding: 5px; margin: 1ex 0; min-height: 35px; padding-left: 45px;"><div style="float: left; margin-left: -40px;"><a href="/wiki/index.php{{Admon/File:Important.png" class="image" title="Important.png"><img alt="" src="35px-Idea.png" width="35" height="35" border="0" /></a></div><div><b>tip|Security Policy Elements</b><br />|Security policies in <b>SCW</b> consists of several categories: <ul><li><b>Network Security</b> (port and application settings</li><li><b>Registry</b> (communication protocols between machines)</li><li><b>Audit Policy</b> (logging user and system events)</li></ul></div></div>|}}
<br />
<br />
<a name="Task2" d="Investigation_2:_How_many_file_packages_and_files_are_installed_on_the_system.3F"></a><h2> <span class="mw-headline">Task #2: Implementing New Technology File System (NTFS)</span></h2>
<br />
<b>NTFS</b> is a newer file system developped for Windows operating systems that provide improved disk space utilization, file system journaling, as well as security. This newer file system technology incorporates <b>Access Control Lists (ACLs)</b> which you have learned and configured in <i>lab #5: Linux Hardening - Part 2</i>.
INSTRUCTIONS:
<ol>
<li>Read the tutorial on how to use ACLs with Windows NTFS Permissions at the following link:<br /><a href="[http://www.windowsecurity.com/articles/understanding-windows-ntfs-permissions.html" target="_new">Understanding Windows NTFS Permissions</a>]</li>
<li>Perform the following steps (as in Lab #5, but using Windows NTFS Permissions):<ol>
<li>Create the following directory: <b>c:\share</b></li>
</p>
<a name="Task3" d="Investigation_2:_How_many_file_packages_and_files_are_installed_on_the_system.3F"></a><h2> <span class="mw-headline">Task #3: Monitoring Logs &amp; Activity / Tripwire for Windows</span></h2>
<br />
In this section, we will be using similar techniques to monitor suspicious activity in your Windows 2003 server as you did in <b>lab7</b> (for your Linux server). The tools in Windows will be a combination of Graphical and command-line.
<li>Run the <b>Event Manger</b> graphical tool by issing the following MS command:
<pre>
<b>eventvwr.msc</b>
</pre>
<br />
<li>Run the following graphical and command-line tools, in order to view and identify all of the services running on your Windows 2003 server (both normal and suspicious):
<pre>
<b>taskmgr.exe</b>
<b>services.msc</b>
<b>tasklist /svc</b>
</pre>
<br />
<li>View your Windows registry file to detect any suspicious or strange programs by issuing the following command:
<pre>
<b>regedit</b>
</pre>
<br />
<li>Next, issue the following MS commands in order to detect unusual network activity:
<pre>
<b>net view</b>
<b>net session</b>
<b>net user</b>
<b>netstat -na</b>
</pre>
<br /></li>
<li>Run the following Windows commands to observe any unusual scheduled tasks:
<pre>
<b>schtasks</b>
<b>msconfig.exe</b>
</pre>
<br /></li>
<li>Finally, run the following Windows command to detect any unusual (recentrly added) user accounts to the Windows system:
<pre>
<b>lusrmgr.msc</b> </pre>
<br /></li>
</ol>
<div class="messagebox" style="background-color: #f9f6b7; border: 1px solid #c4c295; color: black; padding: 5px; margin: 1ex 0; min-height: 35px; padding-left: 45px;"><div style="float: left; margin-left: -40px;"><a href="{{Admon/wiki/index.php/File:Important.png" class="image" title="Important.png"><img alt="" src="35px-Idea.png" width="35" height="35" border="0" /></a></div><div><b>tip|Tripwire Alternative for Windows?</b><br />|
As a matter of interest, there is an alternative IDS for MS Windows (amoung other platforms). The name of the application is called <b>OSSEC</b> which is a scalable, multi-platform, and open source (free).<br /><br />Here is a link to this application:<br />
<a href="[http://www.ossec.net/" target="_blank">http://www.ossec.net/</a></div>]</div>|}}
<br />
<ol>
</p>
<a name="Task4" d="Investigation_2:_How_many_file_packages_and_files_are_installed_on_the_system.3F"></a><h2> <span class="mw-headline">Task #4: Apply / Automate Software Updates</span></h2>
INSTRUCTIONS:
<ol>
<li>Read the tutorial on how to setup automatic updates in Windows 2003 server at the following link:<br /><a href="[http://support.microsoft.com/kb/327838" target="_new">How to Schedule Automatic Updates in Windows Server 2003</a>]</li>
<li>Using the above tutorial, setup your Windows 2003 server to automatically update the server.</li>
<li>Try the same process in Lab 3 to try to penetrate your Windows 2003 server. Where you successful? Record your findings in your lab lab-book.
<a name="Completing_the_Lab" id="Completing_the_Lab"></a><h1> <span class="mw-headline"> Completing the Lab </span></h1>
<p><b>Arrange evidence for each of these items on your screen, then ask
your instructor to review them and sign off on the lab's completion:</b>
<p><br>
</p>
<a name="Preparing_for_Quizzes" id="Preparing_for_Quizzes"></a><h1> <span class="mw-headline"> Preparing for Quizzes </span></h1>
<ol>
Retrieved from "https://wiki.cdot.senecapolytechnic.ca/wiki/Special:MobileDiff/131203"

Navigation menu