1
00:00:02,610 --> 00:00:09,970
The last exercise in this module will focus on typical system configuration errors.

2
00:00:10,200 --> 00:00:18,530
You can unwittingly install a malicious program cloaked as a legitimate tool a Trojan horse.

3
00:00:18,760 --> 00:00:23,910
You can fall prey to an automated attack that exploits known vulnerabilities or a lack of regular system

4
00:00:23,910 --> 00:00:27,130
or software updates.

5
00:00:27,150 --> 00:00:29,550
You can also run malware without realizing it.

6
00:00:33,830 --> 00:00:36,960
The malware is hiding in your system through the use of root kids.

7
00:00:38,510 --> 00:00:45,860
That's all true but many problems arise as a result of system misconfiguration.

8
00:00:45,990 --> 00:00:49,770
One of the problems is using an administrator account on a daily basis.

9
00:00:51,990 --> 00:00:57,380
You don't need administrator permissions to read your mailbox or browse the Internet.

10
00:00:57,380 --> 00:01:05,030
Another problem is logging on to domain administrator accounts on a workstation a log on entails the

11
00:01:05,030 --> 00:01:11,130
caching and saving of credentials on the workstations and then the computer's disks.

12
00:01:11,380 --> 00:01:17,200
Users have direct daily access to these machines which are protected with weaker security mechanisms

13
00:01:17,200 --> 00:01:19,530
than servers or administrator computers.

14
00:01:23,540 --> 00:01:30,160
Another problem is also assuming that the default system configuration provides the highest security.

15
00:01:30,160 --> 00:01:31,330
This is not true.

16
00:01:32,420 --> 00:01:37,050
The default configuration is simply the most universal settings.

17
00:01:37,250 --> 00:01:41,930
It is set to run on the largest number of computers with the largest number of installed programs

18
00:01:44,900 --> 00:01:51,190
this configuration is needed neither the most efficient nor the most secure since detecting this type

19
00:01:51,190 --> 00:01:53,200
of errors could be complicated.

20
00:01:53,200 --> 00:01:59,410
Microsoft released a utility called Microsoft baseline security analyzer.

21
00:01:59,460 --> 00:02:01,470
Let's take a closer look at the program.

22
00:02:02,810 --> 00:02:11,110
And BSA is a simple tool that can be used to evaluate system configuration on one or multiple computers.

23
00:02:11,200 --> 00:02:15,500
It can serve to for example check the security state of all computers in the network.

24
00:02:17,300 --> 00:02:24,250
This presentation will analyze a local computer program will check if there are issues with an overuse

25
00:02:24,290 --> 00:02:26,040
of administrator privileges.

26
00:02:27,890 --> 00:02:35,730
For example whether there are too many administrative accounts and BSA will also check if the administrator

27
00:02:35,730 --> 00:02:43,120
accounts are protected with passwords of a sufficient strength.

28
00:02:43,220 --> 00:02:49,490
It will then check for typical vulnerabilities in popular Microsoft services like I as web server and

29
00:02:49,490 --> 00:02:56,220
as you well it will also see if the system and all Microsoft applications are updated.

30
00:02:58,870 --> 00:03:00,640
You can run a scan in the meantime

31
00:03:04,690 --> 00:03:07,850
and BSA connects to a Windows update server.

32
00:03:07,870 --> 00:03:15,580
This could be a local Windows Server or an Internet service next to a digitally signed list of available

33
00:03:15,580 --> 00:03:18,620
applications is downloaded.

34
00:03:18,840 --> 00:03:25,410
The program will compare the list against your computer state and installation of an update is locked

35
00:03:25,410 --> 00:03:30,820
into the event log into the registry.

36
00:03:30,830 --> 00:03:35,680
That's why the software is able to verify at any time if your system lacks a particular update that

37
00:03:35,690 --> 00:03:37,040
has not been revoked.

38
00:03:39,650 --> 00:03:44,750
Since the downloaded file is digitally signed you can be sure that it includes all updates that have

39
00:03:44,750 --> 00:03:46,220
been officially released.

40
00:03:49,190 --> 00:03:53,720
After the scan is completed you can view a report that assesses the configuration of the computer you're

41
00:03:53,720 --> 00:03:54,590
working on.

42
00:03:56,750 --> 00:04:05,340
The generated report first shows the most critical problems you can change the setting of course in

43
00:04:05,340 --> 00:04:09,170
our case it turns out that both software and operating systems are outdated.

44
00:04:11,630 --> 00:04:18,630
Two important updates are missing for software while the operating system lacks 20 updates.

45
00:04:18,640 --> 00:04:25,390
You can also always learn more what you can or should install.

46
00:04:25,540 --> 00:04:29,800
If for some reason you don't know how to do this you can learn this also from the tool

47
00:04:35,650 --> 00:04:42,160
the mentioned vulnerabilities are Martis critical another critical vulnerability that directly bears

48
00:04:42,160 --> 00:04:48,040
on the system security is that 2 of 5 accounts that are created on the system have easy to crack passwords

49
00:04:48,220 --> 00:04:52,660
or have no passwords.

50
00:04:52,770 --> 00:04:56,370
The next vulnerabilities are less critical.

51
00:04:56,380 --> 00:05:01,970
The program can inform us for example that automatic updating is disabled or that passwords don't expire

52
00:05:03,940 --> 00:05:05,960
in either review descriptions for all issues.

53
00:05:05,960 --> 00:05:12,940
Each time they're reported You will also find step by step instructions for solving the problem.

54
00:05:16,910 --> 00:05:22,710
The next part of the report shows information on computer configuration.

55
00:05:22,800 --> 00:05:28,680
There are no problems here especially given that both S and S Cuil don't operate on this computer and

56
00:05:28,680 --> 00:05:31,860
that the Internet Explorer configuration has not been changed.

57
00:05:34,230 --> 00:05:39,450
Microsoft baseline security analyzer is easy to use tool that can quickly find typical administrative

58
00:05:39,450 --> 00:05:42,610
vulnerabilities and tell you how they can be eliminated.

59
00:05:45,670 --> 00:05:52,220
This last case study ends the module this part of the course showed malware threats and the ways for

60
00:05:52,220 --> 00:05:55,140
dealing with the problems.

61
00:05:55,220 --> 00:05:55,730
Thank you.