Securing Operating Systems Module 02 simplifying Seourity, Certified Secure Computer User Module 2: Securing Operating Systems Exam 112-12 Modite 02 Page 13 Certifed Score Computer User Copyright © by KE-beumell ‘Al Rimes Reserves Reprecuion © Si Promotes.Ccerniseaseeute Computer user em 24 securing Operting systems Security News. Source: http://www. dailymail.co.uk Names like Michelle Obama and Hillary Clinton made it to the same news bit as Kim Kardashian and Britney Spears—courtesy anonymous hackers. Sensitive details of several important government officials and Hollywood Avlisters were hacked and leaked on a website in early 2013 sending a clear message that nobody is immune ta hacking in this digital era. The leaked information included social security numbers, credit card details, and cable bills. ‘The list of those hacked included Michelle Obama, Joe Biden, Hillary Clinton, Beyoncé, Britney ‘Spears, Ashton Kutcher, and Jay-Z Officials of the US government agencies like NSA and FBI were flummoxed at this major security breach. The Internet suffix of the website containing this sensitive information originated in Russia. The tagline of this website has been taken from the popular sitcom, Dexter, “If you believe that God makes miracles, you have to wonder if Satan has a few up his sleeve. Module Objectives At the end of this module you will be able to: * Lock a windows system when not in use "Create a user account password for a Windows system "Change a user account password fer a Windows system "Disable the guest account of a Windows system * Lock out unwanted guests from a Windows system = Rename the administrator account of a Windows system = Disable jump lists of a Windows system = Enable software updates in a Windows system = Enable the firewall in a Windows system * Add new apps in the firewall of a Windows system = Remove/Disable app rules from the firewall of a Windows system * Create a new firewall rule in a Windows system "Tum on Windows Defender "Enable BitLocker in a Windows system "Understand Windows Encrypting File System Modte 02 Faget Certed Secure Computer User Conyrght Dy EE-Gemmell ‘a Rights Reserved Raproeuctn etry Promises.‘cartes secure Computer et ‘securing Operating sytem ™ Decrypt a file using EFS in a Windows system ™ Disable unnecessary services in a Windows system * Kill unwanted processes in a Windows system "Hide files and folders in a Windows system, "Disable simple file sharing in a Windows system "Raise the UAC Slide Bar in a Windows system "Lock a Mac system, when notin use * Disable automatic login ina Mac = Allow app downloads from the Mac app store = Enable automatic software updates in a Mac * Disable the guest account in a Mac ™ Enable FileVault in a Mac ™ Enable the firewall in a Mac "Change user account passwords in a Mac * Enable and set parental controls ina Mac Modise02 Page 13 ered Scare Computer User Copyright © ay E-Ceunell ‘Fights Rezarvec Raseocuston Sey Prone.Ccertea secure Computer user eam naa ‘Secring Operating Systeme: Securing Operating Systems The Operating System (0S) is a software program that controls all the functions of both the hardware and the software of a computing device. A computer cannot function without an operating system, much in the same way, the human body cannot operate without a brain Operating systems work in conjunction with a processor and perform tasks such as: "Accepting input from the keyboard "Controlling files and directories in the hard disk ™ Controlling peripheral devices like printers, scanners etc. "Displaying the end result on the screen = Managing files, store, and fetching data from device memory = Handle system resources such as the computer's memory and sharing of the central processing unit (CPU) time among various applications ar peripheral devices "Providing security to the device and its data OS Security is defined as the steps and measures taken to protect the OS from viruses, threats, malware, and hacking. OS Security includes several programs and applications which perform the required tasks and stop unauthorized interference. Security of the OS can be strengthened in the following ways: * Updating the 0S regularly Installing legitimate antivirus software and applications "Analyzing the entire network traffic through 3 firewall "Creating secure accounts (Le. user management) Guidelines to Secure Windows 10 Lock the System When Not in Use Operating systems come with a feature called “system lock", which enables users to set a password for the computer or device, either manually or automatically. The lock prompts users to enter the password when they try to access the system thus preventing unauthorized access and protecting the data. Locking the computer is akin to locking one’s house to prevent it from. getting robbed. Methods of locking the system, when not in use are: Method 1: "Lock the system by pressing the Windows and Lkeys together on the keyboard Method 2: "Launch the Start screen by clicking on the Windows tab on the bottom left comer of the screen Modis 02 Page se Certed Secure Computer User Conyrght Dy EE-Gemmell ‘a Rights Reserved Raproeuctn etry Promises.Fig. 2.4 Locking the System When Not in Use in Windows Method 3: * To lock the system automatically, type the words “screen saver” in the search box and lick Change screen saver — select time and check “On resume, display logon screen” Now click on Apply and then OK Pastimanencat Comme my mat proms ing Sly Spires ar Fig. 2.2 Locking the System when Not in Use in Windows Moe 02 Page $7 Certitied Secure Computer User Copyright © by EE Gomnell “UAE Reeves ResroeUse Sey Prone‘ceries secure Computer User cam 1242 Securing Operating system: Users should also ensure that their computers prompt them for their passwords every time ‘their devices wake up from sleep mode, in order to ensure that nobody else can access their devices when they are not around. ‘Steps to prevent the automatic login of the last logged-in user: ™ Access the Start menu and dick Settings Fig. 23 Preventing Automatic Login in Windows Step 1 ™ Click Personalization and go to the Sign-in options samesarige stemmed ou opto . Regie sign-in toni ve oo mum is Sync yoursenings l J Password soma emmacty outset sient PIN cobvisgn meatier and oan ‘Fig. 2.4 Preventing Automatic Login in Windows Step It Mode 02 Fage 18 Certiied Secure Computes User Copyright © by ED-Gemnell Al Rights Reserved Resroduction Sei Pranic,‘cents Secure Computer User eam sz2 securing Opermting Sytem: * Under the Require sign-in section, choose “When PC wakes up from sleep” © ae BH accouurs - Some tinge are mage iy yor orgination Require sign-in oe re een aay tense Wo esr ther ase inapiet [Weenie water ip ervaere Sy yur cigs Password “ar pase i managed jour pis airs FIN ‘Gre st weinpiee nt garonds. eng aM mae t serio ign int Wows pe ad ons ada Fig. 2.5 Preventing Automatic Login in windows Step it Create a User Account Password in Windows 10 Computers used at home or in organizations may have one ar more users, and it is important for them to keep their data secure. To facilitate data privacy, operating systems come with multi-user functionality. It allows the administrator to create different users and set their individual passwords. A weak password does not offer an effective protection against unauthorized access. Always use strong passwords containing upper and lower case letters, numbers, and special characters. Special characters include spaces which makes a password stronger. A password may fulfill all these criteria but can be still considered weak if it has a complete word in it. Complete words are relatively easier to guess and hence make a password weak. Thus, even though the password, “Amaze23!” fulfills all the aforementioned criteria, itis still not a good password. A better password in this case would be “Am@2 el” Adding additional layers of protection to the data will help to keep it secure. Steps for creating user account passwords are as follows: * Click on the Start menu search box and enter “add user” ™ Select “Add, edit, or remove other users" from the top of the: resulting search list "Under User1, click on Change Account Type, then click on Create Password Mote 02 Page 8 cerfied Secure Computes User Copyright © oy Eb-temnel “ARigres Reserves Resreaumion © Sei PromotesWortce sehoel users ‘Other users Oisaca —— | sets cs Fig. 2.6 Creating a User Account Password in Windows Step | = Type in a password, then retype it again for security purposes. Add a password hint as ‘well in case you forget the password Create an account for this PC yours eseapusun chase sere tal be ey raver iar beaten gn. ne ptr toe FCT ee Fig. 2.7 Creating @ user Account Password in Windows Step it ™ Glick Next to confirm the password Mdte 02 Page 20‘crete secure Computer User eam sz Securing Operating Systeme ‘Change a User Account Password in Windows 10 Users can change their account passwords anytime they want by following the subsequent steps: "Right-click Start > Control Panel = Glick on User Accounts 1 > Grn 0 fe * joey comput’ eis vents coe * Sycm and Seasity ser Aomunts Been Bb Sin Ry SE rd Perce anne; es Prgrars Qs ‘ig. 28 Changing a User Account Password in Windows Step 1 = Click on Give other users access to this computer a BoE ccwnte ernie 9 rer one Bp sce Fig. 29.Changing a User Account Password in Windows Step 1! "Glick on User1, then click on Reset Password at the bottom of the window Module 02 Page 24 certiied Secure Computer User Copyright © oy Semel ‘AI gn Reserves Reprecucion Soi Promiates‘corte Secure Computer User eam 2-42 Securing Operating Stern: User cunts Uses pdvanced Use thelstbelow to grantor deny nour scons to yoursemouter ard tu change passed and othe ating. er fo this computer } Use Heme Donen ro acme ae sarinceter Us Rue ome er Nc 82 = ‘Mid. | Remove [Peper Pear fort Ih eo terete rar | ae | Fig 2.10 chonging @ user Account Password in Windows Step i! = Typein the new password, then retype it for confirmation = Click OK to activate the new password er pane sewaneoe Commpmmnant—_[etanan Fig. 2:11 Changing a User Account Password in Windows Step 1V Disable the Guest Account in Windows 10 Windows allows users to have a guest account with minimal privileges for temporary access to the device. A guest user is not allowed to access any data on the device, install software or hardware, or change any settings. However, it can be exploited by a malicious user to gain entry in to the system. The disadvantage of leaving the guest account accessible outweighs its advantage. Itis similar to lacking one’s house and leaving the window open. The following steps explain the process to disable the guest account in Windows 10: = Click on the Start menu search box and enter “edit group policy” Moe 02 Page22 (ceitindSecire Computes Uner Copyright ©'>y ED-Gemnell Align Rezerves Raprecuction fs Strety Ponteses /mias aes Comper Pa AE Compute Cor > 1 Sane Sen Wide at > Hi Mamet |B Local np Poy Eder Fle Aeties ew Help Seip Sded wn temovien eden, Name Hcomprie Coiqurion Blearcomguan ‘Fig. 2.12 Disabling the Guest Account in Windows Step 1 "Click on Windows Settings .F laealtowpPaiy fir Fie Scion View Help #9/aim|3|B loc Compt Palin vy & Computer Contig > Eh Schwere Seti vB Windows Set Nae as B sopescst > oe apie > i SxcuityS: » i Aecou. (f Loal Group Policy fbtor Fie Aon Ww Hap o/om Xa [gf toa Carper Pa © Compute Config > Sanne Wun Set 9 GE Nome Res Sein > Dele fh Seay: > Hew Vangie pide ST ane Sengs api o cue byantetweampuc, — )diinraie Tamales Thirnade her tue samedes Security Setingeand serps. ‘Fig. 2.13 Disabling the Guest Account in Windows Step i! "Click on Security Settings Sect Stine Hee Sane FealtenFliey Elsen: sartupistuttonn) meeps Pees APotcy-ases 0s ‘Fig. 2.14 Disabling the Guest Account in Windows Step It‘cert ing secure Computer User securing Operating sytem: "= Click on Local Policies toca ep Pay srr Fie Acon ew Help >| 20X58 (HT aca conwpae Pat™ | Name Descgtion iB Compute Contig) | s-count Botdce Baccacrd and xcourtlocautplcec = indows Frew with Advances Secuty Windows Frew with chanced Secuity Brest titties kes Naewoik nara con and ostiongrup plies. abc Ky Policies GisotmareResneion Pics TDicpicnion Conte Pt Jephson Cont elie Secu ole ontocalCompute ene Patea Sey Pec mre. Giscvances butt Police Configuration Achanend Aut Policy Corfiquetion Fig. 215 Disabling the Guest Account in Windows Step 1V ™ Click on Security Options Flees GeeapPokey Edeor File Action Wew Hep oo | fia|X5/B st ‘lees Comper Foes | tame Desipin va oe oat Put Pciy Aud lig Schone Tse Fighes Assignment User Rights Assigrenent 1 Windowe set (i Maree 3 Soper Fig. 2.16 Disabling the Guest Account in Windows Step V (Cert Secare Computes Uner Copyright ©'>y ED-Gemmell“ceria Secure Computer User comm 242 ‘Securing Operting Sytem: "Right-click on Accounts: Guest account and then click an Properties B ncal Group lig Eater Fle Acton Vow Help eo|\eo\Xoe/e | Losal Computer Folin patey “ ‘scum Sting jo © S Composter Cora | [accounts Admincriter acunt seks ised ee pave asi meszce ot gob srterajecs soci: bast theuse of Backup onc Restore privilege Uisabled epee Fac aut py cesogery cnc finden. Metin [pss Snurdonnsyre edi Funaletolegceeu. Diabet L}0 cor Mactine Access Resirictiorain Seeurty Dexcrpéor Net Defined [hocore Machine Lunch Rsstins x Sacuity Dancin ot Defnad [EGhoetee tw srescewenee meng stages snaies Lid esice: Siow to formatand jet removable media NetDeFned bo evices: Prevent user from installing prt crvers Visabled Bhosioce teticrco-ncea acon to Weal ioggedon usar. NotDatad oeices terete cesta eat egpec-on wer only MatDeined Ld crmsincortveler:Atow sereraperaton to schedule mks Net Oetned [Eleenuincentirtoa? urceagnrgnquremme: ——NetDwred Kocsis comavenrensensctine stent peace, MatDetnes Elbonsin rhe sit sac smashed ob - (en: he popeiedg boar te cere ‘Fig. 2.17 Disabling the Guest Account in Windows Step Vi = Choose the Disabled option. Guest account is now disabled eee Se ‘Fig 2.18 disabling the Guest Account in Windows Step vil Meche 02 Fage 23 Certiied Secure Compute User Copyright © Oy ‘Al gn Reerves Resreaumtion © Sein Prone,‘cert ing secure Computer User eam 2-42 ‘Securing Opereting Sytem: ‘Lock Out Unwanted Guests in Windows 10 Despite keeping the computer password protected and the guest account disabled, it is still possible for people to access your data. This is done by attempting to crack the computer password usually through trial and error. To prevent the passwords of user accounts on a system from getting cracked, the number of login attempts ought to be limited by using the Lock Out method. This will prevent attacks by Iblocking the user account when incorrect login attempts exceed the limit. Steps to lock out unwanted guests include: ™ Click on the Start menu search box and enter “edit group policy” "Click on Computer Configuration 1 boca eno Eer - ao x Fie Acton ew Help ¢9(/FOo/8m Lal Computer Poi + [tee campunrray ~ compute Cort Cacree cen | Sect trmtoview kc decigton. Nae vB Windouc Bat BicomputesContguntion Ea Namo Xvsercentaineon i Seite op Disord ig, 2.19 Locking Out unwanted Guests in windows Step t ™ Click on Windows Settings 5 loco Fl Stor Fie Aion View Hee eo am s| Em local Compas Baken Windom Settings Mame Dich Sting Pecan: "Nodes etings oe agai at iseswhaleg ato he compute, Clarinet Temples Thicredeha wo mnade Securky Sings andere Fig. 2.20.Locking Gut unwanted Guests in Windows Step ii Mode 02 Page 261 Local Group Poi Eitan Fis Aion Vow _Hhlp oan S| Boo “el Commpute Pais (Me Cornute Contig coma Co) soci Set sue vO Window Sot Name esalution Foicy 1] Have Elbe sertcsrrcuny See Besloed Pinte > i Deneed © ia ui Wnt becad Os > reco vue a uw asec Fig. 2.24 Locking Out Unwonted Guests in Windows Step JI) = Glick on Account Policies 1 lesan Payer Fie Acton view Hp +2 oR) Xalbm [a Leeal Computer Pols |] arme Desipton Computer Cori 2 Md Sonn Seti — ig, ser eghs ae acu opto Gl Window Set | Fa icins Pewalluith Advanced Secsity Windows Feel with hanced Security Bearer Manage Pais ace icn and ation ge pes, icky Pes crane FeicponBoicie [aosesnon corootPriee: coleman corel Paice: HBF Secuity Potcies en LacalCornputer Inte ProhocalSecuity (Pec) Administ. [EDstence edible Cniguston | Advned uth Pali Cignton Fig. 2.22 Locking Out Unwanted Guests in Windows Step "Click on Account Lockout Policy | Lec Gioup Pee tat Fie feion view Hep -9\ om) Xo /Bm [at Lect Copa Foi | nome ~ Descien © BB Compute Conia Poser Sf fat moe Wes Se (BE Name tas Bsns Fig, 2.23 Locking Out Unwanted Guests in Windows Step V Mode 02 Page 27 (Certed Score Computer Uae Coppi © > EE-Demnel AISighes Reserves Raprcucton SE“ceria Secure Computer User comm 242 securing Operating sytem: "Click on Account lockout threshold @ becakGroup Potey eaeer - 8 x File ation View Hebe +30 ml XG a) am (Laced Compstar Po ‘yO Computer Cerin) 0 Sone Set ¥ Gh Winsone ser i Name es Seaip 3 ‘Fig. 2.24 Locking Out Unwanted Guests in Windows Step VI = Inthe Account lockout threshold properties window, enter the number of invalid logon attempts (e.¢., 2) = Click Apply to activate it and then click OK to close the window Account cout eedol Propet r loc Seat Stra El LB eremstnnne oct ot het te EH mo tpmaees (a eee] [ew Fig. 2.25 Locking Out Umwanted Guests in Windows Step Vi Rename the Administrator Account in Windows 10 Predictable administrator account names such as Administrator, Admin, etc. must be avoided. Uncommon and random usernames make it harder for someone to access the system, even if they have the correct password. This makes it difficult for attackers to compromise the security of the system using other accounts. ‘Steps to rename the administrator account: "Click on the Start menu search box and enter “edit group policy” Mote 02 Page 28 Ceriied Secure Computes User Copyright© | ‘Al Rgnts Reserves Resrocumien 1 Stycertseasecure computer searing Operating systems "Glick on Computer Configuration 4) bral ep Poy ar Fie chon iw Hale 9/5/55 |/om Conn Ca & Commie Cota) soe meen evens dscigan Nae EicomputesCoriquetion Wind Set Name: Ber Configurer 1 Soi Fig. 2.26 Renaming the Administrator Account in Windows Step! "Click on Windows Settings local rep Potey tor File Adon View Help | am) a| Oo Windows Setings |iefouareSeciess Description: Windows ering ppt | prasrecar rum ae he ogontetheccrpaks, Edin Terps This roe haat rubnodes Securty Stings and Scrgts. ‘Fig, 2.27 Renaming the Administrator Account in Windows Step ii ™ Click on Security Settings B Local Group Policy itor Nave (Bi Nene Besetition Policy Xbb startup Shutoob aa Poi Ben File_Acion iow Help ++ | 2% i3| 8 eet compas Pat | Hare escistion Bsccourt Date: Baccacrd nd xcourtlocautplicec Mace Lit Manages Flies Natvekename comand lesbians polit Grucicrey rons Bisotsneestiion Posies TDicpienion Conte Pt Jephson Cont elie F Secu Policies enexstCampute tenet roteclScuy Mil Adria. Gissrances susie lice Configuration Acanced Audi Policy Certiquetion ‘Fig. 2.28 Renaming the Administrator Account in Windows Step IV ™ Click on Security Options boca apoE fi Aen wow Hep e9| aml X5/Bm patent] Decition ~ HE Compute Covi peel ud Pay ae Huse rigs Asignment User Rigs elena i mets oer ) Ip Dsplayen wb Sears ‘Fig. 2.30 Renaming the Administrator Account in Windows Step ¥ Mec 02 Foge 30 (ceria Secure Computes Une Align Reserves Raprecucton sStrety PoMaees.corte secure Computer User ram sa242 ‘securing Operting system: "Glick on Accounts: Rename administrator account 1B Loc cup Foie ator File sehen We Hele *+/ oxo if ta Compa: | Dakey Sow at ~ Computer ON coun: arcu te Dad (h samecre Sat cour: Block Mica accounts Neti Windows 5008 | (coun: Gut secant tatu ibd a ereal [Blbccoure Lin ocalarcoure wan cf blank pasworin tn co. Enabled ean * Boemsd area) | Elie sade an vrs offs 2 a ce loantear ato em Facer ny er ei cane (Dause Srut dew system immediate unatieo ing secur. Dewled CED COM Machine Access Restrictionsin Security DesmptorD NotOefived C10 COM Machine Launch Feswictions in Security Descriptor». Not O efit tetices: iow unde thou hering to tog om Enables Lesices stowed ts torre ansiect movable mes ‘Not Defined Dhoetces recent ner fram nat prreerdmeers Disaes Bdeices Restrict CD-ACiMncrestts oes Iegged-on user... NotDetines Choesice: rere teomyaccessteloenty apet-on ner orty NotOefined oomsin center Atow server perteestoschecle tasks. ot Defend da Potcr tes | pamaincontuter LDAP serve saving requreriets NotOeived 1 [net | Clomancubatereranencarioer dine NaDdeed je > | Dnomain rmanben Ciakalvencnyst arian secure channel dy Enabled te amas gee asm Guont Fig. 2.31 Renaming the Administrator Account in Windows Step VI "Type in the new administrator name-and click OK Meds 02 Foge 34‘cert ing secure Computer User eam 2-42 ‘Securing Operating Systems = The administration account is renamed Alternatively, users can give admin privileges toa user account, with a name other than Admin ‘or Administrator, and disable the built-in administrator account of Windows for enhanced security. ‘Steps to disable the built-in administrator account in Windows 10: ™ Press the Windows + R key to launch the Run dialog box. Type in lusrmgr.mse and click OK Shun x Ep_Tpethenare of a regan, okay document, orntaet resource, and Windows ill open t for you. Open | ETS cay ie ig. 2.53 Renaming the Adminisratar Account in Windows Step Vi ™ Click the Users folder in the left pane of the window followed by double-clicking on the Administrator option in the right pane * Fe tus +) aim x05 10H EF aiiwecmmiet wn tans mar a hee Bice es - Sonar tsi rout he. Mae tne > Bauer Adee - fe Moco » ‘Fig. 2.34 Renaming the Administrator Account in Windows Step IX Mite 02 Page 22‘cert ing secure Computer User eam 2-42 securing Operating sytem: Inthe dialog box, check the “Account is disabled” check box and click OK si Papa 2K & Nene | eae raed chnceramerd Pano oct Eicon sce (a es ee Fig. 2.35 Renaming the Administrator Account in Windows Step X Built-in administrator account is now disabled Disable Jump Lists in Windows 10 Jump Lists are lists of recently accessed items, such as files, folders, or websites, organized by ‘the program which was used to open them. Disabling this feature protects the user's privacy and also helps clean up the task bar. Steps to disable Jump Lists: "Click on the Start menu and open Settings = Click on Personalization sams RITE wa Dremmaiten Mote 02 Page 23‘cert ing secure Computer User eam 2-42 ‘Securing Operating Systems "Under the Start section, tum off Show recently opened items in Jump Lists en Start or in ‘the taskbar & Som - ox (9) persouauraron wa Bacground Start owes @- Sow mcnth ate es o- vests Oo Som eer opened tere np Like. Sat or the reo Qo ona uhichieider appear on Str cokes locks There Fig, 237 Disabling sump tists in Windows Step 1 Enable Software Updates in Windows 10 Software updates are a must for every computer. They help in resolving the issues present in ‘the previous version of the software, and also to plug the security holes present in the system. Software such as antivirus requires regularty scheduled updates because no two viruses are the same and the software must be prepared to fight them. Enable Windows Updates in Windows 10 ‘Windows Updates prevent problems to a Windows operating system. Windows Updates refers 10 the periodic patching of system files to fix any issues in the previous version of the Windows 0S. They keep the system abreast with all the latest updates, thus providing security for it. The updates can also be scheduled to be done automatically. ‘Steps to enable automatic OS update in Windows 10 include: "Click on the Start menu and open Settings = Scroll down and click on Update & Security Mdte 02 Page 34 Align Reserves Raprecucton sStrety PoMaees.‘cenites secure Computer User eam 122, ‘Securing Operating tems segs o x ©) sernnas ind asetng A m & G ecounts Te B language ace ot cess Pewacy Your account yn Speech, region, dats svat. mage cation, camera settings, work at high coniast Update & seounty Woe Up Fig. 2.38 Enabling windows Updates in windows Step "Inthe Windows Update section, click on Advanced Options @ uewnazeuny Fig. 2.39 Enabling Windows Updates in Windows Step it oease 02 age 33 ‘cettiea sere Cornputer User Copyrignt © > &f-Gaunell ‘A Fgnts Rezerves Raprecucion Sick Ponies.Cet ora 9 Fs Coote + Adjust your computer settings @ ‘System and Security: User Accounts Sram andseasiy ae ‘Sore bocup capes your les wth le History Pomerconttae pa nie | Appearance and Personalization Ferediaoe Nig. Seton te Network and Inernet Seema cocker Soc gee Sccwoae gy Serene rover eo SEE hase ak emcees Tiana — Om RE snare ‘Seppo ig. 2.41 Enabling Windows Firewall in Windows Step | "Click on Windows Firewall Cpt Say 9 ABS com rinel + Semen etsy + [| | Sven cot ot Cind Pn ne pr See andere ptm an Scary Flew rurcnpiterscahueweresceelzae | J Onipe ee Acoar onrdsetinge Toankstoeecommen carter grobins eon tret ore Windows Firewall [Boescend rd heck frets | Alm on eppttrough Windom Fm rogram system Wow decoars 0 SB rrrreutaremeapsce west | Waters | unnennaesseane Appears rennet iis eomputes Seronsieaion Se enameat ecane Clock, Language and agion Power Options assur eee equ apeovorswenne computes mas | Chmge wat he pro humor ao ‘hang aenthe compte ep I feito Suelchup copies ou tes ih le Hsing | Festveyous Tesh Ble sary Backup and Restore (Windows7) SP aesap nt tame (Winders) | Pewee bara By BitLocker Drive Encryption Manage Bioser ey Seer sees Managers pncee Were Folders Manat Fetin ‘Aderinisrative Tole Frenupderpce | ifapant and pic yor divas | View vt on . ‘Fig. 2.42 Enabling Windows Firewall in Windows Step I“ceria Secure Computer User comm 242 ‘Securing Operting Sytem: "In the left pane of the Windaws Firewall window, click on Turn Windows Firewall on or off edoos Freel AY cartctPand > Span ant ety » Widens ak cm peo Help poe your PC wh Winds Flew dw ag Treg vontea Feat @emnarean: — PG Doran nevons Wan Wtes Preval on oF E Bo rise seos — Neers ahem waitahu cules tn 8 Aiaestcetigs ‘Wear mycece sous ie me Peers Nuneaton uy meses win Fees eH BEG eter uaierencns recom Fig. 2.43 Enabling Windows Firewall in Windows Step tl = Inthe Customize Settings window, select the radio button “Tum on Windows Firewall” for each type of network and then click OK 1 Caso ‘ TMP» Cotta» Seten icy» Wrkesfomal » Gute etna customize stngs far each ype af eter Vom meres rac ped ee tt Corie tine © Ftenvinter trot [Dieaecagsarncns cag tam thal of ered Ne ees Win ena G_Oten or rtanenet a esr Poateratecatrge Blom eiion tien [Dteekaticrg carne indy om ett ened pte ees Haden ener ] Ctonetinoefiend ream isin aie © stanavinen [Dieatieenig carne sag to nati ene ED ees Wao en Pe Olen einenfnt pa eens Fig. 2.44 Enabling Windows Firewall in Windows Step 1V_ Certiied Secure Compute User Copyright © Oy ‘Al gn Reerves Resreaumtion © Sein Prone,‘crete secure Computer User eam sz ‘securing Opening systems, Adding New Appin Windows Firewall Devices running on a Windows OS, support a variety of applications which can be exploited by ‘attackers. In order to safeguard the device from malicious programs, users need to ensure that ‘every program passes through a firewall sanity check. Steps to add new programs to the ‘windows firewall are as follows: = Right-click Start > Control Panel > System and Security = Click “Allow an app through Windows Firewall” SS tea - 5 x > Coa » em Sey ©10) | BuhtortalFow! ——B ott ene pr Scone «Speman Sey Fevers nga ater: | Com ero Co ors Hoe ‘Windows Firewall teoed Saa Chedieadise ewan tg nda Fema ttt Sytem Bm ea on pcre | M9 AMonentesces | dene ance sere seepcnaneat coo Fig. 2.45 Adding New Apps in Windows Step | ™ Glick Change settings pour Seety + aen mal + Ae ps Alle apps ta communicate through Windows Frewall rece done apa pte Cnn Hosuesngaman; E a Mervhdbeghnai Adit eapassvam ascent. SS SRHSRRARR AL soooossqoood ces THR a] ‘Anant Fig. 2.46 adding Mew Apps in Windows Step It Module 02 Page 25“ceria Secure Computer User comm 242 securing Operating sytem: = Add the new app in Windows Firewall and dick Add. Then dick OK to exit the Allowed ‘Apps window: ‘eld an en x Sec the apo yu nant ad or ih ron pid oe tt inne, and hen cox. a BigSitlocker Dive Encrppbon Whew hit [Etiam | \whacane the es af rachna an son? You canchoooe vhchretvar es oad race tk oes Mat coal Fig. 2.47 Adding New Apps in Windows Step Il Turn On Windows Defender ‘Windows Defender is a spyware detection and combat software built into the Windows ‘operating system. It scans the host computer for changes made by spyware, malware, and any other unwanted software. These scans help the users to identify and remove any malicious software that find their way into the computer. These malicious programs enter a computer through emails in the form of videos, images or downloaded screensavers, or by dicking on advertisements of unknown entities. They also find their way into a computer thraugh pirated software. Windows Defender runs in the background and alerts the user to take specific corrective actions against any detected malware. It also blocks any malware which tries to install itself or run on the computer. Windows Defender is programmed to automatically quarantine any malicious software detected during the scan and notify users when apps try to change important system settings. Steps to turn on the Windows Defender: "Click on the Start menu search box and enter “Windows Defender” "Now, a Windows Defender window appears showing that the “Real-time protection” is onand “Virus and spyware definitions” are up to date Mote 02 Page 0 Ceriied Secure Computes User Copyright© | ‘Al gn Reerves Resreaumtion © Sein Prone,Seventies: Soua Cru stem ean protections on Vucandapjeare dutnnors Up waite Sano ran deca at cam W420 ob 1 AN ck ord Fig. 2.48 Tum On Windows Defender in Windows Enable BitLocker in Windows 10 ‘Computers store information in the form of files on disks, BitLocker is an encryption software ‘that allows users to encrypt full disks in order to protect the data. Using BitLocker, users can encrypt hard drives and any removable media on the computer. Users can decrypt and re- ‘encrypt data on storage devices using any computer running on Windows OS. BitLocker helps in protecting the hard drive against offline attacks. In this form of an attack, hackers separate the hard drive from its host machine and connect it to another machine to steal data. BitLocker also protects the data if the hacker tries to log in using a different ‘operating system. It encrypts the hard drive in @ way that if someone gains physical access to ‘the drive, itis virtually unreadable. ‘Steps to encrypt a disk using Bitlocker: "Click on the Start menu search box and enter “manage BitLocker” "Select the drive which is to be encrypted and then “Tum on Bitlocker" for the ‘corresponding drive Meco 02 Fage (ceftind Secure Computes User Copyright © oy EE-Seunell “All Rgrts Reserves Reprecuion Seicty POMDReSBellet 17 hes ceretPut + Acoso Lr respon Soetoro hacker rive Eyton ‘tps peri ete any og see perenne Caltacker of oo Ferd cataioes (ech of — oct armenia data dies titer Bo Fig. 2.49 Enabling itLocker in Windows Step! ™ Select the password option and enter in the password 8p BelocerDie Encryption) Choose how you went to unlock this drive A Useo pesmond te unbctthedine ses should contin upptcze ad lower tr numbers ces and pmb tive pumsied [serveeeeeres inne curred A SSSSC*«d [luermpsmartet wo uricktne aie ovlinesio mst your rma card, Thesrm andi lle vie whan you nb de (D) [ Fig. 2.50 Enabling sittocker in windlows Step iI Mec 02 Foge 12 (Certied Secare Computes User Copyright © Align Reserves Raprecucton sStrety PoMaees.‘cetieg secure Computer User “Secaring Operating System: Mote 02 Page 43 ‘Select any one of the backup options and click Next Ae srair tetrenonen 0 Hour de yu want te bask up your rezovary hay? ya yer ner uur a ou a yu a ae at ee Save to 9 USB lash drive Swe wa fle > Print the recovery hey =e fos ‘Fig. 2.54 Enabling Bittocker in Windows Step iT Choose ‘Encrypt used disk space only’ from the available options © Be Blick Dre Erin ‘Choose how much of your drive ta encrypt sen gup ac in cet Pj ny ue neha ns ce argue Loc prewar a [eat Fig. 2.52 Enabling Bittocker in windows Step iv Certhed Seowe Computer User Copyright © by EE-Gomnell ‘A ges Reserves Rezrosusion i See(ceria Secure Computer user eam 242 securing Operting ystems "Click on Start encrypting © By Boke Die fneypion I Ave you ready to-encrypt this drive? You sletounlackthi die wingepsoword Ercryplunmigh abe seme depending un ie soe ne me red enepton comple yours onthe prec Fig. 2.53 Enabling Bitvacker in Windows Step v ‘Windows Encrypting File System (EFS) Encryption is the process of converting data or information into coded form using keywords so ‘only authorized personnel can access it. The primary aim of encryption is to safeguard data stored on computers or transmitted via a network. Encryption is explained using the following example— Alice wishes to send a private message to Bob. She encrypts the readable message, which is called plaintext, with an encryption key and sends the encrypted message, called the ciphertext to Bob. Bob decrypts the ciphertext with the decryption key, known only to him, and reads it. Meanwhile, an attacker named Charlie, tries to intercept this message by attempting to crack Bob’s private decryption key. Encryption is just one layer of the security process, and it must not provide the users with false sense of security. Encryption cannot secure the system drives if they are affected with malware. It is also ineffective if the system is left unlocked in public, or if a weak password (decryption key) is used. Windows has a feature called Encrypting File System (EFS) which allows users to encrypt files and folders in an NTFS formatted disk drive. EFS does not allow encryption on compressed, Zipped, or system files. Steps to encrypt files and folders in Windows 10 include: "Right-click the folder or file to be encrypted and lick Properties from the context menu Mote 02 Paget Certied Secure Computes User Copyright ©'>y ED-Gemnell All Rgnts Reserves Raprecuction sSéret PoMDReS‘cert ing secure Computer User securing Operating sytem: Inthe Properties window, on the General tab, click the Advanced button Cat Fn ‘Gow Sharm Secs Venere ara Lo me = ae lesen: Clete Se BRMRCIEEEe ‘Sends MMB PIESTIETEEpes) fortran teen umet) Ye Gar 28 3882 7 =] Fig. 2.54 Encrypting Files and Folders in Windows Step | ™ The Advanced Attributes dialog box appears. Under “Compress or Encrypt attributes”, check “Encrypt contents to secure data” option and then click the OK button Padeanced tne x TT) ee te sings you wat rade, © khan ude cor ei on the operas deg rel be sec estar urges aoe al tds wed San seve clive ard Index at ous Cra cent eat ade Hes te fer ahve eens med ane cere Conerescer rere abuts (leone cones sve sce Blenanypt contints to secre dat a ‘Fig. 2.55 Encrypting Files and Folders in windows Step it ™ Now, click the Apply button in the Properties window Movie 02 Fags 43 (Cried Secare Compute User Copyright © 5y EE-Semnel Aires Resrved RasrecUiee SEN‘crete secure compute User rem 22 Securing Operating systems. * A Confirm Attribute Changes window appears, choose either “Apply changes to this folder only" or “Apply changes to this folder, subfolders and files” and then click the OK button Cis Changes * ‘xh den nraete Mery strhu ngs eaten tage hry do ee slededtideesn for ero Blot hye er oy (Otero tr, eben Cao ee Fig. 2:56 Encrypting Files and Foiders in windows Step 1 = Finally, click the OK button in the Properties window ‘How to Decrypt a File Using EFS in Windows? ‘Decryption is the process of decoding an encrypted file. ‘One of the primary reasons for using an encryption-decryption system is privacy. As information travels over the Internet, it becomes subject to perusal and access from unsanctioned individuals or organizations. Thus, data is encrypted to avoid data theft or loss. tems that are commonly encrypted- decrypted include user data, emails, text files and images. Decryption is carried out when the correct password is entered and the encrypted file is ‘accessed. Steps to decrypt a file in Windows 10 include: "Right-click the folder or file to be decrypted and click Properties from the context menu. "= Inthe Properties window, on the General tab, click the Advanced button Modite 02 Page“ceria Secure Computer User securing Operating sytem: "The Advanced Attributes dialog box appears. Under “Compress or Encrypt attributes”, uncheck “Encrypt contents ta secure data” option and then click on the OK button = Now, click Apply button in the Properties window Advanced Atiases x (hese mtg yu nt fr fn i hen pach ey cath Perper lg pdbe ‘ei Frou fe anges nah ac aes eal ae et ces antes Cora est oraconen (ses ma se se esis orem et ecat rie Cicongress contents seve ds oc CSerptartanetomcre le i (a) cont Fig. 2.58 Decrypting Files and Folders in windows step 11 "A Confirm Attribute Changes window appears, choose either “Apply changes to this folder only” or “Apply changes to this folder, subfolders and files” as per your requirement and then click OK button enlarge Torhrecmce torte te felony arbi dors eat Rayovac ape esearch flo you set pt al none ances we (8 sey ergentn tener ny ‘Ctl eros tes er, nn err fe (a) oe ‘Fig. 2.59 Decrypting Files and Folders in Windows Step lit "Finally, click OK button in the Properties window Disabling Unnecessary Services in Windows 10 Users must keep track of logs and services running on the system as these help in detecting unauthorized events. Some services start automatically, when users visit certain websites or dick on some links. Such services allow the attackers ta bypass the system security. Mote 02 Page £7 Ceriied Secure Computes User Copyright© | ‘Al Rgnts Reserves Resrocumien 1 Sty‘carting secure Computer User eam 242 ‘Securing Operating Systems Disabling unnecessary programs in the computer helps in enhancing performance and security. Removal of the unnecessary programs does not affect the computer in any way. ‘Steps required for disabling unnecessary services are as follows: * To view running services, right-click Start -> Control Panel > Administrative Tools (View by: Large Icons) > double-click Services Ast your ecmpute'setinge fe aarioranw tens (Ary Mp Separation = itete Ore trortien SL Cole Memarmen A) Gackt Meee owe ame HG crernoors nde nteane aij ovvies meres By achey @ wrote cone Fig. 2.60 Disabling Unnecessary Services in windows Step I & lA | Ameren =o x er Bee ° 4» artnet» Com Petes» Aare Tk ve “2 yume, Baie aed the Poonete ¢| Competes Woniey 2) Campus Manet SD temrema || HOMO De Boecchnup swe «3 flower Sicscvrrnem BEEN B cocuwia oes] ec ty aay sa eeteikioy | Blonecem sees ozo Bem Bon a Seven BD Pakarmics ect Soret {Prom Managem ee Bic Breve nas a iter Boones I Danner Howie I raise : Mase $B ene Fronatves Asunced Secures cure Bm aay Dounce Bi Fig. 261 Disabling Unnecessary Services in Windows Step It ™ Once the Services window is loaded, the user can tum off any unnecessary services * Right-dick on the unnecessary service and then click Stop: Medsie 02 Foge 42‘carting secure Computer User fam 2242 ‘Securing Operating System: Ok sees - a x Fle Acton Yen Hep #9/M OG) Em) > ane S sevtes toca ame: Desoto ‘Dieser isco Mangan Stearn Meret Pased Pease Gimrcracerucpencintsnes Mange Dassen ‘Gitte Sour Shute. Mase Trades Macteerce Service * foun, cvawesthat yr hve the et ard ow acum veninct Meilsfadin CAMMTOssR We SMSRa Rows me. ‘jou compare Regan Feet Rep Pot Shae Seen Seid a Neto Maras Ensen ComatedDike. New Co Ghar Comesoe Bete eter cn ikdnwdComedions Manger Eireernmcomey i, Pm iNenaklinseviee erent. Sane Caen Tener. ‘otis See gee Sein Gjoweasain Paci Oe Salt Somers The Cie Opis dom apne teres (Stina Fig. 2.52 Disabling Unnecessary Services in Windows Step I Killing Unwanted Processes in Windows 10 ‘A computer process is an active part of a computer program which contains program code. A [process can have multiple threads that execute instructions to complete the program. Active [processes require computer resources and can slaw down the computer. Some processes start ‘with system start up. Unnecessary and suspicious processes need to be killed or terminated to increase system performance and protect it against malwares. Steps to kill unwanted processes: = Press [Alt]+ [Ctrl] + [Del] keys simultaneously -> click Task Manager * In the Task Manager window, click More details at the bottom to expand - click Processes tab + Select a process and click End task (Module 02 Fege 48 cried Computes a Coit © E-bomell {Al Rights Reserved ReproductionPetemancs ary Saag Uns ah Sie ee ope 18) > Have Vows > (Bl Meret one > Meron er 2 > sonra cen 1 ge cy % % * % > Winds Aackground process senna coe phcsce Fata @ ve rer ce > las See WAGE ned Scone BRRGR a 2 AA ei Dain Sere Fenn dette Fig, 2.63 xing Unwanted Processes in Windows Step) "Alternatively, you can right-click on a selected process and click End task Hiding Files and Foldersin Windows 10 ‘Windows 10 offers users an option to hide shared files or folders from other users in a shared ‘computer. A hidden file or a folder is anormal file or folder with the ‘hidden’ option activated. Steps to hide a disk or folder in Windows 10 are as follows: ™ Open File Explorer and locate the file or folder which is to be hidden "Right-click on the chosen file or folder and select Properties omy = rane Demi Dine etme von beeen Fig. 2.64 Hiding Files and Folders in Windows Step It Mec 02 Foge 30 (Cert Secare Computes Uner Copyright ©'>y ED-Gemmell Align Reserves Raprecucton sStrety PoMaees.Certied Secure Computer User eam 242 ‘Searing Operting System Enable the Hidden checkbox in General pane of Properties window 1 dodrid scent Proves eal Sheng, Seasty Precutiirens Catena Te Fala ewer 0 Se MB TASES Sandie ZEME DETEEAEI hs rte: Bon Fb ced Tomy Spnbr 12515 528 PM rte (ear Dace fe bt tie pares (4) Ces] [ee Fig. 2.65 Hiding Files and Folders in Windows Step [lf Click Apply ‘A Confirm Attribute Changes window appears, choose either “Apply changes to this folder only" or “Apply changes to this folder, subfolders and files” as per your requirement and then click OK button Confer tbe Changes x outane ocmn m nao re deomeatrou Tae at Doyo nar smi echarge neon orc you wont opera stars anda wel (Ce rges oi fot om (Bic arose se eg, annus wa Pee Se ig. 2.66 Hing Files and Folders in Windows Step I Disable Simple File Sharing in Windows 10 Simple File Sharing is a feature in Windows which makes it easy to share folders and files with other computers within a network. This is not a safe option as there are no permissions and na passwords to prevent access to a shared folder. Malware propagates when users share files via Mote 02 Paget Certied Secure Computer Uses Copyright ©'>y ED-Gemnl ‘Al Figns Rasrves Raprecuctn eSbict Pronaaes.corte secure Computer User ram sa242 ‘securing Operting system: a network. Most malware are self-replicating and corrupt new folders. To stop malware from spreading through shared folders, disable the file sharing option in the operating system. ‘Steps to disable file sharing: ® Right-click Start > Control Panel -> type File Explorer in the search box -> click File Explorer from the shortlisted items [hk opted =o x [etal Options tc ‘Fig, 2.57 Disabling Simple File Sharing in windows Step 1 ™ In the File Explorer, click View tab > scroll to the bottom of Advanced settings pane > uncheck the checkbox for Use Sharing Wizard (Recommended) -> click Apply and then OK acgtarapeee| x Gj Sevan enizaanteaar necro Pl ersareesnvamn naeves te Boe urns ec a un awe na Perec ST wanteegianta eee (maa eta ae Sasa rite ey | aia Fig. 2.68 Disabling Simple File Sharing in windows Step i! Raise the UACSlider Bar ‘User Account Control (UAC) is a Windows security feature which prevents unauthorized users from accessing a computer. It alerts the administrator of the computer when any application or ser tries to make changes to the system. UAC works by continuously fixing the adjustment level of the user account. If the tasks being done by the user are standard tasks such as reading ‘email and listening to music, the user has permissions of a standard user, even if the person is ‘the admin. UAC notifies the admin when changes that require administrator-level permission are initiated. The administrator can continue with the changes by clicking the Yes buttan on the Modite 02 Page 32 certiied Secure Computer User Copyright © oy Semel ‘AI gn Reserves Reprecucion Soi Promiates‘corti secure Computer user securing Operating systems: prompt window whereas other users need to ask the admin to enter his/her password ta ‘continue. With the admin password, a user is temporarily given the rights of an administrator 1ill the completion of the task. ‘Steps to increase the level of User Account Control Settings by raising the UAC bar. = _ Right-click Start and go to Control Panel = Click on System and Security = Under Security and Maintenance, click on Change User Account Control Settings . ee We ee leas Fig. 2.69 Raising the LAC Sider Borin Windows Step 1 = Raise/Adjust the UAC slider bar to Always notify @ ewe ee ee ox Cheam et nia abu cages youre pa ey ese ‘Fig. 2.70 Raising the UAC Slider Bor in Windows Step 1! Mosse 02 Pages “All Righte Reserve Reprocucton Strictly robe.‘corte secure Computer User pam una ‘securing operetingsysters ‘Windows 10 Security Checklist ™ Use Windows Defender to help prevent spyware and other potentially unwanted software from getting installed on the computer automatically. = Set User Account Control so that it prompts the user before installing software or ‘opening certain kinds of programs that might be harmful. Back up files and settings regularly to recover from a virus attack or hardware failure. * Back up your files and settings regularly so that if you get a virus or have any kind of hardware failure, you can recover your files. "Set Windows Update to download and install the latest updates automatically. * Enable Windows Firewall to prevent hackers and malicious software fram gaining access ‘to your computer through the Internet. = Use the Action Center to ensure that the firewall is ON, antivirus software is upto date, and the computer is set to install updates automatically. ‘Guidelines for MAC OS X Security = Lock the System, When Not in Use. = Disable Automatic Login. "Enable Automatic Software Updates. "Disable the Guest Account. "Enable FileVautt. = Enable the Firewall. "Regularly change the User Account Password. "Enable and Set Parental Controls, = Allow App Downloads from the Mac App Store. ‘Lock the System, When Not in Use Operating systems come with a feature called “system lock”, which enables users to set a Password for the computer or device, either manually or automatically. The lock prompts users to enter the password when they try to access the system thus preventing unauthorized access and pratecting the data. Locking the computer is akin to locking one’s house to prevent it from getting robbed. Mac OS X also comes with a built-in lock feature that enables user to password protect the system. Before enabling system lock out, Require Password feature needs to be configured from Security & Privacy settings as given below: Moise 02 Page 3 Certifed Score Computer User Copyright © by KE-beumell ‘Al Rimes Reserves Reprecuion © Si Promotes.\ceisen secure Computer User eam is242 securing Operntng 2ystems, ™ Click on the Apple icon at the top left comer -> Go to System Preferences > Security & Privacy > General. Check the box next to Require password and choose the time delay as “immediately” from the drop-down menu cole Sa Privacy WES rien Freee Priacy Alogin anon han been ro sawerd jer _Shange Posowerd — or servun ave ra ‘low aon dowriesea ram: (BD chee ot tomate share, Fig. 271 Locking the System When Not in use in MAC ‘Similar to Windows, Mac also has various methods to lock the system when not in use. Some of ‘the methods are: = Method 1: Click User name on the top right comer and click Login Window. GE 3 (B Wed 11:36am a Users & Groups Preferences. amu Fig. 2.72 Locking the System When Not in Use in MAC = Method 2: Click an the Apple icon at the left top comer -> System Preferences > Mission Control > Glick the Hot Comers button in the lower comer. Mote 02 Page 23 certified Secor Computer User Copyright © 2y E&-Seumell All Rignts Reserved Raprocucien Seen Froibtec‘cert ing secure Computer User eam 2-42 securing Operating sytem: Choose the hot comer you wish to associate with the locking feature and select Put Display to Sleep from the available options. =——"3 oe estan B sate B ig. 2.73 tocking the System When Hot in use in MAAC ™ Method 3: Press Control + Shift + Eject or Control + Shift + Power keys simultaneously to lock the screen. Disable Automatic login ™ Automatic login feature of Mac OS X allows a user to bypass the login functionality by restarting the system. This feature can be disable by switching on FileVault option. ‘When multiple users use the same Mac, a user account has to be added for each person ‘and automatic login option disabled for data privacy. Click on the Apple icon -> System Preferences > Users & Groups > Login Options. ™ The dimmed options show that the administrator has locked usage of these options. To unlock this feature, click on the Lock at the bottom left of the screen and type in the ‘Administrator account password. ™ Set Automatic login to Off from the menu to require users to log in whenever the Mai restarts "Glick on the Lockat the bottom left to prevent further changes. Mode 02 Page 36‘corti secure Computer user came securing Operating systems: ae [a een 8G ee os ; ccna one (Chow tna upstate Shuto tos ‘Shaw gat raring su Choe pornont se Ctheeltreetngmeuse Falere 6 ‘Uo WeeOrarinit nme FEE mene = EB rast pasar omar en ig. 274 Disabling automatic Login in MAAC Allow App Downloads from Mac App Store Apple's Mac OS X supports various applications to provide a better user experience. Only ‘Apple's indigenous or trusted third-party system-security applications must be used for better system security and performance. Third-party apps may have attractive features, but they offer less security, consume more RAM, may have bugs, and may come with hidden malicious programs. Mac comes with an in-built option that stops users fram downloading third party ‘apps onto the system. ‘Steps to restrict app downloads from “Mac App Store and Identified Developers” only: "Glick on this Apple icon > System Preferences > Security & Privacy > General tab. "Glick on the Lock at the bottom left of the screen and type in your user account password, This will allow you to make changes. = Under the "Allow apps downloaded from:" header, choose the option “Mac App Store and identified developers”. = Glick on the Lock at the bottom left to prevent further changes. Modise 02 Pages? cerfind Secure Computer User Copyright © by EO-Beumell ‘AI RignesSezervestRegrocucten Sect PraniSaes.‘carting secure Computer User eam 242 ‘securing Operating systems Fig, 2.75 Allowing App Downloads from Mac App Store in MAC Enable Automatic Software Updates Software updates or patches are pieces of software released by companies to fix bugs and security vulnerabilities in their products. They also ensure better system performance and add new features to them. Updatesiare generally released as software upgrades. ‘Users can enable Mac OS X to search for and install regular updates. Steps to enable automatic software updates: "Glick on the Apple icon > System Preferences > App Store panel. Note: The system will ask to provide an Apple ID when required to install the available updates. "Check “Automatically check for Updates” (if is not already selected). * Check "Download newly available updates in the background" (if it is not already selected). "Check “Install OS X updates" (If itis not already selected). * Check “Install system data files and security updates” (if itis not already selected). Mode 2 Fage 38 ‘Cried Serre Computer User Copyright© Dy H-Demell {A ges Resse Rasrocute Sey Fro aees.“ceria Secure Computer User comm 242 securing Operating sytem: co) App Store AY) Tho op Stor hops O8 and aps othe Ap Sl sede ( huteratclly chack for updates {Goowniced new avatane updater nthe backareurd Wet a Ga WIR Upon ye LE Install ap updates Dra 08 X vedas ‘Goaal sytem eatattas ana socunty upeates ‘tarataaly doerleadaqea purruaed en other Mace Somwara plates rv auaubla Shem Update Fig, 2.76 Enabling Automatic Software Updates in MAC Disable the Guest Account ‘The guest account on a system allows users to utilize the system with minimal privileges. Guest users are not allowed access to any data on the device, install software or hardware, or change any settings. They can however, connect to the Internet and download files. This feature can be exploited by malicious users to compromise the system and thus needs to be disabled. Despite the aforementioned drawbacks of the guest account, it does have a positive feature. The guest account can be used in conjunction with ‘Find my Mac’—if your Macis misplaced or lost, and if found by a good Samaritan, the guest account feature will help the person to access the system. This will enable you to locate the computer without providing access of files, folders, ‘and applications to that person. ‘The disadvantage of leaving the guest account accessible outweighs its advantage. It is similar to locking one’s house and leaving the window open. Hence the guest account must always be kept in the disabled made. Steps to disable the guest account: ™ Click on the Apple icon > System Preferences > Users & Groups. "Glick on the Lock at the bottom left of the screen and type in your user account password. This will allow you to make changes. = Inthe left column, under “Other Users”, click on the Guest User account. = You will notice three options, uncheck “Allow guests to log in to this computer”, “Enable parental controls”, and “Allow guests to connect to shared folders” to disable the Guest User account. "Click on the Lock at the bottom left to prevent further changes. Moris 02 Page 35 Ceriied Secure Computes User Copyright© | ‘Al gn Reerves Resreaumtion © Sein Prone,(ceric Secure Computer User cram 242 “ © eeo< Urs Grae ew Alle guetta login eis compuler rab th st ne 05 at Plefsts erad angen srs ry sone 2a nena questeseriga out ll elormaten un he i he gee aceoun Roe Tar ar etn. ‘Allow pacer ra to enact ts wad fade Loar +e HB ciexmereck to pre turner angen 2 Fig. 2.77 Disabling Guest Account in MAC Enable FileVault FileVault is an encryption program in Mac that helps users to protect their data. It uses a password based lock mechanism to encrypt the files present on the entire OSX startup valume and typically includes the home directory. FileVauit scrambles your files so that only your password (or the system's Master Password) can unlock the files. It uses an encryption algorithm called Advanced Encryption Standard (AES) to encrypt the data, which is the latest US. government standard for scrambling data. ‘One of the few performance-based issues with FileVault is that it takes a long time to decrypt home directories which contain large amounts of data. Steps te enable FileVault: = Glick on the Apple icon > System Preferences > Security & Privacy > FileVault tab. = Glick on the Lock at the bottom left, then type in your user account password. This will allow you to make changes. "Glick the "Turn On FileVault™ button. Modide 62 Page 62 erica Secure Computes User Copyright© by E-Gemnl ‘llsgnas Rezerves: Resreguation Sei Promotes,Ccernisessecure Computer User securing Operating syrteme, feta mamma marshy — [tevosranan Sonsram ome maaan oe ee ‘Soreremeaesprcantmenettsane Tepe me ai mht ar th dn Maen Hr (ek et tpt a car Aaron Fig. 2:78 Enable File vouit in MAC step "A prompt appears, choose “Create a recovery key and do not use my ‘option and dick Continue. [ae an hibcg bur ion sean ean be tisd Vundon yur dak an eel your Doerr yu Rega fore maer ann cep os cor emo eraeny ta, ena eee Bitten mectey bev and don ow ny Gandara Fig. 2.79 Enable FileVault im MAC Step II iCloud account” "Make a copy of the created recovery key and store it in a safe place. It can be used ta unlock the disk if you torget your password. Mode 62 Page Certed Secare Computer User Copyright © by &-Demmell “a1 Rpts Reseves Resreaumien Sey Prone.“ceria Secure Computer User comm 242 securing Operating sytem: e Security & Privacy The recovery kay in & Gece which can be used to unlock the disk oO you torpat your wea a ceey ot coos andtee nate sen, yu fry you BoeEHD! ane "ea he acre a a ea Hater 2 ace! Fig. 2.80 Enable Filevault in MAC Step Int = Click on the Lock at the bottom left to prevent further changes. Enable Firewall Just like FileVault, OS X provides another security feature called Firewall for data security. Firewall is @ security system that scans the incoming and outgoing traffic to detect and stop anomalies from entering inte a network or a system. All the operating systems come with a ‘built-in firewall. The Mac OS X firewall needs to be enabled manually. Steps to enable Firewall: = Glick Apple icon > System Preferences > Security & Privacy > Firewall. ™ Glick on the Lock at the bottom left, then type in your user account password. This will allow you to make changes. "If the firewall is turned off, click Turn On Firewall to turn on firewall protection. @eo< # Security Privacy Privacy Femail O# “Tarn Gn Fea ‘This computers renal i-carenty trred of All seaming wonneetian thie computer ar allowed ‘Fig. 281 Enabling Firewall in Mac step | Mote 02 Page 62“ceria Secure Computer User comm 242 securing Operating sytem: "Click the Firewall Options button to change firewall settings. een Bec cy Cevwrt Fava SEIN Privacy © Firewait On Ten OF Fre The reali turrd on andi up to prove unauthorized section, progres, ita te Fig. 2.82 Enabling Firewall in MAC Stepit "Click on the Lock at the bottom left to prevent further changes. Block: ing connections ‘che al ecomng cosnattane excant nae eoures far nan Imes eenace, #uch ae DG Besiowr and Pes on aca To Wh rconing comectons ‘Ms sof sigs Uy a ald cata kathy Ye Bowe eva meat he the Enable stealth mode Dor't renzo tn oracknowhgn tomo ip noone thi compu from the rato by ent sepleatons wong IONE wae" Se PG 2 cot Fig. 2.83 Enabling Firewall in MAC Step mi Regularly Change the User Account Password Attackers who try to access the system physically obtain system passwords through various methods such as shoulder surfing, dictionary attack, brute-force attack, rainbow table attack, and phishing. Users need to regularly change their user account passwords to prevent this. Steps to change the user account password: "Click on the Apple icon > System Preferences > Users & Groups. Mote 02 Page 63 Ceriied Secure Computes User Copyright© | ‘Al gn Reerves Resreaumtion © Sein Prone,