Cyber-Patriot-Training-4-December

Report
Cyber Patriot Training
4 December 2010
Results
Vulnerability Number
Percent Vulns Fixed in Category
Local Security Policy
83%
User & Group Security
81%
User & Group Security
81%
User & Group Security
81%
Vulnerable Services
80%
User & Group Security
79%
Backdoor/Virus/Malware
78%
Backdoor/Virus/Malware
78%
Backdoor/Virus/Malware
78%
Backdoor/Virus/Malware
67%
Backdoor/Virus/Malware
67%
Vulnerable Services
65%
File and Folder Configuration
63%
Backdoor/Virus/Malware
62%
Backdoor/Virus/Malware
61%
Vulnerable Services
53%
Patches and Updates
0%
Local Security Policy
• More of the same, look at the policies
Users and Group Security
• Check group membership, disable unknown
users
Vulnerable Services
• Control Panel/Administrative Tools/Services
• Turn off everything that is not needed. If not
sure what the service is, look it up
• Use Process Explorer
– http://technet.microsoft.com/enus/sysinternals/bb896653.aspx
Backdoor/Virus/Malware
• Check registry with regedit
– HKLM\Software\Micrsoft\Windows\CurrentVersion\Run
– HKCU\Software\Micrsoft\Windows\CurrentVersion\Run
•
•
•
•
Look in C:\Program Files
Dump Temporary Internet Files
Clear History
Download and run
– http://www.malwarebytes.org
• Dump temp folders under windows and user
Backdoor/Virus/Malware
– http://free.antivirus.com/hijackthis/
– http://www.safer-networking.org/en/download/
– http://www.microsoft.com/security_essentials
– http://www.avg.com/us-en/download-trial
– http://www.free-av.com/
– http://www.pctools.com/free-antivirus/
– http://download.cnet.com/Avast-FreeAntivirus/3000-2239_4-10019223.html
File and Folder Configuration
• Not sure what they want here
• Check security settings
• Turn off all shares not needed (probably what
they are looking for)
Patches and Updates
• Do windows updates immediately, they take
time, do them while you are doing other
things
– Don’t dLo anything that will require a reboot!!!
– Security updates shouldn’t require update or
select reboot later
• Download from Technet ahead of time
– http://technet.microsoft.com/enus/bb403698.aspx
– Not sure if you need to do updates as in IE7 to IE8
• Would say you SHOULD update but up to you
Ubuntu
• Show running processes
– top or ps
• Stop running processes
– kill by pid
• Check scheduled tasks
– Crontab -l or –e
– su to root and check crontab
• chmod to change file permissions
• chown to change file owner
Ubuntu Continued
• Check ftp configuration file
– /etc
– Probably something like: vsftpd.conf
– No anonymous login
– No root login
• Turn off telnet as well
• Same thing for ssh
– /etc/ssh then ssh_config or sshd_config
• To restart a service
– service servicename(d) restart (vsftpd, sshd)
Ubuntu
• chkconfig – shows current configuration of
services, etc
• Shows file sharing
– http://www.simplehelp.net/2007/05/19/how-toshare-files-and-folders-in-ubuntu/
• sudo is the same as running as root
• Antivirus for Ubuntu
– http://free.avg.com/us-en/download.prd-alf

similar documents