Securing Windows

Question 1

What are ways to class security controls?

Answer 1

Physical Controls: Applied in the built environment to control access to the sites. Ex. Fences doors, locks
Procedural Controls: Applied and enforced by people. Ex. Incident response process, management oversight, security awareness training.
Logical: Applied and enforced by digital or cyber systems and software. Ex. user authentication, antivirus software, and firewalls.

Question 2

What is the goal of cybersecurity systems?

Answer 2

The CIA triad
Confidentiality: Ensures sensitive data is only accessible by authorized users.
Integrity: Ensures data is accurate and trustworthy.
Accessibility: Resources are readily available for users to access when they need to.

Question 3

What’s a framework that can be used to meet the goals of the CIA triad?

Answer 3

IAM (Identity and Access Management).

Question 4

What are core components of IAM?

Answer 4

Identification: identifying and defining users, devices, and applications withing the system.
Authentication: Identifies users attempting to access resources. Can be done with- passwords, biometrics, MFA.
Authorization: Determines what resources ad actions a user is allowed to access based on their role, responsibilities and permissions.
Access Control: Enforces authorization policies and restricts access to resources based on predefined rules.

Question 5

What is a ACL?

Answer 5

Access Control List.
A collection of ACE (access control entries) that determines which subjects are allowed or denied access to the object and the privileges they are given (like read only, read write, etc.)

Question 6

What is ACE?

Answer 6

Access Control Entry.

Question 7

What is the principal of least privilege?

Answer 7

Means a users should be given the minimum possible access necessary to perform a job.

Question 8

What is Implicit Deny?

Answer 8

Unless there is a rule specifying that access should be granted, and request for access is denied.
ACL security is typically founded on this principal.

Question 9

What is a Vulnerability?

Answer 9

A weakness that can be accidentally or purposely exploited to cause a security breach.

Question 10

What is a Risk?

Answer 10

The likelihood and impact/consequence of a threat actor exploiting a vulnerability.
Vulnerability + Threat = Risk

Question 11

What is a Threat?

Answer 11

The potential for someone or something to exploit a vulnerability and breach security.
Can be intentional or unintentional.

Question 12

What are the 3 principal types of cryptographic technology?

Answer 12

Symmetric Encryption
Asymmetric Encryption
Cryptographic Hashing:

Question 13

What is Symmetric Encryption?

Answer 13

Uses a single secret key to both encrypt and decrypt data.
If the key is stolen or lost that is a security breach.
Speedy.

Question 14

What is Asymmetric Encryption?

Answer 14

Uses a key pair- a private and and public key that are mathematically linked.
Only one key can perform encryption or decryption on a given message.
Private key must be kept a secret, the public key can be widely and safely distributed.
Message cannot be larger than the key size.

Question 15

What is Cryptographic Hashing?

Answer 15

A hash takes any amount of data as input and produced a fixed length hash.
cryptographic hash performs this process as a one-way function that makes it impossible to recover the original value from the hash.
used for secure storage of data where the original meaning does not have to be recovered (Ex. Passwords)

Question 16

What are commonly used cryptographic hash algorithms?

Answer 16

Secure Hash Algorithm (SHA) family of algorithms. SHA-256 and SHA-3 are the most used version of the SHA algorithms.

Question 17

What is a digital signature and how does it work?

Answer 17

Proves a message or digital certificate has not been altered or spoofed.
A cryptographic hash is used to ensure integrity of the certificate.

Question 18

What is the purpose of a key exhange?

Answer 18

To allow 2 hosts to know the same symmetric encryption key without any other host finding out what it is.
Asymmetric encryption is used to exchange symmetric cipher keys.

Question 19

What accounts can a user be setup with in Windows?

Answer 19

A local and a Microsoft account.

Question 20

What is the difference between a local and a Microsoft account?

Answer 20

A local account is defined on that computer only.
Local user accounts are stored in a database called SAM (Security Account Manager), which is part of the HKEY_LOCAL_MACHINE registry.
Cannot be used to log onto a different computer or access files over the network.

A Microsoft account is manages via a online portal and is identified by an email address.
Can be synchronized between devices via the online portal.

Question 21

What is a security group and its purpose?

Answer 21

A collection of user accounts.
Used to assign permissions and rights to groups (more efficient than doing it individually).

Question 22

What are the built in groups and the standard set of rights they have?

Answer 22

Administrator Group: Can perform all management tasks and generally has very high access to all files and other object in the system.
Users Group: The standard account generally only able to configure settings for its profile. Can also shutdown computer, run desktop apps, install and run store apps, and use printers.
Guest group: a group only present for legacy reasons, same default permissions and rights as users/standard.
Power User Group: Meant to have intermediate permissions between administrators and users.
Caused vulnerabilities so now only present to support legacy apps. Same permissions as Standard.

Question 23

What does the local users and groups management console do?

Answer 23

Manages both user and group accounts.
Can- create, disable and delete accounts, change account properties, reset user passwords, create custom groups, and modify group membership.

Question 24

What is JIT access?

Answer 24

Just-in-time access.
A security practice where users are granted access to resources only when needed and for only as long as it takes to complete the task.

Question 25

What is PAM?

Answer 25

Privileged Access Management. Focuses on securing, controlling, and monitoring access to privileged accounts. If these accounts are compromised that can cause significant damage.

Question 26

What is UAC?

Answer 26

User Account Control. Requires the user to explicitly consent to performing a privileged task. Tasks that are protected by UAC are shown with a Security Shield icon

Question 27

What is zero trust?

Answer 27

No user or device should ever be automatically trusted, regardless of their location or previous authentication.

Question 28

What are the principal authentication factors?

Answer 28

The principal factors are categorized as knowledge (something you know, such as a password), possession (something you have, such as a smart card or smartphone), and inherence (something you are, such as a fingerprint. This will typically involve biometrics).

Question 29

What is MFA?

Answer 29

Multifactor Authentication. The user must submit at least 2 different type of credentials. Ex Something you know, something you are. Two of the same credentials DONT COUNT.

Question 30

What is 2-Step Verification.

Answer 30

Uses a soft token to check that a sign in request is authentic.

Question 31

What is a soft token?

Question 32

What is a One-Time Password?

Answer 32

OTP. Valid for a single login session. Unique passcodes are generated for each login attempt.

Question 33

What are types of OTP?

Answer 33

Time base OTP: Valid for a set amount of time. Hash-based Message Authentication Code OTP (HOTP): Uses a algorithm that generates the OTP using a counter-based approach. Challenge-Response: Server sends a challenge like a random number to the user.

Question 34

What is a Authenticator App?

Answer 34

Software that allows a smartphone to operate as a second authentication factor or as a trusted channel for 2-step verification. Can be used for password less access or as 2 factor authentication. Ex. Microsoft authenticator.

Question 35

What is hard token authentication?

Answer 35

Works the same way as a authenticator app but is implemented as firmware in a smartcard or thumb drive. The hard token is first registered with the service or network and when the user must authenticate they connect the token and authorize it with a pin or biometric. The token transmits credentials and the user is granted access. Ex a CAC.

Question 36

What are ways to change a password?

Answer 36

User can press CTRL+ ALT +DELETE or using account settings. Admin can reset password using Local Users and Groups

Question 37

What are 3 typical Windows sign in scenarios?

Answer 37

Widows local sign in- LSA (Local Security Authority) compares the submitted credential to the one stored in SAM (Security Accounts Manager) also called interactive login. Windows network sign in- LSA passes credentials for authentication to a network service. The preferred network authentication is based on Kerbos. typically performed when device is connected to a domain. Remote sign in- VPN or web portal.

Question 38

Who releases updates to to secure password creation recommendations?

Answer 38

NIST (National Institute of Standards and Technology).

Question 39

What is Windows Hello?

Answer 39

A subsystem that allows the user to configure alternative ways of authenticating such as: Personal Identification Number (PIN)- A Windows Hello Pin is configured for each individual device. PIN is stored in the TPM Fingerprint- uses a sensor to scan Facial Recognition- Camera records 3-D image and uses IR sensor. Security Key- A removable USB token or smart care or even a phone with NFC

Question 40

What is simple sign on?

Answer 40

SSO. A user authenticates once to a device or network to gain access to multiple applications or services.

Question 41

What are advantages and disadvantages of SSO?

Answer 41

Advantage: User doesn't have to monitor multiple digital identities and passwords Disadvantage: If that account is compromised, multiple services are also compromised.

Question 42

How does the Windows Hello for Business seek to mitigate the risks of SSO?

Answer 42

By transitioning to passwordless SSO.

Question 43

What is a SAML?

Answer 43

A Security Assertions Markup Language. A special type of SSO. With SAML a IP (Identity provider) is used to pass user credentials to a SP (service provider) Ex. Military dog with goggles.

Question 44

What can a domain account do?

Answer 44

Can be authorized to access any computer joined to the domain. Can be assigned permission on any resources hosted in the domain.

Question 45

How do you create a domian?

Answer 45

You need at least 1 Windows Server computer configured as a DC (domain controller). A DC stores a database of network information called AD (active directory). The DC stores user group and computer objects. Reminder accounts and security groups in a domain are configured in the Active Directory database stored on a Domain Controller.

Question 46

What is used to create and modify AD accounts?

Answer 46

The Active Directory Users and Computers management console.

Question 47

What is the DC responsible for?

Answer 47

Providing authentication service to users as they attempt to sign in. Management of DCs and rights to create accounts in the domain is reserved to Domain Admins.

Question 48

What is a Member Server?

Answer 48

A server based system that has been joined to the domain but doesn't maintain a copy of the AD database. Member servers provide file, print and application services i.e. Exchange for email or SQL server for database etc.

Question 49

What's a Security Group in a domain?

Answer 49

Used to assign permissions more easily and robustly. User accounts are given membership in a security group to assign them permissions on the network, these permissions apply to any computer joined to the domain.

Question 50

What is a OU?

Answer 50

an organizational unit. A way of dividing a domain up into different administrative realms.

Question 51

What does a Domain group policy do?

Answer 51

Configures computer setting and user profile settings. Can also be used to deploy software automatically.

Question 52

What is a domain GPO?

Answer 52

Group Policy Object. Can be applied to multiple user accounts and computers. This is done by linking a GPO to a domain or OU in a AD

Question 53

What is a login script?

Answer 53

A code that performs a series of tasks automatically when a user logs in. Login script can be used to configure the environment for the user-setting environmental variables, mapping drives to specific server-based folders, and mapping to printers or other resources. Can do things like ensure that the client meets the security requirements for signing on to the network. Note Most of these tasks can be done with a GPO.

Question 54

In enterprise environments using Windows Hello for Business, what is the minimum number of characters required for a Windows PIN?

Answer 54

6

Question 55

Members of the Domain Users can sign into any resource except?

Answer 55

Domain Controllers

Question 56

What is a workgroup?

Answer 56

A peer-to-peer network model where computers can share resources. Management of each resource is performed on the individual computers.

Question 57

What is a Domain?

Answer 57

Based on a client/server model that groups computers together for security and to centralize administration.

Question 58

How can you change your hostname?

Answer 58

Using System Properties dialog. sysdm.cpl

Question 59

Where are sharing options configured?

Answer 59

Via the advanced sharing setting applet in the control panel.

Question 60

How do you share files on a network?

Answer 60

Turn on network discovery. Turn on file and printer sharing

Question 61

How are shares listed in Workgroups and domains?

Answer 61

They are listed by the file server computer under the Network object in File Explorer. Each computer is identified by its host name. Network enabled devices i.e. printers are also listed here.

Question 62

What is a mapped drive?

Answer 62

A share that has been assigned to a drive letter on a client device.

Question 63

How do you turn a share to a mapped drive?

Answer 63

right click it and select Map Network drive > Select a drive letter and keep reconnect at sign in checked. (unless you want to map the drive temporarily)

Question 64

What are the 2 ways network resources can be accessed?

Answer 64

By using UNC (universal naming convention) or mapping as a drive. Mapping as a drive provides a drive letter and the option to make the connection persistent. UNC will provide on demand access only.

Question 65

What is the difference between Share level permissions and NTFS permissions.

Answer 65

Share-level- on applies when a folder is accessed over a network connection. Offers no protection against a user who is logged on locally to the computer hosting the shared resource. NTFS permissions- applies to both network and local access and can be applied to folders and individual files.

Question 66

What are the varying simple permissions?

Answer 66

Read/list/execute: allows principals to open and browse files and folders and to run executable files. Write: Allows principals to create files and subfolders and to add data to files. Modify: Allows the principal write permissions and to change existing file data and delete files and folders. Full control: Allows all other permissions and the ability to change permissions and change the owner of the file or folder.

Question 67

What is the order of permissions form most to least restrictive?

Answer 67

Explicit Deny Explicit Allow Implicit Deny Implicit Allow If these permissions conflict with each other, Windows will default to the most restrictive permission.

Question 68

Where is Windows Hello Setting located?

Answer 68

Settings, Accounts