Windows Encrypting File System (EFS)

Windows Encrypting File System (EFS) allows

Windows 7 system users to encrypt files and folders
in an NTFS formatted disk drive
Right‐click the file to be encrypted  select
Properties on the General tab  click the Advanced
button. The Advanced attributes dialog box appears.
There are two options under Compress or Encrypt
attributes, Compress contents to save disk space
and Encrypt contents to secure data
Select Encrypt contents to secure data  click OK to
close the Compress or Encrypt Attributes dialog box
 click Apply
An Encryption Warning dialog box appears, check
any of the two options: Encrypt the file and its
parent folder and Encrypt the file only  click OK

41 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
How to Decrypt a File Using EFS in
Windows?
• Right‐click the file to be decrypted 
select Properties
• On the General tab, click the
Advanced button. An Advanced
Attributes dialog box appears
• There are two options under
Compress or Encrypt Attributes,
Compress contents to save disk space
and Encrypt contents to secure data
• Uncheck Encrypt contents to secure
data  click OK to close the
Compress/Encrypt Attributes dialog
box  apply the settings  click OK

42 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Using Windows Defender
Windows Defender is an antispyware software that offers real‐time protection against spyware and other potentially
malicious programs infecting the computer
To turn Windows Defender ON or OFF  open Windows Defender by clicking the Start button  click All Programs  click
Windows Defender or type Windows Defender in the search space
Click Tools  click Options  click Administrator  select or clear the Use Windows Defender check box  click Save

43 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Enable BitLocker in Windows 7
1. BitLocker Drive Encryption provides better data protection by encrypting an entire Windows operating system
volume
2. The hard drive and any removable media on the computer can be encrypted
3. Encrypted removable media can be decrypted and re‐encrypted on any Windows 7 computer
4. Click Start  click Computer  Right click on any drive and select the option Turn on BitLocker…

Note: BitLocker is available only in the Enterprise and Ultimate editions of Windows Vista and Windows 7

44 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Launching Event Viewer in
Windows 7
Event Viewer is a built‐in Windows utility that allows users to view and manage the event logs, gather
information about hardware and software problems, and monitor Windows security events
To start Event Viewer in Windows 7  click Start  Control Panel  System and Security
Administrative Tools  Event Viewer

Windows XP Windows 7

45 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Event Viewer: Events 1. Event Viewer categorizes events into five types:
Error, Warning, Information, Audit Success, and
and How to Read Logs Audit Failure
2. Each event log is differentiated by its level and
on the System contains header information and a description of
the event
3. Each event header contains a detailed description
of the level, date, time, source, event ID, and task
category

46 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Disabling Unnecessary Services in
Windows 7
A service is a long‐running executable that
performs specific functions without
requiring any user intervention
Services normally start during the system
start up or booting
Some services load automatically, while
others are called when a program is used
To view running services, click Start 
Control Panel  Administrative Tools 
double‐click Services
Alternatively, select Start  type
services.msc in search bar  press ENTER
Once the Services window is loaded, the
user can turn off any unneeded services

47 Copyright © by EC-
Council
All Rights Reserved. Reproduction is Strictly Prohibited.
 Killing Unwanted Processes
Kill or terminate unnecessary and suspicious processes to increase system performance and protect system
against malwares

Killing a process
Press [Alt]+ [Ctrl] + [Del] keys simultaneously  click
Task Manager

In Task Manager go to Processes tab  select the

Process  click End Process

Alternatively, right click on a selected target process

 select End Process

Killing a Process Tree

Run the Task Manager  select the target process 
right‐click and select End Process Tree

48 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Finding Open Ports Using Netstat Tool
Knowing open ports, and services and applications associated with these ports helps in detecting the presence
of malware such as virus, worms, Trojans, etc. in the system
Malware generally open ports to receive or send data packets from attackers
Netstat, a Windows inbuilt utility, can be used to determine open ports in the system and associated
applications
Click Start  All Programs  Accessories, right‐click Command Prompt, and then click Run as administrator.
Type the password or provide confirmation if prompted
Type netstat –b in the command prompt window to see the open ports and associated applications

49 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Configuring Audit Policy
Audit policies should be configured to identify attempted or successful attacks on system and network

1. Click Start  type secpol.msc in

search bar, and press Enter

2. Click Local Policies  select Audit

Policy  double‐click the Audit
account logon events policy 
check the Success and Failure boxes
 click Apply  click OK

3. Similarly, change the security

setting for all the policies listed in
the right hand pane of Local
Security Policy window
4. Close the Local Security Policy
window

50 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
How to Hide Files and Folders?
Right‐click the file or folder to be hidden  click Properties  under Attributes
check Hidden  click Apply  click OK
On the Organize menu from Windows Explorer  click Folder and search options
On the View tab, Select the Do not show hidden files and folders option

51 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Disable Simple File Sharing in
Windows
1. Go to Start  Control Panel  Folder
Options
2. From the Folder Options window 
select the View tab
3. Scroll to the bottom of the Advanced
Settings pane
4. Uncheck the checkbox for Using
sharing wizard (for Windows 7) 
click OK

52 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Raise the UAC Slider Bar in Windows 7
User Account Control (UAC) helps the user to make critical decisions while installing software
Click Start  Control Panel  Action Center  Change User Account Control Settings 
Raise/Adjust the UAC slider bar to Always notify

53 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
 Module Flow
Guidelines for Securing
System Security
Mac OS X

Windows Security Threats to System

Tools Security

Windows Encrypting How Does

File System (EFS) Malware Propagate?

Guidelines for Windows OS Security

54 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Windows Security Tools: Microsoft
Security Essentials

Microsoft Security Essentials

provides real‐time protection
for a home PC that guards
against viruses, spyware, and
other malicious software

http://www.microsoft.com

55 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Windows Security Tools: KeePass
Password Safe Portable
KeePass is a password
manager that manages
passwords in a secure way
and carries all passwords in
one database, which is locked
with one master key or a
key‐disk

The databases are encrypted

using current known secure
encryption algorithms (AES‐
256 and Twofish)

http://portableapps.com

56 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Windows Security Tools: Registry
Mechanic
1. Registry Mechanic offers tools to speed up and improve the stability of Windows7, Windows Vista, or
Windows XP PC
2. Registry Mechanic safely cleans, repairs, and optimizes the registry and automatically backs up changes
for future recovery
3. Permanently erases Internet activity, personal files, and free space to keep information away from
prying eyes

http://www.pctools.com

57 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Windows Security Tools:Windows
Defender
Windows Defender helps protect a
computer against pop‐ups, slow
performance, and security threats
caused by spyware and other
unwanted software by detecting and
removing known spyware from a
computer

http://www.microsoft.com

58 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
 Module Flow
Guidelines for Securing
System Security
Mac OS X

Windows Security Threats to System

Tools Security

Windows Encrypting How Does

File System (EFS) Malware Propagate?

Guidelines for Windows OS Security

59 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Step 1: Enabling and Locking Down the
Login Window
Click Apple menu  System
Preferences  Accounts 
Login options  Display Login
Windows as  Name and
Password
Uncheck Automatically login as:
 Check Hide the Sleep, Restart,
and Shut Down buttons
 Uncheck Enable fast users
switching if not used

60 Copyright © byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
 Step 2: Configuring Accounts
Preferences
From the Apple menu choose System
Preferences  from the View menu
choose Accounts  select the username
whose password you want to change
Click Reset Password (Mac OS X v10.3 and
v10.4) or Change Password (Mac OS X
v10.5 or later)
Enter a new password in both the
Password and Verify fields  click the
Reset Password (Mac OS X v10.3 and
v10.4) or the Change Password (Mac OS X
v10.5 or later)
If a dialog box appears with the message
Your Keychain password will be changed
to your new account password,  click
OK

61 Copyright © by EC-
Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Step 3: Guidelines for Creating
Accounts
Never create accounts Each user should have his or
that are shared by her own standard or
several users managed account

Administrators should only

Individual accounts are
use their administrator
necessary to maintain
accounts for administration
accountability
purposes

62 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Step 4: Securing the Guest Account
The guest account must be used for
temporary access to the system

The guest account should be

disabled by default as it does not
require a password to login to the
computer

If the guest account is enabled,

Enable Parental Controls to limit
what the user can do
If the user permits the guest
account to access shared folders, an
attacker can easily attempt to
access shared folders without a
password

63 Copyright © by EC-
Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Step 5: Controlling Local Accounts
with Parental Controls
Network
Traffic Analysis
Open System Preferences  click
Accounts
If the lock icon is locked  click the
lock icon and provide an
Administrator name and Password
Select the user account to be
managed with parental controls 
select the Enable Parental Controls
checkbox
Click Open Parental Controls  click
System, Content, Mail & iChat, Time
Limits, and Logs

64 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Step 6: Use Keychain Settings
Keychain stores passwords on the disk in an encrypted form and it is difficult for a non‐root user to
sniff a password between applications
Go to Applications  Utilities  Keychain Access  Edit  Change settings for Keychain "login"
Check Lock after  change minutes of inactivity to the desired number of minutes  check Lock
when sleeping  click Save

65 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Step 7: Use Apple Software Update
Mac OS X includes an automatic software update tool to patch the majority of Apple applications
Software Update often includes important security updates that should be applied to a user’s machine
To update software :
 Open Software Update preferences  click the Scheduled Check pane
 Deselect Download updates automatically  click Check Now

66 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Step 8: Securing Date & Time Preferences
1. Open Date & Time preferences  in the Date & Time pane, enter a secure and trusted
NTP server in the Set date & time automatically field

2. Click the Time Zone button  choose a Time Zone

67 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Step 9: Securing Network Preferences
It is recommended to disable unused
hardware devices listed in Network
preferences
Open Network preferences  from the
list of hardware devices, select the
hardware device that connects one’s
network
From the Configure pop‐up menu,
choose Manually
Enter the user’s static IP address, Subnet
Mask, Router, DNS Server, and Search
Domain configuration settings
Click Advanced  in the Configure IPv6
pop‐up menu, choose Off  click OK

68 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Step 10: Enable Screen Saver Password
To prevent unauthorized access to a system, enable a screen saver password

1. From the Apple menu  select System

Preferences  click Security  click the Lock
icon to make changes
2. If prompted, type the admin userid and
password
3. In the Security window  click the General
tab  check Require password to wake this
computer from sleep or screen saver (Leopard)
or Require password immediately after sleep
or screen saver begins (Snow Leopard)
4. In addition to the screen saver password, also
secure the system by selecting:
 Disable automatic login
 Require password to unlock each System
Preference.
 Use secure virtual memory
 Click the lock icon to prevent further changes
 Close the Security window and restart your
machine

69 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Step 11: Set Up FileVault to Keep
Home Folder Secure
Click System Preferences  click
Security  click FileVault 
click Set Master Password
Create the master password for
the computer but ensure this
password is different from user
account password
Verify the password  click OK

70 Copyright © by EC-
Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Step 12: Firewall Security
Mac OS X firewall blocks unwanted network
communication with the computer:
1. Click System Preferences  click Security  click
Firewall
2. Click the Lock Icon to make changes
3. If prompted, type the admin userid and password
4. By default, the firewall allows all incoming
connections, change the option by clicking the
second option (Allow only essential services) or
third option (Set access for specific services and
applications)
5. Choose which application(s) you want the firewall
to allow and which to block
6. Click the lock icon to prevent further changes and
close the Security window

71 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Module Summary

 Attackers discover new vulnerabilities and bugs to exploit in computer software

 Software vendors usually develop patches to address the problems
 Encryption is the process of converting data into a secret code
 Regularly update the operating system and other applications
 Windows System Restore is used to return one’s computer to an earlier state in
case of a system failure or other major problem with the system
 Microsoft Security Essentials provides real‐time protection for the PC that guards
against viruses, spyware, and other malicious software
 Windows Defender helps to protect the system against pop‐ups, slow performance,
and security threats

73 Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.