Microsoft Works Call Log Templates - PowerPoint

Document Sample
Microsoft Works Call Log Templates - PowerPoint Powered By Docstoc
					Using the Microsoft Security
Tool Kit to Get and Stay Secure



Chris Knaff
Technical lead
Performance Team
Microsoft Product Support
Microsoft Security Tool Kit
Description

   Used to “lock down” an existing computer
    or new installation
   Works on Microsoft® Windows NT® 4.0,
    Windows NT 4.0 Terminal Server Edition
    (TSE), and Windows® 2000
   Not needed for Windows XP
   Can be installed automatically or manually
   Used to get your system to a “base level” of
    security

                                                   2
Before Installing the Tool Kit

We recommend that you:
 Perform a good backup of system
 Update repair disks
 Close all applications
 Be an administrator of your machine




                                        3
Installing the Tool Kit

   Start with the Readme.htm file
   Click on the Install Now link to begin the
    installation




                                                 4
The Readme.htm

The Readme.htm file contains:
 An Install Now link for automatic install
 Descriptions for manual installations
 Information on how to push the tool kit
   contents through a network using Systems
   Management Server (SMS)
 Links for online updates




                                              5
Windows NT
Requirements


   Microsoft Internet Explorer 4.01 or later
   Windows NT 4.0 Service Pack 3 or later




                                                6
Windows NT 4.0
Installing the Tool Kit
   Windows NT 4.0 Service Pack 6a
   Reboot
   Windows NT 4.0 Security Rollup Package
   Hotfix: Q305929
   Hotfix: Q307866 – Pre-restart updates
   Reboot
   Hotfix: Q307866 – Post-restart updates
   Internet Explorer 5.5 Service Pack 2
   Reboot
   Internet Information Services (IIS) Lockdown
    Wizard (if IIS is installed)                   7
Windows NT 4.0 TSE
Requirements

   Internet Explorer 4.01
   Windows NT 4.0 Terminal Server Edition
    Service Pack 3
   IIS cannot be installed (the tool kit will
    not run)




                                                 8
Windows NT 4.0 TSE
Tool Kit Updates for Windows NT 4.0 TSE

   Windows NT 4.0 Terminal Server Edition
    Service Pack 6
   Various hotfixes (Q280119, Q269049,
    Q266433, and Q265714)
   Internet Explorer 5.01 SP2
   Windows Media™ Player patches




                                             9
Windows 2000
Tool Kit Updates for Windows 2000

   Windows 2000 Service Pack 2
   Internet Explorer 5.5 SP2
   IIS 5.0 Security Update (if IIS is installed)
   Windows Media Player patches
   Windows 2000 Critical Update
    Notification Tool
   IIS Lockdown Wizard (if IIS is installed)



                                                    10
Contents of the Tool Kit

   \CDLaunch (contains files used to autorun
    the tool kit)
   \Combined (contains Internet Explorer 5.01
    SP2, Internet Explorer 5.5 SP2, Windows
    Media Player patches, and the Tools
    directory)
   \Combined\Tools (contains HFNetCheck,
    Qchain, and the IIS Lockdown Tool
    directories)


                                                 11
Contents of the Tool Kit (2)

   \Documents (contains documents on each
    of the KB articles supplied by the tool kit,
    with new and existing deployment guides)
   \NT 4.0 (contains all the tools needed to lock
    down a Windows NT 4.0 system, such as
    SP6a, the option pack, and the security
    rollup package)
   \NT 4.0 Terminal Server Edition (contains
    Service Pack 6 and the four hotfixes needed
    to lock down a Windows NT 4.0 Terminal
    Server)
                                                     12
Contents of the Tool Kit (3)

   \SMS (contains documentation on how to
    push the tool kit with SMS)
   \Windows 2000 (contains the tools needed
    to lock down a Windows 2000 system, such
    as SP2 and the IIS 5.0 Security Update)
   Readme.htm (main file used when using the
    tool kit)




                                                13
IIS Lockdown Wizard
with URLScan
   IISLockD functionality
   Obtaining the IISLockD
   Running IISLockD
   Removing IISLockD
   Troubleshooting
   Server templates and references



         •IISLockD    IIS Lockdown Wizard
                                             14
IISLockD Functionality
Limits Attack VULNERABILITIES

   Removes unused components, including:
       Web services
       Script mappings
       WebDAV
       Samples and added features
   Restricts anonymous web users from writing to
    content folders and executing system applications




                                                        15
URLScan Functionality
Used to Prevent Expected and Unexpected
Attacks
   Implemented as ISAPI filter
   Allows or denies requests based on URL
    characteristics

    Blocks are based on attack characteristics
         HTTP request verbs
         Canonicalization and normalization checking
         Executable file extensions
         Multiple dots in path



    •Stop/Restart   of IISADMIN service required after modifying urlscan.ini
                                                                               16
Obtaining IISLockD
   CD-ROM
       Microsoft Security Tool Kit CD-ROM
           CD-Drive:\COMBINED\tools\IIS Lockdown Tool\
           Contains IIS Lockdown Wizard 2.0

   Internet Download
       http://www.microsoft.com/Downloads/Release.a
        sp?ReleaseID=32362
       Latest version of IIS Lockdown Wizard
        (currently 2.1)
   Check for updates before installing

                                                          17
Changes in IISLockD 2.1
   Metabase backup generated prior to
    uninstalling the wizard
   Dynamic updating of template_urlscan.ini
    no longer made
   Unattended install documentation included
    in IISLockD.chm




                                                18
Running IISLockD
One-Click Install




   Execute compressed IISLockD.exe (~230 KB)
   Specify temporary folder to extract setup files
   Folder containing setup files will be
    automatically deleted after setup
                                                      19
Running IISLockD (2)
Extracted Files




   Decompress files: IISLockD.exe /x
   Specify folder to extract files to
   Execute IISLockD.exe (~156 KB)
       Execute Urlscan.exe to install only UrlScan.
                                                       20
Running IISLockD (3)
Unattended Install




   Decompress files: IISLockD.exe /x
   Specify folder to extract files
   Configure IISLockD.ini (see Q310725)
   Execute IISLockD.exe (~156 KB)

                                           21
    Install Methods Compared

   One-Click Install               Extraction Method
       Execute IISLockD.exe            Files are compressed
                                         inside IISLockD.exe
           Mixed-case                      Lower-case filename
            filename
                                            “Cool-key” icon
           “generic Windows                File size (156 KB)
            application” icon
                                            No need to choose
           File size (230 KB)               extract location




                                                                   22
Running IISLockD (4)
IIS Lockdown Wizard: Setup Demo




                                  23
Running IISLockD (5)
IIS Lockdown Wizard: Setup Demo




                                  24
Running IISLockD (6)
IIS Lockdown Wizard: Setup Demo




                                  25
Running IISLockD (7)
IIS Lockdown Wizard: Setup Demo




                                  26
Running IISLockD (8)
IIS Lockdown Wizard: Setup Demo




                                  27
Installation Logs
    oblt-rep.log
         Summary of what was done – generated after install.
            %windir%\System32\InetSrv\oblt-rep.log
    oblt-log.log
         List of actions to perform during uninstall.
            %windir%\System32\InetSrv\oblt-log.log




    Note:
    One Button Lockdown Tool (OBLT) was the original name of the IIS
    Lockdown Wizard

                                                                       28
Removing IISLockD
Running IISLockD a Second Time
   Uninstall wizard is automatically invoked
   Prompt: Uninstall or Exit wizard
   oblt-once.MD0 used to replace currently running
    metabase
       All metabase changes made after installing IISLockD will be
        lost
   Metabase restoration phase can take 30 min or more




                                                                 29
Removing IISLockD       (2)
Uninstall Demo: Running IISLockD.exe




                                       30
Removing IISLockD       (3)
Uninstall Demo: Running IISLockD.exe




                                       31
Uninstall Logs
   oblt-undone.log
       Renamed from oblt-log.log uninstall starts
           %windir%\System32\InetSrv\oblt-undone.log
   oblt-undo.log
       List of actions performed during uninstall
           %windir%\System32\InetSrv\oblt-undo.log




                                                        32
Troubleshooting
Problems During Installation

   Multiple security scopes not supported
   Modified files not available
   Current user’s permissions too restrictive




                                                 33
Troubleshooting (2)
If Web Services No Longer Work Properly

   Collect logs
   Collect data with Web services failing
       Event Logs
       Network Monitor (Q252876)
       IIS Logs
       UrlScan.log
   Remove IISLockD
   Collect data with Web services working
   Create custom server template (Q311350)


                                              34
Troubleshooting (3)
Cannot Uninstall IISLockD

   Verify current user is member of Local
    Administrators group.
   Verify oblt-log.log and oblt-rep.log both exist.
   Call 1-866-PCSAFETY (1-866-727-2338).
       Prepare to send oblt*.log; all Event Viewer logs.




                                                            35
References
Q311350 - HOWTO: Create a Custom Server Type for
          Use with the IIS Lockdown Wizard
Q310725 - HOWTO: Run the IIS Lockdown Wizard
          Unattended
Q307608 - INFO: Availability of URLScan Security Tool


General Security Info:
http://www.microsoft.com/security/
Q282060 - Resources for securing Internet Information
          Services


                                                        36
Use of Qchain
   Solution for Windows NT 4.0,
    Windows 2000, and Windows XP
   Fast installs of hotfixes on a single
    computer
   One reboot
   Only Microsoft-supported method of
    installing multiple hotfixes
   Manual or batch install


                                            37
Elements of Qchain
   Qchain.exe
    Hotfix executable(s)
    QFEcheck.exe




                           38
Qchain Syntax

   Qchain /?
         Shows available syntax
   Qchain [<logfilename>]
         Ex: Qchain hotfixlog




                                   39
Installing Hotfixes with Qchain
Manual Install

   Can install each hotfix singly
   Must use switch for no reboot
   Quiet mode is optional
   Can be used together
      Ex: Qnnnnnn_x86_en.exe –z (no reboot)
      Ex: Qnnnnnn_x86_en.exe –m (quiet)
      Ex: Qnnnnnn_x86_en.exe –z –m (no reboot and quiet )




                                                            40
Installing Hotfixes with Qchain (2)
Batch File

   Use a batch file for scripting multiple
    hotfixes
      Ex: @echo off
            Setlocal
            set pathtofixes=<some path>
            %pathtofixes%\Q123456.exe –z –m
            %pathtofixes%\Q234567.exe –z –m
            %pathtofixes%\qchain.exe




                                              41
Limitations of Qchain

   May not work on some Windows NT 4.0 and
    pre-SP2 Windows 2000 hotfixes.
       If the hotfix contains files listed in registry key:
        HKEY_LOCAL_MACHINE\System\CurrentControlSet
        \Control\Session Manager\KnownDLLs




                                                               42
Other Tools
Qfecheck.exe

   Verifies the hotfixes installed
   Works only on Windows 2000
   To view syntax type Qfecheck /?
     QFECHECK [/l[:location] /v /q /?]
      /l Log output to <Computername>.log in the current
      folder location. Use the specified location to store the log
      file.
      /v Verbose output
      /q Quiet mode



                                                                     43
Additional References
   QChain.exe
    Microsoft KB article Q296861
   Qfecheck.exe
    Microsoft KB article Q282784




                                   44
Hfnetchk Usage
   Used for scanning:
       Single Computer
       Enterprise Wide
   Assesses patch status for:
       Windows NT 4.0
       Windows 2000
       Windows XP
       IIS 4.0 and 5.0
       SQL Server™ 7.0 and SQL Server 2000
       Internet Explorer 5.01 and later
   Can be used locally or remotely
   Customize scan via switches
                                              45
Command-Line Switches
   -? (help)                              -x (datasource) specifies:
                                               XML file
       Displays help menu for all             Compressed XML file in .cab
        switches and examples                   format
                                               URL
   -z (reg checks)                            Default is Mssecure.cab from the
                                                Microsoft Web site
       Prevents checking registry
        settings
       Finds fixes when no registry       -o (output switch)
        settings are present to avoid       specifies output format
        false negatives
                                               [tab] Tab-delimited format
   -v (verbose)                               [wrap] Word-wrapped format

       Displays reasons for test
        failure in wrap mode




                                                                               46
Command-Line Switches (2)
   -h (hostname)                        -d (domain_name)
       Specifies the NetBIOS                Specifies domain name to
        machine name to scan;                 scan
        default is localhost                 Will scan all machines in
                                              domain
   -r (range)                           -n (network)
       Specifies a range of IP              Scan all systems on
        addresses to scan                     local network
       Starting with IP address1            All hosts in Network
        and ending with IP                    Neighborhood
        address2, inclusive
                                         -b (baseline)
                                             Displays the status of
   -i (IP address)                           hotfixes required for
                                              minimum baseline
       Specifies the IP address of           security standards
        the machine to scan.




                                                                          47
Command-Line Switches (3)
   -s (suppress)                   -t (threads)
       Suppresses NOTE and             Sets number of threads
        WARNING messages                 used for scanning
       1 = Suppress NOTE               Possible values are 1 to
        messages only                    128; default is 64
       2 = Suppress WARNING
        messages                    -history (history level)
       Default is to show all          (1) explicitly installed
        messages                        (2) explicitly not installed
   -nosum (checksum)                   (3) explicitly installed and
                                         not installed
       Do not evaluate file
        checksum                        This switch is not
                                         necessary for normal
                                         operation



                                                                        48
Common Usage
Single Computer

   Local computer
   Isolated servers

    Sample usage:

    1.   Hfnetchk.exe –history 3 >”servername_date.txt”

    2.   Hfnetchk.exe –x C:\temp\mssecure.xml –z –v

    3.   Hfnetchk.exe –o tab >”servername_date.txt”




                                                          49
Common Usage (2)
Enterprise Wide
    Individual computers
    Specific computers in a group
    Entire domains or networks

Sample usage:

1.   Hfnetchk.exe –h server_name1, server_name2, server_name3

2.   Hfnetchk.exe –r 192.168.0.1,192.168.0.254 –z –v

3.   Hfnetchk.exe –d domain_name –t 128 –s 2 –z >”domain_name_date.txt”

4.   Hfnetchk.exe –d domain_name –t 128 –b -v >”domain_name_date.txt”

5.   Hfnetchk.exe –d domain_name –nosum –v >”domain_name_date.txt”

                                                                          50
References
   Q303215
       Microsoft Network Security Hotfix Checker
        (Hfnetchk.exe) Tool Is Available


   Q305385
       Frequently Asked Questions about the Hfnetchk.exe Tool


   Readme.txt file installed with Hfnetchk

   Support via e-mail at:
       hfnetchk@microsoft.com


                                                                 51
Hfnetchk
   Assess installation status of hotfixes

   Local or remote

   Use command-line switches to tune

   Find references on Security Tool Kit




                                             52
Critical Update Notification Tool
Description


   Can be used on Windows 2000 machines
    only
   Used to automate downloading of updates
    provided by
    http://windowsupdate.microsoft.com/




                                              53
Critical Update Notification Tool (2)
Installation

    Installed automatically via the tool kit
    Can be manually installed from
     \Windows 2000\Windows Update\cun.msi
     (found on the tool kit)
    Can be “pushed” to your network via SMS
     (\Windows 2000\Windows update\cun.sms)




                                                54
Critical Update Notification Install
Lets You Choose How Often You Want Your
Machine to Check for Updates




                                          55
Stay Secure Through Other
Microsoft Resources
   To report a virus, send an e-mail to
    secure@microsoft.com to alert the Microsoft
    Security Response Center.
   Visit Microsoft Security Response Center at
    http://www.microsoft.com/security/.
   Receive free virus-related telephone support at
    1-866-PC Safety.
   Sign up to receive security bulletins by sending an e-
    mail to:
    microsoft_security-subscribe-
    request@announce.microsoft.com.
    (The e-mail address above has been line-wrapped for readability. It is one
    address.)
                                                                                 56
Thank you for joining us for today’s Microsoft Support
WebCast.

For information about all upcoming Support WebCasts
and access to the archived content (streaming media
files, PowerPoint slides, and transcripts), please visit:
http://support.microsoft.com/webcasts/

We sincerely appreciate your feedback. Please send any
comments or suggestions regarding the Support
WebCasts to feedback@microsoft.com and include
“Support WebCasts” in the subject line.
                                                            57

				
DOCUMENT INFO
Shared By:
Categories:
Stats:
views:137
posted:3/18/2011
language:English
pages:57
Description: Microsoft Works Call Log Templates document sample