Docstoc

VEŽBA 7A

Document Sample
VEŽBA 7A Powered By Docstoc
					                                                                                                VEŽBA 7A

Ime i prezime studenta: _________________________
Broj indeksa: ________


                                              ZAHTEVI VEŽBE
Naziv vežbe          PROCEDURA INSTALACIJE I KONFIGURISANJA KORISNIČKIH
                     NALOGA U WINDOWS XP OS
Cilj vežbe           Razumeti mehanizme autorizacije prava pristupa u servisu logičke kontrole pristupa u
                     OS Windows XP.
                     Izvežbati i naučiti manuelnu promenu administratorskog naloga i upravljanje grupnim
                     i korisničkim nalozima u Windows XP OS.
Metod rada           Studenti rade individualno u kompjuterskoj laboratoriji. Za izvođenje vežbe koristiti
                     informacije u Prilogu A, pratiti instrukcije demonstratora vežbe i izvršavati zahtevane
                     korake na računaru. Vežba je data u elektronskoj formi u word dokumentu (.doc).
                     Uneti identifikacione podatke.
Proces rada          1. korak: Pročitati i razumeti zahteve vežbe, vreme 5 minuta
                     2. korak: Pratiti instrukcije iz Priloga A i zvršiti zadatak vežbe, vreme 85 minuta
                     Trajanje vežbe: 90 minuta.
Zadaci vežbe         Zadatak 1:
                     Pratiti proceduru i izvršiti sve korake instalacije i konfigurisanja naloga u Windows
                     XP OS.

                                                                                                   Prilog A

1. UPRAVLJANJE KORISNIČKIM NALOZIMA U WINDOWS XP OS

1.1. Procedura za manuelnu promenu administratorskog pasvorda

Izvršiti sledeće korake:

    1.   Kliknite Start meni i izaberite Control Panel. Kliknite Switch to Classic View link lociran na
         levoj strani i dva puta kliknite folder Administrative Tools.
    2.   Dva puta kliknite Computer Management prečicu.
    3.   Proširite Local Users and Groups i izaberite Groups folder.
    4.   Lista grupa treba da se pojavi na desnoj strani. Dva puta kliknite Administrators grupu.
         Potvrdite da se grupa sastoji samo od dva naloga: ugrađeni Administratorski nalog i nalog koji se
         koristi za ojačanje sistema. Ako ne postoji nijedan korisnički nalog, kreirajte korisnički nalog i
         dodajte ga Administratorskoj grupi.
    5.   Ne onemogućavajte Administratorski nalog sve dok se korisnički nalog ne doda Administratorskoj
         grupi. Posle dodavanja, Administratorska grupa treba da sadrži samo dva naloga. Kliknite OK za
         nastavljanje procesa. U Local Users and Groups, izaberite Users folder.
    6.   Desnim tasterom kliknite Administratorski nalog, izaberite Rename i unesite novo ime.
         Kreiranjem relativno neupadljivog imena za nalog smanjuje verovatnoću napada.
    7.   Desnim tasterom kliknite na preimenovani administratorski nalog, izaberite Set Password i
         pripišite jaki pasvord sastavljen od kombinacije najmanje 8 karaktera: brojeva, slova, velikih i
         malih i interpunkcijskih znakova, kao na Sl. 7-3. Kliknite OK.




                                                     1
    8.  Dva puta kliknite na preimenovani administratorski nalog i izbrišite opisno polje ili unesite novi
        opis. Verifikujte da su čekirani boksovi Korisnik ne može izmeniti pasvord (User cannot change
        password), Pasvord nikada ne zastareva (Password never expires) i Nalog je onemogućen
        (Account is disabled). Kliknite OK.
    9. Preimenujte Guest nalog i unesite jaki pasvord za podrazumevani Gost nalog, sastavljen od
        kombinacije najmanje 8 karaktera: brojeva, slova, velikih i malih i interpunkcijskih znakova.
    10. Dva puta kliknite preimenovan i verifikujte da su da su čekirani boksovi Korisnik ne može izmeniti
        pasvord (User cannot change password), Pasvord nikada ne zastareva (Password never
        expires) i Nalog je onemogućen (Account is disabled). Izbrišite opisno polje ili unesite novi opis.
        Kliknite OK .
    11. Onemogućite sve druge ugrađene naloge koji nisu potrebni. U Table 7-1 listirani su svi
        podrazumevani nalozi u Windows XP OS. Za svaki nalog klinknite desnim tasterom na nalog,
        izaberite Properties, čekirajte Account is disabled boks i kliknite OK.

U slučaju da je administratorski pasvord zaboravljen, izvršite sledeće korake za korišćenje diska za
resetovanje pasvorda:

    1.   Na logon prozoru izaberite administrative account i pritisnite Enter tipku ili kliknite tipku desna
         strelica (right arrow) lociranu sa desne strane polja pasvorda.
    2.   Kliknite Use your password reset disk link.
    3.   Kliknite Next.
    4.   Izaberite 3 1/2 Floppy (A:) aktivirajte ga i kliknite Next.
    5.   Unesite novi pasvord, otkucajte ga ponovo da potvrdite i kliknite Next.
    6.   Kliknite Finish.
    7.   Na log on prozoru izaberite administrator account i unesite novi pasvord radi autentifikacije.
    8.   Sada postojeći Password Reset Disk više nije validan. Ponovo kreirajte Password Reset Disk
         tako da sadrži novi pasvord.




Nalog neaktivan 90 dana treba ukinuti, a vremenski onemogućiti ako se ne koristi 30 dana. inactive for 90
days, as well as disabling temporary accounts after 30 days. Takođe treba onemogućiti nalog čim više nije
potreban. Onemogućen nalog treba izbrisati posle specifičnog vremneskog perioda da bi se osloboili
resursi sistema i sprečilo slučajnoo ponovno omogućavanje naloga.

1.2. Ugrađene grupe – radne tabele


                                                     2
Windows XP ima nekoliko grupa poznatih kao specijalne grupe has several groups that are known as
special groups. Windows XP upravlja nalozima ovih grupa automatski. Od posebnog interesa su dve
specijalne grupe: Authenticated Users i Everyone. Authenticated Users koja uključuje sve naloge (osim
Guest i Anonymous accounts) koji treba da se autentifikuju. Everyone uključuje sve lokalne i naloge iz
domena koji proistupaju sistemu. U predhodnim verzijama Windows sistema Anonymouskorisnici su bili
uključeni u Everyone group, koji često daju neovlašćen korisnicima pristup sistemu. U Windows XP,
Anonymous logins nisu više deo Everyone grupe.

Podrazumevano (po default-u) Windows XP takođe sadrži nekoliko lokalnih grupa, koje se razlikuju od
specijalnih grupa zato što adminitrator mođe upravljati članstvom (nalozima) u svakoj lpkalnoj grupi, ali ne
i u specijalnoj grupi. U Tabeli 7-2 opisana je svaka lokalna grupa, objašnjene privilegije koje im pripadaju
i date liste naloga koje podrazumevano pripadaju grupama.

Table 7-2. Default Local Windows XP Groups




Tabele A1, A4, A5 i A7 ukratko ilustruju proceduru upravljanja nalozima u Windows XP OS.




                                                     3
4
5
6
7
8
9
Controlling access to your computer
So far, you have spent a lot of time locking down your computer. You have closed down ports
and have removed unused services from your computer. The next step to secure your computer
is to reinforce the main entry point, the logon. No matter what you do to secure your computer,
it all comes down to your security at the user level. If you have no password on your account
and have a computer that is not protected by a firewall and other devices, then you are at huge
risk of being attacked.
Managing user accounts is very important with Windows XP because the accounts are the keys
into the system. This next section will show you some good secure practices, as well as some
tips that will help make your box even more secure.
Managing user accounts
Windows XP includes the same old account manager found in Windows 2000. This easy-touse
and straightforward interface can be found in the Local User and Group Management
interface. There are various “good” security practices that you can follow to make your computer
practically invincible to many attackers.
Assign a password and rename the guest account
Windows XP includes a guest account that is disabled by default. However, at some time,
this account may be enabled by an application. If you have Windows XP Professional, I
recommend that you disable this account using the old Windows 2000 Local User and
Group application. Just in case it becomes enabled again, I recommend that you rename
the guest account and also assign it a password. Follow these steps to disable the guest
account:
1. Click the Start button and select Run.
2. Key in lusrmgr.msc and click OK.
3. The Local User and Group application will launch. Right-click the Guest username and
select Set Password.
4. You will be prompted with a warning screen. Just click Proceed.
5. Type a complex password in both boxes and click OK.
6. The password has now been set. Next, rename the account by right-clicking it and
selecting Rename.
7. Type in a new name, such as Disabled, and click Enter to save the changes.
The vulnerable guest account is now less of a problem.
Clearing the last user logged on
If you are using the classic logon screen, every time a user logs into your computer, their username
is stored, and that name is displayed the next time the classic logon screen is displayed.
This can be a nice feature, but it also can be a feature that causes a security problem. Knowing
a user’s username is half the battle of breaking into a computer. If you have sensitive information
on your computer, I suggest that you follow these instructions to hide the last user
logged on:
1. Start up the Registry Editor again by clicking the Start Menu and selecting Run. Then
type regedit in the box and click OK.
2. Navigate through HKEY_LOCAL_MACHINE, SOFTWARE, Microsoft,
Windows, CurrentVersion, policies, and system. Locate the dontdisplaylastusername
entry.
3. Right-click the entry and select Modify. Then type in a 1 to activate the feature. Click
OK, and you are finished.
If you ever want to reverse this hack, just repeat the instructions above and replace the 1 with a
0 for the value of dontdisplaylastusername.
Disable and rename the Administrator account
The Administrator account is the most important account on the computer. Users should not
be using the computer under the Administrator account. That just is not a good security practice
for anyone that is running Windows XP Professional and has sensitive data on their computer.
I like to disable my Administrator account and rename it, so that anyone trying to get in
with that account and at that privilege level will not be able to.To disable the account, perform
the following steps:



                                                        10
1. Click the Start button and select Run.
2. Key in lusrmgr.msc and click OK.




FIGURE 12-11: Disabling an account with the local user and group administrator.

3. When you have the Local User and Group application on your screen, just right-click
the Administrator entry and select Rename. Give your administrator account a new
name, such as admin123.
4. Next, disable the account by right-clicking the entry and selecting Properties.
5. Check the Account Is Disabled box, as shown in Figure 12-11.
6. Click OK to save your changes.
Make sure every account on your computer has a complex password
All of the accounts on your computer should have a complex password associated with them if
your computer is ever exposed to the Internet. Passwords such as easy-to-remember words and
key combinations like “asdf ” just do not cut it. A complex password is a password that is at
least seven characters long and consists of uppercase and lowercase letters as well as numbers or
other symbols. Ftm3D8& is an example of a complex password. Something like that is impossible
to guess and will take quite some time for a brute-force technique to crack.
Using complex passwords on all of your accounts might not be easy at first, but after a while
they will grow on you and you will have no problem remembering them.

Visit Spybot’s Web site at www.spybot.info and download a copy of Spybot Search
& Destroy. As you can see, Spybot picked up on some things that Ad-aware missed. Using both of
these programs together will allow you very good detection and removal of spyware on your
computer.

If you do not want to spend $40 or more on getting some antivirus software, you can avail
yourself of the many free antivirus applications. My favorite free antivirus app is called AVG by
GriSoft. AVG is a very good antivirus program that is free for home use. Follow these steps to
get AVG up and running on your computer:
1. Visit GriSoft’s Web site at www.grisoft.com/us/us_dwnl_free.php.
2. Scroll the bottom of the page and click the Download AVG Free Edition button. Be
sure to enter a valid e-mail address on the form after the License Agreement page,
because they will send you a serial number that you will need to use when installing
AVG.
3. Once you have downloaded and installed AVG, make sure to update the virus definitions



                                                       11
with the Update Wizard that is shown the first time you run AVG.
4. When you get your virus definitions updated, you are advised to do a full system scan by
clicking the Run Complete Test button.




                                                      12

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:10
posted:9/7/2011
language:Serbian
pages:12