CompTIA A_ Certification All-In-One Exam Guide, Seventh Edition - Michael Meyers [469]
If you can’t start Windows after the virus scan is finished, you need to follow the steps outlined in Chapter 16, “Securing Windows Resources,” to boot to the Recovery Console in Windows 2000/XP, or boot into a repair environment in Windows Vista.
Once in the Recovery Console, you’ll have access to tools to repair the boot sector (or boot blocks, as CompTIA calls them) through the FIXMBR and FIXBOOT commands. You can run BOOTCFG to rebuild a corrupted BOOT.INI file. EXPAND will enable you to grab any replacement files from the Windows CAB files.
With the Windows Vista repair environment, you have access to more repair tools, such as Startup Repair, System Restore, Windows Complete PC Restore, and the command prompt (Figure 26-23). Run the appropriate option for the situation and you should have the machine properly remediated in a jiffy.
Figure 26-23 System Recovery options in Windows Vista
Educate The best way to keep from having to deal with malware and grayware is education. It’s your job as the IT person to talk to users, especially the ones whose systems you’ve just spent the last hour cleaning of nasties, about how to avoid these programs. Show them samples of dangerous e-mails they should not open, Web sites to avoid, and the types of programs they should not install and use on the network. Any user who understands the risks of questionable actions on their computers will usually do the right thing and stay away from malware.
Finally, have your users run antivirus and antispyware programs regularly. Schedule them while interfacing with the user so you know it will happen.
Firewalls
Firewalls are devices or software that protect an internal network from unauthorized access to and from the Internet at large. Hardware firewalls use a number of methods to protect networks, such as hiding IP addresses and blocking TCP/IP ports. Most SOHO networks use a hardware firewall, such as the Linksys router in Figure 26-24. Many routers use Access Control Lists (ACLs) that can filter by port number, IP address, or several other attributs.
Figure 26-24 Linksys router as a firewall
Windows XP and later come with an excellent software firewall, called the Windows Firewall (Figure 26-25). It can also handle the heavy lifting of port blocking, security logging, and more.
Figure 26-25 Windows Firewall
You can access the Windows Firewall by opening the Windows Firewall applet in the Control Panel. If you’re running the Control Panel in Category view, click the Security Center icon (Figure 26-26) and then click the Windows Firewall option in the Windows Security Center dialog box. Figure 26-27 illustrates the Exceptions tab on the Windows Firewall, showing the applications allowed to use the TCP/IP ports on my computer.
Authentication and Encryption
You know from previous chapters that the first step in securing data is authentication, through a user name and password. But when you throw in networking, you’re suddenly not just a single user sitting in front of a computer and typing. You’re accessing a remote resource and sending login information over the Internet. What’s to stop someone from intercepting your user name and password?
Firewalls do a great job of controlling traffic coming into or out of a network from the Internet, but they do nothing to stop interceptor hackers who monitor traffic on the public Internet looking for vulnerabilities. Worse, once a packet is on the Internet itself, anyone with the right equipment can intercept and inspect it. Inspected packets are a cornucopia of passwords, account names, and other tidbits that hackers can use to intrude into your network. Because we can’t stop hackers from inspecting these packets, we must turn to encryption to make them unreadable.
Network encryption occurs at many levels and is in no way limited to Internet-based