1

00:00:00,870 --> 00:00:02,890

<v ->Securing Applications.</v>



2

00:00:02,890 --> 00:00:05,850

By far, the most commonly used productivity suite



3

00:00:05,850 --> 00:00:08,300

in the world is Microsoft Office.



4

00:00:08,300 --> 00:00:10,590

This includes Word for word processing,



5

00:00:10,590 --> 00:00:14,050

Excel for spreadsheets, PowerPoint for slide presentations,



6

00:00:14,050 --> 00:00:16,600

Outlook for email and many others.



7

00:00:16,600 --> 00:00:19,620

Now, how can we protect the applications themselves



8

00:00:19,620 --> 00:00:21,300

and the files that they create?



9

00:00:21,300 --> 00:00:23,990

Well, that's what we're going to cover in this lesson.



10

00:00:23,990 --> 00:00:26,270

First, let's talk about the obvious.



11

00:00:26,270 --> 00:00:29,070

If you have a document and you want to protect its contents,



12

00:00:29,070 --> 00:00:31,070

you should use a password to do it.



13

00:00:31,070 --> 00:00:32,980

It's a really simple built-in feature



14

00:00:32,980 --> 00:00:34,890

across the Office Suite.



15

00:00:34,890 --> 00:00:37,780

To create a password to protect your files from modification



16

00:00:37,780 --> 00:00:39,100

or even being viewed,



17

00:00:39,100 --> 00:00:41,630

you can do this using the Password Protect Feature



18

00:00:41,630 --> 00:00:43,620

under the tools menu bar option,



19

00:00:43,620 --> 00:00:45,180

as shown here on the screen.



20

00:00:45,180 --> 00:00:47,220

This is an example from Microsoft Word,



21

00:00:47,220 --> 00:00:50,290

but it works in Word, Excel and PowerPoint.



22

00:00:50,290 --> 00:00:53,490

Also, your files can be set to read-only if you desire.



23

00:00:53,490 --> 00:00:55,310

This will prevent any other contents



24

00:00:55,310 --> 00:00:58,240

from being modified by unauthorized users.



25

00:00:58,240 --> 00:00:59,450

Another thing you want to think about



26

00:00:59,450 --> 00:01:01,540

when it comes to security is macros,



27

00:01:01,540 --> 00:01:02,950

and we talked about that a bit



28

00:01:02,950 --> 00:01:05,630

back when we talked about macro viruses.



29

00:01:05,630 --> 00:01:07,970

You want to make sure you check your macro settings.



30

00:01:07,970 --> 00:01:09,830

You can find this under your Preferences



31

00:01:09,830 --> 00:01:13,350

or your Tools option, and then going to the Security tab.



32

00:01:13,350 --> 00:01:16,300

By default, you should want to disable macros



33

00:01:16,300 --> 00:01:18,150

with or without notification.



34

00:01:18,150 --> 00:01:21,090

This will increase the security of your organization.



35

00:01:21,090 --> 00:01:23,690

Now, when it's installed originally by Microsoft,



36

00:01:23,690 --> 00:01:26,230

macros are enabled so you want to take the time



37

00:01:26,230 --> 00:01:28,660

to disable this in your baseline image.



38

00:01:28,660 --> 00:01:30,620

Most organizations are going to decide



39

00:01:30,620 --> 00:01:32,440

to disable macros completely



40

00:01:32,440 --> 00:01:34,550

and not even give their user an option



41

00:01:34,550 --> 00:01:35,880

to be able to enable them.



42

00:01:35,880 --> 00:01:38,750

To do this, you can set that through your group policy



43

00:01:38,750 --> 00:01:40,250

inside the Windows Server



44

00:01:40,250 --> 00:01:42,700

and push that out to all of your clients.



45

00:01:42,700 --> 00:01:44,890

Another way to secure your information



46

00:01:44,890 --> 00:01:46,900

is to use digital certificates.



47

00:01:46,900 --> 00:01:49,360

If your organization is already using digital certificates



48

00:01:49,360 --> 00:01:51,400

as part of its organizational security,



49

00:01:51,400 --> 00:01:53,680

you should enable your documents to be locked down



50

00:01:53,680 --> 00:01:55,500

and only be opened by the person



51

00:01:55,500 --> 00:01:57,680

presenting a valid digital certificate.



52

00:01:57,680 --> 00:01:59,330

This again is another option



53

00:01:59,330 --> 00:02:01,650

that you can find inside of Word.



54

00:02:01,650 --> 00:02:03,190

Additionally, you want to think about



55

00:02:03,190 --> 00:02:04,880

how you're going to encrypt your documents



56

00:02:04,880 --> 00:02:06,580

to protect their contents.



57

00:02:06,580 --> 00:02:07,413

This can be done



58

00:02:07,413 --> 00:02:09,860

within the Microsoft Office products themselves,



59

00:02:09,860 --> 00:02:12,600

or you can use the underlying system capabilities,



60

00:02:12,600 --> 00:02:14,830

something like BitLocker To Go.



61

00:02:14,830 --> 00:02:17,280

So at this point, we have some pretty secure files.



62

00:02:17,280 --> 00:02:20,160

We've disabled our macros, we've password protected them,



63

00:02:20,160 --> 00:02:21,500

and we've encrypted them.



64

00:02:21,500 --> 00:02:24,520

Let's go and shift our focus over to email for a moment.



65

00:02:24,520 --> 00:02:26,280

Inside the Microsoft Office Suite,



66

00:02:26,280 --> 00:02:28,580

there's a program called MS Outlook.



67

00:02:28,580 --> 00:02:30,970

Microsoft Outlook is used for email,



68

00:02:30,970 --> 00:02:33,030

and if you embed your digital signatures



69

00:02:33,030 --> 00:02:34,960

and digital certificate configurations



70

00:02:34,960 --> 00:02:36,430

into Microsoft Outlook,



71

00:02:36,430 --> 00:02:39,010

you can have increased email security.



72

00:02:39,010 --> 00:02:42,600

This relies on a PKI or Public Key Infrastructure.



73

00:02:42,600 --> 00:02:43,650

We'll talk about that when we get



74

00:02:43,650 --> 00:02:46,610

into the cryptography section of this course later on.



75

00:02:46,610 --> 00:02:48,120

Now, another thing when we start talking



76

00:02:48,120 --> 00:02:50,540

about Microsoft Outlook is that our emails



77

00:02:50,540 --> 00:02:53,010

start getting to be overwhelming sometimes,



78

00:02:53,010 --> 00:02:56,580

and we have to start saving space by archiving them off.



79

00:02:56,580 --> 00:02:57,750

In Microsoft Outlook,



80

00:02:57,750 --> 00:03:01,130

the way we do this is by archiving them to a PST file.



81

00:03:01,130 --> 00:03:04,100

Now, this PST file though should be encrypted



82

00:03:04,100 --> 00:03:05,390

or password protected



83

00:03:05,390 --> 00:03:08,060

if you're going to store it on a large network share



84

00:03:08,060 --> 00:03:09,460

like a shared drive.



85

00:03:09,460 --> 00:03:11,340

I see this a lot in organizations



86

00:03:11,340 --> 00:03:13,410

where they'll only give you a certain amount of space



87

00:03:13,410 --> 00:03:14,680

on the email server.



88

00:03:14,680 --> 00:03:17,620

So people will archive their files off into a PST,



89

00:03:17,620 --> 00:03:19,570

and then put that onto the share drive.



90

00:03:19,570 --> 00:03:21,740

If you're going to do that, password protect it



91

00:03:21,740 --> 00:03:24,490

and encrypt it for your own safety and precaution.



92

00:03:24,490 --> 00:03:26,600

Another concern we have when we deal with email



93

00:03:26,600 --> 00:03:30,210

is spam and junk mail, and you can get a lot of this.



94

00:03:30,210 --> 00:03:32,150

If you want to start removing a lot of that,



95

00:03:32,150 --> 00:03:33,440

you should set up rules



96

00:03:33,440 --> 00:03:35,490

that will end up filtering out that spam,



97

00:03:35,490 --> 00:03:37,330

both on your Exchange Server



98

00:03:37,330 --> 00:03:39,630

as well as on your personal computer.



99

00:03:39,630 --> 00:03:42,010

Again, Microsoft Outlook will allow you to do this



100

00:03:42,010 --> 00:03:43,570

on your application side



101

00:03:43,570 --> 00:03:45,730

or Microsoft Exchange will allow you to do it



102

00:03:45,730 --> 00:03:47,790

on the server side.



103

00:03:47,790 --> 00:03:49,940

So as we start wrapping up this lesson,



104

00:03:49,940 --> 00:03:51,570

let's start talking about what you can do



105

00:03:51,570 --> 00:03:54,690

to help protect yourself from rogue applications.



106

00:03:54,690 --> 00:03:56,940

Now, this is going to move beyond the Microsoft Office Suite



107

00:03:56,940 --> 00:03:59,490

and into every other application out there.



108

00:03:59,490 --> 00:04:01,810

There's one key tool inside of Windows



109

00:04:01,810 --> 00:04:02,900

that helps protect you.



110

00:04:02,900 --> 00:04:05,480

It's called the User Account Control.



111

00:04:05,480 --> 00:04:08,610

UAC is a security component of Windows Vista



112

00:04:08,610 --> 00:04:11,650

and newer operating systems that keeps every user,



113

00:04:11,650 --> 00:04:13,980

besides your actual administrator account,



114

00:04:13,980 --> 00:04:15,690

in a standard user mode.



115

00:04:15,690 --> 00:04:17,610

And this way, when you try to run a program,



116

00:04:17,610 --> 00:04:19,590

it's going to ask you if you want it to be run



117

00:04:19,590 --> 00:04:20,770

as an administrator.



118

00:04:20,770 --> 00:04:23,780

And if so, you need to put in the administrator credentials.



119

00:04:23,780 --> 00:04:27,130

So when you think about UAC or User Account Control,



120

00:04:27,130 --> 00:04:28,070

just think about the fact



121

00:04:28,070 --> 00:04:30,140

that it's going to prevent unauthorized access



122

00:04:30,140 --> 00:04:33,570

and avoid user error in the form of accidental changes,



123

00:04:33,570 --> 00:04:36,360

because it's running everything as a standard user,



124

00:04:36,360 --> 00:04:38,610

as opposed to running it as an administrator.