Presentation is loading. Please wait.

Presentation is loading. Please wait.

Windows Vista Security Tidbits Steve Lamb Technical Security Microsoft Ltd

Similar presentations

Presentation on theme: "Windows Vista Security Tidbits Steve Lamb Technical Security Microsoft Ltd"— Presentation transcript:

1 Windows Vista Security Tidbits Steve Lamb Technical Security Microsoft Ltd

2 Overview User And Group Changes Admin account New/Missing SIDs New/Missing Users and Groups Cached credentials Kernel Changes Buffer overflow protection ACL Changes Encryption changes Suite B TS SSO EFS with Smart Cards Audit changes User rights New and changed security options Firewall Auth IP SMBv2

3 User and Group Changes

4 Administrator Account Status


6 Power Users Are Not Anymore

7 The Support and Help Accounts

8 New Groups

9 Some Additional SIDs

10 And A Few More SIDs The Trusted Installer A Service INTERNET USER High integrity SID Low integrity SID Medium integrity SID System integrity SID

11 Integrity Levels in Token

12 ACL Changes

13 ACL Modifications

14 Old ACL UI

15 New ACL UI

16 Owner Needs Explicit Perms

17 Kernel Changes

18 Better Buffer Overflow Protection Second cookie protects exception handlers Safer CRT exception handlers No more executable pages outside images Enforced by better development practices and code scanning tools /NXCOMPAT linker flag in build tools If all binaries in a process are marked NX is automatically enabled for the process Heap protection Signed kernel code (x64 only)

19 Crypto Changes

20 Offline Files Encrypted Per User

21 Encrypted Pagefile

22 Suite-B Crypto Software and Smart Card Key Storage Providers Cryptographic configuration NIST ECC Prime Curves support (smart cards too) AESSHA-2 IPsec support for AES and ECDH ECC cipher suites in SSL EFS with smart cards

23 Cached Credentials Much Tougher

24 Improved Auditing

25 Granular Audit Policy

26 Object Access Auditing Object Access Attempt: Object Server:%1 Handle ID:%2 Object Type:%3 Process ID:%4 Image File Name:%5 Access Mask:%6

27 Object Access Auditing An operation was performed on an object. Subject : Security ID:%1 Account Name:%2 Account Domain:%3 Logon ID:%4 Object: Object Server:%5 Object Type:%6 Object Name:%7 Handle ID:%9 Operation: Operation Type:%8 Accesses:%10 Access Mask:%11 Properties:%12 Additional Info:%13 Additional Info2:%14

28 Added Auditing For Registry value change audit events (old+new values) AD change audit events (old+new values) Improved operation-based audit Audit events for UAC Improved IPSec audit events including support for AuthIP RPC Call audit events Share Access audit events Share Management events Cryptographic function audit events NAP audit events (server only) IAS (RADIUS) audit events (server only)

29 More Info In Event Log UI

30 XML Events

31 New Event Numbers

32 New and Modified User Rights

33 Changes to User Rights All rights for Power Users removed Create global objects does not have INTERACTIVE SE_IMPERSONATE has added IIS_IUSRS and removed ASPNET Logon as a service is now empty by default

34 New User Rights Access credential manager as a trusted caller Change time zone user right Create symbolic links Modify an object label Synchronize directory service data Increase a process working set

35 Security Options With Modified Defaults

36 Anonymous Named Pipes


38 Network access: remotely accessible registry paths


40 Network access: shares that can be accessed anonymously


42 Network Security: Do not store LAN Manager hash value on next password change


44 Network security: LAN Manager authentication level


46 Devices: Allowed to format and eject removable media


48 Devices: Restrict CD-ROM/Floppy access to locally logged on user only


50 Devices: Unsigned driver installation behavior


52 Why Change It?

53 Interactive logon: Require smart card


55 New Security Options

56 Network access: remotely accessible registry paths and sub-paths

57 Network access: Restrict anonymous access to named pipes and shares

58 System settings: Optional subsystems

59 System settings: Use certificate rules on windows executables for software restriction policies

60 Lots and lots and lots of GP changes

61 Last Logon Display

62 Trusted Path Credential Entry

63 Smart Card Policies

64 SMBv2

65 Whats New In SMBv2 (in 30 seconds) Only 16 commands (80 in SMBv1) Implicit sequence number speeds up hashing SHA-256 signatures (MD-5 in SMBv1) Handles reconnections more reliably Client-side file encryption (yay!!!) Symbolic links across shares (disabled by default) Better load balancing mitigates DOS attacks

66 Miscellany

67 New RDP Control


69 Timeless Security Advice! Order online:

70 © 2006 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary. Steve Lamb Technical Security Microsoft Ltd Thanks to Jesper M. Johansson, Ph.D. for creating the slides

Download ppt "Windows Vista Security Tidbits Steve Lamb Technical Security Microsoft Ltd"

Similar presentations

Ads by Google