Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Features in Microsoft® Windows® XP James Noyce, Senior Consultant Security Solutions Team, Business Critical Services Microsoft Security Solutions,

Similar presentations


Presentation on theme: "Security Features in Microsoft® Windows® XP James Noyce, Senior Consultant Security Solutions Team, Business Critical Services Microsoft Security Solutions,"— Presentation transcript:

1 Security Features in Microsoft® Windows® XP James Noyce, Senior Consultant Security Solutions Team, Business Critical Services Microsoft Security Solutions, Feb 4, 2003

2 Agenda Windows XP Security Features Windows XP Security Features Whats New Since Windows 2000 Whats New Since Windows 2000 Drill down into Drill down into Secure Wireless Networking Secure Wireless Networking Group Policy Group Policy Software Restriction Policies Software Restriction Policies Internet Connection Firewall Internet Connection Firewall

3 Security Is Only As Strong As The Weakest Link Technology is neither the whole problem nor the whole solution Technology is neither the whole problem nor the whole solution Secure systems depend upon Technology, Processes and People Secure systems depend upon Technology, Processes and People

4 Baseline technology Standards, Encryption, Protection Product security features Security tools and products Planning for security PreventionDetectionReaction Technology, Process, People Dedicated staff Training Security - a mindset and a priority

5 Microsoft Windows Security Enhancements Security Feature Windows 98 Windows 2000 Windows XP Integrated Wireless Networking Add-on New with Windows XP Internet Connection Firewall Available Third Party New with Windows XP Secure Networking (IPSec) StandardStandard User-Level Security for shared files, folders StandardStandard Encrypting File System StandardStandard Public Key Infrastructure StandardStandard Group Policy Objects StandardStandard AuditingStandardStandard Smart Card Support Available Third Party StandardStandard Multi-User Support Limited Support StandardStandard Screen Saver Password Protection StandardStandardStandard Strong Authentication Limited Support StandardStandard Evolution of Windows Desktop Security

6 Windows XP Security Features Users and Groups Users and Groups Rights and Permissions Rights and Permissions Kerberos Kerberos Crypto API Crypto API Data Protection API Data Protection API Screen Saver Password Screen Saver Password Digital Certificates Digital Certificates Smart Card Logon Smart Card Logon Remote Access Remote Access Auditing Auditing IP Security IP Security Encrypting File System Encrypting File System Group Policy Group Policy 802.1x Network Authentication 802.1x Network Authentication Credentials Manager Credentials Manager Software Restriction Policies Software Restriction Policies Internet Connection Firewall Internet Connection Firewall Builds on Windows 2000 Professional Security Features

7 Existing Security Features Users and Groups Users and Groups Rights and Permissions Rights and Permissions Kerberos Kerberos Crypto API Crypto API Data Protection API Data Protection API Screen Saver Password Screen Saver Password

8 Enhanced Security Features Digital Certificates Digital Certificates *Auto enrolment and renewal for users *Auto enrolment and renewal for users Smart Card Logon Smart Card Logon Supports Remote Desktop Supports Remote Desktop IP Security (IPSec) IP Security (IPSec) Stronger D/H key exchange Stronger D/H key exchange NAT traversal NAT traversal

9 Enhanced Security Features Auditing Auditing *More granular operation based auditing *More granular operation based auditing Remote Access (VPN, DUN and PPoE) Remote Access (VPN, DUN and PPoE) Leverages Internet Connection Firewall Leverages Internet Connection Firewall L2TP/IPSec over NAT L2TP/IPSec over NAT Group Policy Group Policy Increased number of policy settings Increased number of policy settings Resultant Set of Policy (RSoP) Resultant Set of Policy (RSoP)

10 Active Directory Group Policy

11 Group Policy Password Policy Password Policy Lockout Policy Lockout Policy Kerberos Policy Kerberos Policy Audit Policy Audit Policy User Rights User Rights Security Options (Registry Values) Security Options (Registry Values) Event Log Settings Event Log Settings Restricted Groups Restricted Groups System Services (start-up mode and ACLs) System Services (start-up mode and ACLs) Registry ACLs Registry ACLs File System ACLs File System ACLs

12 Security Configuration Toolset Use GPEDIT.MSC to edit Local Group Policy Use GPEDIT.MSC to edit Local Group Policy Use SECPOL.MSC to edit Local Security Policy Use SECPOL.MSC to edit Local Security Policy Security Configuration and Analysis (SCA) to perform auditing and handle templates Security Configuration and Analysis (SCA) to perform auditing and handle templates Use SCA to import/export security templates (.INF files) for distribution via Group Policy Use SCA to import/export security templates (.INF files) for distribution via Group Policy

13 Enhanced Security Features Encrypting File System Encrypting File System Support for AES Support for AES EFS over WebDAV EFS over WebDAV Shared EFS Shared EFS Misc… Misc… Controlled network access Controlled network access Offline file synchronisation Offline file synchronisation

14 New Security Features 802.1x Network Authentication 802.1x Network Authentication Credentials Manager Credentials Manager Software Restriction Policies Software Restriction Policies Internet Connection Firewall Internet Connection Firewall

15 802.1x Network Authentication Secure wired and wireless networks from unauthorised access Secure wired and wireless networks from unauthorised access Do not confuse with b/802.11x/etc… Do not confuse with b/802.11x/etc… Imagine authenticating computer / user to the network port on the wall Imagine authenticating computer / user to the network port on the wall Then picture the accessing the network port via wireless… Then picture the accessing the network port via wireless…

16 802.1x Network Authentication Supports password based (PEAP) and certificate based (EAP-TLS) credentials Supports password based (PEAP) and certificate based (EAP-TLS) credentials Dynamic, rotating WEP keys Dynamic, rotating WEP keys Requires backend infrastructure Requires backend infrastructure Internet Authentication Service (IAS) Internet Authentication Service (IAS) Domain Controller Domain Controller Certificate Authority Certificate Authority

17 802.1x Network Authentication Ethernet Switch LAN Access IAS/RADIUS Server PKI Server Wireless Access Point WLAN Access Active Directory Authentication And Policy Auditing

18 Credentials Manager Users receive seamless access resources for which they have valid credentials Users receive seamless access resources for which they have valid credentials Provide a common UI for gathering credentials Provide a common UI for gathering credentials Provide per user safe storage of related credentials Provide per user safe storage of related credentials Unlock those credentials using your user logon Unlock those credentials using your user logon

19 Credentials Manager Secure roaming storage for user credentials Secure roaming storage for user credentials Username, password Username, password X.509 certificates (smart cards) X.509 certificates (smart cards) Passport Passport

20 Software Restriction Policies Restricts execution of unmanaged code Restricts execution of unmanaged code WIN32, scripts, etc… WIN32, scripts, etc… Not to be confused with managed code restrictions in the.NET Framework Not to be confused with managed code restrictions in the.NET Framework

21 Internet Connection Firewall Provides baseline intrusion prevention Provides baseline intrusion prevention Protects against scans for information Protects against scans for information Denies all unsolicited inbound traffic Denies all unsolicited inbound traffic Stateful inspection of traffic Stateful inspection of traffic Configurable filtering and logging Configurable filtering and logging Enabled or disabled via location aware Active Directory group policy Enabled or disabled via location aware Active Directory group policy

22 Summary Most security features build upon what was present in Windows 2000 Professional Most security features build upon what was present in Windows 2000 Professional New security features simplify security management and reduce risk New security features simplify security management and reduce risk

23 Next Steps Top 5 Web Resources Top 5 Web Resourceshttp://www.microsoft.com/windowsxp/pro/techinfo/http://www.microsoft.com/technet/prodtechnol/winxppro/default.asp w.asp


Download ppt "Security Features in Microsoft® Windows® XP James Noyce, Senior Consultant Security Solutions Team, Business Critical Services Microsoft Security Solutions,"

Similar presentations


Ads by Google