Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Features in Microsoft® Windows® XP James Noyce, Senior Consultant Security Solutions Team, Business Critical Services Microsoft Security Solutions,

Published byMarissa Mahoney Modified over 10 years ago

Similar presentations

Presentation on theme: "Security Features in Microsoft® Windows® XP James Noyce, Senior Consultant Security Solutions Team, Business Critical Services Microsoft Security Solutions,"— Presentation transcript:

1 Security Features in Microsoft® Windows® XP James Noyce, Senior Consultant Security Solutions Team, Business Critical Services Microsoft Security Solutions, Feb 4, 2003

2 Agenda Windows XP Security Features Windows XP Security Features Whats New Since Windows 2000 Whats New Since Windows 2000 Drill down into Drill down into Secure Wireless Networking Secure Wireless Networking Group Policy Group Policy Software Restriction Policies Software Restriction Policies Internet Connection Firewall Internet Connection Firewall

3 Security Is Only As Strong As The Weakest Link Technology is neither the whole problem nor the whole solution Technology is neither the whole problem nor the whole solution Secure systems depend upon Technology, Processes and People Secure systems depend upon Technology, Processes and People

4 Baseline technology Standards, Encryption, Protection Product security features Security tools and products Planning for security PreventionDetectionReaction Technology, Process, People Dedicated staff Training Security - a mindset and a priority

5 Microsoft Windows Security Enhancements Security Feature Windows 98 Windows 2000 Windows XP Integrated Wireless Networking Add-on New with Windows XP Internet Connection Firewall Available Third Party New with Windows XP Secure Networking (IPSec) StandardStandard User-Level Security for shared files, folders StandardStandard Encrypting File System StandardStandard Public Key Infrastructure StandardStandard Group Policy Objects StandardStandard AuditingStandardStandard Smart Card Support Available Third Party StandardStandard Multi-User Support Limited Support StandardStandard Screen Saver Password Protection StandardStandardStandard Strong Authentication Limited Support StandardStandard Evolution of Windows Desktop Security

6 Windows XP Security Features Users and Groups Users and Groups Rights and Permissions Rights and Permissions Kerberos Kerberos Crypto API Crypto API Data Protection API Data Protection API Screen Saver Password Screen Saver Password Digital Certificates Digital Certificates Smart Card Logon Smart Card Logon Remote Access Remote Access Auditing Auditing IP Security IP Security Encrypting File System Encrypting File System Group Policy Group Policy 802.1x Network Authentication 802.1x Network Authentication Credentials Manager Credentials Manager Software Restriction Policies Software Restriction Policies Internet Connection Firewall Internet Connection Firewall Builds on Windows 2000 Professional Security Features

7 Existing Security Features Users and Groups Users and Groups Rights and Permissions Rights and Permissions Kerberos Kerberos Crypto API Crypto API Data Protection API Data Protection API Screen Saver Password Screen Saver Password

8 Enhanced Security Features Digital Certificates Digital Certificates *Auto enrolment and renewal for users *Auto enrolment and renewal for users Smart Card Logon Smart Card Logon Supports Remote Desktop Supports Remote Desktop IP Security (IPSec) IP Security (IPSec) Stronger D/H key exchange Stronger D/H key exchange NAT traversal NAT traversal

9 Enhanced Security Features Auditing Auditing *More granular operation based auditing *More granular operation based auditing Remote Access (VPN, DUN and PPoE) Remote Access (VPN, DUN and PPoE) Leverages Internet Connection Firewall Leverages Internet Connection Firewall L2TP/IPSec over NAT L2TP/IPSec over NAT Group Policy Group Policy Increased number of policy settings Increased number of policy settings Resultant Set of Policy (RSoP) Resultant Set of Policy (RSoP)

10 Active Directory Group Policy

11 Group Policy Password Policy Password Policy Lockout Policy Lockout Policy Kerberos Policy Kerberos Policy Audit Policy Audit Policy User Rights User Rights Security Options (Registry Values) Security Options (Registry Values) Event Log Settings Event Log Settings Restricted Groups Restricted Groups System Services (start-up mode and ACLs) System Services (start-up mode and ACLs) Registry ACLs Registry ACLs File System ACLs File System ACLs

12 Security Configuration Toolset Use GPEDIT.MSC to edit Local Group Policy Use GPEDIT.MSC to edit Local Group Policy Use SECPOL.MSC to edit Local Security Policy Use SECPOL.MSC to edit Local Security Policy Security Configuration and Analysis (SCA) to perform auditing and handle templates Security Configuration and Analysis (SCA) to perform auditing and handle templates Use SCA to import/export security templates (.INF files) for distribution via Group Policy Use SCA to import/export security templates (.INF files) for distribution via Group Policy

13 Enhanced Security Features Encrypting File System Encrypting File System Support for AES Support for AES EFS over WebDAV EFS over WebDAV Shared EFS Shared EFS Misc… Misc… Controlled network access Controlled network access Offline file synchronisation Offline file synchronisation

14 New Security Features 802.1x Network Authentication 802.1x Network Authentication Credentials Manager Credentials Manager Software Restriction Policies Software Restriction Policies Internet Connection Firewall Internet Connection Firewall

15 802.1x Network Authentication Secure wired and wireless networks from unauthorised access Secure wired and wireless networks from unauthorised access Do not confuse with 802.11b/802.11x/etc… Do not confuse with 802.11b/802.11x/etc… Imagine authenticating computer / user to the network port on the wall Imagine authenticating computer / user to the network port on the wall Then picture the accessing the network port via wireless… Then picture the accessing the network port via wireless…

16 802.1x Network Authentication Supports password based (PEAP) and certificate based (EAP-TLS) credentials Supports password based (PEAP) and certificate based (EAP-TLS) credentials Dynamic, rotating WEP keys Dynamic, rotating WEP keys Requires backend infrastructure Requires backend infrastructure Internet Authentication Service (IAS) Internet Authentication Service (IAS) Domain Controller Domain Controller Certificate Authority Certificate Authority

17 802.1x Network Authentication Ethernet Switch LAN Access IAS/RADIUS Server PKI Server Wireless Access Point WLAN Access Active Directory Authentication And Policy Auditing

18 Credentials Manager Users receive seamless access resources for which they have valid credentials Users receive seamless access resources for which they have valid credentials Provide a common UI for gathering credentials Provide a common UI for gathering credentials Provide per user safe storage of related credentials Provide per user safe storage of related credentials Unlock those credentials using your user logon Unlock those credentials using your user logon

19 Credentials Manager Secure roaming storage for user credentials Secure roaming storage for user credentials Username, password Username, password X.509 certificates (smart cards) X.509 certificates (smart cards) Passport Passport

20 Software Restriction Policies Restricts execution of unmanaged code Restricts execution of unmanaged code WIN32, scripts, etc… WIN32, scripts, etc… Not to be confused with managed code restrictions in the.NET Framework Not to be confused with managed code restrictions in the.NET Framework

21 Internet Connection Firewall Provides baseline intrusion prevention Provides baseline intrusion prevention Protects against scans for information Protects against scans for information Denies all unsolicited inbound traffic Denies all unsolicited inbound traffic Stateful inspection of traffic Stateful inspection of traffic Configurable filtering and logging Configurable filtering and logging Enabled or disabled via location aware Active Directory group policy Enabled or disabled via location aware Active Directory group policy

22 Summary Most security features build upon what was present in Windows 2000 Professional Most security features build upon what was present in Windows 2000 Professional New security features simplify security management and reduce risk New security features simplify security management and reduce risk

23 Next Steps Top 5 Web Resources Top 5 Web Resourceshttp://www.microsoft.com/windowsxp/pro/techinfo/http://www.microsoft.com/technet/prodtechnol/winxppro/default.asp http://www.microsoft.com/technet/prodtechnol/winxppro/reskit/prork_overvie w.asp http://www.nsa.gov/snac/winxp/download.htmhttp://www.microsoft.com/securityhttp://www.microsoft.com/uk/security

Download ppt "Security Features in Microsoft® Windows® XP James Noyce, Senior Consultant Security Solutions Team, Business Critical Services Microsoft Security Solutions,"

Similar presentations

Windows Vista Security Tidbits

Windows Vista Security Tidbits
Securing Your Wireless Network

Securing Your Wireless Network
Securing Wireless LANs A Windows Server 2003 Certificate Services Solution Ian Hellen – Principal Consultant Stirling Goetz – Principal Consultant.

Securing Wireless LANs A Windows Server 2003 Certificate Services Solution Ian Hellen – Principal Consultant Stirling Goetz – Principal Consultant.
Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Network Security.

Network Security.
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.

5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 7: Troubleshoot Security Settings and Local Security.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 7: Troubleshoot Security Settings and Local Security.
©2006 Microsoft Corporation. All rights reserved. Windows Vista Security Tidbits Steve Riley Senior Security Strategist Microsoft Corporation

©2006 Microsoft Corporation. All rights reserved. Windows Vista Security Tidbits Steve Riley Senior Security Strategist Microsoft Corporation
Chapter 10 Securing Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration.

Chapter 10 Securing Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration.
1.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
Implementing Security for Wireless Networks Presenter Name Job Title Company.

Implementing Security for Wireless Networks Presenter Name Job Title Company.
Securing the Borderless Network March 21, 2000 Ted Barlow.

Securing the Borderless Network March 21, 2000 Ted Barlow.
Windows Vista And Longhorn Server PKI Enhancements Avi Ben-Menahem Lead Program Manager Windows Security Microsoft Corporation.

Windows Vista And Longhorn Server PKI Enhancements Avi Ben-Menahem Lead Program Manager Windows Security Microsoft Corporation.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
Wireless Security without a VPN! Stirling Goetz, Microsoft Consulting Services.

Wireless Security without a VPN! Stirling Goetz, Microsoft Consulting Services.

Similar presentations

Ads by Google