Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Features in Windows Vista. What Will We Cover? Security fundamentals Protecting your company’s resources Anti-malware features.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Security Features in Windows Vista. What Will We Cover? Security fundamentals Protecting your company’s resources Anti-malware features."— Presentation transcript:

1 Security Features in Windows Vista

2 What Will We Cover? Security fundamentals Protecting your company’s resources Anti-malware features

3 What Will We Cover? - Notes Security fundamentals Protecting your company’s resources Anti-malware features

4 Level 200 Windows user interface Windows security concepts Helpful Experience

5 Exploring Security Fundamentals Mitigating Threats and Vulnerabilities Controlling Identity and Access Protecting System Information Agenda

6 Windows Vista Fundamentals Improved SDL Common Criteria Certification Secure by Default

7 D DD Windows Vista Service HardeningDD D Reduce size of high-risk layers Segment the services Increase number of layers Kernel driversD DUser-mode drivers Service1 Service2 Service3 Service … Service… Service A Service B

8 D DD Windows Vista Service Hardening - NotesDD D Reduce size of high-risk layers Segment the services Increase number of layers Kernel driversD DUser-mode drivers Service1 Service2 Service3 Service … Service… Service A Service B

9 Exploring Security Fundamentals Mitigating Threats and Vulnerabilities Controlling Identity and Access Protecting System Information Agenda

10 Phishing filter and colored address bar Dangerous Settings notification Secure defaults for IDN Unified URL parsing Code quality improvements (SDLC) ActiveX opt-in Protected Mode to prevent malicious software Internet Explorer 7.0 Social Engineering Protections Protection from Exploits

11 Phishing filter and colored address bar Dangerous Settings notification Secure defaults for IDN Unified URL parsing Code quality improvements (SDLC) ActiveX opt-in Protected Mode to prevent malicious software Internet Explorer 7.0 - Notes Social Engineering Protections Protection from Exploits

12 ActiveX Opt-in IE7 Disabled Controls by default IE7 blocks ActiveX Control User grants permission (opts-in) IE7 confirms install ActiveX Control enabled

13 Internet Explorer Protected Mode C:\...\Temporary Internet Files C:\...\Startup

14 Double-checks site with online Microsoft service of reported phishing sites Scans the website for characteristics common to phishing sites Phishing Filter Compares website with local list of known legitimate sites

15 Double-checks site with online Microsoft service of reported phishing sites Scans the website for characteristics common to phishing sites Phishing Filter - Notes Compares website with local list of known legitimate sites

16 Windows Vista Firewall IPSec

17 Windows Vista Firewall - Notes IPSec

18 Windows Defender Improved detection and removal Redesigned and simplified user interface Protection for all users

19 Windows Defender - Notes Improved detection and removal Redesigned and simplified user interface Protection for all users

20 Network Access Protection DHCP, VPN Switch/Router MSFT Network Policy Server Windows Vista Client Corporate Network Fix Up Servers Policy Servers

21 Network Access Protection - Notes DHCP, VPN Switch/Router MSFT Network Policy Server Windows Vista Client Corporate Network Fix Up Servers Policy Servers

22 Exploring Security Fundamentals Mitigating Threats and Vulnerabilities Controlling Identity and Access Protecting System Information Agenda

23 Current Challenges

24 User Account Control Allows system to run as standard user Allows select applications to run in elevated context Fix or remove inappropriate administrative checks Registry and file virtualization provides compatibility

25 User Account Control Sample

26 Elevated Privileges

27 Consent Prompts Operating System Application Signed ApplicationUnsigned Application

28 Improved Auditing Main Category Logon/ Logoff File System Access Registry Access Use of Administrative Privilege New Logging Infrastructure

29 Authentication Improvements Winlogon GINA.dll

30 Plug and Play Smartcard Support

31 Restart Manager Integrated Control Control over removable device installation Security Center enhancements

32 Exploring Security Fundamentals Mitigating Threats and Vulnerabilities Controlling Identity and Access Protecting System Information Agenda

33 Information Leakage “After virus infections, businesses report unintended forwarding of e-mails and loss of mobile devices more frequently than they do any other security breach” Jupiter Research Report, 2004 0%10%20%30%40%50%60%70% Loss of digital assets, restored E-mail piracy Password compromise Loss of mobile devices Unintended forwarding of e-mails 20% 22% 35% 36% 63% Virus infection

34 Windows Vista Data Protection Policy Definition and Enforcement Rights Management Services User-Based File System Encryption Encrypted File System Drive-Level Encryption BitLocker Drive Encryption

35 Windows Vista Firewall Both inbound and outbound Authentication and authorization aware Outbound application- aware filtering is now possible Includes IPSec management Of course, policy-based administration Great for Peer-to-Peer control

36 Network Access Protection1 RestrictedNetwork MicrosoftNetwork Policy Server 3 Policy Servers e.g. Microsoft Security Center, SMS, Antigen or 3 rd party Policy compliant DHCP, VPN Switch/Router 2 Windows Vista Client Fix Up Servers e.g. WSUS, SMS & 3 rd party Corporate Network 5 Not policy compliant 4

37 Control Over Device Installation Control over removable device installation via a policy Mainly to disable USB-device installation, as many corporations worry about intellectual property leak You can control them by device class or driver Approved drivers can be pre-populated into trusted Driver Store Driver Store Policies (group policies) govern driver packages that are not in the Driver Store: Non-corporate standard drivers Unsigned drivers

38 Client Security Scanner Finds out and reports Windows client’s security state: Patch and update levels Security state Signature files Anti-malware status Ability for Windows to self-report its state Information can be collected centrally, or just reviewed in the Security Center by the users and admins

39 Code Integrity All DLLs and other OS executables have been digitally signed Signatures verified when components load into memory

40 BitLocker™ BitLocker strongly encrypts and signs the entire hard drive (full volume encryption) TPM chip provides key management Can use additional protection factors such as a USB dongle, PIN or password Any unauthorised off-line modification to your data or OS is discovered and no access is granted Prevents attacks which use utilities that access the hard drive while Windows is not running and enforces Windows boot process Protects data after laptop theft etc. Data recovery strategy must be planned carefully! Vista supports three modes: key escrow, recovery agent, backup

41 BitLocker Drive Encryption Improved at-rest data protection with full drive encryption Usability with scalable security protections Enterprise-ready deployment capabilities Offline system-tampering resistance Worry-free hardware repurposing and decommissioning Integrated disaster recovery features

42 BitLocker Drive Encryption - Notes Improved at-rest data protection with full drive encryption Usability with scalable security protections Enterprise-ready deployment capabilities Offline system-tampering resistance Worry-free hardware repurposing and decommissioning Integrated disaster recovery features

43 Trusted Platform Module Encrypted Data Encrypted Volume Key Encrypted Full Volume Encryption Key TPM Volume Master Key Full Volume Encryption Key Cleartext Data

44 Windows Vista is the most secure Windows operating system to date Windows Vista protects users Numerous other security improvements help protect data and ease deployment Session Summary

45 A BRIEF OVERVIEW “Need to Know Basis” Baseline User Account Administration Password Administration Group or Role Administration File Permissions on Critical Files UMASK SUID & SGID Cron Syslog Services Patches Conclusion

46 Need to Know Basis When setting up security on your Unix systems, ensure that security is set up on a need to know need to use basis.

47 Baseline A Baseline ensures that security policies are implemented consistently and completely across various platforms. Should be in a written form Include specific instructions to achieve security on a specific server.

48 User Account Administration User Account Policies should address: Immediate deactivation of Users Accounts for terminated employees Superuser account procedures Contractors Accounts Naming Conventions for User accounts

49 Password Administration 60 to 90 day expiration for ordinary users 30 day password expiration for superusers Do not allow password sharing Set minimum password lengths to at least 6 characters

50 Group or Role Administration Assign users with like responsibilities to groups

51 File Permissions on Critical Files Unix controls access to files, programs, and all other resources via file permissions. Unix permission are controlled by three categories: Owner, Group, and World Each category has the ability to either READ, WRITE, and/or EXECUTE Unix files or resources Ex. –rwxr-x--x

52 UMASK Ensure that your UMASK settings automatically assigns each newly created file with the most secure file permission.

53 SUID & SGID SUID and SGID files allow the World user to temporarily assume the permissions of the Owner or Group users while using the program.

54 CRON Cron is the Unix Job scheduler Many system administrators use the Cron to perform automatic full or incremental back-ups of the systems. The Cron can also be used to email log files, clean up file system etc.

55 Syslog The syslog utility allows systems administrators to log various events occurring on the Unix system. If Syslog is configured correctly, Unix can log many security events without the use of a third party plug-in.

56 Services The inetd.conf file controls the services that are allowed on the Unix system. Make sure that only necessary services are activated Unix comes with all services activated by default, and many of these services have severe security vulnerabilities.

57 Patches Ensure that your Unix systems are patched regularly. A policy should be adopted to ensure that all patches are tested and installed on a schedule.

58 Remote File Systems ref: Vahalia, ch 10 Goals Mount file systems of a remote computer on a local system Mount any FS, not only UNIX H/w independent Transport independent UNIX FS semantics must be maintained Performance Crash recovery Security

59 setuid() Is there a way a programmer could use a setuid() program to penetrate the security of UNIX/Linux? Normally, no. Good intentions of this call in user mode are just set it’s effective UID to real. The superuser can set any UID to whatever s/he wants. However, on an unpatched UNIX/Linux by tracing a setuid program with ptrace and if the program invokes subsequent execs, one can modify its address space to exec a shell and gain unauthorized superuser’s access to the system (p. 154, Vahalia).

60 Conclusion Although there are many other areas that can be addressed in a security baseline, the aforementioned areas mentioned will give you a headstart in addressing security for your Unix system, and should prepare your servers for our upcoming IS audits.

61 Z OS Security

62 Natural Security Controls and checks access to the Natural Environment Four types of objects Users Libraries DDMs/files Utilities

63 Types of Users

64 Linking a User to a Library

65 RPC Service Requests Protect RPC Services as well as the requests are handled. User authentication are possible in two modes Validation with Impersonation Validation without Impersonation Impersonation must be set in the security profile of the Natural RPC Server.

66 Resource Access Control Facility (RACF) Access control software for IBM mainframe. Operates at the OS level. Can interface with Customer Information Control System (CICS), IBM’s system for end user account management.

67 RACF Functions identify and verify system users identify, classify, and protect system resources authorize the users who need access to the resources you've protected

68 RACF Functions control the means of access to these resources log and report unauthorized attempts at gaining access to the system and to the protected resources administer security to meet your installation's security goals.

Download ppt "Security Features in Windows Vista. What Will We Cover? Security fundamentals Protecting your company’s resources Anti-malware features."

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
UNIX SECURITY Presented by Lisa Outlaw, CISA Information Systems Audit Supervisor.

UNIX SECURITY Presented by Lisa Outlaw, CISA Information Systems Audit Supervisor.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.

Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.
Chapter 10 Securing Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration.

Chapter 10 Securing Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration.
Building on the Foundation of Windows Vista: Introduction to Windows 7: Security and Management Dan Stolts IT Pro Evangelist Microsoft

Building on the Foundation of Windows Vista: Introduction to Windows 7: Security and Management Dan Stolts IT Pro Evangelist Microsoft
Module 3 Windows Server 2008 Branch Office Scenario.

Module 3 Windows Server 2008 Branch Office Scenario.
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.

Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.
WCL313 Windows Vista Security Overview Mike Chan Sr. Product Manager.

WCL313 Windows Vista Security Overview Mike Chan Sr. Product Manager.
Security and Policy Enforcement Mark Gibson Dave Northey

Security and Policy Enforcement Mark Gibson Dave Northey
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Optimizing Client Security by Using Windows Vista.

Optimizing Client Security by Using Windows Vista.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.

Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
Security and Compliance Bruce Cowper Senior Program Manager; Security Initiative Microsoft Canada Rodney Buike IT Pro Advisor Microsoft Canada.

Security and Compliance Bruce Cowper Senior Program Manager; Security Initiative Microsoft Canada Rodney Buike IT Pro Advisor Microsoft Canada.

Similar presentations

Ads by Google