1. Windows Vista Security David Kenney Christopher Lange

2. Background Windows Vista is Microsoft’s most current operating system Windows Vista is Microsoft’s most current operating system Vista offers new security features: Vista offers new security features: Windows DefenderWindows Defender User Account ControlUser Account Control Windows Firewall with Advanced SecurityWindows Firewall with Advanced Security

3. Windows Defender Microsoft’s anti-spyware program now integrated with the Windows Vista operating system Microsoft’s anti-spyware program now integrated with the Windows Vista operating system Designed to detect, remove, and prevent spyware Designed to detect, remove, and prevent spyware Supports not only scanning, but real- time protection Supports not only scanning, but real- time protection

4. User Account Control (UAC) Windows Vista security infrastructure Windows Vista security infrastructure Applications run with standard user privileges until an administrator authorizes an increase in privilege Applications run with standard user privileges until an administrator authorizes an increase in privilege Much criticism over the number of prompts a user can receive from UAC requesting authorization Much criticism over the number of prompts a user can receive from UAC requesting authorization

5. Windows Firewall with Advanced Security Not accessible by default, but can easily be accessed Not accessible by default, but can easily be accessed Allows for more advanced control of the firewall including: Allows for more advanced control of the firewall including: Firewall ProfilesFirewall Profiles IPSec ConfigurationIPSec Configuration Connection Security RulesConnection Security Rules Inbound/Outbound RulesInbound/Outbound Rules Rules MonitoringRules Monitoring

6. Introduction The lab will require a new hard drive with Windows Vista pre-installed and the following software available NAS: The lab will require a new hard drive with Windows Vista pre-installed and the following software available NAS: Cain & AbelCain & Abel F-Secure BlackLight Rootkit EliminatorF-Secure BlackLight Rootkit Eliminator Ophcrack LiveCDOphcrack LiveCD RegtickRegtick Scoundrel SimulatorScoundrel Simulator Trojan SimulatorTrojan Simulator Spybot Search & Destroy with Detection UpdateSpybot Search & Destroy with Detection Update

7. Lab Procedure UAC and Windows Defender will be introduced, tested, and compared with Spybot Search & Destroy UAC and Windows Defender will be introduced, tested, and compared with Spybot Search & Destroy Applications such as Trojan Simulator, Regtick, and Scoundrel Simulator will be used with various privileges to test how UAC and Windows Defender will react Applications such as Trojan Simulator, Regtick, and Scoundrel Simulator will be used with various privileges to test how UAC and Windows Defender will react

8. Lab Procedure The Windows Firewall with Advanced Security configuration will be introduced The Windows Firewall with Advanced Security configuration will be introduced Writing custom rules for situations such as blocking Nmap scans as was done in previous labs for Linux and Windows third party software Writing custom rules for situations such as blocking Nmap scans as was done in previous labs for Linux and Windows third party software

9. Lab Procedure Password cracking of Windows Vista user accounts using Ophcrack, Cain & Abel, and rainbow tables Password cracking of Windows Vista user accounts using Ophcrack, Cain & Abel, and rainbow tables Vista does not use LM hashes, but stores passwords in the SAM file making them harder to crack Vista does not use LM hashes, but stores passwords in the SAM file making them harder to crack Can be done with NTLM hashes fairly easily if the password is weak Can be done with NTLM hashes fairly easily if the password is weak

10. Lab Procedure Rootkits and backdoors are always a prominent threat Rootkits and backdoors are always a prominent threat We were unable to acquire any means of attacking Vista, but the DFK ThreatSimulator or similar program may one day be updated to do so We were unable to acquire any means of attacking Vista, but the DFK ThreatSimulator or similar program may one day be updated to do so F-Secure BlackLight Rootkit Eliminator is a scanning program that is capable of checking Vista for rootkits F-Secure BlackLight Rootkit Eliminator is a scanning program that is capable of checking Vista for rootkits

11. Lab Procedure Worms and viruses are a serious threat to all Windows operating systems Worms and viruses are a serious threat to all Windows operating systems We were unable to acquire any new worms or viruses, so we used the AnnaKournikova.jpg.vbs worm from a previous lab to demonstrate the need for updated anti-virus software We were unable to acquire any new worms or viruses, so we used the AnnaKournikova.jpg.vbs worm from a previous lab to demonstrate the need for updated anti-virus software

12. Conclusion Throughout the semester we have done numerous attacks and learned security techniques for both RedHat and Windows XP Throughout the semester we have done numerous attacks and learned security techniques for both RedHat and Windows XP Windows Vista is still fairly new and no labs cover the new security features it offers and how effective they may or may not be Windows Vista is still fairly new and no labs cover the new security features it offers and how effective they may or may not be

13. Questions?