Security Features in Microsoft® Windows® XP James Noyce, Senior Consultant Security Solutions Team, Business Critical Services Microsoft Security Solutions,

Slides:



Advertisements
Similar presentations
Windows Vista Security Tidbits
Advertisements

Securing Your Wireless Network
Securing Wireless LANs A Windows Server 2003 Certificate Services Solution Ian Hellen – Principal Consultant Stirling Goetz – Principal Consultant.
Encrypting Wireless Data with VPN Techniques
Network Security.
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 7: Troubleshoot Security Settings and Local Security.
©2006 Microsoft Corporation. All rights reserved. Windows Vista Security Tidbits Steve Riley Senior Security Strategist Microsoft Corporation
Chapter 10 Securing Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration.
1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
Implementing Security for Wireless Networks Presenter Name Job Title Company.
Securing the Borderless Network March 21, 2000 Ted Barlow.
Windows Vista And Longhorn Server PKI Enhancements Avi Ben-Menahem Lead Program Manager Windows Security Microsoft Corporation.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
Chapter 7 HARDENING SERVERS.
Wireless Security without a VPN! Stirling Goetz, Microsoft Consulting Services.
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
Windows 2003 and 802.1x Secure Wireless Deployments.
Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.
70-270: MCSE Guide to Microsoft Windows XP Professional Second Edition, Enhanced Chapter 6: Windows XP Security and Access Controls.
1 Week #7 Network Access Protection Overview of Network Access Protection How NAP Works Configuring NAP Monitoring and Troubleshooting NAP.
Module 8: Configuring Virtual Private Network Access for Remote Clients and Networks.
Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.
Technology Overview. Agenda What’s New and Better in Windows Server 2003? Why Upgrade to Windows Server 2003 ?  From Windows NT 4.0  From Windows 2000.
Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.
Chapter Six Windows XP Security and Access Controls.
C HAPTER 6 NTFS PERMISSIONS & SECURITY SETTING. INTRODUCTION NTFS provides performance, security, reliability & advanced features that are not found in.
70-411: Administering Windows Server 2012
Implementing Network Access Protection
Troubleshooting Windows Vista Security Chapter 4.
Module 14: Configuring Server Security Compliance
Section 1: Introducing Group Policy What Is Group Policy? Group Policy Scenarios New Group Policy Features Introduced with Windows Server 2008 and Windows.
20411B 8: Installing, Configuring, and Troubleshooting the Network Policy Server Role Presentation: 60 minutes Lab: 60 minutes After completing this module,
Windows Security. Security Windows 2000/XP Professional security oriented Authentication Authorization Internet Connection Firewall.
1 Chapter 12: VPN Connectivity in Remote Access Designs Designs That Include VPN Remote Access Essential VPN Remote Access Design Concepts Data Protection.
Module 7 Planning Server and Network Security. Module Overview Overview of Defense-in-Depth Planning for Windows Firewall with Advanced Security Planning.
Module 8: Configuring Network Access Protection
Windows XP Professional Features ©Richard L. Goldman February 5, 2003.
Module 9: Fundamentals of Securing Network Communication.
1 Introduction to Microsoft Windows 2000 Windows 2000 Overview Windows 2000 Architecture Overview Windows 2000 Directory Services Overview Logging On to.
Guide to MCSE , Second Edition, Enhanced1 The Windows XP Security Model User must logon with: Valid user ID Password User receives access token Access.
Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.
Configuring Network Access Protection
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 11: Group Policy for Corporate Policy.
Windows XP Service Pack 2 Customer Awareness Workshop XP SP2 Technical Drilldown – Part 1 Craig Schofield Microsoft Ltd. UK September.
1 Week #5 Routing and NAT Network Overview Configuring Routing Configuring Network Address Translation Troubleshooting Routing and Remote Access.
Module 7: Implementing Security Using Group Policy.
Implementing Server Security on Windows 2000 and Windows Server 2003 Fabrizio Grossi.
1 Chapter 13: RADIUS in Remote Access Designs Designs That Include RADIUS Essential RADIUS Design Concepts Data Protection in RADIUS Designs RADIUS Design.
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
Module 8 Implementing Security Using Group Policy.
4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.
VIRTUAL SERVERS Chapter 7. 2 OVERVIEW Exchange Server 2003 virtual servers Virtual servers in a clustering environment Creating additional virtual servers.
Basharat Institute of Higher Education
Secure Connected Infrastructure
Module Overview Installing and Configuring a Network Policy Server
Configuring Windows Firewall with Advanced Security
SECURING NETWORK TRAFFIC WITH IPSEC
Implementing Network Access Protection
HARDENING CLIENT COMPUTERS
Securing the Network Perimeter with ISA 2004
Configuring and Troubleshooting Routing and Remote Access
Goals Introduce the Windows Server 2003 family of operating systems
Implementing Client Security on Windows 2000 and Windows XP Level 150
Designing IIS Security (IIS – Internet Information Service)
Presentation transcript:

Security Features in Microsoft® Windows® XP James Noyce, Senior Consultant Security Solutions Team, Business Critical Services Microsoft Security Solutions, Feb 4, 2003

Agenda Windows XP Security Features Windows XP Security Features Whats New Since Windows 2000 Whats New Since Windows 2000 Drill down into Drill down into Secure Wireless Networking Secure Wireless Networking Group Policy Group Policy Software Restriction Policies Software Restriction Policies Internet Connection Firewall Internet Connection Firewall

Security Is Only As Strong As The Weakest Link Technology is neither the whole problem nor the whole solution Technology is neither the whole problem nor the whole solution Secure systems depend upon Technology, Processes and People Secure systems depend upon Technology, Processes and People

Baseline technology Standards, Encryption, Protection Product security features Security tools and products Planning for security PreventionDetectionReaction Technology, Process, People Dedicated staff Training Security - a mindset and a priority

Microsoft Windows Security Enhancements Security Feature Windows 98 Windows 2000 Windows XP Integrated Wireless Networking Add-on New with Windows XP Internet Connection Firewall Available Third Party New with Windows XP Secure Networking (IPSec) StandardStandard User-Level Security for shared files, folders StandardStandard Encrypting File System StandardStandard Public Key Infrastructure StandardStandard Group Policy Objects StandardStandard AuditingStandardStandard Smart Card Support Available Third Party StandardStandard Multi-User Support Limited Support StandardStandard Screen Saver Password Protection StandardStandardStandard Strong Authentication Limited Support StandardStandard Evolution of Windows Desktop Security

Windows XP Security Features Users and Groups Users and Groups Rights and Permissions Rights and Permissions Kerberos Kerberos Crypto API Crypto API Data Protection API Data Protection API Screen Saver Password Screen Saver Password Digital Certificates Digital Certificates Smart Card Logon Smart Card Logon Remote Access Remote Access Auditing Auditing IP Security IP Security Encrypting File System Encrypting File System Group Policy Group Policy 802.1x Network Authentication 802.1x Network Authentication Credentials Manager Credentials Manager Software Restriction Policies Software Restriction Policies Internet Connection Firewall Internet Connection Firewall Builds on Windows 2000 Professional Security Features

Existing Security Features Users and Groups Users and Groups Rights and Permissions Rights and Permissions Kerberos Kerberos Crypto API Crypto API Data Protection API Data Protection API Screen Saver Password Screen Saver Password

Enhanced Security Features Digital Certificates Digital Certificates *Auto enrolment and renewal for users *Auto enrolment and renewal for users Smart Card Logon Smart Card Logon Supports Remote Desktop Supports Remote Desktop IP Security (IPSec) IP Security (IPSec) Stronger D/H key exchange Stronger D/H key exchange NAT traversal NAT traversal

Enhanced Security Features Auditing Auditing *More granular operation based auditing *More granular operation based auditing Remote Access (VPN, DUN and PPoE) Remote Access (VPN, DUN and PPoE) Leverages Internet Connection Firewall Leverages Internet Connection Firewall L2TP/IPSec over NAT L2TP/IPSec over NAT Group Policy Group Policy Increased number of policy settings Increased number of policy settings Resultant Set of Policy (RSoP) Resultant Set of Policy (RSoP)

Active Directory Group Policy

Group Policy Password Policy Password Policy Lockout Policy Lockout Policy Kerberos Policy Kerberos Policy Audit Policy Audit Policy User Rights User Rights Security Options (Registry Values) Security Options (Registry Values) Event Log Settings Event Log Settings Restricted Groups Restricted Groups System Services (start-up mode and ACLs) System Services (start-up mode and ACLs) Registry ACLs Registry ACLs File System ACLs File System ACLs

Security Configuration Toolset Use GPEDIT.MSC to edit Local Group Policy Use GPEDIT.MSC to edit Local Group Policy Use SECPOL.MSC to edit Local Security Policy Use SECPOL.MSC to edit Local Security Policy Security Configuration and Analysis (SCA) to perform auditing and handle templates Security Configuration and Analysis (SCA) to perform auditing and handle templates Use SCA to import/export security templates (.INF files) for distribution via Group Policy Use SCA to import/export security templates (.INF files) for distribution via Group Policy

Enhanced Security Features Encrypting File System Encrypting File System Support for AES Support for AES EFS over WebDAV EFS over WebDAV Shared EFS Shared EFS Misc… Misc… Controlled network access Controlled network access Offline file synchronisation Offline file synchronisation

New Security Features 802.1x Network Authentication 802.1x Network Authentication Credentials Manager Credentials Manager Software Restriction Policies Software Restriction Policies Internet Connection Firewall Internet Connection Firewall

802.1x Network Authentication Secure wired and wireless networks from unauthorised access Secure wired and wireless networks from unauthorised access Do not confuse with b/802.11x/etc… Do not confuse with b/802.11x/etc… Imagine authenticating computer / user to the network port on the wall Imagine authenticating computer / user to the network port on the wall Then picture the accessing the network port via wireless… Then picture the accessing the network port via wireless…

802.1x Network Authentication Supports password based (PEAP) and certificate based (EAP-TLS) credentials Supports password based (PEAP) and certificate based (EAP-TLS) credentials Dynamic, rotating WEP keys Dynamic, rotating WEP keys Requires backend infrastructure Requires backend infrastructure Internet Authentication Service (IAS) Internet Authentication Service (IAS) Domain Controller Domain Controller Certificate Authority Certificate Authority

802.1x Network Authentication Ethernet Switch LAN Access IAS/RADIUS Server PKI Server Wireless Access Point WLAN Access Active Directory Authentication And Policy Auditing

Credentials Manager Users receive seamless access resources for which they have valid credentials Users receive seamless access resources for which they have valid credentials Provide a common UI for gathering credentials Provide a common UI for gathering credentials Provide per user safe storage of related credentials Provide per user safe storage of related credentials Unlock those credentials using your user logon Unlock those credentials using your user logon

Credentials Manager Secure roaming storage for user credentials Secure roaming storage for user credentials Username, password Username, password X.509 certificates (smart cards) X.509 certificates (smart cards) Passport Passport

Software Restriction Policies Restricts execution of unmanaged code Restricts execution of unmanaged code WIN32, scripts, etc… WIN32, scripts, etc… Not to be confused with managed code restrictions in the.NET Framework Not to be confused with managed code restrictions in the.NET Framework

Internet Connection Firewall Provides baseline intrusion prevention Provides baseline intrusion prevention Protects against scans for information Protects against scans for information Denies all unsolicited inbound traffic Denies all unsolicited inbound traffic Stateful inspection of traffic Stateful inspection of traffic Configurable filtering and logging Configurable filtering and logging Enabled or disabled via location aware Active Directory group policy Enabled or disabled via location aware Active Directory group policy

Summary Most security features build upon what was present in Windows 2000 Professional Most security features build upon what was present in Windows 2000 Professional New security features simplify security management and reduce risk New security features simplify security management and reduce risk

Next Steps Top 5 Web Resources Top 5 Web Resourceshttp:// w.asp

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.