2851A_C01
Microsoft Windows XP Service Pack 2 Security Technologies Bruce Cowper IT Pro Advisor Microsoft Canada
Session Prerequisites Experience managing Windows XP Professional desktops An understanding of the deployment tools that are used to deploy Windows XP and updates to the desktop Experience using Group Policy to manage desktops Level 200
Session Prerequisites (cont.) OR The skills represented by taking: Course 2285 (covering Windows XP) Course 2297 (designing Active Directory ® and networking)
Introduction to Windows XP Service Pack 2 Introduction to Windows XP Service Pack 2 Windows XP SP2 Network Protection Features Reducing Applications Failures by Using Windows XP SP2 Memory Protection Features Exploring SP2 Handling Security Features Browsing Securely by Using SP2
The Need for SP2 Security attack trends include: Increased uses of automation - tools for Scanning, Compromising and Propagation. Asymmetric threats - distributed systems to attack single targets Increased complexity - Tool signatures more complex and difficult to detect. Infrastructure attacks - denial of service and worms Faster detection of vulnerabilities and faster exploits. Firewall intrusions - harnessing ‘firewall friendly’ and ‘mobile’ code
What Is New in SP2? New and Improved Features: Enhanced Network Protection New Memory Protection More Secure Handling Enhanced Browser Security Improved Computer Maintenance Enhanced Network Protection New Memory Protection More Secure Handling Enhanced Browser Security Improved Computer Maintenance SP2 provides several built-in security technologies that reduce computer vulnerabilities.
How SP2 Minimizes the Attack Surface SP2 Features Security Technologies Network Protection Windows Firewall Remote procedure call (RPC) Distributed-component object model (DCOM) Memory Protection NX (Intel and AMD 64 bit processors currently) Sandboxing (buffer overruns) & Cookies (stack overruns) More Secure Handling Multipurpose Internet mail extension (MIME) type restrictions Attachment handling Enhanced Browser Security Pop-up management and crash detection Download prompt Improved Computer Maintenance Security Center Automatic updates & Anti Virus Monitoring
Your instructor will demonstrate how to resolve a remote connectivity issue with the netsh command-line tool. Demonstration 1: Resolving Remote Connectivity Issues by Using the Netsh Command-Line Tool You will see how to: Allow access to MMC with the firewall enabled Unblock a specific port via command line / script
SP2 Security Management Using Windows Security Center Windows Firewall Configuration Internet Options Configurations Antivirus Configuration Automatic Update Configuration Computer Running Security Center
Your instructor will demonstrate how to manage SP2 by using Security Center. Demonstration 2: Managing SP2 by Using Windows Security Center Specifically, you will learn to configure: The Automatic Updates option The Virus Protection option
Windows XP SP2 Network Protection Features Introduction to Windows XP Service Pack 2 Windows XP SP2 Network Protection Features Reducing Applications Failures by Using Windows XP SP2 Memory Protection Features Exploring SP2 Handling Security Features Browsing Securely by Using SP2
New Security Features in Windows Firewall Boot-time security On by default Global configuration and restore defaults On with no exceptions Command-line support Unattended setup support RPC Support for system services Multiple profiles Windows firewall exceptions list Local subnet restrictions
Windows Firewall Advanced Security Features Advanced options include: Basic configuration ICMP options Ability to enable specific network interfaces Connection and packet logging improvements
Demonstration 3: Exploring Windows Firewall New Security Features You instructor will demonstrate: The On by Default feature The On with No Exceptions feature The Windows Firewall Exceptions List The Restore Defaults feature (advanced options)
Enhanced DCOM Security Remote Client DCOM Server Specific COM Permissions Able to restrict rights that are available to users to individual COM servers Computer-wide Restrictions Restrictions that apply to DCOM call, activation and launch privileges and that differentiate between local and remote clients
More Secure Remote Procedure Calls Remote, Anonymous Client Firewall RPC Servers Processes running on Local System, Network Service, Local Service security context Open port Allowed Processes claiming to be RPC Services e.g. Trojan Horses Other acceptedrestricted Open port Blocked Local Client and/or Authenticated client Group Policy
Services Disabled by Default in Windows XP SP2 Disabled Service Before SP2 After SP2 Alerter Set to Start Manually Disabled by Default Windows Messenger Set to Start Automatically Disabled by Default Alternative options: Recommended resolution; rewrite application to use another method to communicate with the user Start the Alerter or Messenger service programmatically
Reducing Application Failures Introduction to Windows XP Service Pack 2 Windows XP SP2 Network Protection Features Reducing Application Failures by Using Windows XP SP2 Memory Protection Features Exploring SP2 Handling Security Features Browsing Securely by Using SP2
Execution Protection (NX) and How It Works NX features: Memory locations tagged as nonexecutable unless location explicitly contains executable code Buffer overrun attach protection Currently available on some 64-bit CPUs CPU-aided memory protection
Exploring SP2 Handling Security Features Introduction to Windows XP Service Pack 2 Windows XP SP2 Network Protection Features Reducing Applications Failures by Using Windows XP SP2 Memory Protection Features Exploring SP2 Handling Security Features Browsing Securely by Using SP2
Attachment Manager in Outlook Express and Windows Messenger New with attachment User Running Outlook Express User Running Windows Messenger Different actions taken for: Safe attachments Unsafe attachments Suspicious attachments AES API
HTML Content Blocking in Outlook Express Content Blocking Feature: Blocks external images New “Don’t Download External HTML Content” feature Users Running Outlook Express Web Server Internet Preserves the user's privacy and prevents future attacks Web Server
Demonstration 4: Demonstrating and configuring Attachment Handling in Outlook Express You instructor will demonstrate: How Outlook Express Handles attachements How to configure attachment handling in Outlook Express
Browsing Securely by Using SP2 Introduction to Windows XP Service Pack 2 Windows XP SP2 Network Protection Features Reducing Applications Failures by Using Windows XP SP2 Memory Protection Features Exploring SP2 Handling Security Features Browsing Securely by Using SP2
Managing Internet Explorer Browser Security Security feature Illustrate with MIME security improvements Consistency checks Stricter rules Better security management Add-on control and management features Better prompts New script-initiated window restrictions Local machine zone A list of steps that make up the procedure An interface or a GUI diagram with callout labels Feature control security zone MIME sniffing Security elevation Windows restriction Group Policy settings Administrative control for Feature Control Security Zones
Making the Local Computer More Secure Internet Explorer information bar Internet Explorer add-on installation prompt Internet Explorer download prompt New file handler icon New security information area Executable files are checked for publisher information Outlook Express prompts
Blocking Annoying Pop- Up Windows FeatureDescription Pop-Up Manager Blocks unwanted pop-ups Window Restrictions Controls script-initiated repositioning Controls script-initiated resizing Window Placement Governs the placement of pop-up windows
Managing Add-Ons AddOn Management and Crash Detection: Better add-on detection New add-on management features
Demonstration 5: Popups, Scripts and Configuring Add-On Management You instructor will demonstrate: The Information Bar with popups and scripts How to view information about how often the add- ons have been used by Internet Explorer
Session Summary Introduction to Windows XP Service Pack 2 Windows XP SP2 Network Protection Features Reducing Application Failures by Using Windows XP SP2 Memory Protection Features Exploring SP2 Handling Security Features Browsing Securely by Using SP2
Next Steps Microsoft Canada Technet Find additional Technet events: events/ events/ Share information and get community- based support for SP2 s/default.asp?icp=xpsp2&slcid=us s/default.asp?icp=xpsp2&slcid=us Get additional information about changes to functionality in SP2 ol/winxppro/maintain/winxpsp2.mspx
Questions and Answers