Presentation is loading. Please wait.

Presentation is loading. Please wait.

Implementing Advanced Server and Client Security

Published byあきひさ のえ Modified over 4 years ago

Similar presentations

Presentation on theme: "Implementing Advanced Server and Client Security"— Presentation transcript:

1 Implementing Advanced Server and Client Security
Sandeep Modhvadia Security Technical Specialist

2 Agenda Windows Server 2003 Service Pack 1 Windows XP Service Pack 2
2 years on! Windows XP Service Pack 2

3 What are the Goals of SP1? Enhanced Security reduced attack surface
new security enhancements Stronger Defaults and privilege reduction on services RPC DCOM Support for no execute hardware Intel AMD Windows Firewall Enabled for new install scenarios Provide a Security Configuration Wizard to assist IT Admins Role-based configuration and lockdown VPN Quarantine Client inspection Fix-up Isolation IIS 6.0 metabase auditing Enhanced Reliability Enhanced Performance 10%+ improvement in TPC, TPC-H, SAP, SSL, etc.

4 SP1 Security Features and Enhancements
Relevant XP SP2 enhancements RPC, DCOM lockdown Windows Firewall Post-Setup Security Updates Boot-time network protection for clean installs Security Configuration Wizard Base 64-bit extension system

5 Windows Firewall/RPC Group policy, command line, unattended setup
Goals and customer benefit Provide by default better protection from network attacks Focus on role-based server configuration What we’re doing Windows Firewall (formerly ICF) will be on by default in almost all configurations utilizing the Security Configuration Wizard More configuration options Group policy, command line, unattended setup Better user interface Boot time protection Restrict anonymous connections to DCOM/RPC interfaces Application impact In-bound network connections will not be permitted by default Listening ports only open as long as the application is running

6 Post-Setup Security Updates
A new feature designed to protect servers between first boot and application of most recent security updates Opens on first admin login if Windows Firewall was not explicitly enabled using unattend script or GP Blocks inbound connections until customer clicks “Finish” on PSSU dialog box

7 Security Configuration Wizard
Guided Attack Surface Reduction for Windows Servers Security Coverage Roles-Based Metaphor Disables Unnecessary Services Disables Unnecessary IIS Web Extensions Blocks unused Ports, inlcuding multi-homed scenarios Helps Secure Ports that are left open using IPSEC Reduces protocol exposure (LDAP, NTLM, SMB) Configures Audit Setting with high Signal to Noise Security for mere mortals Roles-based makes answering questions easy Automated versus Paper-Based Guidance Fully tested and supported by Microsoft

8 SCW Demo

9 What is SP2? Post-SP1 hotfixes (more regression testing)
New security technologies Network protection Memory protection Safer handling More secure browsing Improved computer maintenance Some updated features

10 Windows Firewall enhancements
New and improved user interface On by default for all network interfaces Provides boot-time security Global and per-interface configurations Exceptions list (can be disallowed) Local subnet restrictions Command-line and better group policy management Multiple profiles and RPC support Unattended setup

11 Command Line Control C:\>netsh firewall show
The following commands are available: Commands in this context: show allowedprogram - Shows firewall allowed program configuration. show config - Shows firewall configuration. show currentprofile - Shows current firewall profile. show icmpsetting - Shows firewall ICMP configuration. show logging - Shows firewall logging configuration. show multicastbroadcastresponse - Shows firewall multicast/broadcast response co nfiguration. show notifications - Shows firewall notification configuration. show opmode - Shows firewall operational configuration. show portopening - Shows firewall port configuration. show service - Shows firewall service configuration. show state Shows current firewall state.

12 Windows Firewall Demo Change of Scope Multiple Interface Rules
Application Exceptions Group Policy

13 Internet Explorer Window restrictions
What is it? Scripts can’t position or resize windows with title and status bars offscreen Scripts can’t turn off status bar Script windows: Must fit between top and bottom of parent Overlap parent horizontally Move with parent Appear above parent so that other windows (like dialog boxes) can’t be hidden Why do it? Eliminates windows that try to spoof desktop objects Allows users to always see security zone Prevents overlaying of address bar

14 Internet Explorer Managing pop-ups

15 Client Demo Software Restriction Policies Data Execution Prevention

16

Download ppt "Implementing Advanced Server and Client Security"

Similar presentations

Desktop Value - Introducing Windows XP Service Pack 2 with Advanced Security Technologies Presenter: James K. Murray Title: Information Technologies Consultant.

Desktop Value - Introducing Windows XP Service Pack 2 with Advanced Security Technologies Presenter: James K. Murray Title: Information Technologies Consultant.
Microsoft Windows XP SP2 Urs P. Küderli Strategic Security Advisor Microsoft Schweiz GmbH.

Microsoft Windows XP SP2 Urs P. Küderli Strategic Security Advisor Microsoft Schweiz GmbH.
Chapter 10 Securing Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration.

Chapter 10 Securing Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Windows Server 2003 SP1. Windows Server™ 2003 Service Pack 1 Technical Overview Jill Steinberg: Added TM Jill Steinberg: Added TM.

Windows Server 2003 SP1. Windows Server™ 2003 Service Pack 1 Technical Overview Jill Steinberg: Added TM Jill Steinberg: Added TM.
Configuring Windows Vista Security Lesson 8. Skills Matrix Technology SkillObjective DomainObjective # Setting Up Users Configure and troubleshoot parental.

Configuring Windows Vista Security Lesson 8. Skills Matrix Technology SkillObjective DomainObjective # Setting Up Users Configure and troubleshoot parental.
Introduction to ISA 2004 Dana Epp Microsoft Security MVP.

Introduction to ISA 2004 Dana Epp Microsoft Security MVP.
Windows XP Service Pack 2 Alex Balcanquall Senior Consultant Microsoft Services Organisation.

Windows XP Service Pack 2 Alex Balcanquall Senior Consultant Microsoft Services Organisation.
Changes in Windows XP Service Pack 2

Changes in Windows XP Service Pack 2
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.
Information for Developers Windows XP Service Pack 2 Information for Developers.

Information for Developers Windows XP Service Pack 2 Information for Developers.
Implementing Server Security on Windows 2000 and Windows Server 2003 Steve Lamb Technical Security Advisor

Implementing Server Security on Windows 2000 and Windows Server 2003 Steve Lamb Technical Security Advisor
Lesson 19: Configuring Windows Firewall

Lesson 19: Configuring Windows Firewall
Operating Systems Day 1. Booting a Computer 1.Switch on the UPS electricity supply - green light electricity failure - red light charging – orange light.

Operating Systems Day 1. Booting a Computer 1.Switch on the UPS electricity supply - green light electricity failure - red light charging – orange light.
Windows XP Service Pack 2 and the Microsoft Virtual Machine: Developer Implications Rudi Larno Developer & Platform Group Microsoft BeLux.

Windows XP Service Pack 2 and the Microsoft Virtual Machine: Developer Implications Rudi Larno Developer & Platform Group Microsoft BeLux.
Module 16: Software Maintenance Using Windows Server Update Services.

Module 16: Software Maintenance Using Windows Server Update Services.
Security of Communication & IT systems Bucharest, 21 st September 2004 Stephen McGibbon Chief Technology Officer, Eastern Europe, Russia & CIS Senior Director,

Security of Communication & IT systems Bucharest, 21 st September 2004 Stephen McGibbon Chief Technology Officer, Eastern Europe, Russia & CIS Senior Director,
Microsoft Windows XP SP2 for Developers Rafal Lukawiecki Strategic Consultant Project Botticelli Ltd This session is based.

Microsoft Windows XP SP2 for Developers Rafal Lukawiecki Strategic Consultant Project Botticelli Ltd This session is based.
2851A_C01. Microsoft Windows XP Service Pack 2 Security Technologies Bruce Cowper IT Pro Advisor Microsoft Canada.

2851A_C01. Microsoft Windows XP Service Pack 2 Security Technologies Bruce Cowper IT Pro Advisor Microsoft Canada.
Guide to MCSE 70-290, Enhanced 1 Activity 10-1: Restarting Windows Server 2003 Objective: to restart Windows Server 2003 Start  Shut Down  Restart Configure.

Guide to MCSE , Enhanced 1 Activity 10-1: Restarting Windows Server 2003 Objective: to restart Windows Server 2003 Start  Shut Down  Restart Configure.

Similar presentations

Ads by Google