Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.
Published byModified over 7 years ago
Presentation on theme: "Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block."— Presentation transcript:
IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block based upon levels –High will block all pop-ups –Medium blocks a majority of pop-ups –Low allowes pop-ups for secure sites Exception list configurable in Settings to allow pop-ups from certain, specified sites
IE7 Phishing Filter Helps prevent navigation to unsafe websites Matches a web site against several criteria –Checks against local list of legitimate sites –Sends a query to the Microsoft URL Reputation Service –Check for suspicious content Will warn the user of a suspicious or reported phishing web site Configurable by disabling outright or disabling automatic checking with Microsoft URL Reputation Service
IE7 Protected Mode IE7 runs in a restricted mode that reduces level of access to OS components If compatibility issue exists with a web page or app that is legitimate, you can disable Protected Mode. Running with Protected Mode disabled is a security risk.
IE7 ActiveX Opt-In & ActiveX Installer Service ActiveX Opt-In will disable ActiveX controls and only enable them when a user responds positive to a prompt to install –Does not apply to Intranet and Trusted zones –Can be disabled in Security Settings for the security zone ActiveX Installer Service allows only preapproved ActiveX controls to be installed without UAC elevation. –Avoids confusion around internal web sites –Set via Group Policy
IE7 SSL Features Users can now get more information from IE7 about their secure connections Click on the lock to the right in the address bar to see details of the site’s certificate
Encrypted File System EFS enables encryption of files and folders that is transparent to the user New features of EFS –Store keys and recovery keys on a on a smart card –Encrypt the page file –Updated support for new certificate types and key types –New Group Policy options EFS requires certificates assigned to user accounts
BitLocker Drive Encryption BitLocker is whole disk encryption Requires one of these options: –A Trusted Platform Module –A USB flash drive to store encryption keys Also must have: –BIOS configured to boot from hard drive first –2 NTFS partitions created before installing Windows Vista –System volume be at least 1.5GB and set as active
Auditing Security Events 50 new audit policy subcategories that allow auditing to take place in a granular way New audit settings for: –Backup and Restore –Subcategory settings that override policy category settings –Shut down system immediately if unable to log security audits
The Security Configuration and Analysis Tool An MMC snap-in that allows a comparison of the local system against a security template Useful when comparing desired group policy settings from a domain against what is occurring on the system
User Account Control (UAC) New way to control privileges Keeps accounts privs set low unless needed to prevent security risk Fully configurable Can be controlled from an enterprise level by group policy
User Rights Settings Standard User Rights –Rights to run the OS and installed applications –Typical user Administrative Rights –Runs as standard user, but allows the user to enter an administrative mode –Admin user with full rights to change settings Admin Approval Mode –Admins are prompted to approve actions that require admin rights –On by default for admin accounts
Configuring UAC Accessed via the Local Security Policy Can turn specific features on or off Can configure behavior of UAC prompts Can be set per user
Security Patches and Updates Windows Update applet manages updates from Microsoft for the system Configurable from schedule to automatic installation of updates You can manually apply updates. –Manual installation is usually the needed with “optional” updates You can hide updates if they are unwanted and view available updates that were hidden