1 / 70

Windows Vista Security Tidbits

Windows Vista Security Tidbits. Steve Lamb Technical Security Evangelist @ Microsoft Ltd Stephen.lamb@microsoft.com http://blogs.technet.com/steve_lamb. Overview. User And Group Changes Admin account New/Missing SIDs New/Missing Users and Groups Cached credentials Kernel Changes

loring
Download Presentation

Windows Vista Security Tidbits

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Windows Vista Security Tidbits Steve Lamb Technical Security Evangelist @ Microsoft Ltd Stephen.lamb@microsoft.com http://blogs.technet.com/steve_lamb

  2. Overview • User And Group Changes • Admin account • New/Missing SIDs • New/Missing Users and Groups • Cached credentials • Kernel Changes • Buffer overflow protection • ACL Changes • Encryption changes • Suite B • TS SSO • EFS with Smart Cards • Audit changes • User rights • New and changed security options • Firewall • Auth IP • SMBv2

  3. User and Group Changes

  4. Administrator Account Status

  5. Administrator Account Status

  6. Power Users Are Not Anymore

  7. The Support and Help Accounts

  8. New Groups

  9. Some Additional SIDs

  10. And A Few More SIDs The Trusted Installer INTERNET USER High integrity SID System integrity SID A Service Low integrity SID Medium integrity SID

  11. Integrity Levels in Token

  12. ACL Changes

  13. ACL Modifications

  14. Old ACL UI

  15. New ACL UI

  16. Owner Needs Explicit Perms

  17. Kernel Changes

  18. Better Buffer Overflow Protection • Second cookie protects exception handlers • Safer CRT exception handlers • No more executable pages outside images • Enforced by better development practices and code scanning tools • /NXCOMPAT linker flag in build tools • If all binaries in a process are marked NX is automatically enabled for the process • Heap protection • Signed kernel code (x64 only)

  19. Crypto Changes

  20. Offline Files Encrypted Per User

  21. Encrypted Pagefile

  22. Suite-B Crypto • Software and Smart Card Key Storage Providers • Cryptographic configuration • NIST ECC Prime Curves support (smart cards too) • AES • SHA-2 • IPsec support for AES and ECDH • ECC cipher suites in SSL • EFS with smart cards

  23. Cached Credentials Much Tougher

  24. Improved Auditing

  25. Granular Audit Policy

  26. Object Access Auditing Object Access Attempt: Object Server: %1 Handle ID: %2 Object Type: %3 Process ID: %4 Image File Name: %5 Access Mask: %6

  27. Object Access Auditing An operation was performed on an object. Subject :                                                                 Security ID: %1                 Account Name: %2                          Account Domain: %3                 Logon ID: %4          Object:                 Object Server: %5                 Object Type: %6                 Object Name: %7                 Handle ID: %9 Operation:                 Operation Type: %8                 Accesses: %10                 Access Mask: %11                 Properties: %12                 Additional Info: %13                 Additional Info2: %14

  28. Added Auditing For • Registry value change audit events (old+new values) • AD change audit events (old+new values) • Improved operation-based audit • Audit events for UAC • Improved IPSec audit events including support for AuthIP • RPC Call audit events • Share Access audit events • Share Management events • Cryptographic function audit events • NAP audit events (server only) • IAS (RADIUS) audit events (server only)

  29. More Info In Event Log UI

  30. XML Events

  31. New Event Numbers

  32. New and Modified User Rights

  33. Changes to User Rights • All rights for Power Users removed • Create global objects does not have INTERACTIVE • SE_IMPERSONATE has added IIS_IUSRS and removed ASPNET • Logon as a service is now empty by default

  34. New User Rights • Access credential manager as a trusted caller • Change time zone user right • Create symbolic links • Modify an object label • Synchronize directory service data • Increase a process working set

  35. Security Options With Modified Defaults

  36. Anonymous Named Pipes

  37. Anonymous Named Pipes

  38. Network access: remotely accessible registry paths

  39. Network access: remotely accessible registry paths

  40. Network access: shares that can be accessed anonymously

  41. Network access: shares that can be accessed anonymously

  42. Network Security: Do not store LAN Manager hash value on next password change

  43. Network Security: Do not store LAN Manager hash value on next password change

  44. Network security: LAN Manager authentication level

  45. Network security: LAN Manager authentication level

  46. Devices: Allowed to format and eject removable media

  47. Devices: Allowed to format and eject removable media

  48. Devices: Restrict CD-ROM/Floppy access to locally logged on user only

  49. Devices: Restrict CD-ROM/Floppy access to locally logged on user only

  50. Devices: Unsigned driver installation behavior

More Related