1 / 85

MCTS Guide to Microsoft Windows Vista

MCTS Guide to Microsoft Windows Vista. Chapter 7 Windows Vista Security Features. Objectives. Describe Windows Vista Security Improvements Use the local security policy to secure Windows Vista Enable auditing to record security events Describe and configure User Account Control.

earl
Download Presentation

MCTS Guide to Microsoft Windows Vista

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. MCTS Guide to Microsoft Windows Vista Chapter 7 Windows Vista Security Features

  2. Objectives • Describe Windows Vista Security Improvements • Use the local security policy to secure Windows Vista • Enable auditing to record security events • Describe and configure User Account Control MCTS Guide to Microsoft Windows Vista

  3. Objectives (continued) • Describe the Internet security features in Windows Vista • Use the data security features in Windows Vista • Secure Windows Vista by using Windows Update MCTS Guide to Microsoft Windows Vista

  4. Windows Vista Security Improvements • Major security improvements in Windows Vista are: • Malware protection • Easier deployment of alternative authentication methods • Enhanced network protection • Data protection for stolen hard drives MCTS Guide to Microsoft Windows Vista

  5. Malware Protection • Malware • Malicious software designed to perform unauthorized acts on your computer • User Account Control (UAC) • Feature implemented in Windows Vista to control malware • Prompts users when software attempts to take administrative control • Windows Defender • A real-time spyware monitor to prevent the installation of and remove spyware MCTS Guide to Microsoft Windows Vista

  6. Malware Protection (continued) • Spyware • A threat to privacy that often makes systems unstable • Internet Explorer has been modified to run in a limited state, called protected mode • In which user files cannot be modified • A phishing filter has also been added • To prevent unauthorized Web sites from stealing log-on credentials and other personal information • Windows service hardening • Most Windows exploits that are used to install malware are the result of flaws in Windows services MCTS Guide to Microsoft Windows Vista

  7. Malware Protection (continued) • Windows service hardening (continued) • Windows services have been changed as follows: • Each service is given a SID number • Services run with a lower privilege level by default • Unnecessary privileges for services have been removed • Windows Firewall can control network access based on service SIDs • Services are isolated and cannot interact with users MCTS Guide to Microsoft Windows Vista

  8. Alternative Authentication Methods • Username and password • Most common method for authentication • Windows Vista makes smart cards easier to manage • Development of additional authentication methods for Windows, such as biometrics, has been simplified MCTS Guide to Microsoft Windows Vista

  9. Network Protection • Windows Vista is protected on networks by: • Enhanced firewall • Network Access Protection (NAP) • Firewall can control both inbound and outbound network packets • NAP prevents unhealthy computers from accessing the network • An unhealthy computer is one that has outdated antivirus signatures or is missing security updates MCTS Guide to Microsoft Windows Vista

  10. Data Protection • NTFS file system provides data protection by using permissions on files and folders • NTFS permissions can be easily circumvented when you have physical access to a computer • BitLocker Drive Encryption • Encrypts the contents of a partition and protects the system partition MCTS Guide to Microsoft Windows Vista

  11. Security Policies • Windows Vista includes a local security policy • Which can be used to control many facets of Windows • You can access the Local Security Policy in Administrative Tools • Local security policy categories • Account policies • Local policies • Software restriction policies • Windows Firewall with Advanced Security • Public Key Policies MCTS Guide to Microsoft Windows Vista

  12. Security Policies (continued) • Local security policy categories (continued) • Software Restriction Policies • IP Security Policies on Local Computer • The local security policy is part of a larger Windows management system called Group Policy • Can be implemented on a local computer, but is typically part of a domain-based network MCTS Guide to Microsoft Windows Vista

  13. Security Policies (continued) MCTS Guide to Microsoft Windows Vista

  14. Account Policies • Contain the password policy and the account lockout policy • Do not affect domain accounts • Must be configured at the domain level • Password policy • Controls password characteristics for local user accounts • Available settings • Enforce password history • Maximum password age • Minimum password age MCTS Guide to Microsoft Windows Vista

  15. Account Policies (continued) • Password policy (continued) • Available settings (continued) • Minimum password length • Password must meet complexity requirements • Store passwords using reversible encryption • Account lockout policy • Prevents unauthorized access to Windows Vista • Can configure an account to be temporarily disabled after a number of incorrect log-on attempts MCTS Guide to Microsoft Windows Vista

  16. Account Policies (continued) • Account lockout policy (continued) • Available settings • Account lockout duration • Account lockout threshold • Reset account lockout counter after MCTS Guide to Microsoft Windows Vista

  17. Local Policies • Local policies are for: • Auditing system access • Assigning user rights • Configuring specific security options • Auditing lets you track when users log on and which resources are used • User rights control what system task a particular user or group of users can perform • Specific security options are a variety of settings that can be used to make Windows Vista more secure MCTS Guide to Microsoft Windows Vista

  18. Local Policies (continued) MCTS Guide to Microsoft Windows Vista

  19. Local Policies (continued) • User rights assignment settings • Allow log on locally • Back up files and directories • Change the system time • Load and unload device drivers • Shut down the system • Security options settings • Devices: Prevent users from installing printer drivers • Interactive logon: Do not display last username • Interactive logon: Message text for users attempting to log on • Shutdown MCTS Guide to Microsoft Windows Vista

  20. Software Restriction Policies • Used to define which programs are allowed or disallowed in the system • Used in corporate environments where parental controls are not able to be used • Default security level for applications • Disallowed • Basic User • Unrestricted MCTS Guide to Microsoft Windows Vista

  21. Software Restriction Policies (continued) MCTS Guide to Microsoft Windows Vista

  22. Software Restriction Policies (continued) • Software not affected by software restriction policies • Drivers or other kernel mode software • Programs run by the SYSTEM account • Macros in Microsoft Office 2000 or Microsoft Office XP documents • NET programs that use the common language runtime (alternate security is used) • Software restriction rules • Certificate rules • Hash rules MCTS Guide to Microsoft Windows Vista

  23. Software Restriction Policies (continued) • Software restriction rules (continued) • Network zone rules • Path rules • Software restriction rule evaluation • Rule types precedence • Hash rules • Certificate rules • Path rules • Network zone rules • Default rule • All rule types except path rules are exclusive MCTS Guide to Microsoft Windows Vista

  24. Software Restriction Policies (continued) • Software restriction configuration options • Policies are evaluated each time an executable file is accessed • Executable files are identified by file extension • You can customize the list of extensions • Many Windows applications use DLL files when they are executing • DLL files are considered a lower risk than executable files and are not evaluated by default • Administrators often want to be unrestricted when they are accessing workstations MCTS Guide to Microsoft Windows Vista

  25. Software Restriction Policies (continued) MCTS Guide to Microsoft Windows Vista

  26. Software Restriction Policies (continued) MCTS Guide to Microsoft Windows Vista

  27. Software Restriction Policies (continued) • Software restriction configuration options (continued) • You can enforce or ignore certificate rules • You can control how the trusted publishers used for certificate rules are managed • When trusted publisher certificates are added • You can configure system to verify that they are valid MCTS Guide to Microsoft Windows Vista

  28. Software Restriction Policies (continued) MCTS Guide to Microsoft Windows Vista

  29. Other Security Policies • Windows Firewall with Advanced Security • Used to configure the new firewall in Windows Vista • Lets you configure both inbound and outbound rules • Configure specific computer-to-computer rules • Can be used to configure IP Security (IPsec) rules • Public Key Policies has a single setting for the Encrypting File System (EFS) • IP Security Policies on Local Computer are used to control encrypted network communication MCTS Guide to Microsoft Windows Vista

  30. Security Templates • Security templates are .inf files that contain: • Settings that correspond with the Account Policies and Local Policies in the local security policy • Settings for the event log, restricted groups, service configuration, registry security, and file system security • Edited by using the Security Templates snap-in • Security templates are used by Security Configuration and Analysis tool and Secedit MCTS Guide to Microsoft Windows Vista

  31. Security Templates (continued) MCTS Guide to Microsoft Windows Vista

  32. Security Templates (continued) • Tasks you can perform with the Security Configuration and Analysis tool • Analyze • Configure • Export MCTS Guide to Microsoft Windows Vista

  33. Auditing • Auditing • Security process that records the occurrence of specific operating system events in the Security log • Every object in Windows Vista has audit events related to it • Auditing is enabled through the local security policy or by using Group Policy • Once the audit policy is configured • The audited events are recorded in the Security log that is viewed by using Event Viewer MCTS Guide to Microsoft Windows Vista

  34. Auditing (continued) MCTS Guide to Microsoft Windows Vista

  35. Auditing (continued) MCTS Guide to Microsoft Windows Vista

  36. Auditing (continued) MCTS Guide to Microsoft Windows Vista

  37. User Account Control • User Account Control (UAC) • New feature in Windows Vista that makes running applications more secure • Security is enhanced by reducing the need to log on and run applications using administrator privileges • When UAC is enabled and an administrative user logs on • The administrative user is assigned two access tokens • Standard user privileges • Administrative privileges MCTS Guide to Microsoft Windows Vista

  38. User Account Control (continued) • Standard user access token is used to launch the Windows Vista user interface • Admin Approval Mode • Ensures that the access token with administrative privileges is used only when required • Application Information Service • Responsible for launching programs by using the access token with administrative privileges MCTS Guide to Microsoft Windows Vista

  39. Application Manifest • Application manifest • Describes the structure of an application • Includes required DLL files and whether they are shared • Applications that are not designed for Windows Vista and which require administrative privileges • Do not properly request elevated privileges • Fix it by using the Application Compatibility Toolkit • Repackage applications to make them compliant with UAC by using FLEXnet AdminStudio 7 SMS Edition MCTS Guide to Microsoft Windows Vista

  40. UAC Prompts MCTS Guide to Microsoft Windows Vista

  41. UAC Configuration Options • UAC is configured by using either: • Windows Vista Local Security Policy • For small environments • Group Policy • For larger environments MCTS Guide to Microsoft Windows Vista

  42. Internet Security • Windows Vista includes the following features to secure Internet access: • Internet Explorer security options • Phishing filter • Windows Defender MCTS Guide to Microsoft Windows Vista

  43. Internet Explorer Security Options • Zones for Internet Explorer security options • Internet • Local intranet • Trusted sites • Restricted sites • Predefined categories with groups of security settings • High • Medium-high • Medium MCTS Guide to Microsoft Windows Vista

  44. Internet Explorer Security Options (continued) • Predefined categories with groups of security settings • Medium-low • Low • Internet Explorer Protected Mode • Internet Explorer zones can be configured to run in Protected Mode • Works in conjunction with UAC to prevent malicious software from installing MCTS Guide to Microsoft Windows Vista

  45. Internet Explorer Security Options (continued) MCTS Guide to Microsoft Windows Vista

  46. Internet Explorer Security Options (continued) • Internet Explorer Protected Mode (continued) • Integrity levels • Low (untrusted) • Medium (user) • High (administrative) • A process can only modify files and registry keys with the same or lower integrity level • Intranet Zone Configuration • In a domain-based network • Internet Explorer assumes that all Web sites in the local domain are part of the Intranet zone MCTS Guide to Microsoft Windows Vista

  47. Internet Explorer Security Options (continued) MCTS Guide to Microsoft Windows Vista

  48. Internet Explorer Security Options (continued) • Intranet Zone Configuration • Options to detect intranet sites • Include all local (intranet) sites not listed in other zones • Include all sites that bypass the proxy server • Include all network paths (UNCs) MCTS Guide to Microsoft Windows Vista

  49. Phishing Filter • Phishing • A very organized and deliberate attempt by individuals to steal personal and business information • Phishing Web site is a fake Web site designed to look just like a legitimate Web site • Asks you to enter personal information • Internet Explorer 7 includes a phishing filter • Provides a level warning for suspected phishing sites • And a red warning for confirmed phishing sites • Microsoft maintains a list of confirmed phishing sites MCTS Guide to Microsoft Windows Vista

  50. Windows Defender • Windows Defender • Antispyware software included with Windows Vista • Spyware • Software that is silently installed on your computer, monitors your behavior, and performs actions based on your behavior • Windows Defender provides two levels of protection: • On-demand scanning • Real-time scanning • Both types of scanning use signatures to identify known and potential spyware MCTS Guide to Microsoft Windows Vista

More Related