security features in microsoft windows xp l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Security Features in Microsoft® Windows® XP PowerPoint Presentation
Download Presentation
Security Features in Microsoft® Windows® XP

Loading in 2 Seconds...

play fullscreen
1 / 23

Security Features in Microsoft® Windows® XP - PowerPoint PPT Presentation


  • 154 Views
  • Uploaded on

Security Features in Microsoft® Windows® XP. James Noyce, Senior Consultant Security Solutions Team, Business Critical Services Microsoft Security Solutions, Feb 4, 2003. Agenda. Windows XP Security Features What’s New Since Windows 2000 Drill down into Secure Wireless Networking

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Security Features in Microsoft® Windows® XP' - kamin


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
security features in microsoft windows xp

Security Features in Microsoft® Windows® XP

James Noyce, Senior Consultant

Security Solutions Team, Business Critical Services

Microsoft Security Solutions, Feb 4, 2003

agenda
Agenda
  • Windows XP Security Features
  • What’s New Since Windows 2000
  • Drill down into
    • Secure Wireless Networking
    • Group Policy
    • Software Restriction Policies
    • Internet Connection Firewall
security is only as strong as the weakest link
Security Is Only As Strong As The Weakest Link
  • Technology is neither the whole problem nor the whole solution
  • Secure systems depend upon Technology, Processes and People
slide4

Technology, Process, People

Baseline technology

Standards, Encryption, Protection

Product security features

Security tools and products

Planning for security

Prevention

Detection

Reaction

Dedicated staff

Training

Security - a mindset and a priority

windows xp security features
Users and Groups

Rights and Permissions

Kerberos

Crypto API

Data Protection API

Screen Saver Password

Digital Certificates

Smart Card Logon

Remote Access

Auditing

IP Security

Encrypting File System

Group Policy

802.1x Network Authentication

Credentials Manager

Software Restriction Policies

Internet Connection Firewall

Windows XP Security Features

Builds on Windows 2000 Professional Security Features

existing security features
Existing Security Features
  • Users and Groups
  • Rights and Permissions
  • Kerberos
  • Crypto API
  • Data Protection API
  • Screen Saver Password
enhanced security features
Enhanced Security Features
  • Digital Certificates
    • *Auto enrolment and renewal for users
  • Smart Card Logon
    • Supports Remote Desktop
  • IP Security (IPSec)
    • Stronger D/H key exchange
    • NAT traversal
enhanced security features9
Enhanced Security Features
  • Auditing
    • *More granular operation based auditing
  • Remote Access (VPN, DUN and PPoE)
    • Leverages Internet Connection Firewall
    • L2TP/IPSec over NAT
  • Group Policy
    • Increased number of policy settings
    • Resultant Set of Policy (RSoP)
group policy
Password Policy

Lockout Policy

Kerberos Policy

Audit Policy

User Rights

Security Options (Registry Values)

Event Log Settings

Restricted Groups

System Services (start-up mode and ACLs)

Registry ACLs

File System ACLs

Group Policy
security configuration toolset
Security Configuration Toolset
  • Use GPEDIT.MSC to edit Local Group Policy
  • Use SECPOL.MSC to edit Local Security Policy
  • Security Configuration and Analysis (SCA) to perform auditing and handle templates
    • Use SCA to import/export security templates (.INF files) for distribution via Group Policy
enhanced security features13
Enhanced Security Features
  • Encrypting File System
    • Support for AES
    • EFS over WebDAV
    • Shared EFS
  • Misc…
    • Controlled network access
    • Offline file synchronisation
new security features
New Security Features
  • 802.1x Network Authentication
  • Credentials Manager
  • Software Restriction Policies
  • Internet Connection Firewall
802 1x network authentication
802.1x Network Authentication
  • Secure wired and wireless networks from unauthorised access
  • Do not confuse with 802.11b/802.11x/etc…
  • Imagine authenticating computer / user to the network port on the wall
  • Then picture the accessing the network port via wireless…
802 1x network authentication16
802.1x Network Authentication
  • Supports password based (PEAP) and certificate based (EAP-TLS) credentials
  • Dynamic, rotating WEP keys
  • Requires backend infrastructure
    • Internet Authentication Service (IAS)
    • Domain Controller
    • Certificate Authority
802 1x network authentication17
802.1x Network Authentication

LAN Access

Authentication

And Policy

Ethernet Switch

Active Directory

IAS/RADIUS Server

PKI Server

WLAN Access

Auditing

Wireless Access Point

credentials manager
Credentials Manager
  • Users receive seamless access resources for which they have valid credentials
    • Provide a common UI for gathering credentials
    • Provide per user safe storage of related credentials
    • Unlock those credentials using your user logon
credentials manager19
Credentials Manager
  • Secure roaming storage for user credentials
    • Username, password
    • X.509 certificates (smart cards)
    • Passport
software restriction policies
Software Restriction Policies
  • Restricts execution of unmanaged code
    • WIN32, scripts, etc…
  • Not to be confused with managed code restrictions in the .NET Framework
internet connection firewall
Internet Connection Firewall
  • Provides baseline intrusion prevention
    • Protects against scans for information
    • Denies all unsolicited inbound traffic
  • Stateful inspection of traffic
  • Configurable filtering and logging
  • Enabled or disabled via location aware Active Directory group policy
summary
Summary
  • Most security features build upon what was present in Windows 2000 Professional
  • New security features simplify security management and reduce risk
next steps
Next Steps
  • Top 5 Web Resources

http://www.microsoft.com/windowsxp/pro/techinfo/

http://www.microsoft.com/technet/prodtechnol/winxppro/default.asp

http://www.microsoft.com/technet/prodtechnol/winxppro/reskit/prork_overview.asp

http://www.nsa.gov/snac/winxp/download.htm

http://www.microsoft.com/security

http://www.microsoft.com/uk/security