Transcript Security Features in Windows Vista

Security Features
in Windows Vista
What Will We Cover?
• Security fundamentals
• Protecting your company’s resources
• Anti-malware features
Helpful Experience
• Windows user interface
• Windows security concepts
Level 200
Agenda
• Exploring Security Fundamentals
• Mitigating Threats and Vulnerabilities
• Controlling Identity and Access
• Protecting System Information
Windows Vista Fundamentals
Secure by
Default
• Improved SDL
• Common Criteria
Certification
Windows Vista Service Hardening
• Reduce size of
high-risk layers
• Segment the
services
Service
…
• Increase number
of layers
Service
1
D
Service
A
Service
…
D
D
Service
2
Service
3
Service
B
D Kernel drivers
D User-mode drivers
D
D
D
Agenda
• Exploring Security Fundamentals
• Mitigating Threats and Vulnerabilities
• Controlling Identity and Access
• Protecting System Information
Internet Explorer 7.0
Protection
from Exploits
Social Engineering
Protections
• Unified URL parsing
• Phishing filter and colored address
• Code quality improvements (SDLC)
bar
• ActiveX opt-in
• Dangerous Settings notification
• Protected Mode to prevent malicious
• Secure defaults for IDN
software
ActiveX Opt-in
IE7 blocks ActiveX Control
IE7
ActiveX
Control
enabled
IE7 confirms install
Disabled Controls by default
Internet Explorer Protected Mode
C:\...\Temporary Internet Files
C:\...\Startup
Phishing Filter
Compares website with local list of
known legitimate sites
Scans the website for characteristics
common to phishing sites
Double-checks site with online Microsoft
service of reported phishing sites
Windows Vista Firewall
IPSec
Windows Defender
• Improved detection
and removal
• Redesigned and
simplified user
interface
• Protection for all users
Network Access Protection
Policy Servers
Fix Up Servers
Windows
Vista Client
DHCP, VPN
Switch/Router
MSFT
Network
Policy Server
Corporate Network
Agenda
• Exploring Security Fundamentals
• Mitigating Threats and Vulnerabilities
• Controlling Identity and Access
• Protecting System Information
Current Challenges
User Account Control
Allows system to run as
standard user
Allows select applications to
run in elevated context
Fix or remove inappropriate
administrative checks
Registry and file virtualization
provides compatibility
User Account Control Sample
Elevated Privileges
Consent Prompts
Operating System Application
Signed Application
Unsigned Application
Improved Auditing
Main Category
Logon/
Logoff
File
System
Access
Registry
Access
New Logging Infrastructure
Use of
Administrative
Privilege
Authentication Improvements
Winlogon
GINA.dll
Plug and Play Smartcard Support
Integrated Control
Control over removable device installation
Restart Manager
Security Center enhancements
Agenda
• Exploring Security Fundamentals
• Mitigating Threats and Vulnerabilities
• Controlling Identity and Access
• Protecting System Information
Information Leakage
Virus infection
63%
Unintended forwarding of e-mails
36%
Loss of mobile devices
35%
Password compromise
22%
E-mail piracy
22%
20%
Loss of digital assets, restored
0%
10%
20%
30%
40%
50%
60%
70%
“After virus infections, businesses report unintended
forwarding of e-mails and loss of mobile devices more
frequently than they do any other security breach”
Jupiter Research Report, 2004
Windows Vista Data Protection
Policy Definition
and Enforcement
Rights Management
Services
User-Based File
System Encryption
Encrypted File
System
Drive-Level
Encryption
BitLocker Drive
Encryption
Windows Vista Firewall
• Both inbound and
outbound
• Authentication and
authorization aware
• Outbound application-
aware filtering is now
possible
Includes IPSec
management
Network Access Protection
Policy Servers
e.g. Microsoft Security
Center, SMS, Antigen
or 3rd party
3
1
Windows
Vista Client
Not policy
compliant
2
DHCP, VPN
Switch/Router
Microsoft
Network
Policy Server
4
Fix Up
Servers
Restricted
Network
e.g. WSUS, SMS
& 3rd party
Policy
compliant
5
Corporate Network
Control Over Device Installation
• Control over removable device installation via a
policy
Mainly to disable USB-device installation, as many corporations
worry about intellectual property leak
You can control them by device class or driver
• Approved drivers can be pre-populated into
trusted Driver Store
• Driver Store Policies (group policies) govern
driver packages that are not in the Driver Store:
Client Security Scanner
• Finds out and reports Windows client’s
security state:
Patch and update levels
Security state
Signature files
Anti-malware status
• Ability for Windows to self-report its state
• Information can be collected centrally, or
Code Integrity
• All DLLs and other OS executables have
been digitally signed
• Signatures verified when components
load into memory
BitLocker™
• BitLocker strongly encrypts and signs the entire
hard drive (full volume encryption)
TPM chip provides key management
Can use additional protection factors such as a USB dongle, PIN
or password
• Any unauthorised off-line modification to your
data or OS is discovered and no access is
granted
Prevents attacks which use utilities that access the hard drive
while Windows is not running and enforces Windows boot
process
• Protects data after laptop theft etc.
• Data recovery strategy must be planned
carefully!
Vista supports three modes: key escrow, recovery agent, backup
BitLocker Drive Encryption
•Improved at-rest data protection with full drive
encryption
•Usability with scalable security protections
•Enterprise-ready deployment capabilities
•Offline system-tampering resistance
•Worry-free hardware repurposing and
decommissioning
•Integrated disaster recovery features
Trusted Platform Module
Encrypted
Volume Key
Encrypted
Data
Encrypted
Full Volume
Encryption
Key
TPM
Volume
Master Key
Full Volume
Encryption Key
Cleartext
Data
Session Summary
• Windows Vista is the most secure
Windows operating system to date
• Windows Vista protects users
• Numerous other security improvements
help protect data and ease deployment
A BRIEF OVERVIEW
• “Need to Know Basis”
• Baseline
User Account Administration
Password Administration
Group or Role Administration
File Permissions on Critical Files
UMASK
SUID & SGID
Cron
Syslog
Services
Patches
• Conclusion
Need to Know Basis
• When setting up security on your Unix
systems, ensure that security is set up on
a need to know need to use basis.
Baseline
• A Baseline ensures that security policies
are implemented consistently and
completely across various platforms.
• Should be in a written form
• Include specific instructions to achieve
security on a specific server.
User
Account
Administration
• User
Account
Policies
should address:
Immediate deactivation of Users Accounts for
terminated employees
Superuser account procedures
Contractors Accounts
Naming Conventions for User accounts
Password Administration
• 60 to 90 day expiration for ordinary users
• 30 day password expiration for
superusers
• Do not allow password sharing
• Set minimum password lengths to at least
6 characters
Group or Role Administration
• Assign users with like responsibilities to
groups
File Permissions on Critical Files
• Unix controls access to files, programs, and all
other resources via file permissions.
• Unix permission are controlled by three
categories: Owner, Group, and World
• Each category has the ability to either READ,
WRITE, and/or EXECUTE Unix files or
resources
• Ex. –rwxr-x--x
UMASK
• Ensure that your UMASK settings
automatically assigns each newly created
file with the most secure file permission.
SUID & SGID
• SUID and SGID files allow the World user
to temporarily assume the permissions of
the Owner or Group users while using the
program.
CRON
• Cron is the Unix Job scheduler
• Many system administrators use the Cron
to perform automatic full or incremental
back-ups of the systems.
• The Cron can also be used to email log
files, clean up file system etc.
Syslog
• The syslog utility allows systems
administrators to log various events
occurring on the Unix system.
• If Syslog is configured correctly, Unix can
log many security events without the use
of a third party plug-in.
Services
• The inetd.conf file controls the services that
are allowed on the Unix system.
• Make sure that only necessary services are
activated
• Unix comes with all services activated by
default, and many of these services have
severe security vulnerabilities.
Patches
• Ensure that your Unix systems are
patched regularly. A policy should be
adopted to ensure that all patches are
tested and installed on a schedule.
Remote File Systems
ref: Vahalia, ch 10
• Goals
Mount file systems of a remote computer on a
local system
Mount any FS, not only UNIX
H/w independent
Transport independent
UNIX FS semantics must be maintained
Performance
Crash recovery
Security
setuid()
Is there a way a programmer could use a setuid() program
to penetrate the security of UNIX/Linux?
• Normally, no. Good intentions of this call in
user mode are just set it’s effective UID to real.
The superuser can set any UID to whatever
s/he wants. However, on an unpatched
UNIX/Linux by tracing a setuid program with
ptrace and if the program invokes subsequent
execs, one can modify its address space to
exec a shell and gain unauthorized superuser’s
access to the system (p. 154, Vahalia).
Conclusion
• Although there are many other areas that
can be addressed in a security baseline,
the aforementioned areas mentioned will
give you a headstart in addressing
security for your Unix system, and should
prepare your servers for our upcoming IS
audits.
Z OS
Security
Natural Security
• Controls and checks access to the
Natural Environment
• Four types of objects
Users
Libraries
DDMs/files
Utilities
Types of Users
Linking a User to a Library
RPC Service Requests
• Protect RPC Services as well as the
requests are handled.
• User authentication are possible in two
modes
Validation with Impersonation
Validation without Impersonation
• Impersonation must be set in the security
Resource Access Control Facility
(RACF)
• Access control software for IBM
mainframe.
• Operates at the OS level.
• Can interface with Customer Information
Control System (CICS), IBM’s system for
end user account management.
RACF Functions
• identify and verify system users
• identify, classify, and protect system
resources
• authorize the users who need access
to the resources you've protected
RACF Functions
• control the means of access to these
resources
• log and report unauthorized
attempts at gaining access to the
system and to the protected
resources
• administer security to meet your
installation's security goals.