Windows Vista Security Tidbits

Slides:

Advertisements

Similar presentations

Security Features in Microsoft® Windows® XP James Noyce, Senior Consultant Security Solutions Team, Business Critical Services Microsoft Security Solutions,

Advertisements

IEs Protected Mode in Windows Vista TM January 20, 2006 Marc Silbey Program Manager.

Confidential 1 Phoenix Security Architecture and DevID July 2005 Karen Zelenko Phoenix Technologies.

WEB AND WIRELESS AUTOMATION connecting people and processes InduSoft Web Solution Welcome.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 7: Troubleshoot Security Settings and Local Security.

©2006 Microsoft Corporation. All rights reserved. Windows Vista Security Tidbits Steve Riley Senior Security Strategist Microsoft Corporation

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

Microsoft Windows XP SP2 Urs P. Küderli Strategic Security Advisor Microsoft Schweiz GmbH.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Windows Vista And Longhorn Server PKI Enhancements Avi Ben-Menahem Lead Program Manager Windows Security Microsoft Corporation.

Chapter 7 HARDENING SERVERS.

Security and Policy Enforcement Mark Gibson Dave Northey

Introduction To Windows NT ® Server And Internet Information Server.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Understanding Active Directory

Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Active Directory Administration Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Creating Users, Computers, and Groups Automate creation.

Securing Windows Servers Using Group Policy Objects

Windows Server 2008 Chapter 10 Last Update

MCTS Guide to Microsoft Windows 7 Chapter 7 Windows 7 Security Features.

Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.

Hands-On Microsoft Windows Server 2008

Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.

Chapter Six Windows XP Security and Access Controls.

C HAPTER 6 NTFS PERMISSIONS & SECURITY SETTING. INTRODUCTION NTFS provides performance, security, reliability & advanced features that are not found in.

Section 7: Implementing Security Using Group Policy Exploring the Windows Security Architecture Securing User Accounts Exploring Security Policies Hardening.

Troubleshooting Windows Vista Security Chapter 4.

MCTS Guide to Microsoft Windows Vista Chapter 7 Windows Vista Security Features.

Fall 2011 Nassau Community College ITE153 – Operating Systems Session 22 Local Security Polcies 1.

Module 14: Configuring Server Security Compliance

Section 1: Introducing Group Policy What Is Group Policy? Group Policy Scenarios New Group Policy Features Introduced with Windows Server 2008 and Windows.

Module 7: Fundamentals of Administering Windows Server 2008.

1 Week 6 – NPS and RADIUS Install and Configure a Network Policy Server Configure RADIUS Clients and Servers NPS Authentication Methods Monitor and Troubleshoot.

20411B 8: Installing, Configuring, and Troubleshooting the Network Policy Server Role Presentation: 60 minutes Lab: 60 minutes After completing this module,

Lesson 17-Windows 2000/Windows 2003 Server Security Issues.

Module 9: Designing Public Key Infrastructure in Windows Server 2008.

MCTS GUIDE TO MICROSOFT WINDOWS 7 Chapter 7 Windows 7 Security Features.

Section 11: Implementing Software Restriction Policies and AppLocker What Is a Software Restriction Policy? Creating a Software Restriction Policy Using.

Guide to MCSE , Second Edition, Enhanced1 The Windows XP Security Model User must logon with: Valid user ID Password User receives access token Access.

Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.

Troubleshooting Security Issues Lesson 6. Skills Matrix Technology SkillObjective Domain SkillDomain # Monitoring and Troubleshooting with Event Viewer.

WCL310-R. Disabled by Default in Windows 7 and Vista Most Secure – Best Choice for IT Windows 7 and Vista - Default XP Default The Administrator The.

Windows XP Service Pack 2 Customer Awareness Workshop XP SP2 Technical Drilldown – Part 1 Craig Schofield Microsoft Ltd. UK September.

1 Week #5 Routing and NAT Network Overview Configuring Routing Configuring Network Address Translation Troubleshooting Routing and Remote Access.

Module 7: Implementing Security Using Group Policy.

Implementing Server Security on Windows 2000 and Windows Server 2003 Fabrizio Grossi.

Implementing Server Security on Windows 2000 and Windows Server 2003

MCTS GUIDE TO MICROSOFT WINDOWS 7 Chapter 7 Windows 7 Security Features.

Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.

Module 8 Implementing Security Using Group Policy.

4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.

Secure Data Access with SQL Server 2005 Doug Rees Associate Technologist, CM Group

Windows Server 2003 SP1 Technical Overview John Howard, IT Pro Evangelist, Microsoft UK

Securing Tomorrow’s World Microsoft Security Roadmap Ed Gibson & Steve Lamb Microsoft Ltd.

ASP.NET 2.0 Security Alex Mackman CM Group Ltd

Secure Connected Infrastructure

5/25/2018 2:39 AM © 2006 Microsoft Corporation. All rights reserved.

Module Overview Installing and Configuring a Network Policy Server

Configuring Windows Firewall with Advanced Security

Tactic 4: Defend Your Domain Controllers

Configuring and Troubleshooting Routing and Remote Access

Utilize Group Policy Terminal Server Settings

NAAS 2.0 Features and Enhancements

Lesson 16-Windows NT Security Issues

{ Security Technologies}

Operating System Security

Implementing Client Security on Windows 2000 and Windows XP Level 150

Designing IIS Security (IIS – Internet Information Service)

Presentation transcript:

Windows Vista Security Tidbits Steve Lamb Technical Security Evangelist @ Microsoft Ltd Stephen.lamb@microsoft.com http://blogs.technet.com/steve_lamb

Overview User And Group Changes Kernel Changes ACL Changes Admin account New/Missing SIDs New/Missing Users and Groups Cached credentials Kernel Changes Buffer overflow protection ACL Changes Encryption changes Suite B TS SSO EFS with Smart Cards Audit changes User rights New and changed security options Firewall Auth IP SMBv2

User and Group Changes

Administrator Account Status .

Administrator Account Status

Power Users Are Not Anymore

The Support and Help Accounts

New Groups

Some Additional SIDs

And A Few More SIDs The Trusted Installer INTERNET USER High integrity SID System integrity SID A Service Low integrity SID Medium integrity SID

Integrity Levels in Token

ACL Changes

ACL Modifications

Old ACL UI

New ACL UI

Owner Needs Explicit Perms

Kernel Changes

Better Buffer Overflow Protection Second cookie protects exception handlers Safer CRT exception handlers No more executable pages outside images Enforced by better development practices and code scanning tools /NXCOMPAT linker flag in build tools If all binaries in a process are marked NX is automatically enabled for the process Heap protection Signed kernel code (x64 only)

Crypto Changes

Offline Files Encrypted Per User

Encrypted Pagefile

Suite-B Crypto Software and Smart Card Key Storage Providers Cryptographic configuration NIST ECC Prime Curves support (smart cards too) AES SHA-2 IPsec support for AES and ECDH ECC cipher suites in SSL EFS with smart cards

Cached Credentials Much Tougher

Improved Auditing

Granular Audit Policy

Object Access Auditing Object Access Attempt: Object Server: %1 Handle ID: %2 Object Type: %3 Process ID: %4 Image File Name: %5 Access Mask: %6

Object Access Auditing An operation was performed on an object. Subject : Security ID: %1 Account Name: %2 Account Domain: %3 Logon ID: %4 Object: Object Server: %5 Object Type: %6 Object Name: %7 Handle ID: %9 Operation: Operation Type: %8 Accesses: %10 Access Mask: %11 Properties: %12 Additional Info: %13 Additional Info2: %14

Added Auditing For Registry value change audit events (old+new values) AD change audit events (old+new values) Improved operation-based audit Audit events for UAC Improved IPSec audit events including support for AuthIP RPC Call audit events Share Access audit events Share Management events Cryptographic function audit events NAP audit events (server only) IAS (RADIUS) audit events (server only)

More Info In Event Log UI

XML Events

New Event Numbers

New and Modified User Rights

Changes to User Rights All rights for Power Users removed Create global objects does not have INTERACTIVE SE_IMPERSONATE has added IIS_IUSRS and removed ASPNET Logon as a service is now empty by default

New User Rights Access credential manager as a trusted caller Change time zone user right Create symbolic links Modify an object label Synchronize directory service data Increase a process working set .

Security Options With Modified Defaults

Anonymous Named Pipes

Anonymous Named Pipes

Network access: remotely accessible registry paths

Network access: remotely accessible registry paths

Network access: shares that can be accessed anonymously

Network access: shares that can be accessed anonymously

Network Security: Do not store LAN Manager hash value on next password change

Network Security: Do not store LAN Manager hash value on next password change

Network security: LAN Manager authentication level

Network security: LAN Manager authentication level

Devices: Allowed to format and eject removable media

Devices: Allowed to format and eject removable media

Devices: Restrict CD-ROM/Floppy access to locally logged on user only

Devices: Restrict CD-ROM/Floppy access to locally logged on user only

Devices: Unsigned driver installation behavior

Devices: Unsigned driver installation behavior

Why Change It?

Interactive logon: Require smart card

Interactive logon: Require smart card

New Security Options

Network access: remotely accessible registry paths and sub-paths

Network access: Restrict anonymous access to named pipes and shares

System settings: Optional subsystems

System settings: Use certificate rules on windows executables for software restriction policies

Lots and lots and lots of GP changes

Last Logon Display

Trusted Path Credential Entry

Smart Card Policies

SMBv2

What’s New In SMBv2 (in 30 seconds) Only 16 commands (80 in SMBv1) Implicit sequence number speeds up hashing SHA-256 signatures (MD-5 in SMBv1) Handles reconnections more reliably Client-side file encryption (yay!!!) Symbolic links across shares (disabled by default) Better load balancing mitigates DOS attacks

Miscellany

New RDP Control

New RDP Control

Timeless Security Advice! Order online: http://www.protectyourwindowsnetwork.com

Technical Security Evangelist @ Microsoft Ltd IE NDA Presentation 3/25/2017 Thanks to Jesper M. Johansson, Ph.D. for creating the slides Steve Lamb Technical Security Evangelist @ Microsoft Ltd Stephen.lamb@microsoft.com http://blogs.technet.com/steve_lamb © 2006 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary. Confidential -- Subject to Microsoft NDA