Donald Hester May 4, 2010 For audio call Toll Free and use PIN/code Windows 7 for IT Professionals Part 1: Security and Control
Maximize your CCC Confer window. Phone audio will be in presenter-only mode. Ask questions and make comments using the chat window. Housekeeping
Adjusting Audio 1)If youre listening on your computer, adjust your volume using the speaker slider. 2)If youre listening over the phone, click on phone headset. Do not listen on both computer and phone.
Saving Files & Open/close Captions 1.Save chat window with floppy disc icon 2.Open/close captioning window with CC icon
Emoticons and Polling 1)Raise hand and Emoticons 2)Polling options
Donald Hester Windows 7 for IT Professionals Part 1: Security and Control
User Account Control Windows BitLocker and Windows BitLocker To Go Windows AppLocker Windows Defender
User Groups UAC Security Settings Modify User Account Control Settings
User Groups Standard Users Administrators Standard Users Administrators Type of Elevation PromptDescription Consent Prompt Displayed to administrators in Admin Approval Mode when they attempt to perform an administrative task. It requests approval to continue from the user. Credential Prompt Displayed to standard users when they attempt to perform an administrative task.
Admin Approval Mode for the Built-in Administrator account Allow UIAccess applications to prompt for elevation without using the secure desktop Behavior of the elevation prompt for administrators in Admin Approval Mode Behavior of the elevation prompt for standard users Detect application installations and prompt for elevation Only elevate executables that are signed and validated Only elevate UIAccess applications that are installed in secure locations Run all administrators in Admin Approval Mode Virtualize file and registry write failures to per-user locations Admin Approval Mode for the Built-in Administrator account Allow UIAccess applications to prompt for elevation without using the secure desktop Behavior of the elevation prompt for administrators in Admin Approval Mode Behavior of the elevation prompt for standard users Detect application installations and prompt for elevation Only elevate executables that are signed and validated Only elevate UIAccess applications that are installed in secure locations Run all administrators in Admin Approval Mode Virtualize file and registry write failures to per-user locations
Elevation PromptDescription Never notify meUAC is off. Notify me only when programs try to make changes to my computer (do not dim my desktop) When a program makes a change, a prompt appears, but the desktop is not dimmed. Otherwise, no prompt appears. Notify me only when programs try to make changes to my computer When a program makes a change, a prompt appears, and the desktop is dimmed to provide a visual cue that installation is being attempted. Otherwise, no prompt appears. Always notify me The user is always prompted when changes are made to the computer.
Hardware Requirements for BitLocker Drive Encryption BitLocker Functionality BitLocker To Go Locate a Recovery Password
Encryption and decryption key Hard drive Encryption and decryption key Hard drive A computer with Trusted Platform Module (TPM) A removable USB memory device. A computer with Trusted Platform Module (TPM) A removable USB memory device. Have at least two partitions Have a BIOS that is compatible with TPM and supports USB devices during computer startup. Have at least two partitions Have a BIOS that is compatible with TPM and supports USB devices during computer startup.
BDE offers a spectrum of protection allowing customers to balance ease- of-use against the threats they are most concerned with. ****** *
17
Save recovery information in one of these formats A 48-digit number divided into eight groups. A Recovery Key in a format that can be read directly by the BitLocker recovery console. A 48-digit number divided into eight groups. A Recovery Key in a format that can be read directly by the BitLocker recovery console. Configure how to access an encrypted drive Use the Set BitLocker startup preferences window. Select an access option: USB Enter the Passphrase by using function keys No key Select an access option: USB Enter the Passphrase by using function keys No key
4 levels of AES encryption 128 & 256 bit the diffuser is a new unproven algorithm diffuser runs in about 10 clock cycles/byte Combination with AES- CBC for performance & security
Extends BitLocker Drive Encryption to portable devices Manageable through Group Policy Users choose to encrypt portable devices and use them to their fullest capabilities or leave them unencrypted and have them be read-only Enable BitLocker Drive Encryption by right-clicking the device and then clicking Turn On BitLocker Data on e ncrypted portable devices can be accessed from computers that do not have BitLocker enabled BitLocker can be configured to unlock with one of the following: Recovery Password or passphrase Smart Card Always auto-unlock this device on this PC BitLocker can be configured to unlock with one of the following: Recovery Password or passphrase Smart Card Always auto-unlock this device on this PC
22
23
24
Conditions that must be true: Before providing a password to a user: Conditions that must be true: Before providing a password to a user: Confirm the person is the account owner and is authorized to access data on the computer in question Examine the returned Recovery Password to make sure that it matches the Password ID that was provided by the user Confirm the person is the account owner and is authorized to access data on the computer in question Examine the returned Recovery Password to make sure that it matches the Password ID that was provided by the user Be a domain administrator or have delegated permissions The clients BitLocker recovery information is configured to be stored in AD The clients computer has been joined to the domain BitLocker Drive Encryption must be enabled on the clients computer
AppLocker Definition and Setup Application Rules Enforce and Validate AppLocker Rules
AppLocker Default rules AppLocker Default rules Enables IT professionals to specify exactly what is allowed to run on user desktops Allows users to run the applications, installation programs, and scripts that they need to be productive Make sure key operating system files run for all users Make sure key operating system files run for all users Prevent non-administrator users from running programs installed in their user profile directory Can be recreated at anytime
TypeDescriptionMerge rule Hash Uses the file hash of a file If two path rules have the same paths, they are merged into a single rule. Path Uses a folder path or file path If two publisher rules have the exact same publisher and product fields, they are merged. Publisher Uses the attributes of a digitally signed file, like publisher or version No optimizations are possible because each hash is unique.
Enforcement In Local Security Policy, Configure Rule Enforcement area Refresh computers policy with gpupdate /force In Local Security Policy, Configure Rule Enforcement area Refresh computers policy with gpupdate /force OptionDescription Enforce rules, but allow setting to be overridden Default setting. If linked GPOs contain a different setting, that setting is used. If any rules are present in the corresponding rule collection, they are enforced. Enforce rulesRules are enforced. Audit only Rules are audited, but not enforced.
Overview Alert Levels Windows Defender Tasks
Three ways to help protect the computer: Definitions Three ways to help protect the computer: Definitions Used to determine if software that it detects is spyware or other potentially unwanted software, and then to alert you to potential risks. Works with Windows Update to automatically install new definitions as they are released. Set Windows Defender to check online for updated definitions before scanning. Used to determine if software that it detects is spyware or other potentially unwanted software, and then to alert you to potential risks. Works with Windows Update to automatically install new definitions as they are released. Set Windows Defender to check online for updated definitions before scanning. Real-time protection (RTP) The SpyNet community Scanning options
Help you choose how to respond to spyware and potentially unwanted software Severe - remove this software immediately. High - remove this software immediately. Medium - review the alert details, consider blocking the software. Low - review the alert details to see if you trust the publisher. Severe - remove this software immediately. High - remove this software immediately. Medium - review the alert details, consider blocking the software. Low - review the alert details to see if you trust the publisher. Actions Quarantine – software is moved to another location on the computer; prevents the software from running until you choose to restore or remove it from the computer. Remove - permanently deletes the software from the computer. Allow - adds the software to the Windows Defender allowed list and allows it to run on the computer. Add software to the allowed list only if you trust the software and the software publisher. Quarantine – software is moved to another location on the computer; prevents the software from running until you choose to restore or remove it from the computer. Remove - permanently deletes the software from the computer. Allow - adds the software to the Windows Defender allowed list and allows it to run on the computer. Add software to the allowed list only if you trust the software and the software publisher.
Turn on Windows Defender Enable real-time protection Automatically check for new definitions Schedule a scan Manually scan for new definitions Windows Defender helps automatically remove malicious software.
Performance enhancement Removed the Software Explorer tool
Security and User Productivity Enhancements Customizable UAC requires fewer instances of elevation prompts Manageable through Group Policy BitLocker and BitLocker To Go BitLocker To Go extends BitLocker Drive Encryption to password-protected portable media Users choose to encrypt drive or leave read-only Manageable through Group Policy AppLocker Provides a rule-based structure to specify which applications are available to which end users Create default rules first View rule event information in the Event Viewer Windows Defender Integrated with Action Center Provides an improved user experience when scanning for spyware or manually checking for updates.
Donald E. Hester CISSP, CISA, CAP, MCT, MCITP, MCTS, MCSE Security, Security+ Maze & / San Diego City College Q&A
Evaluation Survey Link Help us improve our seminars by filing out a short online evaluation survey at:
Thanks for attending For upcoming events and links to recently archived seminars, check Web site at: Windows 7 for IT Professionals Part 1: Security and Control