Presentation is loading. Please wait.

Presentation is loading. Please wait.

Windows XP SP2 & Windows Server 2003 SP1

Published byFredrik Lindqvist Modified over 5 years ago

Similar presentations

Presentation on theme: "Windows XP SP2 & Windows Server 2003 SP1"— Presentation transcript:

1 Windows XP SP2 & Windows Server 2003 SP1
Sandeep Modhvadia | Security Technical Specialist

2 Agenda Windows XP Service Pack 2 Windows Server 2003 Service Pack 1
2 years on!

3 Client Attacks Malicious e-mail attachments Malicious Web content
Port-based attacks Buffer overrun attacks

4 Protection Technologies
To help protect all computers connected to the Internet or an internal network Network Protection To enable a safer Internet experience for the most common Internet tasks Safer Web and To provide system-level protection for the base operating system Memory Protection To ensure that updates are easier and quicker to deploy Improved Maintenance

5 Protection Technologies
Network Protection Windows Firewall Reduction of attack surface of a Windows XP computer More secure infrastructure for DCOM Windows Messenger Service is off by default Safer Web and Memory Protection Improved Maintenance

6 Protection Technologies
Network Protection Windows Firewall Reduction of attack surface of a Windows XP computer The RPC service runs with reduced privileges no longer accepts unauthenticated connections by default More secure infrastructure for DCOM Windows Messenger Service is off by default Safer Web and Memory Protection Improved Maintenance

7 Protection Technologies
Network Protection Blocking of un-requested pop-ups More control over Active-X controls More control over downloads More control over attachments Safer Web and Memory Protection Improved Maintenance

8 1st Click – Add-On Manager (Tools/Internet Options)
2nd Click – View and Control list of IE add-ons Since some add-ons get installed without your knowledge, it's a good idea to first take stock of what add-ons your version of IE currently contains. The Add-on Manager allows you to see a list of all the add-ons for IE. The list is divided into two categories: •Add-ons that have been used by Internet Explorer: a complete list of the add-ons that reside on your computer. •Add-ons currently loaded in Internet Explorer: the add-ons that were needed for the current Web page or a recently viewed Web page. 3rd Click- IE Information Bar content for downloading Activex Controls Can then choose to look at controls used on a page and chose if you want to allow or disallow them on that page only or across the whole browser. Will tell you if a control has every crashed on your system. Add-on crash detection attempts to detect crashes in Internet Explorer that are related to an add-on also deal with an activex control in a much more friendly way – it won’t bring down the whole of IE. Can control via Policy.

9 Protection Technologies
Network Protection What is a buffer overrun? Technologies to reduce exploitation of buffer overruns Safer Web and Memory Protection Improved Maintenance

10 Protection Technologies
Network Protection Windows Security Center Automatic Update enhancements Group Policy management of security features New Wireless LAN client Bluetooth update SmartKey Wireless Setup Safer Web and Memory Protection Improved Maintenance

11 What are the Goals of SP1? Enhanced Security reduced attack surface
new security enhancements Stronger Defaults and privilege reduction on services RPC DCOM Support for no execute hardware Intel AMD Windows Firewall Enabled for new install scenarios Provide a Security Configuration Wizard to assist IT Admins Role-based configuration and lockdown VPN Quarantine Client inspection Fix-up Isolation IIS 6.0 metabase auditing Enhanced Reliability Enhanced Performance 10%+ improvement in TPC, TPC-H, SAP, SSL, etc. Key Benefits & Features SP1 benefits fall into 3 main categories: Enhanced security-By continuing the efforts to reduce surface attack area that we began in Windows Server 2003, we have made this OS even more secure by default. Also, with the addition of several new security enhancements, keeping systems up to date and exploit-free has become easier. Key new security features in SP1 include: Stronger defaults and privilege reduction on services like RPC, DCOM Support for “No Execute” (NX) hardware Windows Firewall enabled for new install scenario Security Configuration Wizard-role based lockdown tool that leads admins through the process of turning off unused services within a given role. VPN quarantine-Client inspection, fix-up and isolation for VPN connections IIS 6.0 Metabase auditing Enhanced reliability Enhanced performance

12 SP1 Security Features and Enhancements
Relevant XP SP2 enhancements RPC, DCOM lockdown Windows Firewall Post-Setup Security Updates Boot-time network protection for clean installs Security Configuration Wizard Base 64-bit extension system

13 Windows Firewall/RPC Group policy, command line, unattended setup
Goals and customer benefit Provide by default better protection from network attacks Focus on role-based server configuration What we’re doing Windows Firewall (formerly ICF) will be on by default in almost all configurations utilizing the Security Configuration Wizard More configuration options Group policy, command line, unattended setup Better user interface Boot time protection Restrict anonymous connections to DCOM/RPC interfaces Application impact In-bound network connections will not be permitted by default Listening ports only open as long as the application is running NOTE: THIS INFORMATION IS PRIMARILY FROM XP SP2 DOCUMENTATION A new XP SP2 security feature that will be migrated into Windows Embedded (XPE) SP2 is the enhanced Internet Connection Firewall (WINDOWS FIREWALL) functionality. This includes the ability to turn on WINDOWS FIREWALL in default installations of SP2, closing ports except when they are in use, improving the user interface for configuration, improving application compatibility when WINDOWS FIREWALL is on, and enhancing enterprise administration of WINDOWS FIREWALL through Group Policy. XPE WINDOWS FIREWALL makes use of active packet filtering, which means that ports on the firewall are dynamically opened only for as long as needed to enable access to specific services. This type of firewall technology prevents would-be hackers from scanning ports and resources—including file and printer shares. This significantly reduces the threat of external attacks. The WINDOWS FIREWALL is enabled on a per-connection basis. B. What does Internet Connection Firewall do? Internet Connection Firewall (WINDOWS FIREWALL) is a stateful filtering firewall. WINDOWS FIREWALL provides protection for network connections by preventing unsolicited inbound connections through TCP/IP version 4 (IPv4). Configuration options include: • Enabling on a per-interface basis • Static port openings • Configure basic ICMP options • Log dropped packets and successful connections Note: Microsoft now hosts two versions of WINDOWS FIREWALL, IPv4 and IPv6. We will need to support both versions of WINDOWS FIREWALL for XPE SP2. Support for Internet Protocol version 6 (IPv6), a new suite of standard protocols for the network layer of the Internet, is built into the latest versions of Windows. IPv6 is designed to solve many of the problems of the current version of IP (known as IPv4) with regard to address depletion, security, auto-configuration, extensibility, and more. Its use will also expand the capabilities of the Internet to enable a variety of valuable scenarios, including peer-to-peer and mobile applications.

14 Post-Setup Security Updates
A new feature designed to protect servers between first boot and application of most recent security updates Opens on first admin login if Windows Firewall was not explicitly enabled using unattend script or GP Blocks inbound connections until customer clicks “Finish” on PSSU dialog box Post-Setup Security Updates is a new feature in Windows Server 2003 Service Pack 1. Post-Setup Security Updates is designed to protect the customer from risk of infection between the first boot of the server and the application of the most recent security updates from Windows Update. In order to protect the server, Windows Firewall is enabled during a new installation of any version of Windows Server 2003 that includes a Service Pack. If Windows firewall is enabled and the customer did not explicitly enable it using an unattend script or group policy, Post-Setup Security Updates opens the first time an administrator logs on. Inbound connections to the server are blocked until the customer has clicked the Finish button on the Post-Setup Security Updates dialog box. If the customer set exceptions to the firewall through group policy or by enabling Remote Desktop during installation, inbound connections assigned to these exceptions remain open. Post-Setup Security Updates is not available from the Start menu. If Post-Setup Security Updates appears, Manage Your Server (MYS) opens after Post-Setup Security Updates is closed (unless MYS has been suppressed by policy). If Post-Setup Security Updates does not appear, Manage Your Server opens as it does in Windows Server 2003 with no Service Packs. Post-Setup Security Updates does not appear in any upgrade or update cases, including Windows 2000 to Windows Server 2003 or Windows Server 2003 to Windows Server 2003 Service Pack 1.

15 Security Configuration Wizard
Guided Attack Surface Reduction for Windows Servers Security Coverage Roles-Based Metaphor Disables Unnecessary Services Disables Unnecessary IIS Web Extensions Blocks unused Ports, inlcuding multi-homed scenarios Helps Secure Ports that are left open using IPSEC Reduces protocol exposure (LDAP, NTLM, SMB) Configures Audit Setting with high Signal to Noise Security for mere mortals Roles-based makes answering questions easy Automated versus Paper-Based Guidance Fully tested and supported by Microsoft Attack surface reduction is a fundamental security best practice, yet it is too difficult for most resource-constrained administrators to find the time to properly secure, test, and deploy a Windows server without breaking required functionality. Paper based guidance offers some relief, but who has the time and expertise necessary to sift through the thousands of pages of documentation to figure out the settings that can successfully be applied to a given scenario? Security Configuration Wizard automates the lockdown process, adapts to your environment, and is fully tested and supported by Microsoft. Reducing the attack surface of Windows servers increases the diversity of the Windows landscape and minimizes the number of servers that need to be immediately patched when a vulnerability is exploited. Servers that are not exposed to a specific vulnerability can be patched during the next scheduled maintenance cycle for the server. What does Security Configuration Wizard do? Security Configuration Wizard (SCW) provides guided attack surface reduction for Windows Servers running Service Pack 1. SCW asks the user a series of questions designed to solicit the functional requirements of a server. Functionality not required by the roles the server is performing is then disabled. In addition to being a fundamental security best practice, attack surface reduction increases the diversity of the Windows landscape thus reducing the number of systems that need to be immediately patched when a vulnerability is exposed. Today, Windows administrators typically define security policies using the Security Template snap-in on their own or in conjunction with paper-based guidance or pre-canned security templates designed for specific scenarios. In contrast, Security Configuration Wizard is an authoring tool that allows you to create a custom security policy by answering simple questions rather than reading a lot of documentation that is often inconsistent, not maintained, and untested. For settings that are not configured by the wizard, SCW allows the admin to import existing security templates. Detailed description Don’t be fooled by the term “wizard”. Security Configuration Wizard uses a roles-based metaphor driven by an extensible XML knowledge base that defines the service, port, and IIS requirements for over 50 different server roles including roles for applications such as Microsoft Exchange and SQL Server: Security Configuration Wizard uses this extensible XML knowledge base to perform role discovery, solicit user input, and author security policies that disable services, block ports, tweak registry values, and configure audit settings. Even ports that are left open can be restricted to specific populations or secured using IPsec. Security Configuration Wizard also allows you to rollback previously applied policies and is accompanied by a full-blown command line tool that allows you to perform configuration and compliance analysis en-masse. Security Configuration Wizard also integrates with Active Directory to support deployment of SCW-generated policies through Group Policy. Summary of SCW Security Coverage Security Configuration Wizard allows users to easily: Disable unnecessary Services. Disable unnecessary IIS web Extensions. Block unused Ports, including support for multi-homed scenarios. Secure Ports that are left open using IPsec. Reduce protocol exposure for LDAP, NTLM, and SMB. Configure Audit Settings with a high Signal to Noise ratio. Import Windows Security Templates for coverage of settings that are not configured by the wizard. Summary of SCW Operational Features In addition to roles-based, guided security policy authoring, SCW also supports: Rollback, when applied policies disrupt service expectations. Analysis, to check that machines are in compliance with expected policies. Remotability for configuration and analysis operations. Command Line Support for remote configuration and analysis en-masse. Active Directory Integration for Group Policy-based deployments. Editing of previously created policies, when machines are repurposed. XSL Views of the knowledge base, policies and analysis results. Do I need to change my code to work with Windows Server 2003 Service Pack 1? No, but SCW is extensible so that ISV’s can create their own SCW role definitions for their own applications. After installing SCW, view %windir%\security\msscw\kbs\kbext.xsd. This schema definition file documents the requirements for creating an xml file that extends the SCW knowledge base. There are also numerous examples of SCW extensions that ship with SCW in the same directory location. What do I need to change in my environment to deploy Windows Server 2003 Service Pack 1? Nothing, however SCW can be used during the deployment process to ensure servers are deployed with the expected security policy. Note the following deployment information: If unattended setup is used to deploy servers, Install the SCW optional component automatically during unattended setup by adding the following entry to the [ Components] section of unattend.txt: SCW = On To apply an SCW-generated policy during unattend.txt, use scwcmd.exe as part of cmdlines.txt. For example: “scwcmd.exe configure /p:webserverpolicy.xml”. In this example, webserverpolicy.xml was previously generated by SCW and is accessible from the $OEM$ directory structure on the Windows distribution share. If an imaging solution is used to deploy servers, run SCW on the reference machine that will be imaged.

16 Welcome to this TechNet Event
FREE bi-weekly technical newsletter FREE regular technical events hosted across the UK FREE weekly UK & US led technical webcasts FREE comprehensive technical web site Monthly CD / DVD subscription with the latest technical tools & resources FREE quarterly technical magazine We would like to bring your attention to the key elements of the TechNet programme; the central information and community resource for IT professionals in the UK: To subscribe to the newsletter or just to find out more, please visit or speak to a Microsoft representative during the break

17

Download ppt "Windows XP SP2 & Windows Server 2003 SP1"

Similar presentations

WEB AND WIRELESS AUTOMATION connecting people and processes InduSoft Web Solution Welcome.

WEB AND WIRELESS AUTOMATION connecting people and processes InduSoft Web Solution Welcome.
Planning Server Deployments

Planning Server Deployments
Microsoft Windows XP SP2 Urs P. Küderli Strategic Security Advisor Microsoft Schweiz GmbH.

Microsoft Windows XP SP2 Urs P. Küderli Strategic Security Advisor Microsoft Schweiz GmbH.
Windows Server 2003 SP1. Windows Server™ 2003 Service Pack 1 Technical Overview Jill Steinberg: Added TM Jill Steinberg: Added TM.

Windows Server 2003 SP1. Windows Server™ 2003 Service Pack 1 Technical Overview Jill Steinberg: Added TM Jill Steinberg: Added TM.
NETOP REMOTE CONTROL What’s new in version 9.5? DECEMBER 09 NETOP REMOTE CONTROL1.

NETOP REMOTE CONTROL What’s new in version 9.5? DECEMBER 09 NETOP REMOTE CONTROL1.
Windows XP Service Pack 2 Alex Balcanquall Senior Consultant Microsoft Services Organisation.

Windows XP Service Pack 2 Alex Balcanquall Senior Consultant Microsoft Services Organisation.
Changes in Windows XP Service Pack 2

Changes in Windows XP Service Pack 2
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.
Information for Developers Windows XP Service Pack 2 Information for Developers.

Information for Developers Windows XP Service Pack 2 Information for Developers.
Implementing Server Security on Windows 2000 and Windows Server 2003 Steve Lamb Technical Security Advisor

Implementing Server Security on Windows 2000 and Windows Server 2003 Steve Lamb Technical Security Advisor
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 8 Introduction to Printers in a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 8 Introduction to Printers in a Windows Server 2008 Network.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
2851A_C01. Microsoft Windows XP Service Pack 2 Security Technologies Bruce Cowper IT Pro Advisor Microsoft Canada.

2851A_C01. Microsoft Windows XP Service Pack 2 Security Technologies Bruce Cowper IT Pro Advisor Microsoft Canada.
Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.

Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.
Ch 11 Managing System Reliability and Availability 1.

Ch 11 Managing System Reliability and Availability 1.
P6 - CONFIGURE THE SOFTWARE. CONFIGURE SOFTWARE Most software can be configured to suit an individual user, for example by changing the appearance of.

P6 - CONFIGURE THE SOFTWARE. CONFIGURE SOFTWARE Most software can be configured to suit an individual user, for example by changing the appearance of.
1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.

1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.
Module 7: Configuring TCP/IP Addressing and Name Resolution.

Module 7: Configuring TCP/IP Addressing and Name Resolution.
Guide to MCSE 70-270, Second Edition, Enhanced1 Windows XP Network Overview Most versatile Windows operating system Supports local area network (LAN) connections.

Guide to MCSE , Second Edition, Enhanced1 Windows XP Network Overview Most versatile Windows operating system Supports local area network (LAN) connections.

Similar presentations

Ads by Google