Security Features in Windows Vista

What Will We Cover?• Security fundamentals

• Protecting your company’s resources

• Anti-malware features

Level 200

• Windows user interface

• Windows security concepts

Helpful Experience

• Exploring Security Fundamentals

• Mitigating Threats and Vulnerabilities

• Controlling Identity and Access

• Protecting System Information

Agenda

Windows Vista Fundamentals

• Improved SDL

• Common Criteria Certification

Secure by Default

DDDD DD

Windows Vista Service Hardening

DD DDDD

• Reduce size of

high-risk layers

• Segment the

services

• Increase number

of layers

Kernel driversD

D User-mode drivers

Service Service 11

Service Service 22

Service Service 33

ServiceService……

Service Service ……

Service A

Service B

• Exploring Security Fundamentals

• Mitigating Threats and Vulnerabilities

• Controlling Identity and Access

• Protecting System Information

Agenda

• Phishing filter and colored address

bar

• Dangerous Settings notification

• Secure defaults for IDN

• Unified URL parsing

• Code quality improvements (SDLC)

• ActiveX opt-in

• Protected Mode to prevent malicious

software

Internet Explorer 7.0

Social Engineering ProtectionsProtection from Exploits

ActiveX Opt-in

IE7

Disabled Controls by default

IE7 blocks ActiveX Control

User grants permission (opts-in)

IE7 confirms install

ActiveX Control enabled

Internet Explorer Protected Mode

C:\...\Temporary Internet Files

C:\...\Startup

Double-checks site with online Microsoft service of reported phishing sites

Scans the website for characteristics common to phishing sites

Phishing Filter

Compares website with local list of known legitimate sites

Windows Vista Firewall

IPSec

Windows Defender

• Improved detection

and removal

• Redesigned and

simplified user

interface

• Protection for all users

Network Access Protection

DHCP, VPNSwitch/Router MSFT

NetworkPolicy Server

WindowsVista Client

Corporate Network

Fix Up Servers

Policy Servers

• Exploring Security Fundamentals

• Mitigating Threats and Vulnerabilities

• Controlling Identity and Access

• Protecting System Information

Agenda

Current Challenges

User Account Control

Allows system to run asstandard user

Allows select applications to run in elevated context

Fix or remove inappropriateadministrative checks

Registry and file virtualization provides compatibility

User Account Control Sample

Elevated Privileges

Consent PromptsOperating System Application

Signed Application Unsigned Application

Improved Auditing

Main Category

Logon/ Logoff

File System Access

Registry Access

Use of Administrative

Privilege

New Logging Infrastructure

Authentication Improvements

Winlogon

GINA.dll

Plug and Play Smartcard Support

Restart Manager

Integrated Control

Control over removable device installation

Security Center enhancements

• Exploring Security Fundamentals

• Mitigating Threats and Vulnerabilities

• Controlling Identity and Access

• Protecting System Information

Agenda

Information Leakage

“After virus infections, businesses report unintended forwarding of e-mails and loss of mobile devices more frequently than they do any other security breach”

Jupiter Research Report, 2004

0% 10% 20% 30% 40% 50% 60% 70%

Loss of digital assets, restored

E-mail piracy

Password compromise

Loss of mobile devices

Unintended forwarding of e-mails

20%

22%

22%

35%

36%

63%Virus infection

Windows Vista Data ProtectionPolicy Definition and Enforcement

Rights Management Services

User-Based File System Encryption

Encrypted File System

Drive-Level Encryption

BitLocker Drive Encryption

Windows Vista Firewall

• Both inbound and outbound

• Authentication and

authorization aware

• Outbound application-aware

filtering is now possible

Includes IPSec management

Of course, policy-based

administration

Great for Peer-to-Peer control

Network Access Protection

11

RestrictedRestrictedNetworkNetworkMicrosoftMicrosoft

NetworkNetworkPolicy Server Policy Server

33

Policy ServersPolicy Serverse.g. Microsoft Security e.g. Microsoft Security Center, SMS, AntigenCenter, SMS, Antigen

or 3or 3rd rd party party

Policy Policy compliantcompliantDHCP, VPNDHCP, VPN

Switch/Router Switch/Router

22

WindowsWindowsVista ClientVista Client

Fix UpFix UpServersServers

e.g. WSUS, SMS e.g. WSUS, SMS & 3& 3rdrd party party

Corporate NetworkCorporate Network55

Not policy Not policy compliantcompliant 44

Control Over Device Installation

• Control over removable device installation via a policy

Mainly to disable USB-device installation, as many corporations worry about intellectual

property leak

You can control them by device class or driver

• Approved drivers can be pre-populated into trusted Driver Store

• Driver Store Policies (group policies) govern driver packages that

are not in the Driver Store:

Non-corporate standard drivers

Unsigned drivers

Client Security Scanner

• Finds out and reports Windows client’s security state:

Patch and update levels

Security state

Signature files

Anti-malware status

• Ability for Windows to self-report its state

• Information can be collected centrally, or just reviewed

in the Security Center by the users and admins

Code Integrity

• All DLLs and other OS executables have

been digitally signed

• Signatures verified when components

load into memory

BitLocker™

• BitLocker strongly encrypts and signs the entire hard drive (full volume encryption)

TPM chip provides key managementCan use additional protection factors such as a USB dongle, PIN or password

• Any unauthorised off-line modification to your data or OS is discovered and no access is granted

Prevents attacks which use utilities that access the hard drive while Windows is not running and enforces Windows boot process

• Protects data after laptop theft etc.• Data recovery strategy must be planned carefully!

Vista supports three modes: key escrow, recovery agent, backup

BitLocker Drive Encryption

•Improved at-rest data protection with full drive encryption

•Usability with scalable security protections

•Enterprise-ready deployment capabilities

•Offline system-tampering resistance

•Worry-free hardware repurposing and decommissioning

•Integrated disaster recovery features

Trusted Platform Module

Encrypted Data

Encrypted Volume Key

Encrypted Full Volume Encryption

Key

TPM Volume Master Key

Full Volume Encryption Key

Cleartext Data

• Windows Vista is the most secure Windows operating system to date

• Windows Vista protects users

• Numerous other security improvements help protect data and ease deployment

Session Summary

A BRIEF OVERVIEW• “Need to Know Basis”• Baseline

User Account AdministrationPassword AdministrationGroup or Role AdministrationFile Permissions on Critical FilesUMASKSUID & SGIDCronSyslogServicesPatches

• Conclusion

Need to Know Basis

• When setting up security on your Unix

systems, ensure that security is set up on

a need to know need to use basis.

Baseline• A Baseline ensures that security policies

are implemented consistently and completely across various platforms.

• Should be in a written form• Include specific instructions to achieve

security on a specific server.

User Account Administration• User Account Policies should address:Immediate deactivation of Users Accounts for terminated employees

Superuser account proceduresContractors AccountsNaming Conventions for User accounts

Password Administration

• 60 to 90 day expiration for ordinary users

• 30 day password expiration for superusers

• Do not allow password sharing

• Set minimum password lengths to at least 6

characters

Group or Role Administration• Assign users with like responsibilities to

groups

File Permissions on Critical Files

• Unix controls access to files, programs, and all other resources via file permissions.

• Unix permission are controlled by three categories: Owner, Group, and World

• Each category has the ability to either READ, WRITE, and/or EXECUTE Unix files or resources

• Ex. –rwxr-x--x

UMASK• Ensure that your UMASK settings

automatically assigns each newly created

file with the most secure file permission.

SUID & SGID

• SUID and SGID files allow the World user

to temporarily assume the permissions of

the Owner or Group users while using the

program.

CRON• Cron is the Unix Job scheduler• Many system administrators use the Cron

to perform automatic full or incremental back-ups of the systems.

• The Cron can also be used to email log files, clean up file system etc.

Syslog

• The syslog utility allows systems

administrators to log various events

occurring on the Unix system.

• If Syslog is configured correctly, Unix can

log many security events without the use of

a third party plug-in.

Services• The inetd.conf file controls the services that are

allowed on the Unix system.

• Make sure that only necessary services are

activated

• Unix comes with all services activated by default,

and many of these services have severe security

vulnerabilities.

Patches

• Ensure that your Unix systems are

patched regularly. A policy should be

adopted to ensure that all patches are

tested and installed on a schedule.

Remote File Systemsref: Vahalia, ch 10

• GoalsMount file systems of a remote computer on a local system

Mount any FS, not only UNIXH/w independentTransport independentUNIX FS semantics must be maintainedPerformanceCrash recoverySecurity

setuid()Is there a way a programmer could use a setuid() program to penetrate the security of UNIX/Linux?

• Normally, no. Good intentions of this call in user mode are just set it’s effective UID to real. The superuser can set any UID to whatever s/he wants. However, on an unpatched UNIX/Linux by tracing a setuid program with ptrace and if the program invokes subsequent execs, one can modify its address space to exec a shell and gain unauthorized superuser’s access to the system (p. 154, Vahalia).

Conclusion• Although there are many other areas that

can be addressed in a security baseline, the aforementioned areas mentioned will give you a headstart in addressing security for your Unix system, and should prepare your servers for our upcoming IS audits.

Z OS Security

Natural Security

• Controls and checks access to the Natural

Environment

• Four types of objects

Users

Libraries

DDMs/files

Utilities

Types of Users

Linking a User to a Library

RPC Service Requests

• Protect RPC Services as well as the requests are

handled.

• User authentication are possible in two modes

Validation with Impersonation

Validation without Impersonation

• Impersonation must be set in the security profile

of the Natural RPC Server.

Resource Access Control Facility (RACF)

• Access control software for IBM mainframe.

• Operates at the OS level.

• Can interface with Customer Information

Control System (CICS), IBM’s system for

end user account management.

RACF Functions

• identify and verify system users

• identify, classify, and protect system

resources

• authorize the users who need access

to the resources you've protected

RACF Functions

• control the means of access to these resources

• log and report unauthorized attempts at gaining access to the system and to the protected resources

• administer security to meet your installation's security goals.