Embed Size (px)
Citation preview
Windows VistaWindows VistaInside OutInside Out
Ch 10: Ch 10: Security Essentials
Last modified 9-17-07
Understanding Security Threats
Essential Security Measures Firewall Updates Antivirus Antispyware
Security Center In Control
Panel
EditionsEditions
All the security software in this chapter is All the security software in this chapter is the same in all editions, exceptthe same in all editions, except
Parental ControlsParental Controls Only present in Home Basic, Home Premium, Only present in Home Basic, Home Premium,
and Ultimateand Ultimate Group Policy Group Policy
Only present in Business, Enterprise, and Only present in Business, Enterprise, and Ultimate versionsUltimate versions
Security ThreatsSecurity Threats
VirusVirus Code that attaches to another programCode that attaches to another program Spreads when the infected program runsSpreads when the infected program runs
WormWorm A independent program A independent program Usually spreads through networks, by email or Usually spreads through networks, by email or
instant messaging, or blogs, etc.instant messaging, or blogs, etc.
Security ThreatsSecurity Threats
SpywareSpyware Software that is installed without user’s Software that is installed without user’s
knowledgeknowledge Records personal informationRecords personal information Causes ads to displayCauses ads to display
TrojanTrojan Enables remote control of your computerEnables remote control of your computer Your computer becomes part of a Your computer becomes part of a botnetbotnet
What’s New in Windows Vista
User Account Control (UAC) Helps to prevents installation of software
without user’s consent Windows Firewall
Now filters outgoing traffic Advanced configuration console is much more
complex than any previous Windows Firewall
What’s New in Windows Vista
Windows Defender Antispyware
Internet Explorer Protected Mode
Parental Controls Lets parents control their children’s Internet
use and games
What’s New in Windows Vista
Data RedirectionData Redirection Standard user accounts use virtualization to Standard user accounts use virtualization to
prevent changes to protected system folders prevent changes to protected system folders and the Registryand the Registry
Buffer Overrun ProtectionBuffer Overrun Protection Address Space Layout Randomization
(ASLR)• Make it hard to take over computers with system
calls
What’s New in Windows Vista
64-bit Vista64-bit Vista PatchGuard: only signed drivers are allowedPatchGuard: only signed drivers are allowed
Data EncryptionData Encryption BitLocker Drive EncryptionBitLocker Drive Encryption
• Only on Enterprise and Ultimate editionsOnly on Enterprise and Ultimate editions Encrypting File SystemEncrypting File System
• Only fully supported on Business, Enterprise, and Only fully supported on Business, Enterprise, and Ultimate editions (see link Ch 10a)Ultimate editions (see link Ch 10a)
What’s New in Windows Vista
Restrictions on removable drives USB flash drives and removable devices can
be controlled with Group Policy
Preventing Unsafe Actions with User Account Control (UAC)
Administrator accounts Administrator accounts have two tokens: one have two tokens: one normal, one with normal, one with administrator privilegesadministrator privileges
Elevating privileges Elevating privileges requires clicking on a requires clicking on a User Account Control User Account Control boxbox
What Triggers UAC Prompts
Installing and uninstalling applicationsInstalling and uninstalling applications Installing device drivers Installing device drivers
Unless they are in the Driver StoreUnless they are in the Driver Store Installing ActiveX ControlsInstalling ActiveX Controls Installing Windows UpdatesInstalling Windows Updates Changing settings for Windows Firewall Changing UAC settings
What Triggers UAC Prompts
Configuring Windows Update Adding or removing user accounts Changing a user’s account type Configuring Parental Controls Running Task Scheduler Restoring backed-up system files Viewing or changing another user’s
folders and files
Shield IconShield Icon
Indicates actions Indicates actions that will require that will require privilege escalationprivilege escalation
If you are logged in If you are logged in as a Standard Useras a Standard User The “credentials The “credentials
prompt” will ask for prompt” will ask for administrator administrator credentialscredentials
Secure DesktopSecure Desktop
The greyed-out desktop that forces you to The greyed-out desktop that forces you to respond only to the User Account Control respond only to the User Account Control boxbox
Prevents other programs from running Prevents other programs from running during this important processduring this important process
Disabling UACDisabling UAC
Control Panel, Control Panel, User Accounts, User Accounts, User Accounts, User Accounts, Turn User Turn User Account Control Account Control on or offon or off
Puts your Puts your computer at riskcomputer at risk
Working Around UAC Without Disabling It
Use an administrator Command Prompt window No further elevation will be needed
Run as a standard user Fewer elevated options will appear
Use the “Administrator” account Disabled by default Not affected by User Account Control by
default
Using Group Policy to Customize Using Group Policy to Customize UACUAC
Start, GPEDIT.MSCStart, GPEDIT.MSC
Monitoring Security
Security Security Center in Center in Control Control PanelPanel
Multiple Security ProgramsMultiple Security Programs
Running two antivirus applications at the Running two antivirus applications at the same time can freeze your computersame time can freeze your computer
Two firewalls can be hard to manage, but Two firewalls can be hard to manage, but usually doesn’t crash the machineusually doesn’t crash the machine
Two antispyware applications is commonly Two antispyware applications is commonly done and does no harmdone and does no harm
Unrecognized Software
If your security software is not recognized, you can turn off the Security Center alerts
To see this message, turn off Windows Firewall and click “Show me my available options” in the Firewall section of Security Center
Blocking Intruders with Windows Firewall
You should always run a personal firewall You should always run a personal firewall on your computeron your computer Even when you work behind a corporate or Even when you work behind a corporate or
home firewallhome firewall To protect you from your neighbors on the To protect you from your neighbors on the
LANLAN Laptops, USB flash memory sticks, etc. can Laptops, USB flash memory sticks, etc. can
bring infections inside your firewallbring infections inside your firewall
Windows FirewallWindows Firewall
Filters incoming traffic only, by defaultFilters incoming traffic only, by default Stateful-inspection packet filteringStateful-inspection packet filtering
Remembers the requests you made recentlyRemembers the requests you made recently Allows incoming traffic only if you requested itAllows incoming traffic only if you requested it You can set exceptions to allow unsolicited You can set exceptions to allow unsolicited
incoming trafficincoming traffic This is safer than stateless firewallsThis is safer than stateless firewalls
They filter only by IP address, port, or protocolThey filter only by IP address, port, or protocol
New Windows Firewall FeaturesNew Windows Firewall Features
Can filter outgoing trafficCan filter outgoing traffic Windows Firewall With Advanced Security
console allows many more settings Exceptions can be configured for
Services Active Directory accounts and groups, and
more Three separate profiles
Domain, Private non-domain, or Public
Tools for Managing Windows Firewall
Windows Firewall, in Control Panel Windows Firewall With Advanced Security
A snap-in for Microsoft Management Console (MMC)
Group Policy Object Editor Available only in Business, Enterprise, and
Ultimate editions The Netsh utility
Command-line tool
Firewall Profiles
DomainDomain Your computer is joined to an Active Directory Your computer is joined to an Active Directory
domaindomain Firewall settings usually controlled by settings Firewall settings usually controlled by settings
on the Domain Controlleron the Domain Controller PrivatePrivate
Your computer is connected to a Home or Your computer is connected to a Home or Work network in a workgroup configurationWork network in a workgroup configuration
PublicPublic Airport, library, coffehouse, etc.Airport, library, coffehouse, etc.
Firewall Profiles
Press Logo keyPress Logo key Enter "firewall"Enter "firewall" Open "Windows Open "Windows
Firewall with Firewall with Advanced Advanced Security"Security"
Notice that the Notice that the profile you are profile you are using now is using now is marked "Active"marked "Active"
Windows Firewall SettingsWindows Firewall Settings In Control Panel, in In Control Panel, in
"Security" section, "Security" section, click "Allow a program click "Allow a program through Windows through Windows Firewall"Firewall"
Here you are Here you are controlling only the controlling only the current profilecurrent profile
Demo: Turn off Demo: Turn off firewall, observe the firewall, observe the change in "Windows change in "Windows Firewall with Firewall with Advanced Security"Advanced Security"
Allowing Connections Through the Allowing Connections Through the FirewallFirewall
You will need exceptions any time you You will need exceptions any time you want your computer to act as a serverwant your computer to act as a server Print serverPrint server File ServerFile Server Windows Meeting SpaceWindows Meeting Space GamesGames
All these functions require your computer All these functions require your computer to accept unsolicited incoming trafficto accept unsolicited incoming traffic
ExceptionsExceptions
Checking a box Checking a box here lets a here lets a program through program through the firewallthe firewall
If the item you If the item you need is not visible, need is not visible, use the "Add use the "Add program…" or program…" or "Add port…" "Add port…" buttonsbuttons
Firewall AlertsFirewall Alerts
Clicking Clicking "Unblock" on "Unblock" on this alert does this alert does the same thing the same thing as checking the as checking the box on the box on the Exceptions tabExceptions tab
Windows Update
Start, All Programs, Windows UpdateStart, All Programs, Windows Update
Updating Many ComputersUpdating Many Computers
If you have a network of computers at a If you have a network of computers at a business, automatic updates are not the business, automatic updates are not the best practicebest practice It ties up your Internet connectionIt ties up your Internet connection Not all machines get the same updates at the Not all machines get the same updates at the
same timesame time Some updates may be harmful to your Some updates may be harmful to your
software, so you want to block themsoftware, so you want to block them
Microsoft Update Catalog
Link Ch 10b Stand-alone
installable versions of each update for Windows
Includes "all supported versions"
BUT try searching for MS04-011, no Win 2000 updates appear
See link Ch 10c
Windows Server Update Services(WSUS)
Runs on Windows Server 2003 or 2008 Downloads updates from Microsoft Computers get updates from the WSUS
server, not Microsoft See link Ch 10d
Antivirus Software
Microsoft recommends these vendors for Microsoft recommends these vendors for Vista antivirus softwareVista antivirus software
For details, see link Ch 10eFor details, see link Ch 10e For independently certified antivirus For independently certified antivirus
products, see link Ch 10fproducts, see link Ch 10f
Cleaning an Infected SystemCleaning an Infected System
Microsoft's Malicious Software Removal Tool (MSRT) Link Ch 10g
McAfee Stinger Link Ch 10h
Stopping Spyware with Windows Defender
Spyware causes things like:Spyware causes things like: Unexpected new toolbars, favorites, and links
in your web browser Changes to your browser’s home page and
default search provider Numerous pop-up ads Sudden occurrence of computer crashes or
slow performance
Windows DefenderWindows Defender
Press Logo key, Press Logo key, type in DEFtype in DEF
Scans each Scans each day, by defaultday, by default
Real-Time ProtectionReal-Time Protection
In Windows In Windows Defender, Defender, Tools, Tools, OptionsOptions
Parental Controls
Only in Only in Home Home Basic, Basic, Home Home Premium, Premium, and and Ultimate Ultimate EditionsEditions
Activity ViewerActivity Viewer
