logging in or signing up SEC317 Steve Riley Mentor Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 687 Category: Product Traini.. License: All Rights Reserved Like it (0) Dislike it (0) Added: June 19, 2007 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript Windows Vista Security Tidbits: Windows Vista Security Tidbits Steve Riley Senior Security Strategist Microsoft Corporation steve.riley@microsoft.com http://blogs.technet.com/steriley Overview: Overview User And Group Changes Admin account New/Missing SIDs New/Missing Users and Groups Cached credentials Kernel Changes Buffer overflow protection ACL Changes Encryption changes Suite B TS SSO EFS with Smart Cards Audit changes User rights New and changed security options Firewall Auth IP SMBv2 User and Group Changes: User and Group Changes Administrator Account Status: Administrator Account Status Built-in “Administrator”: Built-in 'Administrator' Safe mode created a hole: reboot and login without a password! New behavior: Non-domain: if you have a local admin, safe mode prohibits use of BA Domain: BA can never be used Power Users Are Not Anymore: Power Users Are Not Anymore New Groups: New Groups Some Additional SIDs: Some Additional SIDs And A Few More SIDs: And A Few More SIDs The Trusted Installer A Service INTERNET USER High integrity SID Low integrity SID Medium integrity SID System integrity SID Integrity Levels in Token: Integrity Levels in Token ACL Changes: ACL Changes ACL Modifications: ACL Modifications Old ACL UI: Old ACL UI New ACL UI: New ACL UI Owner Needs Explicit Perms: Owner Needs Explicit Perms Kernel Changes: Kernel Changes Better Buffer Overflow Protection: Better Buffer Overflow Protection Second cookie protects exception handlers Safer CRT exception handlers No more executable pages outside images Enforced by better development practices and code scanning tools /NXCOMPAT linker flag in build tools If all binaries in a process are marked NX is automatically enabled for the process Heap protection Signed kernel code (x64 only) Crypto Changes: Crypto Changes Offline Files Encrypted Per User: Offline Files Encrypted Per User Encrypted Pagefile: Encrypted Pagefile Suite-B Crypto: Suite-B Crypto Software and Smart Card Key Storage Providers Cryptographic configuration NIST ECC Prime Curves support (smart cards too) AES SHA-2 IPsec support for AES and ECDH ECC cipher suites in SSL EFS with smart cards Cached Credentials Much Tougher: Cached Credentials Much Tougher Improved Auditing: Improved Auditing Granular Audit Policy: Granular Audit Policy Object Access Auditing: Object Access Auditing Object Access Attempt: Object Server: %1 Handle ID: %2 Object Type: %3 Process ID: %4 Image File Name: %5 Access Mask: %6 Object Access Auditing: Object Access Auditing An operation was performed on an object. Subject : Security ID: %1 Account Name: %2 Account Domain: %3 Logon ID: %4 Object: Object Server: %5 Object Type: %6 Object Name: %7 Handle ID: %9 Operation: Operation Type: %8 Accesses: %10 Access Mask: %11 Properties: %12 Additional Info: %13 Additional Info2: %14 Added Auditing For: Added Auditing For Registry value change audit events (old+new values) AD change audit events (old+new values) Improved operation-based audit Audit events for UAC Improved IPSec audit events including support for AuthIP RPC Call audit events Share Access audit events Share Management events Cryptographic function audit events NAP audit events (server only) IAS (RADIUS) audit events (server only) More Info In Event Log UI: More Info In Event Log UI XML Events: XML Events New Event Numbers: New Event Numbers New and Modified User Rights: New and Modified User Rights Changes to User Rights: Changes to User Rights All rights for Power Users removed Create global objects does not have INTERACTIVE SE_IMPERSONATE has added IIS_IUSRS and removed ASPNET Logon as a service is now empty by default New User Rights: New User Rights Access credential manager as a trusted caller Winlogon uses for credential manager backup/restore Change time zone user right Create symbolic links Modify an object’s integrity label Synchronize directory service data Increase a process working set Security Options With Modified Defaults: Security Options With Modified Defaults Anonymous Named Pipes: Anonymous Named Pipes Anonymous Named Pipes: Anonymous Named Pipes Network access: remotely accessible registry paths: Network access: remotely accessible registry paths Network access: remotely accessible registry paths: Network access: remotely accessible registry paths Network access: shares that can be accessed anonymously: Network access: shares that can be accessed anonymously Network access: shares that can be accessed anonymously: Network access: shares that can be accessed anonymously Network Security: Do not store LAN Manager hash value on next password change: Network Security: Do not store LAN Manager hash value on next password change Network Security: Do not store LAN Manager hash value on next password change: Network Security: Do not store LAN Manager hash value on next password change Network security: LAN Manager authentication level: Network security: LAN Manager authentication level Network security: LAN Manager authentication level: Network security: LAN Manager authentication level Devices: Allowed to format and eject removable media: Devices: Allowed to format and eject removable media Devices: Allowed to format and eject removable media: Devices: Allowed to format and eject removable media Devices: Restrict CD-ROM/Floppy access to locally logged on user only: Devices: Restrict CD-ROM/Floppy access to locally logged on user only Devices: Restrict CD-ROM/Floppy access to locally logged on user only: Devices: Restrict CD-ROM/Floppy access to locally logged on user only Devices: Unsigned driver installation behavior: Devices: Unsigned driver installation behavior Devices: Unsigned driver installation behavior: Devices: Unsigned driver installation behavior Why Change It?: Why Change It? Devices and Drivers: Devices and Drivers Allowing users to install drivers: Allowing users to install drivers Installing devices: Installing devices Configuring device restrictions: Configuring device restrictions New Security Options: New Security Options Network access: Restrict anonymous access to named pipes and shares: Network access: Restrict anonymous access to named pipes and shares System settings: Optional subsystems: System settings: Optional subsystems System settings: Use certificate rules on windows executables for software restriction policies: System settings: Use certificate rules on windows executables for software restriction policies Lots and lots and lots of GP changes: Lots and lots and lots of GP changes Last Logon Display: Last Logon Display Trusted Path Credential Entry: Trusted Path Credential Entry Smart Card Policies: Smart Card Policies RDP: RDP New RDP Control: New RDP Control New RDP Control: New RDP Control Timeless Security Advice!: Timeless Security Advice! Order online: http://www.protectyourwindowsnetwork.com steve.riley@microsoft.com http://blogs.technet.com/steriley You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
SEC317 Steve Riley Mentor Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 687 Category: Product Traini.. License: All Rights Reserved Like it (0) Dislike it (0) Added: June 19, 2007 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript Windows Vista Security Tidbits: Windows Vista Security Tidbits Steve Riley Senior Security Strategist Microsoft Corporation steve.riley@microsoft.com http://blogs.technet.com/steriley Overview: Overview User And Group Changes Admin account New/Missing SIDs New/Missing Users and Groups Cached credentials Kernel Changes Buffer overflow protection ACL Changes Encryption changes Suite B TS SSO EFS with Smart Cards Audit changes User rights New and changed security options Firewall Auth IP SMBv2 User and Group Changes: User and Group Changes Administrator Account Status: Administrator Account Status Built-in “Administrator”: Built-in 'Administrator' Safe mode created a hole: reboot and login without a password! New behavior: Non-domain: if you have a local admin, safe mode prohibits use of BA Domain: BA can never be used Power Users Are Not Anymore: Power Users Are Not Anymore New Groups: New Groups Some Additional SIDs: Some Additional SIDs And A Few More SIDs: And A Few More SIDs The Trusted Installer A Service INTERNET USER High integrity SID Low integrity SID Medium integrity SID System integrity SID Integrity Levels in Token: Integrity Levels in Token ACL Changes: ACL Changes ACL Modifications: ACL Modifications Old ACL UI: Old ACL UI New ACL UI: New ACL UI Owner Needs Explicit Perms: Owner Needs Explicit Perms Kernel Changes: Kernel Changes Better Buffer Overflow Protection: Better Buffer Overflow Protection Second cookie protects exception handlers Safer CRT exception handlers No more executable pages outside images Enforced by better development practices and code scanning tools /NXCOMPAT linker flag in build tools If all binaries in a process are marked NX is automatically enabled for the process Heap protection Signed kernel code (x64 only) Crypto Changes: Crypto Changes Offline Files Encrypted Per User: Offline Files Encrypted Per User Encrypted Pagefile: Encrypted Pagefile Suite-B Crypto: Suite-B Crypto Software and Smart Card Key Storage Providers Cryptographic configuration NIST ECC Prime Curves support (smart cards too) AES SHA-2 IPsec support for AES and ECDH ECC cipher suites in SSL EFS with smart cards Cached Credentials Much Tougher: Cached Credentials Much Tougher Improved Auditing: Improved Auditing Granular Audit Policy: Granular Audit Policy Object Access Auditing: Object Access Auditing Object Access Attempt: Object Server: %1 Handle ID: %2 Object Type: %3 Process ID: %4 Image File Name: %5 Access Mask: %6 Object Access Auditing: Object Access Auditing An operation was performed on an object. Subject : Security ID: %1 Account Name: %2 Account Domain: %3 Logon ID: %4 Object: Object Server: %5 Object Type: %6 Object Name: %7 Handle ID: %9 Operation: Operation Type: %8 Accesses: %10 Access Mask: %11 Properties: %12 Additional Info: %13 Additional Info2: %14 Added Auditing For: Added Auditing For Registry value change audit events (old+new values) AD change audit events (old+new values) Improved operation-based audit Audit events for UAC Improved IPSec audit events including support for AuthIP RPC Call audit events Share Access audit events Share Management events Cryptographic function audit events NAP audit events (server only) IAS (RADIUS) audit events (server only) More Info In Event Log UI: More Info In Event Log UI XML Events: XML Events New Event Numbers: New Event Numbers New and Modified User Rights: New and Modified User Rights Changes to User Rights: Changes to User Rights All rights for Power Users removed Create global objects does not have INTERACTIVE SE_IMPERSONATE has added IIS_IUSRS and removed ASPNET Logon as a service is now empty by default New User Rights: New User Rights Access credential manager as a trusted caller Winlogon uses for credential manager backup/restore Change time zone user right Create symbolic links Modify an object’s integrity label Synchronize directory service data Increase a process working set Security Options With Modified Defaults: Security Options With Modified Defaults Anonymous Named Pipes: Anonymous Named Pipes Anonymous Named Pipes: Anonymous Named Pipes Network access: remotely accessible registry paths: Network access: remotely accessible registry paths Network access: remotely accessible registry paths: Network access: remotely accessible registry paths Network access: shares that can be accessed anonymously: Network access: shares that can be accessed anonymously Network access: shares that can be accessed anonymously: Network access: shares that can be accessed anonymously Network Security: Do not store LAN Manager hash value on next password change: Network Security: Do not store LAN Manager hash value on next password change Network Security: Do not store LAN Manager hash value on next password change: Network Security: Do not store LAN Manager hash value on next password change Network security: LAN Manager authentication level: Network security: LAN Manager authentication level Network security: LAN Manager authentication level: Network security: LAN Manager authentication level Devices: Allowed to format and eject removable media: Devices: Allowed to format and eject removable media Devices: Allowed to format and eject removable media: Devices: Allowed to format and eject removable media Devices: Restrict CD-ROM/Floppy access to locally logged on user only: Devices: Restrict CD-ROM/Floppy access to locally logged on user only Devices: Restrict CD-ROM/Floppy access to locally logged on user only: Devices: Restrict CD-ROM/Floppy access to locally logged on user only Devices: Unsigned driver installation behavior: Devices: Unsigned driver installation behavior Devices: Unsigned driver installation behavior: Devices: Unsigned driver installation behavior Why Change It?: Why Change It? Devices and Drivers: Devices and Drivers Allowing users to install drivers: Allowing users to install drivers Installing devices: Installing devices Configuring device restrictions: Configuring device restrictions New Security Options: New Security Options Network access: Restrict anonymous access to named pipes and shares: Network access: Restrict anonymous access to named pipes and shares System settings: Optional subsystems: System settings: Optional subsystems System settings: Use certificate rules on windows executables for software restriction policies: System settings: Use certificate rules on windows executables for software restriction policies Lots and lots and lots of GP changes: Lots and lots and lots of GP changes Last Logon Display: Last Logon Display Trusted Path Credential Entry: Trusted Path Credential Entry Smart Card Policies: Smart Card Policies RDP: RDP New RDP Control: New RDP Control New RDP Control: New RDP Control Timeless Security Advice!: Timeless Security Advice! Order online: http://www.protectyourwindowsnetwork.com steve.riley@microsoft.com http://blogs.technet.com/steriley