1 / 23

Security Features in Microsoft® Windows® XP

Security Features in Microsoft® Windows® XP. James Noyce, Senior Consultant Security Solutions Team, Business Critical Services Microsoft Security Solutions, Feb 4, 2003. Agenda. Windows XP Security Features What’s New Since Windows 2000 Drill down into Secure Wireless Networking

kamin
Download Presentation

Security Features in Microsoft® Windows® XP

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Features in Microsoft® Windows® XP James Noyce, Senior Consultant Security Solutions Team, Business Critical Services Microsoft Security Solutions, Feb 4, 2003

  2. Agenda • Windows XP Security Features • What’s New Since Windows 2000 • Drill down into • Secure Wireless Networking • Group Policy • Software Restriction Policies • Internet Connection Firewall

  3. Security Is Only As Strong As The Weakest Link • Technology is neither the whole problem nor the whole solution • Secure systems depend upon Technology, Processes and People

  4. Technology, Process, People Baseline technology Standards, Encryption, Protection Product security features Security tools and products Planning for security Prevention Detection Reaction Dedicated staff Training Security - a mindset and a priority

  5. Evolution of Windows Desktop Security

  6. Users and Groups Rights and Permissions Kerberos Crypto API Data Protection API Screen Saver Password Digital Certificates Smart Card Logon Remote Access Auditing IP Security Encrypting File System Group Policy 802.1x Network Authentication Credentials Manager Software Restriction Policies Internet Connection Firewall Windows XP Security Features Builds on Windows 2000 Professional Security Features

  7. Existing Security Features • Users and Groups • Rights and Permissions • Kerberos • Crypto API • Data Protection API • Screen Saver Password

  8. Enhanced Security Features • Digital Certificates • *Auto enrolment and renewal for users • Smart Card Logon • Supports Remote Desktop • IP Security (IPSec) • Stronger D/H key exchange • NAT traversal

  9. Enhanced Security Features • Auditing • *More granular operation based auditing • Remote Access (VPN, DUN and PPoE) • Leverages Internet Connection Firewall • L2TP/IPSec over NAT • Group Policy • Increased number of policy settings • Resultant Set of Policy (RSoP)

  10. Active Directory Group Policy

  11. Password Policy Lockout Policy Kerberos Policy Audit Policy User Rights Security Options (Registry Values) Event Log Settings Restricted Groups System Services (start-up mode and ACLs) Registry ACLs File System ACLs Group Policy

  12. Security Configuration Toolset • Use GPEDIT.MSC to edit Local Group Policy • Use SECPOL.MSC to edit Local Security Policy • Security Configuration and Analysis (SCA) to perform auditing and handle templates • Use SCA to import/export security templates (.INF files) for distribution via Group Policy

  13. Enhanced Security Features • Encrypting File System • Support for AES • EFS over WebDAV • Shared EFS • Misc… • Controlled network access • Offline file synchronisation

  14. New Security Features • 802.1x Network Authentication • Credentials Manager • Software Restriction Policies • Internet Connection Firewall

  15. 802.1x Network Authentication • Secure wired and wireless networks from unauthorised access • Do not confuse with 802.11b/802.11x/etc… • Imagine authenticating computer / user to the network port on the wall • Then picture the accessing the network port via wireless…

  16. 802.1x Network Authentication • Supports password based (PEAP) and certificate based (EAP-TLS) credentials • Dynamic, rotating WEP keys • Requires backend infrastructure • Internet Authentication Service (IAS) • Domain Controller • Certificate Authority

  17. 802.1x Network Authentication LAN Access Authentication And Policy Ethernet Switch Active Directory IAS/RADIUS Server PKI Server WLAN Access Auditing Wireless Access Point

  18. Credentials Manager • Users receive seamless access resources for which they have valid credentials • Provide a common UI for gathering credentials • Provide per user safe storage of related credentials • Unlock those credentials using your user logon

  19. Credentials Manager • Secure roaming storage for user credentials • Username, password • X.509 certificates (smart cards) • Passport

  20. Software Restriction Policies • Restricts execution of unmanaged code • WIN32, scripts, etc… • Not to be confused with managed code restrictions in the .NET Framework

  21. Internet Connection Firewall • Provides baseline intrusion prevention • Protects against scans for information • Denies all unsolicited inbound traffic • Stateful inspection of traffic • Configurable filtering and logging • Enabled or disabled via location aware Active Directory group policy

  22. Summary • Most security features build upon what was present in Windows 2000 Professional • New security features simplify security management and reduce risk

  23. Next Steps • Top 5 Web Resources http://www.microsoft.com/windowsxp/pro/techinfo/ http://www.microsoft.com/technet/prodtechnol/winxppro/default.asp http://www.microsoft.com/technet/prodtechnol/winxppro/reskit/prork_overview.asp http://www.nsa.gov/snac/winxp/download.htm http://www.microsoft.com/security http://www.microsoft.com/uk/security

More Related