C3 Security Consulting LLC
Confidentiality
Integrety
Availability		 company banner
HomeSecurityServicesVistaInformationCompany
  
floating layer default test box
Windows Vista
Overview
I.Unattended Install
II.Custom Vista Image
III.Deploying with
BDD Workbench
Creating Unattended
Application Installations
On this page:
Security Features
Functional Features
Related Links
Sysinternals Security Freeware (now owned by MS)
A great range of freeware tools for the beginner and expert alike.
Benefits of Linux
If you are undecided on what OS to use, see some of the added value of Linux.
Virtualize your OS
Not sure about formatting your machine for the latest version of whatever? try running virtualization software and keep your machine clean and intact.
Center for Internet Security
A non-profit enterprise whose mission is to help organizations reduce the risk of business and e-commerce disruptions resulting from inadequate technical security controls.
Using Active Directory to Lock Down Your Network
Microsoft Active Directory provides the means to manage the identities and relationships that make up your network environment. Find webcasts, virtual labs, and other resources that show how you can use Active Directory to help establish secure administrative policies and practices.

Vista

Print view

This page is dedicated to summarizing currently available information about Vista, including security, deployment, and functionality.

Security Features

64-Bit Kernel Patch Protection
BitLocker Drive Encryption
No More Boot.ini
Easier Smart Card Deployments
Encrypting File System Enhancements
Integrated Rights Management Services Client
Mitigating Buffer Overruns With Hardware Protection
Network Access Protection
New Logon Architecture
USB Device Control
User Account Control
Windows Defender
Windows Firewall
Windows Security Center
Windows Service Hardening
64-Bit Kernel Patch Protection

The 64-bit versions of Windows Vista support Microsoft kernel patch protection technology (sometimes referred to as PatchGuard), which prevents unauthorized software from modifying the Windows kernel. Although kernel patch protection is not a guarantee of security, by blocking unsupported and potentially malicious behavior in the kernel environment, it improves security and reliability.

BitLocker Drive Encryption

BitLocker Drive Encryption is a hardware-enabled data protection feature in Windows Vista that helps protect data on a PC when the machine is in unauthorized hands. By encrypting the entire Windows volume, it prevents unauthorized users from accessing data by breaking Windows file and system protections or attempting the offline viewing of information on the secured drive.

No More Boot.ini

The Boot.ini file is not used in Windows Vista. Instead, a new boot loader, bootmgr, reads boot configuration data from a special file named BCD. A brand new tool called bcdedit.exe (or a separate Windows Management Instrumentation or WMI provider) is used to maintain the contents of the BCD.

Easier Smart Card Deployments

Security architecture and compatibility enhancements to aid smart card deployments.

Encrypting File System Enhancements

EFS supports storing user keys as well as administrative recovery keys on smart cards. If smart cards are used for logon, EFS operates in a Single Sign On mode, where it uses the logon smart card for file encryption without further prompting for the PIN. EFS in Windows Vista can also be used to encrypt the system page file.

The Client Side Cache, which stores offline copies of files from remote servers, can also be encrypted with EFS. A number of new Group Policy options have been added to help administrators define and implement organizational policies for EFS.

Integrated Rights Management Services Client

Windows Vista includes an integrated RMS client that helps further safeguard digital information. This means being able to work with RMS-protected documents without having to install or configure any additional software. RMS also helps enterprise customers further control and protect their information by providing smart card integration and longer encryption key lengths.

Mitigating Buffer Overruns With Hardware Protection

This protection is provided through the use of NX technologies at the hardware level. NX enables software to mark sections of the computer’s memory as exclusively for data, and the processor will prevent applications and services from executing any code there. Windows Vista introduces additional NX policy controls that allow software developers to enable NX hardware protection for their code. Windows Vista also introduces improvements in heap buffer overrun detection that are even more rigorous than those introduced in Windows XP SP2.

Network Access Protection

NAP is a network access control system that lets IT administrators ensure that only “healthy” machines connect to their network, while enabling potentially “unhealthy” machines to get clean before they gain access.

New Logon Architecture

In previous versions of Windows, implementing additional security factors, such as smart cards, often required developers to rewrite the Graphical Identification and Authentication (GINA) interface. As it was not possible to use multiple GINAs simultaneously, the flexibility of security add-ons was limited. With Vista, supporting new credential types requires creating a new Credential Provider, and the Windows logon user interface can interact simultaneously with multiple Credential Providers to make use of different authentication methods.

USB Device Control

Windows Vista enables IT administrators to use Group Policy to manage or block the installation of unsupported or unauthorized devices.

User Account Control

UAC separates standard user privileges and activities from those that require administrator access. When standard users attempt to perform a task that requires administrative access, they are prompted for an administrator password to elevate their rights for just that task. For more information go to http://www.microsoft.com/technet/windowsvista/security/uacppr.mspx

Windows Defender

Windows Defender helps protect against and remove spyware, adware, rootkits, bots, keystroke loggers, control utilities and some other forms of so-called “malware.”

Windows Firewall

The Windows Firewall now includes both inbound and outbound filtering. In addition to protecting the machine from external malware, it also stops the machine being used to spread an infection to other machines.

Windows Security Center

WSC provides a background service that monitors the security status of the machine. WSC can monitor multiple vendors’ security solutions running on a PC and indicate which are enabled and up to date.

Windows Service Hardening

This comprises the concept of “restricted services”, running under the least possible privileges to limit their activities to the local machine or network. The restricted service approach significantly reduces the number of services that are capable of doing unlimited damage to a user’s machine.

Functional Features

Vista will be a steep learning curve for users. Although many new additions are below the desktop, and invisible to users, there are a lot of changes that will be very visible and not all will be welcomed. As with any new software, some training will be required. Exactly how much will depend on your IT department. The “what” and “how” of the Vista deployment will control the user experience and acceptance.

Here are a few examples of what to expect:

  • The new graphical window management system is very stylish and attractive.
  • The UAC features will give administrators and parents greater control over the access of the computer user.
  • Simplified networking controls. The new controls will make configuring a home or small network easier than before. The defaults are set to provide greater "out of the box" security levels.
  • Simplified file explorer windows, that display more information and document previews.
  • The Sidebar Gadgets can be useful. The RSS reader is very nice.
▲Top of page
Did you know?
Frozen Explorer session?
If your explorer session has stopped responding, hit CTRL+SHFT+ESC to bring up taskmanager. On the processes tab, look for explorer.exe in the Image Name column and hit the End Process button. Your windows session will now seem to disappear. It can be restarted in taskmanager by going to File>New Task (Run) and typing explorer.exe.
Scrolling system messages.
To view Linux system log messages in real-time, open a terminal window, su to root, and type tail –f /var/log/messages. You will see the system messages scroll up the screen as they occur.
Only and estimated 25% of companies report computer intrusions to law enforcement.
They site bad publicity and loss of credibility as major concerns.
Almost half of all companies surveyed spend less than 2% of their IT budget on security.
And of that figure, 40% spent less than 1% citing the engagement of senior management as a significant obstacle.
Spam problems?
Microsoft filters out over three billion spam messages a day.
Trademarks© Copyright (2006) C3 Security Consulting LLC, Washington DC. (+1 866 799 2969) - Hosted by Webmasters.com