C3 Security Consulting LLC
Confidentiality
Integrety
Availability		 company banner
HomeSecurityServicesVistaInformationCompany
  
floating layer default test box
Windows Vista
Overview
I.Unattended Install
II.Custom Vista Image
III.Deploying with
BDD Workbench
Creating Unattended
Application Installations
On this page:
Security Features
Functional Features
Related Links
Micrsoft Midsize Business: Security
Use the resources below to find security solutions geared toward midsize businesses with 25 — 500 PCS.
Security Lockdown: Utilizing Standard Microsoft Tools to Secure Your Network
Learn about tools that enable end users in your organization to lock down their own environment and help protect their desktops. Find webcasts and virtual labs that provide policy strategy, tips and tricks, and prescriptive guidance to help strengthen your organization's security, without sacrificing network performance and flexibility.
linux-wlan project
The goal of the linux-wlan project is to develop a complete, standards based, wireless LAN system using the GNU/Linux operating system.
Security Focus
A great selection of tools and utilities.
Microsoft Security Bulletins
Stay current on the latest security advisories and updates.

Vista

Print view

This page is dedicated to summarizing currently available information about Vista, including security, deployment, and functionality.

Security Features

64-Bit Kernel Patch Protection
BitLocker Drive Encryption
No More Boot.ini
Easier Smart Card Deployments
Encrypting File System Enhancements
Integrated Rights Management Services Client
Mitigating Buffer Overruns With Hardware Protection
Network Access Protection
New Logon Architecture
USB Device Control
User Account Control
Windows Defender
Windows Firewall
Windows Security Center
Windows Service Hardening
64-Bit Kernel Patch Protection

The 64-bit versions of Windows Vista support Microsoft kernel patch protection technology (sometimes referred to as PatchGuard), which prevents unauthorized software from modifying the Windows kernel. Although kernel patch protection is not a guarantee of security, by blocking unsupported and potentially malicious behavior in the kernel environment, it improves security and reliability.

BitLocker Drive Encryption

BitLocker Drive Encryption is a hardware-enabled data protection feature in Windows Vista that helps protect data on a PC when the machine is in unauthorized hands. By encrypting the entire Windows volume, it prevents unauthorized users from accessing data by breaking Windows file and system protections or attempting the offline viewing of information on the secured drive.

No More Boot.ini

The Boot.ini file is not used in Windows Vista. Instead, a new boot loader, bootmgr, reads boot configuration data from a special file named BCD. A brand new tool called bcdedit.exe (or a separate Windows Management Instrumentation or WMI provider) is used to maintain the contents of the BCD.

Easier Smart Card Deployments

Security architecture and compatibility enhancements to aid smart card deployments.

Encrypting File System Enhancements

EFS supports storing user keys as well as administrative recovery keys on smart cards. If smart cards are used for logon, EFS operates in a Single Sign On mode, where it uses the logon smart card for file encryption without further prompting for the PIN. EFS in Windows Vista can also be used to encrypt the system page file.

The Client Side Cache, which stores offline copies of files from remote servers, can also be encrypted with EFS. A number of new Group Policy options have been added to help administrators define and implement organizational policies for EFS.

Integrated Rights Management Services Client

Windows Vista includes an integrated RMS client that helps further safeguard digital information. This means being able to work with RMS-protected documents without having to install or configure any additional software. RMS also helps enterprise customers further control and protect their information by providing smart card integration and longer encryption key lengths.

Mitigating Buffer Overruns With Hardware Protection

This protection is provided through the use of NX technologies at the hardware level. NX enables software to mark sections of the computer’s memory as exclusively for data, and the processor will prevent applications and services from executing any code there. Windows Vista introduces additional NX policy controls that allow software developers to enable NX hardware protection for their code. Windows Vista also introduces improvements in heap buffer overrun detection that are even more rigorous than those introduced in Windows XP SP2.

Network Access Protection

NAP is a network access control system that lets IT administrators ensure that only “healthy” machines connect to their network, while enabling potentially “unhealthy” machines to get clean before they gain access.

New Logon Architecture

In previous versions of Windows, implementing additional security factors, such as smart cards, often required developers to rewrite the Graphical Identification and Authentication (GINA) interface. As it was not possible to use multiple GINAs simultaneously, the flexibility of security add-ons was limited. With Vista, supporting new credential types requires creating a new Credential Provider, and the Windows logon user interface can interact simultaneously with multiple Credential Providers to make use of different authentication methods.

USB Device Control

Windows Vista enables IT administrators to use Group Policy to manage or block the installation of unsupported or unauthorized devices.

User Account Control

UAC separates standard user privileges and activities from those that require administrator access. When standard users attempt to perform a task that requires administrative access, they are prompted for an administrator password to elevate their rights for just that task. For more information go to http://www.microsoft.com/technet/windowsvista/security/uacppr.mspx

Windows Defender

Windows Defender helps protect against and remove spyware, adware, rootkits, bots, keystroke loggers, control utilities and some other forms of so-called “malware.”

Windows Firewall

The Windows Firewall now includes both inbound and outbound filtering. In addition to protecting the machine from external malware, it also stops the machine being used to spread an infection to other machines.

Windows Security Center

WSC provides a background service that monitors the security status of the machine. WSC can monitor multiple vendors’ security solutions running on a PC and indicate which are enabled and up to date.

Windows Service Hardening

This comprises the concept of “restricted services”, running under the least possible privileges to limit their activities to the local machine or network. The restricted service approach significantly reduces the number of services that are capable of doing unlimited damage to a user’s machine.

Functional Features

Vista will be a steep learning curve for users. Although many new additions are below the desktop, and invisible to users, there are a lot of changes that will be very visible and not all will be welcomed. As with any new software, some training will be required. Exactly how much will depend on your IT department. The “what” and “how” of the Vista deployment will control the user experience and acceptance.

Here are a few examples of what to expect:

  • The new graphical window management system is very stylish and attractive.
  • The UAC features will give administrators and parents greater control over the access of the computer user.
  • Simplified networking controls. The new controls will make configuring a home or small network easier than before. The defaults are set to provide greater "out of the box" security levels.
  • Simplified file explorer windows, that display more information and document previews.
  • The Sidebar Gadgets can be useful. The RSS reader is very nice.
▲Top of page
Did you know?
Spam problems?
Microsoft filters out over three billion spam messages a day.
Set up a firewall. Even if you just use dial-up or DSL you are fully exposed to the internet.
This is your primary defense and protects against outside attacks by screening and blocking all traffic between your network and the Internet that is not allowed. The firewall also hides computer addresses. Firewall hardware connects between the cable/ DSL modem and your computers. Windows operating systems have great built-in firewalls.
Patch management is the cheepest security fix available.
Having an automated patchmanagement system is straight forward to setup with almost no administrative overhead. Set it up once for your environment and it will do the work.
An average of $1,300 is spent per employee in companies of $10m revenue or less.
This is 10 times greater than companies with revenue of $100m - $1bn. Unable to realize the economies of scale, smaller companies spend disproportionately higher amounts on security - learn how to leverage lessons learnt by larger companies.
Who is using your computer?
Don't leave your computer whilst you are logged on. It only takes a moment for someone to send an email with your account. Always shut down at night and set a password for your screen saver so your PC will remember even if you don't.
Trademarks© Copyright (2006) C3 Security Consulting LLC, Washington DC. (+1 866 799 2969) - Hosted by Webmasters.com