170 likes | 176 Views
Windows XP SP2 & Windows Server 2003 SP1. Sandeep Modhvadia | Security Technical Specialist. Agenda. Windows XP Service Pack 2 Windows Server 2003 Service Pack 1 2 years on!. Client Attacks. Malicious Web content. Malicious e-mail attachments. Buffer overrun attacks. Port-based attacks.
E N D
Windows XP SP2 & Windows Server 2003 SP1 Sandeep Modhvadia | Security Technical Specialist
Agenda • Windows XP Service Pack 2 • Windows Server 2003 Service Pack 1 • 2 years on!
Client Attacks Malicious Web content Malicious e-mail attachments Buffer overrun attacks Port-based attacks
To help protect all computers connected to the Internet or an internal network To enable a safer Internet experience for the most common Internet tasks To provide system-level protection for the base operating system To ensure that updates are easier and quicker to deploy Protection Technologies NetworkProtection Safer Weband Email MemoryProtection ImprovedMaintenance
Protection Technologies • Windows Firewall • Reduction of attack surface of a Windows XP computer • More secure infrastructure for DCOM • Windows Messenger Service is off by default NetworkProtection Safer Weband Email MemoryProtection ImprovedMaintenance
Protection Technologies • Windows Firewall • Reduction of attack surface of a Windows XP computer • The RPC service runs with reduced privileges • no longer accepts unauthenticated connections by default • More secure infrastructure for DCOM • Windows Messenger Service is off by default NetworkProtection Safer Weband Email MemoryProtection ImprovedMaintenance
Protection Technologies • Blocking of un-requested pop-ups • More control over Active-X controls • More control over downloads • More control over attachments NetworkProtection Safer Weband Email MemoryProtection ImprovedMaintenance
Protection Technologies • What is a buffer overrun? • Technologies to reduce exploitation of buffer overruns NetworkProtection Safer Weband Email MemoryProtection ImprovedMaintenance
Protection Technologies • Windows Security Center • Automatic Update enhancements • Group Policy management of security features • New Wireless LAN client • Bluetooth update • SmartKey Wireless Setup NetworkProtection Safer Weband Email MemoryProtection ImprovedMaintenance
What are the Goals of SP1? Enhanced Security • reduced attack surface • new security enhancements Stronger Defaults and privilege reduction on services • RPC • DCOM Support for no execute hardware • Intel • AMD Windows Firewall • Enabled for new install scenarios Provide a Security Configuration Wizard to assist IT Admins • Role-based configuration and lockdown VPN Quarantine • Client inspection • Fix-up • Isolation IIS 6.0 metabase auditing Enhanced Reliability Enhanced Performance • 10%+ improvement in TPC, TPC-H, SAP, SSL, etc.
SP1 Security Features and Enhancements • Relevant XP SP2 enhancements • RPC, DCOM lockdown • Windows Firewall • Post-Setup Security Updates • Boot-time network protection for clean installs • Security Configuration Wizard • Base 64-bit extension system
Windows Firewall/RPC • Goals and customer benefit • Provide by default better protection from network attacks • Focus on role-based server configuration • What we’re doing • Windows Firewall (formerly ICF) will be on by default in almost all configurations utilizing the Security Configuration Wizard • More configuration options • Group policy, command line, unattended setup • Better user interface • Boot time protection • Restrict anonymous connections to DCOM/RPC interfaces • Application impact • In-bound network connections will not be permitted by default • Listening ports only open as long as the application is running
Post-Setup Security Updates • A new feature designed to protect servers between first boot and application of most recent security updates • Opens on first admin login if Windows Firewall was not explicitly enabled using unattend script or GP • Blocks inbound connections until customer clicks “Finish” on PSSU dialog box
Security Configuration Wizard • Guided Attack Surface Reduction for Windows Servers • Security Coverage • Roles-Based Metaphor • Disables Unnecessary Services • Disables Unnecessary IIS Web Extensions • Blocks unused Ports, inlcuding multi-homed scenarios • Helps Secure Ports that are left open using IPSEC • Reduces protocol exposure (LDAP, NTLM, SMB) • Configures Audit Setting with high Signal to Noise • Security for mere mortals • Roles-based makes answering questions easy • Automated versus Paper-Based Guidance • Fully tested and supported by Microsoft
Welcome to this TechNet Event • FREE bi-weekly technical newsletter • FREE regular technical events hosted across the UK • FREE weekly UK & US led technical webcasts • FREE comprehensive technical web site • Monthly CD / DVD subscription with the latest technical tools & resources • FREE quarterly technical magazine We would like to bring your attention to the key elements of the TechNet programme; the central information and community resource for IT professionals in the UK: To subscribe to the newsletter or just to find out more, please visit www.microsoft.com/uk/technet or speak to a Microsoft representative during the break