140 likes | 681 Views
Windows Vista Security David Kenney Christopher Lange Background Windows Vista is Microsoft’s most current operating system Vista offers new security features: Windows Defender User Account Control Windows Firewall with Advanced Security Windows Defender
E N D
Windows Vista Security David Kenney Christopher Lange
Background • Windows Vista is Microsoft’s most current operating system • Vista offers new security features: • Windows Defender • User Account Control • Windows Firewall with Advanced Security
Windows Defender • Microsoft’s anti-spyware program now integrated with the Windows Vista operating system • Designed to detect, remove, and prevent spyware • Supports not only scanning, but real-time protection
User Account Control (UAC) • Windows Vista security infrastructure • Applications run with standard user privileges until an administrator authorizes an increase in privilege • Much criticism over the number of prompts a user can receive from UAC requesting authorization
Windows Firewall with Advanced Security • Not accessible by default, but can easily be accessed • Allows for more advanced control of the firewall including: • Firewall Profiles • IPSec Configuration • Connection Security Rules • Inbound/Outbound Rules • Rules Monitoring
Introduction • The lab will require a new hard drive with Windows Vista pre-installed and the following software available NAS: • Cain & Abel • F-Secure BlackLight Rootkit Eliminator • Ophcrack LiveCD • Regtick • Scoundrel Simulator • Trojan Simulator • Spybot Search & Destroy with Detection Update
Lab Procedure • UAC and Windows Defender will be introduced, tested, and compared with Spybot Search & Destroy • Applications such as Trojan Simulator, Regtick, and Scoundrel Simulator will be used with various privileges to test how UAC and Windows Defender will react
Lab Procedure • The Windows Firewall with Advanced Security configuration will be introduced • Writing custom rules for situations such as blocking Nmap scans as was done in previous labs for Linux and Windows third party software
Lab Procedure • Password cracking of Windows Vista user accounts using Ophcrack, Cain & Abel, and rainbow tables • Vista does not use LM hashes, but stores passwords in the SAM file making them harder to crack • Can be done with NTLM hashes fairly easily if the password is weak
Lab Procedure • Rootkits and backdoors are always a prominent threat • We were unable to acquire any means of attacking Vista, but the DFK ThreatSimulator or similar program may one day be updated to do so • F-Secure BlackLight Rootkit Eliminator is a scanning program that is capable of checking Vista for rootkits
Lab Procedure • Worms and viruses are a serious threat to all Windows operating systems • We were unable to acquire any new worms or viruses, so we used the AnnaKournikova.jpg.vbs worm from a previous lab to demonstrate the need for updated anti-virus software
Conclusion • Throughout the semester we have done numerous attacks and learned security techniques for both RedHat and Windows XP • Windows Vista is still fairly new and no labs cover the new security features it offers and how effective they may or may not be