1 / 39

Windows 7 for IT Professionals Part 1: Security and Control

Windows 7 for IT Professionals Part 1: Security and Control. Donald Hester May 4, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 227625. Housekeeping. Maximize your CCC Confer window. Phone audio will be in presenter-only mode.

cullen
Download Presentation

Windows 7 for IT Professionals Part 1: Security and Control

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Windows 7 for IT Professionals Part 1:Security and Control Donald Hester May 4, 2010 For audio call Toll Free 1-888-886-3951 and use PIN/code 227625

  2. Housekeeping • Maximize your CCC Confer window. • Phone audio will be in presenter-only mode. • Ask questions and make comments using the chat window.

  3. Adjusting Audio • If you’re listening on your computer, adjust your volume using the speaker slider. • If you’re listening over the phone, click on phone headset. Do not listen on both computer and phone.

  4. Saving Files & Open/close Captions • Save chat window with floppy disc icon • Open/close captioning window with CC icon

  5. Emoticons and Polling • Raise hand and Emoticons • Polling options

  6. Donald Hester Windows 7 for IT Professionals Part 1:Security and Control

  7. Session Overview • User Account Control • Windows BitLocker™ and Windows BitLocker To Go™ • Windows AppLocker™ • Windows Defender

  8. User Account Control • User Groups • UAC Security Settings • Modify User Account Control Settings

  9. User Groups User Groups • Standard Users • Administrators

  10. UAC Security Settings • Admin Approval Mode for the Built-in Administrator account • Allow UIAccess applications to prompt for elevation without using the secure desktop • Behavior of the elevation prompt for administrators in Admin Approval Mode • Behavior of the elevation prompt for standard users • Detect application installations and prompt for elevation • Only elevate executables that are signed and validated • Only elevate UIAccess applications that are installed in secure locations • Run all administrators in Admin Approval Mode • Virtualize file and registry write failures to per-user locations

  11. UAC in GPO

  12. Modify User Account Control Settings

  13. UAC Slide Bar

  14. BitLocker and BitLocker To Go • Hardware Requirements for BitLocker Drive Encryption • BitLocker Functionality • BitLocker To Go • Locate a Recovery Password

  15. Hardware Requirements for BitLocker Drive Encryption Encryption and decryption key Hard drive • A computer with Trusted Platform Module (TPM) • A removable USB memory device. • Have at least two partitions • Have a BIOS that is compatible with TPM and supports USB devices during computer startup.

  16. Spectrum Of Protection ******* BDE offers a spectrum of protection allowing customers to balance ease-of-use against the threats they are most concerned with.

  17. BitLocker Functionality Save recovery information in one of these formats • A 48-digit number divided into eight groups. • A Recovery Key in a format that can be read directly by the BitLocker recovery console. Configure how to access an encrypted drive Use the Set BitLocker startup preferences window. • Select an access option: • USB • Enter the Passphrase by using function keys • No key

  18. Performance & Security • 4 levels of AES encryption • 128 & 256 bit • the diffuser is a new unproven algorithm • diffuser runs in about 10 clock cycles/byte • Combination with AES-CBC for performance & security

  19. BitLocker To Go • Extends BitLocker Drive Encryption to portable devices ü • Manageable through Group Policy ü • Users choose to encrypt portable devices and use them to their fullest capabilities or leave them unencrypted and have them be read-only ü • Enable BitLocker Drive Encryption by right-clicking the device and then clicking Turn On BitLocker ü • Data on encrypted portable devices can be accessed from computers that do not have BitLocker enabled ü • BitLocker can be configured to unlock with one of the following: • Recovery Password or passphrase • Smart Card • Always auto-unlock this device on this PC ü

  20. BitLocker-to-Go Format View on Down-Level System

  21. Prevent unencrypted use

  22. BitLocker to Go

  23. Locate a Recovery Password Conditions that must be true: Before providing a password to a user: Be a domain administrator or have delegated permissions The client’s BitLocker recovery information is configured to be stored in AD The client’s computer has been joined to the domain BitLocker Drive Encryption must be enabled on the client’s computer • Confirm the person is the account owner and is authorized to access data on the computer in question • Examine the returned Recovery Password to make sure that it matches the Password ID that was provided by the user

  24. AppLocker • AppLocker Definition and Setup • Application Rules • Enforce and Validate AppLocker Rules

  25. Definition and Setup AppLocker Default rules • Enables IT professionals to specify exactly what is allowed to run on user desktops • Allows users to run the applications, installation programs, and scripts that they need to be productive • Prevent non-administrator users from running programsinstalled in their user profile directory • Make sure key operating system files run for all users • Can be recreated at anytime ü ü ü ü ü

  26. Application Rules

  27. Enforce and Validate AppLocker Rules Enforcement • In Local Security Policy, Configure Rule Enforcement area • Refresh computer’s policy with gpupdate /force

  28. Windows Defender • Overview • Alert Levels • Windows Defender Tasks

  29. Overview Three ways to help protect the computer: Definitions Real-time protection (RTP) The SpyNet community Scanning options • Used to determine if software that it detects is spyware or other potentially unwanted software, and then to alert you to potential risks. • Works with Windows Update to automatically install new definitions as they are released. • Set Windows Defender to check online for updated definitions before scanning.

  30. Alert Levels Help you choose how to respond to spyware and potentially unwanted software • Severe - remove this software immediately. • High - remove this software immediately. • Medium - review the alert details, consider blocking the software. • Low - review the alert details to see if you trust the publisher. Actions • Quarantine – software is moved to another location on the computer; prevents the software from running until you choose to restore or remove it from the computer. • Remove - permanently deletes the software from the computer. • Allow - adds the software to the Windows Defender allowed list and allows it to run on the computer. Add software to the allowed list only if you trust the software and the software publisher.

  31. Windows Defender Tasks • Turn on Windows Defender ü • Enable real-time protection ü • Automatically check for new definitions ü • Schedule a scan ü • Manually scan for new definitions ü • Windows Defender helps automatically remove malicious software.

  32. Windows Defender • Performance enhancement • Removed the Software Explorer tool

  33. Session Summary Security and User Productivity Enhancements • Customizable UAC requires fewer instances of elevation prompts • Manageable through Group Policy BitLocker and BitLocker To Go • BitLocker To Go extends BitLocker Drive Encryption to password-protected portable media • Users choose to encrypt drive or leave read-only • Manageable through Group Policy AppLocker • Provides a rule-based structure to specify which applications are available to which end users • Create default rules first • View rule event information in the Event Viewer WindowsDefender • Integrated with Action Center • Provides an improved user experience when scanning for spyware or manually checking for updates.

  34. Donald E. Hester CISSP, CISA, CAP, MCT, MCITP, MCTS, MCSE Security, Security+ Maze & Associates @One / San Diego City College www.LearnSecurity.org http://www.linkedin.com/in/donaldehester http://www.facebook.com/group.php?gid=245570977486 Q&A

  35. Evaluation Survey Link Help us improve our seminars by filing out a short online evaluation survey at: http://www.surveymonkey.com/s/10SpWinIT1

  36. Thanks for attending For upcoming events and links to recently archived seminars, check the @ONE Web site at: http://onefortraining.org/ Windows 7 for IT Professionals Part 1:Security and Control

More Related