1 / 14

Implementing Client Security on Windows 2000 and Windows XP Level 150

Implementing Client Security on Windows 2000 and Windows XP Level 150. Sandeep Modhvadia Security Technical Specialist http://blogs.msdn.com/sandeepm deep@microsoft.com. The Defense-in-Depth Model. Policies, Procedures, & Awareness. Physical Security. Data. ACLs, encryption, EFS.

lawrencia
Download Presentation

Implementing Client Security on Windows 2000 and Windows XP Level 150

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Implementing Client Security on Windows 2000 and Windows XPLevel 150 Sandeep Modhvadia Security Technical Specialist http://blogs.msdn.com/sandeepm deep@microsoft.com

  2. The Defense-in-Depth Model Policies, Procedures, & Awareness Physical Security Data ACLs, encryption, EFS Application Application hardening, antivirus OS hardening, authentication, patch management, HIDS Host Internal Network Network segments, IPSec, NIDS Firewalls, Network Access Quarantine Control Perimeter Guards, locks, tracking devices Security documents, user education

  3. Implementing Network & Perimeter Security Next Implementing Advanced Server and Client Security Wednesday: 11:00 – 1215 Implementing Application & Data Security Wednesday: 0930 – 1045 Wireless Security: Let the Nightmare End! Wednesday: 15:50 – 17:05

  4. Client Attack Vectors Malicious Web content Malicious e-mail attachments Buffer overrun attacks Port-based attacks

  5. Enterprise Attack Vectors Potentially infected remote client Potentially infected local client

  6. Threats Vectors & Countermeasures • Group Policy Overview • Web / Email • Applications • Remote Network Attacks • WorkStation Lockdown • Remediation

  7. Group Policy Overview • Centralised management & control • The Windows XP administrative templates have over 850 settings • The Windows XP Security Guide includes 10 additional administrative templates • Two domain templates that contain settings for all computers in the domain • Two templates that contain settings for desktop computers • Two templates that contain settings for laptop computers • Registry & Local Admin • Scripts and Local Policy

  8. Web / Email • Browser Lockdown • Disable Everything? • Sign Active X • Add on manager • URL Access lists • Trusted Sites prevents phishing • Pop Ups • Security risk – not just a nuisance • Attachments / SPAM • Stop unmanaged IM • Internal Applications • Internet Explorer 7

  9. Applications • Patching Applications (& Servers) • Hardening Applications • Windows/Microsoft Update Services • Application Data • No Execute – hardware / software (GS Flag) • Internet Connectivity • Application Trust • Software Restriction Policies • Administrator Access

  10. Remote Network Attacks • Windows Firewall • Boot Time Protection • Roaming Profiles / Management • 3rd Party Integration • Egress Filtering • Wireless Security • SSID, Macs, WEP, WPA • Remote Access • VPN, SSL Apps, Web Apps

  11. Local Threats • Local Administrators • Strong Passwords • Access Control Lists & Encryption • Hard Drive Removal • Cracking Tools • Keyloggers….. • Auditing • BIOS Locks • Multi Factor Authentication • Locking Machines • USB / Devices

  12. Countermeasures • Firewalls • Antivirus / Anti Spyware • Application / OS Lockdown • Patch Management • User education

  13. Event Information What’s Next? Technical Roadshow Post Event Website www.microsoft.com/uk/techroadshow/postevents Available from Monday 18th April Please complete your Evaluation Forms

  14. © 2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only.MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.

More Related