1 / 16

Implementing Advanced Server and Client Security

Implementing Advanced Server and Client Security. Sandeep Modhvadia Security Technical Specialist http://blogs.msdn.com/sandeepm deep@microsoft.com. Agenda. Windows Server 2003 Service Pack 1 2 years on! Windows XP Service Pack 2. What are the Goals of SP1?. Enhanced Security

tegan
Download Presentation

Implementing Advanced Server and Client Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Implementing Advanced Server and Client Security Sandeep Modhvadia Security Technical Specialist http://blogs.msdn.com/sandeepm deep@microsoft.com

  2. Agenda • Windows Server 2003 Service Pack 1 • 2 years on! • Windows XP Service Pack 2

  3. What are the Goals of SP1? Enhanced Security • reduced attack surface • new security enhancements Stronger Defaults and privilege reduction on services • RPC • DCOM Support for no execute hardware • Intel • AMD Windows Firewall • Enabled for new install scenarios Provide a Security Configuration Wizard to assist IT Admins • Role-based configuration and lockdown VPN Quarantine • Client inspection • Fix-up • Isolation IIS 6.0 metabase auditing Enhanced Reliability Enhanced Performance • 10%+ improvement in TPC, TPC-H, SAP, SSL, etc.

  4. SP1 Security Features and Enhancements • Relevant XP SP2 enhancements • RPC, DCOM lockdown • Windows Firewall • Post-Setup Security Updates • Boot-time network protection for clean installs • Security Configuration Wizard • Base 64-bit extension system

  5. Windows Firewall/RPC • Goals and customer benefit • Provide by default better protection from network attacks • Focus on role-based server configuration • What we’re doing • Windows Firewall (formerly ICF) will be on by default in almost all configurations utilizing the Security Configuration Wizard • More configuration options • Group policy, command line, unattended setup • Better user interface • Boot time protection • Restrict anonymous connections to DCOM/RPC interfaces • Application impact • In-bound network connections will not be permitted by default • Listening ports only open as long as the application is running

  6. Post-Setup Security Updates • A new feature designed to protect servers between first boot and application of most recent security updates • Opens on first admin login if Windows Firewall was not explicitly enabled using unattend script or GP • Blocks inbound connections until customer clicks “Finish” on PSSU dialog box

  7. Security Configuration Wizard • Guided Attack Surface Reduction for Windows Servers • Security Coverage • Roles-Based Metaphor • Disables Unnecessary Services • Disables Unnecessary IIS Web Extensions • Blocks unused Ports, inlcuding multi-homed scenarios • Helps Secure Ports that are left open using IPSEC • Reduces protocol exposure (LDAP, NTLM, SMB) • Configures Audit Setting with high Signal to Noise • Security for mere mortals • Roles-based makes answering questions easy • Automated versus Paper-Based Guidance • Fully tested and supported by Microsoft

  8. SCW • Demo

  9. Network protection Memory protection Safer e-mail handling More secure browsing Improved computer maintenance Some updated features What is SP2? • Post-SP1 hotfixes (more regression testing) • New security technologies

  10. Windows Firewall enhancements • New and improved user interface • On by default for all network interfaces • Provides boot-time security • Global and per-interface configurations • Exceptions list (can be disallowed) • Local subnet restrictions • Command-line and better group policy management • Multiple profiles and RPC support • Unattended setup

  11. Command Line Control C:\>netsh firewall show The following commands are available: Commands in this context: show allowedprogram - Shows firewall allowed program configuration. show config - Shows firewall configuration. show currentprofile - Shows current firewall profile. show icmpsetting - Shows firewall ICMP configuration. show logging - Shows firewall logging configuration. show multicastbroadcastresponse - Shows firewall multicast/broadcast response co nfiguration. show notifications - Shows firewall notification configuration. show opmode - Shows firewall operational configuration. show portopening - Shows firewall port configuration. show service - Shows firewall service configuration. show state - Shows current firewall state.

  12. Windows Firewall Demo • Change of Scope • Multiple Interface Rules • Application Exceptions • Group Policy

  13. Internet ExplorerWindow restrictions

  14. Internet ExplorerManaging pop-ups

  15. Client Demo • Software Restriction Policies • Data Execution Prevention

More Related