2851a_c01. microsoft windows xp service pack 2 security technologies bruce cowper it pro advisor...

2851A_C012851A_C01

Microsoft Windows XP Microsoft Windows XP Service Pack 2 Security Service Pack 2 Security TechnologiesTechnologies

Bruce CowperBruce CowperIT Pro AdvisorIT Pro Advisor

Microsoft CanadaMicrosoft Canada

Session PrerequisitesSession Prerequisites

Experience managing Windows Experience managing Windows XP Professional desktopsXP Professional desktops

An understanding of the An understanding of the deployment tools that are used deployment tools that are used to deploy Windows XP and to deploy Windows XP and updates to the desktopupdates to the desktop

Experience using Group Policy Experience using Group Policy to manage desktopsto manage desktops

Level 200

Session Prerequisites Session Prerequisites (cont.)(cont.)

OROR

The skills represented by taking:The skills represented by taking:

Course 2285 (covering Windows Course 2285 (covering Windows XP)XP)

Course 2297 (designing Active Course 2297 (designing Active Directory Directory ®® and networking) and networking)

Introduction to Windows XP Introduction to Windows XP Service Pack 2Service Pack 2

Introduction to Windows XP Service Introduction to Windows XP Service Pack 2Pack 2

Windows XP SP2 Network Protection Windows XP SP2 Network Protection FeaturesFeatures

Reducing Applications Failures by Reducing Applications Failures by Using Windows XP SP2 Memory Using Windows XP SP2 Memory Protection FeaturesProtection Features

Exploring SP2 E-Mail Handling Exploring SP2 E-Mail Handling Security Features Security Features

Browsing Securely by Using SP2Browsing Securely by Using SP2

The Need for SP2The Need for SP2

Security attack trends include:Security attack trends include:Increased uses of automation - tools for Scanning, Compromising and Propagation.

Increased uses of automation - tools for Scanning, Compromising and Propagation.

Asymmetric threats - distributed systems to attack single targets

Asymmetric threats - distributed systems to attack single targets

Increased complexity - Tool signatures more complex and difficult to detect.

Increased complexity - Tool signatures more complex and difficult to detect.

Infrastructure attacks - denial of service and worms

Infrastructure attacks - denial of service and worms

Faster detection of vulnerabilities and faster exploits.

Faster detection of vulnerabilities and faster exploits.

Firewall intrusions -harnessing ‘firewall friendly’ and ‘mobile’ code

Firewall intrusions -harnessing ‘firewall friendly’ and ‘mobile’ code

What Is New in SP2?What Is New in SP2?

New and Improved Features:New and Improved Features:

Enhanced Network Protection

New Memory Protection

More Secure E-Mail Handling

Enhanced Browser Security

Improved Computer Maintenance

Enhanced Network Protection

New Memory Protection

More Secure E-Mail Handling

Enhanced Browser Security

Improved Computer Maintenance

SP2 provides several built-in security technologies that reduce computer vulnerabilities.SP2 provides several built-in security technologies that reduce computer vulnerabilities.

How SP2 Minimizes the How SP2 Minimizes the Attack SurfaceAttack SurfaceSP2 FeaturesSP2 Features Security TechnologiesSecurity Technologies

Network ProtectionNetwork Protection

Windows FirewallWindows Firewall

Remote procedure call (RPC)Remote procedure call (RPC)

Distributed-component object modelDistributed-component object model (DCOM)(DCOM)

Memory ProtectionMemory Protection NX (Intel and AMD 64 bit processors currently)NX (Intel and AMD 64 bit processors currently)

Sandboxing (buffer overruns) & Cookies (stack Sandboxing (buffer overruns) & Cookies (stack overruns)overruns)

More Secure E-Mail More Secure E-Mail HandlingHandling

Multipurpose Internet mail extensionMultipurpose Internet mail extension (MIME)(MIME) type restrictionstype restrictions

Attachment handlingAttachment handling

Enhanced Browser Enhanced Browser SecuritySecurity

Pop-up management and crash detectionPop-up management and crash detection

Download promptDownload prompt

Improved Computer Improved Computer Maintenance Maintenance

Security CenterSecurity Center

Automatic updates & Anti Virus MonitoringAutomatic updates & Anti Virus Monitoring

Your instructor will demonstrate how to resolve a remote connectivity issue with the netsh command-line tool.

Your instructor will demonstrate how to resolve a remote connectivity issue with the netsh command-line tool.

Demonstration 1: Demonstration 1: Resolving Remote Connectivity Resolving Remote Connectivity Issues by Using the Netsh Issues by Using the Netsh Command-Line ToolCommand-Line Tool

You will see how to:You will see how to:

Allow access to MMC with Allow access to MMC with the firewall enabledthe firewall enabled

Unblock a specific port via Unblock a specific port via command line / scriptcommand line / script

SP2 Security Management SP2 Security Management Using Windows Security Using Windows Security CenterCenter

Windows FirewallConfiguration

Internet OptionsConfigurations

Antivirus Configuration

Automatic Update Configuration

Computer Running Security Center

Your instructor will demonstrate how to manage SP2 by using Security Center. Your instructor will demonstrate how to manage SP2 by using Security Center.

Demonstration 2:Demonstration 2:Managing SP2 by Using Windows Managing SP2 by Using Windows Security CenterSecurity Center

Specifically, you will learn to Specifically, you will learn to configure: configure:

The Automatic Updates The Automatic Updates optionoption

The Virus Protection The Virus Protection optionoption

Windows XP SP2 Network Windows XP SP2 Network Protection FeaturesProtection Features

Introduction to Windows XP Service Pack Introduction to Windows XP Service Pack 22


Reducing Applications Failures by Using Reducing Applications Failures by Using Windows XP SP2 Memory Protection Windows XP SP2 Memory Protection FeaturesFeatures

Exploring SP2 E-Mail Handling Security Exploring SP2 E-Mail Handling Security Features Features


New Security Features in New Security Features in Windows FirewallWindows Firewall

Boot-time security

On by default

Global configuration and restore defaults

On with no exceptions

Command-line support

Unattended setup support

RPC Support for system services

Multiple profiles

Windows firewall exceptions list

Local subnet restrictions

Windows Firewall Advanced Windows Firewall Advanced Security FeaturesSecurity Features

Advanced options include:Advanced options include:

Basic configuration ICMP optionsBasic configuration ICMP options

Ability to enable specific network interfacesAbility to enable specific network interfaces

Connection and packet logging improvementsConnection and packet logging improvements

Demonstration 3: Demonstration 3: Exploring Exploring Windows Firewall New Security Windows Firewall New Security FeaturesFeatures

You instructor will demonstrate:You instructor will demonstrate: The On by Default featureThe On by Default feature The On with No Exceptions The On with No Exceptions

featurefeature The Windows Firewall The Windows Firewall

Exceptions ListExceptions List The Restore Defaults feature The Restore Defaults feature

(advanced options)(advanced options)

Enhanced DCOM SecurityEnhanced DCOM Security

Remote ClientDCOM Server

Specific COM Specific COM PermissionsPermissionsAble to restrict rights Able to restrict rights that are available to that are available to users to individual users to individual COM serversCOM servers

Computer-wide Computer-wide RestrictionsRestrictionsRestrictions that apply to Restrictions that apply to DCOM call, activation and DCOM call, activation and launch privileges and that launch privileges and that differentiate between local differentiate between local and remote clientsand remote clients

More Secure Remote More Secure Remote Procedure CallsProcedure Calls

Remote, Anonymous Client

Firewall

RPC Servers

Processes running on Local System, Network Service, Local Service security context

Open port

Allowed

Processes claiming to be RPC Services e.g. Trojan Horses

Other

accepted restricted

Open port

Blocked

Local Client and/orAuthenticated client Group Policy

Services Disabled by Services Disabled by Default in Windows XP Default in Windows XP SP2SP2Disabled ServiceDisabled Service Before SP2Before SP2 After SP2After SP2

AlerterAlerter Set to Start Set to Start ManuallyManually

Disabled by Disabled by DefaultDefault

Windows MessengerWindows Messenger Set to Start Set to Start AutomaticallyAutomatically

Disabled by Disabled by DefaultDefault

Alternative options:Alternative options:Recommended resolution; rewrite application to use another method to Recommended resolution; rewrite application to use another method to

communicate with the usercommunicate with the userStart the Alerter or Messenger service programmatically Start the Alerter or Messenger service programmatically

Reducing Application Reducing Application FailuresFailures



Reducing Application Failures by Reducing Application Failures by Using Windows XP SP2 Memory Using Windows XP SP2 Memory Protection FeaturesProtection Features



Execution Protection (NX) Execution Protection (NX) and How It Worksand How It Works

NX features:NX features:

Memory locations tagged as nonexecutable unless location explicitly contains executable code

Memory locations tagged as nonexecutable unless location explicitly contains executable code

Buffer overrun attach protectionBuffer overrun attach protection

Currently available on some 64-bit CPUsCurrently available on some 64-bit CPUs

CPU-aided memory protectionCPU-aided memory protection

Exploring SP2 E-Mail Exploring SP2 E-Mail Handling Security FeaturesHandling Security Features




Exploring SP2 E-Mail Handling Exploring SP2 E-Mail Handling Security FeaturesSecurity Features


Attachment Manager in Attachment Manager in Outlook Express and Outlook Express and Windows MessengerWindows Messenger

New e-mail with attachment

User Running Outlook Express

User Running Windows Messenger

Different actions taken for:Different actions taken for:

Safe attachmentsSafe attachments

Unsafe attachmentsUnsafe attachments

Suspicious attachmentsSuspicious attachments

AES API

HTML Content Blocking HTML Content Blocking in Outlook Expressin Outlook Express

Content Blocking Feature:Content Blocking Feature:

Blocks external images Blocks external images

New “Don’t Download External HTML Content” feature New “Don’t Download External HTML Content” feature

Users Running Outlook Express

Web Server

Internet

Preserves the user's privacy and prevents future attacks Preserves the user's privacy and prevents future attacks

Web Server

Demonstration 4: Demonstration 4: Demonstrating and configuring Demonstrating and configuring Attachment Handling in Outlook Attachment Handling in Outlook ExpressExpress

You instructor will You instructor will demonstrate:demonstrate:

How Outlook Express How Outlook Express Handles Handles attachementsattachements

How to configure How to configure attachment handling attachment handling in Outlook Expressin Outlook Express

Browsing Securely by Browsing Securely by Using SP2Using SP2






Managing Internet Explorer Managing Internet Explorer Browser SecurityBrowser SecuritySecurity featureSecurity feature Illustrate withIllustrate with

MIME security MIME security improvementsimprovements

Consistency checksConsistency checks Stricter rulesStricter rules

Better security Better security managementmanagement

Add-on control and management featuresAdd-on control and management featuresBetter promptsBetter promptsNew script-initiated window restrictionsNew script-initiated window restrictions

Local machine Local machine zonezone

A list of steps that make up the procedureA list of steps that make up the procedureAn interface or a GUI diagram with callout An interface or a GUI diagram with callout

labels labels

Feature control Feature control security zonesecurity zone

MIME sniffingMIME sniffingSecurity elevationSecurity elevationWindows restrictionWindows restriction

Group Policy Group Policy settingssettings

Administrative control for Feature Control Administrative control for Feature Control Security ZonesSecurity Zones

Making the Local Making the Local Computer More SecureComputer More Secure Internet Explorer information Internet Explorer information

barbar Internet Explorer add-on Internet Explorer add-on

installation promptinstallation prompt Internet Explorer download Internet Explorer download

promptpromptNew file handler iconNew file handler iconNew security information area New security information area Executable files are checked for Executable files are checked for

publisher information publisher information

Outlook Express promptsOutlook Express prompts

Blocking Annoying Pop-Blocking Annoying Pop-Up WindowsUp Windows

FeatureFeature DescriptionDescriptionPop-Up Pop-Up ManagerManager Blocks unwanted pop-upsBlocks unwanted pop-ups

Window Window RestrictionsRestrictions

Controls script-initiated Controls script-initiated repositioningrepositioning

Controls script-initiated Controls script-initiated resizingresizing

Window Window PlacementPlacement

Governs the placement of Governs the placement of pop-up windowspop-up windows

Managing Add-OnsManaging Add-Ons

Add On Management and Crash Detection:Add On Management and Crash Detection:

Better add-on detectionBetter add-on detection

New add-on management featuresNew add-on management features

Demonstration 5:Demonstration 5: Popups, Popups, Scripts and Configuring Add-On Scripts and Configuring Add-On ManagementManagement

You instructor will You instructor will demonstrate:demonstrate:

The Information Bar The Information Bar with popups and with popups and scriptsscripts

How to view How to view information about information about how often the add-how often the add-ons have been used ons have been used by Internet Explorerby Internet Explorer

Session SummarySession Summary



Reducing Application Failures by Reducing Application Failures by Using Windows XP SP2 Memory Using Windows XP SP2 Memory Protection FeaturesProtection Features



Next StepsNext Steps Microsoft Canada TechnetMicrosoft Canada Technet

http://www.microsoft.com/http://www.microsoft.com/technet/canadatechnet/canada//

Find additional Technet events:Find additional Technet events:http://www.microsoft.com/http://www.microsoft.com/technet/canada/eventstechnet/canada/events//

Share information and get community-Share information and get community-based support for SP2 based support for SP2 http://http://

communities.microsoft.com/newsgroups/dcommunities.microsoft.com/newsgroups/default.asp?icpefault.asp?icp=xpsp2&slcid=us=xpsp2&slcid=us

Get additional information about Get additional information about changes to functionality in SP2 changes to functionality in SP2 http://www.microsoft.com/technet/http://www.microsoft.com/technet/

prodtechnol/winxppro/maintain/prodtechnol/winxppro/maintain/winxpsp2.mspxwinxpsp2.mspx

http://www.microsoft.com/technet/canada/



http://www.microsoft.com/technet/canada/events/



http://communities.microsoft.com/newsgroups/default.asp?icp=xpsp2&slcid=us




Questions and AnswersQuestions and Answers

2851a_c01. microsoft windows xp service pack 2 security technologies bruce cowper it pro advisor...

Documents

sp2 slide

security center slide

sp2 security management

windows xp course

sp2 security attack

virus protection option

networking slide

c01 slide