Security Enhancements

Similar documents
SOLO NETWORK. Windows 7 At-A-Glance. For Enterprise and Mid Market SI Partners

Howard Chow Microsoft MVP. Microsoft Preliminary Information Subject To Change

Technical Overview of DirectAccess in Windows 7 and Windows Server 2008 R2. Microsoft Windows Family of Operating Systems

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Make security part of your client systems refresh

Windows 7, Enterprise Desktop Support Technician

Windows Client, Enterprise Desktop Support Technician

Standardizing Network Access Control: TNC and Microsoft NAP to Interoperate

RSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief

Endpoint Protection with DigitalPersona Pro

Computer Visions Course Outline

Mobile Data Security Essentials for Your Changing, Growing Workforce

Mobility Windows 10 Bootcamp

Vishal Shirodkar Technology Specialist Microsoft India Session Code:

Safe AutoLogon Password Server

GSE/Belux Enterprise Systems Security Meeting

Course Outline. Implementing and Managing Windows 10 Course C: 5 days Instructor Led

Integrating Microsoft Forefront Threat Management Gateway (TMG)

Microsoft Configuring Windows 8.1

Complete document security

Installing and Configuring Windows 10 5 Days, Instructor-led

Pass Microsoft Exam

50331 Windows Client, Enterprise Desktop Support Technician

Deploying Windows Server 2003 Internet Authentication Service (IAS) with Virtual Local Area Networks (VLANs)

Break Through Your Software Development Challenges with Microsoft Visual Studio 2008

GLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications

MCSA Windows Server 2012

"Charting the Course... MOC D Configuring Windows 8.1 Course Summary

Windows 10 and the Enterprise. Craig A. Brown Prepared for: GMIS

StorageTek Linear Tape File System, Library Edition

Course D:Implementing and Managing Windows 100

Yubico with Centrify for Mac - Deployment Guide

Exam /Course C or B Configuring Windows Devices

Privileged Account Security: A Balanced Approach to Securing Unix Environments

Installation Guide. EventTracker Enterprise. Install Guide Centre Park Drive Publication Date: Aug 03, U.S. Toll Free:

Installing and Configuring Windows 10

RSA Solution Brief. Providing Secure Access to Corporate Resources from BlackBerry. Devices. Leveraging Two-factor Authentication. RSA Solution Brief

Understand & Prepare for EU GDPR Requirements

CS 356 Operating System Security. Fall 2013

Centrify for Dropbox Deployment Guide

SECURE DATA EXCHANGE

Upgrading Your Skills to MCSA Windows 8

Security: The Key to Affordable Unmanned Aircraft Systems

Advanced Security Measures for Clients and Servers

Optimizing Pulse Secure Access Suite with Pulse Secure Virtual Application Delivery Controller solution

Configuring Windows 8 Course 20687A - Five days - Instructor-led - Hands-on

Google Cloud Platform: Customer Responsibility Matrix. April 2017

Business White Paper IDENTITY AND SECURITY. Access Manager. Novell. Comprehensive Access Management for the Enterprise

Teradata and Protegrity High-Value Protection for High-Value Data

Microsoft Dynamics NAV

Google Cloud Platform: Customer Responsibility Matrix. December 2018

Value of Windows Telesales Script

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

MCSA Windows Server 2012

Disk Encryption Buyers Guide

hidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION

Microsoft Office Groove Server Groove Manager. Domain Administrator s Guide

Integrating Microsoft Forefront Unified Access Gateway (UAG)

Xerox FreeFlow Print Server. Security White Paper. Secure solutions. for you and your customers

SOLUTION BRIEF RSA SECURID SUITE ACCELERATE BUSINESS WHILE MANAGING IDENTITY RISK

IBM Tivoli Directory Server

A Mobile Security Checklist: The Top Ten Threats to Your Enterprise Today. White Paper

Managing and Maintaining Windows 8

Implementing and Managing Windows 10

DigitalPersona Pro Enterprise

Implementing and Managing Windows 10

Microsoft Exchange Server SMTPDiag

Evolved Backup and Recovery for the Enterprise

Integrate Symantec Messaging Gateway. EventTracker v9.x and above

COURSE OUTLINE MOC 20697: INSTALLING AND CONFIGURING WINDOWS 10

Ramnish Singh IT Advisor Microsoft Corporation Session Code:

HIPAA Regulatory Compliance

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.1 SUCCESS AKAMAI SOLUTIONS BRIEF INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.

Updating Your Technology Knowledge of Microsoft Windows XP to Windows 7 Beta

Configuring Windows 8

COURSE B: INSTALLING AND CONFIGURING WINDOWS 10

Evolution of Cyber Security. Nasser Kettani Chief Technology Officer Microsoft, Middle East and Africa

Microsoft RemoteFX for Remote Desktop Virtualization Host Capacity Planning Guide for Windows Server 2008 R2 Service Pack 1

Troubleshooting and Supporting Windows 7 in the Enterprise

[MS20744]: Securing Windows Server 2016

USING PRODUCT PROVISIONING TO DELIVER FILES TO WINDOWS 10: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

Copyright Jetro Platforms, Ltd. All rights reserved.

Solutions Business Manager Web Application Security Assessment

PCI DSS Compliance. White Paper Parallels Remote Application Server

Course : Installing and Configuring Windows 10

Getting Started with Tally.Developer 9 Series A Release 3.0

HP Security Solutions for business PCs. Comprehensive protection measures so you can work smarter and with greater confidence.

The security challenge in a mobile world

Integrate Citrix Access Gateway

12/5/2013. work-life blur. more mobile. digital generation. multiple devices. tech. fast savvy

white paper SMS Authentication: 10 Things to Know Before You Buy

Integrate Aventail SSL VPN

Implementing and Administering Security in a Microsoft Windows 2000 Network Course 2820 Five days Instructor-led Published: February 17, 2004

8815 Centre Park Drive Columbia MD Publication Date: Dec 04, 2014

Mobile Network Access Control Extending corporate security policies to mobile devices

Protecting your data with Windows 10 BitLocker

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

Course Outline. Course Outline :: 20744A::

Troubleshooting Microsoft Windows XP-based Wireless Networks in the Small Office or Home Office

Transcription:

OVERVIEW Security Enhancements February 9, 2009 Abstract This paper provides an introduction to the security enhancements in Microsoft Windows 7. Built upon the security foundations of Windows Vista, Windows 7 responds to customer feedback to make the system more usable and manageable and contains the right security enhancements to combat the continually evolving threat landscape.

This is a preliminary document and may be changed substantially prior to final commercial release of the software described herein. The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. This White Paper is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. 2009 Microsoft Corporation. All rights reserved. Microsoft, Active Directory, ActiveX, AppLocker, BitLocker, BitLocker To Go, Internet Explorer, Windows, the Windows logo, and Windows Vista, are trademarks of the Microsoft group of companies. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA

Introduction Built upon the security foundations of Windows Vista, Windows 7 responds to customer feedback to make the system more usable and manageable and contains the right security enhancements to help combat the continually evolving threat landscape. This paper will introduce the most significant security enhancements in Windows 7 and is broken into four sections: Fundamentally Secure Platform: Windows 7 builds upon the great security enhancements pioneered in Windows Vista and responds to customer feedback to make the system more usable and manageable. Helping Secure Anywhere Access: Windows 7 provides the appropriate security controls so that users can access the information they need to be productive, whenever they need it, whether they are in the office or not. Protecting Users and Infrastructure: Windows 7 provides flexible security protection against malware and intrusions so that users can achieve their desired balance between security, control, and productivity. Protecting Data from Unauthorized Viewing: Windows 7 extends BitLocker Drive Encryption to help protect data stored on portable media (e.g., USB Flash Drives, USB Portable Hard Drives) such that only authorized users can read the data, even if the media is lost, stolen, or misused. Fundamentally Secure Platform Windows 7 builds upon the strong security lineage of Windows Vista and retains all of the development processes and technologies that have made Windows Vista the most secure version of the Windows client to date. Fundamental security features such as Kernel Patch Protection, Service Hardening, Data Execution Prevention, Address Space Layout Randomization, and Mandatory Integrity Levels continue to provide enhanced protection against malware and attacks. Windows 7 is again designed and developed using Microsoft s Security Development Lifecycle (SDL) and is engineered to support Common Criteria requirements to achieve Evaluation Assurance Level 4 certification and meet Federal Information Processing Standard 140-2. From the solid security foundation of Windows Vista, Windows 7 makes significant enhancements to the core security technologies of event auditing and User Account Control. Enhanced Auditing Windows 7 provides enhanced audit capabilities to make it easier for an organization to meet their regulatory and business compliance requirements. Audit enhancements start with a simplified management approach for audit configurations and end by providing even greater visibility into what occurs in your organization. For example, Windows 7 provides greater insight into understanding exactly why someone has access to specific information, why someone was denied access to specific information, and all of the changes made by specific people or groups. Microsoft Corporation Page 3

Streamlined UAC User Account Control (UAC) was introduced in Windows Vista to help increase security and improve total cost of ownership by enabling the operating system to be deployed without administrative privileges. Windows 7 continues the investment in UAC with specific changes to enhance the user experience: from reducing the number of operating system applications and tasks that require administrative privilege to a flexible consent prompt behavior for users who continue to run with administrative privilege. The result, standard users can do even more than ever before and all users will see fewer prompts. Security Device Support Windows 7 simplifies the process of connecting security devices to your PC, makes it easier to manage the devices you use, and helps you easily access common device-related tasks. From initial setup through day to-day use, security devices have never been easier to use in your environment Security Enhanced Storage Devices The widespread use of USB flash drives and other personal storage devices raises user concerns about the security of information on these devices. However, some users do not require the full data encryption features of BitLocker To Go. Windows 7 provides support for password protection and certificate-based authentication for IEEE 1667 compliant USB storage devices. Users can utilize password protection of IEEE 1667 storage devices to help keep data private from casual disclosure. Microsoft Corporation Page 4

Integrated Fingerprint Readers and Logon Fingerprint scanners are becoming more and more common in standard laptop configurations, and Windows 7 ensures that they work well. It s easy to set up and begin to use a fingerprint reader, and logging on to Windows using a fingerprint is more reliable across different hardware providers. Fingerprint reader configurations are easy to modify, so you can control how you log on to Windows 7 and manage the fingerprint data stored on the computer. Improved Smart Card Support Password-based authentication has well-understood security limitations; however, deploying strong authentication technologies remains a challenge for many organizations. Building upon the smart card infrastructure advances made in Windows Vista, Windows 7 eases smart card deployment through support of Plug and Play. Drivers required to support smart cards and smart card readers are automatically installed, without the need for administrative permissions or user interaction, easing the deployment of strong, two-factor authentication in the enterprise. Also, Windows 7 extends the platform support of PKINIT (RFC 5349) to include ECC-based smart cards, allowing the use of Elliptic Curve-backed certificates on smart cards for Windows Logon. Helping secure Anywhere Access Windows 7 provides the appropriate security controls so that users can access the information they need to be productive, whenever they need it, whether they are in the office or not. In addition to full support for existing technologies like Network Access Protection, Windows 7 provides a more flexible firewall, DNS Security support, and an entirely new paradigm in remote access. DNSSec Support The Domain Name System (DNS) is an essential protocol that supports many everyday Internet activities, including e-mail delivery, Web browsing, and instant messaging. However, the DNS system was designed more than three decades ago, without the security concerns we face today. DNS Security Extensions (DNSSEC) is a set of extensions to DNS that provide the security services required for today s Internet. Windows 7 supports DNSSEC as specified in RFCs 4033, 4034 and 4035, giving organizations the confidence that domain name records are not being spoofed and helping them protect against malicious activities. Multiple Active Firewall Policies In Windows Vista, firewall policy is based on the type of network connection established such as Home, Work, Public, or Domain (which is a fourth, hidden type.) However, this can present security obstacles for IT professionals when, for example, a user connected to the Internet through a Home network then uses a virtual private networking to access to the corporate network. In such a case, because the network type (and thus the firewall settings) had already been set based on the first network to which the user connected, the firewall settings appropriate for accessing the corporate network could not be applied. Windows 7 alleviates this source of pain for IT professionals through support for multiple active firewall policies, enabling user PCs to obtain and apply domain firewall profile information regardless of other Microsoft Corporation Page 5

networks that may be active on the PC. Through such capabilities, which are among the top features requested by enterprise customers, IT professionals can simplify connectivity and security policies by maintaining a single set of rules for both remote clients and clients that are physically connected to the corporate network. DirectAccess With Windows 7, working outside the office becomes simpler. DirectAccess enables remote users to access the corporate network anytime they have an Internet connection, without the extra step of initiating a VPN connection and thus increases their productivity when out of the office. For IT professionals, DirectAccess provides a more secure and flexible corporate network infrastructure to remotely manage and update user PCs. DirectAccess simplifies IT management by providing an always managed infrastructure, in which computers both on and off the network can remain healthy, managed, and updated. With DirectAccess, IT professionals maintain fine-grained control over which network resources users can access. For example, Group Policy settings can be used to manage remote user access to enterprise applications. DirectAccess also separates Internet traffic from access to internal network resources, so that users can access public Web sites without generating additional communications traffic on the corporate network. Microsoft Corporation Page 6

Best of all, DirectAccess is built upon industry standards such as IPv6 and IPsec to ensure that your enterprise communications remain safe and secure. Protecting Users and Infrastructure Windows 7 provides flexible security protection against malware and intrusions so that users can achieve their desired balance between security, control, and user productivity. AppLocker and Internet Explorer 8 are two key examples of technology investments that raise the bar for operating system protections against malware intrusion in Windows 7. AppLocker Windows 7 reenergizes application control policies with AppLocker: a flexible, easy to administer mechanism that allows IT to specify exactly what is allowed to run in the desktop infrastructure and gives users the ability to run applications, installation programs, and scripts that they require to be productive. As a result, IT can enforce application standardization within their organization while providing security, operational, and compliance benefits. AppLocker provides simple, powerful rule structures and introduces publisher rules: rules based upon application digital signatures. Publisher rules make it possible to build rules that survive application Microsoft Corporation Page 7

updates by being able to specify attributes such as the version of an application. For example, an organization can create a rule to allow all versions greater than 9.0 of the program Acrobat Reader to run if it is signed by the software publisher Adobe. Now when Adobe updates Acrobat, you can safely deploy an application update without having to build another rule for the new version of the application. Internet Explorer 8 Internet Explorer 8 delivers improved protection against security and privacy threats, including the ability to help identify malicious sites and block the download of malicious software. Privacy is enhanced through the ability to surf the Web without leaving a trail on a shared PC, and through increased choice and control over how Web sites can track user actions. Internet Explorer 8 also helps inspire confidence and trust through improved restrictions for ActiveX controls, enhanced add-on management, improved reliability (including automated crash recovery and tab restoration), and enhanced support for accessibility standards. Protecting Data from Unauthorized Viewing Each year, hundreds of thousands of computers without appropriate safeguards are lost, stolen, or decommissioned. However, data leakage is not just a physical computer issue. The ubiquity of USB Flash Drives, email communications, leaked documentation, etc. all provides other potent avenues for data to fall into the wrong hands. Windows 7 retains the data protection technologies available in Windows Vista like the Encrypting File System (EFS), built-in Active Directory Rights Management Services technology, and granular USB port controls. In addition to the incremental updates in these technologies, Windows 7 provides several significant improvements to the popular BitLocker Drive Encryption technology. BitLocker and BitLocker To Go Windows 7 addresses the continued threat of data leakage with manageability and deployment updates to BitLocker Drive Encryption and the introduction of BitLocker To Go: enhanced data protection against data theft and exposure by extending BitLocker support to removable storage devices. By extending support for BitLocker to FAT data volumes, a broader range of disk formats and devices can be supported, including USB Flash Drives and portable disk drives. This will allow users to deploy BitLocker for a broader range of data protection needs. Whether traveling with your laptop, sharing large files with a trusted partner, or taking work home, BitLocker and BitLocker To Go protected devices help ensure that only authorized users can read the data, even if the media is lost, stolen, or misused. Best of all, BitLocker protection is easy to deploy and intuitive for the end user, all the while leading to improved compliance and data security. BitLocker To Go also gives administrators control over how removable storage devices can be utilized within their environment and the strength of protection that they require. Administrators can require data protection for any removable storage device that users want to write data upon; while still allowing Microsoft Corporation Page 8

unprotected storage devices to be utilized in a read-only mode. Policies are also available to require appropriate passwords, smart card, or domain user credentials to utilize a protected removable storage device. Finally, BitLocker To Go provides configurable read-only support for removable devices on older versions of Windows allowing you to more securely share files with users who are still running Windows Vista and Windows XP. Conclusion Built upon the security foundations of Windows Vista, Windows 7 introduces the right security enhancements to give users the confidence that Microsoft is helping keep them protected. Businesses will benefit from enhancements that help protect company sensitive information, that provide stronger protections against malware and that help secure anywhere access to corporate resources and data. Consumers can enjoy the benefits of computers and the Internet knowing that Windows 7 is the state of the art at helping to protect their privacy and personal information. Finally, all users will benefit from the flexible and discoverable configurations options of the Windows 7 security help everyone achieve the right balance of security versus usability for their unique situation. Microsoft Corporation Page 9

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback