Business Value Launch /27/2017 2:28 AM

Slides:



Advertisements
Presentazioni simili
Principali caratterisitche di sicurezza
Advertisements

Windows Server 2003 Active Directory Diagnostica, Troubleshooting e Ripristino PierGiorgio Malusardi IT Pro – Evangelist Microsoft.
Servizi integrati e completi per la piccola impresa Andrea Candian.
Overview. Agenda Hardware per Windows Vista Sicurezza e Protezione Dati Affidabilità e prestazioni Installazione e distribuzione Produttività
ISA Server 2004 Enterprise Edition Preview. ISA Server 2004.
ISA Server 2004 Configurazione di Accessi via VPN
Business Value Launch /27/2017 2:27 AM
La riduzione dei privilegi in Windows
Windows Server 2003 SP1 Security Configuration Wizard PierGiorgio Malusardi IT Pro Evangelist Microsoft.
Introduzione ad Active Directory
Liberiamo(ci) (dal)le applicazioni con Softgrid
Fatti e misfatti dei protocolli di autenticazione LM, NTLM e Kerberos
Sicurezza e protezione dei dati
La sicurezza delle reti Wireless
Configuring Network Access
Attivazione Piergiorgio Malusardi IT Pro Evangelist
Sharepoint Gabriele Castellani
| | Microsoft Certificate Lifecycle Manager.
Branch office update – SP2. Agenda Messa in esercizio degli uffici remoti Compressione HTTP Differentiated Services Cache di BITS.
Overview Aldo Tuberty Vilà.
In aula Piergiorgio Malusardi IT Pro Evangelist
Windows XP SP 2 e Office 2003 I dati nel vostro PC sempre sicuri Come rendere sicuro il proprio computer… …ed ottenere la massima produttività Aldo Tuberty.
Windows Server 2003 Service Pack 1 Anteprima Tecnica.
1 I KEYLOGGERS COSA SONO CONTROMISURE UN ESEMPIO.
Sicurezza e Policy in Active Directory
Sicurezza e Policy in Active Directory. Sommario Amministrazione della sicurezza in una rete Windows 2003 Amministrazione della sicurezza in una rete.
Amministrazione di una rete con Active Directory
Amministrazione di una rete con Active Directory.
Amministrazione di una rete con Active Directory
SEVER RAS.
Uso di openafs Come usare il tool openafs per accedere e gestire i propri files sotto AFS.
File System NTFS 5.0 Disco: unità fisica di memorizzazione
09/01/041Security Sicurezza del sistema di rete Non è necessaria per il funzionamento della rete, ma è auspicabile per semplificarne la gestione. Consente.
CORSO OPERATORE AVANZATO
La sicurezza può essere fornita in ciascuno degli strati: applicazione, trasporto, rete. Quando la sicurezza è fornita per uno specifico protocollo dello.
Novità nelle tecnologie per il Web
Supporto nativo e avvio da dischi VHD
"Non-Admin" Developing "Non-Admin" Developing Fabio Santini.NET Senior Developer Evangelist Microsoft Italy.
Guida IIS 6 A cura di Nicola Del Re.
Microsoft Dynamics CRM 4.0
ITA through CASA Microsoft Italy Education – Partners in Learning.
Microsoft Windows Server licensing in ambienti virtualizzati
L’applicazione integrata per la gestione proattiva delle reti IT
Network Access Protection (NAP): la soluzione di policy enforcement in Windows Server 2008 R2 PierGiorgio Malusardi IT Pro Evangelist Microsoft Italia.
Fabrizio Grossi Verifica delle attività. L'operato degli amministratori di sistema deve essere oggetto, con cadenza almeno annuale, di un'attività
Configurazione in ambiente Windows Ing. A. Stile – Ing. L. Marchesano – 1/23.
Un problema importante
Configurazione di una rete Windows
Lezione 1 Approccio al sistema operativo : la distribuzione Knoppix Live Cd Knoppix 3.6 Interfacce a caratteri e grafica: console e windows manager File.
Installazione Come tecnico, si potrebbe aver necessità di effettuare una installazione pulita di un sistema operativo. L'esecuzione di una installazione.
IPSec Fabrizio Grossi.
Francesca Di Massimo Security Lead Microsoft Italia Catania 22 settembre 2006 La Strategia Microsoft per la sicurezza dei sistemi.
A cura di: Huber Roberto, Zaharulko Nicola, Debernardi Daniele.
Virtualization by Security A novel antivirus for personal computers Università degli Studi di Bergamo Corso di Laurea Specialistica In Ingegneria Informatica.
Esempio di un volume RAID-5
Microsoft Confidential Gabriele Castellani Developer & Platform Evangelism Microsoft.
Distribuzione controllata del software con Systems Management Server 2003 Fabrizio Grossi.
Certificati e VPN.
Extension pack per IIS7 Piergiorgio Malusardi IT Pro Evangelist
Ricerca degli errori in IIS7 Piergiorgio Malusardi IT Pro Evangelist
Panoramica generale di "Questo è NAV" Benvenuti Controllo Margine Crescita Introduzione Customer Evidence Dimostrazione Introduzione Customer Evidence.
Prof. Giuseppe Mastronardi 1 SAM Security Account Manager debolezze ed hardening di Windows XP POLITECNICO DI BARI Sicurezza dei Sistemi Informatici.
Dominio Windows ai LNF Frascati 17/02/2012 Tomaso Tonto Laboratori Nazionali di Frascati.
La gestione della rete e dei server. Lista delle attività  Organizzare la rete  Configurare i servizi di base  Creare gli utenti e i gruppi  Condividere.
Bing SMB Advertisers – Search Ads
Agenda Il problema della protezione dei dati
“Costi di salvataggio e parametri di valutazione” Guglielmo Camera
Windows Admin Center La rivoluzione della gestione di Windows Server
12/8/ :31 PM DIO È SUSSURRO E BREZZA,
Build /13/2019 ASP.NET Core Web API all’opera Problemi veri nello sviluppo di un backend vero Marco Minerva Microsoft MVP Windows Development
Transcript della presentazione:

Business Value Launch 2006 3/27/2017 2:28 AM © 2006 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Sicurezza e gestione 3/27/2017 2:28 AM © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Agenda Bitlocker Driver Encryption User Account Protection Internet Explorer 7 Hardening dei servizi Windows Vista firewall Altre novità Nuova autenticazione per RDP Novità nell’auditing

BitLocker Drive Encryption e TBS Vista enterprise e ultimate Verifica l’integrità di del sistema Cripta interi volumi compresi file di swap e di ibernazione, chiavi di registry e file di configurazione Usa TPM v1.2 per validare i componenti pre-OS Metodi di protezione e autenticazione personalizzabili Protezione Pre-OS Chiave di avvio su USB, PIN Driver Microsoft per TPM Stabilità e sicurezza TPM Base Services (TBS) Abilita applicazioni di terze parti Backup su Active Directory Backup automatico delle chiavi su AD Supporto nelle Group Policy Gestione via script Gestione TPM Gestione BitLocker Tool CLI Dismissione sicura Cancellazione della chiave e riuso BitLocker Drive Encryption is a data protection feature available in Windows Vista Enterprise and Windows Vista Ultimate for client computers and in Windows Server "Longhorn.” BitLocker is a response by Microsoft to one of our top customer requests: address the threats of data theft or exposure from lost, stolen or inappropriately decommissioned PC hardware with a tightly integrated solution in the Microsoft Windows Operating System. BitLocker prevents a thief who boots another operating system or runs a software hacking tool from breaking Windows Vista file and system protections or performing offline viewing of the files stored on the protected drive. BitLocker enhances data protection by bringing together two major sub-functions: system volume encryption and the integrity checking of early boot components. Drive encryption protects data by preventing unauthorized users from breaking Windows file and system protection on lost or stolen computers. The entire system volume is encrypted including the swap and hibernation files. Integrity checking the early boot components helps to ensure that data decryption is performed only if those components appear tamper-free and that the encrypted drive is located in the original computer. BitLocker offers the option to lock the normal boot process until the user supplies a PIN, much like an ATM card PIN, or inserts a USB flash drive that contains keying material. These added security measures provide multi-factor authentication and assurance that the computer will not boot or resume from hibernation until the correct PIN or USB flash drive are presented. Finally, BitLocker provides enhanced recovery options. BitLocker has a disaster recovery console integrated into the early boot components to provide for data retrieval. In the default setting, BitLocker requires no user actions, and even activation itself can be done remotely and automatically. By being tightly integrated with Windows Vista, BitLocker provides a seamless, secure, and easily manageable data protection solution for the enterprise. For example, BitLocker optionally leverages an enterprise’s existing Active Directory Domain Services infrastructure to remotely escrow recovery keys. Based upon policy, BitLocker can also be set to backup keys and passwords onto a USB dongle or to a file location. A recovery password should also be set by the administrator so Windows operation can continue as normal. [BUILD1] With Windows XP, on a dual-boot system with the volume protected by BitLocker, you will be prompted to format the drive. [BUILD2] Now with Windows Vista, you will be denied access.

Richieste hardware Trusted Platform Module (TPM) v1.2 3/27/2017 2:28 AM Trusted Platform Module (TPM) v1.2 Modulo tipo smartcard presente sulla motherboard Esegue funzioni crittografiche (RSA, SHA-1, RNG) Crea, salva e gestisce chiavi crittografiche Esegue operazioni di firma digitale Mantiene le misure (hash) della piattaforma Ancora catena di fiducia per le chiavi e credenziali Si autoprotegge dagli attacchi Firmware (Convenzionale o EFI BIOS) compatibile TCG Stabilisce una catena della fiducia per la parte di boot pre-OS Deve supportare le Static Root Trust Measurement (SRTM) specificate da TCG Vedere a www.trustedcomputinggroup.org © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Struttura del disco MBR Le partizioni criptate dell’OS contengono: OS criptato Page file criptato File temporanei criptati Dati criptati File di ibernazione criptato MBR La System Partition contiene utility per il boot (non criptate, 50MB)

Platform Configuration Registers 3/27/2017 2:28 AM Funzionamento del TPM PCR[15] Reset di tutti i registri e trasferimento dell’esecuzione al Core Root of Trust Measurement Misura della successiva porzione del firmware in PCR[0] e dei dati in in PCR[1] (Test hardware e configurazione) Codice sempre misurato prime di essere eseguito Misure sono hash SHA-1 dei dati/codice controllato concatenati con hash nel PCR precedente Misure scritte in modo permanente nel PCR Opzioni di ROM e dati in PCR[2] e [3] MBR in PCR[4], tabella delle partizioni in PCR[5] PCR[14] PCR[13] PCR[12] PCR[11] PCR[10] PCR[9] PCR[8] Platform Configuration Registers PCR[7] PCR[6] PCR[5] PCR[4] PCR[3] PCR[2] PCR[1] PCR[0] © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Platform Configuration Registers 3/27/2017 2:28 AM Funzionamento del TPM PCR[15] Controllo passato a MBR; Carica il primo settore della partizione di boot attiva in memoria Misura i primi 512 byte in PCR[8] Caricamento del settore di boot Misurazione del rimanente in PCR[9] e trasferimento dell’esecuzione Codice di boot misura BOOTMGR in PCR[10] e trasferisce l’esecuzione Ogni ulteriore applicazione di boot deve essere caricata dalla sola partizione criptata Il BOOTMGR trasferisce il controllo al sistema operativo OS verifica integrità di ogni eseguibile caricato PCR[14] PCR[13] PCR[12] PCR[11] PCR[10] PCR[9] PCR[8] Platform Configuration Registers PCR[7] PCR[6] PCR[5] PCR[4] PCR[3] PCR[2] PCR[1] PCR[0] © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Backup delle chiavi Per macchine in dominio (raccomandato) Backup automatico Configurare Group Policy per salvare chiavi in AD Gestione e salvataggio delle chiavi centralizzate Macchine non in dominio Backup su device USB Backup su un servizio di storage web-based OEM o 3ze-parti possono creare servizi Backup su file Stampa o registrazione du mezzo fisico

Ripristino in caso di problemi 3/27/2017 2:28 AM Abilitazione della funzione Deposito della chiave per esempio via AD L’utente rompe il computer HD della macchina rotta inserito nella nuova macchina Accesso alla rete via AD Utente chiama SysAdmin SysAdmin sblocca e fornisce la chiave utente dopo aver verificato le credenziali © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Configurare Active Directory Per salvare le chiavi di ripristino in AD: Tutti i DC devono essere al minimo Win2K3SP1 Applicare l’estensione dello schema per avere gli attributi aggiuntivi (già presente in Windows Server Longhorn) Configurare i permessi sugli oggetti BitLocker e TPM Recovery Information nello schema Se ci sono più foreste, estendere lo schema di tutte le foreste che devono avere macchine con BitLocker Dare diritti di lettura agli utenti che dovranno poter essere assistiti

Configurare le Group Policy Impostazioni per BitLocker in group policy Turn on AD backup of BDE recovery information Turn on AD backup of TPM recovery information Configure UI experience Abilitare il controllo del power management per macchine con BitLocker Impedire lo sleep mode (default) Impedire agli utenti la modifica di questa configurazione

EFS e Bitlocker EFS BitLocker Fornisce sicurezza nel contesto utente Migliorato in Windows Vista per incrementare la sicurezza fornita all’utente (smartcards) Non misura l’integrità dei singoli componenti del processo di boot Non fornisce protezione offline per l’OS, file temporanei, file di swap e di ibernazione BitLocker Fornisce sicurezza nel contesto macchina – pensato per proteggere l’OS Protegge tutti i settori sul volume di installazione di Windows, inclusi i file temporanei, i file di swap e ibernazione. Non fornisce sicurezza a livello utente Sono tecnologie complementari che possono coesistere fianco a fianco sullo stesso volume o su volumi diversi

User Account Control Lavorare come Administrator è rischioso 3/27/2017 2:28 AM Lavorare come Administrator è rischioso Spyware e Viruses rovinano le macchine Difficile controllare gli utenti enterprise Applicazioni che richiedono privilegi di amministratore Applicazioni disegnate per Win9x: tutti amministratori Applicazioni non disegnate per utenti standard Problemi: Accesso a file e voci di registry condivisi Molte attività comuni in Windows richiedono privilegi di amministratore Running as Administrator is costly: When you run as Administrator, every application that runs on your machine has the potential to take over the machine, wipe your hard drive, corrupt the OS. This makes simple tasks like browsing the web or checking email inherently unsafe. In the enterprise, having users be the local administrators on their machine makes it very difficult to control what happens on the machine. Users can install\uninstall new applications, making the environment very inconsistent, and hard to manage. They can unknowingly put the data and corporate network at risk. This greatly increases costs for the IT department, and can increase risk for the company. So why doesn’t everyone just run as Standard User today? After all, it does exist Operating systems after Windows 98. The answer is that many applications simply don’t work when run as Standard user. They perform admin operations, because they are designed with the Windows 98 guidance in mind. Windows 98 had no notion of different users, so everyone had to be an Administrator. On top of that, even simple windows tasks don’t work as non-Admin. The windows experience is dramatically deteriorated when running as Standard User. Tasks like changing the windows clock require administrator privilege, and will not work. This makes it very difficult, if not impossible, to run an enterprise users with Least Privilege, and therefore hard to control what happens on the corporate network. © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Utente standard in Vista può fare di più 3/27/2017 2:28 AM Modifica della time zone Configurazione di connessioni wireless (WEP/WPA) sicure Modifica delle impostazioni di power management Creazione e configurazione di VPN Aggiungere device che hanno già driver installati o ammessi dalle policy Lo scudo indica in modo chiaro e consistente cosa non può fare un utente normale © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Virtualizzazione di file e registry 3/27/2017 2:28 AM Es. Internet Explorer I tentativi di scrittura non autorizzati vengono spostati in HKCU\Software\Microsoft\Internet Explorer\Low Rights\Virtual Documents and Settings\%user profile%\Local Settings\Temporary Internet Files\Virtual Se IE prova a scrivere qui… …viene ridiretto qui HKCU\Software\FooBar HKCU\Software\MS\IE\Low Rights\Virtual\Software\FooBar C:\Documents and Settings\%user profile%\FooBar C:\Documents and Settings\%user profile%\Local Settings\Temporary Internet Files\Virtual\FooBar © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

UAC livello 2: Elevazione temporanea dei privilegi 3/27/2017 2:28 AM Utenti standard con accesso alla password di amministrazione Elevazione temporanea dei privilegi Soluzione per gli utenti di laptop sconnessi Uso verificabile in event log © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

UAC livello 3: Configurato via GPO: 3/27/2017 2:28 AM Amministratori con restrizione all’elevazione Configurato via GPO: Lista “Allowed” basata su firma digitale restringe l’elevazione: Codice firmato da IT Vendors fidati (Microsoft, Adobe, ecc..) Scenario d’uso: Restrizione delle installazioni ad applicazioni fidate Blocco di tutti i programmi eccetto pochi che richiedono diritti di admin © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Internet Explorer 7 Protected Mode e protezione della privacy 3/27/2017 2:28 AM Basato su UAP per proteggere i dati utente Costringe IE a girare in modalità read-only (eccetto Temporary Internet Files e History) Blocca i tentativi di cancellare i dati utenti, modificare le impostazioni del browser o Il folder Startup (senza permesso dell’utente) Richiede sempre il permesso dell’utente per installare Add-in Riduzione dei rischi di cross-domain exploit Opzione di ripristino dei valori di fabbrica Avverte l’utente se inserisce dati su canali non SSL/TLS Evidenzia la barra degli indirizzi su connessioni sicure Evidenzia il nome di dominio se è un IP o ha caratteri speciali Pulizia della cache con un solo click © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

File e impostazioni non fidati IE7 in Protected Mode 3/27/2017 2:28 AM IE7 in Protected Mode Integrity Control Impostazioni e file rediretti Compat Redirector Broker Process Accesso come Admin Installa un driver, Installa un controllo ActiveX HKLM HKCR Program Files Accesso come User Modifica delle impostazioni, Salva immagini HKCU My Documents Startup Folder Temp Internet Files File e impostazioni non fidati Contenuti in cache © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Windows Vista Service Hardening Riduzione della dimensione dei livelli ad alto rischio Segmentazione dei servizi Aumento del numero di livelli D Service … Service 1 Service … Service 2 Service A Service 3 Fewer security layers with Window XP mean a larger attack service for exploiting vulnerabilities. Also, some drivers can run in both kernel mode and user mode, meaning that it’s easier for malware to manipulate a service or driver that runs in kernel mode. And, since many of these services run at a high-privilege level, if a service is compromised, the threat of it having access to the entire system is very real. Windows Service Hardening with Windows Vista increases the level of security against these malware threats to services. With service hardening, if a vulnerability is found in a service and compromised by exploit code, that exploit code isn’t allowed to propagate to other machines on the network. [BUILD1] With Windows Vista, the number of security layers between the user and the system kernel has been increased. In addition, the size of the high-risk layers has been reduced. This means that the amount of code that has to run at the kernel level has been significantly reduced. For example, with previous versions of Windows, there were printer drivers that had some kernel-mode code and some user-mode code. With Windows Vista, the printer drivers have been moved into user mode exclusively so that there’s no kernel code in the drivers themselves. This has been done for a variety of services, and by making sure that services run with the least amount of privileges required, the system becomes more secure. [BUILD2] The services that do require higher privileges have been segmented, so that there’s some lower-privileged code running and some higher-privileged code running. Again, the key is reducing the amount of code that is high-privilege. Also, by using outbound filtering on the firewall with some other components, applications or operating systems can be profiled when they start, such as regarding which network ports they can use, where in the file system they can write, and where in the registry they can write. [BUILD3] Finally, there is a new layer introduced called user mode drivers. So even if there are vulnerabilities in a Windows service, and it’s compromised by exploit code, that exploited code is unable to make that service do something that it wouldn’t ordinarily be allowed to do. This is really intended to reduce the risk of malware quickly spreading to other machines. What does this mean? Let us consider the Blaster Worm that appeared a couple of years ago. It did several different things. First, it exploited a vulnerability in the RPC service and forced RPC to write a file to the file system. It also wrote a key to the “run” key registry that made the malware persist once the system restarted. However, RPC shouldn’t be writing to the run key in the registry, nor should it be able to write to the file system. With service hardening in Windows Vista, when RPC starts, it will have a profile of which network ports it can talk on and where it can write in the file system and registry. This is then enforced by the operating system, so that if something like Blaster comes along again in the future, it won’t be able to use RPC or other Windows services to do things that they shouldn’t normally be able to do. In this way, we can prevent malware from propagating rapidly across your network. Service B Kernel Drivers D User-mode Drivers

Windows Vista Firewall If your computer is not protected when you connect to the Internet, hackers can gain access to personal information on your computer. These hackers can install code on your computer that destroys files or causes malfunctions. They can also use your computer to cause problems on other home and business computers connected to the Internet. A firewall helps to screen out many kinds of malicious Internet traffic before it reaches your system. [BUILD1] One of the new features with the Windows Firewall with Windows Vista is the integration with IP Security. IP Security, commonly called IPsec, is a suite of IP protocols used to provide secure communication. IPsec policies and filters distributed by Group Policy, provide authorization for authenticated users and machines. IPsec provides the ability to protect communication between workgroups, local area network computers, domain clients and servers, branch offices, extranets, and roving clients. Although support for IPsec is built into Windows 2000 and later, in Windows XP and Windows Server 2003, Windows Firewall and IPsec are configured separately. While the purpose of Windows Firewall was to block or allow incoming traffic, IPsec could also be configured to block or allow incoming traffic. Because block and allow traffic behavior for incoming traffic could be configured through two different and separate services, it was possible to have duplicated or contradictory settings. Additionally, Windows Firewall and IPsec supported different configuration options for specifying allowed incoming traffic. For example, Windows Firewall allowed exceptions by specifying the application name, but IPsec did not. IPsec allowed exceptions based on an IP protocol number, and Windows Firewall did not. [BUILD2] In Windows Vista, the Windows Firewall and IPsec have been combined into a single configurable tool with the new Windows Firewall with Advanced Security snap-in, which now controls blocking and allowing of inbound and outbound traffic, in addition to protecting traffic with IPsec. Also, commands within the netsh advfirewall context can be used for command line configuration of both firewall and IPsec behavior. The integration of Windows Firewall with IPsec provides computers running Windows Vista with an authenticating firewall. Another improvement with the new Windows Firewall is the more intelligent firewall rules. Now administrators can specify security requirements such as authentication and encryption. Also Active Directory computer and user groups can be specified. Enterprise management can benefit from the addition of outbound filtering in the Windows Firewall. Previously only inbound communications were filtered. Outbound filtering can improve business productivity. For example, an administrator can block sharing through a peer-to-peer application that you don’t want communicating in your network. Additionally, if an application has a known vulnerability without a patch available, you can set up a rule that allows that application to be used, but not communicate outbound in the network.

Altre novità

Nuovo controllo RDP What is Network Level Authentication? Network Level Authentication (NLA) is a new authentication method that completes user authentication before you establish a full Remote Desktop connection and the logon screen appears. The advantages of NLA are: It requires fewer remote computer resources initially. The remote computer uses a limited number of resources before authenticating the user, rather than starting a full Remote Desktop connection as in previous versions. It can help provide better security by reducing the risk of denial-of-service attacks (attempts to limit or prevent access to the Internet). It uses remote computer authentication, which can help protect users from connecting to remote computers that are set up for malicious purposes.

Audit Modifiche a valori del Registry (vecchi e nuovi valori) Modifiche in AD (vecchi e nuovi valori) Miglioramento nell’audit delle operazioni Eventi UAC Miglioramento nell’audit di IPSec RPC Call Accesso agli share di rete Gestione degli share di rete Funzioni di crittografia Eventi NAP (solo server) Eventi IAS (RADIUS) (solo server)

Più informazioni in Event Log 3/27/2017 2:28 AM Events were renumbered because the structure has changed. If we left the event numbers the same we would have broken all the old parsing rules, which are all event number based. We also added about 50 events. © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Forwarded Event SEA-DC-01 SEA-WRK-002 SEA-WRK-001 Subscriptions are useful for viewing events from multiple remote computers. A subscription can be configured between two or more computers in the same domain. You can configure the subscription to forward events that you specify from one or more of the domain computers to the other. [BUILD1] You have to do some configuration on both the forwarding and the collecting computers before you can use forwarded events. Both computers need to be running the Windows Remote Management (WS-Management) service. Once the subscription is set up, you can view the forwarded events like any other event in the Event Viewer. This makes administration easy from a single location. [BUILD2] In addition to creating a new subscription, you can subscribe to a existing subscription on a remote computer. For example, there is a subscription on SEA-WRK-001 to retrieve the events from SEA-DC-01. The administrator wants to be able to also view the events from SEA-DC-01 from SEA-WRK-002, so he could connect to the first workstation and subscribe to the existing subscription to SEA-DC-01. While event forwarding works best between computers running Windows Vista or Windows Server “Longhorn,” event forwarding is possible with Windows Server R2. Slide Transition: However, with Windows Server R2, there is no GUI tool provided for configuring the forwarding. Slide Comment: Additional Information: http://www.microsoft.com/technet/WindowsVista/library/ops/4229f239-16a6-4ecd-b3cf-aec03dc08cd5.mspx SEA-WRK-001

Viste riusabili When you work with event logs, the primary challenge is to narrow down the set of events to just those that you are interested in. Sometimes this is easy. Other times, this involves a great deal of effort -- effort that is lost if you do not have some way to save the view of the logs that you worked so hard to create. [BUILD1] Event Viewer now supports the idea of views. [BUILD2] Once you have queried, filtered, and sorted your way to just the events you want to analyze, you can save that work as a named view and it will be available for you to reuse in the future. You can even export the view and use it on other computers or share it with other people. Slide Transition: Creating and saving views is a simple procedure. Slide Comment: Additional Information: http://www.microsoft.com/technet/WindowsVista/library/ops/4229f239-16a6-4ecd-b3cf-aec03dc08cd5.mspx

Query cross-log System log Application log Eventi Security log When you use Event Viewer to troubleshoot a problem, information about what events an application or service happened to log in the Application or Security log is not that interesting, or helpful. [BUILD1] Instead, you want to find those events that might have something to do with your problem -- regardless of which log they might happen to be in. Event Viewer supports cross-log queries, making it much easier to generate views of all events potentially related to an issue that you are investigating. Cross-log queries can also be stored as custom views, which you can define to display events that match specific criteria from selected log files. Slide Transition: Cross-log queries can also be used with stored custom views, which you can define to display events that match specific criteria from selected log files. Slide Comment: Additional Information: http://www.microsoft.com/technet/WindowsVista/library/ops/4229f239-16a6-4ecd-b3cf-aec03dc08cd5.mspx Security log

Novità in SMBv2 Solo 16 commandi (80 in SMBv1) Firme SHA-256 (è MD-5 in SMBv1) Gestione delle riconnessioni più stabile Criptatura lato client Link simbolici attraverso gli share (disabilitato per default) Miglioramento del load balancing che mitica gli attacchi DOS

Account e gruppi To handle the problems with the built-in administrator account it is disabled on clean installs of Windows Vista. On upgrades, the upgrade is blocked until you create a new admin account. However, on Windows XP even a disabled administrator account can be used to log on in Safe Mode. To manage that on Windows Vista, the disabled flag is honored even in Safe Mode. In addition, in Windows XP the built-in administrator account was special in the sense that it had certain implicit rights. Those rights are now granted to all users in the Administrators group. There are several new groups on Windows Vista: 1. Cryptographic operators – these users have the right to perform certain tasks to configure cryptographic functions on the operating system 2. Distributed COM users – this group is used to control access to distributed COM objects 3. IIS_IUSRS – One of several new constructs relating to IIS. This group is analogous to the IUSR_<machinename> account on Windows XP, and allows access to web pages 4. Performance log and monitor users – These users can use the performance monitoring tools 5. RS_Query – These users can query the content indices There are two new dynamic SIDs. Much like the existing INTERACTIVE SID covers all users coming in via an interactive logon, the DIALUP SID covers all users connecting via dial-up. There is also an INTERNET USER group covering all users coming in via IIS.

Network access: remotely accessible registry paths

Network access: shares that can be accessed anonymously

Network Security: Do not store LAN Manager hash value on next password change

Network security: LAN Manager authentication level

Devices: Allowed to format and eject removable media

Devices: Restrict CD-ROM/Floppy access to locally logged on user only

Devices: Unsigned driver installation behavior

Nuove impostazioni di sicurezza Impostazione Default Network access: remotely accessible registry paths and sub-paths System\CurrentControlSet\Control\Print\Printers System\CurrentControlSet\Services\Eventlog Software\Microsoft\OLAP Server Software\Microsoft\Windows NT\CurrentVersion\Print Software\Microsoft\Windows NT\CurrentVersion\Windows System\CurrentControlSet\Control\ContentIndex System\CurrentControlSet\Control\Terminal Server System\CurrentControlSet\Control\Terminal Server\UserConfig System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration Software\Microsoft\Windows NT\CurrentVersion\Perflib System\CurrentControlSet\Services\SysmonLog Network access: Restrict anonymous access to named pipes and shares Enable System settings: Optional subsystems Posix System settings: Use certificate rules on windows executables for software restriction policies Disable

Webcast per approfondire Windows Vista I nuovi strumenti di gestione e di monitoring 300 60 07/11/2006 10:00-11:00 Tecnologie per la protezione dei dati 90 12/12/2006 10:00-11:30 Le novità di Windows Firewall e di Windows Defender 19/12/2006 User Account Protection e Service Hardening 15/01/2007

© 2006 Microsoft Corporation. All rights reserved © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.