Windows Vista Security Rafal Lukawiecki, Strategic Consultant [email protected] Project...
-
Upload
claribel-watson -
Category
Documents
-
view
220 -
download
1
Transcript of Windows Vista Security Rafal Lukawiecki, Strategic Consultant [email protected] Project...
![Page 1: Windows Vista Security Rafal Lukawiecki, Strategic Consultant rafal@projectbotticelli.co.uk Project Botticelli Ltd This presentation is based on work by.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da85503460f94a943e6/html5/thumbnails/1.jpg)
Windows Vista Security
Rafal Lukawiecki, Strategic [email protected] Project Botticelli Ltd
This presentation is based on work by Microsoft TechNet, MSDN and various Microsoft authors including, with special thanks: Ramprabhu Rathnam, Tony Northrup, and Austin Wilson
Copyright 2006 © Microsoft Corp & Project Botticelli Ltd. E&OE. For informational purposes only. No warranties of any kind are made and you have to verify all information before relying on it. You can re-use this Copyright 2006 © Microsoft Corp & Project Botticelli Ltd. E&OE. For informational purposes only. No warranties of any kind are made and you have to verify all information before relying on it. You can re-use this presentation as long as you read, agree, and follow the guidelines described in the “Comments” field in File/Properties.presentation as long as you read, agree, and follow the guidelines described in the “Comments” field in File/Properties.
![Page 2: Windows Vista Security Rafal Lukawiecki, Strategic Consultant rafal@projectbotticelli.co.uk Project Botticelli Ltd This presentation is based on work by.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da85503460f94a943e6/html5/thumbnails/2.jpg)
Objectives
Overview new security features of Windows Vista explaining their purpose
Relate Vista to emergent security technologies
Excite you about the new opportunities
![Page 3: Windows Vista Security Rafal Lukawiecki, Strategic Consultant rafal@projectbotticelli.co.uk Project Botticelli Ltd This presentation is based on work by.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da85503460f94a943e6/html5/thumbnails/3.jpg)
Session AgendaIntroductionA Corporate ScenarioFoundational ProtectionNetworkingUser Account ControlAuthentication & AuthorizationIntegrated Security ControlSecure StartupData ProtectionSummary
![Page 4: Windows Vista Security Rafal Lukawiecki, Strategic Consultant rafal@projectbotticelli.co.uk Project Botticelli Ltd This presentation is based on work by.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da85503460f94a943e6/html5/thumbnails/4.jpg)
Engineering ExcellenceWindows Vista Development Process
Microsoft followed their Security Development Lifecycle (SDL) process while creating Windows Vista
Periodic mandatory security trainingAssignment of security advisors for all components Threat modeling as part of design phaseSecurity reviews and testing built into the scheduleSecurity metrics for product teams
Common Criteria (CC) Certification compliance is one of major goals (see later)
CC is maintained by US National Institute of Standards and Technology (who are also responsible for FIPS)csrc.nist.gov/cc
![Page 5: Windows Vista Security Rafal Lukawiecki, Strategic Consultant rafal@projectbotticelli.co.uk Project Botticelli Ltd This presentation is based on work by.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da85503460f94a943e6/html5/thumbnails/5.jpg)
A Corporate Scenario
![Page 6: Windows Vista Security Rafal Lukawiecki, Strategic Consultant rafal@projectbotticelli.co.uk Project Botticelli Ltd This presentation is based on work by.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da85503460f94a943e6/html5/thumbnails/6.jpg)
With Windows Vista…1. While starting up, system is protected through BitLocker and TPM (Trusted
Platform Module), preventing off-line modifications2. NAP (Network Access Protection) ensures computer adheres to your policy
(e.g. has required updates, virus signatures etc.) before “Longhorn” servers allow it to use the network
If PC is non-compliant, it will be given a chance to update
3. Multiple types of logon devices and identities can be selected by the user without losing a consistent UI
4. User logs on using non-admin accounts. If admin rights are truly needed user’s approval is requested. For legacy apps, virtualisation of admin changes is offered.
5. IE improvements help user browse the web with no fear of malware and better privacy protection
6. When updates are available, Restart Manager ensures minimum of disruption, even if running applications are left on a locked workstation
Read: www.microsoft.com/technet/windowsvista/evaluate/admin/mngsec.mspx
![Page 7: Windows Vista Security Rafal Lukawiecki, Strategic Consultant rafal@projectbotticelli.co.uk Project Botticelli Ltd This presentation is based on work by.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da85503460f94a943e6/html5/thumbnails/7.jpg)
Foundational Protection
![Page 8: Windows Vista Security Rafal Lukawiecki, Strategic Consultant rafal@projectbotticelli.co.uk Project Botticelli Ltd This presentation is based on work by.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da85503460f94a943e6/html5/thumbnails/8.jpg)
Windows Service HardeningDefense-in-Depth: Factoring and Profiling of Windows Kernel
DD DDDD
Reduce size of high risk layers
Segment the services
Increase number of layers
Kernel DriversKernel DriversDD
DD User-mode DriversUser-mode Drivers
DDDD DD
Service Service 11
Service Service 22
Service Service 33
ServiceService……
Service Service ……
Service Service AA
Service Service BB
![Page 9: Windows Vista Security Rafal Lukawiecki, Strategic Consultant rafal@projectbotticelli.co.uk Project Botticelli Ltd This presentation is based on work by.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da85503460f94a943e6/html5/thumbnails/9.jpg)
Windows Service Hardening
Windows Services became a large surface attack area due to privileges and being “always-on”
Improvements:SID (per-service Security Identifier) recognised in ACLs (Access Control Lists), so service can protect its resources
Firewall policy prohibiting network access by services (subject to ACLs and SIDs)
Stripping of unnecessary privileges on per-service basis
Moving from LocalSystem to LocalService or NetworkService when possible
Use of write-restricted tokens for service processes
![Page 10: Windows Vista Security Rafal Lukawiecki, Strategic Consultant rafal@projectbotticelli.co.uk Project Botticelli Ltd This presentation is based on work by.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da85503460f94a943e6/html5/thumbnails/10.jpg)
Integrated Windows Defender
Integrated detection, cleaning, and real-time blocking of malware:
Malware, rootkits, and spyware
Targeted at consumers – enterprise manageability will be available as a separate product
Integrated Microsoft Malicious Software Removal Tool (MSRT) will remove worst worms, bots, and trojans during an upgrade and on a monthly basis
![Page 11: Windows Vista Security Rafal Lukawiecki, Strategic Consultant rafal@projectbotticelli.co.uk Project Botticelli Ltd This presentation is based on work by.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da85503460f94a943e6/html5/thumbnails/11.jpg)
Windows Live OneCare
Optional fee-based service
Antivirus
Integration with Antispyware (Windows Defender)
System tuning
Update assurance
Backup
![Page 12: Windows Vista Security Rafal Lukawiecki, Strategic Consultant rafal@projectbotticelli.co.uk Project Botticelli Ltd This presentation is based on work by.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da85503460f94a943e6/html5/thumbnails/12.jpg)
Internet Explorer 7
In addition to building on UAC (see later), IE includes:
Protected Mode (planned for Vista Beta 2) that only allows IE to browse with no other rights, even if the user has them, such as to install software
“Read-only” mode, except for Temporary Internet Files when browser is in the Internet Zone of security
All cached data cleared with a single click
![Page 13: Windows Vista Security Rafal Lukawiecki, Strategic Consultant rafal@projectbotticelli.co.uk Project Botticelli Ltd This presentation is based on work by.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da85503460f94a943e6/html5/thumbnails/13.jpg)
Phishing Filter in IEDynamic Protection Against Fraudulent Websites
3 checks to protect users from phishing scams:
1. Compares web site with local list of known legitimate sites
2. Scans the web site for characteristics common to phishing sites
3. Double checks site with online Microsoft service of reported phishing sites updated several times every hour
Two Levels of Warning and Protection in IE7 Security Status Bar
Level 1: Warn Suspicious Website
Signaled
Level 2: Block Confirmed Phishing Site
Signaled and Blocked
![Page 14: Windows Vista Security Rafal Lukawiecki, Strategic Consultant rafal@projectbotticelli.co.uk Project Botticelli Ltd This presentation is based on work by.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da85503460f94a943e6/html5/thumbnails/14.jpg)
Developers: WinFX and WCF
WinFX, the new .NET-based set of APIs provides a stronger support for Code Access Security and Evidence Based Security
In essence, the improvements of .NET Framework 2.0
Windows Communication Foundation (WCF) introduces a model of abstracted security and full support for WS-* Security Guidelines
Formerly known as “Indigo”
![Page 15: Windows Vista Security Rafal Lukawiecki, Strategic Consultant rafal@projectbotticelli.co.uk Project Botticelli Ltd This presentation is based on work by.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da85503460f94a943e6/html5/thumbnails/15.jpg)
Networking
![Page 16: Windows Vista Security Rafal Lukawiecki, Strategic Consultant rafal@projectbotticelli.co.uk Project Botticelli Ltd This presentation is based on work by.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da85503460f94a943e6/html5/thumbnails/16.jpg)
NG TCP/IPNext Generation TCP/IP in Vista and “Longhorn”
A new, fully re-worked replacement of the old TCP/IP stackDual-stack IPv6 implementation, with now obligatory IPSec
IPv6 is more secure than IPv4 by design, esp.:Privacy, tracking, network port scanning, confidentiality and integrity
Other network-level security enhancements for both IPv4 and IPv6Strong Host modelWindows Filtering PlatformImproved stack-level resistance to all known TCP/IP-based denial of service and other types of network attacksRouting CompartmentsAuto-configuration and no-restart reconfiguration
Read: www.microsoft.com/technet/community/columns/cableguy/cg0905.mspx
![Page 17: Windows Vista Security Rafal Lukawiecki, Strategic Consultant rafal@projectbotticelli.co.uk Project Botticelli Ltd This presentation is based on work by.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da85503460f94a943e6/html5/thumbnails/17.jpg)
Windows Vista FirewallBoth inbound and outbound
Authentication and authorization aware
Outbound application-aware filtering is now possible
Includes IPSec management
Of course, policy-based administration
Great for Peer-to-Peer control
![Page 18: Windows Vista Security Rafal Lukawiecki, Strategic Consultant rafal@projectbotticelli.co.uk Project Botticelli Ltd This presentation is based on work by.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da85503460f94a943e6/html5/thumbnails/18.jpg)
Network Access ProtectionNAP is a new technology that has roots in VPN quarantine, but now extends to all network clients, not just remote access
Relies on NAP-aware servers, which means Windows “Longhorn” Servers for now
You specify a policy of:required OS patches, virus signature updates, presence or absence of certain applications, any arbitrary checks
…and the system disallows all access to network if policy has not been met, except:
access to a location where updates etc. can be downloaded
![Page 19: Windows Vista Security Rafal Lukawiecki, Strategic Consultant rafal@projectbotticelli.co.uk Project Botticelli Ltd This presentation is based on work by.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da85503460f94a943e6/html5/thumbnails/19.jpg)
Network Access Protection
11
RestrictedRestrictedNetworkNetworkMicrosoftMicrosoft
NetworkNetworkPolicy Server Policy Server
33
Policy ServersPolicy Serverse.g. Microsoft Security e.g. Microsoft Security Center, SMS, AntigenCenter, SMS, Antigen
or 3or 3rd rd party party
Policy Policy compliantcompliantDHCP, VPNDHCP, VPN
Switch/Router Switch/Router
22
WindowsWindowsVista ClientVista Client
Fix UpFix UpServersServers
e.g. WSUS, SMS e.g. WSUS, SMS & 3& 3rdrd party party
Corporate NetworkCorporate Network55
Not policy Not policy compliantcompliant 44
![Page 20: Windows Vista Security Rafal Lukawiecki, Strategic Consultant rafal@projectbotticelli.co.uk Project Botticelli Ltd This presentation is based on work by.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da85503460f94a943e6/html5/thumbnails/20.jpg)
User Account Control
![Page 21: Windows Vista Security Rafal Lukawiecki, Strategic Consultant rafal@projectbotticelli.co.uk Project Botticelli Ltd This presentation is based on work by.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da85503460f94a943e6/html5/thumbnails/21.jpg)
User Account ControlHelps implement Least Privilege principle in two distinct ways:
1. Every user is a standard userOlder, legacy, or just greedy application’s attempts to change your system’s settings will be virtualised so they do not break anything
2. Each genuine need to use administrative privileges will require:Selection of a user who has those permissions, or
Confirmation of the intent to carry on with the operation
Read: www.microsoft.com/technet/windowsvista/evaluate/feat/uaprot.mspx
![Page 22: Windows Vista Security Rafal Lukawiecki, Strategic Consultant rafal@projectbotticelli.co.uk Project Botticelli Ltd This presentation is based on work by.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da85503460f94a943e6/html5/thumbnails/22.jpg)
Credential Prompting
![Page 23: Windows Vista Security Rafal Lukawiecki, Strategic Consultant rafal@projectbotticelli.co.uk Project Botticelli Ltd This presentation is based on work by.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da85503460f94a943e6/html5/thumbnails/23.jpg)
Consent Prompting
Applies in a situation when the user has all the necessary rights, but before they have been exercised
A new, secondary protection
![Page 24: Windows Vista Security Rafal Lukawiecki, Strategic Consultant rafal@projectbotticelli.co.uk Project Botticelli Ltd This presentation is based on work by.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da85503460f94a943e6/html5/thumbnails/24.jpg)
UAC: Fundamental Change to Windows Operation
Fixes the system to work well as a standard user
Registry and file virtualization to provide compatibility
Per-machine registry writes are redirected to per-user locations if the user does not have administrative privileges
Effectively: standard accounts can run “admin-required” legacy applications safely!
You can redirect the virtualization store
![Page 25: Windows Vista Security Rafal Lukawiecki, Strategic Consultant rafal@projectbotticelli.co.uk Project Botticelli Ltd This presentation is based on work by.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da85503460f94a943e6/html5/thumbnails/25.jpg)
Authentication & Authorization
![Page 26: Windows Vista Security Rafal Lukawiecki, Strategic Consultant rafal@projectbotticelli.co.uk Project Botticelli Ltd This presentation is based on work by.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da85503460f94a943e6/html5/thumbnails/26.jpg)
Windows Logon ExperienceGINA has been replaced with Credential Service Provider interfaces
Logon UI can interact with multiple plug-in Credential ProvidersDirect support for multi-factor authentication: smartcards and tokens, biometrics etc.Plug-and-play for smartcards
Common CSPs (Cryptographic Service Providers), andCard Communication ModulesKey Storage Providers
Root certificate propagationIntegrated smartcard unblocking
![Page 27: Windows Vista Security Rafal Lukawiecki, Strategic Consultant rafal@projectbotticelli.co.uk Project Botticelli Ltd This presentation is based on work by.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da85503460f94a943e6/html5/thumbnails/27.jpg)
"InfoCard"
Consistent user experience
Helps eliminate unames and passwords
Helps protect users from many forms of phishing & phraud attack
Support for two-factor authentication
Easier Safer
Built on WS-* Web Services Protocols
![Page 28: Windows Vista Security Rafal Lukawiecki, Strategic Consultant rafal@projectbotticelli.co.uk Project Botticelli Ltd This presentation is based on work by.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da85503460f94a943e6/html5/thumbnails/28.jpg)
InfoCardConsistent UI for Identity Selection & Provisioning
Users need an easy visual way to handle multiple electronic identities:
Government-issued IDs, corporate IDs, self-signed IDs (such as a username and password for a web site)Simple visual abstraction of any identity type (PKI, password, token, secret, passphrase, etc.)
Vision: UI and metasystem that would be common across industry
See 7 “Laws of Identity” on www.identityblog.com Relationship to Identity MetasystemInfoCard is one of the WinFX APIs
![Page 29: Windows Vista Security Rafal Lukawiecki, Strategic Consultant rafal@projectbotticelli.co.uk Project Botticelli Ltd This presentation is based on work by.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da85503460f94a943e6/html5/thumbnails/29.jpg)
Integrated Security Control
![Page 30: Windows Vista Security Rafal Lukawiecki, Strategic Consultant rafal@projectbotticelli.co.uk Project Botticelli Ltd This presentation is based on work by.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da85503460f94a943e6/html5/thumbnails/30.jpg)
Control Over Device Installation
Control over removable device installation via a policyMainly to disable USB-device installation, as many corporations worry about intellectual property leak
You can control them by device class or driver
Approved drivers can be pre-populated into trusted Driver Store
Driver Store Policies (group policies) govern driver packages that are not in the Driver Store:
Non-corporate standard drivers
Unsigned drivers
![Page 31: Windows Vista Security Rafal Lukawiecki, Strategic Consultant rafal@projectbotticelli.co.uk Project Botticelli Ltd This presentation is based on work by.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da85503460f94a943e6/html5/thumbnails/31.jpg)
Client Security ScannerFinds out and reports Windows client’s security state:
Patch and update levels
Security state
Signature files
Anti-malware status
Ability for Windows to self-report its state
Information can be collected centrally, or just reviewed in the Security Center by the users and admins
![Page 32: Windows Vista Security Rafal Lukawiecki, Strategic Consultant rafal@projectbotticelli.co.uk Project Botticelli Ltd This presentation is based on work by.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da85503460f94a943e6/html5/thumbnails/32.jpg)
Restart Manager
Some updates require a restart
Restart Manager will:Minimise the number of needed restarts by pooling updates
Deal with restarts of computers that may be left locked by a user with applications running
E.g. after restart, Microsoft Word will re-open a document on page 42, as it was before the restart
This function of most importance to centralised desktop management in corporations, not home users, of course
![Page 33: Windows Vista Security Rafal Lukawiecki, Strategic Consultant rafal@projectbotticelli.co.uk Project Botticelli Ltd This presentation is based on work by.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da85503460f94a943e6/html5/thumbnails/33.jpg)
Secure Startup
![Page 34: Windows Vista Security Rafal Lukawiecki, Strategic Consultant rafal@projectbotticelli.co.uk Project Botticelli Ltd This presentation is based on work by.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da85503460f94a943e6/html5/thumbnails/34.jpg)
Trusted Platform ModuleTPM Chip Version 1.2
Hardware present in the computer, usually a chip on the motherboardSecurely stores credentials, such as a private key of a machine certificate and is crypto-enabled
Effectively, the essence of a smart smartcard
TPM can be used to request encryption and digital signing of code and files and for mutual authentication of devicesSee www.trustedcomputinggroup.org
![Page 35: Windows Vista Security Rafal Lukawiecki, Strategic Consultant rafal@projectbotticelli.co.uk Project Botticelli Ltd This presentation is based on work by.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da85503460f94a943e6/html5/thumbnails/35.jpg)
Code Integrity
All DLLs and other OS executables have been digitally signed
Signatures verified when components load into memory
![Page 36: Windows Vista Security Rafal Lukawiecki, Strategic Consultant rafal@projectbotticelli.co.uk Project Botticelli Ltd This presentation is based on work by.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da85503460f94a943e6/html5/thumbnails/36.jpg)
BitLocker™BitLocker strongly encrypts and signs the entire hard drive (full volume encryption)
TPM chip provides key managementCan use additional protection factors such as a USB dongle, PIN or password
Any unauthorised off-line modification to your data or OS is discovered and no access is granted
Prevents attacks which use utilities that access the hard drive while Windows is not running and enforces Windows boot process
Protects data after laptop theft etc.Data recovery strategy must be planned carefully!
Vista supports three modes: key escrow, recovery agent, backup
![Page 37: Windows Vista Security Rafal Lukawiecki, Strategic Consultant rafal@projectbotticelli.co.uk Project Botticelli Ltd This presentation is based on work by.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da85503460f94a943e6/html5/thumbnails/37.jpg)
Data Protection
![Page 38: Windows Vista Security Rafal Lukawiecki, Strategic Consultant rafal@projectbotticelli.co.uk Project Botticelli Ltd This presentation is based on work by.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da85503460f94a943e6/html5/thumbnails/38.jpg)
RMS, EFS, and BitLockerThree levels of protection:
Rights Management ServicesPer-document enforcement of policy-based rights
Encrypting File SystemsPer file or folder encryption of data for confidentiality
BitLocker™ Full Volume EncryptionPer volume encryption (see earlier)
Note: it is not necessary to use a TPM for RMS and EFSEFS can use smartcards and tokens in Vista
RMS is based, at present, on a “lockbox.dll” technology, not a TPM
![Page 39: Windows Vista Security Rafal Lukawiecki, Strategic Consultant rafal@projectbotticelli.co.uk Project Botticelli Ltd This presentation is based on work by.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da85503460f94a943e6/html5/thumbnails/39.jpg)
CNG: Cryptography Next Generation
CAPI 1.0 has been deprecatedMay be dropped altogether in future Windows releases
CNG: Open Cryptographic Interface for WindowsAbility to plug in kernel or user mode implementations for:
Proprietary cryptographic algorithms
Replacements for standard cryptographic algorithms
Key Storage Providers (KSP)
Enables cryptography configuration at enterprise and machine levels
![Page 40: Windows Vista Security Rafal Lukawiecki, Strategic Consultant rafal@projectbotticelli.co.uk Project Botticelli Ltd This presentation is based on work by.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da85503460f94a943e6/html5/thumbnails/40.jpg)
Regulatory Compliance
Windows Vista cryptography will comply with:Common Criteria (CC)
csrc.nist.gov/cc
Currently in version 3
FIPS requirements for strong isolation and auditingFIPS-140-2 on selected platforms and 140-1 on all
US NSA (National Security Agency) CSS (Central Security Service) Suite B
![Page 41: Windows Vista Security Rafal Lukawiecki, Strategic Consultant rafal@projectbotticelli.co.uk Project Botticelli Ltd This presentation is based on work by.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da85503460f94a943e6/html5/thumbnails/41.jpg)
Vista Supports NSA Suite Bwww.nsa.gov/ia/industry/crypto_suite_b.cfm
Required cryptographic algorithms for all US non-classified and classified (SECRET and TOP-SECRET) needs
Higher special-security needs (e.g. nuclear security) – guided by Suite A (definition classified)Announced by NSA at RSA conference in Feb 2005
Encryption: AESFIPS 197 (with keys sizes of 128 and 256 bits)
Digital Signature: Elliptic Curve Digital Signature AlgorithmFIPS 186-2 (using the curves with 256 and 384-bit prime moduli)
Key Exchange: Elliptic Curve Diffie-Hellman or Elliptic Curve MQVDraft NIST Special Publication 800-56 (using the curves with 256 and 384-bit prime moduli)
Hashing: Secure Hash AlgorithmFIPS 180-2 (using SHA-256 and SHA-384)
![Page 42: Windows Vista Security Rafal Lukawiecki, Strategic Consultant rafal@projectbotticelli.co.uk Project Botticelli Ltd This presentation is based on work by.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da85503460f94a943e6/html5/thumbnails/42.jpg)
Summary
![Page 43: Windows Vista Security Rafal Lukawiecki, Strategic Consultant rafal@projectbotticelli.co.uk Project Botticelli Ltd This presentation is based on work by.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da85503460f94a943e6/html5/thumbnails/43.jpg)
The Most Secure Windows Yet
SDL
Service Hardening
Code Scanning
Default configuration
Code Integrity
IE –protected mode/anti-phishing
Windows Defender
Bi-directional Firewall
IPSEC improvements
Network Access Protection (NAP)
Threat and Vulnerability
Mitigation
Fundamentals
Identity and Access
ControlUser Account Control
Plug and Play Smartcards
Simplified Logon architecture
Bitlocker
RMS Client