2851A_C012851A_C01
Microsoft Windows XP Microsoft Windows XP Service Pack 2 Security Service Pack 2 Security TechnologiesTechnologies
Bruce CowperBruce CowperIT Pro AdvisorIT Pro Advisor
Microsoft CanadaMicrosoft Canada
Session PrerequisitesSession Prerequisites
Experience managing Windows Experience managing Windows XP Professional desktopsXP Professional desktops
An understanding of the An understanding of the deployment tools that are used deployment tools that are used to deploy Windows XP and to deploy Windows XP and updates to the desktopupdates to the desktop
Experience using Group Policy Experience using Group Policy to manage desktopsto manage desktops
Level 200
Session Prerequisites Session Prerequisites (cont.)(cont.)
OROR
The skills represented by taking:The skills represented by taking:
Course 2285 (covering Windows Course 2285 (covering Windows XP)XP)
Course 2297 (designing Active Course 2297 (designing Active Directory Directory ®® and networking) and networking)
Introduction to Windows XP Introduction to Windows XP Service Pack 2Service Pack 2
Introduction to Windows XP Service Introduction to Windows XP Service Pack 2Pack 2
Windows XP SP2 Network Protection Windows XP SP2 Network Protection FeaturesFeatures
Reducing Applications Failures by Reducing Applications Failures by Using Windows XP SP2 Memory Using Windows XP SP2 Memory Protection FeaturesProtection Features
Exploring SP2 E-Mail Handling Exploring SP2 E-Mail Handling Security Features Security Features
Browsing Securely by Using SP2Browsing Securely by Using SP2
The Need for SP2The Need for SP2
Security attack trends include:Security attack trends include:Increased uses of automation - tools for Scanning, Compromising and Propagation.
Increased uses of automation - tools for Scanning, Compromising and Propagation.
Asymmetric threats - distributed systems to attack single targets
Asymmetric threats - distributed systems to attack single targets
Increased complexity - Tool signatures more complex and difficult to detect.
Increased complexity - Tool signatures more complex and difficult to detect.
Infrastructure attacks - denial of service and worms
Infrastructure attacks - denial of service and worms
Faster detection of vulnerabilities and faster exploits.
Faster detection of vulnerabilities and faster exploits.
Firewall intrusions -harnessing ‘firewall friendly’ and ‘mobile’ code
Firewall intrusions -harnessing ‘firewall friendly’ and ‘mobile’ code
What Is New in SP2?What Is New in SP2?
New and Improved Features:New and Improved Features:
Enhanced Network Protection
New Memory Protection
More Secure E-Mail Handling
Enhanced Browser Security
Improved Computer Maintenance
Enhanced Network Protection
New Memory Protection
More Secure E-Mail Handling
Enhanced Browser Security
Improved Computer Maintenance
SP2 provides several built-in security technologies that reduce computer vulnerabilities.SP2 provides several built-in security technologies that reduce computer vulnerabilities.
How SP2 Minimizes the How SP2 Minimizes the Attack SurfaceAttack SurfaceSP2 FeaturesSP2 Features Security TechnologiesSecurity Technologies
Network ProtectionNetwork Protection
Windows FirewallWindows Firewall
Remote procedure call (RPC)Remote procedure call (RPC)
Distributed-component object modelDistributed-component object model (DCOM)(DCOM)
Memory ProtectionMemory Protection NX (Intel and AMD 64 bit processors currently)NX (Intel and AMD 64 bit processors currently)
Sandboxing (buffer overruns) & Cookies (stack Sandboxing (buffer overruns) & Cookies (stack overruns)overruns)
More Secure E-Mail More Secure E-Mail HandlingHandling
Multipurpose Internet mail extensionMultipurpose Internet mail extension (MIME)(MIME) type restrictionstype restrictions
Attachment handlingAttachment handling
Enhanced Browser Enhanced Browser SecuritySecurity
Pop-up management and crash detectionPop-up management and crash detection
Download promptDownload prompt
Improved Computer Improved Computer Maintenance Maintenance
Security CenterSecurity Center
Automatic updates & Anti Virus MonitoringAutomatic updates & Anti Virus Monitoring
Your instructor will demonstrate how to resolve a remote connectivity issue with the netsh command-line tool.
Your instructor will demonstrate how to resolve a remote connectivity issue with the netsh command-line tool.
Demonstration 1: Demonstration 1: Resolving Remote Connectivity Resolving Remote Connectivity Issues by Using the Netsh Issues by Using the Netsh Command-Line ToolCommand-Line Tool
You will see how to:You will see how to:
Allow access to MMC with Allow access to MMC with the firewall enabledthe firewall enabled
Unblock a specific port via Unblock a specific port via command line / scriptcommand line / script
SP2 Security Management SP2 Security Management Using Windows Security Using Windows Security CenterCenter
Windows FirewallConfiguration
Internet OptionsConfigurations
Antivirus Configuration
Automatic Update Configuration
Computer Running Security Center
Your instructor will demonstrate how to manage SP2 by using Security Center. Your instructor will demonstrate how to manage SP2 by using Security Center.
Demonstration 2:Demonstration 2:Managing SP2 by Using Windows Managing SP2 by Using Windows Security CenterSecurity Center
Specifically, you will learn to Specifically, you will learn to configure: configure:
The Automatic Updates The Automatic Updates optionoption
The Virus Protection The Virus Protection optionoption
Windows XP SP2 Network Windows XP SP2 Network Protection FeaturesProtection Features
Introduction to Windows XP Service Pack Introduction to Windows XP Service Pack 22
Windows XP SP2 Network Protection Windows XP SP2 Network Protection FeaturesFeatures
Reducing Applications Failures by Using Reducing Applications Failures by Using Windows XP SP2 Memory Protection Windows XP SP2 Memory Protection FeaturesFeatures
Exploring SP2 E-Mail Handling Security Exploring SP2 E-Mail Handling Security Features Features
Browsing Securely by Using SP2Browsing Securely by Using SP2
New Security Features in New Security Features in Windows FirewallWindows Firewall
Boot-time security
On by default
Global configuration and restore defaults
On with no exceptions
Command-line support
Unattended setup support
RPC Support for system services
Multiple profiles
Windows firewall exceptions list
Local subnet restrictions
Windows Firewall Advanced Windows Firewall Advanced Security FeaturesSecurity Features
Advanced options include:Advanced options include:
Basic configuration ICMP optionsBasic configuration ICMP options
Ability to enable specific network interfacesAbility to enable specific network interfaces
Connection and packet logging improvementsConnection and packet logging improvements
Demonstration 3: Demonstration 3: Exploring Exploring Windows Firewall New Security Windows Firewall New Security FeaturesFeatures
You instructor will demonstrate:You instructor will demonstrate: The On by Default featureThe On by Default feature The On with No Exceptions The On with No Exceptions
featurefeature The Windows Firewall The Windows Firewall
Exceptions ListExceptions List The Restore Defaults feature The Restore Defaults feature
(advanced options)(advanced options)
Enhanced DCOM SecurityEnhanced DCOM Security
Remote ClientDCOM Server
Specific COM Specific COM PermissionsPermissionsAble to restrict rights Able to restrict rights that are available to that are available to users to individual users to individual COM serversCOM servers
Computer-wide Computer-wide RestrictionsRestrictionsRestrictions that apply to Restrictions that apply to DCOM call, activation and DCOM call, activation and launch privileges and that launch privileges and that differentiate between local differentiate between local and remote clientsand remote clients
More Secure Remote More Secure Remote Procedure CallsProcedure Calls
Remote, Anonymous Client
Firewall
RPC Servers
Processes running on Local System, Network Service, Local Service security context
Open port
Allowed
Processes claiming to be RPC Services e.g. Trojan Horses
Other
accepted restricted
Open port
Blocked
Local Client and/orAuthenticated client Group Policy
Services Disabled by Services Disabled by Default in Windows XP Default in Windows XP SP2SP2Disabled ServiceDisabled Service Before SP2Before SP2 After SP2After SP2
AlerterAlerter Set to Start Set to Start ManuallyManually
Disabled by Disabled by DefaultDefault
Windows MessengerWindows Messenger Set to Start Set to Start AutomaticallyAutomatically
Disabled by Disabled by DefaultDefault
Alternative options:Alternative options:Recommended resolution; rewrite application to use another method to Recommended resolution; rewrite application to use another method to
communicate with the usercommunicate with the userStart the Alerter or Messenger service programmatically Start the Alerter or Messenger service programmatically
Reducing Application Reducing Application FailuresFailures
Introduction to Windows XP Service Introduction to Windows XP Service Pack 2Pack 2
Windows XP SP2 Network Protection Windows XP SP2 Network Protection FeaturesFeatures
Reducing Application Failures by Reducing Application Failures by Using Windows XP SP2 Memory Using Windows XP SP2 Memory Protection FeaturesProtection Features
Exploring SP2 E-Mail Handling Exploring SP2 E-Mail Handling Security Features Security Features
Browsing Securely by Using SP2Browsing Securely by Using SP2
Execution Protection (NX) Execution Protection (NX) and How It Worksand How It Works
NX features:NX features:
Memory locations tagged as nonexecutable unless location explicitly contains executable code
Memory locations tagged as nonexecutable unless location explicitly contains executable code
Buffer overrun attach protectionBuffer overrun attach protection
Currently available on some 64-bit CPUsCurrently available on some 64-bit CPUs
CPU-aided memory protectionCPU-aided memory protection
Exploring SP2 E-Mail Exploring SP2 E-Mail Handling Security FeaturesHandling Security Features
Introduction to Windows XP Service Introduction to Windows XP Service Pack 2Pack 2
Windows XP SP2 Network Protection Windows XP SP2 Network Protection FeaturesFeatures
Reducing Applications Failures by Reducing Applications Failures by Using Windows XP SP2 Memory Using Windows XP SP2 Memory Protection FeaturesProtection Features
Exploring SP2 E-Mail Handling Exploring SP2 E-Mail Handling Security FeaturesSecurity Features
Browsing Securely by Using SP2Browsing Securely by Using SP2
Attachment Manager in Attachment Manager in Outlook Express and Outlook Express and Windows MessengerWindows Messenger
New e-mail with attachment
User Running Outlook Express
User Running Windows Messenger
Different actions taken for:Different actions taken for:
Safe attachmentsSafe attachments
Unsafe attachmentsUnsafe attachments
Suspicious attachmentsSuspicious attachments
AES API
HTML Content Blocking HTML Content Blocking in Outlook Expressin Outlook Express
Content Blocking Feature:Content Blocking Feature:
Blocks external images Blocks external images
New “Don’t Download External HTML Content” feature New “Don’t Download External HTML Content” feature
Users Running Outlook Express
Web Server
Internet
Preserves the user's privacy and prevents future attacks Preserves the user's privacy and prevents future attacks
Web Server
Demonstration 4: Demonstration 4: Demonstrating and configuring Demonstrating and configuring Attachment Handling in Outlook Attachment Handling in Outlook ExpressExpress
You instructor will You instructor will demonstrate:demonstrate:
How Outlook Express How Outlook Express Handles Handles attachementsattachements
How to configure How to configure attachment handling attachment handling in Outlook Expressin Outlook Express
Browsing Securely by Browsing Securely by Using SP2Using SP2
Introduction to Windows XP Service Introduction to Windows XP Service Pack 2Pack 2
Windows XP SP2 Network Protection Windows XP SP2 Network Protection FeaturesFeatures
Reducing Applications Failures by Reducing Applications Failures by Using Windows XP SP2 Memory Using Windows XP SP2 Memory Protection FeaturesProtection Features
Exploring SP2 E-Mail Handling Exploring SP2 E-Mail Handling Security Features Security Features
Browsing Securely by Using SP2Browsing Securely by Using SP2
Managing Internet Explorer Managing Internet Explorer Browser SecurityBrowser SecuritySecurity featureSecurity feature Illustrate withIllustrate with
MIME security MIME security improvementsimprovements
Consistency checksConsistency checks Stricter rulesStricter rules
Better security Better security managementmanagement
Add-on control and management featuresAdd-on control and management featuresBetter promptsBetter promptsNew script-initiated window restrictionsNew script-initiated window restrictions
Local machine Local machine zonezone
A list of steps that make up the procedureA list of steps that make up the procedureAn interface or a GUI diagram with callout An interface or a GUI diagram with callout
labels labels
Feature control Feature control security zonesecurity zone
MIME sniffingMIME sniffingSecurity elevationSecurity elevationWindows restrictionWindows restriction
Group Policy Group Policy settingssettings
Administrative control for Feature Control Administrative control for Feature Control Security ZonesSecurity Zones
Making the Local Making the Local Computer More SecureComputer More Secure Internet Explorer information Internet Explorer information
barbar Internet Explorer add-on Internet Explorer add-on
installation promptinstallation prompt Internet Explorer download Internet Explorer download
promptpromptNew file handler iconNew file handler iconNew security information area New security information area Executable files are checked for Executable files are checked for
publisher information publisher information
Outlook Express promptsOutlook Express prompts
Blocking Annoying Pop-Blocking Annoying Pop-Up WindowsUp Windows
FeatureFeature DescriptionDescriptionPop-Up Pop-Up ManagerManager Blocks unwanted pop-upsBlocks unwanted pop-ups
Window Window RestrictionsRestrictions
Controls script-initiated Controls script-initiated repositioningrepositioning
Controls script-initiated Controls script-initiated resizingresizing
Window Window PlacementPlacement
Governs the placement of Governs the placement of pop-up windowspop-up windows
Managing Add-OnsManaging Add-Ons
Add On Management and Crash Detection:Add On Management and Crash Detection:
Better add-on detectionBetter add-on detection
New add-on management featuresNew add-on management features
Demonstration 5:Demonstration 5: Popups, Popups, Scripts and Configuring Add-On Scripts and Configuring Add-On ManagementManagement
You instructor will You instructor will demonstrate:demonstrate:
The Information Bar The Information Bar with popups and with popups and scriptsscripts
How to view How to view information about information about how often the add-how often the add-ons have been used ons have been used by Internet Explorerby Internet Explorer
Session SummarySession Summary
Introduction to Windows XP Service Introduction to Windows XP Service Pack 2Pack 2
Windows XP SP2 Network Protection Windows XP SP2 Network Protection FeaturesFeatures
Reducing Application Failures by Reducing Application Failures by Using Windows XP SP2 Memory Using Windows XP SP2 Memory Protection FeaturesProtection Features
Exploring SP2 E-Mail Handling Exploring SP2 E-Mail Handling Security Features Security Features
Browsing Securely by Using SP2Browsing Securely by Using SP2
Next StepsNext Steps Microsoft Canada TechnetMicrosoft Canada Technet
http://www.microsoft.com/http://www.microsoft.com/technet/canadatechnet/canada//
Find additional Technet events:Find additional Technet events:http://www.microsoft.com/http://www.microsoft.com/technet/canada/eventstechnet/canada/events//
Share information and get community-Share information and get community-based support for SP2 based support for SP2 http://http://
communities.microsoft.com/newsgroups/dcommunities.microsoft.com/newsgroups/default.asp?icpefault.asp?icp=xpsp2&slcid=us=xpsp2&slcid=us
Get additional information about Get additional information about changes to functionality in SP2 changes to functionality in SP2 http://www.microsoft.com/technet/http://www.microsoft.com/technet/
prodtechnol/winxppro/maintain/prodtechnol/winxppro/maintain/winxpsp2.mspxwinxpsp2.mspx
Questions and AnswersQuestions and Answers
Top Related