Session 1: Windows XP Service Pack 2 Security Technologies

1
2851A_C01
2
Microsoft Windows XP Service Pack 2 Security
Technologies

• Bruce Cowper
• IT Pro Advisor
• Microsoft Canada

3
Session Prerequisites

• Experience managing Windows XP Professional
  desktops
• An understanding of the deployment tools that are
  used to deploy Windows XP and updates to the
  desktop
• Experience using Group Policy to manage desktops

Level 200
4
Session Prerequisites (cont.)

• OR
• The skills represented by taking
• Course 2285 (covering Windows XP)
• Course 2297 (designing Active Directory and
  networking)

5
Introduction to Windows XP Service Pack 2

• Introduction to Windows XP Service Pack 2
• Windows XP SP2 Network Protection Features
• Reducing Applications Failures by Using Windows
  XP SP2 Memory Protection Features
• Exploring SP2 E-Mail Handling Security Features
• Browsing Securely by Using SP2

6
The Need for SP2
Security attack trends include

• Increased uses of automation - tools for
  Scanning, Compromising and Propagation.

• Asymmetric threats - distributed systems to
  attack single targets

• Increased complexity - Tool signatures more
  complex and difficult to detect.

• Infrastructure attacks - denial of service and
  worms

• Faster detection of vulnerabilities and faster
  exploits.

• Firewall intrusions -harnessing firewall
  friendly and mobile code

7
What Is New in SP2?
SP2 provides several built-in security
technologies that reduce computer vulnerabilities.
New and Improved Features

• Enhanced Network Protection
• New Memory Protection
• More Secure E-Mail Handling
• Enhanced Browser Security
• Improved Computer Maintenance

8
How SP2 Minimizes the Attack Surface
9
Demonstration 1 Resolving Remote Connectivity
Issues by Using the Netsh Command-Line Tool
Your instructor will demonstrate how to resolve a
remote connectivity issue with the netsh
command-line tool.

• You will see how to
• Allow access to MMC with the firewall enabled
• Unblock a specific port via command line / script

10
SP2 Security Management Using Windows Security
Center
Computer Running Security Center
Windows FirewallConfiguration
Internet OptionsConfigurations
Antivirus Configuration
Automatic Update Configuration
11
Demonstration 2Managing SP2 by Using Windows
Security Center
Your instructor will demonstrate how to manage
SP2 by using Security Center.

• Specifically, you will learn to configure
• The Automatic Updates option
• The Virus Protection option

12
Windows XP SP2 Network Protection Features

• Introduction to Windows XP Service Pack 2
• Windows XP SP2 Network Protection Features
• Reducing Applications Failures by Using Windows
  XP SP2 Memory Protection Features
• Exploring SP2 E-Mail Handling Security Features
• Browsing Securely by Using SP2

13
New Security Features in Windows Firewall
On by default
ü
Global configuration and restore defaults
ü
Multiple profiles
ü
On with no exceptions
ü
Windows firewall exceptions list
ü
Local subnet restrictions
ü
Command-line support
ü
Boot-time security
ü
Unattended setup support
ü
RPC Support for system services
ü
14
Windows Firewall Advanced Security Features
Advanced options include

• Ability to enable specific network interfaces

• Basic configuration ICMP options

• Connection and packet logging improvements

15
Demonstration 3 Exploring Windows Firewall New
Security Features

• You instructor will demonstrate
• The On by Default feature
• The On with No Exceptions feature
• The Windows Firewall Exceptions List
• The Restore Defaults feature (advanced options)

16
Enhanced DCOM Security
Remote Client
DCOM Server
17
More Secure Remote Procedure Calls
Open port
Blocked
accepted
restricted
18
Services Disabled by Default in Windows XP SP2

• Alternative options
• Recommended resolution rewrite application to
  use another method to communicate with the user
• Start the Alerter or Messenger service
  programmatically

19
Reducing Application Failures

• Introduction to Windows XP Service Pack 2
• Windows XP SP2 Network Protection Features
• Reducing Application Failures by Using Windows XP
  SP2 Memory Protection Features
• Exploring SP2 E-Mail Handling Security Features
• Browsing Securely by Using SP2

20
Execution Protection (NX) and How It Works
NX features

• CPU-aided memory protection

• Memory locations tagged as nonexecutable unless
  location explicitly contains executable code

• Buffer overrun attach protection

• Currently available on some 64-bit CPUs

21
Exploring SP2 E-Mail Handling Security Features

• Introduction to Windows XP Service Pack 2
• Windows XP SP2 Network Protection Features
• Reducing Applications Failures by Using Windows
  XP SP2 Memory Protection Features
• Exploring SP2 E-Mail Handling Security Features
• Browsing Securely by Using SP2

22
Attachment Manager in Outlook Express and Windows
Messenger
New e-mail with attachment
Different actions taken for

• Safe attachments

• Unsafe attachments

AES API

• Suspicious attachments

User Running Windows Messenger
User Running Outlook Express
23
HTML Content Blocking in Outlook Express
Content Blocking Feature

• Blocks external images

• New Dont Download External HTML Content
  feature

• Preserves the user's privacy and prevents future
  attacks

Web Server
Web Server
Users Running Outlook Express
Internet
24
Demonstration 4 Demonstrating and configuring
Attachment Handling in Outlook Express

• You instructor will demonstrate
• How Outlook Express Handles attachements
• How to configure attachment handling in Outlook
  Express

25
Browsing Securely by Using SP2

• Introduction to Windows XP Service Pack 2
• Windows XP SP2 Network Protection Features
• Reducing Applications Failures by Using Windows
  XP SP2 Memory Protection Features
• Exploring SP2 E-Mail Handling Security Features
• Browsing Securely by Using SP2

26
Managing Internet Explorer Browser Security
27
Making the Local Computer More Secure

• Internet Explorer information bar
• Internet Explorer add-on installation prompt
• Internet Explorer download prompt
• New file handler icon
• New security information area
• Executable files are checked for publisher
  information
• Outlook Express prompts

28
Blocking Annoying Pop-Up Windows
29
Managing Add-Ons
AddOn Management and Crash Detection

• Better add-on detection

• New add-on management features

30
Demonstration 5 Popups, Scripts and Configuring
Add-On Management

• You instructor will demonstrate
• The Information Bar with popups and scripts
• How to view information about how often the
  add-ons have been used by Internet Explorer

31
Session Summary

• Introduction to Windows XP Service Pack 2
• Windows XP SP2 Network Protection Features
• Reducing Application Failures by Using Windows XP
  SP2 Memory Protection Features
• Exploring SP2 E-Mail Handling Security Features
• Browsing Securely by Using SP2

32
Next Steps

• Microsoft Canada Technet
• http//www.microsoft.com/technet/canada/
• Find additional Technet events
• http//www.microsoft.com/technet/canada/events/
• Share information and get community-based support
  for SP2
• http//communities.microsoft.com/newsgroups/defaul
  t.asp?icpxpsp2slcidus
• Get additional information about changes to
  functionality in SP2
• http//www.microsoft.com/technet/prodtechnol/winxp
  pro/maintain/winxpsp2.mspx

33
Questions and Answers