Windows Vista Security

1
Windows Vista Security

• David Kenney
• Christopher Lange

2
Background

• Windows Vista is Microsofts most current
  operating system
• Vista offers new security features
• Windows Defender
• User Account Control
• Windows Firewall with Advanced Security

3
Windows Defender

• Microsofts anti-spyware program now integrated
  with the Windows Vista operating system
• Designed to detect, remove, and prevent spyware
• Supports not only scanning, but real-time
  protection

4
User Account Control (UAC)

• Windows Vista security infrastructure
• Applications run with standard user privileges
  until an administrator authorizes an increase in
  privilege
• Much criticism over the number of prompts a user
  can receive from UAC requesting authorization

5
Windows Firewall with Advanced Security

• Not accessible by default, but can easily be
  accessed
• Allows for more advanced control of the firewall
  including
• Firewall Profiles
• IPSec Configuration
• Connection Security Rules
• Inbound/Outbound Rules
• Rules Monitoring

6
Introduction

• The lab will require a new hard drive with
  Windows Vista pre-installed and the following
  software available NAS
• Cain Abel
• F-Secure BlackLight Rootkit Eliminator
• Ophcrack LiveCD
• Regtick
• Scoundrel Simulator
• Trojan Simulator
• Spybot Search Destroy with Detection Update

7
Lab Procedure

• UAC and Windows Defender will be introduced,
  tested, and compared with Spybot Search Destroy
• Applications such as Trojan Simulator, Regtick,
  and Scoundrel Simulator will be used with various
  privileges to test how UAC and Windows Defender
  will react

8
Lab Procedure

• The Windows Firewall with Advanced Security
  configuration will be introduced
• Writing custom rules for situations such as
  blocking Nmap scans as was done in previous labs
  for Linux and Windows third party software

9
Lab Procedure

• Password cracking of Windows Vista user accounts
  using Ophcrack, Cain Abel, and rainbow tables
• Vista does not use LM hashes, but stores
  passwords in the SAM file making them harder to
  crack
• Can be done with NTLM hashes fairly easily if the
  password is weak

10
Lab Procedure

• Rootkits and backdoors are always a prominent
  threat
• We were unable to acquire any means of attacking
  Vista, but the DFK ThreatSimulator or similar
  program may one day be updated to do so
• F-Secure BlackLight Rootkit Eliminator is a
  scanning program that is capable of checking
  Vista for rootkits

11
Lab Procedure

• Worms and viruses are a serious threat to all
  Windows operating systems
• We were unable to acquire any new worms or
  viruses, so we used the AnnaKournikova.jpg.vbs
  worm from a previous lab to demonstrate the need
  for updated anti-virus software

12
Conclusion

• Throughout the semester we have done numerous
  attacks and learned security techniques for both
  RedHat and Windows XP
• Windows Vista is still fairly new and no labs
  cover the new security features it offers and how
  effective they may or may not be

13
Questions?