Title: Windows%20Vista??????
1Windows Vista??????
- ???
- ????????
- MCSE Security/Messaging
- MVP/MCT
-
2????
- ??Windows???????
- ???????????
Level 200
3????
- Windows Vista??????
- ??????
- IE 7.0?????
- Windows Defender????
- ???????
- ?????????
- ?????
4Windows Vista ???
??????
???????
IE ????
??????
???
Windows Defender
5Windows XP ?????
??
6Windows Vista ??????
- ?????????
- ??????
- ????????
??????
???????
??
S
S
S
D
D
D
?????? ???? ????? ?????????
S
D
D
7Windows ??????
??????
- ????????????
- ???????????????????????
- ?????????,??????
????
????
?????
??
8Internet Explorer 7?????
- ??????
- URL ????
- ???????????
- ActiveX Opt-in
- ????????
- ?????????????(Windows Vista only)
- ?? Windows Defender ????????
- ?????????
- ??????
- ????????????????
- SSL????
- International Domain Name (IDN)
????(http//www.microsóft.com) - ?????? (Parental Control, Windows Vista only)
9Internet Explorer ????
10??????(Phishing Filter)
URL Reputation Service
https//urs.microsoft.com
Known Good URLs
IEAPFLTR.DAT
11Windows Defender
- ????????????
- ????,???????
- ???????
12Windows Vista ???
13??????
Inbound
Outbound
Default Block most Few core exceptions
Default Allow all interactive Restrict services
Allow rules Programs, services Users,
computers Protocols, ports
Block rules Programs, services Users,
computers Protocols, ports
14????
Windows XP SP2 Windows Vista
Direction Inbound Inbound, outbound
Default action Block Configurable for direction
Packet types TCP, UDP, some ICMP All
Rule types Application, global ports, ICMP types Multiple conditions from basic five-tuple to IPsec metadata
Rule actions Block Block, allow, bypass with rule merge logic
UI and tools Control Panel, netsh C-Panel, more netsh, MMC
APIs Public COM, private C More COM to expose rules, more C to expose features
Remote management none Via hardened RPC interface
Group policy ADM file MMC, netsh
Terminology Exceptions profiles Rules categoriesprofiles
15??????(NAP)
3
1
2
?????
4
???????
Windows Vista Client
????
DHCP, VPN Switch/Router
5
- ?????
- ??????????????
- ? DHCP, VPN, IPsec, 802.1X ????????
- ???????????,?? IT ?????
- ???????????
??
16Windows DefenderWindows Firewall?????
17???????(UAC)
18UAC Architecture
Standard User Rights
Administrative Rights
Admin logon
Admin Token
Standard User Token
19UAC ArchitectureStandard User Mode
Standard User Rights
Administrative Rights
Standard User Mode
20UAC ArchitectureAdmin Privileges
Standard User Rights
Administrative Rights
Admin Privileges
21?????????
22????
23??????????????
24????
- ????? Smart Cards
- ?? Certificate Service Provider (CSP)
- ??????????????? Smart Cards
- ??????
- ???? GINA (msgina.dll)
- ??????????????
- ??????
25WinLogon ??Windows XP
Session 0
WinLogon
LSA
User GP
Profiles
SCM
Machine GP
MSGINA.DLL
Shell
Other Sessions
WinLogon
User GP
MSGINA.DLL
Shell
26WinLogon ??Windows Vista
Session 0
LSA
RCM
WinInit
Profiles
SCM
Group Policy
Other Sessions
WinLogon
LogonUI
Credential Provider 1
Credential Provider 2
Credential Provider 3
27Credential Providers?????
LSA
WinLogon
1. Ctrl Alt Delete
9. LSALogonUser
2. ??????
8. ??????
5. ????,??????????
LogonUI
4. ????
Credential Provider Interfaces
6. ??????????
7. ?????????
3. ????????
Credential Provider 2
Credential Provider 1
Credential Provider 3
28??????
- ??????
- ??????????????????????????
- ??????
- ??????????????
- ??????,??
- ????????
- ???????
29Windows Vista ?????
30?????
31Windows Vista ????
32(No Transcript)
33BitLocker ????
- ???????????,?????????????????????????
- ??????????? v1.2 TPM ???? USB ???????
BitLocker
34BitLocker And TPM Features
- BitLocker Drive Encryption (BDE)
- ??????
- ?? TPM v1.2 ??? pre-OS ???
- ???????????
- Pre-OS ???
- USB startup key, PIN, and TPM ??
- ??? Microsoft TPM Driver
- ?????????
- TPM Base Services (TBS)
- Enables third party applications
- Active Directory??
- ???? key ? AD
- Group Policy ??
- Scriptable ??
- TPM ??
- BitLocker??
- ???????
35??? Trusted Platform Module (TPM)?
- ??????Smartcard?????
- ????
- ???????
- RSA, SHA-1, RNG
- ?????????
- ????????????(Key)
- ????? Endorsement Key (EK)
- ????? Storage Root Key (SRK)
- ????????
- ????????? (hashes)
- ?????????
TPM 1.2 spec www.trustedcomputinggroup.org
36BitLocker Drive ????Static Root of Trust
Measurement of boot components
37????????????
- Wheres the Encryption Key?
- SRK (Storage Root Key)contained in TPM
- SRK encrypts FVEK (Full Volume Encryption Key)
protected by TPM/PIN/USB Storage Device - FVEK stored (encrypted by SRK) on hard drive in
the OS Volume
- OS Volume Contains
- Encrypted OS
- Encrypted Page File
- Encrypted Temp Files
- Encrypted Data
- Encrypted Hibernation File
3
OS Volume
FVEK
SRK
2
1
System
System Volume Contains MBR, Boot manager, Boot
Utilities (Unencrypted, small)
38???????
Ease of Deployment / Maintenance
???????????????????????????
TPM Only What it is Protects
Against Most SW attacks User Must N/A No user
impact
TPM PIN What it is what you
know Protects Against Many HW attacks User
Must Enter PIN to boot
39BitLocker Drive Encryption
40BitLocker ?????
- ??????????
- USB key??, ????? PIN
- ??????
- ?????? pre-OS ??(BIOS upgrade, etc)
- ??????
- ???????????
- ????
- Modified or missing pre-OS files(Hacked BIOS,
MBR, etc)
41BitLocker ?????
- ?????????????
- ?? BitLocker ???????????
- ?? Group Policy ?????? AD
- ????????????
- ??????????????
- ??? USB ?????
- ?????
- ???????
42?? BitLocker ?????
- Hard Disk
- BitLocker ?????????
- System partition (Active, NTFS, minimum 1.5GB)
- OS must be installed on separate partition
- OS and other partition(s) can be of any size
- USB
- System boot from USB 1.x and 2.x USB
- USB read/write in pre-OS environment
- FAT16, FAT32, or NTFS file system
43??????
44USB??????
45??
???????
?????????
- IE ?????????
- Windows Defender
- ????????
- IPSec ??
- ??????
- ???????
- ????? Smartcards
- ??????
- Bitlocker
- RMS ?????
????
- ????????
- ??????
- ?????
- ??????
- ????????
46For More Information
- TechNet
- www.microsoft.com/taiwan/technet
- Windows Vista
- www.microsoft.com/taiwan/windowsvista
- Windows Vista Resources for IT Professional
- www.microsoft.com/technet/windowsvista/default.msp
x - IE Website
- http//www.microsoft.com/windows/ie/
- MVP Community????
- www.microsoft.com/taiwan/community
47(No Transcript)