Windows Vista 系統安全建置指南
description
Transcript of Windows Vista 系統安全建置指南
-
Windows VistaMCSE : Security/Messaging MVP/MCTBS7799/ISO27001 Lead Auditor
-
WindowsLevel 200
-
VistaVista
-
What Are MSSC?(Microsoft Solutions for Security and Compliance)MicrosoftMicrosoftMicrosoftPartnersNon-products
-
Windows 98 and NT 4.0 Threat Mitigation GuideWindows 2000 Security GuideWindows XP Security GuideWindows Server 2003 Security GuideWindows Server 2003 Threats & Countermeasures GuideWindows Vista Security GuideWindows Vista Threats & Countermeasures GuideNote: Vista
-
TechNet Security Guidancehttp://www.microsoft.com/technet/security/http://www.microsoft.com/taiwan/technet/security
-
()
-
VistaVista
-
Windows VistaWindows VistaBitLocker, User Account ControlGPMC
-
Vista
text
text
Workstations
StartDefault Vista config
Risk level?
Low
Medium
High
Mitigate individual settings
Specific security scenario #3
Specific security scenario #4
Specific security scenario #1
Specific security scenario #2
Customized security config from baseline
Enterprise settings
ENDConfiguration deployed toWindows Vista computers
SSLF settings
-
Windows Server 2003 Group Policy Management ConsoleOU
-
OS hardeningIPSecNIDSApplication hardeningACLsEFS
-
AD
-
Man-in-the-middle
-
SMB(SMB signing)Internet Explorer
-
Specialized Security Limited Functionality (SSLF)Cost?
-
: DisableSSLF:
-
BIOS CompletePCBitLockerUSB
-
Windows Vista
-
(UAC)Internet ExplorerIE Phishing Filter64-bitIPSecDriver Resource ProtectionWindows Defender
-
Windows Update
-
VistaVista
-
Active Directory OU OU AD
-
Active DirectoryForestActive Directory DomainOUAD
-
OUGroup Policy OU OU OU
-
OU OU1 OU3 OU 4 GPO OU5 OU2
-
AD
-
Group Policy
-
GPO
-
Windows Vista
-
VistaVista
-
Windows VistaADMXUAC
-
LGPO AD GPO (AD GPOs )LGPOs The machineNEW: Admin or non-Admin local groupsNEW: Individual local users(machine LGPO ) GPO winsLGPO (Admins or the Non-Admins, not both)
-
ADMXADMSysvol (4Mb+ per GPO)ADMX ( ADML ) () (XML-based)
-
ADMX ADMX (GPMCGPEdit) [sysvol]\policies\policydefinitions, Windows Vista GPMC/GPEdit ADMX ()
-
Windows Vista(ADMX/ADM )Windows Vista ADM (ADMX ADM )ADMX and ADM files / ADM ( ADMX ).
-
Office
-
Removable storage device Policy SettingsreadwriteCD/DVDTapesUSB plug-in devicesWindows Portable Devices (WPD)All other external removable storage devices
-
User Account Control Policy setting Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options UAC
-
Windows Firewall IPSecWindows FirewallIPSec AD
-
API
-
Application Compatibility ToolkitUser Account Control (UAC)Windows Installer
-
ADWindows Vista
-
For More InformationTechNetwww.microsoft.com/taiwan/technetWindows Vistawww.microsoft.com/taiwan/windowsvistaWindows Vista: Resources for IT Professionalwww.microsoft.com/technet/windowsvista/default.mspxMicrosoft Securitywww.microsoft.com/security www.microsoft.com/taiwan/security www.microsoft.com/TechNet/SecurityMVP Communitywww.microsoft.com/taiwan/community
-
TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16