Windows Vista Security David Kenney Christopher Lange Background

Windows Vista Security David Kenney Christopher Lange

Background n n Windows Vista is Microsoft’s most current operating system Vista offers new security features: • Windows Defender • User Account Control • Windows Firewall with Advanced Security

Windows Defender n n n Microsoft’s anti-spyware program now integrated with the Windows Vista operating system Designed to detect, remove, and prevent spyware Supports not only scanning, but realtime protection

User Account Control (UAC) n n n Windows Vista security infrastructure Applications run with standard user privileges until an administrator authorizes an increase in privilege Much criticism over the number of prompts a user can receive from UAC requesting authorization

Windows Firewall with Advanced Security n n Not accessible by default, but can easily be accessed Allows for more advanced control of the firewall including: • Firewall Profiles • IPSec Configuration • Connection Security Rules • Inbound/Outbound Rules • Rules Monitoring

Introduction n The lab will require a new hard drive with Windows Vista pre-installed and the following software available NAS: • • Cain & Abel F-Secure Black. Light Rootkit Eliminator Ophcrack Live. CD Regtick Scoundrel Simulator Trojan Simulator Spybot Search & Destroy with Detection Update

Lab Procedure n n UAC and Windows Defender will be introduced, tested, and compared with Spybot Search & Destroy Applications such as Trojan Simulator, Regtick, and Scoundrel Simulator will be used with various privileges to test how UAC and Windows Defender will react

Lab Procedure n n The Windows Firewall with Advanced Security configuration will be introduced Writing custom rules for situations such as blocking Nmap scans as was done in previous labs for Linux and Windows third party software

Lab Procedure n n n Password cracking of Windows Vista user accounts using Ophcrack, Cain & Abel, and rainbow tables Vista does not use LM hashes, but stores passwords in the SAM file making them harder to crack Can be done with NTLM hashes fairly easily if the password is weak

Lab Procedure n n n Rootkits and backdoors are always a prominent threat We were unable to acquire any means of attacking Vista, but the DFK Threat. Simulator or similar program may one day be updated to do so F-Secure Black. Light Rootkit Eliminator is a scanning program that is capable of checking Vista for rootkits

Lab Procedure n n Worms and viruses are a serious threat to all Windows operating systems We were unable to acquire any new worms or viruses, so we used the Anna. Kournikova. jpg. vbs worm from a previous lab to demonstrate the need for updated anti-virus software

Conclusion n n Throughout the semester we have done numerous attacks and learned security techniques for both Red. Hat and Windows XP Windows Vista is still fairly new and no labs cover the new security features it offers and how effective they may or may not be

Questions?