Clinic Introduction 15 Clinic Outline Session 1, “Security Enhancements in Windows Vista,” provides an overview of new security features in Windows Vista.. Session 2, “User Productivity
Trang 1Clinic Introduction 11
Facilities
Trang 212 Clinic Introduction
About This Clinic
This section provides you with a brief description of the clinic, objectives, and target audience
Description
This clinic introduces you to the new features of the Microsoft Windows Vista™
operating system that are relevant to IT professionals These features include security enhancements, user productivity enhancements, monitoring enhancements, and
manageability enhancements
Objectives
After completing this clinic, you will be able to:
• Describe potential security risks
• Understand the malware protection features in Windows Vista
• Understand the network protection features in Windows Vista
• Describe the security enhancements in Internet Explorer 7.0
• Understand the data protection features in Windows Vista
• Describe how Windows Vista enhances user productivity
• Describe the Windows Vista User Interface Enhancements
• Describe the Windows Vista Productivity enhancements
Trang 3Clinic Introduction 13
• Understand the Windows Features for Mobile PCs
• Manage the Windows Vista Boot Process
• Configure Power Management
• Describe the benefits of enhanced monitoring and management
• Describe Windows Vista system monitoring features
• Monitor and control applications
• Describe Group Policy enhancements in Windows Vista
• Understand the remote management features in Windows Vista
• Automate management tasks
Audience
The target audience for this clinic includes the following:
• IT Professionals who generally perform desktop support for Windows computers Typical duties for this IT Professional are user support, desktop configuration, and desktop troubleshooting They will be particularly interested in the new features of Windows Vista and how the changes affect Windows security, reliability,
performance, productivity and manageability
• Technical decision makers can gain an overview of Windows Vista features and benefits
Trang 414 Clinic Introduction
Prerequisites
This clinic requires that you meet the following prerequisite:
• 1 year experience with Windows client and server operating systems in a corporate environment
Trang 5Clinic Introduction 15
Clinic Outline
Session 1, “Security Enhancements in Windows Vista,” provides an overview of new security features in Windows Vista Many of the changes in Windows Vista have been made to prevent user-initiated security problems and to prevent unknown future attacks Security features relevant to malware, networks, Microsoft Internet Explorer® 7, and data protection are covered
Session 2, “User Productivity Enhancements in Windows Vista,” provides an overview
of the new features in Windows Vista that are seen and configured by users IT
Professionals must be aware of these features to help and educate their users Areas covered include user interface enhancements, productivity tools, features for mobile PCs, the startup process, and power management
Session 3, “Monitoring and Managing Windows Vista,” provides an overview of the new monitoring and management features in Windows Vista For most organizations, the cost
of software management is far greater than that of software acquisition The new
monitoring and management features in Windows Vista include Application Error
Reporting, Event Viewer enhancements, Group Policy enhancements, remote
management enhancements, reduced restarts, and Task Scheduler enhancements
Trang 616 Clinic Introduction
Next Steps
The next step after completing this session is:
• Clinic 5057A, First Look: Windows Vista for IT Professionals Hands-On Labs
Trang 7Session 1: Security Enhancements in Windows Vista
Table of Contents
Network Protection Features in Windows Vista 25 Internet Explorer 7 Security Enhancements 37
Trang 8Information in this document, including URL and other Internet Web site references, is subject to change without notice Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred Complying with all applicable copyright laws is the responsibility of the user Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation
The names of manufacturers, products, or URLs are provided for informational purposes only and Microsoft makes no representations and warranties, either expressed, implied, or statutory, regarding these
manufacturers or the use of the products with any Microsoft technologies The inclusion of a manufacturer or product does not imply endorsement of Microsoft of the manufacturer or product Links are provided to third party sites Such sites are not under the control of Microsoft and Microsoft is not responsible for the contents of any linked site or any link contained in a linked site, or any changes or updates to such sites Microsoft is not responsible for webcasting or any other form of transmission received from any linked site Microsoft is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement of Microsoft of the site or the products contained therein
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks,
copyrights, or other intellectual property
© 2006 Microsoft Corporation All rights reserved
Microsoft, Active Directory, ActiveX, Aero, Bitlocker, BizTalk, DirectX, Internet Explorer, NetMeeting, Visual Studio, Windows, Windows Media, Windows Server, and Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries
The names of actual companies and products mentioned herein may be the trademarks of their respective owners
Trang 9Session 1: Security Enhancements in Windows Vista 1
Session Overview
Introduction
Computer security is a critical issue for all organizations Increased regulation has fueled the need to ensure compliance with heightened security requirements such as privacy laws In addition to software flaws, many security issues are user initiated The
Microsoft® Windows Vista™ operating system includes a variety of new features to increase security
Objectives
After completing this session, you will be able to:
• Describe potential security risks
• Understand the malware protection features in Windows Vista
• Understand the network protection features in Windows Vista
• Describe the security enhancements in Microsoft Internet Explorer® 7
• Understand the data protection features in Windows Vista
Trang 102 Session 1: Security Enhancements in Windows Vista
Security Risks
Introduction
There are security risks inherent to all computer systems regardless of the operating system that they run Understanding security risks with computing systems is the first step toward mitigating those risks This section describes some of the security risks to computing systems and provides a brief overview of how Windows Vista mitigates them
Objectives
After completing this section, you will be able to:
• Describe security risks to computer systems
• Describe how Windows Vista addresses security risks
• Describe Windows Vista platform improvements
Trang 11Session 1: Security Enhancements in Windows Vista 3 What Are Security Risks?
To make it easier to plan defenses, security risks can be divided into broad categories Each category shares a set of characteristics that can be analyzed and protected against Security risk categories include:
• Malware Malware is software that performs unauthorized operations on your
computer Viruses, Trojans (Trojan horses), and spyware are examples of malware Malware can be introduced by users installing unauthorized software or visiting malicious Web sites
• Network risks Computers are usually connected by a network Much of the value we
gain from computers is based on using network resources like the Internet, database servers, and file servers However, computer networks facilitate attacks on computers Worms replicate themselves over networks, and hackers use networks to try and break into systems
• Web browser risks Almost every information worker in an organization uses a Web
browser to perform research and access Internet and intranet applications Some malicious Web sites attempt to modify the configuration of the local computer by exploiting flaws in Web browsers Other Web sites attempt to impersonate legitimate Web sites such as online banks to steal personal information in an attack known as phishing
Trang 124 Session 1: Security Enhancements in Windows Vista
• Data risks As workers have become more mobile with portable computers, more
corporate data is being carried outside the physical walls of the organization When a portable computer is lost or stolen, it is often easy for unauthorized people to gain access to corporate data stored on the portable computer In addition, corporate data
is often transmitted outside the organization where there is no control over
retransmission or use of that data
Trang 13Session 1: Security Enhancements in Windows Vista 5 How Windows Vista Addresses Security Risks
One of the major focuses in Windows Vista development is increased security Many of the new features in Windows Vista are specifically designed to make Windows Vista more secure than any previous version of Windows
Windows Vista security features include:
• Hardened services to reduce the risk of a Windows service being used by an attacker
• User Account Control (UAC) to limit the use of administrative privileges
• Windows Defender to prevent and remove spyware
• Windows Firewall enhancements to mitigate network risks
• Network Access Protection (NAP) to control which workstations are able to access the network
• Internet Explorer Protected Mode to prevent malicious Web sites from affecting the local computer
• The Phishing Filter in Internet Explorer 7 reduces the likelihood of a phishing attack being successful
• BitLocker Drive Encryption to secure data on portable computer hard drives
• Rights management to control how data is used, even outside your organization
The preceding security topics are discussed in detail later in this session
Trang 146 Session 1: Security Enhancements in Windows Vista
What Are the Platform Improvements?
In addition to the new features in Windows Vista that address security risks, there are also some specific platform improvements The platform improvements change some of the security systems in Windows Vista to make them more effective and easier to use The platform improvements in Windows Vista are:
• Flexible authentication Windows Vista authentication capabilities are more flexible,
providing a variety of choices for customized authentication mechanisms, such as fingerprint scanners and smart cards Deployment and management tools, such as self-service personal identification number (PIN) reset tools, make smart cards easier
to manage and deploy Smart cards can also be used to log on to Windows Vista Further, Windows Vista enables authentication using Internet Protocol version 6 (IPv6) or Web services
• Easier certificate management Certificate enrollment is made easier because
Windows Vista includes Credential Manager enhancements that enable backing up and restoring credentials stored on the local computer The new Digital Identity Management Service (DIMS) provides certificate and credential roaming within an Active Directory® directory service forest and end-to-end certificate life cycle
management scenarios
Trang 15Session 1: Security Enhancements in Windows Vista 7
• Enhanced auditing Windows Vista auditing capabilities make it easier to track what
users do Auditing areas now include multiple subcategories, making it much easier
to focus on events of interest Windows Vista integrated audit event forwarding collects and forwards critical audit data to a central location, enabling small networks
as well as enterprises to better organize and analyze audit data
Trang 168 Session 1: Security Enhancements in Windows Vista
Malware Protection Features
Introduction
Malware is malicious software that is installed without your explicit consent Malware includes spyware, viruses, and worms Malware can steal personal information and cause system performance problems as well as data loss and system failures Windows Vista implements hardened services, UAC, and Windows Defender to limit the risks posed by malware
Objectives
After completing this section, you will be able to:
• Describe how malware is installed
• Describe how Windows Vista protects against malware
• Describe service hardening
• Describe User Account Control
• Understand how UAC helps prevent malware
• Understand how to administer UAC
• Describe Windows Defender
• Understand Windows Defender scanning modes
Trang 17Session 1: Security Enhancements in Windows Vista 9 How Is Malware Installed?
Malware is installed without your explicit consent It needs to either exploit a flaw in the operating system or trick you into installing it In most cases, viruses and worms exploit flaws to install themselves, but spyware is usually established by tricking users into installing it
Buffer Overflows
The most common operating system flaw that is exploited by malware is the buffer
overflow All Windows services and applications are designed to expect certain data during communication Most of the time when services and applications receive data, they verify that the amount of data received is the amount of data that is expected
However, if the verification step is accidentally omitted, a buffer overflow can occur
A buffer overflow occurs when a service or application receives more input than was expected and does not handle the additional data correctly In most cases, a buffer
overflow results in the service or application stopping Occasionally a buffer overflow allows arbitrary code to be executed on the computer
Trang 1810 Session 1: Security Enhancements in Windows Vista
Trojans
A Trojan is software that pretends to be for one purpose but performs another For example, you could run a file management tool that you have downloaded from the Internet, and the file management tool might install spyware
When users are logged on using administrative credentials, they are allowed to install and configure software Trojans take advantage of this to install malware
Social Engineering
Even if computer systems are completely secure from a technology perspective, the systems are still vulnerable to user errors and actions Social engineering is the process of tricking a user into performing a task, such as installing undesirable software or
inadvertently providing password information
Social engineering is used by malware creators when they offer users Internet Explorer toolbars and additional software that adds emoticons to e-mail messages Many of these appear to be legitimate software but also install spyware Sometimes software that purports to remove spyware is actually spyware itself