Click here to load reader
Upload
sadah
View
97
Download
8
Embed Size (px)
DESCRIPTION
Windows Vista 系統安全建置指南. 謝合宜 微軟特約技術顧問 MCSE : Security/Messaging MVP/MCT BS7799/ISO27001 Lead Auditor. 預備知識. 熟悉 Windows 作業系統的使用與管理 網路資訊安全管理. Level 200. 講題大綱. 安全指南的背景 Vista 的安全指南 網域架構的用戶端安全 加強的 Vista 安全. 安全指南的用途. 提供負責與可靠的安全指導方案 根基在客戶所提供的使用情境之上 有強烈的支持作用 專注在安全與效能、可用性的平衡 提供工具來導入安全建置指南. - PowerPoint PPT Presentation
Citation preview
Windows VistaMCSE : Security/Messaging MVP/MCTBS7799/ISO27001 Lead Auditor
WindowsLevel 200
VistaVista
What Are MSSC?(Microsoft Solutions for Security and Compliance)MicrosoftMicrosoftMicrosoftPartnersNon-products
Windows 98 and NT 4.0 Threat Mitigation GuideWindows 2000 Security GuideWindows XP Security GuideWindows Server 2003 Security GuideWindows Server 2003 Threats & Countermeasures GuideWindows Vista Security GuideWindows Vista Threats & Countermeasures GuideNote: Vista
TechNet Security Guidancehttp://www.microsoft.com/technet/security/http://www.microsoft.com/taiwan/technet/security
()
VistaVista
Windows VistaWindows VistaBitLocker, User Account ControlGPMC
Vista
text
text
Workstations
StartDefault Vista config
Risk level?
Low
Medium
High
Mitigate individual settings
Specific security scenario #3
Specific security scenario #4
Specific security scenario #1
Specific security scenario #2
Customized security config from baseline
Enterprise settings
ENDConfiguration deployed toWindows Vista computers
SSLF settings
Windows Server 2003 Group Policy Management ConsoleOU
OS hardeningIPSecNIDSApplication hardeningACLsEFS
AD
Man-in-the-middle
SMB(SMB signing)Internet Explorer
Specialized Security Limited Functionality (SSLF)Cost?
: DisableSSLF:
BIOS CompletePCBitLockerUSB
Windows Vista
(UAC)Internet ExplorerIE Phishing Filter64-bitIPSecDriver Resource ProtectionWindows Defender
Windows Update
VistaVista
Active Directory OU OU AD
Active DirectoryForestActive Directory DomainOUAD
OUGroup Policy OU OU OU
OU OU1 OU3 OU 4 GPO OU5 OU2
AD
Group Policy
GPO
Windows Vista
VistaVista
Windows VistaADMXUAC
LGPO AD GPO (AD GPOs )LGPOs The machineNEW: Admin or non-Admin local groupsNEW: Individual local users(machine LGPO ) GPO winsLGPO (Admins or the Non-Admins, not both)
ADMXADMSysvol (4Mb+ per GPO)ADMX ( ADML ) () (XML-based)
ADMX ADMX (GPMCGPEdit) [sysvol]\policies\policydefinitions, Windows Vista GPMC/GPEdit ADMX ()
Windows Vista(ADMX/ADM )Windows Vista ADM (ADMX ADM )ADMX and ADM files / ADM ( ADMX ).
Office
Removable storage device Policy SettingsreadwriteCD/DVDTapesUSB plug-in devicesWindows Portable Devices (WPD)All other external removable storage devices
User Account Control Policy setting Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options UAC
Windows Firewall IPSecWindows FirewallIPSec AD
API
Application Compatibility ToolkitUser Account Control (UAC)Windows Installer
ADWindows Vista
For More InformationTechNetwww.microsoft.com/taiwan/technetWindows Vistawww.microsoft.com/taiwan/windowsvistaWindows Vista: Resources for IT Professionalwww.microsoft.com/technet/windowsvista/default.mspxMicrosoft Securitywww.microsoft.com/security www.microsoft.com/taiwan/security www.microsoft.com/TechNet/SecurityMVP Communitywww.microsoft.com/taiwan/community
TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16TechNet TNT1-16