La descarga está en progreso. Por favor, espere

La descarga está en progreso. Por favor, espere

Elementos de seguridad en Windows Vista

Presentaciones similares


Presentación del tema: "Elementos de seguridad en Windows Vista"— Transcripción de la presentación:

1 Elementos de seguridad en Windows Vista
<nombre> <rol o cargo> <organización> < > Slide Title: Title Slide Keywords: Title Key Message: Title Slide Builds: 0 Slide Script: Hello and welcome to this Microsoft TechNet session on security features in Windows Vista. My name is {insert name}. Slide Transition: Let’s look at some of the topics we will cover today. Slide Comment: Additional Information:

2 Aspectos a cubrir en esta charla
Fundamentos de seguridad Protección de los recursos de la compañía Características anti-malware Slide Title: What We Will Cover? Keywords: Key Topics Key Message: What we will cover in this session Slide Builds: 3 Slide Script: When Microsoft Windows Vista arrives later this year, there will be over 1 billion PCs in use worldwide. Not only are there more PCs, but people are doing more with them. Businesses depend on PCs for their core business processes; they store more information digitally; and employees rely on their PCs to communicate with each other. Among home Internet users in the United States, broadband connections and online banking are more common than ever, and the PC has become the entertainment hub for photos, music, gaming, and video. Unfortunately, with more valuable information being stored and transferred online, computers have become an even greater target for attackers, identity thieves, and other criminals. Originally, most virus-writers were motivated by curiosity and personal fame. Today, they are motivated by money. A stolen credit card number can be worth as much as $100 on the black market. As a result, phishing web sites grew by nearly 500 percent in one year. And more than 25 percent of Help desk time today is spent dealing with spyware. With so much motivation to compromise computer systems, users require computers with new levels of protection. During the development of Windows Vista, we took a holistic approach to security that produces a fundamentally more secure operating system than earlier versions of Windows while still integrating easily into your current computing infrastructure. [BUILD1] Building on the significant security advances in Windows XP Service Pack 2, Windows Vista includes fundamental architectural changes that help to make you more secure from evolving threats, including worms, viruses, and malware. Windows Vista was designed and developed using Microsoft’s Security Development Lifecycle (SDL), a rigorous process that significantly reduces the number and severity of security-related design and coding defects. These improvements minimize the operating system’s attack surface area, which is key to improving system and application integrity, helping you more securely manage and isolate your networks. [BUILD2] You need to protect your company’s resources. To assist you in this, we’ve developed Windows Vista to provide secure access to system resources. User Account Control allows you to better manage users’ desktops and allows them access to only business-necessary resources. With improved auditing support, you can better monitor what information your users are accessing. Companies are increasingly concerned about the company and customer data that is on lost or stolen portable computers. There are many stories in the news about laptops with sensitive and confidential data stolen from corporations or government agencies. A new feature in Windows Vista, BitLocker Drive Encryption can protect these systems by encrypting the entire system volume, including all the data. Additionally, with Windows Vista you can control installation of common devices, such as USB flash drives, to protect your data from leaving your network. [BUILD3] Malware, such as viruses, worms, spyware, and other potentially unwanted software, can cause a wide range of problems, including theft of personal information, slower PC performance, and the appearance of unwanted advertising. The effects of malware can range from mere annoyances to significant problems that take a considerable amount of time and money to fix. We believe the best approach to stopping malware is to layer security features. Windows Vista contains several layered security features that help prevent malware from installing, and that help find and remove malware if it has already been installed. These include Automatic Updates and Windows Security Center, the new Windows Vista Firewall, and Internet Explorer Protected Mode. Slide Transition: As we go through today's session, you will hear various Microsoft acronyms and terminology. Slide Comment: Additional Information:

3 Experiencia útil Nivel 200 Interfaz de usuario de Windows
Conceptos de seguridad de Windows Slide Title: Helpful Experience Keywords: Experience, user interface, security concepts Key Message: Audience prerequisites Slide Builds: 1 Slide Script: While we will explain all new terms related to this session, there are some general terms from the industry or from other versions of Microsoft products that we may not spend time on. To help you out, we have listed the areas that it may be helpful to be familiar with, either prior to this session or to reference afterwards. First, you should be familiar with the Windows user interface, especially in either Windows XP or Windows Server While Windows Vista offers a fresh, new look, many features and functions behave similarly to previous versions of Windows. [BUILD1] It will also be helpful if you are familiar with some basic Windows security concepts, such as configuring user access, network and firewall properties, and authentication methods. Slide Transition: To cover all our topics and keep the session flow going, we have divided the session up into the following agenda items. Slide Comment: Additional Information: Nivel 200

4 Agenda Conceptos fundamentales de seguridad
Mitigación de amenazas y de vulnerabilidades Control de identidades y de acceso Protección de la información del sistema Slide Title: Agenda: Exploring Security Fundamentals Keywords: Agenda Key Message: Agenda Slide Builds: 3 Slide Script: Windows Vista offers many advances in security and compliance. We’ll begin by looking at some of the Windows Vista security fundamentals. This will take us through the security development life cycle, including threat modeling and code reviews. Then we will look at Windows service hardening. [BUILD1] Next, we will show how Windows Vista improves upon threat and vulnerability mitigation. These include Internet Explorer Protected Mode, Windows Defender, and Network Access Protection. [BUILD2] Companies are faced with a constant trade-off between security and productivity. We will show how Windows Vista introduces User Access Control in an effort to do away with this trade-off. Then we’ll look at other steps taken to enhance identity and access control, such as Plug and Play smartcards and granular auditing. [BUILD3] Finally, we are going to look at how to protect a company’s most important asset: its information. BitLocker Drive Encryption, used either alone or with a trusted platform module, secures the computer’s entire drive. The use of EFS smartcards and RMS clients also reduces the threat of information leakage. Slide Transition: One of administrator’s most requested features in an operating system is a “secure by default” behavior. Slide Comment: Additional Information:

5 Fundamentos de Windows Vista
Seguro por Defecto Fundamentos de Windows Vista Slide Title: Windows Vista Fundamentals Keywords: security, security advisors, threat modeling, common criteria certification Key Message: Design goals and practices behind Windows Vista security. Slide Builds: 2 Slide Script: Therefore, with Windows Vista, there are several processes in place to ensure that Windows Vista is secure by design. Slide Transition: Slide Comment: Additional Information:

6 Fundamentos de Windows Vista
Seguro por Defecto Fundamentos de Windows Vista Improved SDL Slide Title: Windows Vista Fundamentals Keywords: security, security advisors, threat modeling, common criteria certification Key Message: Design goals and practices behind Windows Vista security. Slide Builds: 2 Slide Script: [BUILD1] An improved Security Development Lifecycle (SDL) process was implemented for Windows Vista. Before any of the features of the operating system are implemented, we wanted to make sure that the code itself is secure. This is done by looking at the product end-to-end with security in mind. The process starts with periodic mandatory security training for all of our developers and program managers. Through this training, the teams gain a deeper understanding of what security threats exist and how to write secure code to protect against these threats. We also have security advisors for all the various parts of the operating system. This means that even developers working on a piece of the operating system that has no relation to security will still have a security advisor to help them understand the threat model for that operating system component. This threat modeling has been done throughout the design phase to help ensure that the code is created with security in mind, rather than being identified as a security risk after it is implemented. Throughout the build process, the product has been reviewed by security experts and tested both internally and externally. All of this helps contribute to a highly secure product. Slide Transition: Slide Comment: Additional Information:

7 Fundamentos de Windows Vista
Seguro por Defecto Fundamentos de Windows Vista Improved SDL Common Criteria Certification Slide Title: Windows Vista Fundamentals Keywords: security, security advisors, threat modeling, common criteria certification Key Message: Design goals and practices behind Windows Vista security. Slide Builds: 2 Slide Script: [BUILD2] Finally, Windows Vista has been designed with Common Criteria certification in mind. This is a set of evaluation criteria set by the United States government for judging the security of computer systems. By meeting these criteria, we are making sure that the product meets the requirements for use in the most secure installations. Slide Transition: With Windows XP, services don’t run at a high level of security. Slide Comment: Additional Information:

8 Hardening de Servicios en Windows Vista
Slide Title: Windows Vista Service Hardening Keywords: service hardening, security layers, privileges, outbound filtering Key Message: Introduce the new service hardening with Windows Vista. Slide Builds: 3 Slide Script: Fewer security layers with Window XP mean a larger attack service for exploiting vulnerabilities. Also, some drivers can run in both kernel mode and user mode, meaning that it’s easier for malware to manipulate a service or driver that runs in kernel mode. And, since many of these services run at a high-privilege level, if a service is compromised, the threat of it having access to the entire system is quite real. Windows Service Hardening with Windows Vista increases the level of security against these malware threats to services. With service hardening, if a vulnerability is found in a service and compromised by exploit code, that exploit code isn’t allowed to propagate to other computers on the network. Slide Transition: Slide Comment: Additional Information: Kernel drivers D User-mode drivers

9 Hardening de Servicios en Windows Vista
Reducir tamaño de capas de alto riesgo D Slide Title: Windows Vista Service Hardening Keywords: service hardening, security layers, privileges, outbound filtering Key Message: Introduce the new service hardening with Windows Vista. Slide Builds: 3 Slide Script: [BUILD1] With Windows Vista, the number of security layers between the user and the system kernel has been increased. In addition, the size of the high-risk layers has been reduced. This means that the amount of code that has to run at the kernel level has been significantly reduced. For example, with previous versions of Windows, there were printer drivers that had some kernel-mode code and some user-mode code. With Windows Vista, the printer drivers have been moved into user mode exclusively so that there’s no kernel code in the drivers themselves. This has been done for a variety of services, and by making sure that services run with the least amount of privileges required, the system becomes more secure. Slide Transition: Slide Comment: Additional Information: Kernel drivers D User-mode drivers

10 Hardening de Servicios en Windows Vista
Reducir tamaño de capas de alto riesgo Segmentar los servicios D Service 1 2 3 Service … A B Slide Title: Windows Vista Service Hardening Keywords: service hardening, security layers, privileges, outbound filtering Key Message: Introduce the new service hardening with Windows Vista. Slide Builds: 3 Slide Script: [BUILD2] The services that do require higher privileges have been segmented so that there’s some lower-privileged code running and some higher-privileged code running. Again, the key is reducing the amount of code that is high-privilege. Also, by using outbound filtering on the firewall with some other components, applications or operating systems can be profiled when they start, such as regarding which network ports they can use, where in the file system they can write, and where in the registry they can write. Slide Transition: Slide Comment: Additional Information: Kernel drivers D User-mode drivers

11 Windows Vista Service Hardening
Reducir tamaño de capas de alto riesgo Segmentar los servicios Incrementar número de capas D Service 1 2 3 Service … A B Slide Title: Windows Vista Service Hardening Keywords: service hardening, security layers, privileges, outbound filtering Key Message: Introduce the new service hardening with Windows Vista. Slide Builds: 3 Slide Script: [BUILD3] Finally, there is a new layer introduced called user mode drivers. Even if there are vulnerabilities in a Windows service, and it’s compromised by exploit code, that exploited code is unable to make that service do something that it wouldn’t ordinarily be allowed to do. This helps reduce the risk of malware quickly spreading to other computers. What does this mean? Let’s consider the Blaster Worm that appeared a few years ago. It did several different things. First, it exploited a vulnerability in the RPC service and forced RPC to write a file to the file system. It also wrote a key to the “run” key registry that made the malware persist once the system restarted. However, RPC shouldn’t be writing to the run key in the registry, nor should it be able to write to the file system. With service hardening in Windows Vista, when RPC starts, it will have a profile of which network ports it can talk on and where it can write in the file system and registry. This is then enforced by the operating system, so that if something like Blaster comes along again in the future, it won’t be able to use RPC or other Windows services to do things that it shouldn’t normally be able to do. In this way, we can prevent malware from propagating rapidly across your network. Slide Transition: Service hardening will be available to third parties to opt into so that they can also take advantage of these security enhancements. Slide Comment: Additional Information: Kernel drivers D User-mode drivers

12 Agenda Conceptos fundamentales de seguridad
Mitigación de amenazas y de vulnerabilidades Control de identidades y de acceso Protección de la información del sistema Slide Title: Agenda: Mitigating Threats and Vulnerabilities Keywords: Agenda Key Message: Agenda Slide Builds: 0 Slide Script: Now that we have introduced some of the fundamentals of Windows Vista security, let’s delve into threat and vulnerability mitigation with Windows Vista. Slide Transition: Internet Explorer 7 provides significant improvements over Internet Explorer 6. Slide Comment: Additional Information:

13 Internet Explorer 7.0 Social Engineering Protections
Filtro anti-Phishing y barra de dirección URL con color Notificación de configuración peligrosa Slide Title: Internet Explorer 7.0 Keywords: Internet Explorer 7.0, IE7, social engineering, exploits, protection Key Message: Running Internet Explorer in Protected Mode Slide Builds: 4 Slide Script: Namely, it greatly reduces the attack surface by which many kinds of malware can enter a computer. Malware can install in two ways: by tricking users, or by exploiting vulnerabilities in the operating system or applications. Previous versions of Internet Explorer were the vehicle for multiple social engineering tricks and exploits. Among the improvements to Internet Explorer 7 is the new phishing filter. The Phishing Filter helps users identify malicious websites that might seek to extract personal information or install malware. The Phishing Filter uses heuristics, such as images hosted on another server or the use of IP address instead of domain names, to identify suspicious websites. It also checks sites against a list of known phishing sites. In addition, Internet Explorer 7 uses the address bar as a visual queue to convey information about the intent of a website: green for known good sites, yellow for suspicious sites, and red for known phishing sites. Slide Transition: Slide Comment: Additional Information:

14 Internet Explorer 7.0 Social Engineering Protections
Filtro anti-Phishing y barra de dirección URL con color Notificación de configuración peligrosa Seguridad por defecto en IDN Slide Title: Internet Explorer 7.0 Keywords: Internet Explorer 7.0, IE7, social engineering, exploits, protection Key Message: Running Internet Explorer in Protected Mode Slide Builds: 4 Slide Script: [BUILD1] Since Internet Explorer 7 adds support for International Domain Names in URLs, it also detects a variety of spoofing options for malicious actors. While might have been spoofed with a “1” instead of an “i,” replacing an “o” with an umlaut creates more options for attackers. Because of this, Internet Explorer 7 notifies you when visually similar characters in the URL are not expressed in the same language, thus protecting you against sites that could otherwise appear as known, trustworthy sites. Slide Transition: Slide Comment: Additional Information:

15 Internet Explorer 7.0 Protection from Exploits
Parsing de URL unificado Mejoras en calidad del código (SDLC) Slide Title: Internet Explorer 7.0 Keywords: Internet Explorer 7.0, IE7, social engineering, exploits, protection Key Message: Running Internet Explorer in Protected Mode Slide Builds: 4 Slide Script: [BUILD2] In addition to social engineering protections, Internet Explorer 7 provides greater protection from exploits. First, Unified URL Parsing means that the URL parsing capabilities in Internet Explorer 7 have been rewritten and unified as one. Slide Transition: Slide Comment: Additional Information:

16 Internet Explorer 7.0 Protection from Exploits
Parsing de URL unificado Mejoras en calidad del código (SDLC) Restricciones en ActiveX Slide Title: Internet Explorer 7.0 Keywords: Internet Explorer 7.0, IE7, social engineering, exploits, protection Key Message: Running Internet Explorer in Protected Mode Slide Builds: 4 Slide Script: [BUILD3] Another significant improvement with Internet Explorer 7 is the ability for ActiveX opt-in. Since Internet Explorer 6, we have been progressively tightening down freedoms we gave to ActiveX. Now, we require users to opt-in to use any pre-installed ActiveX control as well as new controls. Slide Transition: Slide Comment: Additional Information:

17 Internet Explorer 7.0 Protection from Exploits
Parsing de URL unificado Mejoras en la calidad del código (SDLC) Restricciones ActiveX “Protected Mode” para prevenir software malicioso Slide Title: Internet Explorer 7.0 Keywords: Internet Explorer 7.0, IE7, social engineering, exploits, protection Key Message: Running Internet Explorer in Protected Mode Slide Builds: 4 Slide Script: [BUILD4] Finally, Protected Mode in Internet Explorer 7 limits Internet Explorer to just enough privileges to browse the Web but not enough to modify user files or settings by default. As a result, even if a malicious site attacks a vulnerability in Internet Explorer, the site’s code will not have sufficient privileges to install software, copy files to the Startup folder, modify registry settings, or hijack the settings for the browser’s home page or search provider. Slide Transition: Malware has become a top concern in today’s computing environment. Slide Comment: Additional Information:

18 Protección avanzada contra Malware
HKLM Program Files Acceso Nivel Admin IE6 Install a driver and run Windows Update Exploit puede instalar malware Acceso Nivel Usuario HKCU My Documents Carpeta Startup Change settings, download a picture Exploit puede instalar malware Slide Title: Advanced Malware Protection Keywords: Internet Explorer, Malware protection, admin rights, user rights, temp internet files Key Message: Advanced malware protection over Internet Explorer 6. Slide Builds: 1 Slide Script: Users running Internet Explorer 6 with administrator right expose several ways for malware to exploit the system. Slide Transition: Slide Comment: Additional Information: Archivos Internet Temp Archivos varios y configuraciones Contenido Web en Cache

19 Protección avanzada contra Malware
HKLM Program Files Acceso Nivel Admin Internet Explorer Compact Redirector Control de Integridad IEAdmin Install an ActiveX control Acceso Nivel Usuario HKCU My Documents Carpeta Startup IEUser Change settings, save a picture Slide Title: Advanced Malware Protection Keywords: Internet Explorer, Malware protection, admin rights, user rights, temp internet files Key Message: Advanced malware protection over Internet Explorer 6. Slide Builds: 1 Slide Script: [BUILD1] With Windows Vista, there are several measures taken for advanced malware protection. These include Protected Mode in Internet Explorer 7, ActiveX Opt-in, and the new phishing filter, in addition to the new Windows Vista Firewall. Slide Transition: Internet Explorer 7 in Windows Vista offers two major security improvements. Slide Comment: Additional Information: Archivos Internet Temp Archivos varios y configuraciones Archivos y configuraciones redireccionadas

20 Controles deshabilitados por defecto
ActiveX Opt-in IE7 Slide Title: ActiveX Opt-in Keywords: Internet Explorer 7.0, ActiveX Opt-In, ActiveX Key Message: IE7 improves security with ActiveX Opt-In. Slide Builds: 2 Slide Script: The first one is ActiveX Opt-in. ActiveX Opt-in is one of the steps taken to ensure “secure by default” behavior. To reduce the attack surface, ActiveX Opt-in will automatically disable ActiveX controls that are rarely used or that were never intended to be invoked in Internet Explorer. ActiveX Opt-in is designed to give users more control over the software running on their PCs. Controls that users have installed through a web download or that have been used in Internet Explorer before upgrading to Internet Explorer 7 will be enabled by default. Slide Transition: Slide Comment: Additional Information: Controles deshabilitados por defecto

21 ActiveX Opt-in IE7 IE7 bloquea Control ActiveX
Slide Title: ActiveX Opt-in Keywords: Internet Explorer 7.0, ActiveX Opt-In, ActiveX Key Message: IE7 improves security with ActiveX Opt-In. Slide Builds: 2 Slide Script: [BUILD1] Users will also have the option to enable controls as needed using the same Information Bar they have used to install new controls since Windows XP SP2. Slide Transition: Slide Comment: Additional Information:

22 IE7 confirma instalación Control ActiveX habilitado
ActiveX Opt-in IE7 IE7 bloquea Control ActiveX Usuario concede permiso (opts-in) IE7 confirma instalación Control ActiveX habilitado Slide Title: ActiveX Opt-in Keywords: Internet Explorer 7.0, ActiveX Opt-In, ActiveX Key Message: IE7 improves security with ActiveX Opt-In. Slide Builds: 2 Slide Script: [BUILD2] Once the user has chosen to enable the ActiveX control, Internet Explorer 7 will confirm the install and then enable the control. While the final implementation is still being developed, the goal is a safer browsing experience for users with the add-ons they value already enabled. Slide Transition: The second major security improvement with Windows Vista is Internet Explorer Protected Mode. Slide Comment: Additional Information:

23 “Protected Mode” en IE7 Slide Title: Internet Explorer Protected Mode
Keywords: Internet Explorer, Protected Mode Key Message: Running Internet Explorer in Protected Mode Slide Builds: 1 Slide Script: Protected Mode offers users a powerful security enhancement by reducing the severity of threats faced by malicious attacks. Internet Explorer Protected Mode builds upon User Account Control to safeguard user data and settings even when you’re logged on as a standard user. When browsing the Web, even if you’re not an administrator, you have the ability to change your home page, to delete files in your My Documents folder, and to perform other similar operations. With Internet Explorer Protected Mode, we are making sure that an application or piece of malware can’t do those same things without your consent. Slide Transition: Slide Comment: Additional Information:

24 “Protected Mode” en IE7 C:\...\Temporary Internet Files C:\...\Startup
Slide Title: Internet Explorer Protected Mode Keywords: Internet Explorer, Protected Mode Key Message: Running Internet Explorer in Protected Mode Slide Builds: 1 Slide Script: [BUILD1] One way that we’ve done this is by allowing Internet Explorer to write only to the Temporary Internet Files folder and to no other location. So when you’re browsing the Web, a piece of malware can only write to the Temporary Internet Files folder; it can’t place a file in your Startup folder or change your home page or perform any similar operation without your explicit consent. This is done by running a broker process that has parts of Internet Explorer running with both low and high privileges. The broker process maintains communication between those two operations, so if you do want to save a Web page or install a control, with your consent, the broker process allows that to happen. Slide Transition: Internet Explorer 7 with Windows Vista provides dynamic protection against fraudulent websites. Slide Comment: Additional Information: C:\...\Temporary Internet Files C:\...\Startup

25 Compara sitio web con listado local de sitios legítimos conocidos
Filtro anti-Phishing Compara sitio web con listado local de sitios legítimos conocidos Slide Title: Phishing filter Keywords: Internet Explorer, IE7, Phishing filter Key Message: New phishing filter with IE7. Slide Builds: 4 Slide Script: This protection is provided by the phishing filter included with Internet Explorer 7. The Phishing Filter uses three methods to help protect users from phishing scams. First, it compares the addresses of websites visited against a large list of sites known to Microsoft as legitimate. This list of sites is stored on your computer. Slide Transition: Slide Comment: Additional Information:

26 Filtro anti-Phishing Compara sitio web con listado local de sitios legítimos conocidos Registra el sitio web para características comunes en sitios phishing Slide Title: Phishing filter Keywords: Internet Explorer, IE7, Phishing filter Key Message: New phishing filter with IE7. Slide Builds: 4 Slide Script: [BUILD1] Second, as websites are visited, the phishing filter uses special heuristics and scans the page for special characteristics common to a phishing website. This heuristics engine is also stored on your computer. Since attackers and attacks change frequently, these heuristics, as well as the list of legitimate sites, are continuously updated through a centralized, dynamically updated Microsoft service. The user has the choice to opt into the service. It has two modes: automatic or as needed, both of which will have Internet Explorer ask you if you want to send the website address to Microsoft to be checked. The dynamic service check allows the latest heuristics to be used and also provides instant access to an updated list of legitimate websites. Slide Transition: Slide Comment: Additional Information:

27 Filtro anti-Phishing Compara sitio web con listado local de sitios legítimos conocidos Registra el sitio web para características comunes en sitios phishing Valida el sitio con el servicio en línea Microsoft de sitios phishing reportados Slide Title: Phishing filter Keywords: Internet Explorer, IE7, Phishing filter Key Message: New phishing filter with IE7. Slide Builds: 4 Slide Script: [BUILD2] Finally, through the service, the site is checked against a live list of known phishing sites. This live list is highly dynamic and becomes out-of-date within hours, making it more efficient for you to access through the internet. This list is not stored on your computer in order to save space and processing time. Slide Transition: Slide Comment: Additional Information:

28 Filtro anti-Phishing Slide Title: Phishing filter
Keywords: Internet Explorer, IE7, Phishing filter Key Message: New phishing filter with IE7. Slide Builds: 4 Slide Script: [BUILD3] The Phishing Filter will work in the background until the user visits a website on the list of reported phishing sites. When this happens, Internet Explorer will display a warning web page and a red notification shield on the address bar at the top of the browser. From the warning web page, you can continue or close the page. Slide Transition: Slide Comment: Additional Information:

29 Filtro anti-Phishing Slide Title: Phishing filter
Keywords: Internet Explorer, IE7, Phishing filter Key Message: New phishing filter with IE7. Slide Builds: 4 Slide Script: [BUILD4] If the website contains characteristics common to a phishing site as determined by the special heuristics, Internet Explorer will notify you in the address bar through a yellow notification shield that it is a suspicious phishing website and that you should take appropriate action. You can click the notification for more information. Microsoft will be using many data sources to make sure the Phishing Filter is accurate; however, mistakes do happen. You, as a consumer, can also provide feedback to Microsoft when using the Phishing Filter. You can submit through our online feedback system websites you feel Microsoft may have missed or may have mistakenly classified as a phishing website. Slide Transition: Even with all the improvements to Internet Explorer 7, enabling Windows Vista Firewall is an important step in securing your system. Slide Comment: Additional Information:

30 Firewall en Windows Vista
Slide Title: Windows Vista Firewall Keywords: Windows Firewall, Windows Firewall with Advanced Security, IPSec Key Message: Introduce the new Windows Firewall and IPSec integration. Slide Builds: 2 Slide Script: If your computer is not protected when you connect to the Internet, attackers can gain access to personal information on your computer. These attackers can install code on your computer that destroys files or causes malfunctions. They can also use your computer to cause problems on other home and business computers connected to the Internet. A firewall helps to screen out many kinds of malicious Internet traffic before it reaches your system. Slide Transition: Slide Comment: Additional Information:

31 Firewall en Windows Vista
IPSec Slide Title: Windows Vista Firewall Keywords: Windows Firewall, Windows Firewall with Advanced Security, IPSec Key Message: Introduce the new Windows Firewall and IPSec integration. Slide Builds: 2 Slide Script: [BUILD1] One of the new features with the Windows Firewall with Windows Vista is its integration with IP Security. IP Security, commonly called IPSec, is a suite of IP protocols used to provide secure communication. IPSec policies and filters distributed by Group Policy provide authorization for authenticated users and computers. IPSec provides the ability to protect communication between workgroups, local area network computers, domain clients and servers, branch offices, extranets, and roving clients. Although support for IPSec is built into Windows 2000 and later, in Windows XP and Windows Server 2003, Windows Firewall and IPSec are configured separately. While the purpose of Windows Firewall was to block or allow incoming traffic, IPSec could also be configured to block or allow incoming traffic. Because blocking and allowing traffic behavior for incoming traffic could be configured through two different, separate services, it was possible to have duplicate or contradictory settings. In addition, Windows Firewall and IPSec supported different configuration options for specifying allowed incoming traffic. For example, Windows Firewall allowed exceptions by specifying the application name, but IPSec did not. IPSec allowed exceptions based on an IP protocol number, and Windows Firewall did not. Slide Transition: Slide Comment: Additional Information:

32 Firewall en Windows Vista
Slide Title: Windows Vista Firewall Keywords: Windows Firewall, Windows Firewall with Advanced Security, IPSec Key Message: Introduce the new Windows Firewall and IPSec integration. Slide Builds: 2 Slide Script: [BUILD2] In Windows Vista, the Windows Firewall and IPSec have been combined into a single configurable tool with the new Windows Firewall with Advanced Security snap-in, which now controls blocking and allowing of inbound and outbound traffic, in addition to protecting traffic with IPSec. Commands within the netsh advfirewall context can be used for command-line configuration of both firewall and IPSec behavior. The integration of Windows Firewall with IPSec provides computers running Windows Vista with an authenticating firewall. Another improvement with the new Windows Firewall are the more intelligent firewall rules. Now, administrators can specify security requirements such as authentication and encryption. Also, Active Directory computer and user groups can be specified. Enterprise management can benefit from the addition of outbound filtering in the Windows Firewall. Previously, only inbound communications were filtered. Outbound filtering can improve business productivity. For example, an administrator can block sharing through a peer-to-peer application that you don’t want communicating in your network. In addition, if an application has a known vulnerability and there is no patch available, you can set up a rule that allows that application to be used, but not communicate outbound in the network. Slide Transition: Now let’s look at how to use these tools to configure the Windows Vista Firewall. Slide Comment: Additional Information:

33 Configuración del Firewall de Windows
Configuración de “Computer Connection Security” Configuración de una excepción Inbound Slide Title: Demonstration: Configuring the Windows Firewall Keywords: Windows Firewall, demonstration, Windows Firewall with Advanced Security Key Message: Demonstration Slide Builds: 0 Slide Script: In this demonstration, we will add the Windows Firewall with Advanced Security snap-in to the MMC, and then use it to review the new interface and configure firewall settings. Slide Transition: Another facet of threat and vulnerability mitigation is improvements to Windows Defender. Slide Comment: Additional Information:

34 Windows Defender Slide Title: Windows Defender
Keywords: Windows Defender, spyware Key Message: Windows Defender has been improved to prevent spyware. Slide Builds: 3 Slide Script: Windows Defender replaces Microsoft Windows Client Protection. Windows Defender is a security technology that helps protect you from spyware and other potentially unwanted software. Spyware is a general term used for software that performs certain behaviors, such as advertising, collecting personal information, or changing the configuration of your computer, generally without appropriately obtaining your consent. With Windows Defender, known spyware on your computer can be detected and removed. This helps reduce negative effects caused by spyware, including slow computer performance, annoying pop-up ads, unwanted changes to Internet settings, and unauthorized use of your private information. This enhanced protection improves Internet browsing safety by helping to guard the places where spyware can enter your computer. Windows Defender, included with Windows Vista, offers additional performance and security enhancements. Slide Transition: Slide Comment: Additional Information:

35 Windows Defender Detección y remoción mejoradas
Slide Title: Windows Defender Keywords: Windows Defender, spyware Key Message: Windows Defender has been improved to prevent spyware. Slide Builds: 3 Slide Script: [BUILD1] Based on a new engine, Windows Defender is able to detect and remove more threats posed by spyware and other potentially unwanted software. Real-time protection, which helps prevent unwanted software from being installed, has also been enhanced to better monitor critical points in the operating system for changes. Slide Transition: Slide Comment: Additional Information:

36 Windows Defender Detección y remoción mejoradas
Interfaz de usuario rediseñada y simplificada Slide Title: Windows Defender Keywords: Windows Defender, spyware Key Message: Windows Defender has been improved to prevent spyware. Slide Builds: 3 Slide Script: [BUILD2] The Windows Defender user interface has been redesigned to make common tasks such as scanning and removal easier to accomplish, and offers a warning system that adapts alert levels according to the severity of a threat. A critical aspect of any antispyware solution is the ability to determine which programs are truly unwanted, which is compounded by the continual distribution of new spyware and other unwanted software. With Windows Client Protection, the worldwide SpyNet community plays a key role in determining which suspicious programs are classified as spyware. SpyNet is a voluntary network of users that helps uncover new threats quickly to ensure that all users are better protected. Any user can choose to join SpyNet and report potential spyware to Microsoft. Slide Transition: Slide Comment: Additional Information:

37 Windows Defender Detección y remoción mejoradas
Interfaz de usuario rediseñada y simplificada Protección para todos los usuarios Slide Title: Windows Defender Keywords: Windows Defender, spyware Key Message: Windows Defender has been improved to prevent spyware. Slide Builds: 3 Slide Script: [BUILD3] Another improvement with Windows Defender is it can now be run by all users on a computer with or without administrative privileges. This ensures that all users on a computer are protected by Windows Defender. In addition, Windows Defender now has a new streamlined, task-oriented user-interface that’s easier to read and has fewer notifications. Slide Transition: Network Access Protection, or NAP, is a new set of technologies built into Windows Vista and Windows Server “Longhorn” that will make it easier for IT administrators to require compliance with health policies in order to access the corporate network. Slide Comment: Additional Information:

38 Network Access Protection
Windows Vista Client Slide Title: Network Access Protection Keywords: Network Access Protection, NAP, NPS, Network Policy Server, health certificate, health policies Key Message: Network Access Protection requires compliance with health policies. Slide Builds: 5 Slide Script: NAP functions on four levels: It validates compliance to policy; it restricts access-based compliance to policy; it remediates as necessary; and it grants access accordingly. NAP ensures the client’s ongoing compliance to policy. The NAP platform functions in real time. It recognizes, quarantines, and remediates threats before they can even pose a problem for the network. The process of NAP begins with a client attempting to access the network. Slide Transition: Slide Comment: Additional Information:

39 Network Access Protection
Windows Vista Client DHCP, VPN Switch/Router Slide Title: Network Access Protection Keywords: Network Access Protection, NAP, NPS, Network Policy Server, health certificate, health policies Key Message: Network Access Protection requires compliance with health policies. Slide Builds: 5 Slide Script: [BUILD1] When this client requests access to the network, it must present its current health status. Slide Transition: Slide Comment: Additional Information:

40 Network Access Protection
Windows Vista Client MSFT Network Policy Server DHCP, VPN Switch/Router Slide Title: Network Access Protection Keywords: Network Access Protection, NAP, NPS, Network Policy Server, health certificate, health policies Key Message: Network Access Protection requires compliance with health policies. Slide Builds: 5 Slide Script: [BUILD2] Then, the DHCP, VPN, or Switch Router relays the client’s health status to a Network Policy Server, or NPS. Slide Transition: Slide Comment: Additional Information:

41 Network Access Protection
Policy Servers Windows Vista Client MSFT Network Policy Server DHCP, VPN Switch/Router Slide Title: Network Access Protection Keywords: Network Access Protection, NAP, NPS, Network Policy Server, health certificate, health policies Key Message: Network Access Protection requires compliance with health policies. Slide Builds: 5 Slide Script: [BUILD3] The NPS will then validate the health status against IT-defined health policies. Slide Transition: Slide Comment: Additional Information:

42 Network Access Protection
Policy Servers Windows Vista Client MSFT Network Policy Server DHCP, VPN Switch/Router Corporate Network Slide Title: Network Access Protection Keywords: Network Access Protection, NAP, NPS, Network Policy Server, health certificate, health policies Key Message: Network Access Protection requires compliance with health policies. Slide Builds: 5 Slide Script: [BUILD4] If the client is policy-compliant, it’s given immediate access to the corporate network. Slide Transition: Slide Comment: Additional Information:

43 Network Access Protection
Policy Servers Windows Vista Client MSFT Network Policy Server Fix Up Servers DHCP, VPN Switch/Router Corporate Network Slide Title: Network Access Protection Keywords: Network Access Protection, NAP, NPS, Network Policy Server, health certificate, health policies Key Message: Network Access Protection requires compliance with health policies. Slide Builds: 5 Slide Script: [BUILD5] Clients who do not meet the health requirements will be blocked from accessing the network. Instead, they are given access to remediation servers, which contain resources to make the client policy-compliant. This process ensures that only healthy systems connect with the corporate network. Enforcement of NAP can be accomplishing through DHCP, VPN, IPSec, or 802.1X, which allows organizations to design and scope the deployment to suit unique business requirements. The policies can be configured specific to the risks and threat levels faced by each organization. NAP also provides increased business value. The NAP platform integrates with Active Directory, SMS, Security Center, Microsoft Update, and Windows Update. In addition, Microsoft has made Network Access Protection an open platform for the industry. Our partners have announced support of the NAP platform in their product lines, which responds to our common customers’ requirements to provide a multi-vendor, interoperable, end-to-end solution. The Network Access Protection platform fits in with the greater Microsoft goal of making your business more secure while remaining conscious of your business’ bottom line. Slide Transition: Policy-driven access, seamless product integration, rich management and reporting, and broad industry support adds up to a network access solution that is more secure and powerful. Slide Comment: Additional Information:

44 Agenda Conceptos fundamentales de seguridad
Mitigación de amenazas y de vulnerabilidades Control de identidades y de acceso Protección de la información del sistema Slide Title: Agenda: Controlling Identity and Access Keywords: Agenda Key Message: Agenda Slide Builds: 0 Slide Script: We’ve explored the steps taken with Windows Vista to ensure threat and vulnerability mitigation. Now let’s take a look at some of the improvements to identity and access control. Slide Transition: Several challenges exist now with regards to identity and access control. Slide Comment: Additional Information:

45 Desafíos actuales Slide Title: Current Challenges
Keywords: Current Challenges, admin users Key Message: Introduce User Account Control Slide Builds: 2 Slide Script: First, with many users operating with administrative privileges, desktops are not being managed correctly. Viruses and spyware can damage the system while users are operating with these elevated privileges. Also, enterprise users operating with elevated privileges can compromise the corporation. Inexperienced users can also make changes that require reimaging the computer to undo them. Slide Transition: Slide Comment: Additional Information:

46 Desafíos actuales Slide Title: Current Challenges
Keywords: Current Challenges, admin users Key Message: Introduce User Account Control Slide Builds: 2 Slide Script: [BUILD1] While this problem can be fixed by taking away administrative privileges from users, it can result in loss of productivity. Many line-of-business applications require elevated privileges to run, so without administrative privileges, these applications won’t work. With each new operating system release, IT administrators must reevaluate these applications for compatibility issues due to inconsistent configuration settings between the operating systems. Slide Transition: Slide Comment: Additional Information:

47 Desafíos actuales Slide Title: Current Challenges
Keywords: Current Challenges, admin users Key Message: Introduce User Account Control Slide Builds: 2 Slide Script: [BUILD2] Along with line-of-business applications requiring elevated privileges, many common operating system configuration tasks also require elevated privileges. For example, without administrative privileges, users are not able to change the time zone on their computers. Slide Transition: One of the new features in Windows Vista designed to tackle some of these challenges is User Account Control. Slide Comment: Additional Information:

48 User Account Control Permite al sistema correr como un usuario estándar Permite seleccionar aplicaciones para correr en un contexto elevado Slide Title: User Account Control Keywords: User Account Control, privileges, elevated privileges, application compatibility Key Message: Introduce User Account Control Slide Builds: 2 Slide Script: User Account Control allows the systems to run as a standard user. Also, users can run select applications in an elevated context. This means that when a standard user tries to do something that requires administrator privileges, when he or she starts that application or does something that requires elevated privileges, he or she will be prompted for administrative credentials. Slide Transition: Slide Comment: Additional Information:

49 User Account Control Permite al sistema correr como un usuario estándar Permite seleccionar aplicaciones para correr en un contexto elevado Repara o remueve validaciones administrativas inapropiadas Slide Title: User Account Control Keywords: User Account Control, privileges, elevated privileges, application compatibility Key Message: Introduce User Account Control Slide Builds: 2 Slide Script: [BUILD1] If, on the other hand, the user is a member of the local administrators group, he or she will still be prompted for consent. In this way, we are making sure that applications and malware do not use your administrative privileges without your explicit consent, and as you will see in a moment, these prompts and dialog boxes make it very clear to the user when he or she is about to take an action that has system-wide impact. Slide Transition: Slide Comment: Additional Information:

50 User Account Control Permite al sistema correr como un usuario estándar Permite seleccionar aplicaciones para correr en un contexto elevado Repara o remueve validaciones administrativas inapropiadas Slide Title: User Account Control Keywords: User Account Control, privileges, elevated privileges, application compatibility Key Message: Introduce User Account Control Slide Builds: 2 Slide Script: [BUILD2] Another new feature of User Account Control involves application compatibility. Many applications currently fail under Windows XP if they are not running with administrator privileges, because they attempt to write to restricted places that have system-wide impact, such as the Program Files folder or the HKEY LOCAL MACHINE registry key. With file virtualization and registry redirection, writes to those areas will be redirected to a per-user location, as we’ll see in the next demonstration. Slide Transition: Actions that require elevated privilege or user consent are indicated by a shield icon. Slide Comment: Additional Information: Virtualización del Registry y de archivos proveen compatibilidad

51 Ejemplo User Account Control
Slide Title: User Account Control Sample Keywords: User Account Control, elevated privileges, permissions Key Message: Running programs with elevated permissions Slide Builds: 1 Slide Script: The shield icon appears next to any task requiring elevated permissions. For example, a user accessing Advanced System Settings, Hardware, Backup and Restore, or Change Settings will be prompted for administrative credentials. On the other hand, administrator accounts will be prompted for permission to allow the program to run. Slide Transition: Slide Comment: Additional Information:

52 Ejemplo User Account Control
Slide Title: User Account Control Sample Keywords: User Account Control, elevated privileges, permissions Key Message: Running programs with elevated permissions Slide Builds: 1 Slide Script: [BUILD1] As you work through the various user interfaces for advanced options, for example, Windows Vista will continue to prompt you for permission to run any application or system component that requires elevated permissions. Slide Transition: Let’s look at some other instances where you might see elevation prompts. Slide Comment: Additional Information:

53 Privilegios Elevados Slide Title: Elevation Privileges
Keywords: User Account Control, elevated privileges Key Message: Logging on with administrative permissions Slide Builds: 0 Slide Script: If you are logged on as a standard user and attempt to run the Disk Cleanup Wizard, you will be prompted to select the account to use that will allow this elevated privilege. Slide Transition: Again, if you are already logged on with an account that has administrative rights, you will still be prompted for consent when you try to perform actions that may have system-wide impact, although you will not need to provide additional credentials. Slide Comment: Additional Information:

54 Consent Prompts Operating System Application Signed Application
Unsigned Application Slide Title: Consent Prompts Keywords: User Account Control, consent prompts, privileges Key Message: Administrator permission dialog boxes Slide Builds: 0 Slide Script: For example, when logged on as the administrator, you may see a dialog box asking for permission to run a known system utility. Another dialog box may recognize, for example, Adobe Photoshop as a signed, trusted application. A third dialog box may ask your permission to run an application called getrichquick.exe. Different colors are displayed for each level of trust. This is meant to keep users from just automatically clicking Allow whenever the dialog box appears. Slide Transition: Now let’s see the effects of UAP on our Windows Vista system. Slide Comment: Additional Information:

55 Revisión de User Account Control
Uso de Windows Vista como un usuario estándar Personalizar User Account Control Slide Title: Demonstration: Reviewing User Account Control Keywords: demonstration, User Account Control Key Message: Demonstration Slide Builds: 0 Slide Script: In this demonstration, we will review how Windows Vista has improved the user experience for standard users through elevated privilege prompts and application compatibility. We will also look at how consent prompts appear for users with administrative privileges. Slide Transition: Windows Vista's auditing capabilities make it easier to track what users do. Slide Comment: Additional Information:

56 Uso de Privilegios Administrativos
Auditoría mejorada Categoria Principal Logon/ Logoff Acceso al File System Acceso al Registry Uso de Privilegios Administrativos Slide Title: Improved Auditing Keywords: Auditing, Logging Key Message: Logging and Auditing in Windows Vista is improved. Slide Builds: 1 Slide Script: Auditing in Windows Vista provides more granularity. Auditing categories now include multiple subcategories, such as logon, logoff, file system access, registry access, and use of administrative privilege, thus reducing the number of irrelevant events. Slide Transition: Slide Comment: Additional Information:

57 Auditoría mejorada Categoria Principal
Logon/ Logoff Acceso al File System Acceso al Registry Uso de Privilegios Administrativos Slide Title: Improved Auditing Keywords: Auditing, Logging Key Message: Logging and Auditing in Windows Vista is improved. Slide Builds: 1 Slide Script: [BUILD1] Windows Vista provides a new logging infrastructure. It is easier to filter through the logs and find the event you’re looking for. Tasks can also be tied to specific events with the Task Scheduler. For example, when an event, such as administrative privilege use, occurs, an can be sent automatically to an auditor. In addition, integrated audit event forwarding collects and forwards critical audit data to a central location, enabling enterprises to better organize and analyze audit data. Slide Transition: Another infrastructure change is improvements to the authentication process. Slide Comment: Additional Information: Nueva Infraestructura de Registro (Log)

58 Mejoras en autenticación
Winlogon GINA.dll Slide Title: Authentication Improvements Keywords: Winlogon, GINA, authentication Key Message: GINA dlls are ignored with Windows Vista. Slide Builds: 1 Slide Script: There are a number of other core security infrastructure upgrades to be aware of in Windows Vista. First, the Graphical Identification and Authentication credential input extension model has been deprecated in favor of a more simple and straightforward credential provider model. With previous versions of Windows, the GINA operates in the context of the Winlogon process; therefore, the GINA DLL is loaded early in the boot process. The GINA DLL must follow rules so that the integrity of the system is maintained, particularly with respect to interaction with the user. The purpose of a GINA DLL is to provide customizable user identification and authentication procedures. The default GINA does this by delegating SAS event monitoring to Winlogon, which receives and processes CTL+ALT+DEL secure attention sequences. Slide Transition: Slide Comment: Additional Information:

59 Mejoras en autenticación
Winlogon Slide Title: Authentication Improvements Keywords: Winlogon, GINA, authentication Key Message: GINA dlls are ignored with Windows Vista. Slide Builds: 1 Slide Script: [BUILD1] Window Vista ignores GINA DLLs. The new authentication model allows vendors to write credential providers with ease compared to writing a GINA. Previously, there could only be one GINA on a system, which sometimes made deployment difficult and limited the flexibility of the system. Windows Vista now enables you to have multiple providers and select a particular one as the default. For example, you can easily deploy a multifactor authentication credential provider method without overwriting a default single-factor authentication provider. To add a provider, all you need to do is to put registration information for the DLL in the registry and export the entry points for the credential provider APIs. Slide Transition: We have also enhanced the overall user experience by providing Plug and Play support for many Smartcard readers. Slide Comment: Additional Information:

60 Soporte a Smartcard “Plug and Play”
Slide Title: Plug and Play Smartcard Support Keywords: Plug and Play Smartcard Key Message: Simplified plug and play smartcard support. Slide Builds: 1 Slide Script: Typically, in earlier versions of Windows, you had to pick a Smartcard and Smartcard reader, and then load a specialized certificate service provider onto the computer, and perhaps special drivers for the reader. Slide Transition: Slide Comment: Additional Information:

61 Soporte a Smartcard “Plug and Play”
Slide Title: Plug and Play Smartcard Support Keywords: Plug and Play Smartcard Key Message: Simplified plug and play smartcard support. Slide Builds: 1 Slide Script: [BUILD1] With Plug and Play in Windows Vista, the goal is for you to simply plug your Smartcard reader into your computer, insert your Smartcard, type your PIN number for the Smartcard, and then quickly log on to your network or make your VPN connection. Slide Transition: Other security changes involve more integrated control. Slide Comment: Additional Information:

62 Control integrado Control sobre instalación de dispositivo removible
Slide Title: Integrated Control Keywords: device installation, restart manager, security center Key Message: Advanced security control Slide Builds: 2 Slide Script: First, we’ve addressed one of our top customer requests, which is giving you control over removable device installation. This addresses the concern of users taking corporate intellectual property away on a USB flash device. In high-security environments, this is a critical request. In Windows Vista, you have the ability to control what devices can be installed, so you’ll be able to set policies that allow mouse devices and keyboards to be installed but no other type of removable devices, such as a USB drive. We’ll see this in the final demonstration of the session in a few moments. Slide Transition: Slide Comment: Additional Information:

63 Control integrado Control sobre instalación de dispositivo removible
Restart Manager Slide Title: Integrated Control Keywords: device installation, restart manager, security center Key Message: Advanced security control Slide Builds: 2 Slide Script: [BUILD1] Another new technology in Windows Vista is the Restart Manager. The intent of Restart Manager is to significantly reduce the number of patches that require a system reboot. For example, when you download and begin to install a patch, Restart Manager will look at the patch and identify any processes that are holding a DLL, or services that are using that DLL, and will be able to proactively stop these services, allow the patch to be deployed, and then restart the services. The design goal is to reduce patch-related reboots by at least 50 percent. Slide Transition: Slide Comment: Additional Information:

64 Control integrado Control over removable device installation
Restart Manager Mejoras en Security Center Slide Title: Integrated Control Keywords: device installation, restart manager, security center Key Message: Advanced security control Slide Builds: 2 Slide Script: [BUILD2] From a Security Center standpoint, we’ve added features to provide more visibility and also added anti-malware software status to the Security Center. This supports both Microsoft Anti-Spyware as well as third-party products. Slide Transition: Now we will look at how you can manage control over removable device installation. Slide Comment: Additional Information:

65 Bloqueo de dispositivos no autorizados
Bloqueo de un dispositivo de memoria USB Slide Title: Demonstration: Blocking Unauthorized Devices Keywords: demonstration, USB, device installation Key Message: Demonstration Slide Builds: 0 Slide Script: In this demonstration, we will show how you can configure the local computer policy to restrict the installation of a USB flash drive. Slide Transition: Let’s move on to the final agenda item. Slide Comment: Additional Information:

66 Agenda Conceptos fundamentales de seguridad
Mitigación de amenazas y de vulnerabilidades Control de identidades y de acceso Protección de la información del sistema Slide Title: Agenda: Protecting System Information Keywords: Agenda Key Message: Agenda Slide Builds: 0 Slide Script: One of the main reasons for identity and access control is information protection. Let’s explore safeguards in Windows Vista that protect your information. Slide Transition: In our ever-expanding world of technology, information is easily available. Slide Comment: Additional Information:

67 Fuga de Información Infección por Virus 20% 22% 35% 36% 63% Forward no deseado de s Pérdida de dispositivos móviles Password comprometido Piratería por Pérdida de activos digitales, restaurados 0% 10% 20% 30% 40% 50% 60% 70% “Después de las infecciones por virus, los negocios reportan el forward no deseado de s y la pérdida de dispositivos móviles con mayor frecuencia que cualquier otro problema relacionado con seguridad” Jupiter Research Report, 2004 Slide Title: Information Leakage Keywords: information protection, information leakage Key Message: Three levels of data protection Slide Builds: 1 Slide Script: However, not all this information is something we want to share. Personal information needs to be protected. In addition, business decision makers have to take all the precautions necessary to ensure business-sensitive information is kept confidential. Slide Transition: Slide Comment: Additional Information:

68 Fuga de Información Infección por Virus 20% 22% 35% 36% 63% Forward no deseado de s Pérdida de dispositivos móviles Password comprometido Piratería por Pérdida de activos digitales, restaurados 0% 10% 20% 30% 40% 50% 60% 70% “Después de las infecciones por virus, los negocios reportan el forward no deseado de s y la pérdida de dispositivos móviles con mayor frecuencia que cualquier otro problema relacionado con seguridad” Jupiter Research Report, 2004 Slide Title: Information Leakage Keywords: information protection, information leakage Key Message: Three levels of data protection Slide Builds: 1 Slide Script: [BUILD1] A recent research study by Jupiter Media found that the inadvertent forwarding of s to unintended recipients and the loss of mobile devices containing sensitive information or intellectual property are 2 of the top 3 security breach concerns facing business decision makers. Slide Transition: Windows Vista has an integrated rights management client that allows you to control the flow of your intellectual property and define who can actually view it. Slide Comment: Additional Information:

69 Protección de Datos en Vista
Definición de Políticas & Refuerzo Rights Management Services Slide Title: Windows Vista Data Protection Keywords: Rights Management Services, Encrypted File System, Bitlocker Drive Encryption, data protection Key Message: Three levels of data protection Slide Builds: 2 Slide Script: With rights management services, you can set policy rules on documents and ensure that those documents are viewable only by those to whom you’ve granted permission. RMS works with specific productivity applications that have been written to integrate with this security feature, such as Microsoft Office 2003 and Office 2007. Slide Transition: Slide Comment: Additional Information:

70 Protección de Datos en Vista
Definición de Políticas & Refuerzo Rights Management Services Encripción del FS Basado en el Usuario Encrypted File System Slide Title: Windows Vista Data Protection Keywords: Rights Management Services, Encrypted File System, Bitlocker Drive Encryption, data protection Key Message: Three levels of data protection Slide Builds: 2 Slide Script: [BUILD1] Next, we have user-based file encryption with the Encrypted File System, or EFS, which has been in Windows since Windows You might use EFS if you have a computer that has multiple users and you want to encrypt that data at the per-user level to keep one user from accessing another user’s data. In Windows Vista, there are several EFS enhancements, including the ability to store your EFS keys on a Smartcard, as well as the ability, in conjunction with Windows Server “Longhorn,” to copy EFS-protected data to a Windows Server “Longhorn” file server and have that file stay encrypted end to end. Slide Transition: Slide Comment: Additional Information:

71 Protección de Datos en Vista
Definición de Políticas & Refuerzo Rights Management Services Encripción del FS Basado en el Usuario Encrypted File System Slide Title: Windows Vista Data Protection Keywords: Rights Management Services, Encrypted File System, Bitlocker Drive Encryption, data protection Key Message: Three levels of data protection Slide Builds: 2 Slide Script: [BUILD2] The third thing that we’ve done from a data-protection standpoint is give you the ability to perform drive-level encryption. BitLocker Drive Encryption is an integral new security feature in Windows Vista that provides complete offline data and operating system protection for your computer. BitLocker ensures that data stored on a computer is not revealed if the computer is tampered with when the installed operating system is offline. This helps protect your data from theft or unauthorized viewing by encrypting the entire Windows volume. Slide Transition: Another way that data is protected at the computer level is through BitLocker Drive Encryption. Slide Comment: Additional Information: Encripción al Nivel del Dispositivo BitLocker Drive Encryption

72 Encripción de disco - BitLocker
Protección mejorada de datos con encripción total del disco Usabilidad con protección escalable Capacidad de implantación a nivel empresarial Resiste intento de acceder al sistema Offline Reasignación, decomisión de hardware sin preocupaciones Características integradas de recuperación de desastres Slide Title: BitLocker Drive Encryption Keywords: BitLocker Drive Encryption, security Key Message: Introduce Bitlocker Slide Builds: 2 Slide Script: BitLocker Drive Encryption is a data-protection feature available in Windows Vista Enterprise and Windows Vista Ultimate editions for client computers and in Windows Server "Longhorn.” BitLocker is a response by Microsoft to one of our top customer requests: Address the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned PC hardware with a tightly integrated solution in the Windows operating system. BitLocker prevents a thief who boots another operating system or runs a software hacking tool from breaking Windows Vista file and system protections or performing offline viewing of the files stored on the protected drive. BitLocker enhances data protection by bringing together two major sub-functions: system volume encryption and checking the integrity of early-boot components. Drive encryption protects data by preventing unauthorized users from breaking Windows file and system protection on lost or stolen computers. The entire system volume is encrypted, including the swap and hibernation files. Checking the integrity of early-boot components helps to ensure that data decryption is performed only if those components appear tamper-free and that the encrypted drive is located in the original computer. BitLocker offers the option to lock the normal boot process until the user supplies a PIN, much like an ATM card PIN, or inserts a USB flash drive that contains keying material. These added security measures provide multifactor authentication and assurance that the computer will not boot or resume from hibernation until the correct PIN or USB flash drive is presented. Finally, BitLocker provides enhanced recovery options. BitLocker has a disaster recovery console integrated into the early boot components to provide for data retrieval. In the default setting, BitLocker requires no user actions, and even activation itself can be done remotely and automatically. By being tightly integrated with Windows Vista, BitLocker provides a seamless, secure, and easily manageable data protection solution for the enterprise. For example, BitLocker optionally leverages an enterprise’s existing Active Directory Domain Services infrastructure to remotely escrow recovery keys. Based upon policy, BitLocker can also be set to back up keys and passwords onto a USB dongle or to a file location. A recovery password should also be set by the administrator so that Windows operation can continue as normal. Slide Transition: Slide Comment: Additional Information:

73 Encripción de disco - BitLocker
Slide Title: BitLocker Drive Encryption Keywords: BitLocker Drive Encryption, security Key Message: Introduce Bitlocker Slide Builds: 2 Slide Script: [BUILD1] With Windows XP, on a dual-boot system with the volume protected by BitLocker, you will be prompted to format the drive. Slide Transition: Slide Comment: Additional Information:

74 Encripción de disco - BitLocker
Slide Title: BitLocker Drive Encryption Keywords: BitLocker Drive Encryption, security Key Message: Introduce Bitlocker Slide Builds: 2 Slide Script: [BUILD2] Now, with Windows Vista, you will be denied access. Slide Transition: BitLocker uses a Trusted Platform Module, or TPM, to provide enhanced protection for your data and to assure early boot component integrity. Slide Comment: Additional Information:

75 Módulo de Plataforma Confiable
Slide Title: Trusted Platform Module Keywords: Trusted Platform Module, TPM Key Message: What is a Trusted Platform Module? Slide Builds: 1 Slide Script: This helps protect your data from theft or unauthorized viewing by encrypting the entire Windows volume. BitLocker Drive Encryption is designed to offer a smooth user experience with systems that have a compatible TPM microchip and BIOS. A compatible TPM is defined as a version 1.2 TPM with any appropriate BIOS modifications required to support the Static Root of Trust Measurement as defined by the Trusted Computing Group. The TPM interacts with BitLocker Drive Encryption to help provide seamless protection at system start-up. The TPM helps protect secrets and provides another chain of trust for keys and credentials. A TPM is a microcontroller that stores keys, passwords, and digital certificates. Normally, it is attached to the motherboard; however, it can be used in any computing device that requires its functions. TPM specifications require cryptographic algorithms: RSA, SHA-1, and HMAC. The TPM provides secure storage and key generation capabilities, similar to other hardware authentication devices, so it can be used to create or store both user and platform identity credentials for use in authentication. The TPM can also protect and authenticate user passwords, thereby providing an effective solution integrating strong, multifactor authentication directly into the computing platform. With the addition of complementary technologies, such as Smartcards, tokens, and biometrics, the TPM enables true computer and user authentication. Slide Transition: Slide Comment: Additional Information: https://www.trustedcomputinggroup.org/groups/tpm/

76 Módulo de Plataforma Confiable
Encrypted Data Encrypted Volume Key Encrypted Full Volume Encryption Key Cleartext Data TPM Slide Title: Trusted Platform Module Keywords: Trusted Platform Module, TPM Key Message: What is a Trusted Platform Module? Slide Builds: 1 Slide Script: [BUILD1] BitLocker-enabled systems using TPM-only authentication can be used just like any other system. After starting Windows, users are prompted for their domain user name and password, which is a normal logon experience. Unless informed about the feature, users will not be aware that there is an extra level of protection on their computers. Slide Transition: Customers have several choices of how to deploy BitLocker, with a range of ease of use versus security choices. Slide Comment: Additional Information: https://www.trustedcomputinggroup.org/groups/tpm/ Volume Master Key Full Volume Encryption Key

77 Espectro de Protección
Solo TPM Facilidad de Uso Slide Title: Spectrum of Protection Keywords: Trusted Platform Module, TPM, Dongle, Bitlocker Key Message: Ways to deploy Bitlocker. Slide Builds: 3 Slide Script: From an ease-of-use standpoint, the TPM-only solution is completely transparent to the user. There is no special user interaction necessary in this mode, because the decryption key is released if the operating system hasn’t been tampered with, based on operating system measurements that are stored in the TPM chip. Slide Transition: Slide Comment: Additional Information: https://www.trustedcomputinggroup.org/groups/tpm/ Seguridad

78 Espectro de Protección
Solo TPM Facilidad de Uso Solo Dongle Slide Title: Spectrum of Protection Keywords: Trusted Platform Module, TPM, Dongle, Bitlocker Key Message: Ways to deploy Bitlocker. Slide Builds: 3 Slide Script: [BUILD1] If you want to deploy BitLocker to a computer without a TPM chip, the dongle-only solution is the only choice. The key to decrypt the volume is stored on a USB flash device with this deployment method. The user has to plug in the USB dongle each time the computer is booted, so ease of use isn’t as good as with the TPM. The major downside to this deployment method is that it’s reliant on human behavior. If the user leaves the USB flash drive with the decryption key in his or her laptop bag and a thief gets the laptop bag, this person can decrypt the user’s data. With this deployment method, the user needs to keep the USB flash device separate from the portable computer, for example, on a keychain. Slide Transition: Slide Comment: Additional Information: https://www.trustedcomputinggroup.org/groups/tpm/ Seguridad

79 Espectro de Protección
Solo TPM Facilidad de Uso Solo Dongle ******* TPM & PIN Slide Title: Spectrum of Protection Keywords: Trusted Platform Module, TPM, Dongle, Bitlocker Key Message: Ways to deploy Bitlocker. Slide Builds: 3 Slide Script: [BUILD2] A TPM-plus-PIN solution is the best balance between security and usability. With this solution, the user simply has to enter a PIN each time the system is booted. Slide Transition: Slide Comment: Additional Information: https://www.trustedcomputinggroup.org/groups/tpm/ Seguridad

80 Espectro de Protección
Solo TPM Facilidad de Uso Solo Dongle ******* TPM & PIN TPM & Dongle Slide Title: Spectrum of Protection Keywords: Trusted Platform Module, TPM, Dongle, Bitlocker Key Message: Ways to deploy Bitlocker. Slide Builds: 3 Slide Script: [BUILD3] The most secure, and least usable, way of deployment is TPM plus Dongle. With this deployment method, the system will only boot if the operating system hasn’t been tampered with while offline, and if the user inserts the correct USB flash device. Slide Transition: You can be confident that Windows Vista is the most secure operating system that we have ever shipped. Slide Comment: Additional Information: https://www.trustedcomputinggroup.org/groups/tpm/ Seguridad

81 Resumen de la Sesión Windows Vista es el sistema operativo Windows mas seguro a la fecha Windows Vista proteje a los usuarios Varias y numerosas mejoras en seguridad para ayudar a protejer los datos y facilitar la implantación Slide Title: Session Summary Keywords: Summary Key Message: Summary Slide Builds: 2 Slide Script: Steps have been taken at Microsoft to ensure that Windows Vista has gone through the Software Development Lifecycle and that it adheres to code integrity standards. In addition, Windows Service Hardening ensures that critical Windows services only perform expected activities relating to the file system, registry, and the network. [BUILD1] Windows Vista includes features to protect users. User Account Control, while also providing security in your network, can allow users to perform business-related activities to stay productive. For example, laptop users can change the time zone and set power settings, which wasn’t previously available without elevated permissions. Protected Mode in Internet Explorer 7 limits Internet Explorer to just enough privileges to browse the Web but not enough to modify user files or settings by default. This allows users to get the information they need, while still protecting the computer against malicious sites. [BUILD2] From Rights Management Services and BitLocker Drive Encryption, to improved Smartcard functionality and deployment, there are many exciting new security features in Windows Vista. Slide Transition: To get more information on the products and technologies we have covered today, we have some online resources available that can help. Slide Comment: Additional Information:

82 Mayor información en Centro Technet de Windows Vista
Español: Inglés: Centro Technet de Seguridad Español: Inglés: Laboratorios virtuales para Windows Vista Windows Vista Beta 2 Product Guide Foros Technet sobre Windows Vista

83 Recursos de entrenamiento
Clinic 3041: Deploying Microsoft® Windows Vista™ and the 2007 Office System Client Products (Beta) https://www.microsoftelearning.com/eLearning/courseDetail.aspx?courseId=60546 Windows Vista Step by Step guides for IT Pros

84


Descargar ppt "Elementos de seguridad en Windows Vista"

Presentaciones similares


Anuncios Google