Windows Vista 操作系统最新安全特性

Windows Vista 操作系统最新安全特性
11/12/ :09 PM Windows Vista 操作系统最新安全特性 © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

提纲系统平台权限保护防止有害软件和恶意入侵 IE安全改进数据保护总结，与XP相比局限问/答
11/12/ :09 PM 提纲系统平台权限保护防止有害软件和恶意入侵 IE安全改进数据保护总结，与XP相比局限问/答 © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

系统平台 SDL Service Hardening 硬件保护 64位平台安全改进

安全软件开发 Security Development Lifecycle (SDL) 第一个采用SDL进行开发的操作系统

系统服务保护：Service Hardening
11/12/ :09 PM 系统服务保护：Service Hardening 背景：系统服务程序（System Service）被攻击次数日益增多无需用户交互，即可自动运行运行于“System”账号下 © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

系统服务保护服务程序运行在最低权限服务程序有相应的配置文件，用以指定该服务可以执行的文件，注册表和网络行为文件系统注册表网络
11/12/ :09 PM 系统服务保护服务程序运行在最低权限服务程序有相应的配置文件，用以指定该服务可以执行的文件，注册表和网络行为文件系统注册表网络 © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

硬件保护防止缓存溢出 NX保护代码寻址空间随机分布(ASLR) Address Space Layout Randomization

64位平台背景：有缺陷或恶意的驱动程序导致系统崩溃，不稳定，和安全问题设备驱动程序 PatchGuard
所有的设备驱动程序都必须有数字认证 PatchGuard 不允许修改系统的核心状态（Kernel State）

权限保护用户权限保护（UAP）登陆体系 Smart Card 网络权限保护（NAP）

用户帐号保护：背景大部分用户以Admin权限登录许多应用程序需要Admin权限运行许多操作系统配置的修改需要Admin权限
11/12/ :09 PM 用户帐号保护：背景大部分用户以Admin权限登录许多应用程序需要Admin权限运行许多操作系统配置的修改需要Admin权限计算机病毒，和间谍软件？ © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

用户帐号保护：综述用户登陆后的缺省权限是非Admin身份必须通过相应的UI才能将权限升为Admin
11/12/ :09 PM 用户帐号保护：综述用户登陆后的缺省权限是非Admin身份必须通过相应的UI才能将权限升为Admin © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

UAP兼容性应用程序和系统管理工具可在Vista的RC版本上测试
11/12/ :09 PM UAP兼容性应用程序和系统管理工具可在Vista的RC版本上测试 Here's an example of the control flow of running an application under UAP: When a user tries to start an application, the Windows shell uses ShellExecute to call CreateProcess. CreateProcess determines whether the application requires elevated privilege by querying the application manifest, the Windows Vista AppCompat database, and the system installer detection technology in that order. If the application does not require elevated privilege the process is created through NtCreateProcess. If the application requires elevated privilege, CreateProcess, through a call to NtCreateProcess, returns a specified error to ShellExecute. On receipt of the error ShellExecute calls across to the Application Information Service (AIS) to attempt the elevated launch. AIS then prompts the user for consent through the Consent User Interface. ShellExecute then reissues CreateProcess for the user with the user full token to launch the application on the client's (UAP) desktop. NtCreateProcess launches the application with the specified full token. NtCreateProcess prompts user for consent through the Consent User Interface. NtCreateProcess reissues CreateProcess for the user with the user full token to launch the application on the client's (UAP) desktop. © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

登陆体系/Smart Card Password 不是唯一选择 … 支持第三方Credential Provider
Biometrics Smart Card支持

网络权限保护（Network access protection）
11/12/ :09 PM 网络权限保护（Network access protection）背景一台笔记本电脑被病毒感染当该笔记本接入到公司内部网络时，病毒可以通过此电脑感染整个内部网络 © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

网络权限保护：综述任何电脑必须通过系统健康检查后才能接入公司内部网络确保机器时刻保持健康状态
11/12/ :09 PM 网络权限保护：综述任何电脑必须通过系统健康检查后才能接入公司内部网络确保机器时刻保持健康状态未通过系统健康检查的机器会被隔离到一个受控网络 © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

网络权限保护 NAP客户端程序包括在Windows Vista中 NAP服务端程序包括在Longhorn Server中
11/12/ :09 PM 网络权限保护 NAP客户端程序包括在Windows Vista中 NAP服务端程序包括在Longhorn Server中 © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

防止有害软件和恶意入侵安全中心 Windows Defender 有害软件删除工具防火墙

安全中心第一个版本发布于XP SP2 提供状态信息：反间谍软件 Internet Explorer安全设置用户权限控制支持第三方软件

Windows Defender 反间谍软件监控检测清除 SpyNet

有害软件删除工具 XP升级到Windows Vista，先进行检测不替代反病毒产品

防火墙控制应用程序的对外网络连接（application-aware outbound filtering）与系统服务保护集成
11/12/ :09 PM 防火墙控制应用程序的对外网络连接（application-aware outbound filtering） P2P软件与系统服务保护集成设置可由系统管理员通过Group Policy管理 © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

IE安全改进 IE 7 WEB 312 ：深入探讨Vista IE 保护模式 11/12/2018 11:09 PM
© 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

IE浏览器：背景 IE的安全漏洞是病毒和间谍软件传播的主要途径之一针对普通用户的Phishing攻击
11/12/ :09 PM IE浏览器：背景 IE的安全漏洞是病毒和间谍软件传播的主要途径之一针对普通用户的Phishing攻击 © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

IE浏览器：目的 IE运行于低权限模式下。以更安全访问互联网，减少安全漏洞的影响范围对Phishing攻击向用户提出警告
11/12/ :09 PM IE浏览器：目的 IE运行于低权限模式下。以更安全访问互联网，减少安全漏洞的影响范围对Phishing攻击向用户提出警告 © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

IE：低权限模式权限低于普通用户程序敏感操作由代理进程（broker process）执行只能对文件系统的特定部分执行写操作
11/12/ :09 PM IE：低权限模式权限低于普通用户程序只能对文件系统的特定部分执行写操作不能对高权限的其它进程操作敏感操作由代理进程（broker process）执行修改Internet设置安装ActiveX控件 © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

IE：低权限模式架构 IE 代理进程 IE 低权限模式安装驱动程序管理员权限修改配置普通用户权限缓存浏览页面临时文件目录
11/12/ :09 PM IE：低权限模式架构 IE 代理进程安装驱动程序 IE 低权限模式管理员权限修改配置普通用户权限缓存浏览页面临时文件目录 © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Phishing 复制一个官方网站的主页，诱使用户输入个人的机密信息，如银行账号，密码等等。 11/12/2018 11:09 PM

防止Phishing攻击保护URL显示 Phishing网页过滤器（ Filter ） 11/12/2018 11:09 PM

数据保护 BitLocker 加密文件系统版权保护 USB

BitLocker 安全启动密码恢复程序可针对XP的数据安全保护机制进行系统离线攻击 11/12/2018 11:09 PM

BitLocker：目的即使物理设备丢失,仍能提供对Windows客户端的安全保证
11/12/ :09 PM BitLocker：目的即使物理设备丢失,仍能提供对Windows客户端的安全保证特别针对他人以其他OS启动试图非法获取对Windows系统文件的权限 © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

BitLocker 基于Trusted Platform Module（ TPM ）可锁定启动进程，要求用户提供Credential
可锁定启动进程，要求用户提供Credential 硬盘全加密（Full Volume Encryption: FVM） © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

加密文件系统(EFS) Full Volume Encryption 全加密

FVE 硬盘布局加密的 OS卷，包括： OS，页面文件临时文件数据休眠（ hibernation）文件 MBR 系统分区包括基本
11/12/ :09 PM FVE 硬盘布局加密的 OS卷，包括： OS，页面文件临时文件数据休眠（ hibernation）文件 MBR 系统分区包括基本引导代码 © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

版权保护 Office 文档版权保护客户端（RMS client）

数据保护技术总结防范对象机器其他正常用户或系统管理员? EFS 未授权非法用户? BitLocker™ 笔记本
场景 BitLocker EFS RMS 笔记本 Branch office 服务器本地单用户文件本地多用户文件远程文件网络管理员不信赖远程office文档管理

USB控制 Group Policy 可以管理对USB设备的安装

局限 Vista的改进不能解决所有的安全问题操作系统只是整个安全解决方案的一部分物理设备安全用户教育社会工程方式攻击
11/12/ :09 PM 局限 Vista的改进不能解决所有的安全问题操作系统只是整个安全解决方案的一部分物理设备安全用户教育社会工程方式攻击 © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

11/12/ :09 PM 资源 Windows Vista Security: Device Driver IE 7 信息安全Blog © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Windows XP User Admin System Services Few layers Mostly privileged
11/12/ :09 PM Windows XP User Kernel Admin System Services Few layers Mostly privileged Limited guards between layers © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

User Account Protection (LUA) Low Privilege Services
11/12/ :09 PM Vista User Account Protection (LUA) Service Hardening Low rights programs LUA User Low Privilege Services Admin Increase # layers Segment services Reduce size of high risk layers System Services Svc 6 Service 1 Kernel D D D D D Service 2 D Service 3 Svc 7 User mode drivers D D D © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Windows Vista 操作系统最新安全特性

Similar presentations

Presentation on theme: "Windows Vista 操作系统最新安全特性"— Presentation transcript:

Similar presentations

About project

反馈

请登录

Auth with social network:

Windows Vista 操作系统最新安全特性

Similar presentations

Presentation on theme: "Windows Vista 操作系统最新安全特性"— Presentation transcript:

Similar presentations

About project

反馈