DOCSLIB.ORG

Microsoft Windows Vista and Windows Server 2008 Security Target

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Microsoft Windows Vista and Windows Server 2008 Security Target Microsoft Windows Vista and Windows Server 2008 Security Target Version 1.0 July 24, 2009 Prepared For: Microsoft Corporation Corporate Headquarters One Microsoft Way Redmond, WA 98052-6399 Prepared By: Science Applications International Corporation Common Criteria Testing Laboratory 6841 Benjamin Franklin Drive Columbia, MD 21046 Version 1.0, 7/24/09 This is a preliminary document and may be changed substantially prior to final commercial release of the software described herein. The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. This work is licensed under the Creative Commons Attribution-NoDerivs- NonCommercial License (which allows redistribution of the work). To view a copy of this license, visit http://creativecommons.org/licenses/by-nd-nc/1.0/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. The example companies, organizations, products, people and events depicted herein are fictitious. No association with any real company, organization, product, person or event is intended or should be inferred. © 2009 Microsoft Corporation. All rights reserved. Microsoft, Active Directory, Visual Basic, Visual Studio, Windows, the Windows logo, Windows NT, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. Microsoft Corporation, 2009 ii All Rights Reserved. Version 1.0, 7/24/09 Table of Contents 1. SECURITY TARGET INTRODUCTION ......................................................................................... 1 1.1 SECURITY TARGET, TOE, AND COMMON CRITERIA (CC) IDENTIFICATION.............................. 1 1.2 CC CONFORMANCE CLAIMS .................................................................................................... 2 1.3 STRENGTH OF ENVIRONMENT .................................................................................................. 2 1.4 CONVENTIONS, TERMINOLOGY, ACRONYMS ............................................................................ 2 1.4.1 Conventions ............................................................................................................................ 2 1.4.2 Terminology ............................................................................................................................ 3 1.4.3 Acronyms ................................................................................................................................ 3 1.5 ST OVERVIEW AND ORGANIZATION ........................................................................................ 3 2. TOE DESCRIPTION ........................................................................................................................... 5 2.1 PRODUCT TYPES ...................................................................................................................... 5 2.2 PRODUCT DESCRIPTION ........................................................................................................... 6 2.3 PRODUCT FEATURES ................................................................................................................ 7 2.3.1 New Security Features ............................................................................................................ 7 2.3.2 Previously Evaluated Security Features ................................................................................. 9 2.4 SECURITY ENVIRONMENT AND TOE BOUNDARY ....................................................................18 2.4.1 Logical Boundaries ................................................................................................................18 2.4.2 Physical Boundaries ..............................................................................................................20 2.5 TOE SECURITY SERVICES .......................................................................................................20 3. SECURITY ENVIRONMENT ...........................................................................................................22 3.1 THREATS TO SECURITY ...........................................................................................................22 3.2 ORGANIZATIONAL SECURITY POLICIES ...................................................................................23 3.3 SECURE USAGE ASSUMPTIONS ................................................................................................24 3.3.1 Connectivity Assumptions ......................................................................................................24 3.3.2 Personnel Assumptions ..........................................................................................................24 3.3.3 Physical Assumptions ............................................................................................................25 4. SECURITY OBJECTIVES ................................................................................................................26 4.1 TOE IT SECURITY OBJECTIVES ..............................................................................................26 4.2 NON-IT SECURITY OBJECTIVES FOR THE ENVIRONMENT ........................................................27 5. IT SECURITY REQUIREMENTS ....................................................................................................29 5.1 TOE SECURITY FUNCTIONAL REQUIREMENTS ........................................................................29 5.1.1 Security Audit (FAU) Requirements ......................................................................................35 5.1.2 Cryptographic Support (FCS) ...............................................................................................39 5.1.3 User Data Protection (FDP) Requirements ..........................................................................41 5.1.4 Identification and Authentication (FIA).................................................................................50 5.1.5 Management Requirements (FMT) ........................................................................................53 5.1.6 Protection of the TOE Security Functions (FPT) ..................................................................59 5.1.7 Resource Utilization (FRU) ...................................................................................................61 5.1.8 TOE Access (FTA) .................................................................................................................61 5.1.9 Trusted Path/Channels ..........................................................................................................62 5.2 TOE SARS ..............................................................................................................................63 5.2.1 Configuration Management (ACM) .......................................................................................64 5.2.2 Delivery and Operation (ADO) .............................................................................................66 5.2.3 Development (ADV) ...............................................................................................................66 5.2.4 Guidance Documents (AGD) .................................................................................................70 5.2.5 Life Cycle Support (ALC) ......................................................................................................72 5.2.6 Security Testing (ATE) ...........................................................................................................74 5.2.7 Vulnerability Assessment (AVA) ............................................................................................76 Microsoft Corporation, 2009 iii All Rights Reserved. Version 1.0, 7/24/09 5.3 SECURITY REQUIREMENTS FOR THE IT ENVIRONMENT ...........................................................78 6. TOE SUMMARY SPECIFICATION (TSS) .....................................................................................79 6.1 TOE SECURITY FUNCTIONS ....................................................................................................79 6.1.1 Audit Function .......................................................................................................................79 6.1.2 User Data Protection Function .............................................................................................83 6.1.3 Cryptographic Protection ......................................................................................................95
Load more

Recommended publications
  • Shorten Device Boot Time for Automotive IVI and Navigation Systems
    Shorten Device Boot Time for Automotive IVI and Navigation Systems Jim Huang ( 黃敬群 ) <[email protected]> Dr. Shi-wu Lo <[email protected]> May 28, 2013 / Automotive Linux Summit (Spring) Rights to copy © Copyright 2013 0xlab http://0xlab.org/ [email protected] Attribution – ShareAlike 3.0 Corrections, suggestions, contributions and translations You are free are welcome! to copy, distribute, display, and perform the work to make derivative works Latest update: May 28, 2013 to make commercial use of the work Under the following conditions Attribution. You must give the original author credit. Share Alike. If you alter, transform, or build upon this work, you may distribute the resulting work only under a license identical to this one. For any reuse or distribution, you must make clear to others the license terms of this work. Any of these conditions can be waived if you get permission from the copyright holder. Your fair use and other rights are in no way affected by the above. License text: http://creativecommons.org/licenses/by-sa/3.0/legalcode Goal of This Presentation • Propose a practical approach of the mixture of ARM hibernation (suspend to disk) and Linux user-space checkpointing – to shorten device boot time • An intrusive technique for Android/Linux – minimal init script and root file system changes are required • Boot time is one of the key factors for Automotive IVI – mentioned by “Linux Powered Clusters” and “Silver Bullet of Virtualization (Pitfalls, Challenges and Concerns) Continued” at ALS 2013 – highlighted by “Boot Time Optimizations” at ALS 2012 About this presentation • joint development efforts of the following entities – 0xlab team - http://0xlab.org/ – OSLab, National Chung Cheng University of Taiwan, led by Dr.
    [Show full text]
  • When Using the Wireless Function with a Windows Vista Computer 3. Computer Network Settings 1. Projector Settings 2. Computer IP
    2. Computer IP address settings When using the wireless function with a Windows Vista computer 1 Select [Start] → [Network]. “Wireless Manager mobile edition 3.0”, which is stored on the CD-ROM that is provided, does not work when using the wireless function with a Windows Vista computer. “Wireless Manager mobile edition 3.0a” is a version that is compatible with Windows Vista. Use this version by downloading and installing it from the URL below. However, please be aware it will still not be possible to use the functions described below. URL: http://panasonic.co.jp/pavc/global/projector/download/ 2 Select [Network and Sharing Center]. Functions that cannot be used: • Easy wireless set up (automatic set up of the wireless network) • Sound transmission • Wireless prompter (secondary display transmission) • Selective area transmission • Check with your system administrator before performing the network settings with the procedures below. Select [Manage network connections]. If network settings have already been made for using the computer in a wireless 3 environment for a different purpose, and after changing the settings as described in these instructions you want to go back to using the computer for the original purpose, then remember to return the network settings to their previous condition. • See “Wireless Function Edition”, the Operating Instructions in the provided CD-ROM, for details on the projector network settings and the wireless function. 1. Projector settings 4 Right click the mouse and open the Select [MENU] → [WIRELESS] → [NETWORK], and change to [USER1]. Wireless Network Connection Properties. Default settings of USER1 DHCP OFF IP ADDRESS 192.168.10.100 SUBNETMASK 255.255.255.0 SSID Panasonic Projector MODE ADHOC Enter [TCP/IPv4] as the setting and press 5 [OK].
    [Show full text]
  • Active@ UNDELETE Documentation
    Active @ UNDELETE Users Guide | Contents | 2 Contents Legal Statement.........................................................................................................5 Active@ UNDELETE Overview............................................................................. 6 Getting Started with Active@ UNDELETE.......................................................... 7 Active@ UNDELETE Views And Windows...................................................................................................... 7 Recovery Explorer View.......................................................................................................................... 8 Logical Drive Scan Result View..............................................................................................................9 Physical Device Scan View......................................................................................................................9 Search Results View...............................................................................................................................11 File Organizer view................................................................................................................................ 12 Application Log...................................................................................................................................... 13 Welcome View........................................................................................................................................14 Using
    [Show full text]
  • RAID, LVM, WSS, Verschlüsselung)
    Hochschule Wismar University of Applied Sciences Technology, Business and Design Fakultät für Ingenieurwissenschaften, Bereich EuI Projektarbeit Aufbereitung besonderer Speicherkonfigurationen als analysefähiges Material (RAID, LVM, WSS, Verschlüsselung) Eingereicht am: 6. Juli 2019 von: Melanie Wetzig Sven Lötgering Tom Gertenbach Stefan Depping Inhaltsverzeichnis Inhaltsverzeichnis 1 Vorüberlegungen4 1.1 Motivation und Zielstellung.......................4 1.2 Anforderung an den Ermittlungsprozess.................4 1.3 Einordnung in Ermittlungsprozess....................6 1.4 Write-Blocker...............................6 1.5 Software..................................7 1.5.1 Rohdatenformat (RAW).....................7 1.5.2 Expert Witness Format (EWF).................8 1.5.3 Advanced Forensic Format (AFF)................8 1.5.4 Xmount..............................8 2 Rechtliche Betrachtung9 2.1 Einleitung.................................9 2.2 Private Ermittlungen........................... 10 2.3 Behördliche Ermittlungen........................ 11 2.4 Zusammenfassung............................. 11 3 Speichermedien 13 3.1 Einleitung................................. 13 3.2 Magnetspeicher.............................. 13 3.2.1 Speicherung auf einer HDD................... 14 3.2.2 Löschen von Daten auf einer HDD............... 15 3.2.3 Forensische Relevanz....................... 15 3.3 Flash-Speicher............................... 15 3.3.1 Speicherung auf einer Solid-State-Drive (SSD)......... 16 3.3.2 Löschen von Daten auf einer SSD...............
    [Show full text]
  • SLDXA /T /L1 – SLX Component List
    SLDXA /T /L1 – SLX Component List SLDXA.exe ver 1.0 Copyright (c) 2004-2006 SJJ Embedded Micro Solutions, LLC All Rights Reserved SLXDiffC.exe ver 2.0 / SLXtoTXTC.exe ver 2.0 www.sjjmicro.com Processing... File1 to TXT file. Opening XSL File Reading RTF for final conversion F:\SLXTEST\LOCKDOWN_DEMO2.SLX has the following Components Total Count is: 577 -------------------------------------------------- .NET Framework 1.1 - Security Update KB887998 Accessibility Control Panel Accessibility Core ACPI Fixed Feature Button Active Directory Service Interface (ADSI) Core Active Directory Service Interface (ADSI) LDAP Provider Active Directory Service Interface (ADSI) Windows NT Provider Active Template Library (ATL) Add Hardware Control Panel Add/Remove Programs Control Panel Administration Support Tools Administrator Account Advanced Configuration and Power Interface (ACPI) PC Analog TV Application Compatibility Core Audio Codecs Audio Control Panel Base Component Base Performance Counters Base Support Binaries CD-ROM Drive Certificate Request Client &amp; Certificate Autoenrollment Certificate User Interface Services Class Install Library - Desk Class Install Library - Mdminst Class Install Library - Mmsys Class Install Library - Msports Class Install Library - Netcfgx Class Install Library - Storprop Class Install Library - System Devices Class Installer - Computer Class Installer - Disk drives Class Installer - Display adapters Class Installer - DVD/CD-ROM drives Class Installer - Floppy disk controllers Class Installer - Floppy disk drives
    [Show full text]
  • Active @ UNDELETE Users Guide | TOC | 2
    Active @ UNDELETE Users Guide | TOC | 2 Contents Legal Statement..................................................................................................4 Active@ UNDELETE Overview............................................................................. 5 Getting Started with Active@ UNDELETE........................................................... 6 Active@ UNDELETE Views And Windows......................................................................................6 Recovery Explorer View.................................................................................................... 7 Logical Drive Scan Result View.......................................................................................... 7 Physical Device Scan View................................................................................................ 8 Search Results View........................................................................................................10 Application Log...............................................................................................................11 Welcome View................................................................................................................11 Using Active@ UNDELETE Overview................................................................. 13 Recover deleted Files and Folders.............................................................................................. 14 Scan a Volume (Logical Drive) for deleted files..................................................................15
    [Show full text]
  • System Requirements
    Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the software, please review the readme files, release notes, and the latest version of the applicable user documentation, which are available from the Trend Micro website at: http://docs.trendmicro.com/en-us/enterprise/officescan.aspx Trend Micro, the Trend Micro t-ball logo, and OfficeScan are trademarks or registered trademarks of Trend Micro Incorporated. All other product or company names may be trademarks or registered trademarks of their owners. Copyright © 2017 Trend Micro Incorporated. All rights reserved. Release Date: October 2017 Protected by U.S. Patent No. 5,623,600; 5,889,943; 5,951,698; 6,119,165 Table of Contents Chapter 1: OfficeScan Server Installations Fresh Installations on Windows Server 2008 R2 Platforms .............................................................................................................................................................................. 1-2 Fresh Installations on Windows Server 2012 Platforms ..................................................................................................................................................................................... 1-3 Fresh Installations on Windows Server 2016 Platforms ..................................................................................................................................................................................... 1-4 Fresh Installations
    [Show full text]
  • User's Manual 2
    USER'S MANUAL 2 - © 2018. All Rights Reserved. Nitro 5 Covers: AN515-42 / AN515-52 This revision: March 2018 Important This manual contains proprietary information that is protected by copyright laws. The information contained in this manual is subject to change without notice. Some features described in this manual may not be supported depending on the Operating System version. Images provided herein are for reference only and may contain information or features that do not apply to your computer. Acer Group shall not be liable for technical or editorial errors or omissions contained in this manual. Register your Acer product 1. Ensure you are connected to the Internet. 2. Open the Acer Product Registration app. 3. Install any required updates. 4. Sign up for an Acer ID or sign in if you already have an Acer ID, it will automatically register your product. After we receive your product registration, you will be sent a confirmation email with important data. Model number: _________________________________ Serial number: _________________________________ Date of purchase: ______________________________ Place of purchase: ______________________________ Table of contents - 3 TABLE OF CONTENTS First things first 6 BIOS utility 39 Your guides ............................................. 6 Boot sequence....................................... 39 Basic care and tips for using your Setting passwords ................................. 39 computer.................................................. 6 Power management 40 Turning your computer off..........................
    [Show full text]
  • Veeam Backup 7 Release Notes
    VEEAM BACKUP & REPLICATION 7.0 RELEASE NOTES This Release Notes document provides last-minute information about Veeam Backup & Replication 7.0, including system requirements, installation and upgrade procedure, as well as relevant information on technical support, documentation, online resources and so on. The current version of Veeam Backup & Replication 7.0 is available for download at: http://www.veeam.com/vmware-esx-backup/download.html starting from August 15, 2013. See next: • System Requirements • Known Issues • Installing Veeam Backup & Replication • Uninstalling Veeam Backup & Replication • Upgrading Veeam Backup & Replication • Licensing • Updating Veeam Backup & Replication License • Technical Documentation References • Technical Support • Contacting Veeam Software 1 | Veeam Backup & Replication 7.0.0.690 | RELEASE NOTES System Requirements VMware Infrastructure Platforms • vSphere 5.0, 5.1 • vSphere 4.x • Infrastructure 3.5 (VI3.5) Hosts • ESXi 5.0, 5.1 • ESX(i) 4.x • ESX(i) 3.5 Software • vCenter Server 5.0, 5.1 (optional) • vCenter Server 4.x (optional) • Virtual Center 2.5 (optional) VMware Virtual Machines Virtual Hardware • All types of virtual hardware are supported. • Virtual machines with disks engaged in SCSI bus sharing are not supported, because VMware does not support snapshotting such VMs. • RDM virtual disks in physical mode, Independent disks and disks connected via in-guest iSCSI initiator are not supported, and are skipped from processing automatically. OS • All operating systems supported by VMware. • Application-aware
    [Show full text]
  • Migrating Active Directory to Windows Server 2012 R2
    Windows Server 2012 R2 Migrating Active Directory to Windows Server 2012 R2 Hands-on lab In this lab, you will complete a migration of a Windows Server 2008 R2 domain environment to Windows Server 2012 R2 with no downtime to clients. All roles currently held including FSMO, DHCP and DNS will be transferred to enable the Windows Server 2008 R2 domain controller to be retired. Produced by HynesITe, Inc. Version 1.0 12/15/2013 This document supports a preliminary release of a software product that may be changed substantially prior to final commercial release. This document is provided for informational purposes only and Microsoft makes no warranties, either express or implied, in this document. Information in this document, including URL and other Internet Web site references, is subject to change without notice. The entire risk of the use or the results from the use of this document remains with the user. Unless otherwise noted, the companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted in examples herein are fictitious. No association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
    [Show full text]
  • No More Excuses: Windows 7 Makes It Easy to Manage Computer Power
    • Products that earn the ENERGY STAR® prevent greenhouse gas emissions by meeting strict energy efficiency guidelines set by the U.S. Environmental Protection Agency and the U.S. Department of Energy. www.energy star.gov NO MORE EXCUSES: WINDOWS 7 MAKES IT EASY TO MANAGE COMPUTER POWER CONSUMPTION ORGANIZATION-WIDE Here’s how you can take advantage of Windows 7’s new power management features The University of Wisconsin at Oshkosh is no stranger to the idea of sustainability. In 2003 it became the first university in the state to join the Environmental Protection Agency’s Green Power Partnership. Its green initiatives also earned the university high marks from the Sierra Club, which ranked the university nationally in its Cool Schools survey. Given this commitment to green, it’s no surprise that the university first deployed computer power management back in 2005, and that it was one of the first Energy Star power management success stories. At that time, the University’s computers ran the Windows XP and Windows 2000 operating systems, neither of which included native tools for the central administration of power management features. To implement power management settings on these machines, the University used third-party software from ENERGY STAR called EZ GPO. For detailed information and resources concerning Now that Windows 7 has CPM client management features built in, it’s much the power management of easier to administer power management. This case study will show you how the University of Wisconsin at Oshkosh took full advantage of computer power PCs running Windows XP, management features on Windows Vista and Windows 7 clients managed by please see the ENERGY STAR Windows Server 2008.
    [Show full text]
  • Chapter 15-70-411FINAL[1]
    Lesson 15: Configuring Service Authentication MOAC 70-411: Administering Windows Server 2012 Overview • Exam Objective 5.1: Configure Service Authentication • Configuring Service Authentication • Managing Service Accounts © 2013 John Wiley & Sons, Inc. 2 Configuring Service Authentication Lesson 15: Configuring Service Authentication © 2013 John Wiley & Sons, Inc. 3 Authentication • Authentication is the act of confirming the identity of a user or system and is an essential part used in authorization when the user or system tries to access a server or network resource. • Two types of authentication that Windows supports are NT LAN Manager (NTLM) and Kerberos. • Kerberos is the default authentication protocol for domain computers. • NTLM is the default authentication protocol for Windows NT, standalone computers that are not part of a domain, and situations in which you authenticate to a server using an IP address. © 2013 John Wiley & Sons, Inc. 4 Understanding NTLM Authentication • NT LAN Manager (NTLM) is a suite of Microsoft security protocols that provides authentication, integrity, and confidentiality to users. • NTLM is an integrated single sign-on mechanism. • NTLM uses a challenge-response mechanism for authentication in which clients are able to prove their identities without sending a password to the server. © 2013 John Wiley & Sons, Inc. 5 Managing Kerberos Kerberos: • Is a computer network authentication protocol, which allows hosts to prove their identity over a non-secure network in a secure manner. • Can provide mutual authentication
    [Show full text]