Copyrighted Material

30_118054 bindex.qxp 10/11/07 9:54 AM Page 345

Index

ActiveX • Numerics • defined, 241, 335 48-bit recovery option, 192 and DHTML, 246 128-bit encryption, 173, 188 disabling, 250 256-bit encryption, 173, 188 and HTML, 241 256-bit recovery option, 192 and IE7, 15, 241–243 in Internet Zone, 250 object caching, 253 • A • properties of, 256 security risks of, 236 About.com identity-theft site, 330 threat of, 243 Access Control Entry (ACE), 105 typically installed, 255 access control list (ACL), 109 ActiveX Opt-In access control model, 335 and automatic downloads, 256 access levels, 40 defined, 242, 257 access management options, 242–243 with auditing and logging, 124–132 and security risks, 243 discussed, 96, 103 acts of God (natural threat-sources), 32 to floppy, 299 AD. See Active Directory with NTFS permissions, 111–116 ad hoc (peer-to-peer) wireless network object-level security, 96–97, 103–111 defined, 335 to Registry, 116–124 discussed, 219, 230–232, 320 system security settings, 96 Add button access point (AP). See also wireless access for ACEs, 114 point in File Sharing Wizard, 99 in discovery process, 218–219 Add text (File Sharing Wizard), 98, 99 and SSID values, 235 http://www.pbookshop.com Admin Approval mode username and password for, 232 administrators in, 69–70 account(s) for built-in administrators, 59–61 built-in, 83–87 defined, 335 defined, 81 disabled, 60 managing, 81–83 COPYRIGHTEDelevation MATERIAL prompt for administrators in, password-protected, 286 61–63 SAM, 299 enabled, 60, 61 account-lockout policy, 297–298 Local Security Policy, 59–63 ACE (Access Control Entry), 105 and Standard User mode, 55–57 ACL (access control list), 109 and UAC, 69–70 action pane, 206 administrative templates Active Directory (AD) custom, 303 and domain network, 207, 296–297 discussed, 302 Domain Profile, 207 interface, 303–304 password policies, 296–297 and Registry, 302 Active Server Pages (ASP), 250 settings, 303 30_118054 bindex.qxp 10/11/07 9:54 AM Page 346

346 Windows Vista Security For Dummies

administrative username, 232–233 ASP (Active Server Pages), 250 Administrator (account), 83–84 asymmetric encryption in Admin Approval mode, 61–63, 69–70 defined, 335 built-in, 59–61, 300 discussed, 160–161 common tasks of, 55 and symmetric encryption, 163 elevation prompt for, 61–63 @RISK: The Consensus Security Alert sharing, 98 (newsletter), 329 Standard Users versus, 55 attachment Administrators (group), 82, 84 in e-mail, 318 .admx, 303 in instant messaging, 321 Advanced Encryption Standard (AES), Audit Account Logon Events, 126 173, 188 Audit Account Management, 126 Advanced Security applet Audit Logon Events, 126 Getting Started section with, 211–213 Audit Object Access, 126, 130 and Resources pane, 213–214 audit policy, 298 Windows Firewall with, 205–214 Audit Policy Change, 126 Advanced tab (Windows Firewall), 204–205 Audit Privelege Use, 126–127 adware, 260 Audit Process Tracking, 127 AES (Advanced Encryption Standard), Audit System Events, 127 173, 188 auditing alert(s) access management with, 124–132 for application installations, 65 defined, 105, 125 when program is blocked, 203 discussed, 105, 124–125 in Windows Defender, 270–271 and logging, 124–132 in WSC, 50 of NTFS objects, 130–131 allow of objects, 130–132 access, 214 passive, 131 connection, 212 policies, 124–129 secure connections, 212 of Registry objects, 131 Unicast Response, 210 of service objects, 131 Allowed Items, 274–275 AuditPol.eze, 298 anonymous enumeration,http://www.pbookshop.com 299 Authenticate Communications between ANONYMOUS LOGON, 84 Computers section (Getting antispyware, 261 Started), 211 antivirus software Authenticated Users, 83, 85, 106 discussed, 325–326 authentication, 81–82, 335 and firewalls, 328 authorization, 335 in mobile devices, 322 Auto Start, 265 AP. See access point automatic (scheduled) scan, 269, 270 application installations Automatic Updating alerts for, 65 and ActiveX Opt-In, 256 backing up, 141 discussed, 44 by malicious programs, 65 managing, 45–46 Apply To, 114, 115 monitoring, 45 archive folder, 151 and WSC, 44–46 30_118054 bindex.qxp 10/11/07 9:54 AM Page 347

Index 347

Automatically Deny Elevation Requests, binary behaviors 63–64 and DHTML, 246 AutoPlay and AutoRun in IE7, 246 of CD/DVDs, 285 BIOS policies, 304 and BitLocker, 173 availability, 20, 36 changes to, 180 BitLocker additional security with, 187 • B • advanced options, 181–182 backing up basic options, 179–181 advanced methodologies, 140 and BIOS, 173 application information, 141 data recovery, 191–194 with Backup and Restore, 151–154 and data theft, 171–173 with Backup Files Wizard, 152–153 defined, 17, 172, 335 business information, 141 disabling, 195–196 on CD, 152 discussed, 171–173 with CompletePC Backup, 139, 154–157 encryption with, 16–17, 188–189 discussed, 135 folders, recovering, 191–192 on DVD, 152 and Group Policy Object Editor, 178, 191 encryption keys, 170 interface, 179, 195 files, 138–139, 146, 152–153 methods, 188–189 folders, 138–139, 146 options for recovery, 192–194 on hard disk, 152 and PIN, 183–186 options for, 137–140 preparing system for, 174–178 organization for, 150–151 Prevent Memory Overwrite, 189–191 and partitioning, 174 recovering data, 191–194 preserving data by, 147–150 for removable media, 196 private keys, 170 requirements for, 173–174 reasons for, 136–137 setting up, 178–187 requirements for, 140–144 and startup key, 186–187 with Shadow Copy, 139–140 and TPM, 173, 179, 182–187 with shadow copy, 157http://www.pbookshop.comweaknesses of, 196 storage media for, 142 BitLocker Drive Encryption, 194, 304 strategy planning for, 145–147 blocking supported devices for, 140 alerts, 203 system data, 141 connections, 201, 208, 209, 212 with System Restore, 137–138, 147–149 of file downloads, 13 third-party software for, 327–328 of inbound connections, 201, 208 Backup and Restore Center of programs, 203 defined, 335 with spyware removal tools, 327 discussed, 151–154 Bluetooth, 322 Backup Files Wizard, 152–153 boot protection, 172 Backup Log Automatically When Full, 129 broadband Internet, 313. See also wireless Backup Operators, 84 network BATCH, 84 broadband router, 314 BCWipe (Jetico), 333 built-in account, 83–87 30_118054 bindex.qxp 10/11/07 9:54 AM Page 348

348 Windows Vista Security For Dummies

built-in administrator, 59–61, 300 Control Panel, 303 built-in group (special identity), 83–87 Co-Owner (permission), 100 built-in identity, 83–87 Credentials, Prompt for business information in Administrator mode, 62 backing up, 141 in Standard User mode, 63 protection of, 21 cross-domain scripting protection, 15–16 cross-domain security defined, 257 • C • and IE7, 243–244 Cancel button (File Sharing Wizard), 100 scripting attacks, 15–16, 243–244 caution, 215 Currently Running Programs, 276 CD custom scan, 11, 268 AutoPlay and AutoRun, 285 customer information, 21 backing up on, 152 deny write access to, 292 CD-ROM access, 299 • D • cellphone. See mobile device DACL (Discretionary Access Control List), Change (permission), 78 104, 105 Change button, 115 data. See also sensitive information Change Scope button, 203 backing up, 147–150 Change Settings, 46 in BitLocker, 191–194 Check for Updates, 45 and EFS, 167–168 Check Names, 92 organizing, 150–151 Check this Web site, 245 preserving, 147–150 child object, 109, 111 recovering, 167–168, 191–194 children, controls for, 12 on removable media, 286–288 Classic View (UAC), 59 removing, 286–287 Clear All button, 115 System Restore for, 147–149 code, 10 Data Recovery Agent, 163 Cogswell, Bryce, 332 data scrubber program, 288 common sense, 24 data theft, 171–173 Communications, Securehttp://www.pbookshop.com in, 9, 10 DDoS (Distribute Denial-of-Service), 317–318 company financials, 21 decryption, 336 CompletePC Backup (system image) Default, Secure by, 9, 10 backing up with, 154–155 Default Action (Definition-Based), 271, 272 description, 146 Default View (UAC), 59 discussed, 139, 154–157 Defender. See Windows Defender restoring, 155–156 definition files, 262–263, 269 and shadow copies, 156–157 deny write access, 292 Components (Windows), 304 Deployment, Secure in, 9, 10 compressed files, 162 Design, Secure by, 9, 10 compressed folder, 162 Desktop, 303 computing, 1, 12 detect application installations confidentiality, 36–37 disabled, 65 configuration policy, 301 for elevation prompts, 65–66 Consent, Prompt for, 61, 63 enabled, 65 console tree, 206 device Container Only check box, 115 installation, 290–291 Contributor (permission), 100 usage, 292 30_118054 bindex.qxp 10/11/07 9:54 AM Page 349

Index 349

Device Control defined, 288 • E • for device installation, 290–291 Edit button, for ACEs, 114 for device usage, 292 effective permissions, 105–108 discussed, 288 EFS. See Encrypting File System and Group Policy, 289 Elevate without Prompting, 62 installation settings of, 288–289 elevated privilege, 336 for removable media, 286–292 elevation prompt usage settings of, 289–290 in Admin Approval mode, 61–63 DHCP (Dynamic Host Configuration for administrators, 61–63 Protocol), 221, 228 and automatic denial, 63–64 DHTML (Dynamic HTML), 246 defined, 56 Diffuser, 173, 188 detect application installations, 65–66 diffusion, 188 and Secure Desktop, 70–71 digital certificate signature checks for, 66–67 defined, 336 for Standard Users, 63–65 support for, 161 in UAC, 61–68 Digital Rights Management (DRM), 80 UIAccess, 67–68 digital signature, 336 e-mail discovery process, 218–219 attachments, 318 Discretionary Access Control List (DACL), MMC attacks via, 319 104, 105 and mobile devices, 322 Distribute Denial-of-Service (DDoS), permissions from, 79 317–318 security risks with, 318–319 Do Not Forward policy, 77 employment-related information, 21 document, 74 encrypted file Documents folder discussed, 162, 163, 168–169 discussed, 151 in folders, 164 encryption of, 169 sharing, 166 files in, 151 Encrypting File System (EFS) organization of, 169 and data recovery, 167–168 domain network http://www.pbookshop.comdefined, 17, 336 and Active Directory, 207, 296–297 discussed, 159, 163 discussed, 219 encryption with, 16–17 Domain Profile, 207 for files, 161–163, 162, 166 downtime, 136 for folders, 161, 164–165 drive-preparation tool, 176–178 and Group Policy, 168 DRM (Digital Rights Management), 80 protection with, 162 DVD and roaming profiles, 170 AutoPlay and AutoRun, 285 for specific files, 166 backing up on, 152 strategy for use of, 168–170 deny write access to, 292 user education for, 168 Dynamic Host Configuration Protocol encryption (DHCP) 128-bit, 173, 188 disabling, 221, 228, 234 256-bit, 173, 188 and wireless networking hardware, 234 asymmetric, 160–161, 163, 335 Dynamic HTML (DHTML) with BitLocker, 16–17, 188–189 and ActiveX, 246 BitLocker Drive Encryption, 194, 304 and binary behaviors, 246 30_118054 bindex.qxp 10/11/07 9:54 AM Page 350

350 Windows Vista Security For Dummies

encryption (continued) removing encryption from, 167 defined, 336 restoring, 153–154 discussed, 16, 159–160 secure deletion of, 332–333 of Documents folder, 169 sharing, 98–102, 166 with EFS, 16–17 unencrypted, 162 for mobile devices, 322 File and Folder Backup Wizard, 138–139 for removable media, 287–288 File Expiration Date, 78 removing, from files, 167 File Sharing (Windows), 224 with RMS, 74 File Sharing Wizard, 98–101 of sensitive information, 168–169 file-download blocking, 13 symmetric, 160, 163, 188, 339 Files Only option, 130–131 with WinZip, 287–288 Find Now, 93 encryption key, 170 firewall(s). See also Windows Firewall Enter the Object Names to Select, 92 advanced, 329 enumeration, anonymous, 299 and antivirus software, 328 environmental threat-sources, 32 discussed, 328–329 event log, 128, 300 and hotspots, 224 Event Log key, 124 from ISV, 215 Event Log Readers, 85 for mobile devices, 322 Everyone (identity), 83, 85 other types of, 215 Exceptions tab (Windows Firewall), protection with, 328–329 202–203 and services, 15 Exclusion Policies, 75 sharing, 101–102 explicit security Firewall Settings, 209 inherited security versus, 108–111 Firewall State, 208 permissions, 111 floppy, access to, 299 Explorer (Windows), 304 folder(s) eXtensible Rights Markup Language archive, 151 (XRML), 74, 250 backing up, 138–139, 146 and BitLocker, 191–192 compressed, 162 • F • http://www.pbookshop.comdefined, 151 FAT32 permissions, 112 Documents, 151 file(s) EFS for, 161, 164–165 backing up, 138–139, 146, 152–153 organizing, 151 compressed, 162 permissions, 112 definition, 269 public, 101 deletion of, 332–333 recovering, 168, 191–192 in Documents folder, 151 removing encryption from, 167 EFS for, 161–163, 166 restoring, 153–154 encrypted, 162–164, 166, 168–169 sharing, 101 and firewalls, 101–102 48-bit recovery option, 192 in folders, 164 free space, 178 organizing, 151 From This Location, 92, 93 overwrite, 139–140 Full Control (permission), 78, 106 permissions, 112 full scan, 11, 267, 268 recovering, 167 30_118054 bindex.qxp 10/11/07 9:54 AM Page 351

Index 351

HKEY_CURRENT_USER (HKCU), 117, 123 • G • HKEY_LOCAL_MACHINE (HKLM), 117, gadget, sidebar, 331 123–124 gaming restrictions, 13 HTML General tab (Windows Firewall), 201 and ActiveX controls, 241 Getting Started section and Internet Zone, 248 with Advanced Security applet, 211–213 in Internet Zone, 248 Authenticate Communications between HTTP (HyperText Transfer Protocol), 249 Computers section, 211 human element discussed, 211 of security risks, 39–40 Monitoring section, 213 human threat-sources, 32 View and Create Firewall Rules section, HyperText Transfer Protocol (HTTP), 249 211–213 GIANT antispyware, 261 • I • GIANT Company Software Inc., 261 gpedit.msc, 289, 296, 297. See also Group ICS (Internet Connection Sharing), 320 Policy Object Editor identification, 81 greynet applications, 260 identity, built-in, 83–87 group(s) identity theft assigning users to, 94–95 About.com, 330 built-in, 83–87 defined, 336 creating, 94–95 identity-theft site (About.com), 330 defined, 81 IE7. See Internet Explorer 7 managing, 81–83 Ignore (threat), 271 Group Policy IIS_IUSRS (group), 85 and Device Control, 289 IM (instant messaging) and EFS enforcement, 168 attachments, 321 Group Policy Object Editor MMC attacks via, 319 and BitLocker, 178, 191 security risks with, 321 defined, 295 inbound connections discussed, 295–296 configuring, 208–209 for local security policies,http://www.pbookshop.com 296 defined, 207 for Security Event log, 128–129 Include Inheritable Permissions, 115 Guest (account), 85 Independent Software Vendor (ISV), 43, 215 Information Rights Management (IRM) discussed, 76 • H • document protection with, 78–79 hard disk and Microsoft Outlook, 76–78 backing up on, 152 and RMS, 76–79 partitioning, 174–176 inheritance, 108–111 hardware Inherited From, 114 discussed, 30 inherited security, 108–111 failure, 136 instant messaging (IM) protection of, 19–20 attachments, 321 System Restore for, 138 MMC attacks via, 319 for wireless networks, 230–232 security risks with, 321 hiberfil.sys, 178 integrity, 36 Hibernation, 178 integrity level, 239 High alert, 270 INTERACTIVE (identity), 85–86 30_118054 bindex.qxp 10/11/07 9:54 AM Page 352

352 Windows Vista Security For Dummies

interface Internet Security Settings, 48 administrative templates, 303–304 Internet service provider (ISP) BitLocker, 179, 195 broadband, 313 Regedit, 118 discussed, 313–314 Select Objects, 90–93 Internet Zone spyware removal tools, 327 ActiveX in, 250 of systems, 31 assigning local file to, 249 of Windows Defender, 11, 262 discussed, 247 Windows Firewall, 199 HTML, 248 for Windows Firewall configuration, 18 and HTML, 248 WSC, 42 intranet, 248 Internet inventory, 29–30, 31 MMC attacks via, 319 IP address, static, 229, 234 and mobile devices, 322 IP Security Policies, 301 Internet Connection Sharing (ICS), 320 IPsec (Internet Protocol security) Internet Explorer (IE) and Authenticate Communications, 211 add-ons to, 265 defined, 336 administrative template, 304 and roaming profiles, 170 Configurations, 266 and Windows Firewall, 18 group policy settings, 302 IPv6 (Internet Protocol version 6) RMS in, 78–79 defined, 336 and Windows Defender, 261–263 and static IP addresses, 229 Internet Explorer (IE) 7 IRM. See Information Rights Management and ActiveX, 241–243 ISP (Internet service provider) address bar, 257 broadband, 313 binary behavior, 246 discussed, 313–314 Binary Behaviors, 246 ISV (Independent Software Vendor), 43, 215 and cross-domain scripting attacks, IUSR (account), 85, 86 243–244, 244 defined, 336 discussed, 15, 237, 256–257 • J • MIME, 249––250 http://www.pbookshop.comJetico BCWipe, 333 and MMC, 320 network protocols, 250–253 object caching, 253–156 • K • Parental Controls in, 16 key(s) permissions in, 15 backing up, 170 phishing protection in, 16, 244–246 encryption, 170 Protected Mode, 237–241, 320 password-protecting, 170 security features in, 15–16 public, 160–161 SSL improvements in, 257 Registry, 117 Zones, 247–249 secret, 160 Internet Options (WSC), 47–48 startup, 179, 182 Internet Protected Mode, 15, 237–241, support for, 161 257, 336 Windows Defender, 124 Internet Protocol security. See IPsec key (token), 96, 130 Internet Protocol version 6 (IPv6) key objects, 117 defined, 336 key pair, 161 and static IP addresses, 229 30_118054 bindex.qxp 10/11/07 9:54 AM Page 353

Index 353

malicious programs • L • application installations by, 65 LAN (local area network), 207 best practices for, 278–279 last-accessed date, 256 protection against, 278–279 Latest Security and Virus Information, 49 and Secure Desktop, 68 Least Privelege, 238 third-party software for, 279 least privilege, 15 malware legislation and backing up, 136 data breach, 171 defined, 260, 337 on PII, 169, 171 and privilege settings, 10 regulatory mandates, 169 in removable media, 285–286 Linux/Unix, 300 spyware, 11 local area network (LAN), 207 Windows Defender for, 261 Local Intranet Zone, 247, 248 Malware Protection (WSC) Local Machine Zone, 248 discussed, 17, 46 Local Security Authority Key, 123 monitoring, 46 Local Security Policy, 296–305 remediation functionality of, 46 account-lockout policy, 297–298 virus-protection options in, 47 Admin Approval mode, 59–63 Windows Defender options in, 47 administrative templates, 302–304 in WSC, 46–47 audit policy, 298 managed file extension, 77 and BitLocker, 178 Mandatory Integrity Control (MIC), 238 configuration policy, 301 Mark of the Web (MOTW), 249 discussed, 59, 296, 300–301 Maximum Log Size, 129 and encryption, 164, 165 MBSA (Microsoft Security Baseline event log, 300 Analyzer), 330–331 Group Policy Object Editor for, 296 Media Access Control (MAC) address password-policy, 296–297 filtering, 235 security options, 299–300 Media Player (Windows), 241 user rights, 298 Medium alert, 270 user-configuration, 302 Meeting Space (Microsoft), 320 and Windows Firewall, http://www.pbookshop.com205 Meeting Space (Windows), 340 LOCAL SERVICE (identity), 86 MHTML, 249–250 lockout policies, 297–298 Microsoft, e-mail newsletter from, 329–330 Log Access, 129 Microsoft Genuine Advantage Validation log file Tool, 255 connections in, 210 Microsoft Management Console (MMC) size of, 300 group creation in, 94 Log File Path, 127 and User Management, 91 logging. See also Auditing and Windows Firewall, 18, 43, 44, 205 access management with, 124–132 Microsoft Meeting Space, 320 defined, 125 Microsoft Office suite, 76 Low alert, 271 Microsoft Office Update Engine, 255 Microsoft Outlook, 76–78 Microsoft Security Baseline Analyzer • M • (MBSA), 330–331 Microsoft Security Central Web site, 49 MAC (Media Access Control) address Microsoft SpyNet, 262, 277 filtering, 235 Malicious Mobile Vode (MMC), 319–320 30_118054 bindex.qxp 10/11/07 9:54 AM Page 354

354 Windows Vista Security For Dummies

Microsoft Visual Web Developer 2005 nonbroadcasting, 14 Express, 241 private, 219 Microsoft Windows NT, 161 protection for, 328–329 Microsoft Windows Vista TechCenter, 213 public, 219 Microsoft Windows XP. See Windows XP unsecure, 219 MIME (Multipurpose Internet Mail NETWORK (identity), 86 Extension) Network and Sharing Center and HTTP, 249 discussed, 97 and IE7, 249––250 File Sharing, 98 mitigation, of risk, 38 functionality, 220 MK protocol, 249–250 interface, 225 MMC. See Microsoft Management Console Password Protected Sharing, 101 mobile code, 319–320 for wireless networks, 225–226 mobile device Network Configuration Operators, 86 defined, 337 Network connection not selected, 205 encryption for, 322 Network connection selected, 204–205 firewalls for, 322 Network connections view, 225 MMC attacks via, 319 network location, 219 security risks with, 322–323 Network map, 225 Modify Binary Data, 119 network profile, 221 monitoring network protocols Automatic Updating, 45 in IE7, 250–253 Malware Protection, 46 and XRML, 250 by Parental Controls, 13 NETWORK SERVICE (identity), 86 Windows Firewall, 43 Network-Connected Programs, 277 Monitoring section (Getting Started), 213 NewsBites (SANS), 329 MSG files, 77 newsletters, 329–330 Multipurpose Internet Mail Extension NIST (National Institute of Standards and (MIME) Technology) and HTTP, 249 and security risks, 27 and IE7, 249––250 on threats, 31–32 http://www.pbookshop.comnonbroadcast mode, 219 nonbroadcasting network, 14 • N • Not Yet Classified, 271 Name Not Found, 92, 93 Notepad, 241 name section (File Sharing Wizard), 99 NTFS (NT File System) National Institute of Standards and access management with, 111–116 Technology (NIST) backup operators in, 84 and security risks, 27 and BitLocker, 173–174 on threats, 31–32 defined, 111, 337 natural threat-sources (acts of God), 32 drive partitions, 173–174 Need to Know, 238 file encryption, 162 netsh command line, 220 with File Sharing Wizard, 98–101 network. See also wireless network (Wi-Fi) permissions, 166 access to, 299 NTFS object administrative template, 304 auditing and logging of, 130–131 backing up to, 152 key objects versus, 117 30_118054 bindex.qxp 10/11/07 9:54 AM Page 355

Index 355

Overview section, 207 • O • overwrite, 139–140 object(s) owner, 100, 104 auditing and logging of, 130–132 ownership, 40 child, 109, 111 creation of, 104 • P • defined, 103–104 discussed, 130 pagefile encryption, 161 effective permissions, 105–108 pagefile.sys, 178 and inheritance, 108–111 parent object, 109, 111 key, 117 Parental Controls NTFS, 130–131 capabilities of, 12–13 owner of, 104 defined, 337 Registry, 131 discussed, 12–13, 13 service, 131 and IE7, 16 object caching partitioning ActiveX, 253 hard disk, 174–176 in IE7, 253–156 security risks with, 196 object-level security space for, 178 discussed, 96–97, 103–116 unprotected, 196 NTFS permissions, 111–116 passive action, 130, 131 Office suite (Microsoft), 76 passive auditing, 131 Office Update Engine(Microsoft), 255 passive discovery broadcasting, 220 Offline Files cache, 161 password(s) off-site backup, 140 for accounts, 286 on-demand scanning and Active Directory, 296–297 defined, 337 and BitLocker, 180 with Windows Defender, 266–269 for keys, 170 128-bit encryption, 173, 188 and MBSA, 330 Open Files Based on Content, 250 in mobile devices, 323 operating system (OS). See specific types, nonsecure, 294 e.g.: Windows XP http://www.pbookshop.comand PWSafe, 331 Oracle call interface, 300 recovery, 180 OS (operating system). See specific types, for router, 232 e.g.: Windows XP for screen saver, 286 OS volume, 174, 181 security risks with, 196, 294 Other Security Settings, 17, 47 tips for, 315–316 OTS (Over-the-Shoulder) credentials for user account, 88–90 defined, 337 weak, 315, 330 in Standard User mode, 57–58 for wireless networking hardware, Ouch! (newsletter), 329 232–233 outbound connections, 207, 209 in wireless networks, 315–316 Outlook (Microsoft), 76–78 Password Protected Sharing Center, 85 Outlook Web-Access (OWA), 79 password-policy, 296–297 Over-the-Shoulder (OTS) credentials password-protected sharing, 101 defined, 337 password-protection statement, 98 in Standard User mode, 57–58 PDF (Portable Document Format), 73 30_118054 bindex.qxp 10/11/07 9:54 AM Page 356

356 Windows Vista Security For Dummies

PEAP, 228 phishing peer-to-peer (ad hoc) wireless network defined, 337 defined, 335 and IE7, 16, 244–246 discussed, 230–232 in IE7, 257 security risks with, 320 and Internet Protected Mode, 244 People Near Me, 337 protection against, 257 Performance Log Users, 87 Phishing Filter Performance Monitor Users, 87 defined, 337 Performance Options, 138 discussed, 244–245 permissions key, 124 Change, 78 on/off toggle, 245 Contributor, 100 options, 245–246 Co-Owner, 100 settings, 246 effective, 105–108 physical security, 21 from e-mail, 79 PII. See Personally Identifiable Information explicit security, 111 PIN (personal identification number) FAT32, 112 and BitLocker, 183–186 file, 112 boot protection, 172 folder, 112 defined, 182 Full Control, 78, 106 and TPM, 179 and IE7, 15 and TPM chips, 183–186 including, 115 PKI (Public Key Infrastructure), 338 inheritable, 115 PKI signature checks, 66 inheritibiilty, 109 point-in-time copy, 139 least privilege, 15 policy(-ies) Read, 78, 79, 166 auditing and logging of, 124–129 replace, 115 AutoPlay and AutoRun, 304 RMS, 79, 80 defined, 293 for services, 15 policy settings Take Ownership, 106 account-lockout policy, 297–298 verifying, 79 audit policy, 298 Permission Level column,http://www.pbookshop.com 100 configuration policy, 301 Permissions area, 115 discussed, 293 persistent protection, 74 with Group Policy Object Editor, 295–296 personal data implementing, 294 backing up, 141 Local Security Policy, 296–305 and IE7, 16 managing, 296 protection of, 16, 22 password-policy, 296–297 personal firewall, 314 reasons for use of, 294–295 personal identification number. See PIN security templates for, 305–309 Personally Identifiable Information (PII) user rights, 298 defined, 20, 337 user-configuration, 302 encryption of, 169 port legislation on, 169, 171 defined, 203 protection of, 20–21 opening, 202 regulatory mandates, 169 port number, 203 security risks with, 171 Portable Document Format (PDF), 73 pervious version, 139 Posiz subsystem, 300 Prevent Memory Overwrite, 189–191 30_118054 bindex.qxp 10/11/07 9:54 AM Page 357

Index 357

configuring, 190–191 Disabled, 190 • Q • Enabled, 190 quarantined item(s), 273–274 Not Configured, 189 quick scan, 11, 266–267 Principle of Least Privilege, 238, 337 Print Content, 79 printer(s) • R • administrative template, 304 Read (permission) sharing, 101–102 discussed, 78, 79 private key at NTFS level, 166 backing up, 170 for user, 166 discussed, 160–161 Reader (permission), 100 loss of, 165 real-time protection, 263–266 private network, 219 real-time scanning, 12, 338 Private Profile, 207 recovery privilege levels 48-bit option, 192 discussed, 58 256-bit option, 192 elevated, 336 options for, 192–193 and malware, 10 System Restore for, 138 profile Recovery Agent, 163 Domain Profile, 207 recovery console, 299 network profile, 221 reformatting, of removable media, 286 Private Profile, 207 Regedit, 118–123 Public Profile, 207 Registry roaming, 170 access management to, 116–124 roaming profile, 170 and administrative templates, 302 and System Restore, 138 defined, 116 program menu, 205 direct editing, 248 Prompt for Consent, 61, 63 discussed, 116–117 Prompt for Credentials editing, 248, 302 in Administrator mode, 62 hives, 117 in Standard User mode, 63 http://www.pbookshop.comkeys, 117 Prompt User, 250 modifying, 118–123 protection settings, 116 of business information, 21 values, 117 discussed, 19 viewing, 118–123 of hardware, 19–20 Registry keys, 123–124 from phishing, 16 Registry object, 131 of PII, 20–21 regulatory mandates, 169 of sensitive information, 21, 22 remediation, 46 of software, 19–20 remote Virtual Private Network (VPN), 328 protocol support, 220 removable media Public folder, 101 attaching, 284 public key, 160–161 and BitLocker, 196 Public Key Infrastructure (PKI), 338 data protection on, 287–288 Public Key Policies, 301 and data removal, 286–287 public network, 219 defined, 283, 338 Public Profile, 207 detaching, 284 PWSafe, 331 30_118054 bindex.qxp 10/11/07 9:54 AM Page 358

358 Windows Vista Security For Dummies

removable media (continued) mitigation, 38 Device Control for, 286, 287, 288–292 with mobile code, 319–320 discussed, 283 with mobile devices, 322–323 encryption for, 287–288 with peer-to-peer networking, 320 malware in, 285–286 reducing, 29, 38–39 physical security for, 287, 288 of removable media, 196, 283–284 protection for, 285–288 safeguards against, 34–35, 38–39 reformatting, 286 security breach, 28 scanning, 285 of system, 26–29 security risks of, 196, 283–284 threat identification, 27 viruses in, 285–286 toolbox for, 28 Remove (threat), 271 understanding, 26 Remove button (ACEs), 114 user education for, 168 Replace All Existing Inheritable vulnerable systems, 27–28 Permissions, 115 with Windows File Sharing, 224 Replace Permissions, 115 @RISK: The Consensus Security Alert Report This Web Site, 246 (newsletter), 329 Resources pane, 213–214 risk management, 35 Restore Defaults, 205 RMS. See Rights Management Service Restricted Sites, 247 roaming profile, 170 restrictions, 13 router. See also wireless router Retain Old Events, 129 broadband, 314 Revocation Lists, 76 username and password for, 232 Rights Management Service (RMS) as wireless access point, 218 defined, 338 Rule Merging, 210 discussed, 73–74 Run, 123 DRM versus, 80 Run as Administrator, 82 encryption with, 74 RunOnce, 123 in IE, 78–79 Russinovich, Mark, 332 integration of, 74–75 and IRM, 76–79 management features, http://www.pbookshop.com75–76 • S • use of, 74 SACL (System Access Control List), weaknesses of, 80 105, 130 Rights Policy Templates, 75 safeguards (security controls) risk(s) current, 34–35 of ActiveX, 236 defined, 338 of ActiveX Opt-In, 243 against security risks, 34–35, 38–39 assessing, 26–29 sales information, 21 with connectivity, 313–314 SAM account, 299 DDoS, 317–318 SANS (SysAdmin, Audit, Network, defined, 26, 338 Security), 329 determining, 28–29, 37–38 saved from url, 249 discussed, 25, 313 scans and scanning with e-mail, 318–319 automatic, 269, 270 human element of, 39–40 custom, 268 with IM, 321 discussed, 11–12, 326 impact of, 36–37 full, 267, 268 introduction of, 39–40 on-demand, 266–269, 337 30_118054 bindex.qxp 10/11/07 9:54 AM Page 359

Index 359

quick, 266–267 Security Development Lifecycle (SDL), 9–10 real-time, 338 Security Essentials, 338 removable media, 285 Security Essentials Notification pane, 42, scheduled, 269, 270 48, 49 with Windows Defender, 266–270 Security Event log, 128–129 scheduled (automatic) scan, 269, 270 Security Guide (Vista), 307–308 SDDL (Security Descriptor Definition security guide templates Language), 129 applying, 308–309 SDL (Security Development Lifecycle), 9–10 creating, 305–307 Search Results, 93 custom, 305–307 secpol.msc, 296 defined, 295 secret key, 160 discussed, 305 Secure by Default, 9, 10 for policy settings, 305–309 Secure by Design, 9, 10 Windows Vista Security Guide, 307–308 Secure Desktop security plan defined, 338 discussed, 25 disabled, 70 establishing, 38–40 discussed, 69 security risk(s). See risk(s) and elevation prompts, 70–71 Security status bar, 16 enabled, 70 security toolbox and malicious programs, 68 discussed, 22 Secure in Communications, 9, 10 requirements for, 22–23 Secure in Deployment, 9, 10 for risks, 28 secure protocol, 328 technical tools in, 23–24 security Security Utilities, 332 bypassing, 316 Security Zones. See Zones and common sense, 24 Select Objects, 90–93 cross-domain, 15–16, 243–244, 257 Select This Object Type, 92, 93 defined, 1 sensitive information (data) explicit, 108–111 defined, 338 in IE7, 15–16 encryption of, 168–169 inherited, 108–111 http://www.pbookshop.comprotection of, 21, 22 new features in, 9–19 Server Parameters key, 124 object-level, 111–116 SERVICE (identity), 87 physical, 21 Service Hardening (Windows) shortcuts with, 314–316 defined, 340 software patches for, 316–317 discussed, 14–15 and tolerance, 23 Service Isolation, 15, 338 Security Admins groups, 106 service object, 131 security breach service set identifier (SSID) assessment of, 28 and AP, 235 discussed, 28 changing, 233 impact of, 36–37 disabling broadcasts, 235 Security Center key, 124 discussed, 219 Security Central Web site (Microsoft), 49 and nonbroadcasting networks, 14 security controls. See safeguards and WAP, 235 security descriptor, 97, 104 and wireless networking hardware, Security Descriptor Definition Language 233, 235 (SDDL), 129 Severe alert, 270 30_118054 bindex.qxp 10/11/07 9:54 AM Page 360

360 Windows Vista Security For Dummies

shadow copy removal tools, 261, 326–327 backing up with, 139–140, 157 third-party software for, 279 and CompletePC Backup, 156–157 and Windows Defender, 261 description, 146 Windows Defender for, 261 and system restore point, 157 SSID. See service set identifier Share button, 100 Standard User mode sharing and Admin Approval mode, 55–57 access to, 299 Administrators versus, 55 and Administrator, 98 common tasks of, 55 defined, 81 defined, 339 discussed, 97–102 discussed, 54 encrypted files, 166 effective permissions of, 106 files, 98–102, 166 elevation prompt for, 63–65 and firewalls, 101–102 OTS credentials, 57–58 folders, 101 Shield icon in, 55 management of, 81 and UAC, 54–58, 63–65 password-protected, 101 in Windows XP, 54 printers, 101–102 Start Menu, 304 public folders, 101 Startup, System Restore for, 138 Sharing and Discovery, 225 startup key shatter attacks, 238 and BitLocker, 186–187 Shield icon, 55 defined, 182 Shockwave Flash Object, 255 and TPM, 179 Sidebar, 331 TPM chips with, 186–187 sidebar gadget, 331 Startup Programs, 276 signature checks static IP address for elevation prompts, 66–67 and DHCP disabling, 234 PKI, 66 discussed, 229 smart card, 161 in wireless networks, 228–229 software storage media, 142 antivirus, 325–326 students, controls for, 12 for backing up, 327–328http://www.pbookshop.comsubkey discussed, 30 creating, 118–119 protection of, 19–20 defined, 117 for spyware, 279 inheritance, 130 third-party, 279, 327–328 surfing, Internet, 315 unsanctioned, 259–260 symmetric encryption Software Explorer, 262, 275–277 AES, 188 software patches, 316–317 and asymmetric encryption, 163 Software Restriction Policies, 301 defined, 339 special identity (built-in group), 83–87 discussed, 160 SpyNet (Microsoft), 262, 277 system(s) spyware backing up, 141 best practices for, 278–279 BitLocker on, preparing fir, 174–178 classifying, 277 hardware of, 30 defined, 259, 260, 338 information on, 31 detection of, 261 interface of, 31 discussed, 11, 259 inventory, 29–30 protection against, 278–279 multiple-user, 29 30_118054 bindex.qxp 10/11/07 9:54 AM Page 361

Index 361

security risks in, 26–29 setting levels, 271 software of, 30 to system configuration, 27, 31–33 threats to, 27, 31–33 Windows Defender for, 269–272 types of, 29 time restrictions, 13 understanding, 27, 29–30 TPM (Trusted Platform Module) usage of, 31 and BitLocker, 173, 179, 182–187 vulnerability of, 27–28, 33–34 with PIN, 179, 183–186 SYSTEM (identity), 87 with startup key, 179, 186–187 System Access Control List (SACL), 105, 130 trade secrets, 21 System administrative template, 304 traffic, filtering, 18 System Configuration (Settings), 265 Transmission Control Protocol (TCP), 102 system image. See CompletePC Backup Trojan (Trojan horse), 260, 339 System Restore Trusted Platform Module. See TPM backing up with, 137–138, 147–149 Trusted Sites Zone, 247 for hardware, 138 Turn Off Automatic Web Site Checking, 245 options, 138 256-bit encryption, 173, 188 for preserving data, 147–149 256-bit recovery option, 192 to previous restore points, 149–150 for recovery, 138 for Startup, 138 • U • User Profile Settings for, 138 UAC. See User Account Control system restore point UDP (User Datagram Protocol), 102 description, 146 UIAccess discussed, 138, 149–150 disabled, 68 and shadow copy, 157 elevation prompt, 67–68 weaknesses of, 138 enabled, 68 system volume, 174 UIPI (User Interface Privilege Isolation), 238 Systinternals, 332 unencrypted file, 162 Unicast Response, 210 Uniform Resource Locator (URL) • T • defined, 339 Take Ownership (permission),http://www.pbookshop.com 106 saved from, 249 Taskbar, 304 unsanctioned software, 259–260 TCP (Transmission Control Protocol), 102 unsecure wireless network technical tools, 23–24 automatic connection to, 221 temporary network name, 220 defined, 219 third-party software discussed, 234 for backing up, 327–328 update for malicious programs, 279 automatic, 316 for spyware, 279 Check for Updates, 45 for viruses, 279 Microsoft Office Update Engine, 255 threat(s) of spyware removal tools, 327 of ActiveX, 243 View Update History, 46 defined, 31–32 URL (Uniform Resource Locator) identification of, 27 defined, 339 identifying, 27, 31–33 display, 16 levels, 270–271 saved from, 249 likelihood of occurrence, 35–36 USB device, 180 potential, 32–33 Users (group), 63, 82, 87, 106 30_118054 bindex.qxp 10/11/07 9:54 AM Page 362

362 Windows Vista Security For Dummies

user account virus(es) creating, 88–90 best practices for, 278–279 disabling, 90 defined, 260, 339 discussed, 88 discussed, 260 password for, 88–90 protection against, 278–279 re-enabling, 90 in removable media, 285–286 User Account Control (UAC) third-party software for, 279 admin approval mode, 300 virus-protection options, 47 and Admin Approval mode, 69–70 Vista (Microsoft) administering, 53 and BitLocker, 173 defined, 339 code, 10 discussed, 10–11, 53 discussed, 1, 9 elevation prompt, 61–68 previous OSs versus, 9 and IE7 Protected Mode, 238 versions of, 341–344 Local Security Policy settings, 59–72 Vista Backup, 135 and MMC, 320 Vista Business, 293, 342 privilege levels, 58 Vista Default Security, 307 for removable media, 285 Vista Enterprise, 176, 343 Standard User mode, 54–58, 63–65 Vista Firewall, 319 and user context, 82 Vista Home Basic virtualization settings, 71–72 discussed, 341 and WSC, 49 and policies, 293 user context, 82 User Management in, 91 User Datagram Protocol (UDP), 102 Vista Home Premium user education discussed, 342 for EFS, 168 and policies, 293 for security programs, 40 User Management in, 91 user error, 136 Vista identity model, 81–82 User Interface Privilege Isolation (UIPI), 238 Vista Security Guide (Windows), 307–308 User Management, 91 Vista Security Guide Enterprise Client (VSG User Profile Settings, 138 EC), 307 user rights http://www.pbookshop.comVista Security Guide Specialized Security assignment of, 96 (VSG SSLF), 307 policy, 298 Vista Starter user session, 82 and policies, 293 user-configuration policy, 302 User Management in, 91 Vista Ultimate, 293, 342 Vista Web Filter, 339 • V • Visual Web Developer 2005 Express vendor information, 21 (Microsoft), 241 vendor resources, 18 VoIP (Voice over IP), 246 View and Create Firewall Rules section VPN (Virtual Private Network), 328 (Getting Started), 211–213 VSG EC (Vista Security Guide Enterprise View Update History, 46 Client), 307 Virtual Private Network (VPN), 328 VSG SSLF (Vista Security Guide Specialized virtualization settings, 71–72 Security), 307 30_118054 bindex.qxp 10/11/07 9:54 AM Page 363

Index 363

vulnerability quick scan with, 266–267 defined, 33, 339 real-time protection, 263–266 identifying, 27–28, 33–34 scheduled scan with, 269, 270 potential, 34 setting threat levels in, 271–272 of system, 27–28 Software Explorer, 275–277 of systems, 27–28, 33–34 and spyware, 261 for spyware, 261 and threats, response to, 269–272 • W • tools, 272–277 WAP. See wireless access point updating, 262–263 war-driving (war-flying), 222, 234 use of, 261 Web Filter, 13 Web site for, 277 Web pages Windows Explorer, 304 and ActiveX controls, 241 Windows File Sharing, 224 IE7 security for, 244 Windows Firewall Voice over IP, 246 with Advanced Security applet, 205–214, WebDAV, 162 213, 301 WEP (Wired Equivalent Privacy) Advanced tab, 204–205 defined, 340 configuring, 199–205 discussed, 233 defined, 339 Wi-Fi. See wireless network discussed, 18, 199 Wi-Fi Protected Access (WPA) enhancements, 18–19 defined, 339 Exceptions tab, 202–203 discussed, 219 and firewalls, other, 201 Wi-Fi Protected Access 2 (WPA2) General tab, 201 defined, 339 Getting Started section of, 211–213 discussed, 219 guidelines for, 214–215 Windows Components, 304 interface, 199 Windows Defender interface of, 18 administrative template, 304 and IPsec, 18 alerts in, 270–271 monitoring, 43 Allowed Items, 274–275http://www.pbookshop.comprofiles, 18–19 and antivirus software, 279 properties, 208 automatic scan with, 269, 270 rules, 207 custom scan with, 268 for services, 15 definition files, 262–263 settings, 43–44, 199–205 discussed, 11–12, 262 and Windows Security Center, 43–44 features of, 11–12 and WSC, 18 full scan with, 267, 268 Windows Firewall applet, 199–201 and IE, 261–263 Windows Media Player, 241 interface of, 11, 262 Windows Meeting Space, 340 key, 124 Windows NT (Microsoft), 161 for malware, 261 Windows Pre-installation Environment and Malware Protection, 47 (WinPE), 178 new features of, 261–262 Windows Security Center (WSC) on-demand scan with, 266–269 accessing, 42 options, 47 alerts, 50 quarantined items in, 273–274 Automatic Updating, 44–46 30_118054 bindex.qxp 10/11/07 9:54 AM Page 364

364 Windows Vista Security For Dummies

Windows Security Center (continued) wireless network (Wi-Fi) defined, 340 ad hoc, 219, 230–232, 320, 335 discussed, 17, 41 configuration of, 221–232 enhancements, 17–18 connecting to, 221–224 features of, 41–42 discussed, 217–219 interface, 42 hardware configuration for, 230–232 Internet Options, 47–48 hotspots, 223–224 Latest Security and Virus Information, 49 modifying connection to, 226–228 Malware Protection, 46–47 Network and Sharing Center, 225–226 notification options, 50 range of, 236 Options pane of, 43, 44, 49–50 restricting use to, 224–225 Other Security Settings, 47 security enhancements for, 13–14 Protected Modes Elevation policy, 241 static IP addresses, 228–229 UAC, 49 unprotected, 221 and Windows Firewall, 18, 43–44 unprotected/unsecure, 234 Windows Firewall settings, 43–44 unsecure, 219, 221–224, 234 and Windows XP SP2, 42 Vista-specific features, 220–221 Windows Service Hardening wireless router defined, 340 administrative username, 232–233 discussed, 14–15 configuring, 232–236 Windows services, 14–15 and DHCP, 234 Windows Vista Security Guide, 307–308 discussed, 232–236 Windows Vista TechCenter (Microsoft), 213 MAC address filtering, 235 Windows XP password, 232–233 Power Users Group, 54 secure communication over, 233–234 Service Pack (SP) 2, 14, 42 SSID, 233, 235 Standard User mode in, 54 wireless services, 322 WinPE (Windows Pre-installation working pane, 206 Environment), 178 WPA (Wi-Fi Protected Access) Winsock Service Providers, 277 defined, 339 WinZip, 287–288 discussed, 228 Wipe -- Secure File Deletion,http://www.pbookshop.com 333 WPA2 (Wi-Fi Protected Access 2) Wired Equivalent Privacy (WEP) for ad hoc wireless networks, 230 defined, 340 defined, 339 discussed, 233 WPA2-Enterprise wired networking, 218 discussed, 228 wireless access point (WAP) WPA2-Personal ad hoc networking, 221 administrative username, 232–233 WSC. See Windows Security Center configuring, 232–236 and DHCP, 234 MAC address filtering, 235 • X • password, 232–233 XRML (eXtensible Rights Markup range of, 236 Language), 74, 250 as router, 218 router as, 218 secure communication over, 233–234 • Z • SSID, 233, 235 Zones (IE7), 247–249, 256, 257 and SSID values, 235 zone hopping, 247 Wireless Encryption Protocol (WEP), 233 zone spoofing, 247