Sunday, November 22, 2009

Top 10 changes to security in Windows 7

Microsoft has released a public beta of its next client operating system, Windows 7. Everybody’s talking about the interface changes: the new taskbar, omission of the sidebar, a new look for Windows Explorer. Under the hood, there are more changes, including new and improved security features. Let’s look at 10 security features that have been changed or added in
Windows 7

1: Action Center

In Vista, security configurations are accessed from the Security Center in Control Panel. In Windows 7, you won’t see a Security Center. That’s because it’s been absorbed into a new Action Center. The Action Center has security configurations as well as options for other administrative tasks, like Backup, Troubleshooting And Diagnostics, and Windows Update.

2: Changes to UAC

User Account Control (UAC) was new in Vista, designed to provide better protection from malware. It makes all user accounts run as standard users, even administrator accounts. If you need to do something that requires admin privileges, it asks for permission. And asks. And asks. This in-your-face aspect of UAC has caused numerous complaints and has led some users to turn it off completely, thus exposing themselves to threats.
In Windows 7, UAC is still there, but now you can configure how “vocal” it will be. There are four settings you configure from the UAC settings in the Action Center. You can set UAC to:
• Always notify you when you install software or make any changes to Windows settings (as Vista does now).
• Notify you when programs make changes but not if you make changes to Windows settings (this is now the default).
• Notify you only when programs make changes but turn off Secure Desktop, which dims the desktop while the UAC prompt is displayed. (This is my preferred setting.)
• Never notify you. (This is not recommended.)

3: Better BitLocker

At first, it would encrypt only the operating system drive. Then Service Pack 1 added the ability to encrypt other drives, and that was nice, but it applied only to fixed hard disks.

4: DirectAccess

• A brand new feature in Windows 7 is DirectAccess, which allows remote users to connect securely to their corporate networks over the Internet without using a VPN. Administrators can apply Group Policy settings and otherwise manage the mobile computers and even update them whenever the mobile machines are connectedto the Internet, regardless of whether the user is logged on to the corporate network.
• DirectAccess also supports multifactor authentication with smart cards and uses IPv6 over IPsec for encrypting the traffic.
• Windows 7 comes through and lets you encrypt removable drives. And it’s easy to do. Just open the BitLocker applet in Control Panel, pick the drive you want to encrypt, and click Turn On BitLocker. The removable drives appear in the section called BitLocker

5: Biometric security

Arguably the most secure method of authentication is biometrics, or the use of a fingerprint, retinal scan, DNA, or other unique physiological feature to identify the user. Windows isn’t quite at the point of having built-in support for DNA sampling, but it does include built in support for fingerprint readers. Windows has supported the use a fingerprint sensor to log on, and manyVista laptops come with fingerprint sensors. But a third-party program is required to use it. With Windows 7, it’s part of the OS.

6: AppLocker

Software Restriction Policies are included in XP and Vista and they seemed like a great idea. Administrators can use Group Policy to keep users from running particular programs that might present a security threat. But they’ve never been used that much because they aren’t easy to use.
Windows 7 has improved on the concept with a new feature called AppLocker. AppLocker is also included in Windows Server 2008 R2. It’s easier to use and gives administrators more flexibility and control.You can use AppLocker with domain Group Policies or on the local machine with the Local Security Policy snap-in.

7: Windows Filtering Platform (WFP)

Windows Filtering Platform (WFP) is a set of APIs introduced in Vista. In Windows 7, developers can use it to integrate some parts of the Windows Firewall into their own applications. This will allow a third-party program to turn off certain parts of the Windows Firewall selectively if need be.

8: PowerShell v2

Windows 7 comes with PowerShell v2, the command-line interface by which administrators can use cmdlets (small “one liners” that allow you to perform single functions) to manage various settings, including Group Policy security settings.You can put multiple cmdlets together to create scripts. The cmdlet method generally requires fewer steps than using the graphic interface to perform the same task.
Windows 7 also includes the PowerShell Integrated Scripting Environment (ISE)

9: DNSSec

Windows 7 includes support for DNSSec (Domain Name System Security), which is a group of extensions to the DNS platform that enhance security. With DNSSec, a DNS zone can take advantage of digital signature technology so that you can validate the authenticity of data that’s received.
According to the Port 53 Blog on TechNet, the DNS client doesn’t perform the DNS validation on its own but is security-aware, so it expects the server to return the results of validation.

10: Internet Explorer 8

Windows 7 comes with IE 8, which provides such security enhancements to the Web browser as:
• The SmartScreen filter– Replaces/expands upon the Phishing Filter in IE 7
• The XSS Filter — Protects against cross-scripting attacks
• Domain highlighting — Puts emphasis on the relevant part of the URL so you can more easily determine the real location of the site you’re on
• Better security for ActiveX and the ability to install controls on a per-site basis
• Data Execution Prevention (DEP) enabled by default

Security is now the main aspect of IT sector.....

>>SREE<<
k.sreesanth@gmail.com

No comments:

Post a Comment