This week's lesson taks about security settings in Windows. These include using domain and local Group Policy to set software restriction policies; they can be set to block unwanted apps by file name or path, by a hash value, by the Internet zone location of the downloaded file, or by certificate for signed apps. Each of these methods have benefits and drawbacks associated with them that are covered in detail in the lesson.
Another approach is to use AppLocker, which is a more flexible tool available in enterprise versions of Windows 7 and Windows 8. It operates much like the software restriction policies do, but offers the ability to restrict or allow by certain users or groups unlike the generic software restriction policies used in the Group Policy editor. AppLocker also allows policies to take effect for all past and future versions of an application, and take precedence over software restriction policies.
Another issue that Microsoft has addressed in Windows 8 is the ability to disallow rootkits from running. This is done by requiring manufacturers to use a UEFI BIOS. This BIOS type ensures that boot code will not run absent a signed certificate, and since rootkits need to get in front of the OS in order to subvert it it shuts down this angle of attack. One downside is that it is not more difficult if not impossible to dual-boot systems with a different operating system such as Linux.
The balance of the lesson talked about security controls in Internet Explorer, and how to use the four security zones to classify internet traffic to best secure a system. There didn't seem to be a lot of difference in how security options have been treated since Windows XP. One thing I noticed is that Windows Defender is not built into the IE options interface in Windows 8 systems.
This has been a challenging look at managing Windows client systems. I've learned a lot, and can't wait to apply my new skills in the real world!
No comments:
Post a Comment