Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống
1
/ 20 trang
THÔNG TIN TÀI LIỆU
Thông tin cơ bản
Định dạng
Số trang
20
Dung lượng
1,23 MB
Nội dung
Session 1: Security Enhancements in Windows Vista 53 What Is BitLocker Drive Encryption? BitLocker Drive Encryption is a new feature in Windows Vista that encrypts the contents of the entire boot volume. The boot volume contains the operating system files and user data. The system volume is not encrypted, and contains just enough information to verify system integrity and begin the boot process by accessing the boot volume. When the computer is booted and running, BitLocker Drive Encryption is completely transparent to the user. Windows Vista uses a filter driver to encrypt and decrypt data as it is accessed with very little overhead. You can configure BitLocker Drive Encryption to ask the user for a PIN during the boot process. This ensures that only authorized users can start the system and access data. When BitLocker Drive Encryption does not ask the user for a PIN, the data is protected from offline access, but a hacker could guess the password for a user and gain access to the data. Gaining the user’s password could be done by using social engineering. BitLocker Drive Encryption is designed to store encryption keys in a trusted platform module (TPM). A TPM is a microchip that is affixed to the motherboard of a computer. It stores keys, passwords, and digital certificates. Information stored in the TPM is more secure from external software attacks and physical theft than data stored on disks. If your computer does not have a TPM, encryption keys must be stored on a USB drive. 54 Session 1: Security Enhancements in Windows Vista What Are the BitLocker Requirements? Your computer must meet some very specific configuration requirements before it can use BitLocker Drive Encryption. Components that must meet the requirements include volume configuration, BIOS features, and TPM. To use BitLocker Drive Encryption you must have at least two separate volumes: • The boot volume is the volume that contains the Windows operating system. This volume must be formatted with NTFS and is encrypted by BitLocker. • The system volume is the volume that contains the hardware-specific files required to load Windows. The BIOS finds the system volume by searching for the active partition on the disk. For BitLocker to work, the system volume must not be encrypted, must differ from the boot volume, must be formatted with NTFS, and must be at least 1.5 gigabytes (GB). Data on this volume is not encrypted. If a TPM is used to store encryption keys: • The TPM must be version 1.2. • The system BIOS must support at least version 1.2 Trusted Computing Group (TCG) standards. If a USB drive is required for key or PIN storage: • The system BIOS must support accessing USB storage devices. Session 1: Security Enhancements in Windows Vista 55 Comparing BitLocker to Encrypting File System BitLocker and the Encrypting File System (EFS) are both used to encrypt data. However, they are designed for use in different situations. Depending on your needs, BitLocker and EFS can be used together. Differences between BitLocker and EFS are: • BitLocker is a comprehensive system that protects all data on the boot volume, including temporary files, the operating system, paging files, and user data. EFS protects only specific files and folders. EFS cannot be used to protect operating system files. • BitLocker protects system integrity during the boot process by looking for system changes. EFS does not protect system integrity. • Only administrators can enable or disable BitLocker. All users can encrypt files by using EFS. • BitLocker does not restrict file access to particular users. EFS can be used to share files with just specific users. 56 Session 1: Security Enhancements in Windows Vista • BitLocker stores encryption keys in a TPM or on a USB drive. EFS stores encryption keys in user profiles. • BitLocker can prevent system startup without a PIN. EFS cannot prevent system startup. • BitLocker requires two volumes to operate. EFS can be used on a system with a single volume. Session 1: Security Enhancements in Windows Vista 57 What Is Rights Management Services? Windows Rights Management Services (RMS) is data protection technology that safeguards digital information from unauthorized use. The usage policies for data documents are embedded within the documents. This allows policies to be persistent inside the corporate firewall, outside the corporate firewall, or when distributed to other entities, whether online or offline. Some situations where RMS can be used: • Protecting confidential e-mail messages. Traditionally, users lose control over e-mail messages after they are sent. A recipient that gets a message can forward the message and any attachments to anyone inside or outside the organization. When RMS is used, unauthorized recipients are unable to open e-mail messages. • Enforcing document rights. In some cases, employees or users outside the organization need access to information for only a specific period of time. For example, during the due diligence process during a company buy out, an external auditor might require information only for a few weeks during the evaluation process. When RMS is used, the financial statements and other documents can be set to expire after a period of time. After the expiry, the contents of the documents are no longer accessible. • Distributing media content. Media vendors can use RMS capabilities in Microsoft Windows Media® Player to control distribution and playback of content. This ensures that only legitimate customers are able to view and listen to videos and music. 58 Session 1: Security Enhancements in Windows Vista How Rights Management Services Works RMS relies on both server and client software to function properly. To understand how RMS works, you must understand the rights management components and the rights management process. Rights management components include: • Windows RMS server software is a Web service for Windows Server “Longhorn” and Windows Server 2003 that handles certification of trusted entities, licensing of rights-protected information, enrollment of servers and users, and administrative functions. • Windows RMS client software is a group of Windows APIs that facilitate the computer activation process and allow RMS-enabled applications to work with the RMS server to provide licenses for publishing and consuming rights-protected information. Windows Vista includes Windows RMS client software. • RMS-enabled applications are applications that are designed to communicate with Windows RMS client software on the local workstation to obtain licenses for publishing and using rights-protected information. Applications that are not RMS- enabled are unable to open rights-protected information. Session 1: Security Enhancements in Windows Vista 59 The rights management process is as follows: 1. The user protects information within an RMS-enabled application. 2. The RMS server validates the user credentials and conditions for protecting the information. 3. The information is encrypted by the RMS-enabled application. 4. Recipients open the rights-protected information by using an RMS-enabled application. 5. The RMS server validates the credentials of the recipient and issues a license for using the information. 6. The RMS-enabled application enforces the usage rights and conditions for the rights-protected information. 7. If the recipient is permitted, the information is opened in the RMS-enabled application. 60 Session 1: Security Enhancements in Windows Vista Demonstration: Configuring Rights Management In this demonstration, you will see how you can: • Configure rights management for digital media. Key Points • Rights management can be used to control how information is used inside and outside your organization. Session 1: Security Enhancements in Windows Vista 61 Session Summary This session provided an overview of some of the new security features in Windows Vista. The following topics were discussed: • Security Risks. This topic discussed security risks and how Windows Vista addresses them. In addition, security-related platform improvements were presented. • Malware Protection Features. This topic discussed how malware gets installed and how Windows Vista protects against it. Specific features for preventing malware include Windows Service Hardening, UAC, and Windows Defender. • Network Access Protection Features in Windows Vista. This topic discussed how Windows Firewall and NAP address network security risks. Windows Firewall has been enhanced with outbound filtering and new administrative tools. NAP is a new tool for enforcing the health of client nodes on the network. • Internet Explorer 7 Security Enhancements. This topic discussed security enhancements in Internet Explorer 7, which are included with Windows Vista. Enhancements include Protected Mode, Pop-up Blocker, and the Phishing Filter. • Data Protection Features. This topic discussed how new features in Windows Vista address the data protection requirements of organizations. BitLocker Drive Encryption and Rights Management Service were explained. 62 Session 1: Security Enhancements in Windows Vista Questions and Answers [...]... Productivity Enhancements in Windows Vista Windows Vista Productivity Enhancement Features To address the causes of lost productivity, a number of new features have been introduced in Windows Vista These features make Windows Vista more usable than previous versions of Windows and more available New productivity features include: • User-interface enhancements for locating data • Search enhancements for. .. Session 2: User Productivity Enhancements in Windows Vista 5 User-Interface Enhancements Introduction The new user interface in Windows Vista makes it easier to find the data you need, when you need it Windows Explorer has been enhanced with new views that make it easier to organize your data The AERO interface improves the display capabilities of Windows Vista and makes it easier to read data The... User Productivity Enhancements in Windows Vista Table of Contents Session Overview Increasing Productivity User-Interface Enhancements Productivity Utilities Features for Mobile Computers The Boot Process Power Management Session Summary Questions and Answers 1 2 5 19 29 39 46 52 53 Information in this document, including URL and other Internet Web site references, is subject to change without notice... causes of lost productivity • Describe the user-interface enhancements to Windows Vista • Explain the new productivity utilities • Describe the new features for mobile computers • Understand the Windows Vista boot process • Explain power management 1 2 Session 2: User Productivity Enhancements in Windows Vista Increasing Productivity Introduction Organizations do not implement new operating systems because... icons for documents, Document Explorer shows high-resolution thumbnails that preview document content Users can dynamically adjust the size of these thumbnails up to 256 x 256 pixels, which is large enough for users to know whether they've found the right document without opening it Enhanced Column Header Controls Enhanced column header controls take advantage of the extensive use of file properties in Windows. .. Windows Media, Windows Server, and Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries The names of actual companies and products mentioned herein may be the trademarks of their respective owners Session 2: User Productivity Enhancements in Windows Vista Session Overview Introduction The Microsoft® Windows Vista operating... will give you a more granular view of which documents belong to which author 7 8 Session 2: User Productivity Enhancements in Windows Vista What Is the AERO Interface? The Windows Vista user interface, code-named "AERO" (Authentic, Energetic, Reflective, and Open), is easier and more fun, even as it makes users more productive Computers designed for Windows Vista create a professional and attractive... based on a theme of translucent glass Even applications created before Windows Vista become more attractive because Windows Vista has improved wizards and common dialog boxes that are shared by all applications Users with high-resolution monitors can finally take full advantage of their displays because Windows Vista smoothly scales icons and windows As a result, users do not have to squint to read an e-mail... the New Features in Windows Explorer? Windows Explorer has been enhanced to make finding and organizing data easier The most dramatic visual change is the AERO interface Searching has also been significantly improved with the ability to control indexing, and tag files with keywords Information Visualization The new Document Explorer, replacing the My Documents folder in Microsoft Windows XP, is much... operating system update must enhance the productivity of users to have value to the organization Objectives After completing this section, you will be able to: • Describe the causes of lost productivity • List the productivity enhancement features in Windows Vista Session 2: User Productivity Enhancements in Windows Vista 3 Causes of Lost Productivity When an operating system is designed, a lot of . security features in Windows Vista. The following topics were discussed: • Security Risks. This topic discussed security risks and how Windows Vista addresses them. In addition, security-related. Productivity Enhancements in Windows Vista Windows Vista Productivity Enhancement Features To address the causes of lost productivity, a number of new features have been introduced in Windows Vista. . license for using the information. 6. The RMS-enabled application enforces the usage rights and conditions for the rights-protected information. 7. If the recipient is permitted, the information