This seminar provides a comprehensive guided tour through, and analysis of, the internal design, implementation, and operation of the major security components of the Windows operating system, with emphasis on security features new with Windows Vista and later versions.

Level

Intermediate

Audience

Applications developers; systems software developers; system administrators; system integrators; hardware OEMs; I.T. support personnel

Description

In this seminar you will learn how security is implemented in Windows Vista and later. Providing a safe and secure environment is one of the major goals of these operating systems. 

We will first describe the most frequent avenues of attack, such as poorly written applications and drivers, malware, malicious web sites, network attacks, and stolen data, and Microsoft’s response to those attacks. We will show how the major security features in Vista and later address these threats. We will also show how to protect and control users from an administrative perspective.

We will then show how security is implemented, describing the major operating system components that provide security services, such as the Object Manager, Security Reference Monitor, LSASS, Security Account Manager, Memory Manager, and Active Directory, and Kernel Patch Protection.

We provide detailed descriptions of the internal operation of some of the most important security mechanisms in Vista, such as: File and Object security, Windows Integrity Controls,  BitLocker, Encrypting File System, Address Space Layout Randomizer, Information Rights Management, Rights Management Service, Certificate Management, and Service security.

Coincident with the release of Windows Vista was the Windows Vista Security Guide.  We will look at the Guide, how it can be used to protect systems, and how that protection is implemented.

Windows 7 builds on the Windows Vista security model, including improved implementations of BitLocker, User Account Control, and others. Each of these enhancements is described in detail, along with demonstrations.

Topics

• Security threats

• Vista security features

  • Mandatory integrity controls

  • Kernel patch protection

  • Windows cryptography

  • BitLocker

  • Address Space Layout Randomization

  • Information Rights Management

  • Certificate Management

  • Service security

• Windows security components and operation

  • Object Manager

  • Security Reference Monitor

  • Local Security Authentication Subsystem

  • Security Account Manager

  • Memory Manager

  • Active Directory

• Security internals

• Secure startup

• Windows Security Guide

• Security design lifecycle

Prerequisites

All attendees must have attended one of our Windows Internals seminars, or have equivalent experience.  This seminar builds on, and does not repeat, material presented in our Windows Internals seminars.

Windows versions

Windows Vista; Windows Server 2008; Windows 7

Duration and formats

3 days with labs
2 days lecture only

Labs

We strongly recommend the hands-on labs version of this seminar:

As in all of our seminars, we have carefully designed a series of demonstrations, lab exercises, and problems that illustrate, help present, and build on the information presented. For this seminar, we follow nearly every point discussion of a security mechanism, principle, or concept with a lab exercise. We have you exercise or manipulate the part of the system described, and then examine displays that confirm the expected results. We also have you look for interactions with, and effects on, the rest of the system. This of course results in greatly increased comprehension and retention of the material.

In the lecture-only version, the lab exercises are replaced with brief demonstrations by the instructor.