Logo
programming4us
programming4us
programming4us
programming4us
Home
programming4us
XP
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server
programming4us
Windows Phone
 
Windows Vista

Securing the Workstation : Applying the Castle Defense System (part 5) - Managing information access

- Windows 10 Product Activation Keys Free 2019 (All Versions)
- How To Bypass Torrent Connection Blocking By Your ISP
- How To Install Actual Facebook App On Kindle Fire
7/11/2013 6:45:10 PM

4. Layer 4: Managing information access

Layer 4 focuses on how users access information. Because of this, you need to concentrate on the following items:

  • Smart Card Deployment

  • Encrypting File System

  • Auditing of User Access

  • Rights Management Services

  • Internet Explorer Configurations

The other items, Smart Card Deployments and IE Configurations, are covered here.

NOTE

For more information on EFS and Vista, go to the Microsoft Data Encryption Toolkit for Mobile PCs which provides a Microsoft Encrypting File System Assistant at http://www.microsoft.com/technet/security/guidance/clientsecurity/dataencryption/efsassistant/default.mspx. For information on how to configure Active Directory Rights Management Services in Windows Server 2008, look up MCTS Self-Paced Training Kit (Exam 70-640): Configuring Windows Server 2008 Active Directory by Holme, Ruest, and Ruest.

Deploying smart cards

Smart cards come in all flavors and all types. The least expensive smart cards are USB smart cards because they come in the form of a small footprint USB device and do not require the implementation of additional hardware devices to read them. All you need to do is plug it in and away you go.

If you use USB smart cards, make sure that you enable them as removable devices in your Device Control settings.


In Vista, smart cards can be used for logon authentication as well as for use with the Encrypting File System. This makes them very valuable. When you select your smart card vendor, make sure that their products are compatible with Vista. Products compatible with XP do not work with Vista because Microsoft has modified the logon architecture in Vista. Use only certified products.

NOTE

For a list of compatible smart card readers, go to http://winqual.microsoft.com/HCL/ProductList.aspx?m=v&cid=406&g=d.

Then, when you're ready to perform your deployment, you can control smart card behavior through Group Policy. Smart Card settings by choosing Computer Configuration => Policies => Administrative Templates => Windows Components => Smart Cards. Use the procedure outlined under Device Controls to modify and apply the settings recommended in Table 5.

Table 5. Configuring Settings for Smart Cards in Group Policy
SettingRecommendation
Allow certificates with no extended key usage certificate attributeNot configured
Allow Integrated Unblock screen to be displayed at the time of logonVerify with hardware manufacturer before using this setting.
Allow signature keys valid for LogonNot configured
Allow time invalid certificatesNot configured
Turn on certificate propagation from smart cardEnable to provide multiuse certificates.
Configure root certificate clean upNot configured
Turn on root certificate propagation from smart cardNot configured
Filter duplicate logon certificatesNot configured
Force the reading of all certificates from the smart cardNot configured
Display string when smart card is blockedNot configured
Reverse the subject name stored in a certificate when displayingEnable to properly display user names.
Allow user name hintNot configured

Configuring Internet Explorer

Internet Explorer version 7 is much more comprehensive than any previous version of IE. In fact, Windows Vista lists 13 categories of settings under the Security Features of IE (Computer Configuration => Policies => Administrative Templates => Windows Components => Internet Explorer => Security Features). These categories include:

  • Add-on management

  • Binary behavior security restriction

  • Consistent mime handling

  • Information bar

  • Local machine zone lock-down security

  • Mime sniffing safety feature

  • MK protocol security restriction

  • Network protocol lock down

  • Object caching protection

  • Protection from zone elevation

  • Restrict file download

  • Scripted Window security restrictions

  • Enable native XMLHTTP support

As such there are too many settings to list here. The best recommendation is for you to take a close look at each of the various security features you can control in IE and apply them judiciously. This will let you create a secure IE environment.

NOTE

Perhaps the easiest way to do this is to look up the explanation of each feature online. If so, go to www.microsoft.com/windows/products/winfamily/ie/features.mspx for more information.

Other -----------------
- Participating in Internet Newsgroups : Setting News Options - Options for Newsgroups and Messages, Options for Individual Newsgroups
- Participating in Internet Newsgroups : Filtering Newsgroup Messages, Rating Posts
- Participating in Internet Newsgroups : Notes on Working with Newsgroup Messages, Following Up a Message, Posting a New Message
- Participating in Internet Newsgroups : Downloading Messages
- Configuring Startup and Troubleshooting Startup Issues : Understanding the Startup Process (part 3) - Kernel Loading Phase
- Configuring Startup and Troubleshooting Startup Issues : Understanding the Startup Process (part 2) - Windows Boot Manager Phase
- Configuring Startup and Troubleshooting Startup Issues : Understanding the Startup Process (part 1) - Power-on Self Test Phase, Initial Startup Phase
- Participating in Internet Newsgroups : Setting Up a News Account, Working with Newsgroups in Windows Mail
- Participating in Internet Newsgroups : Some Usenet Basics
- Configuring Startup and Troubleshooting Startup Issues : What’s New with Windows Vista Startup
 
 
Top 10
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
Popular tags
Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 windows Phone 7 windows Phone 8
programming4us programming4us
Celebrity Style, Fashion Trends, Beauty and Makeup Tips.
 
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server