windows vista security
	Stephan Diestelhorst (stephan.diestelhorst@gmail.com)
	vista adresses common security problems
		stolen laptop
		unpatched system
		users have to many permissions
	local security
		nx-bit
			marking data containing memory as Not eXecutable
			stack / heap canarie system
			proviedes some security against code injection attacks
		user account control
			protection against admin account misusage
			switched on by default
			anybody is running in unpriviledged mode
			relevant apps requires elevation of rights
				admin needs to click ok
				user needs to enter admin accounts password
			some kinda su without fine granular tunig of permissions
			uncritival jobs must not be elevatedd
				change time zone
				run application
			critical jobs the must be elevated
				change system time
				change security settings
		application signing
			apps needs to be signed
			different levels of signing
				blocked -> app cant be executed -> whitelisting possible
				vista -> its microsoft -> its safe to use ;)
				signed -> somebody payed money for the cerificate
				unknokn -> warning appears -> automated whitelisting after confirmation
		adress space layout randomization
			randomly allocate memory slices for dlls
		bit locker drive encryption
			using efs
			efs cant encrypt os loader
			using tpm or usb stick for login procedure
			creation of encrypted loader partition requieres 1.5 gb
		copy and write might be introduced for some tasks
		user group acls might be introduced
	network security
		vista phishing filter
			part of ie7
			using heuristics and black lists
			heuristics are determining the level of phishiness of a page
		vista firewall
			controll incoming and outgoing traffic
			ipsec support
			fine grained control
				ip-level based
				adress based
				port level (1-n)
				protocol level (tcp / udp)
				accociate programm to traffic
		vista defender
			xp level
				check for config changes
				monitor application startup
				detect spywre
			vista level
				check only modified files (instead of time based polling)
				autocheck ie downloads
	network access protection
		using central policy server to restrict access
		checking for policies
			patch level
			installed software
		connecting client MUST be ms windows
		policy server should be combined with firewall
	resources will be found at www.dotnet-dresden.de