Il blog di Ester Memoli


La mia rubrica su Managed Services


La mia videointervista su MSN Video


Colored Glances. Io e i miei colori. Il blog di un hobby colorato.



*** TEAM***



Tenere la vita reale separata da quella online?



Vista - Windows Service Hardening

Una breve descrizione di una nuova feature che troveremo in Windows Vista: il Windows Service Hardening. Cosa farà? Impedirà ai servizi critici di Windows di eseguire attività anomale nel file system, nel registro, in rete o in altre risorse che potrebbero essere fonte di autoinstallazione o di replicazione e diffusione di malware.
Info più complete di seguito:
Windows Service Hardening restricts critical Windows services from doing abnormal activities in the file system, registry, network, or other resources that could be used to allow malware to install itself or attack other computers. For example, the Remote Procedure Call (RPC) service can be restricted from replacing system files or modifying the registry.
Windows services represent a large percentage of the overall attack surface in Windows—from the perspective of the quantity of overall "always-on" code footprint in the system, and the privilege level of that code. Windows Vista limits the number of services that are running and operational by default. Today, many system and third-party services run in the LocalSystem account, where any breach could lead to unbounded damage to the local machine—including disk formatting, user data access, or driver installation.
Windows Service Hardening reduces the damage potential of a compromised service by introducing new concepts which are used by Windows services:
• Introduction of a per-service security identifier (SID). It enables per-service identity which subsequently enables access control partitioning through the existing Windows access control model covering all objects and resource managers which use access control lists (ACLs). Services can now apply explicit ACLs to resources which are private to the service, which prevents other services as well as the user from accessing the resource.
• Moving services from LocalSystem to a lesser privileged account such as LocalService or NetworkService. This reduces the overall privilege level of the service, which is similar to the benefits derived from User Account Control.
• Removal of un-necessary Windows privileges on a per-service basis; for example, the ability to do debugging.
• Applying a write-restricted access token to the service process. This access token can be used in cases where the set of objects written to by the service is bounded and can be configured. Write attempts to resources that do not explicitly grant the Service SID access will fail.
• Services are assigned network firewall policy, which prevents network access outside the normal bounds of the service program. The firewall policy is linked directly to per-service SID. 


Categoria: Tecnico
martedì, 28 feb 2006 Ore. 23.00
Archivio Posts
Anno 2015

Anno 2013

Anno 2012

Anno 2011

Anno 2010

Anno 2009

Anno 2008

Anno 2007

Anno 2006

Anno 2005
  • Views Home Page: 887.630
  • Views Posts: 3.476.199
  • Views Gallerie: 1.867.431
  • n° Posts: 1.246
  • n° Commenti: 4.073
Copyright © 2002-2007 - Blogs 2.0 | Home Page Blogs
ASP.NET 2.0 Windows 2003