Book Read Free

Microsoft Press Windows Vista Administrator's Pocket Consultant ebook

Page 55

by MS

Click Details. The Encryption Details For dialog box appears. Users who have access to the encrypted file are listed by name.

  To allow another user access the file, click Add.

  If a user certificate is available for the user to whom you are granting access, select the user's name in the list provided and then click OK. Otherwise, click Find User to locate the certificate for the user.

  Decrypting Files and Folders

  If you decide later that you want to decrypt a file or folder, reverse the process by completing the following steps:

  Right-click the file or folder in Windows Explorer and then select Properties.

  On the General tab of the related property dialog box, click Advanced. The Advanced Attributes dialog box appears. Clear the Encrypt Contents To Secure Data check box and click OK twice.

  With a file, Windows Vista decrypts the file and restores it to its original format. With a folder, Windows Vista decrypts all the files within the folder. If the folder contains subfolders, you'll also have the opportunity to remove encryption from the subfolders. To do this, select Apply Changes To This Folder, Subfolders And Files when prompted and then click OK.

  Tip

  Windows Vista also provides a command-line tool called Cipher (Cipher.exe) for encrypting and decrypting your data. Typing CIPHER at the command line by itself shows you the encryption status of all folders and files in the current folder.

  Enhancing Computer Security

  Security settings are critically important for maintaining the integrity of Windows Vista computers. Computers with weak or improperly configured security are open to a wide variety of attacks whenever they connect to a network. To make it easy to manage and determine the status of various security features, Windows Vista includes Windows Security Center. This central security management console provides an overview of the current security configuration and provides quick access to security features including Windows Firewall, Windows Update, and Windows Defender.

  Using Windows Security Center

  Windows Security Center, shown in Figure 15-4, is meant to be a central location for checking the most important aspects of system security. Through Security Center, you can quickly determine the status of any of these important security features and get recommendations for how these features should be configured. If the computer might be at risk due to poor security configuration, you can access Windows Security Center by clicking the Windows Security Center icon (the red shield with an x) in the notification area of the system tray. Otherwise, you can access Windows Security Center by clicking Start and then clicking Control Panel. In Control Panel, click Security and then click Security Center.

  Figure 15-4: Windows Security Center provides a quick overview of the status of essential areas of security.

  In Windows Security Center, the core set of security tools available is the same for both workgroups and domains. However, the default way in which Windows Security Center works changes depending on whether the computer is a member of a workgroup or a domain. In a workgroup, individual users can manage the security settings, and Windows Security Center reports the current status of security features. In a domain setting, the core functionality of Windows Security Center itself is turned off by default. As a result, Windows Security Center doesn't report the current status of security features and can only be used to access the core security tools, by using the links provided on the left panel. In a workgroup where individual users can manage the security settings, Windows Security Center reports the current status of security features by default and also enables users to manage these features.

  Tip

  In a domain, you can allow users to manage and view the current status of security features by enabling the Turn On Security Center policy under Computer ConfigurationAdministrative TemplatesWindows ComponentsSecurity Center. This policy is disabled by default. If you enable this policy and it was previously disabled, you will be able to access Windows Security Center only after you restart the computer. The Turn On Security Center policy does not apply to computers in work-groups. Windows Security Center cannot be turned off for computers in workgroups.

  Windows Security Center options help you manage and track the status of the following security features:

  Firewall Shows the status of the computer's firewall. A firewall helps protect the computer against network-based attacks and other security threats from remote systems. Both Windows Firewall and Advanced Windows Firewall are installed with the operating system and turned on for all connections by default. See the "Managing Windows Firewalls" section in this chapter for more information.

  q If the Windows Firewall is turned off and you want to turn it on, expand the Firewall entry by clicking the button to the right of the Off designator and then click Turn On Now. When initially enabled, Windows Firewall uses the default state, in which inbound connections that do not have an exception are blocked automatically.

  q If you've installed a firewall that Windows Vista doesn't detect, you can tell Security Center that you'll monitor the firewall status yourself. Expand the Firewall entry by clicking the button to the right of the Off designator and then clicking Show Me Other Available Options. In the Recommendation dialog box, select I Have A Firewall Solution That I'll Monitor Myself. The status of Firewall will change to Not Monitored.

  q If multiple firewalls are enabled and Windows Vista detects this, you'll see a warning prompt specifying that to ensure programs operate properly, only one firewall should be configured. In this case, you should disable all but one of the firewalls.

  Automatic Updating Shows the status of automatic updating. If automatic updating is off and you want to turn it on, expand the Automatic Updating entry by clicking the button to the right of the Off designator and then clicking Turn On Now. This turns on Windows Update and uses the default (recommended) mode, in which updates for the operating system are downloaded and installed automatically. See the "Configuring Automatic Updating" section in this chapter for more information.

  Malware Protection Malware protection software helps safeguard a computer from viruses, spyware, and other similar types of malicious programs. The two most commonly used types of malware protection software are antivirus software and anti-spyware software.

  q Windows Vista does not include antivirus software. You'll need to use a third party solution. If antivirus software is not found or is in an unknown state, you'll see a Check Settings warning. When you expand the Malware Protection entry using the button provided, you'll be able to find antivirus software to install over the Internet by clicking Find A Program. If you don't want Windows Vista to monitor the status of antivirus software, click Show Me Other Available Options and then select the I Have An Antivirus Program That I'll Monitor Myself.

  q Windows Vista includes Windows Defender to provide anti-spyware protection. If Windows Defender is turned off and you want to turn it on, expand the Malware Protection entry by clicking the button to the right of the Check Settings warning and then clicking Turn On Now. This uses the default configuration as discussed in the "Managing Windows Defender" section in this chapter. If you've installed anti-spyware software that you want to use instead of Windows Defender, you can tell Security Center that you'll monitor the anti-spyware software status yourself. Click Show Me Other Available Options. In the Recommendation dialog box, select I Have An Antispyware Program That I'll Monitor Myself. The status of Antispyware will change to Not Monitored.

  Tip

  By default, Windows Security Center is configured to alert the currently logged on user if the firewall, malware protection, or Automatic Updates settings are not properly configured. The alerts are displayed in a balloon message box stating Your Computer Might Be At Risk. To view or configure the alerts, access the Windows Security Center and click Change The Way Security Center Alerts Me in the left pane. You can then use the dialog box provided to change the way notification works.

  Other Security Settings Shows the overall status of Interne
t security settings and User Account Control (UAC). You'll see a warning if Internet security settings are set below their recommended levels or if user accounts are configured in a way that increases risk. The recommendations offered depend on the settings that put the computer at risk.

  In the left panel of Windows Security Center, you'll find several helpful links, including:

  Windows Update Opens the Windows Update utility in Control Panel.

  Window Defender Opens Windows Defender if this feature is turned on. If Windows Defender is turned off, you'll be prompted to turn on Windows Defender. Click Turn On And Open Windows Defender and then Windows Vista will open Windows Defender.

  Windows Firewall Opens Windows Firewall.

  Internet Options Opens the Internet Properties dialog box with the Security tab selected.

  Managing Windows Firewalls

  Windows Firewall is installed and enabled by default on all computers running Windows Vista. Two versions of this Firewall Settings are included:

  Windows Firewall The basic version of Windows Firewall protects the computer by preventing unauthorized users from gaining access. It does this by blocking inbound access to Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) ports on the computer and disallowing most types of Internet Control Message Protocol (ICMP) requests.

  Windows Firewall With Advanced Security The advanced version of Windows Firewall protects the computer from unauthorized access and unauthorized use, and it also provides secure authentication. It does this by blocking both inbound and outbound connections, disallowing most types of ICMP requests, and ensuring connections can be authenticated using standard security protocols.

  Both firewalls are used together. On a computer that uses Windows Firewall, Windows Firewall provides the protection baseline, and Windows Firewall With Advanced Security extends and enhances this basic protection baseline. Additionally, under Windows Vista, each network category has a different firewall profile. This means there is a domain profile, a private profile, and a public profile. When working with Windows Firewall, the profile for the current network category (based on the current connection) is the only one you can view and configure. When working with Windows Firewall With Advanced Security, you can view and manage each firewall profile separately.

  Configuring Windows Firewall

  Windows Firewall is automatically enabled for all network connections on a computer. This means all modem, network cable, wireless network, and IEEE 1394 (FireWire) connections are automatically protected by the firewall. The sections that follow discuss techniques for configuring Windows Firewall, including:

  Enabling and disabling Windows Firewall

  Configuring exceptions for programs

  Configuring exceptions for TCP and UDP ports as well as services

  Restoring the original Windows Firewall configuration

  Real World

  For computers that are part of a domain, you'll find several important policies for configuring Windows Firewall under Computer ConfigurationAdministrative TemplatesNetworkNetwork ConnectionsWindows Firewall. If Windows Firewall: Allow Authenticated IPSec Bypass is enabled, any authenticated Internet Protocol Security (IPSec) connection to a computer completely bypasses the Windows Firewall, and you can set specific exemptions (exclusions) for computers, users, and groups. Use the policies under Computer ConfigurationAdministrative TemplatesNetworkNetwork ConnectionsWindows FirewallDomain Profile to configure the way Windows Firewall is used when a computer is connected to a Microsoft Active Directory directory service domain. Use the policies under Computer ConfigurationAdministrative TemplatesNetworkNetwork ConnectionsWindows FirewallStandard Profile to configure the way Windows Firewall is used when a computer is disconnected from an Active Directory domain, such as when a laptop user takes his computer home.

  Enabling and Disabling Windows Firewall You can enable or disable Windows Firewall in one of two ways: either completely or on a per-connection basis. To enable or disable the firewall completely, click Windows Firewall in Windows Security Center and then click Change Settings. This displays the Windows Firewall Settings dialog box, shown in Figure 15-5. You can now:

  Select On to enable Windows Firewall and set it to block all outside connections to the computer, with the exception of the exclusions lists on the Exceptions tab and any inbound ICMP requests allowed on the Advanced tab. In this configuration, Windows Firewall uses Security Alerts to notify you of any programs it is blocking, and you can determine whether to keep blocking the program, unblock the program, or have it prompt you later.

  Select On and choose Block All Incoming Connections to enable Windows Firewall, set it to block all outside connections to the computer, and specify that no exceptions from the Exceptions tab should apply. This configuration is best for laptop computers when they are off the corporate network. In this configuration, Windows Firewall will not alert the user when it is blocking programs. Further, it should be noted that any inbound ICMP requests allowed on the Advanced tab are still allowed and are not blocked.

  Select Off to completely disable Windows Firewall. In this configuration, Windows Firewall is disabled for all connections and the computer is more vulnerable to attack.

  Figure 15-5: Use the General tab to completely enable or disable Windows Firewall.

  To enable or disable Windows Firewall on a per-connection basis, follow these steps:

  Click Windows Firewall in Windows Security Center. Note the network category you are configuring and then click Change Settings. In the Windows Firewall dialog box, ensure that On is selected on the General tab and then select the Advanced tab.

  Each network connection configured on the computer is listed in the Network Connection Settings panel. Clear the check box for a connection to disable Windows Firewall for that connection. Select the check box for a connection to enable Windows Firewall for that connection.

  Click OK when you are finished.

  Configuring Firewall Exceptions for Programs In a domain, Core Networking is the only allowed exception on a computer by default. If you've allowed network discovery, configured sharing, or other features, these features may be configured as allowed exceptions as well. You can make exceptions for other programs and services as well using the Exceptions tab of the Windows Firewall dialog box.

  As Figure 15-6 shows, standard exceptions can be easily allowed or disallowed. To allow an exception, select the related check box. To disallow an exception, clear the related check box. If you have a question about the purpose of an exception, click it and then click Properties to see a detailed description of the service or feature.

  Figure 15-6: Use the Exceptions tab to allow some types of remote connections.

  You can add programs as exceptions if other computers need to remotely communicate with a program or connect to the computer over a specific port. To configure programs as exceptions, complete the following steps:

  Click Windows Firewall in Windows Security Center. Note the network category you are configuring and then click Change Settings. This displays the Windows Firewall dialog box.

  In the Windows Firewall dialog box, select the Exceptions tab and then click Add Program.

  In the Add A Program dialog box, select the program in the Programs list or click Browse to use the Browse dialog box to find the program.

  By default, any computer, including those on the Internet, can access this program remotely. To restrict access further, click Change Scope. You can then select:

  q Any Computer (Including Those On The Internet) to allow any computer to remotely communicate with this program

  q My Network (Subnet) Only to allow only computers on the same subnet as this computer to remotely communicate with this program

  q Custom List to enter a comma-separated list of Internet Protocol (IP) addresses that can remotely communicate with this program

  Click OK three times to close all open dialog boxes.

  Configuring Firewall Exceptions
for TCP and UDP Ports TCP and UDP ports can be opened for remote access to a computer by configuring the appropriate port as an exception. If you know which port you want to open, complete the following steps to designate it as an exception:

  Click Windows Firewall in Windows Security Center. Note which network category you are configuring and then click Change Settings. This displays the Windows Firewall dialog box.

  In the Windows Firewall dialog box, select the Exceptions tab and then click Add Port.

  In the Name field of the Add A Port dialog box, type a descriptive name for the port and then type a port number, such as 80, in the Port Number field.

  Select whether you are making an exception for a TCP or UDP port by choosing the appropriate radio button.

  By default, any computer, including those on the Internet, can access this program remotely. To restrict access further, click Change Scope, make a different selection, and then click OK.

  Click OK two times to close all open dialog boxes.

  Restoring the Original Windows Firewall Configuration If you are unsure of the state of Windows Firewall and its configuration, it is sometimes better to restore the original Windows Firewall configuration and then modify the configuration as necessary afterward. In this way, you start with a known secure configuration of the firewall and then make changes as necessary for the computer. You can restore the Windows Firewall settings by completing the following steps:

  Click Windows Firewall in Windows Security Center. Note which network category you are configuring and then click Change Settings. This displays the Windows Firewall dialog box.

  In the Windows Firewall dialog box, select the Advanced tab.

  Click the Restore Defaults button. When prompted to confirm the action, click Yes.

  Once the configuration is restored, click OK.

  Configuring Windows Firewall With Advanced Security

 

‹ Prev