Although Windows Vista is not as popular as xp, as an operating system, user security enhancement is still necessary. The following are some new service security enhancement policies for Windows Vista:
1. SCM manages services
A service is a program managed by the Service Control Administrator (SCM). It establishes a database containing all installed services and manages the status of each service. Various services are usually automatically started for continuous execution when windows is started, which makes attackers vulnerable to attacks.
2. The higher the permission, the higher the security risk.
In the previous version of windows, most services are executed under the local system account with the highest permissions. This means that if the service is infiltrated, attackers can cause serious damage to the system, because they can operate almost all data in the computer.
3. Vista and Longhorn Server use the minimum permissions to execute services
To reduce the risk of attacks, permissions that are not required by any service are cleared, so that security can be enhanced. In Vista and Longhorn, in the past, many services that use local system management permissions to execute are now running with accounts with low permissions, such as NetworkService or LocalService, all services should be run with the lowest permissions as much as possible.
4. Vista uses the "isolation" technology to protect services
The isolation technology includes a technology called "0 session isolation", which can prevent users' applications from executing in 0th sessions (this is the first session established during windows startup ). Only system services and other applications unrelated to user processes can be executed in this session. This security enhancement prevents system services from being affected by other applications.
5. Vista generates a Security Identifier (SID) for each system service)
A security identifier is provided for each service to differentiate services and allow the operating system to apply the windows Access control mode to the service. The so-called windows Access control mode restricts the access of users and user group accounts to restrict different access permissions for different services.
6. In Vista, you can apply the access control table (ACLs) to the service.
An ACL is a set of access control items (ACEs ). All resources on the network contain the ACL Security description. The ACL specifies which account or device can access this resource.
7. Vista network firewall can develop security policies for services
This policy is associated with the service SID, allowing you to control the way the service accesses the network and prevent it from using the network in an unacceptable way, such as sending data to the Internet. The Vista Firewall is included in the service security enhancement policy.
8. Restrict the functions of the Service to prevent the service from modifying the registry and accessing system files.
If a system service requires the above functions to run properly, it can also be set to a specific area that can only access the registry or system files. At the same time, you can restrict the service from performing system settings changes or other functions that may cause attacks.
9. Each Service is assigned a service security enhancement policy script in advance.
This script specifies the items that the service can and cannot be executed. Based on the description of this script, SCM only provides the available permissions for these services. These operations are completed in the background without additional settings.
10. The service reinforcement mechanism does not protect system services from attacks.
Enhanced service security is provided by windows Firewall and other protection mechanisms. The purpose of the service security reinforcement policy is to reduce the harm caused by service intrusion. It can provide more protection for the inner layer of Vista's multi-layer security protection mechanism.
- Windows 7 5 Security Features
- Testing helps you protect Windows Network Security
- How to handle Windows desktop malware
- In-depth discussion on how to protect Windows 7 Security
- How to prevent the spread of USB flash drive virus in Windows 7