|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
Message-Id: <8D8B74F8-6414-4EB2-9CAA-F2871A729B7F@mit.edu> From: Monique Yeaton <myeaton@mit.edu> To: ist-security-fyi@mit.edu Mime-Version: 1.0 (Apple Message framework v936) Date: Mon, 26 Oct 2009 14:43:13 -0400 Cc: itss@mit.edu Content-Type: multipart/mixed; boundary="===============0368855237==" Errors-To: ist-security-fyi-bounces@mit.edu --===============0368855237== Content-Type: multipart/signed; boundary=Apple-Mail-31--897480257; micalg=sha1; protocol="application/pkcs7-signature" --Apple-Mail-31--897480257 Content-Type: multipart/alternative; boundary=Apple-Mail-30--897480314 --Apple-Mail-30--897480314 Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit In this issue: ------------------------------ Windows 7 and Security ------------------------------ Windows 7 was released on October 22nd to the general public. IS&T recommends that MIT computer users *wait* to upgrade their Windows operating system to Windows 7 until support issues for products such as TSM (backup), SAPgui, FileMaker Pro 10, and Cisco VPN 64-bit have been resolved. IS&T is offering limited support for Windows 7 at the moment. When you are ready to acquire a copy of Windows 7 (downloadable from the IS&T Available Software Site at <http://ist.mit.edu/services/software/windows/7 >), what new security features can you expect? Windows 7 has been advertised as a more secure computing experience than Vista, so let's take a quick look: * Core system security such as Kernel Patch Protection, Data Execution Prevention, Address Space Layout Randomisation and Mandatory Integrity Levels provide a strong foundation to guard against malicious software and attacks. * The enhanced UAC (User Account Control) enforces least-privilege access. It prevents administrator access to users in order to protect sensitive areas of the operating system. In Windows 7 the number of areas to trigger the UAC prompt has been reduced and a more flexible interface has been incorporated, allowing users to choose among levels of UAC protection. The default setting is now not the most secure. * Finger print scanner support for systems needing additional protection. With Windows 7, Microsoft provides a smoother integration between the operating system and the fingerprint scanning hardware. * Data protection through Encrypting File System and support for Active Directory Rights Management Services. In addition to improvements to these technologies, Windows 7 improves on Vista's BitLocker drive encryption technology and adds BitLocker to Go for encrypting data on removable media. * DirectAccess offers remote workers seamless and secure connectivity when they are out of the office. The system creates a secure tunnel to a network and users don't have to manually substantiate a connection. Here's what SANS NewsBites editorial board member John Pescatore says on security in Windows 7: "From a security perspective, Windows 7 offers definite improvements over Windows XP, but there is no major security reason to move to Windows 7 before it makes business sense. The biggest improvement in Windows desktop security comes from getting off of the IE6 browser and moving to IE8 or the latest version of Firefox - and you don't need Windows 7 to do that." As with all new operating systems, there will be some bugs in the first iteration. If you want to avoid those headaches, you can always wait until Microsoft releases the Service Pack. An overview of some of the features mentioned above can be found here: <http://www.techreviewsource.com/content/view/305/1/> =============================== Monique Yeaton IT Security Awareness Consultant MIT Information Services & Technology (IS&T) (617) 253-2715 http://ist.mit.edu/security =============================== October is National Cybersecurity Awareness Month. Stay Safe Online! Visit http://www.staysafeoneline.org for the latest cybersecurity tips. --Apple-Mail-30--897480314 Content-Type: text/html; charset=US-ASCII Content-Transfer-Encoding: quoted-printable <html><body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; = -webkit-line-break: after-white-space; "><div style=3D"margin-top: 0px; = margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal = normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div = style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; = margin-left: 0px; font: normal normal normal 14px/normal Helvetica; ">In = this issue:</div><div style=3D"margin-top: 0px; margin-right: 0px; = margin-bottom: 0px; margin-left: 0px; font: normal normal normal = 14px/normal Helvetica; min-height: 17px; "><br></div><div = style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; = margin-left: 0px; font: normal normal normal 14px/normal Helvetica; = ">------------------------------</div><div style=3D"margin-top: 0px; = margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal = normal normal 14px/normal Helvetica; ">Windows 7 and Security</div><div = style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; = margin-left: 0px; font: normal normal normal 14px/normal Helvetica; = ">------------------------------</div><div style=3D"margin-top: 0px; = margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal = normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div = style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; = margin-left: 0px; font: normal normal normal 14px/normal Helvetica; = ">Windows 7 was released on October 22nd to the general public. IS&T = recommends that MIT computer users *wait* to upgrade their Windows = operating system to Windows 7 until support issues for products such as = TSM (backup), SAPgui, FileMaker Pro 10, and Cisco VPN 64-bit have been = resolved. IS&T is offering limited support for Windows 7 at the = moment.</div><div style=3D"margin-top: 0px; margin-right: 0px; = margin-bottom: 0px; margin-left: 0px; font: normal normal normal = 14px/normal Helvetica; min-height: 17px; "><br></div><div = style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; = margin-left: 0px; font: normal normal normal 14px/normal Helvetica; = ">When you are ready to acquire a copy of Windows 7 (downloadable from = the IS&T Available Software Site at <<a = href=3D"http://ist.mit.edu/services/software/windows/7">http://ist.mit.edu= /services/software/windows/7</a>>), what new security features can = you expect? Windows 7 has been advertised as a more secure computing = experience than Vista, so let's take a quick look:</div><div = style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; = margin-left: 0px; font: normal normal normal 14px/normal Helvetica; = min-height: 17px; "><br></div><div style=3D"margin-top: 0px; = margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal = normal normal 14px/normal Helvetica; "> * Core system security such = as Kernel Patch Protection, Data Execution Prevention, Address Space = Layout Randomisation and Mandatory Integrity Levels provide a strong = foundation to guard against malicious software and attacks.</div><div = style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; = margin-left: 0px; font: normal normal normal 14px/normal Helvetica; = min-height: 17px; "><br></div><div style=3D"margin-top: 0px; = margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal = normal normal 14px/normal Helvetica; "> * The enhanced UAC (User = Account Control) enforces least-privilege access. It prevents = administrator access to users in order to protect sensitive areas of the = operating system. In Windows 7 the number of areas to trigger the UAC = prompt has been reduced and a more flexible interface has been = incorporated, allowing users to choose among levels of UAC protection. = The default setting is now not the most secure.</div><div = style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; = margin-left: 0px; font: normal normal normal 14px/normal Helvetica; = min-height: 17px; "><br></div><div style=3D"margin-top: 0px; = margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal = normal normal 14px/normal Helvetica; "> * Finger print scanner = support for systems needing additional protection. With Windows 7, = Microsoft provides a smoother integration between the operating system = and the fingerprint scanning hardware.</div><div style=3D"margin-top: = 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: = normal normal normal 14px/normal Helvetica; min-height: 17px; = "><br></div><div style=3D"margin-top: 0px; margin-right: 0px; = margin-bottom: 0px; margin-left: 0px; font: normal normal normal = 14px/normal Helvetica; "> * Data protection through Encrypting File = System and support for Active Directory Rights Management Services. In = addition to improvements to these technologies, Windows 7 improves on = Vista's BitLocker drive encryption technology and adds BitLocker to Go = for encrypting data on removable media.</div><div style=3D"margin-top: = 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: = normal normal normal 14px/normal Helvetica; min-height: 17px; = "><br></div><div style=3D"margin-top: 0px; margin-right: 0px; = margin-bottom: 0px; margin-left: 0px; font: normal normal normal = 14px/normal Helvetica; "> * DirectAccess offers remote workers = seamless and secure connectivity when they are out of the office. The = system creates a secure tunnel to a network and users don't have to = manually substantiate a connection.</div><div style=3D"margin-top: 0px; = margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal = normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div = style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; = margin-left: 0px; font: normal normal normal 14px/normal Arial; ">Here's = what SANS NewsBites editorial board member John Pescatore says on = security in Windows 7: "=46rom a security perspective, Windows 7 offers = definite improvements over Windows XP, but there is no major security = reason to move to Windows 7 before it makes business sense. The biggest = improvement in Windows desktop security comes from getting off of the = IE6 browser and moving to IE8 or the latest version of Firefox - and you = don't need Windows 7 to do that."</div><div style=3D"margin-top: 0px; = margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal = normal normal 14px/normal Arial; min-height: 16px; "><br></div><div = style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; = margin-left: 0px; font: normal normal normal 14px/normal Arial; ">As = with all new operating systems, there will be some bugs in the first = iteration. If you want to avoid those headaches, you can always wait = until Microsoft releases the Service Pack.</div><div style=3D"margin-top: = 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: = normal normal normal 14px/normal Arial; min-height: 16px; = "><br></div><div style=3D"margin-top: 0px; margin-right: 0px; = margin-bottom: 0px; margin-left: 0px; font: normal normal normal = 14px/normal Helvetica; "><span style=3D"font: 14.0px Arial">A</span>n = overview of some of the features mentioned above can be found = here:</div><div style=3D"margin-top: 0px; margin-right: 0px; = margin-bottom: 0px; margin-left: 0px; font: normal normal normal = 14px/normal Helvetica; "><<a = href=3D"http://www.techreviewsource.com/content/view/305/1/">http://www.te= chreviewsource.com/content/view/305/1/</a>></div><div = style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; = margin-left: 0px; font: normal normal normal 14px/normal Helvetica; = min-height: 17px; "><br></div><div style=3D"margin-top: 0px; = margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal = normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div = apple-content-edited=3D"true"><span class=3D"Apple-style-span" = style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: = Calibri; font-size: medium; font-style: normal; font-variant: normal; = font-weight: normal; letter-spacing: normal; line-height: normal; = orphans: 2; text-align: auto; text-indent: 0px; text-transform: none; = white-space: normal; widows: 2; word-spacing: 0px; = -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: = 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: = auto; -webkit-text-stroke-width: 0px; "><div style=3D"word-wrap: = break-word; -webkit-nbsp-mode: space; -webkit-line-break: = after-white-space; "><span class=3D"Apple-style-span" = style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: = Calibri; font-size: medium; font-style: normal; font-variant: normal; = font-weight: normal; letter-spacing: normal; line-height: normal; = orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; = widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; = -webkit-border-vertical-spacing: 0px; = -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: = auto; -webkit-text-stroke-width: 0px; "><div style=3D"word-wrap: = break-word; -webkit-nbsp-mode: space; -webkit-line-break: = after-white-space; "><div><span class=3D"Apple-style-span" = style=3D"font-size: 14px; = "><div><br></div><div>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</div><div>Monique = Yeaton</div><div>IT Security Awareness Consultant</div><div>MIT = Information Services & Technology (IS&T)</div><div>(617) = 253-2715</div><div><a = href=3D"http://ist.mit.edu/security">http://ist.mit.edu/security</a></div>= <div>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D</div></span></div><div><br></div><div><font = class=3D"Apple-style-span" size=3D"4"><span class=3D"Apple-style-span" = style=3D"font-size: 14px; "><font class=3D"Apple-style-span" = color=3D"#FF3C1B">October is National Cybersecurity Awareness = Month. </font></span></font></div><div><font = class=3D"Apple-style-span" size=3D"4"><span class=3D"Apple-style-span" = style=3D"font-size: 14px; "><font class=3D"Apple-style-span" = color=3D"#FF3C1B">Stay Safe = Online! </font></span></font></div><div><font = class=3D"Apple-style-span" size=3D"4"><span class=3D"Apple-style-span" = style=3D"font-size: 14px; "><font class=3D"Apple-style-span" = color=3D"#FF3C1B">Visit</font></span></font><span = class=3D"Apple-converted-space"><font class=3D"Apple-style-span" = size=3D"4"><span class=3D"Apple-style-span" style=3D"font-size: 14px; = "><font class=3D"Apple-style-span" = color=3D"#FF3C1B"> </font></span></font></span><a class=3D"external" = title=3D"Link leaves federal government web domain." = href=3D"http://www.staysafeoneline.org" a=3D"a"><font = class=3D"Apple-style-span" size=3D"4"><span class=3D"Apple-style-span" = style=3D"font-size: 14px; "><font class=3D"Apple-style-span" = color=3D"#FF3C1B">http://www.staysafeoneline.org</font></span></font></a><= span class=3D"Apple-converted-space"><font class=3D"Apple-style-span" = size=3D"4"><span class=3D"Apple-style-span" style=3D"font-size: 14px; = "><font class=3D"Apple-style-span" = color=3D"#FF3C1B"> </font></span></font></span><font = class=3D"Apple-style-span" size=3D"4"><span class=3D"Apple-style-span" = style=3D"font-size: 14px; "><font class=3D"Apple-style-span" = color=3D"#FF3C1B">for the latest cybersecurity = tips.</font></span></font></div></div></span></div></span> = </div><br></body></html>= --Apple-Mail-30--897480314-- --Apple-Mail-31--897480257 Content-Disposition: attachment; filename=smime.p7s Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIDwjCCA74w ggMnoAMCAQICEQCgVkmJt2RPZFjUToeFtLUNMA0GCSqGSIb3DQEBBQUAMGwxCzAJBgNVBAYTAlVT MRYwFAYDVQQIEw1NYXNzYWNodXNldHRzMS4wLAYDVQQKEyVNYXNzYWNodXNldHRzIEluc3RpdHV0 ZSBvZiBUZWNobm9sb2d5MRUwEwYDVQQLEwxDbGllbnQgQ0EgdjEwHhcNMDkwNzA3MTkwNzQ1WhcN MTAwNzMxMTkwNzQ1WjCBpTELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxLjAs BgNVBAoTJU1hc3NhY2h1c2V0dHMgSW5zdGl0dXRlIG9mIFRlY2hub2xvZ3kxFTATBgNVBAsTDENs aWVudCBDQSB2MTEXMBUGA1UEAxMOTW9uaXF1ZSBZZWF0b24xHjAcBgkqhkiG9w0BCQEWD215ZWF0 b25ATUlULkVEVTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL5YyEmHtimNf2l9Swh7 azen1VDYTAHPef/hu8pDiEdf51i6i/1uiI7RCvzmGt8SRR3gwx1MuJt3TCKKX7kedPK8owWHRDO1 SQTG+RJHEKa8IeG/7Fk8kXFJqBYbk5sA8YOQOwmlG2x5ssMhfoPAxc44rh9tk4VfDgASGZXQITa+ 8SwLG2JSFgUlnvEJAOrw8XRXRX78mgPwkydJQNhfK+ikYm2JtyqM5cSwgLxHh0XldWAI7P4csM79 LQcG4HQZRmTCVeMuy67KgNjtg/94O5AfwLkbP6hwvqsDsfr8aTwhbrhkayJnvXeY0L2X4i9AasVP aAC4apVYBbIQr5mW4S8CAwEAAaOBoTCBnjAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAd BgNVHSUEFjAUBggrBgEFBQcDBAYIKwYBBQUHAwIwCwYDVR0PBAQDAgXgMB0GA1UdDgQWBBRfbDIy HJrY3A0bf+451r8D8oZXGjAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY2EubWl0LmVkdS9jYS9t aXRjbGllbnQuY3JsMA0GCSqGSIb3DQEBBQUAA4GBAIa1unH8mI8xbBDdr0Iqub03tHeb4/VWpsPq GmhYH9vXRI6x7B+dAIwghm4gKo9y4d8qlgcx+1sLjRQ8DkZcXacX52a1eb1qYzXhzNGkxp4EEZIq xYCHWJRYuitl+cpqVbS0Dxh/+gC5KL4LkMRJjQ6kP1ns99bdK132BxmyNX1+MYIDNjCCAzICAQEw gYEwbDELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxLjAsBgNVBAoTJU1hc3Nh Y2h1c2V0dHMgSW5zdGl0dXRlIG9mIFRlY2hub2xvZ3kxFTATBgNVBAsTDENsaWVudCBDQSB2MQIR AKBWSYm3ZE9kWNROh4W0tQ0wCQYFKw4DAhoFAKCCAYkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEH ATAcBgkqhkiG9w0BCQUxDxcNMDkxMDI2MTg0MzE0WjAjBgkqhkiG9w0BCQQxFgQU2i1ZcWVMi2Y6 GCjdvDdAykJpLxgwgZIGCSsGAQQBgjcQBDGBhDCBgTBsMQswCQYDVQQGEwJVUzEWMBQGA1UECBMN TWFzc2FjaHVzZXR0czEuMCwGA1UEChMlTWFzc2FjaHVzZXR0cyBJbnN0aXR1dGUgb2YgVGVjaG5v bG9neTEVMBMGA1UECxMMQ2xpZW50IENBIHYxAhEAoFZJibdkT2RY1E6HhbS1DTCBlAYLKoZIhvcN AQkQAgsxgYSggYEwbDELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxLjAsBgNV BAoTJU1hc3NhY2h1c2V0dHMgSW5zdGl0dXRlIG9mIFRlY2hub2xvZ3kxFTATBgNVBAsTDENsaWVu dCBDQSB2MQIRAKBWSYm3ZE9kWNROh4W0tQ0wDQYJKoZIhvcNAQEBBQAEggEAYqaSyczAIO923Luj IjQbtbfm/Lcw28LykJw/hDVu8ttHvfFFIMrK/g2d18VlILoX/QSo9bqK24x/4XZH5v0TEfOxuhoY lIH5hdIm9otYdXv2Lu5OBB71i/wYIy06DQhAba7cdneCuAf3i2vNFOZv8mn8YMqA+da9mlFOcva3 SDZ8xG0neD8gM8SMS3IdhIN7IIl9fvb3ihqsX+vPEhq5eEHYnukhdHJEiqPLALY36dnzA6M1VWBV c+VmoB6cGDbq6HB49rH/PSQmcTa90sD+doOAzX6wtnGMQCfzTFm/9+613zffc5iFsAA0ePWS3K8u p4LRr3jHLr9VpVez3PxLlQAAAAAAAA== --Apple-Mail-31--897480257-- --===============0368855237== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ ist-security-fyi mailing list ist-security-fyi@mit.edu To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi --===============0368855237==--
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |