Top Ten Strategies for Windows Vista Service Security Enhancement

Here are some new service security enhancement strategies for the Windows Vista operating system:

1. SCM is responsible for managing services

Services are managed by the Service Control Manager (SCM) A program that builds a database of all installed services while managing the state of each service. Various services usually start automatically when Windows starts, which makes it easy for attackers to attack.

2. The higher the privilege is equal to the higher the security risk

In the previous version of the Windows operating system, most of the services were executed under the local system account with the highest privilege. This means that if the service is compromised, the attacker can cause serious damage to the system because they can manipulate almost all the data in the computer.

3. Vista and Longhorn Server use minimal permissions to execute services

To reduce the risk of being attacked, any permissions that are not needed by the service are cleared. In Vista and Longhorn, many of the services that were performed using local system administrative privileges have now been run with accounts with lower privileges, such as NetworkService or LocalService, and all services are run with the least possible privileges.

4. Vista uses "Isolation" technology to protect services

The isolation technology includes a technique called "session isolation" that prevents users from using the technology. The program is executed in session 0 (this is the first session established when windows starts). Only system services and other applications that are not related to the user process can be executed in this session. This prevents system services from being affected by other applications.

5. Vista generates a Security Identifier (SID) for each system service.

Provide a security identity for each service to differentiate services from each other and allow the operating system to serve Apply windows access control mode. The so-called windows access control mode is to restrict the access rights of users and user groups to restrict different access rights for each different service.

6. In Vista, access control lists (ACLs) can be applied to services

ACLs are a set of access control entries (ACEs). Resources on the network contain a security description of the ACL. The ACL specifies which account or device can access this resource.

7. Vista Network Firewall can create security policies for services

This policy is associated with the SID of the service, allowing you to control how the service accesses the network and prevent it from using the network in an impermissible manner. , such as sending data to the external network and so on. The Vista firewall is included in the service security hardening strategy.

8.Restrict the service function, prevent the service from modifying the registry, and access the system files.

If a system service needs the above functions to run normally, it can also be set to access only the registration. A specific area of ​​a table or system file. It also limits the ability of the service to perform system settings changes or other features that could lead to an attack.

9. Each service is assigned a service security hardening policy script in advance

This script specifies the services that can and cannot be executed. Based on the description of this script, SCM only provides the permissions available to these services. These operations are done in the background and do not require additional settings.

10. Service Enhancement Mechanism is not to protect system services from attack.

Service security enhancements are provided by Windows Firewall and other protection mechanisms. The service security enhancement strategy is designed to reduce the harm caused by the service being compromised. It provides more protection for the inner layers of Vista's multi-layered security protection mechanism.