Security can't work without encryption, and of course Microsoft
operating systems (except for MS-DOS) have all included some kind
of encryption since Microsoft released OS/2 1.0 in 1987. But over
the years, the sort of encryption that Microsoft builds into its
OSes, and what it does with them, changes. Here are few notes on
new crypto capabilities in Vista.
Vista includes new cryptographic services
Every software vendor has to make the choice about whether to
try creating its own encryption algorithms or to employ standard
algorithms. It might seem at first glance that a software vendor
would be better off building their own encryption algorithm and
keeping its inner workings secret, but according to security expert
Bruce Schneier, writing in his book Secrets and Lies: Digital
Security in a Networked World (Wiley, 2000), the better route
is not to build crypto algorithms that are studied and
@37912cross-checked by a handful of insiders, but instead to use a
crypto algorithm that's been reviewed by hundreds of mathematical
experts. In his book Schneier took Microsoft to task for this,
claiming that every single time that Microsoft creates a
proprietary cryptographic algorithm, it's cracked in just a few
months.
I don't know if that always happens, but it's surely
happened enough. Maybe that's why Microsoft's using more and more
standard cryptographic algorithms. (Maybe they read Schneier's
book?) Two that come to mind are the Secure Hashing Algorithm (SHA)
and the Advanced Encryption System (AES). Both were developed under
the aegis of the U.S. government's National Institute for Standards
and Technology (NIST) with the intention of providing a
well-thought-out set of algorithms for hashing (SHA) and encryption
(AES). AES seems well thought of in the crypto community, but SHA
has been attacked successfully in some specialized situations. The
most recent version of SHA, "SHA-2," has not been successfully
attacked as I write this.
Microsoft has had AES built into XP since SP1 and 2003 since its
original release, but only in limited use; as far as I know, the
only use XP had for AES was in the Encrypting File System (EFS).
With Vista, Microsoft says that you will be able to use AES for
encryption with IPsec. Granted, it's not earth-shaking, as
previously only offered Triple DES (Data Encryption Standard), and
cracking TDES probably won't be practical for some time, but it's a
step ahead. Adding SHA-2 to IPsec will also be good, but I should
note that as I write this, the Group Policy interface does not show
options for either AES or SHA-2. I can confirm, however,
that another Windows technology, BitLocker Full Volume Encryption,
does indeed use AES in 128-bit and 256-bit encryption. (You can
read more about BitLocker in Chapter 5.)
You can encrypt your pagefile
Here's good news for the completely paranoid: You can encrypt
your pagefile. Just take my advice…don't. Not unless you want to
wait, say, an hour or so every time you turn your computer on while
you wait for it to decrypt a gigabyte or so of pagefile.
Offline Files folders are encrypted per user
Offline Files is a great technology that allows you to cache
data from oft-used file shares locally. It first appeared in
Windows 2000 and while it's not for everyone, lots of people like
it. But once details of how Offline Files works got out, people
soon realized that it presented something of a security hole. You
see, in Windows 2000, all of the cached files were stored in a
directory easily viewed by any user. Thus, if I shared a computer
with you and you used Offline Files, then I could poke around the
folder holding the cached files -- everyone on the same machine
shared the same folder - and that might not be good.
When XP came around, Microsoft encrypted the folder that held
the cached Offline Files data. But the process that did the
encrypting was a service that ran as the LocalSystem account, which
meant that the EFS encryption key for the Offline Files data was
easily utilized by anyone running as LocalSystem. Unfortunately, it
turned out to be really easy to log on as Local- System -- just use
the at.exe scheduler program to start up a command prompt;
as the scheduler program runs as LocalSystem, you get a command
prompt running under the Local- System account -- cracking Offline
Files to peek into the cached files of someone who shares your
machine was still relatively easy.
Vista changes that in two ways. First of all, everyone's cached
files are cached with their EFS key, not LocalSystem's.
Second, even if Microsoft hadn't changed that about the
operating system, it'd still be pretty tough to exploit, as logging
on as LocalSystem has gotten a lot harder. All of the old tricks
that I've been able to use in the past to log on as LocalSystem no
longer work in Vista!
Check out other excerpts from this chapter of Mark's book,
Administering Windows Vista Security: The Big Surprises.
SearchWindowsSecurity.com also features excerpts from chapter
eight,
"
Locking Up the Ports: Windows Firewall", of Mark Minasi's book,
"Mastering Windows Server 2003 Upgrade Edition for SP1 and
R2."
|
 Mark Minasi is
a best-selling author, commentator and all-around alpha geek.
Mark is best known for his books in the Mastering
Windows series. What separates him from others is that he
knows how to explain technical things to normal humans, and
make them laugh while doing it. Mark's firm, MR&D, is
based in Pungo, a town in Virginia's Tidewater area that is
distinguished by having one -- and only one -- traffic
light.
Copyright 2005 TechTarget |
|