Services isolation in Session 0 of Windows Vista and Longhorn Server
You may have heard that built-in services in Windows Vista were specifically hardened by Microsoft engineers during its development process. You might be wondering what that really means, how it works...
View ArticleLeast privilege for services
This is part 2 of our series of posts on service hardening. "Need to have" and least privilege principle Executing with least privilege is a good practice of computer security. As with the "need to...
View ArticlePer-service SID
(This is part 3 of our series of posts on service hardening.) Under Windows Vista/Longhorn Server, your service can now have its own SID (Security Identifier), which you can then use in ACLs to...
View ArticleWrite-restricted token
(This is part 4 of our series of posts on service hardening.) A service can be configured to be write-restricted, in addition to having a per-service SID. To do so, you specify a SID type of...
View ArticleNetwork restrictions for service hardening
(This is part 5 of our series of posts on service hardening.) Last but not least a service can be (and should be) configured to have network restrictions with what is called the "Windows Service...
View ArticleLinux-Windows Vista dual boot with BitLocker and a TPM
Based on my earlier posts, I've recently written a whitepaper for Microsoft France on how to build a machine that is capable of dual booting either Linux or Windows Vista when the latter is protected...
View ArticleSecurity Series #1: Principles of Cyber Security
Today I’m starting a series of blog posts on cyber security. Before getting to various topics, I thought it could be useful to remind everyone some of the security principles that are the most useful...
View ArticleSecurity Series #2: How to Bake Security in Products and Services? SDL.
Engineering more secure software with the Microsoft Security Lifecycle (SDL) In January 2002, Bill Gates launched the Microsoft Trustworthy Computing Initiative which focused on security as one of its...
View ArticleSecurity Series #3: the threat landscape – opportunistic attacks from...
Microsoft has recently published the latest version of the Security Intelligence Report v14 (http://microsoft.com/sir) focusing on software vulnerabilities, software vulnerability exploits, and...
View ArticleSecurity Series #4: The Threat Landscape – Targeted Attacks explained- Top 3...
Targeted attacks are an evolution of espionage to target a specific organization in order to steal information, modify information, or destroy information or systems. On the other hand, opportunistic...
View Article
More Pages to Explore .....