Secure the perimeter
Improving security and compliance with Microsoft Windows Vista
|
In today's digital world, computers are an increasingly attractive target for criminals hoping to steal information or to harm your agency, its employees, and/or citizens. In addition, government regulations, such as Sarbanes-Oxley and HIPAA, require you to maintain extremely high standards for security and data protection.
To help your agency address the risk and reduce the expense associated with security and compliance, Windows Vista provides multiple layers of protection. It begins with an operating system that is designed to be secure. On top of that, Windows Vista is engineered to protect your organization from external attacks, internal threats, and unauthorized access to specific information. And, should you need to recover data, Windows Vista makes it easier to ensure that your information is backed up and accessible.
On This Page
 | Experience a system engineered for security |
| Protect information with encryption and recovery |
| Protect against external threats |
| Protect against internal threats |
| Access information more securely |
Experience a system engineered for security
Windows Vista is the first version of the Windows operating system to be developed using Microsoft's Security Development Lifecycle. The Security Development Lifecycle makes security a top priority from the start by defining a repeatable engineering process that every developer must follow and then verifying the efficacy of that process before release.
Protect information with encryption and recovery
If someone gains access to your network, it doesn't have to mean they can access your confidential information. Windows Vista helps you keep data confidential by supporting data encryption at the disk, directory, or file level, with features such as:
Windows BitLocker Drive Encryption: BitLocker Drive Encryption is a hardware-enabled data protection feature that addresses the growing concern that government and citizen data could be accessed from lost or stolen computers. By encrypting the entire Windows system volume, data is better protected, which prevents unauthorized users from compromising Windows file and system protection on any lost or stolen PCs. Using BitLocker also helps your organization comply with data privacy regulations and reduces concerns about repurposing equipment. Available with Windows Vista Enterprise or Windows Vista Ultimate, BitLocker is simple to deploy and use, and makes recovery easy if the need arises.
Encrypting File System: Encrypting File System (EFS) is useful for user-level file and folder encryption. For example, if two government workers share a computer running Windows Vista, EFS can be used to encrypt each worker's data so that it is not available to the other worker using the computer. In addition, Windows Vista enhances the administrator's ability to manage EFS on a network by supporting storage of EFS keys on smart cards. This way, the rights assigned to each individual's smart card determine what content he or she has access to on a computer and across the network.
Control over device installation: Windows Vista also includes the ability to restrict the use of universal serial bus (USB) keys and other removable storage devices with a corporate computer. With government employees increasingly using USB keys to transport work to and from work, this added layer of security will help prevent your organization's valuable intellectual property from walking out the door.
Windows Vista also makes it easier to ensure that you have a backup of your information, so that if you should need to recover information, you can do so with relative ease. Previous Versions automatically creates point-in-time copies of files as you work, so you can quickly and easily retrieve versions of a document that you may have accidentally changed or deleted.
Protect against external threats
To help protect your organization's data from external threats, Internet Explorer 7 in Windows Vista runs with enough privileges to browse the Web, but not enough for employees to modify user files or settings by default. As a result, even if a malicious Web site attacks a potential vulnerability in Internet Explorer 7, the ability of the site's code to install software, copy files to the Startup folder, or change browser settings will be reduced. The goal of protected mode privileges is to deliver an additional layer of security that makes it that much harder to attack the system, while still balancing between security and compatibility.
Windows Defender, an integrated component of Windows Vista, helps block, control, and remove spyware and other potentially unwanted software by periodically scanning individual hard drives, watching for spyware and malicious software.
Government organizations are challenged to make wireless networks secure. Many users connect to multiple networks at once. If an application or hacker can forward data requests from one network to the other, this can create a vulnerability. In Windows Vista, wireless networking is more secure by default, and includes support for the latest and most secure wireless networking protocol, WiFi Protected Access 2 (WPA2).
Finally, to further help protect your organization from external attack, Microsoft continues to improve Windows Firewall. For example, bi-directional, application-aware filtering helps prevent distributed denial of service attacks. And service hardening restricts atypical service access to files, registry, and network resources, helping to block the ability of malicious software to hijack Windows services for use in carrying out attacks.
Protect against internal threats
Increasing protection against internal threats (whether deliberate or accidental) to your organization's information resources means increasing control over what individual people can do on your network. Viruses, denial of service, unauthorized access, and theft of proprietary information are the top four causes of data loss. User Account Control helps protect government resources by letting you deploy computers with standard user privileges. Running individual application privileges at the lowest required level reduces the attack surface of the operating system, limiting the ability of malicious software to cause harm.
Access information more securely
As using the Internet becomes integrated into your administrative processes, the browser your employees use is a key defense against increasingly sophisticated Internet threats.
Windows Internet Explorer 7 in Windows Vista represents a major step forward in browser security and privacy protection. Its new architecture is designed to give users more confidence in the security of their browsing activity while also helping to protect their personal data from phishing attacks and fraudulent Web sites.
In Windows Vista, Windows Defender helps protect your system from malicious software. It monitors aspects of the operating system that malicious software uses, and before allowing the software to change your system, it asks for your approval. Windows Defender also automatically scans your system looking for suspicious software and will help you remove it.