Service Enhancement Policy is one of the many security mechanisms in Windows
Vista and Server Operating System (Longhorn Server). Attackers generally use vulnerabilities that can damage the system to invade. Because it is not possible to shut down all the services of the system, it is not easy. The new version of the operating system will add some new features, making it more difficult to use the system services to destroy. .
Here are some new service security enhancement strategies for Vista:
1. SCM is responsible for managing services
Services are programs managed by the Service Control Manager (SCM), which builds a Install the service's database while managing the status of each service. Various services usually start automatically when Windows starts, which makes it easy for attackers to attack.
2. Higher privilege equals higher security risk
In the previous version of the Windows operating system, most of the services were executed under the local system account with the highest privilege. This means that if the service is compromised, the attacker can cause serious damage to the system because they can manipulate almost all the data in the computer.
3. Vista and Longhorn Server use minimal permissions to execute services
To reduce the risk of being attacked, the permissions that are not needed for any service are cleared. In Vista and Longhorn, many of the services that were performed using local system administrative privileges have now been run with accounts with lower privileges, such as NetworkService or LocalService, and all services are run with the least possible privileges.
4. Vista uses "quarantine" technology to protect services
The isolation technology contains a technology called "0 session isolation", which prevents the user's application from executing in session 0 (this is Windows) The first session established at startup). Only system services and other applications that are not related to the user process can be executed in this session. This prevents system services from being affected by other applications.
5. Vista generates a Security IdentifIEr (SID) for each system service.
Providing a security identity for each service allows the services to be distinguished from each other, allowing the operating system to apply the Windows access control mode for the service. The so-called Windows access control mode is to restrict the access rights of users and user groups to restrict different access rights for each different service.
6. In Vista, you can apply access control lists (ACLs) to services. ACLs are a set of access control items (ACEs). Resources on the network contain a security description of the ACL. The ACL specifies which account or device can access this resource.
7. Vista Network Firewall can create security policies for services
This policy is associated with the SID of the service, allowing you to control how the service accesses the network, preventing it from using the network in an impermissible manner, such as sending data to the outside. Net and so on. The Vista firewall is included in the service security hardening strategy.
8. Restrict the function of the service, prevent the service from modifying the registry and accessing the system files.
If a system service needs the above functions to function properly, it can also be set to access only the registry or system files. region. It also limits the ability of the service to perform system settings changes or other features that could lead to an attack.
9. Each service is assigned a service security hardening strategy script in advance
This script specifies the services that can and cannot be executed. Based on the description of this script, SCM only provides the permissions available to these services. These operations are done in the background and do not require additional settings.
10. Service hardening mechanism is not to protect system services from attack
Service security hardening is provided by Windows Firewall and other protection mechanisms. The service security enhancement strategy is designed to reduce the harm caused by the service being compromised. It provides more protection for the inner layers of Vista's multi-layered security protection mechanism.