Security can't work without encryption, and of course Microsoft operating systems (except for
MS-DOS) have all included some kind of encryption since Microsoft released OS/2 1.0 in
1987. But over the years, the sort of encryption that Microsoft builds into its OSes, and what
it does with them, changes. Here are few notes on new crypto capabilities in Vista.
Vista includes new cryptographic services
Every software vendor has to make the choice about whether to try creating its own encryption
algorithms or to employ standard algorithms. It might seem at first glance that a software
vendor would be better off building their own encryption algorithm and keeping its inner
workings secret, but according to security expert Bruce Schneier, writing in his book Secrets
and Lies: Digital Security in a Networked World (Wiley, 2000), the better route is not to build
crypto algorithms that are studied and
cross-checked by a handful of insiders, but instead to
use a crypto algorithm that's been reviewed by hundreds of mathematical experts. In his book
Schneier took Microsoft to task for this, claiming that every single time that Microsoft creates
a proprietary cryptographic algorithm, it's cracked in just a few months.
I don't know if that always happens, but it's surely happened enough. Maybe that's why
Microsoft's using more and more standard cryptographic algorithms. (Maybe they read
Schneier's book?) Two that come to mind are the Secure Hashing Algorithm (SHA) and the
Advanced Encryption System (AES). Both were developed under the aegis of the U.S. government's
National Institute for Standards and Technology (NIST) with the intention of providing
a well-thought-out set of algorithms for hashing (SHA) and encryption (AES). AES seems
well thought of in the crypto community, but SHA has been attacked successfully in some specialized
situations. The most recent version of SHA, "SHA-2," has not been successfully
attacked as I write this.
Microsoft has had AES built into XP since SP1 and 2003 since its original release, but only
in limited use; as far as I know, the only use XP had for AES was in the Encrypting File System
(EFS). With Vista, Microsoft says that you will be able to use AES for encryption with IPsec.
Granted, it's not earth-shaking, as previously only offered Triple DES (Data Encryption Standard),
and cracking TDES probably won't be practical for some time, but it's a step ahead. Adding SHA-2 to IPsec will also be good, but I should note that as I write this, the Group Policy interface does not show options for either AES or SHA-2. I can confirm, however, that another Windows technology, BitLocker Full Volume Encryption, does indeed use AES in 128-bit and 256-bit encryption. (You can read more about BitLocker in Chapter 5.)
You can encrypt your pagefile
Here's good news for the completely paranoid: You can encrypt your pagefile. Just take my
advice…don't. Not unless you want to wait, say, an hour or so every time you turn your computer
on while you wait for it to decrypt a gigabyte or so of pagefile.
Offline Files folders are encrypted per user
Offline Files is a great technology that allows you to cache data from oft-used file shares
locally. It first appeared in Windows 2000 and while it's not for everyone, lots of people like
it. But once details of how Offline Files works got out, people soon realized that it presented
something of a security hole. You see, in Windows 2000, all of the cached files were stored in
a directory easily viewed by any user. Thus, if I shared a computer with you and you used
Offline Files, then I could poke around the folder holding the cached files -- everyone on the
same machine shared the same folder - and that might not be good.
When XP came around, Microsoft encrypted the folder that held the cached Offline Files
data. But the process that did the encrypting was a service that ran as the LocalSystem account,
which meant that the EFS encryption key for the Offline Files data was easily utilized by anyone
running as LocalSystem. Unfortunately, it turned out to be really easy to log on as Local-
System -- just use the at.exe scheduler program to start up a command prompt; as the
scheduler program runs as LocalSystem, you get a command prompt running under the Local-
System account -- cracking Offline Files to peek into the cached files of someone who shares
your machine was still relatively easy.
Vista changes that in two ways. First of all, everyone's cached files are cached with their
EFS key, not LocalSystem's. Second, even if Microsoft hadn't changed that about the operating
system, it'd still be pretty tough to exploit, as logging on as LocalSystem has gotten a lot
harder. All of the old tricks that I've been able to use in the past to log on as LocalSystem no
longer work in Vista!
Check out other excerpts from this chapter of Mark's book, Administering Windows Vista Security: The Big Surprises.
SearchWindowsSecurity.com also features excerpts from chapter eight, "Locking Up the Ports: Windows Firewall", of Mark Minasi's book, "Mastering Windows Server 2003 Upgrade Edition for SP1 and R2."
|
 Mark Minasi is a best-selling author, commentator and all-around alpha geek. Mark is best known for his books in the Mastering Windows series. What separates him from others is that he knows how to explain technical things to normal humans, and make them laugh while doing it. Mark's firm, MR&D, is based in Pungo, a town in Virginia's Tidewater area that is distinguished by having one -- and only one -- traffic light.
Copyright 2005 TechTarget |
|
