Your SlideShare is downloading. ×
0
Security Update (February 2004)
Security Update (February 2004)
Security Update (February 2004)
Security Update (February 2004)
Security Update (February 2004)
Security Update (February 2004)
Security Update (February 2004)
Security Update (February 2004)
Security Update (February 2004)
Security Update (February 2004)
Security Update (February 2004)
Security Update (February 2004)
Security Update (February 2004)
Security Update (February 2004)
Security Update (February 2004)
Security Update (February 2004)
Security Update (February 2004)
Security Update (February 2004)
Security Update (February 2004)
Security Update (February 2004)
Security Update (February 2004)
Security Update (February 2004)
Security Update (February 2004)
Security Update (February 2004)
Security Update (February 2004)
Security Update (February 2004)
Security Update (February 2004)
Security Update (February 2004)
Security Update (February 2004)
Security Update (February 2004)
Security Update (February 2004)
Security Update (February 2004)
Security Update (February 2004)
Security Update (February 2004)
Security Update (February 2004)
Security Update (February 2004)
Security Update (February 2004)
Security Update (February 2004)
Security Update (February 2004)
Security Update (February 2004)
Security Update (February 2004)
Security Update (February 2004)
Security Update (February 2004)
Security Update (February 2004)
Security Update (February 2004)
Security Update (February 2004)
Security Update (February 2004)
Security Update (February 2004)
Security Update (February 2004)
Security Update (February 2004)
Security Update (February 2004)
Security Update (February 2004)
Security Update (February 2004)
Security Update (February 2004)
Security Update (February 2004)
Security Update (February 2004)
Security Update (February 2004)
Security Update (February 2004)
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Security Update (February 2004)

364

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
364
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Y
  • Outreach for consumers continues in CY 2004
  • y
  • y
  • Transcript

    • 1. Enhancing Customer Security: Commitment and Progress Tyler S. Farmer Sr. Technology Specialist II Education Solutions Microsoft Corporation
    • 2. Agenda <ul><li>End of Life </li></ul><ul><li>Situation </li></ul><ul><li>Commitments </li></ul><ul><li>Progress </li></ul><ul><li>Challenges ahead </li></ul>
    • 3. Product Lifecycle Guidelines <ul><li>7 Year Lifecycle </li></ul><ul><li>5 years of “Mainstream Support” </li></ul><ul><ul><li>no-charge incident support, paid incident support, support charged on an hourly basis, support for warranty claims, and hotfix support. </li></ul></ul><ul><li>2 more years of “Extended Support” </li></ul><ul><ul><li>all paid support options, security-related hotfix support (no charge.) </li></ul></ul><ul><ul><li>Non-security related hotfix support requires a separate Extended Hotfix Support contract to be purchased within 90 days after Mainstream support ends. </li></ul></ul><ul><ul><li>Microsoft will not accept requests for warranty support, design changes, or new features during the Extended support phase. </li></ul></ul><ul><li>http://support.microsoft.com/lifecycle </li></ul>
    • 4. End of Life – NT Server 4.0 <ul><li>Regular support ends Dec. 2004. </li></ul><ul><li>Security hotfix support ends Dec. 2004 </li></ul><ul><li>Non-security hotfix support ends Dec. 2003. </li></ul>
    • 5. End of Life – NT Workstation 4.0 <ul><li>Basically ended on June 30, 2003. </li></ul><ul><li>Some Security patches still coming, probably with NT Server (June 2004). </li></ul>
    • 6. End of Life – Windows 98 <ul><li>Regular support ended June 30, 2003. </li></ul><ul><li>Paid incident support extended to June 30, 2006. </li></ul><ul><li>This does not include new security fixes (available through Premier Support) </li></ul>
    • 7. Microsoft Java Virtual Machine <ul><li>According to 2001 Settlement w/ Sun, Microsoft is no longer authorized to support Java VM, starting October 2004 </li></ul><ul><li>This includes security patches </li></ul><ul><li>Diagnostic tool coming “soon” </li></ul><ul><li>http://www.microsoft.com/java </li></ul>
    • 8. Situation Process, Guidance, Tools Critical Most attacks occur here Product ship Vulnerability discovered Component modified Patch released Patch deployed at customer site Why does this gap exist?
    • 9. Exploit Timeline <ul><li>Days From Patch to Exploit </li></ul><ul><ul><li>The average is now nine days for a patch to be reverse-engineered </li></ul></ul><ul><ul><li>As this cycle keeps getting shorter, patching is a less effective defense in large organizations </li></ul></ul>Why does this gap exist? Days between patch and exploit 151 180 331 Blaster Welchia/ Nachi Nimda 25 SQL Slammer exploit code patch
    • 10. The Forensics of a Virus Vulnerability reported to us / Patch in progress Bulletin & patch available No exploit Exploit code in public Worm in the world July 1 July 16 July 25 Aug 11 <ul><li>Report </li></ul><ul><li>Vulnerability in RPC/DDOM reported </li></ul><ul><li>MS activated highest level emergency response process </li></ul><ul><li>Bulletin </li></ul><ul><li>MS03-026 delivered to customers (7/16/03) </li></ul><ul><li>Continued outreach to analysts, press, community, partners, government agencies </li></ul><ul><li>Exploit </li></ul><ul><li>X-focus (Chinese group) published exploit tool </li></ul><ul><li>MS heightened efforts to get information to customers </li></ul><ul><li>Worm </li></ul><ul><li>Blaster worm discovered –; variants and other viruses hit simultaneously (i.e. “SoBig”) </li></ul>Blaster shows the complex interplay between security researchers, software companies, and hackers
    • 11. Microsoft Commitment <ul><li>Build software and services that will help better protect our customers and the industry. </li></ul><ul><ul><ul><ul><ul><li>Better processes and tools </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Guidance and training for our customers </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Technology innovation </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Trustworthy Computing quality improvements </li></ul></ul></ul></ul></ul>
    • 12. You’ve Told Us Our Action Items “ I can’t keep up…new patches are released every week” “ The quality of the patching process is low and inconsistent” “ I need to know the right way to run a Microsoft enterprise” “ There are still too many vulnerabilities in your products” Provide Guidance and Training Mitigate Vulnerabilities Without Patches Continue Improving Quality Improve the Patching Experience
    • 13. Improve the Patching Experience New Patch Policies <ul><li>Extending support to June 2004 </li></ul><ul><ul><li>Windows 2000 SP2 </li></ul></ul><ul><ul><li>Windows NT SP6a </li></ul></ul><ul><li>Non-emergency security patches on a monthly release schedule </li></ul><ul><li>Allows for planning a predictable monthly test and deployment cycle </li></ul><ul><li>Packaged as individual patches that can be deployed together </li></ul><ul><li>Achieves benefits of security rollup with increased flexibility </li></ul>Patches for emergency issues will still release immediately
    • 14. Improve the Patching Experience Patch Enhancements Your Need Our Response By 5/04: Consolidating to 2 patch installers for W2K and higher, Office & Exchange. All patches will behave the same way (SUS 2.0, MSI 3.0) Extend patch automation to all products 11/03: SMS 2003 offers capability to patch all supported Microsoft platforms and applications By end of 2004, all MS patches behave the same at installation (MSI 3.0 + SUS 2.0) and available in one place: MS Update Reduce patch size Now: Reduced patch size by 35% or more. Will have 80% reduction by 5/04. (Delta patching technology and improved functionality with MSI 3.0) Reduce patch complexity Reduce risk of patch deployment Now : Increased internal testing; customer testing of patches pre- release. By 5/04: rollback capability for Windows, SQL, Exchange, Office Reduce downtime Now: 10% fewer reboots on W2K and higher By 5/04: 30% fewer reboots on Win 2003 (starting in SP1). Up to 70% reduction for next server
    • 15. <ul><li>Focused on operating a secure environment </li></ul><ul><li>Patterns & practices for defense in depth </li></ul><ul><li>Enterprise security checklist – the single place for authoritative security guidance </li></ul>Security Guidance for IT Pros <ul><li>Available Now </li></ul><ul><ul><li>17 prescriptive books </li></ul></ul><ul><ul><li>How Microsoft secures Microsoft guidance & tools </li></ul></ul><ul><li>Later this year and throughout 2004 </li></ul><ul><ul><li>More prescriptive & how-to guides </li></ul></ul><ul><ul><li>Tools & scripts to automate common tasks </li></ul></ul>
    • 16. Training & Guidance: IT Pros <ul><li>IT Pros: 500K customers to be trained by the end of 2004 </li></ul><ul><ul><li>Monthly Webcasts and Seminars </li></ul></ul><ul><ul><ul><li>http://www.microsoft.com/seminar/events/ security.mspx </li></ul></ul></ul><ul><ul><li>New guidance on Microsoft.com </li></ul></ul><ul><ul><ul><li>http://www.microsoft.com/guidance </li></ul></ul></ul><ul><ul><li>Security Guidance Kit CD </li></ul></ul><ul><ul><li>New monthly newsletter </li></ul></ul><ul><ul><ul><li>http://www.microsoft.com/ technet/security/secnews/newsletter.htm </li></ul></ul></ul><ul><ul><li>Proactive communications </li></ul></ul><ul><ul><ul><li>Using Virus Information Alliance collective data for better threat response </li></ul></ul></ul><ul><ul><ul><li>KB articles outline application security enhancements </li></ul></ul></ul>Global training with more guidance and best practices for securing systems and infrastructure
    • 17. <ul><li>Global Education Program </li></ul><ul><ul><li>Developer Security Seminars </li></ul></ul><ul><ul><li>MSDN Security Center </li></ul></ul><ul><ul><li>PDC Symposium </li></ul></ul><ul><li>Developer Guidance </li></ul><ul><ul><li>patterns and practices </li></ul></ul><ul><ul><ul><li>“ Building Secure ASP.NET Applications” </li></ul></ul></ul><ul><ul><ul><li>“ Improving Web Application Security” </li></ul></ul></ul><ul><ul><li>Microsoft Press </li></ul></ul><ul><ul><ul><li>“ Writing Secure Code v 2.0” </li></ul></ul></ul>Guidance and Training: Developer
    • 18. Training & Guidance: Consumers <ul><li>Consumers </li></ul><ul><ul><li>Protect Your PC education </li></ul></ul><ul><ul><ul><li>Syndicating content on retailer, OEM sites </li></ul></ul></ul><ul><ul><li>New bimonthly newsletter </li></ul></ul><ul><ul><li>Ongoing outreach via consumer advocacy groups </li></ul></ul><ul><ul><li>Blaster removal tool </li></ul></ul>Build awareness to help develop a “maintenance mindset” and encourage best practices and make protections easier to enable
    • 19. Revised November 2002 More information at http://www.microsoft.com/technet/security/policy/rating.asp Improving Patching Experience Security Bulletin Severity Rating System <ul><li>Free Security Bulletin Subscription Service </li></ul><ul><li>http://www.microsoft.com/technet/security/bulletin/notify.asp </li></ul>Exploitation is extremely difficult, or impact is minimal Exploitability is mitigated to a significant degree by factors such as default configuration, auditing, need for user action, or difficulty of exploitation Exploitation could result in compromise of the confidentiality, integrity, or availability of users’ data, or of the integrity or availability of processing resources Exploitation could allow the propagation of an Internet worm such as Code Red or Nimda without user action Definition Consider applying the patch at the next scheduled update interval Low Evaluate bulletin, determine applicability, proceed as appropriate Moderate Apply patch or workaround as soon as is feasible Important Apply the patch or workaround immediately Critical Customer Action Rating
    • 20. Beyond Patching Make corporations & perimeters more resilient to attack, even when patches are not installed <ul><li>Help stop known & unknown vulnerabilities </li></ul><ul><li>Goal: Make 7 out of every 10 patches installable on your schedule </li></ul>
    • 21. Client Shielding Enhancements <ul><li>Network Protection: Improved ICF protection turned on by default </li></ul><ul><li>Safer email: Improved attachment blocking for Outlook Express and IM </li></ul><ul><li>Safer browsing: Better user controls to prevent malicious ActiveX controls and Spyware </li></ul><ul><li>Memory Protection: Improved compiler checks (/GS) to reduce stack overruns </li></ul>Security enhancements that protect computers, even without patches; Included in Win XP SP2 (H104) with more to follow Helps stop network-based attacks, file attachment viruses and buffer overruns What it is What it does Key Features
    • 22. Client Shielding Enhancements Network Protection <ul><li>Protection turned on by default </li></ul><ul><li>Improved interface makes it easier to configure </li></ul><ul><li>Improved application compatibility </li></ul><ul><li>Enhanced enterprise administration through Group Policy </li></ul>Windows XP Internet Connection Firewall Helps stop network-based attacks, like Blaster, by closing unnecessary ports What it is What it does Key Features
    • 23. Mitigate Vulnerabilities Safer E-mail & Instant Messaging <ul><li>More secure default settings </li></ul><ul><li>Improved attachment blocking for Outlook Express and IM </li></ul><ul><li>Increased Outlook Express security and reliability </li></ul>Improved protection against malicious e-mail attachments and IM file transfers Helps stop viruses that spread through e-mail and IM, like SoBig.F What it is What it does Key Features
    • 24. Client Shielding Enhancements Safer Web Browsing <ul><li>Better protection against harmful Web downloads </li></ul><ul><li>Better user controls to prevent malicious ActiveX controls and Spyware </li></ul><ul><li>Reduced potential for IE buffer overruns </li></ul>Safer browsing using Internet Explorer Improved protection against malicious content on the Web What it is What it does Key Features
    • 25. Client Shielding Enhancements Memory Protection <ul><li>Improved compiler checks (/GS) to reduce stack overruns </li></ul><ul><li>Improved heap overrun protection </li></ul><ul><li>Leverages new processor innovations (NX) to prevent stack and heap overruns </li></ul>Reduction of potential buffer overruns Helps prevent the execution of malicious code in memory normally reserved for data What it is What it does Key Features
    • 26. Enterprise Shielding Enhancements Enterprise Quarantine <ul><li>Enforces specific corporate security requirements such as patch level, AV signature state and firewall state </li></ul><ul><li>Ensure these standards are met when </li></ul><ul><ul><li>VPN connections are made by remote clients </li></ul></ul><ul><ul><li>Wired or wireless connections are made by rogue and transient clients </li></ul></ul>Only clients that meet corporate security standards are allowed to connect; included in Win 2003 SP1 (H204) with more to follow What it is What it does Key Features Protects enterprise assets from infected computers
    • 27. Client Attack Vectors Malicious Web content Buffer overrun attacks Port-based attacks Malicious e-mail attachments
    • 28. VPN & Internal Enterprise Quarantines Infected remote client Infected local client
    • 29. Continue Improving Quality Trustworthy Computing Release Process M1 M2 Mn Beta Design Development Release Support Security Review <ul><li>Each component team develops threat models, ensuring that design blocks applicable threats </li></ul>Develop & Test <ul><li>Apply security design & coding standards </li></ul><ul><li>Tools to eliminate code flaws (PREfix & PREfast) </li></ul><ul><li>Monitor & block new attack techniques </li></ul>Security Push <ul><li>Team-wide stand down </li></ul><ul><li>Threat model updates, code review, test & documentation scrub </li></ul>Security Audit <ul><li>Analysis against current threats </li></ul><ul><li>Internal & 3 rd party penetration testing </li></ul>Security Response <ul><li>Fix newly discovered issues </li></ul><ul><li>Root cause analysis to proactively find and fix related vulnerabilities </li></ul>Design docs & specifications Development, testing & documentation Product Service Packs, QFEs
    • 30. Continue Improving Quality For some widely-deployed, existing products: Mandatory for all new products: 6 9 … 90 days … 150 days Critical or important vulnerabilities in the first… 13 23 TwC release? Yes No Bulletins since TwC release Shipped Jan. 2003, 8 months ago 1 Service Pack 3 Bulletins in prior period 9 Bulletins since TwC release Shipped July 2002, 14 months ago 0 Bulletins in prior period 5 Service Pack 3
    • 31. Improving Quality: Windows Server 36 6 Days after availability Bulletins
    • 32. Services Disabled by Default <ul><li>Alerter </li></ul><ul><li>ASP.NET State </li></ul><ul><li>ClipBook </li></ul><ul><li>Distributed Link Tracking Server </li></ul><ul><li>Fast User Switching Compat </li></ul><ul><li>IMAPI CD-Burning </li></ul><ul><li>COM Service </li></ul><ul><li>Indexing Service </li></ul><ul><li>License Logging </li></ul><ul><li>Messenger </li></ul><ul><li>NET Framework Support Service </li></ul><ul><li>NetMeeting Remote Desktop Sharing </li></ul><ul><li>Network DDE </li></ul><ul><li>Portable Media Serial Number </li></ul><ul><li>Remote Access Auto Connection Manager </li></ul><ul><li>System Event Notification </li></ul><ul><li>Task Scheduler </li></ul><ul><li>Telnet </li></ul><ul><li>Terminal Services Session Directory </li></ul><ul><li>Themes </li></ul><ul><li>Upload Manager </li></ul><ul><li>Wireless Zero Configuration </li></ul><ul><li>Web Client </li></ul><ul><li>Windows Audio </li></ul>
    • 33. Reduced Attack Surface <ul><li>Windows Server 2003 disables 20+ Services </li></ul><ul><li>IIS is not installed on Windows 2003 Server </li></ul><ul><li>Now IF you install IIS… </li></ul>Small Attack Surface! disabled X BITS disabled X ASP.NET enabled enabled enabled enabled enabled enabled enabled enabled enabled enabled enabled enabled IIS 5.0 clean install disabled FTP disabled SMTP disabled Password Change Functionality disabled Frontpage Server Extensions disabled CGI disabled Internet Printing ISAPI disabled Index Server ISAPI disabled WebDAV disabled Internet Data Connector disabled Server-side includes disabled ASP enabled Static file support IIS 6.0 clean install IIS components
    • 34. Technology <ul><li>Windows XP SP2 </li></ul><ul><ul><li>Easier, effective management of PC security that puts the customer in control </li></ul></ul><ul><ul><li>Network protection, s afer e-mail and Web browsing, memory protection </li></ul></ul><ul><ul><li>Beta 1 released on December 19, 2003 </li></ul></ul><ul><ul><li>Availability: target RTM H1 CY04 </li></ul></ul>New security technologies for Windows XP to make systems more resilient against attack
    • 35. Preview: Windows XP SP2 Windows Firewall enhancements with more granular control
    • 36. Pop-up blocking
    • 37. Pop-up blocking
    • 38. Technology <ul><li>Windows Server 2003 SP1 </li></ul><ul><ul><li>Role-based security configuration </li></ul></ul><ul><ul><li>Network client and remote VPN inspection </li></ul></ul><ul><ul><li>Availability: RTM H2 CY04 </li></ul></ul><ul><li>ISA Server 2004 </li></ul><ul><ul><li>Application Layer Filtering </li></ul></ul><ul><ul><li>Simplified management tools </li></ul></ul><ul><ul><li>Enhanced user interface </li></ul></ul><ul><ul><li>Availability: RTM H1 CY04 </li></ul></ul>Commitment: Update Windows Server 2003 and improve edge protection with technologies that enable a more secure infrastructure
    • 39. Security for Tomorrow Author Script-Kiddy Undergraduate Expert Specialist Vandal Thief Spy Trespasser National Interest Personal Gain Personal Fame Curiosity
    • 40. An Evolving Threat Undergraduate Expert Specialist Largest area by volume Largest area by $ lost Script-Kiddy Largest segment by $ spent on defense Fastest growing segment Author Vandal Thief Spy Trespasser National Interest Personal Gain Personal Fame Curiosity
    • 41. An Evolving Threat Undergraduate Expert Specialist Script-Kiddy Fastest growing segment Author Vandal Thief Spy Trespasser National Interest Personal Gain Personal Fame Curiosity
    • 42. Security for Tomorrow <ul><li>Better use of existing technology </li></ul><ul><ul><li>RPC over HTTP </li></ul></ul><ul><ul><li>Identity management </li></ul></ul><ul><ul><li>Secure wireless </li></ul></ul><ul><li>Industry involvement </li></ul><ul><ul><li>Continuing partnerships </li></ul></ul><ul><ul><li>Expanding the Virus Information Alliance </li></ul></ul><ul><ul><li>Expanding “Protect Your PC” outreach for consumers </li></ul></ul><ul><li>Enforcement </li></ul><ul><ul><li>Law enforcement assistance </li></ul></ul><ul><ul><li>Reward fund </li></ul></ul><ul><li>Ongoing vigilance </li></ul><ul><ul><li>Continued internal training and focus on building secure code </li></ul></ul><ul><ul><li>Leadership, innovation, partnership </li></ul></ul>
    • 43. Microsoft’s Commitments Steve Ballmer’s Speech – Oct. 9, 2003. http://www.microsoft.com/presspass/exec/steve/2003/10-09wwpc.asp <ul><li>“Security is our #1 Priority” </li></ul><ul><li>#1 “We will move to one patching experience by May of next year that works across Windows and all of the application products.” </li></ul><ul><li>#2 “Better quality in the patches” and “Rollback capability for all patches.” </li></ul><ul><li>#3 “Reduce the size of patches.” </li></ul><ul><li>#4 “Cut the # of reboots by 30%” </li></ul>
    • 44. Microsoft’s Commitments Steve Ballmer’s Speech – Oct. 9, 2003. http://www.microsoft.com/presspass/exec/steve/2003/10-09wwpc.asp <ul><li>#5 – Microsoft Update instead of just Windows Update </li></ul><ul><li>#6 – Monthly patches (except for critical) </li></ul><ul><li>#7 – Starting in December, Technet Security training sessions </li></ul><ul><li>#8 – Monthly Webcasts with Mike Nash </li></ul><ul><li># 9 – Report on “How Microsoft Secures Microsoft” </li></ul>
    • 45. Microsoft’s Commitments Steve Ballmer’s Speech – Oct. 9, 2003. http://www.microsoft.com/presspass/exec/steve/2003/10-09wwpc.asp <ul><li>#10 – “Patching is critical, but insufficient” – Goal is to make 70% of patches installable on your schedule, not Microsoft’s </li></ul><ul><ul><li>This is the quarantine technologies mentioned earlier </li></ul></ul><ul><li>#11 – Browser work so Active X controls are “sandboxed”, limit potential damage </li></ul><ul><li>#12 – Improve memory protection for buffer overruns </li></ul>
    • 46. Microsoft’s Commitments Steve Ballmer’s Speech – Oct. 9, 2003. http://www.microsoft.com/presspass/exec/steve/2003/10-09wwpc.asp <ul><li>“ There is much to do still, much, much, much to do on security. </li></ul><ul><li>It's a journey.” </li></ul>
    • 47. Resources <ul><li>General </li></ul><ul><ul><li>http://www.microsoft.com/security </li></ul></ul><ul><li>Consumers </li></ul><ul><ul><li>http://www.microsoft.com/protect </li></ul></ul><ul><li>IT Professionals </li></ul><ul><ul><li>http://www.microsoft.com/ technet /security </li></ul></ul><ul><li>Patch Management </li></ul><ul><ul><li>http://www.microsoft.com/ technet /security/topics/patch </li></ul></ul><ul><li>Best Practices for Defense in Depth </li></ul><ul><ul><li>http://www.microsoft.com/security/guidance </li></ul></ul><ul><li>How Microsoft Secures Microsoft </li></ul><ul><ul><li>http://www.microsoft.com/ technet/itsolutions/msit / security/ mssecbp.asp </li></ul></ul><ul><li>MSDN Security Development Tools </li></ul><ul><ul><li>http:// msdn.microsoft.com /security/downloads/tools/ default.aspx </li></ul></ul>
    • 48. Now for the Gentle Q&A…
    • 49. © 2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.
    • 50. Screen shots to illustrate XP SP2
    • 51. Windows Firewall Enhancements Firewall on Firewall off
    • 52. Main control panel Group policy enabled Domain-joined & controlled by group policy
    • 53. Main CPL Exceptions tab Firewall on: Default state of tab Alt text on mouseover
    • 54. Main CPL Exceptions tab Group Policy enabled = Check box & name grayed out, details column added. Group Policy controlled items cannot be selected or edited, but alt text works on mouseover.
    • 55. Main CPL Exceptions tab Advanced users may add up to two extra details columns by right-clicking in the header area: “Port No.” and “Open for”
    • 56. From Exceptions tab Add/Edit a Program Add a Program Same format as “Open with” dialog Edit a Program Full path included for security reasons
    • 57. Pop-up blocking
    • 58. Pop-up blocking

    ×