This access token can be used in cases where the set of objects written to by the service is bounded. Write attempts to resources that then do not explicitly grant the Service SID access will fail. Microsoft moved services from Local System Context to a less privileged account such as Local Service or Network Service. This reduces the overall privilege level of the service, which can be compared to the already discussed User Account Control (UAC). And then the removal of un-necessary Windows privileges on a per-service basis.
Services are assigned to a network firewall policy, which will prevent unwanted or unpredicted network access outside the normal bounds of the service. The firewall policy is linked directly to per-service SID. It this case an attack platform from the local machine to the network is more difficult to accomplish or even prevented. These restrictions are under the firewall settings and they can be found in the registry: HKEY_LOCAL_MACHINE\SYSTEM\ControlS et001\Services\SharedAccess\Parameters\Fir ewallPolicy\RestrictedServices\Static\System. The firewall is discussed in the next section.
BESIDES THE FIREWALL THAT HAS CHANGED, IN WINDOWS VISTA THE WHOLE TCP/IP STACK HAS BEEN RE-WRITTEN / RE-DESIGNED. Layered approach Security is in most cases a layered approach and Service Hardening provides a part of this concept and is just an additional layer of protection for services based on the security principle of defense-in-depth. However it cannot guarantee services from being compromised. The defense-in-depth strategy will certainly make it much harder to get an easy attack platform, Windows firewall, UAC, patch management practices and Integrity Levels will fill in other important layers. Windows Vista Firewall
there are even API’s available. The new TCP/ IP-stack supports IPv6 and a dual IP layerarchitecture. I advise those of you who are interested in more to visit tinyurl.com/dkklc. The firewall in Vista supports rules for incoming traffic, simply dropping all unsolicited incoming traffic that does not correspond to traffic sent in response to a request of the computer (solicited traffic) or traffic that has been specified as allowed (excepted traffic in a pre-defined firewall-rule). It seems a dull topic but is really crucial as it helps prevent the infection of computers by network-level viruses and worms that spread most of the times through incoming traffic. So far so good and nothing really new.
At first, the Windows Vista firewall looks very similar like that of Windows XP. In fact, the user interface in Windows Vista is nearly identical to that of Windows XP. But the real secret lies underneath the surface. Most advanced setting can’t be reached via the standard GUI which is more targeted towards home-endusers by all respect. You can really ultimately tune the firewall settings by using Group Policy or the firewall MMC snap-in. I’ll return on that later.
What really is new, is the fact (in comparison with windows XP) that Vista Firewall supports filtering for outgoing traffic or applicationaware outbound filtering which gives full bidirectional control over traffic.
Besides the firewall that has changed, in Windows Vista the whole TCP/IP stack has been re-written / re-designed. The new architecture Windows Filtering Platform (WFP) did increase the performance significantly and
• Block all incoming traffic unless it is solicited or it matches a configured rule. • Allow all outgoing traffic unless it matches a configured rule.
www.insecuremag.com
Since a whole bunch of business applications may use different ports, Microsoft decided to not enable outgoing filtering by default. The default behavior of the new Windows Firewall will then be:
15