S 3.209 Windows XP client
Description
Workplace PCs (WPCs) running the Windows XP Professional operating system are discussed in this module. Windows XP is the follow-up product of Windows 2000 Professional. The security of this operating system plays an important role for the security in an information system, since vulnerabilities on the operating system level can have an effect on the security of all applications and the entire network. This module describes the security safeguards that must be implemented for a WPC running Windows XP. The safeguards particularly apply to the planning and operation of a Windows XP client in a domain environment. Installations of Windows XP stand-alone computers are only briefly addressed. The server-specific security safeguards relevant for operating clients in a domain environment are described in the server modules of layer 3 (see, for example, module S 3.6 Servers under Windows 2000).
Threat scenario
Like all IT systems, clients under Microsoft Windows XP are exposed to numerous threats. Successful attacks frequently make use of erroneous configurations of one or more system components. This means that correct configuration of the system and its components plays a very important role. In general, it is true that the threat scenarios for individual computers always depend on the operational scenario, and that each of these threats also poses a threat to the overall system. It must be taken into account that all attacks on PCs which are not connected to a network (see "Deliberate acts") require local access to the computer (console).
The following typical threats to the IT-Grundschutz are assumed to exist when using individual PCs running the Windows XP operating system.
Force Majeure
| T 1.2 | Failure of the IT system |
| T 1.4 | Fire |
| T 1.5 | Water |
| T 1.8 | Dust, soiling |
Organisational Shortcomings
| T 2.7 | Unauthorised use of rights |
| T 2.9 | Poor adjustment to changes in the use of IT |
Human Error
| T 3.2 | Negligent destruction of equipment or data |
| T 3.3 | Non-compliance with IT security measures |
| T 3.6 | Hazards posed by cleaning staff or outside staff |
| T 3.8 | Improper use of the IT system |
| T 3.9 | Improper IT system administration |
| T 3.22 | Improper modification of the registry |
| T 3.48 | Incorrect configuration of Windows computers |
Technical Failure
| T 4.1 | Disruption of power supply |
| T 4.7 | Defective data media |
| T 4.23 | Automatic recognition of removable data media |
Deliberate Acts
| T 5.2 | Manipulation of information or software |
| T 5.4 | Theft |
| T 5.7 | Line tapping |
| T 5.9 | Unauthorised use of IT systems |
| T 5.18 | Systematic trying-out of passwords |
| T 5.21 | Trojan horses |
| T 5.23 | Malicious software |
| T 5.43 | Macro viruses |
| T 5.52 | Misuse of administrator rights in Windows operating systems |
| T 5.71 | Loss of confidentiality of classified information |
| T 5.79 | Unauthorised acquisition of administrator rights under Windows systems |
| T 5.83 | Compromising cryptographic keys |
| T 5.85 | Loss of integrity of information that should be protected |
Method recommendation
To secure the information system examined, other modules will need to be implemented in addition to this module. These modules are selected according to the results of the IT-Grundschutz modelling process.
Based on the threats to networked devices listed above, several safeguards are particularly highlighted. In particular, safeguards meant to protect against attacks from the network must be implemented with great care. Efficient, centralised administration of clients makes an important contribution to maintaining a high security standard. Uniform configuration specifications facilitate the auditing of undesired changes to the configuration; changes to the security specifications can take effect more quickly on all clients and software updates can be distributed faster. The majority of recommended safeguards in the area of hardware/software can be implemented via centrally specified group policies. If an organisation intends to use Microsoft Active Directory, its use must be planned thoroughly.
The administration of Windows XP clients in Windows NT domain environments is a special case. In this case, only the Windows NT system policies are available as tools for central administration. However, due to the technical restrictions of this solution, the use of system policies for Windows XP is not recommended. The use of Active Directory group policies should be considered to administer clients under Windows XP.
Instead of domains, clients under Windows XP can also be used in working groups. In this case, the management of all security features is carried out locally on each single client. Shared resources on individual computers can only be managed and monitored with great difficulty. Data backup also poses a problem. Due to the networking, however, several network-based safeguards can be applied, e.g. the use of security templates for the configuration and automatic update of the operating system by means of the Software Update Service.
A series of safeguards must be implemented to successfully and securely configure clients running Windows XP, ranging from the design to installation through to operation.
The steps to take to accomplish this as well as the safeguards to consider in each of the steps are listed in the following.
Planning and Design
After the decision has been made to use Windows XP as client operating system, its application should first be planned (see safeguard S 2.324 Planning the introduction of Windows XP, Vista and Windows 7). At the same time, a security policy must be drawn up (see safeguard S 2.325 Planning the Windows XP, Vista and Windows 7 security policies), which, on the one hand, implements the existing security policies in the Windows XP context and, on the other, defines the extensions specific to Windows XP.
In a networked environment, the use of a central administration system is recommended. For this purpose, Microsoft Active Directory, for instance, can be used. The use of group policies, in particular, allows security policies to be implemented centrally in a relatively simple way. When operating a Windows XP stand-alone system, the use of local group policies is recommended. Safeguard S 2.326 Planning the Windows XP, Vista and Windows 7 group policies contains the corresponding recommendations regarding the use of group policies to configure and manage a Windows XP system.
Additional aspects must be considered in the planning phase. They apply, in particular, to the secure configuration of a Windows XP system. The following safeguards are relevant for this purpose:
- S 4.244 Secure configuration of Windows client operating systems
- S 4.245 Basic settings for Windows Group Policy Objects
- S 4.246 Configuration of the system services under Windows XP, Vista and Windows 7
- S 5.123 Securing network communication in Windows
- S 4.247 Restrictive assignment of authorisations under Windows Vista and Windows 7
If specific remote access options are planned when using Windows XP in a company or agency, the appropriate technologies must be selected in the planning phase, and the associated security aspects must be evaluated (in this respect, see safeguard S 2.327 Secure remote access under Windows XP, Vista and Windows 7).
If Windows XP will be used on portable computers, then the corresponding security aspects must be taken into account during the planning phase. Safeguard S 2.238 Use of Windows XP on mobile computers summarises the security aspects specifically related to Windows XP.
Windows XP offers several administration tools that can already help in the planning and test phase to avoid configuration errors; their use definitely results in improved security.
Safeguard S 4.243 Windows client operating system administration tools gives an overview of the most important tools.
Implementation
In the implementation phase, all safeguards that prepare and ensure the secure operation of the system are implemented. This especially includes safeguards taken to ensure security during installation and when specifying the basic configuration of the system.
Once the preparatory organisational and planning tasks have been completed, the Windows XP systems can be installed. Special care must be taken during installation in this case. S 4.248 Secure installation of Windows client operating systems contains a summary of the relevant recommendations. It is necessary to determine in advance during the planning phase which aspects need to be taken into account for the configuration of a Windows XP system.
Operation
After the initial installation and a test operation phase, regular operations can be initiated. The following security aspects must be taken into account in this phase:
- A Windows XP system usually changes on a daily basis. Every time a change is made, it must be ensured that the security is not impaired after the change has been made. The aspects to be taken into account during the regular operation phase are summarised in safeguard S 4.146 Secure operation of Windows client operating systems.
- One method used in the framework of maintaining the security of a Windows XP network is to monitor the system and/or its individual components. The safeguards to be considered in this respect are summarised in S 4.148 Monitoring a Windows 2000/XP Systems. Data protection aspects play a particularly important role in this case.
- Windows XP systems, like other IT systems, are subject to general security risks. To substantially reduce the probability of a successful attack, Windows XP systems must be kept up to date. The corresponding recommendations can be found in S 4.249 Keeping Windows client systems up to date.
- For Windows XP systems already in operation, the effects resulting from the installation of Service Pack 2 must be taken into account (in this respect, see S 2.329 Introduction of Windows XP SP2).
- Regular checks of the currently valid security settings and, in general, of the existing security policies are decisive for the security of the Windows XP systems currently in operation. The aspects to be considered in this regard are summarised in S 2.330 Regular checks of the Windows XP, Windows Vista and Windows 7 security policies and their implementation.
- Windows XP offers several administrative tools whose use is recommended from a security perspective, since it is possible with the aid of these tools to also avoid security-related configuration errors, among other things. Furthermore, these tools are useful when troubleshooting and/or when performing audits (see S 4.243 Windows client operating system administration tools).
Disposal
If a Windows XP APC is decommissioned, care must be taken that the stored data do not fall into the wrong hands and cannot be misused. The stored data also includes passwords, cookies, temporary Internet files etc. When archiving data, it must also be considered that access is retained even if the earlier user of a WPC has left the organisation, for instance. The same requirements apply when a WPC is moved from one user to another.
Contingency Planning
In addition to performing regular backups during operation, contingency planning also plays a particularly important role, since this is the only way to reduce the damage resulting from an emergency. Information on contingency planning can be found in S 6.76 Creation of a contingency plan for failure of Windows systems. Information on data backups can be found in S 6.78 Data backup under Windows clients.
The bundle of security safeguards for the "Windows XP client" module is presented in the following.
Planning and design
| S 2.324 | (A) | Planning the introduction of Windows XP, Vista and Windows 7 |
| S 2.325 | (A) | Planning the Windows XP, Vista and Windows 7 security policies |
| S 2.326 | (A) | Planning the Windows XP, Vista and Windows 7 group policies |
| S 2.327 | (B) | Secure remote access under Windows XP, Windows Vista and Windows 7 |
| S 2.328 | (B) | Use of Windows XP on mobile computers |
| S 4.147 | (Z) | Secure use of EFS under Windows |
| S 4.243 | (Z) | Windows client operating system administration tools |
| S 4.244 | (A) | Secure configuration of Windows client operating systems |
| S 4.245 | (A) | Basic settings for Windows Group Policy Objects |
| S 4.246 | (A) | Configuration of the system services under Windows XP, Vista and Windows 7 |
| S 4.247 | (A) | Restrictive assignment of authorisations under Windows Vista and Windows 7 |
| S 5.123 | (B) | Securing network communication in Windows |
Implementation
| S 2.32 | (Z) | Establishment of a restricted user environment |
| S 3.28 | (A) | User training on Windows client operating system security mechanisms |
| S 4.48 | (A) | Password protection under Windows systems |
| S 4.49 | (A) | Protection of the boot procedure for a Windows system |
| S 4.52 | (A) | Device protection under Windows NT/2000/XP |
| S 4.57 | (A) | Disabling automatic CD-ROM recognition |
| S 4.75 | (A) | Protection of the registry under Windows systems |
| S 4.149 | (A) | File and share authorisations in Windows |
| S 4.248 | (A) | Secure installation of Windows client operating systems |
| S 5.89 | (A) | Configuration of the Secure Channel under Windows |
| S 5.90 | (Z) | Use of IPSec under Windows |
Operation
| S 2.329 | (A) | Introduction of Windows XP SP2 |
| S 2.330 | (B) | Regular checks of the Windows XP, Windows Vista and Windows 7 security policies and their implementation |
| S 4.56 | (C) | Secure deletion under Windows operating systems |
| S 4.146 | (A) | Secure operation of Windows client operating systems |
| S 4.148 | (B) | Monitoring a Windows 2000/XP system |
| S 4.249 | (A) | Keeping Windows client systems up to date |
Contingency Planning
| S 6.76 | (C) | Creation of a contingency plan for failure of a Windows network |
| S 6.78 | (A) | Data backup under Windows clients |