Introduction to Security Features in Microsoft Office 2010
Hardware and software technology that helps harden the attack surface by helping to protect against the malicious code exploits. Microsoft Office file validation is a software component that helps you to reduce attack surface by identifying files that do not follow a valid file format definition. Settings managed in the Trust Center and through Group Policy that help reduce the attack surface by providing more specific control over the file types that an application could access. A feature that helps mitigate attacks by the enabling users to preview untrusted or potentially harmful files in a sandbox environment.
Microsoft Office 2010 also provides several security improvements that have a direct affect on information worker productivity. Improvements in the Message Bar user interface, Trust Center user interface settings and a trust model that persists users trust decisions are some examples of the new features that help make the security decisions and actions less intrusive to information workers. In addition, many of the new and enhanced security controls could be managed through Group Policy settings. This makes it easier for you to enforce and maintain the organizations security architecture.
The security architecture of Microsoft Office 2010 helps you extend the defense-in-depth strategy beyond desktop security tools by providing the countermeasures for a layered defense. When implemented these countermeasures take effect the moment a user attempts to the open a file by using an Microsoft Office 2010 application and they continue to provide the multiple layers of defense until the file is open and ready for editing. This defensive layer helps harden attack surface of the Microsoft Office 2010 applications by using a countermeasure known as Data Execution Prevention. The DEP helps prevent buffer overflow the exploits by identifying files that attempt to run code from a part of memory reserved only for data. You could manage DEP settings in the Trust Center or through Group Policy settings. This defensive layer helps reduce the attack surface of Microsoft Office 2010 applications by limiting the kinds of the files that applications could open and by preventing applications from running certain kinds of the code that is embedded in files.
- Office File Validation
- File block settings
- Digital signature improvements
- Encrypt with password improvements
- Integrity checking of encrypted files
Office File Validation
Office File Validation, this software component scans files for the format differences and based on the implemented setting could prevent a file from being opened for the editing if the format is not valid. A file that contains a file format exploit against an Microsoft Office 2010 application is the one example of a file that is not valid. By default, Office File Validation is enabled and is primarily managed through the Group Policy settings.
File block settings
File block settings was introduced in Microsoft Office 2007 to help reduce the attack surface, these settings enable you to prevent applications from opening and saving certain file types. In addition, you could specify what would occur if you allow a file type to be opened. You could specify whether a file type is opened in Protected View and whether the editing is allowed. The several new file block settings have been added in Microsoft Office 2010 features. You could manage the file block settings in the Trust Center and through Group Policy settings
Trusted time stamping is now supported in the digital signatures which makes Office documents compatible with the W3C XML Advanced Electronic Signatures standard. The trusted time stamping helps ensure that digital signatures remain valid and legally defensible even if the certificate that is used to sign the document expires. The trusted time stamping support is available only in Microsoft Excel 2010, Microsoft Access 2010, Microsoft PowerPoint 2010, and Microsoft Word 2010.You could also configure and manage trusted time stamping through several new Group Policy settings.
The Encrypt with Password feature is now compliant with the ISO/IEC 29500 and ISO/IEC 10118-3:2004 requirements. This feature is also the interoperable between MicrosoftÂ Office 2010 and Microsoft Office 2007 with Service Pack 2 (SP2), but only if the host operating systems support the same cryptographic providers. In addition Microsoft Office 2010 includes several changes in the user interface that make the Encrypt with Password feature easier for the users to understand and implement.
Administrators could now decide whether to implement a hash-based message authentication code (HMAC) when a file is encrypted, which could help determine whether someone has tampered with a file. The HMAC is fully compliant with the Windows Cryptographic API. The Next Generation (CNG), enabling administrators to configure the cryptographic provider, hash and context that are used to generate the HMAC. These parameters are configurable through the Group Policy settings.
iYogiÂ is the fastest growing online and remote tech support provider in the direct-to-consumers and small businesses sector. Our highly skilled and experienced tech experts available, 24x7x365 can provide the best issue resolution and customer satisfaction.
- Comprehensive support for configuring Microsoft Outlook 2010
- Diagnostic & repair for your technologies
- Troubleshoot software errors
- Update drivers and security to protect against online threats
- Connect to Internet, devices, and peripherals
- Optimize your computer’s speed and performance.