Upload
intergen
View
329
Download
1
Tags:
Embed Size (px)
DESCRIPTION
We ran the "Windows Accelerate IT Pro Bootcamp" one day hands-on workshop in early June 2014. These eight modules were designed to get IT managers, project managers, sysadmin and devops up to speed with the new Windows 8.1 and Office 2013. The bootcamp focused on how to move off earlier versions of Windows and Office to a modern desktop and tablet platforms with the latest security and mobility technologies. Keep an eye in our SlideShare feed for all eight modules: Windows Accelerate IT Pro Bootcamp: Introduction (Module 1 of 8) Windows Accelerate IT Pro Bootcamp: Platform Delivery (Module 2 of 8) Windows Accelerate IT Pro Bootcamp: Windows ToGo (Module 3 of 8) Windows Accelerate IT Pro Bootcamp: Security (Module 4 of 8) Windows Accelerate IT Pro Bootcamp: UE-V (Module 5 of 8) Windows Accelerate IT Pro Bootcamp: App-V (Module 6 of 8) Windows Accelerate IT Pro Bootcamp: Devices (Module 7 of 8) Windows Accelerate IT Pro Bootcamp: Closing (Module 8 of 8) For other events (Intergen or Microsoft Community) check our events page at http://www.intergen.co.nz/upcoming-events/
Citation preview
Chris Hallum Senior Product Manager
Windows 8.1Security Advancements
Windows 8 Security
Windows 8 Security - The
Impact
Changing Threat Landscape
Windows 8.1 End to End
Security
Key Threats• Passwords under attack• Digital identity theft
and misuse• Signatures based AV
unable to keep up• Digital signature
tampering• Browser plug-in exploits• Data loss on BYOD
devices
Key Threats• Melissa (1999), Love
Letter (2000)• Mainly leveraging
social engineering
Key Threats• Code Red and Nimda
(2001), Blaster (2003), Slammer (2003)
• 9/11• Mainly exploiting buffer
overflows• Script kiddies• Time from patch to
exploit: Several days to weeks
Key Threats• Zotob (2005)• Attacks «moving up the
stack» (Summer of Office 0-day)
• Rootkits• Exploitation of Buffer
Overflows• Script Kiddies• Raise of Phishing• User running as Admin
Key Threats• Organized Crime• Botnets• Identity Theft• Conficker (2008)• Time from patch to
exploit: days
Key Threats• Organized Crime,
potential state actors• Sophisticated Targeted
Attacks• Operation Aurora
(2009)• Stuxnet (2010)
Windows 8.1• Touch Fingerprint
Sensors• Improved Biometrics• TPM Key Attestation• Certificate Reputation• Improved Virtual
Smartcards• Provable PC Health• Improved Windows
Defender• Improved Internet
Explorer• Device Encryption (All
Editions)• Remote Business Data
Removable
Windows XP• Logon (Ctrl+Alt+Del)• Access Control• User Profiles• Security Policy• Encrypting File System
(File Based)• Smartcard and PKI
Support• Windows Update
Windows XP SP2• Address Space Layout
Randomization (ASLR)• Data Execution
Prevention (DEP)• Security Development
Lifecycle (SDL)• Auto Update on by
Default• Firewall on by Default• Windows Security
Center• WPA Support
Windows Vista• Bitlocker• Patchguard• Improved ASLR and
DEP• Full SDL• User Account Control• Internet Explorer Smart
Screen Filter• Digital Right
Management• Firewall improvements• Signed Device Driver
Requirements• TPM Support• Windows Integrity
Levels• Secure “by default”
configuration (Windows features and IE)
Windows 7• Improved ASLR and
DEP• Full SDL• Improved IPSec stack• Managed Service
Accounts• Improved User Account
Control • Enhanced Auditing• Internet Explorer Smart
Screen Filter• AppLocker• BitLocker to Go• Windows Biometric
Service• Windows Action Center• Windows Defender
Windows 8• UEFI (Secure Boot)• Firmware Based TPM• Trusted Boot (w/ELAM)• Measured Boot and
Remote Attestation Support
• Significant Improvements to ASLR and DEP
• AppContainer• TPM Key Protection• Windows Store• Internet Explorer 10
(Plugin-less and Enhanced Protected Modes)
• Application Reputation moved into Core OS
• BitLocker: Encrypted Hard Drive and Used Disk Space Only Encryption Support
• Virtual Smartcard• Picture Password, PIN• Dynamic Access
Control• Built-in Anti-Virus
2013
2001
2004
2007
2009
2012
Windows 8 Security Capabilities
Modern Access Control
Securing the Sign-InSecure Access to Resources
Protect Sensitive Data
Securing Data With Encryption
Malware Resistance
Securing the BootSecuring the Code and CoreSecuring the Desktop
Trustworthy Hardware Universal Extensible Firmware Interface
(UEFI )Trusted Platform Module (TPM)
Measuring Windows 8 Security Success The largest volume of security investments ever made in a single release of Windows have yielded great results.
Those who realize they’ve been hacked.Those who haven’t yet realized they’ve been hacked.
There are threats that are familiar and those that are modern.
Script Kiddies; Cybercrime Cyber-espionage; Cyber-warfare
Cybercriminals State sponsored actions; Unlimited resources
Attacks on fortune 500 All sectors and even suppliers getting targeted
Software solutions Hardware rooted trust the only way
Secure the perimeter Assume breach. Protect at all levels
Hoping I don‘t get hacked
You will be hacked. Did I successfully mitigate?
Familiar Modern
Company owned and tightly managed devices Bring your own device, varied management
“Commercial based antivirus and security products are designed for and focus on protecting you from prevalent classes of in the wild threats coming from criminals, thugs and digital mobsters (and it's a constant battle). It is not designed to protect you from the digital equivalent of Seal Team Six. So if you're the guy that finds himself in the crosshairs… you're not safe.”
-- F-Secure “News from the Lab”, May 30, 2012
A Lockheed Martin official said the firm is “spending more time helping deal with attacks on the supply chain” of partners, subcontractors and suppliers than dealing with attacks directly against the company. “For now, our defenses are strong enough to counter the threat, and many attackers know that, so they go after suppliers. But of course they are always trying to develop new ways to attack.”
-- Washington Post “Confidential report lists U.S. weapons system designs compromised by Chinese cyberspies”, May 27, 2013
“When discussing the importance of information security we’ve probably heard excuses such as “we’re too small to be a target” or “we don’t have anything of value”, but if there is anything this report can teach us, is that breaches can and do occur in organizations of all sizes and across a large number of industries.”
-- TechRepublic speaking on the 2013 edition of Verizon’s Data Breach Investigations Report (DBIR).
Windows 8 and 8.1Security Capabilities
Modern Access Control
Securing the Sign-InSecure Access to Resources
Protect Sensitive Data
Securing Device with Encryption
Malware Resistance
Securing the BootSecuring the Code and CoreSecuring the Desktop
Trustworthy Hardware
First Class Biometric ExperienceMultifactor Authentication for BYODTrustworthy Identities and Devices
Provable PC HealthImproved Windows DefenderImproved Internet Explorer
Pervasive Device Encryption Selective Wipe of Corp Data
UEFI TPMModern Biometric Readers
TPM
Trustworthy HardwareUniversal Extensible Firmware Interface (UEFI)Trusted Platform Module (TPM)
Key Improvements in Trustworthy Hardware
The Opportunity• Improve security for Consumer and BYOD
• Leverage TPM in new way to address modern threats
History in Windows• TPM is currently optional component in most
devices
• Pervasive on commercial devices, and most tablets
Our Goal in Windows 8.1• Drive adoption of InstantGo architecture with
OEM’s
• Work with Intel to make PTT pervasive on all proc’s
• Add TPM requirement to 2015 Windows cert reqs
• Secure approval in regions such as Russia and China
What is UEFI?• A modern replacement for traditional BIOS
• A Windows Certification Requirement (UEFI 2.3.1)
Key Benefits • architecture-independent
• initializes device and enables operation (e.g.; mouse, apps)
Key Security Benefits: • Secure Boot - Supported by Windows 8, Linux, …
• Encrypted Drive support for BitLocker
• Network unlock support for BitLocker
Trusted Platform Module (TPM)
Universal Extensible Firmware Interface (UEFI)
Modern Access ControlModern AuthenticatorsTrustworthy Identities and DevicesSecure Access to Resources
Key Improvements in Modern Access Control
Dynamic Access Control• Rules based access control• Policy based on user and
device attributes• Example - Users in the
Finance department within the United States get access to a specific file share
Remote Attestation • Access Control based on
remote validation of a systems security state
TPM Key Protection• Protect digital identities
from theft using TPM
TPM Key Attestation • Confirm security of digital
identities using TPM
Certificate Reputation• Cloud service able to
identify fraudulent certificate and use on web
Picture Password• Ease to use option for
touch• Secure for some scenarios
Virtual SmartCards• An alternative to
passwords• Device becomes
SmartCard• Remotely provisonable • Requires TPM
Fingerprint based Biometrics• Advanced Touch sensors• Use anywhere in Windows
Secure Access to Resources
Trustworthy Identities and
Devices
Modern Authenticators
Malware ResistanceSecuring the Code and CoreSecuring the BootSecuring After the Boot
Key Improvements in Malware Resistance
Defender• All versions of Windows include
a full features anti-malware solution
Windows Store and Apps• Security of Apps hosted in
Windows Store are vetted prior to publishing
• Windows Store Apps run in sandbox
Windows and IE SmartScreen• Warns or blocks app if they
have a negative or unknown reputation
• Malicious websites are blocked in IE
Provable PC Health • Remote analysis is able to
detect malware than can’t be detected locally. Initiate remediation process
Universal Extensible Firmware Interface (UEFI)• Hardware based bootkit
protection• Ensures desired OS starts first,
not malware
Trusted Boot • Hardens the boot process and
provide rootkit protection
Early Load Anti-Malware (ELAM)• Anti-Malware solution is started
early and protected form tampering
Measured Boot• Integrity of key system
components are measured and remotely validated
Security Development Lifecycle• State of the art engineering
practices• All MSFT software must
conform to processes • MSFT results have received
accolades from industry experts (Kaspersky (Q3 2012 Report)
Securing the Windows Core• Improvements in ASLR, DEP
make exploiting a vuln in Windows magnitude of order more difficult.
“the security advancements from Windows XP to Windows 7 are leaps and bounds.. the advancements from version 7 to 8 are just as great.” - Chris Valasek - Security Researcher
•
Securing after the Boot
Securing the BootSecuring the Code and Core
Protecting Sensitive DataPervasive Device Encryption Selective Wipe of Corp Data
Key Improvements for Protecting Sensitive Data
Remote Business Data Removal is a platform feature that: • protects corporate data using Encrypting File
System (EFS)
• enables IT to revoke access to corp data on managed and unmanaged devices
• requires application support.
• Current applications that support RBDR:
• WorkFolders
Data protection (FDE) is now considered a fundamental OS feature• Device Encryption included in all editions of
Windows
• Prevents unauthorized access on lost or stolen devices
• enabled out of the box
• requires devices with InstantGo technology
• built on BitLocker tech; commercial grade protection
BitLocker • provides additional configuration options and
management capabilities that are attractive to enterprises
• easy to deploy and available in Pro and Enterprise editions
• enterprise management available with MBAM
Enabling IT to Revoke Access to Data
(Remote Business Data Removal)
Protecting Data At Rest(Device Encryption and
BitLocker)
Windows 8 and 8.1 Security Capabilities
Modern Access Control
Securing the Sign-InSecure Access to Resources
Protect Sensitive Data
Securing Device with Encryption
Malware Resistance
Securing the BootSecuring the Code and CoreSecuring the Desktop
Trustworthy Hardware
First Class Biometric ExperienceMultifactor Authentication for BYODTrustworthy Identities and Devices
Provable PC HealthImproved Windows DefenderImproved Internet Explorer
Pervasive Device Encryption Selective Wipe of Corp Data
UEFI TPMModern Biometric Readers
TPM
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.