Best practices to secure Windows 10 with already included features

Slides:



Advertisements
Similar presentations
Free, online, technical courses Take a free online course. Microsoft Virtual Academy.
Advertisements

Windows 8 Kristijan Kramaric, Optimized Desktop Lead
Leverage the O365 Task Ecosystem with Microsoft To-Do and Planner
Secure Hyperconnectivity with TeamViewer and Windows technologies
5/31/2018 3:40 PM BRK3113 How Microsoft IT builds Privileged Access Workstation using Windows 10 and Windows Server 2016 Jian (Jane) Yan Sr. Program Manager.
Azure on Steroids: Full Automation with PowerShell
Cloud Security IS Application-Centric Security
6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Senior Program Manager,
Contain and Isolate Ransomware with Citrix and Microsoft
Azure Cloud Shell Magic of Modern Command-line Management
Windows 10 and the cloud: Why the future needs hybrid solutions
6/19/2018 2:57 AM THR3092 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office.
Troubleshooting processes with Process Explorer and Process Monitor
Modernizing your Remote Access
6/25/ :13 PM BRK1076 Make Windows devices more secure by taking them out of your existing infrastructure Chris Rhodes & Andrew Bettany MCTs & MVPs.
6/26/2018 5:24 AM THR1083 Enabling Advanced Security Capabilities: Drive consistent authorization across multiple applications Bryan Bolling Solution Architect,
Do more with Microsoft Word and Office 365
Optimizing Microsoft OneDrive for the enterprise
A Fast Track into Device Guard
Microsoft Ignite /31/ :08 AM
Microsoft Planner: How to manage your team’s work in Office 365
Why WCD is WiCkeD for modern deployment
Workflow Orchestration with Adobe I/O
Customize Office 365 Search and create result sources
The utility belt for managing security and compliance in Office 365
9/12/2018 7:18 AM THR1081 Don’t be the first victim of new malware Turn Windows Defender AV Cloud Protection on! Amitai Senior Program.
Azure Security in four steps
Group Policy in MDM: Dealing with ADMX backed policies
Automate all things! Microsoft Azure continuous deployment
Microsoft Teams Mobile Collaboration on the go
Agile Planning with Visual Studio Team Services (VSTS)
9/18/2018 4:59 PM THR2231 How CDM Smith used UWP and Windows 10 to disrupt and lead the AEC industry in the use of mixed reality. Andy King Manager, Software.
Device Guard: AppLocker on steroids
The Microsoft 365 Powered Device
Azure PowerShell Aaron Roney Senior Program Manager Cormac McCarthy
Laura A. Robinson July 10, June 30, /15/2018 4:19 PM
11/22/2018 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Azure Advisor: Optimization in the best way
Bring existing desktop apps to UWP with the Desktop Bridge
Mobile Center and VSTS:​ Better together for your Mobile DevOps
12/5/2018 2:50 AM How to secure your front door with real-time risk assessments of your logons Jan Ketil Skanke COO and Principal Cloud Architect CloudWay.
Modern Windows 10 device 12/2/2018 E3 E3 P E3 P P P P E3 E3 P P P P P
Microsoft products for non-profits
Automating security for better, continuous compliance in the cloud
Five mistakes to avoid when deploying Enterprise Mobility + Security
Five cool things you can do with Windows PowerShell on Office 365
Microsoft To-Do Preview
Microsoft Exchange: Through the eyes of MVPs (Panel discussion)
MDM Migration Analysis Tool (MMAT)
Overview: Dynamics 365 for Project Service Automation
Keep up with Office 365 evolution in the real world
Understand your Azure cloud assets dependencies with BMC Discovery
Surviving identity management in a hybrid world
Sami Laiho AMA - Ask Me Anything
Breaking Down the Value of A Yammer Post: 20 Things to Do
Cool Microsoft Edge Tips and Tricks
When Bad Things Happen to Good Applications
Getting the most out of Azure resources with Azure Advisor
Manage your App Service resources using Command line tools
“Hey Mom, I’ll Fix Your Computer”
Business Continuity and the Microsoft Cloud
Consolidate, manage, backup, and secure your cloud content
Designing Bots that Fit Your Organization
Ask the Experts: Windows 10 deployment and servicing
Passwordless Service Accounts
Digital Transformation: Putting the Jigsaw Together
WCF and .NET Framework Microservices in Containers
Diagnostics and troubleshooting in Azure App Service Support Center
Optimizing your content for search and discovery
Microsoft Virtual Academy
Presentation transcript:

Best practices to secure Windows 10 with already included features 6/25/2018 12:00 PM Best practices to secure Windows 10 with already included features Alexander Benoit | @ITPirate MVP | Head of Competence Center Microsoft @sepago © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Alexander Benoit Senior Consultant / Head of Competence Center Microsoft „Future Workplace“, Security SCCM, Intune, Windows 10, Defender Framework,… Alexander.Benoit@sepago.de @ITPirate http://it-pirate.com/

We have a firewall We can‘t get hacked!

Take aways: The threat landscape 6/25/2018 12:00 PM Take aways: The threat landscape Latest & greatest mitigation features in Windows 10 Quick checklist – you have them enabled … No-brainers to secure Windows 10 © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

The discussion is always about tools!

Threat Landscape Phishing Ransomware Spyware Keylogger Worm Compromised accounts Compromised accounts Drive-by download sites Malicious websites Ransomware Deliver Code Elevate (Everybody is local admin) Code Injection Malicisous Actions Malware Phishing

How to secure Windows 10 ? So you‘ll probably ask yourself… What we are going to do today.. Remember when I said this is my first session at Ignite. Probalbly my last..

Get deeper into attack scenarios Good to know Exploit: Computercode that takes advantage of a vulnerability in a software system. Payload: Payloads carry the functionality for the greater access into the target.

Scenario Exploit Payload Attack Common way‘s to share payloads: Fake Hyperlink PowerPoint Macro as „JPG“ File Remember when I said this is my first Ignite Session

Windows Defender SmartScreen Check downloaded files The Windows Defender SmartScreen provides an early warning system to notify users of suspicious websites that could be engaging in phishing attacks or distributing malware through a socially engineered attack. Windows Defender SmartScreen is one of the multiple layers of defense in the anti-phishing and malware protection strategies Verdict: Malware – Block! Evaluate metadata Including Machine Learning, proximity, lookup heuristics Windows Defender Cloud Protection Send file metadata SmartScreen was introduced in Internet Explorer 11. Generate new malware file Command & Control Click! Malware Block! Attacker User

Windows Defender Application Guard 6/25/2018 12:00 PM Windows Defender Application Guard Call managed and unmanaged homepages Windows Defender Application Guard protects the device from advanced attacks launched against Microsoft Edge. Malware and vulnerability exploits targeting the browser, including zero days, are unable to impact the operating system, apps, data and network. Application Guard uses virtualization based security to hardware to isolate Microsoft Edge and any browsing activity away from the rest of the system. Closing Microsoft Edge wipes all traces of attacks that may been encountered while online. Kein SSO © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Windows Defender Application Guard Call managed and unmanaged homepages

Windows Defender Application Guard Call managed and unmanaged homepages

User Account Control Protect clients from unwanted software User Account Control (UAC) helps prevent malware from damaging PCs and helps organizations deploy a better-managed desktop. Apps and tasks always run in the security context of a standard user account, unless an administrator specifically authorizes elevated access to the system

Windows Defender Device Guard driver and application white-listing Device Guard Kernel Mode Code Integrity Protects kernel mode processes and drivers from “zero day” attacks and vulnerabilities by using HVCI. Drivers will must signed. Device Guard User Mode Code Integrity Enterprise-grade application white-listing that achieves PC lockdown for enterprise that runs only trusted apps. Untrusted apps and executables, such as malware, are unable to run.

Windows Defender Device Guard driver and application white-listing

Windows Defender Exploit Guard stops the attacker from manipulating processes Windows Defender Exploit Guard helps you audit, configure, and manage Windows system and application exploit mitigations . In addition Exploit Guard delivers a new class of capabilities for intrusion prevention. While it provides legacy app protections including: Arbitrary Code Guard Block Low Integrity Images Block Remote Images Block Untrusted Fonts Code Integrity Guard Disable Win32k system calls Validate Stack Integrity Do Not Allow Child Processes Export Address Filtering Import Address Filtering Simulate Execution Validate API Invocation (CallerCheck) Validate Image Dependency Integrity

Secure Windows 10 – No Brainers

No-Brainer: Stay Current Stay current! Analysis: High-level vulnerability & exploit trends Vulnerabilities are increasing while evidence of actual exploits is decreasing due to mitigation investments

No-Brainer: Microsoft BitLocker Overview Full drive encryption solution provided natively with Windows 10 Professional and Enterprise Used to protect the operating system drive, secondary data drives and removable devices System Center Configuration Manager, MDT and Intune can be used to deploy BitLocker

No-Brainer: Windows Defender Credential Guard Overview Credential Guard isolates secrets that previous versions of Windows stored in the Local Security Authority (LSA) by using virtualization-based security. The LSA process in the operating system talks to the isolated LSA by using remote procedure calls. Data stored by using VBS is not accessible to the rest of the operating system.

Windows 10 Security on Modern Devices 6/25/2018 Windows 10 Security on Modern Devices Virtualization Based Security Windows Defender Expolit Guard UEFI Secure Boot Windows Defender Device Guard Device Encryption Windows Trusted Boot Windows Defender Application Guard Windows Defender Credential Guard Security Management Windows Information Protection Windows Update Microsoft Edge Windows Hello for Business Conditional Access BitLocker (MBAM) Windows Defender AV Trusted Platform Module Windows Firewall Windows Hello BitLocker Windows Defender Advanced Threat Protection SmartScreen BitLocker to Go Device protection Threat resistance Identity protection Information protection Breach detection investigation & response © 2016 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Educate your users!

Please evaluate this session Tech Ready 15 6/25/2018 Please evaluate this session From your Please expand notes window at bottom of slide and read. Then Delete this text box. PC or tablet: visit MyIgnite https://myignite.microsoft.com/evaluations Phone: download and use the Microsoft Ignite mobile app https://aka.ms/ignite.mobileapp Your input is important! © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.