Presentation is loading. Please wait.

Presentation is loading. Please wait.

Sony White House Anthem Lockheed Aramco Bushehr nuclear reactor NSA Hacked Facebook Hacked Apple,Google,Microsoft,

Published byMarilyn Patterson Modified over 9 years ago

Similar presentations

Presentation on theme: "Sony White House Anthem Lockheed Aramco Bushehr nuclear reactor NSA Hacked Facebook Hacked Apple,Google,Microsoft,"— Presentation transcript:

1

2

3

4 Sony White House Anthem Lockheed Aramco Bushehr nuclear reactor NSA Hacked Facebook Hacked Apple,Google,Microsoft,

5 Informatio n Protection Secure Identities Threat Resistanc e Device Guard

6

7  Combination of hardware + software security features  Enables businesses to strongly control what is allowed to run  Brings mobile-like security protections to desktop OS with support for existing line of business apps

8  Hardware security  Configurable code integrity  Virtualization based security  Protects critical parts of the OS against admin/kernel level malware  Manageability via GP, MDM, or PowerShell

9  Secure Boot  Includes Secure Firmware Updates and Platform Secure Boot  Kernel Mode Code Integrity (KMCI)  User Mode Code Integrity (UMCI)  AppLocker ROM/FusesBootloaders Native UEFI Windows OS Loader Windows OS Loader Windows Kernel and Drivers 3 rd Party Drivers User mode code (apps, etc.) KMCIUEFI Secure Boot UMCI Platform Secure Boot AppLocker

10

11 Corporate lightly managed  Tightly managed  Very well-defined software and hardware configurations  Low churn  No user or standard user only  Secure Boot restricted to only boot Windows  Virtualization-based security (VBS) enabled  Kernel mode code integrity protected by VBS  User mode code integrity enforced

12  Tightly managed  Well-defined hardware configurations  Managed software only  Ideally standard user only  Secure Boot restricted to only boot Windows  Virtualization-based security (VBS) enabled  Kernel mode code integrity protected by VBS  User mode code integrity enforced

13 Corporate lightly managed  Multiple and varied hardware configurations  User can install “unmanaged” software  Standard or Admin users  Secure Boot may be restricted to only boot Windows  VBS enabled  KMCI may be protected by VBS  Code Integrity in audit mode

14 Corporate lightly managed  Personally owned devices  Highly-variable hardware and software  Secure Boot not required  No VBS  No enterprise code integrity policy

15 1. Know your target(s) 2. Use Powershell cmdlets to create policy from “golden” system(s)  Defaults to Audit Mode  Merge multiple policies OR Deploy differentiated policies 3. Deploy policy in audit mode and test 4. Use Powershell cmdlets to create policy from audit log and merge 5. Enable enforcement

16

17

18

19

20  Just as most malware is unsigned, so too are the vast majority of LOB apps  “Codesigning is hard”  Decentralized LOB app development  Lack of codesigning expertise  Enterprises don’t want to (and shouldn’t) blindly trust all software from an ISV even if signed  Windows 10 includes tools to enable IT to address codesigning for existing apps

21

22

23

24 Raising the bar for what runs in the kernel  Windows 10 drivers must be signed by Microsoft  Strong driver publisher identity verification via Extended Validation (EV) certificates  Enterprises can enforce Windows 10 driver requirements via Device Guard policy Signed Device Guard CI policy protects from local admin  Signed policy stored in pre-OS secure variable  Requires a newer signed policy to update – cannot be deleted by admin  Becomes a “machine” level policy which means boot from media must be compliant  Measured into the TPM and part of device health attestation

25  Together, AppLocker and code integrity are the basis for enforcing code and application rules on Windows  Think of code integrity as the bouncer at the door, and AppLocker as the bartender  Code integrity best expresses high level expression of trust  AppLocker allows for granular rules  Managed through common management tools in Windows 10

26  Service whitelisting for managing non-interactive processes  AppLocker management now available via MDM and WMI

27 Provides a new trust boundary for system software  Leverage platform virtualization to enhance platform security  Limit access to high-value security assets from supervisor mode (CPL0) code Provides a secure execution environment to enable:  Protected storage and management of platform security assets  Enhanced OS protection against attacks (including attacks from kernel-mode)  A basis for strengthening protections of guest VM secrets from the host OS Windows 10 services protected with virtualization based security  LSA Credential Isolation  vTPM (server only)  Kernel Mode Code Integrity

28 Host OS User Kernel Normal World Firmware (UEFI) Hardware (TPM 2.0, Vt-x2, IOMMU) KMCI Malware Howdy Peer!

29 Host OS User Normal World Secure World Hardened Boundary Hardware (TPM 2.0, Vt-x2, IOMMU) Firmware (UEFI) Kernel Hypervisor KMCI Measured Malware I thought we could be friends 

30  CI rules are still enforced even if a vulnerability allows unauthorized kernel mode memory access  Memory pages are only marked executable if CI validation succeeds  Kernel memory cannot be marked both writable and executable  BUT… not all drivers will be compatible initially

31

32

33

Download ppt "Sony White House Anthem Lockheed Aramco Bushehr nuclear reactor NSA Hacked Facebook Hacked Apple,Google,Microsoft,"

Similar presentations

Ljubomir Ivaniš CPU d.o.o.

Ljubomir Ivaniš CPU d.o.o.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.

Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.
Windows 8: Windows To Go Overview Zvezdan PavkovicTanya Koval Senior ConsultantArchitect WCL333.

Windows 8: Windows To Go Overview Zvezdan PavkovicTanya Koval Senior ConsultantArchitect WCL333.
ROOTKIT VIRUS by Himanshu Mishra Points to be covered Introduction History Uses Classification Installation and Cloaking Detection Removal.

ROOTKIT VIRUS by Himanshu Mishra Points to be covered Introduction History Uses Classification Installation and Cloaking Detection Removal.
Dongyan Wang GlobalPlatform Technical Program Manager

Dongyan Wang GlobalPlatform Technical Program Manager
Script Kiddies; CybercrimeCyber-espionage; Cyber-warfare CybercriminalsState sponsored actions; Unlimited resources Attacks on fortune 500All sectors.

Script Kiddies; CybercrimeCyber-espionage; Cyber-warfare CybercriminalsState sponsored actions; Unlimited resources Attacks on fortune 500All sectors.
Devices and Deployment Management & Security Identity Cloud.

Devices and Deployment Management & Security Identity Cloud.
Security and Policy Enforcement Mark Gibson Dave Northey

Security and Policy Enforcement Mark Gibson Dave Northey
BETA!BETA! Building a secure private cloud on Microsoft technologies Private cloud security concerns Security & compliance in a Microsoft private cloud.

BETA!BETA! Building a secure private cloud on Microsoft technologies Private cloud security concerns Security & compliance in a Microsoft private cloud.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.
Mobility for the Enterprise

Mobility for the Enterprise
Windows 7 Windows Server 2008 R2 VirtualizationVirtualization Heterogeneous Server Environment Inventory Linux, Unix & VMware Windows 7 & Server 2008.

Windows 7 Windows Server 2008 R2 VirtualizationVirtualization Heterogeneous Server Environment Inventory Linux, Unix & VMware Windows 7 & Server 2008.
Agenda Master Expert Associat e Microsoft Certified Solutions Master (MCSM) Microsoft Certified Solutions Expert (MCSE) Microsoft Certified Solutions.

Agenda Master Expert Associat e Microsoft Certified Solutions Master (MCSM) Microsoft Certified Solutions Expert (MCSE) Microsoft Certified Solutions.
Virtual techdays Desktop Security with Windows 7 AppLocker & BitLocker to Go Aviraj Ajgekar│ Technology Evangelist │Microsoft Corporation Blog: http://blogs.technet.com/aviraj.

Virtual techdays Desktop Security with Windows 7 AppLocker & BitLocker to Go Aviraj Ajgekar│ Technology Evangelist │Microsoft Corporation Blog:
Microsoft ® Official Course Module 9 Configuring Applications.

Microsoft ® Official Course Module 9 Configuring Applications.
Lack of control for mobile devices Different tools for phone & PC Policy conflict Inconsistent user experience… Granular mobile device mgmt Converged.

Lack of control for mobile devices Different tools for phone & PC Policy conflict Inconsistent user experience… Granular mobile device mgmt Converged.
Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.

Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.
2 Windows 7 – New Features DirectAccess Active Directory authentication without a VPN connection Firewall and NAT friendly with most existing network.

2 Windows 7 – New Features DirectAccess Active Directory authentication without a VPN connection Firewall and NAT friendly with most existing network.
1 UCR Firmware Attacks and Security introduction.

1 UCR Firmware Attacks and Security introduction.

Similar presentations

Ads by Google