Presentation is loading. Please wait.

Presentation is loading. Please wait.

Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.

Similar presentations


Presentation on theme: "Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection."— Presentation transcript:

1 Securing

2 Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection

3 Available in Windows Vista Ultimate - $ BitLocker Drive Encryption

4 Why is BitLocker Needed?  Reduces the threat of data theft or exposure from lost, stolen, or recycled computers  Statistics  A laptop is stolen every 53 seconds in the USA - Symantec  Over 600,000 laptops are stolen each year in the USA - Safeware Insurance Agency  97% of these laptops are never recovered – FBI  The second most common crime, just after identity theft, is laptop theft – FBI  Lost or stolen laptops are the top culprit of data leaks/breaches, accounting for 45% (of all the incidents studied) - The Identity Theft Resource Center  Laptops are the number-one item stolen in San Francisco - San Francisco Police Department

5 Requires a version 1.2 Trusted Platform Module for its two main security services BitLocker Drive Encryption

6 BitLocker Volumes Schematic Typical Disk PartitioningDisk Partitioning with BitLocker Drive 0 OS Volume (active) (Drive C:) OEM Maintenance Volume OEM Maintenance Volume OS Volume (Encrypted with Bitlocker) (Drive C:) System Volume (Active) (Drive D:) (Unencrypted)

7 What are BitLocker’s services?  Boot file integrity  Completed using the TPM  Creates a unique fingerprint of the system  TPM provides access to the encryption keys only if fingerprint is verified  Once unique fingerprint is verified BitLocker uses TPM to unlock the OS Volume and permits Windows to boot normally

8 What are BitLocker’s services?  OS volume encryption  BitLocker can encrypt the entire OS volume  EFS cannot encrypt system files  The OS volume contains:  Windows OS and it support files  Page files  Hibernation files

9 What if a TPM does not exist on the PC?  A USB flash drive can be used to store a startup key  The startup key is needed during each boot or return from hibernation  When using a USB flash drive BitLocker cannot perform the OS Integrity Check

10 Additional Authentication Modes BitLocker Drive Encryption

11 What other authentication is there with BitLocker?  PIN  This forces BitLocker to use a PIN (entered by the user) and the TPM to decrypt the information on the OS Volume  If forgotten then the recovery console must be used to recover the BitLocker Keys  Startup Key  A long string of numeric characters that is unique for each computer usually stored on a USB flash drive but not a smart card  BIOS must be able to detect USB device prior to OS starting up  Should be removed after boot or return from hibernation

12 Recovery BitLocker Drive Encryption

13 What if something goes wrong?  BitLocker has built in recovery capabilities.  This will recover the BitLocker keys needed to decrypt the OS Volume  Recovery involves a 48-bit recovery key  Randomly generated during BitLocker Setup  Recovery key can be stored:  USB Flash drive  Printed

14 Restriction and Limitations BitLocker Drive Encryption

15 What are BitLocker’s limitations?  Offline Protection  BitLocker only protects the PC when it is offline  Only OS Volume encrypted  Lost recovery key = lost data

16 Availability and Requirements BitLocker Drive Encryption

17 What is necessary to use BitLocker?  Windows Vista Ultimate  BitLocker with OS integrity checking  A version 1.2 TPM and a BIOS compliant with version 1.2 TCG (trusted computing group) to establish the chain of trust for pre-OS boot  Support for TCG-specified static root trust measurement  Partitioning into at least 2 volumes (OS Volume, BitLocker Boot Partition)

18 What is necessary to use BitLocker?  Windows Vista Ultimate  BitLocker without OS integrity checking  BIOS support for Class 2 USB mass-storage devices  Must include capabilities to read and write in the pre- OS boot environment  Be partitioned to include 2 volumes (OS Volume, BitLocker Boot Partition)

19 Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection

20 User Account Control

21 What are user account controls and how do they work?  Enables a user to have a non-administrator account and still be productive  All users operate a lowest possible privileges  Vista has a special account that runs in AAM (admin approval mode)  Means that the user either supplies administrative credentials or consents (depending on group policy settings) to perform typical admin functions  EXAMPLE: install a program

22 UAC continued  Microsoft places a high value on application compatibility  Microsoft has tried to ensure that existing applications can run without administrative privileges

23 UAC continued DDetermining privileged tasks TTemporarily elevating privileges IIsolating system messages EEnsuring existing applications run

24 Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection

25 Root Level Access Admin Services D D D User Kernel D Kernel Drivers Service 1 Service 2 Service 3 Service … Service … Restricted services Low rights programs DD D Service A Service B D User-mode Drivers

26 What can operate at root level?  Microsoft has included the ability for file and registry virtualization.  This pulls all programs away from operating at the kernel level  Only trusted and “signed” programs can operate at root or kernel level  To get signed a VeriSign Class 2 Commercial Software Publisher Certificate must be received  This is coded into the binary of the program therefore removing performance hampering validation

27 Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection

28 Windows Vista Firewall

29 Improvements for IT Departments?  The Windows Vista firewall will now have the ability to block outgoing traffic  Windows XP only blocked incoming traffic  Provides the ability to stop peer-to-peer connections  Provides the ability to stop instant messaging programs

30 Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection

31 Windows Defender

32 What does windows defend against?  Spyware  Uses automatic definition updates provided by Microsoft to remove known spyware from the windows vista system

33


Download ppt "Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection."

Similar presentations


Ads by Google