Presentation on theme: "1 Faronics DeepFreeze Presenter: Zoltan Karaszi zkaraszi(at)kent.edu Design of Secure Operating Systems."— Presentation transcript:
1 Faronics DeepFreeze Presenter: Zoltan Karaszi zkaraszi(at)kent.edu Design of Secure Operating Systems
2 Introduction DeepFreeze is an application that “freezes” the desired configuration of the computer Once a system is frozen, any change to data or the system itself does not actually take place With a simple restore-to-reboot the system integrity is maintained When the computer is restarted, the system goes back to the state when it was frozen
3 Why we need this application? Users can change the operation system set up. Students frequently download and deploy proprietary software or other not permitted contents onto the Computer Lab computers at Kent State University. Finding these elements and fixing the changes manually every day in a huge lab is almost impossible. 60,000 new unique pieces of malware are emerging daily Anti-Virus programs keep the known threats out but often unknown malicious software infections appear and infect the systems. Need a brilliant solution to make the OS Secure like Deep Freeze
4 Compatibility Windows Fully compatible with Windows 7 Windows Vista and Windows XP Macintosh Compatible with Mac OS X 10.7 (Lion) Mac OS X 10.6 (Snow Leopard) Mac OS X 10.5 (Leopard) Mac OS X 10.4 (Tiger)
5 How does DeepFreeze make the OS Secure? This is proprietary software => no open source version... “DeepFreeze is a kernel-level driver that protects hard drive integrity by redirecting information being written to the hard drive or partition, leaving the original data intact. This redirected information is no longer referenced once the computer is restarted, thus restoring the system to its original state at the disk sector level.” - Wikipedia Only the system administrator can thaw the machines and make any change on them; otherwise they are tamperproof.
6 Three core principles Integrity of data Remain at all times when the system is frozen With a simple restore-to-reboot the system integrity is maintained Confidentiality Malicious users can get confidential data, even if the system is frozen The system needs a novel and updated antivirus protection Tamperproof When a system is frozen, any change to data does not take place With one reboot, the original state of the system (when it was first frozen) is brought back Windows can be tamperproofed with DeepFreeze
7 The Layered Security Approach Protects against multiple layers of potential threats on one central console, offering a simple, first-rate security system The Components: UIT: (User InTerface) manage and monitor Core Servers and workstations LT: (Logical Tier) management of workstations DT: (Data Tier) stores the workstation list and the information about the workstations CA (Core Agent): installed on the workstation, enables communication between the workstations and the Faronics Core Server
8 Why are universities still using the Enterprise Console of DeepFreeze? Easier to set it up and basically has the same functionality Prerequisites to install the new Core Console: NET 3.5 SP1 SQL Server System CLR Types 2008 R2 Microsoft SLQ Server 2008 R2 Management Objects SQL Server Client 2008 R2 Why is KSU planning to go to the (new) Core Console ? It contains several additional features such as antivirus software and “wake up” function Provides a better service with a complex software package
9 Important Notes The Faronics Core Agent is only compatible with DeepFreeze 7.0 or higher In order to bring up the DeepFreeze console - a combination of Ctrl + Alt + Shift + F6 is needed “Client” (any deepfreeze installed computer) – can be controlled only by one IP address to prevent tampering (“Server” or “Host”) Without the centralized control - manually disabling DeepFreeze is tedious With centralized control - easy to thaw the machine, reboot it, push the updates, make changes, freeze the machine and reboot it Kent State IT departments use the benefits of this application
10 Host Consoles Supports multiple hard drives and multi boot environments Reboot in "Thawed" mode to make permanent configuration changes In completely shut-down state, the administrator can wake up and turn on those machines; the client PC’s motherboard has to support this feature.
11 DeepFreeze Configuration Administrator Passwords and Drives Preset multiple passwords can be used on a workstation or via Command Line Control with varying activation and expiration dates Thawspace: the administrator can create up to 8 virtual partitions on the PC’s HDD allows files to be saved there that survive after the reboot
12 DeepFreeze Configuration Administrator Embedded Events and Maintenance Set up a maintenance cycle /e.g. 12-2am/ when the computers automatically thaw themselves and do the system restore and run windows updates Batch Tuesday: spec batch run on that specific day of every week Idle: if there is no user activity for 20 minutes the PC reboots itself & restores system Disable keyboard and mouse : Useful if Library is open 24/7 during finals week
13 DeepFreeze Configuration Administrator Advanced Options Using SUS/WSUS ((wide)System Update Service) we can download the updates for one PC and use that one as a server So we won’t slow down the entire internet network on the department License Key – do not forget – this is proprietary software
14 Vulnerabilities System boot from a different medium (USB device, network server) no protection Deep Unfreezer /for DeepFreeze version 5 and 6/ We can change the state of DeepFreeze without needing the password no protection Faronics DeepFreeze has a modified driver that bypasses the deepfreeze program and allows the user to get in without knowing the password. Just afew people know this driver but what if one day one of them just shares this specific driver on the internet… no protection
15 Deep Unfreezer Successfully tested on WIN9X and WIN2K/XP /with DF v5&v6/ It can crack DeepFreeze and our super secure system is not safe anymore… 1.DeepFreeze Detected Click boot Thawed on Next 1 restart 2.Load Deep Freeze UnFreezer Save the Status and Exit 3.Restart your Computer …this is just an illustration…
16 “Faronics DeepFreeze makes the computer indestructible”… but … Can your Operation System protected with DeepFreeze be really Secure? The truth is out there… / X-Files /
17 Literature http://www.faronics.com/en/Products/DeepFreeze/DeepFreezeCorporate.asp x http://en.wikipedia.org/wiki/Deep_Freeze_(software) http://answers.yahoo.com/question/index?qid=20091123023642AAIIAwb http://www.faronics.com/Faronics/Documents/DFL_Manual.pdf http://www.faronics.com/enterprise/deep-freeze/ Thank you !