TopicSessionTopicSpeaker Enterprise Guidance BRK2338Enterprise Web BrowsingFred Pullen How do I upgrade to Internet Explorer 11? BRK2307Enterprise Mode.

Slides:



Advertisements
Similar presentations
Bring Your Own Device Demo Maak een Windows to Go stick.
Advertisements

Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.
Microsoft Windows XP SP2 Urs P. Küderli Strategic Security Advisor Microsoft Schweiz GmbH.
Configuring Windows Internet Explorer 7 Security Lesson 5.
Lesson 4: Web Browsing.
Securing your data Security with Microsoft Infrastructure and Internet Explorer Matt Kestian Strategic Security Advisor | National Security Team | Microsoft.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
TopicSessionTopicSpeaker Enterprise Guidance BRK2338Enterprise Web BrowsingFred Pullen How do I upgrade to Internet Explorer 11? BRK2307Enterprise Mode.
TopicSessionTopicSpeaker Enterprise Guidance BRK2338Enterprise Web BrowsingFred Pullen How do I upgrade to Internet Explorer 11? BRK2307Enterprise Mode.
Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.
Changes in Windows XP Service Pack 2
Virtual techdays INDIA │ 9-11 February 2011 Safe Browsing Experience for your Home & Office M.S.Anand │ MTC Technology Specialist │ Microsoft Corporation.
Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.
Information for Developers Windows XP Service Pack 2 Information for Developers.
Computer Security and Penetration Testing
What’s New in WatchGuard XCS 10.0 Update 3 WatchGuard Training.
Internet Explorer 7 Security Features Steve Lamb Technical Security Microsoft Ltd
11 SUPPORTING INTERNET EXPLORER IN WINDOWS XP Chapter 11.
Internet Explorer Today & Tomorrow Margaret Cobb Internet Explorer Product Manager Windows Client Group microsoft.com Microsoft Corporation.
Security of Communication & IT systems Bucharest, 21 st September 2004 Stephen McGibbon Chief Technology Officer, Eastern Europe, Russia & CIS Senior Director,
2851A_C01. Microsoft Windows XP Service Pack 2 Security Technologies Bruce Cowper IT Pro Advisor Microsoft Canada.
Microsoft October 2004 Security Bulletins Briefing for Senior IT Managers updated October 20, 2004 Marcus H. Sachs, P.E. The SANS Institute October 12,
Enterprise Browser Versions Internet Explorer 7 Internet Explorer 8 Internet Explorer 9 Internet Explorer 10 Internet Explorer 11 Internet Explorer.
Cyra Richardson Microsoft Corporation Internet Explorer 7.
Microsoft ® Official Course Module 9 Configuring Applications.
With Internet Explorer 9 Getting Started© 2013 Pearson Education, Inc. Publishing as Prentice Hall1 Exploring the World Wide Web with Internet Explorer.
Working with Applications Lesson 7. Objectives Administer Internet Explorer Secure Internet Explorer Configure Application Compatibility Configure Application.
Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.
Information for Developers Windows XP Service Pack 2 Information for Developers Tony Goodhew Product manager Developer Division Microsoft Corp
June 2014 LCCU Meeting Symantec SVP says antivirus is dead. Is it? How do the best free antivirus programs rate and what other protection is available?
Securing Web Applications. IE 7 significantly reduced attack surface against the browser and local machine…
Windows Vista Security Center Chapter 5(WV): Protecting Your Computer 9/17/20151Instructor: Shilpa Phanse.
COMPREHENSIVE Windows Tutorial 5 Protecting Your Computer.
Virtual techdays INDIA │ 9-11 February 2011 Security Discussion: Ask the Experts M.S.Anand │ MTC Technology Specialist │ Microsoft Corporation Anirudh.
®® Microsoft Windows 7 Windows Tutorial 5 Protecting Your Computer.
Troubleshooting Windows Vista Security Chapter 4.
3-Protecting Systems Dr. John P. Abraham Professor UTPA.
Zscaler New Interface and Reporting From Saturday 8 th June 2013.
CN1176 Computer Support Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+
CSCE 201 Web Browser Security Fall CSCE Farkas2 Web Evolution Web Evolution Past: Human usage – HTTP – Static Web pages (HTML) Current: Human.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Module 5: Configuring Internet Explorer and Supporting Applications.
Module 8: Designing Security for Authentication. Overview Creating a Security Plan for Authentication Creating a Design for Security of Authentication.
Hands-On Microsoft Windows Server Implementing Microsoft Internet Information Services Microsoft Internet Information Services (IIS) –Software included.
Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.
Copyright ©2015 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training WatchGuard XCS What’s New in version 10.1.
Security fundamentals Topic 10 Securing the network perimeter.
IE Security: Past, Present, and Future Tony Chor Group Program Manager Rob Franco Lead Program Manager Internet Explorer Microsoft Corporation.
Wireless and Mobile Security
Implementing Server Security on Windows 2000 and Windows Server 2003 Fabrizio Grossi.
1 Whats New in Internet Explorer 8? Ranjana Jain IT Pro Evangelist Microsoft India MCSE, MCT, RHCE, CIW Security Analyst, CISSP.
Internet Explorer 7 Updated Advice for the NHS 04 February 2008 Version 1.3.
Matt Heller Aaron Margosis Microsoft Corporation CLI 314.
Securing Tomorrow’s World Microsoft Security Roadmap Ed Gibson & Steve Lamb Microsoft Ltd.
Vulnerabilities in Operating Systems Michael Gaydeski COSC December 2008.
ITMT Windows 7 Configuration Chapter 7 – Working with Applications.
Windows Vista Configuration MCTS : Internet Explorer 7.0.
Security fundamentals
ArcGIS for Server Security: Advanced
TMG Client Protection 6NPS – Session 7.
Windows 10 Security Internals
MOAC : Configuring Windows 8.1
Jon Peppler, Menlo Security Channels
Lesson #8 MCTS Cert Guide Microsoft Windows 7, Configuring Chapter 8 Configuring Applications and Internet Explorer.
Enterprise Mode Overview
Implementing Client Security on Windows 2000 and Windows XP Level 150
Dongwhan Kim Annie Zhao Steven Lawrance
Using Software Restriction Policies
Chapter 9: Configuring Internet Explorer
Presentation transcript:

TopicSessionTopicSpeaker Enterprise Guidance BRK2338Enterprise Web BrowsingFred Pullen How do I upgrade to Internet Explorer 11? BRK2307Enterprise Mode for Internet Explorer 11 Deep DiveDeen King-Smith BRK2312Web App Compat & Modernization for NerdsChris Jackson Tell me about Microsoft Edge BRK1301Microsoft Edge OverviewFred Pullen BRK2347Windows 10 Browser ManagementDeen King-Smith What about security? BRK2319Browser Security OverviewFred Pullen

Defense-in- depth Provide multiple layers of protection against threats Least privilege Grant the least amount of privileges required for a user or resource to perform a task Minimized attack surface Reduce vulnerable points as much as is practical Vulnerabilities A flaw or weakness in a system’s design, implementation, or operation and management that could be exploited Exploits Software, data, or commands that take advantage of a vulnerability

Data Application Host Internal Network Perimeter Physical

Branch Office Corporate Headquarters Internet LAN Web Server Remote User Server Wireless User

Open Closed

Country/Region3Q134Q131Q142Q14 1United States16.7 %13.0 % 12.3 % 2Brazil43.1 %36.8 %34.0 %30.5 % 3Russia31.7 %28.9 %28.7 %26.4 % 4Turkey41.3 %45.5 %45.7 %40.5 % 5France24.2 %23.0 %20.2 %16.8 % 6India51.0 %47.1 %50.5 %41.7 % 7Mexico39.8 %36.7 %38.6 %32.1 % 8Germany18.1 %14.8 %13.6 %13.5 % 9Italy28.3 %26.1 %25.5 %20.4 % 10United Kingdom18.2 %14.5 %13.5 %13.3 %

This data is normalized; that is, the infection rate for each version of Windows is calculated by comparing an equal number of computers per version.

Encounters with most categories of malware decreased or were mostly stable between 1Q14 and 2Q14. Exploits was the only category to show a significant increase, led by JS/Axpergle and JS/Neclu.

FamilyMost significant category% of malware impressions 1Win32/BdaejecBackdoors14.84% 2Win32/DowqueDownloaders & Droppers14.66% 3Win32/MicrojoinDownloaders & Droppers14.33% 4Win32/DelfInjectObfuscators & Injectors13.28% 5Win32/ObfuscatorObfuscators & Injectors2.94% 6Win32/OceanmugDownloaders & Droppers2.86% 7Win32/VBWorms & Viruses2.82% 8Win32/DynamerTrojans2.50% 9Win32/SisprocTrojans1.44% 10Win32/MeredropTrojans1.15% 11Win32/StartpageTrojans1.10% 12Win32/BumatTrojans1.04% 13Win32/ZegostBackdoors0.99% 14Win32/OrsamTrojans0.96% 15Win32/BanloadDownloaders & Droppers0.90%

Attacks on Websites Attacks on Users Attacks on Browsers HSTS Next Generation Credentials SmartScreen-Filter Address Bar UI EV Certificates Tracking Protection Isolation Model 64-bit memory protection Block binary extensions Out-of-date ActiveX control blocking CFG DEP/NX + ASLR ForceASLR + HEASLR Enhanced /GS SEHOP Protected Mode/Enhanced Protected Mode Content Security Policy Enhanced cert rep HTML 5 Sandbox XSS Filter toStaticHTML postMessage Native JSON support XDomainRequest / CORS XHR Address Bar paste protection Social Engineering constitutes around 45% of all online threats

User Interface IEFrame Network Request Layer Page Rendering Internet Explorer Browser Architecture WinINet URLMon Browser Helper Objects Toolbars Mimefilters MSHTML ActiveX Script Engine BinaryBehaviors

Local Machine Zone Lockdown Manage Add-Ons Pop-Up Blocker Information Bar (aka goldbar) Mark of the Web Attachment Execution Services (AES) IE6 8/25/2004

Low Rights IE (LoRIE) Huge architectural change Protected Mode = low-IL + UIPI + brokers Phishing Filter Active X opt-in No Add-Ons mode IDN anti-spoofing EV Certificates Secure SSL enhancements IE6 8/25/2004 IE7 10/18/2006

Loosely Coupled IE (LCIE) DEP/NX SmartScreen Filter Per site and per-user ActiveX Cross-site Scripting (XSS) Filter tostaticHTML Native JSON CSS Expressions deprecated in standards mode X-FRAME-OPTIONS IE6 8/25/2004 IE7 10/18/2006 IE8 3/19/2009

Memory Protection Improvements SafeSEH SEHOP Enhanced GS Application Reputation Enhanced XSS Filter Performance Download manager Site Pinning ActiveX Filtering IE6 8/25/2004 IE7 10/18/2006 IE8 3/19/2009 IE9 3/14/2011

Enhanced Protected Mode AppContainer 64-bit content process Memory Protection Improvements ForceASLR HEASLR VTGuard HTML5 Sandbox Native Flash Support IE6 8/25/2004 IE7 10/18/2006 IE8 3/19/2009 IE9 3/14/2011 IE10 10/26/2012

Enhanced Protected Mode improvements More granular feature options IExtensionValidation anti-virus API TLS 1.2 enabled by default SmartScreen telemetry enhancements WTD_MOTW flag for WinVerifyTrust calls Password manager enhancements Error message improvements New: Memory protection improvements New: SSL3.0 protocol & fallback disabled IE6 8/25/2004 IE7 10/18/2006 IE8 3/19/2009 IE9 3/14/2011 IE10 10/26/2012 IE11 10/17/13 Enhanced Mitigation Experience Toolkit (EMET)

Bottom-up allocations (stacks, heaps, mapped files, VirtualAlloc, etc) Bottom-up allocations (stacks, heaps, mapped files, VirtualAlloc, etc) Top-down allocations (PEBs, TEBs, MEM_TOP_DOWN) Top-down allocations (PEBs, TEBs, MEM_TOP_DOWN) Windows 7 Heaps, stacks, and PEBs/TEBs are randomized Address space Windows 8.1 / Windows 10 All bottom-up/top-down allocations are randomized Accomplished by biasing start address of allocations 8 bits of entropy 64-bit Processes, ForceASLR, HEASLR

Enhanced Protected Mode Enables AppContainer technology in Windows 8.1 / Windows 10 Can be used with 64-bit processes for even better security EPM incompatible add-ons aren’t loaded by default

AppContainer MostRestrictedACLeastRestrictedACLowIL Not AC (LILNAC) documentsLibrary enterpriseAuthentication internetClient internetClientServer location microphone musicLibrary picturesLibrary privateNetworkClientServer proximity removableStorage sharedUserCertificates videosLibrary webcam Key Available Subscribed

Medium-IL High-IL Low-IL windows_ie_ac_001 windows_ie_ac_122 Manager Broker Compat Partner Internet Intranet Ieinstal.exe Browser Input Enabled for Protected mode

IE Sandbox Security Surface Area Elevation Broker Manager Local APIs (50+) Browser APIs (100+) Elevation APIs (130+) Wininet APIs (5) Iso Unhardened COM Kernel ObjectsFile/RegistryHardened COM Security Proxies Wininet APIs (8)

Medium-IL Package-AC Microsoft Edge_rac_001 Microsoft Edge_rac_120 Manager Intranet Internet Broker High-IL Elevation Consent Browser Input Smaller security surface than IE Microsoft Edge_rac_121 ServiceUI

Manager Local APIs (50+) Browser APIs (100+) Iso Unhardened COM Kernel ObjectsFile/Registry Security Proxies Wininet APIs (8)

Elevation Broker Elevation APIs (6) Wininet APIs (5) Hardened COM Download APIs (7) Unsecure COM

Internet Explorer: MSHTML Interoperability & Compatibility Versioned “document modes” For modern HTML websites, intranet & Enterprise Mode Compatible with ActiveX controls, binary extensions Internet Explorer 11: MSHTML Windows 10 Browsing Engines

You can configure Microsoft Edge to fall back to IE11 only for sites that need it, to minimize security risks.

Keep all your software updated—not just antimalware Use least privileged and defense in depth security strategies – investigate EMET for even better Internet Explorer security Upgrade to Internet Explorer 11 to continue receiving security updates after January 12, 2016 Security means tradeoffs – Microsoft Edge is more secure than Internet Explorer, but not as compatible Stay current on the latest threat and mitigation information, such as security bulletins and the Microsoft SIR Use caution when clicking on links and logging into web pages – use site pinning instead Use caution with attachments and file transfersAvoid downloading suspicious softwareProtect yourself from social engineering attacks

1.If a bad guy can persuade you to run a program on your computer, it’s not solely your computer anymore. 2.If a bad guy can alter the operating system on your computer, it’s not your computer anymore. 3.If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore. 4.If you allow a bad guy to run active content in your website, it’s not your website any more. 5.Weak passwords trump strong security. 6.A computer is only as secure as the administrator is trustworthy. 7.Encrypted data is only as secure as its decryption key. 8.An out-of-date antimalware scanner is only marginally better than no scanner at all. 9.Absolute anonymity isn’t practically achievable, online or offline. 10.Technology is not a panacea.

DayTimeLocationTopicSpeaker Monday 1:30pmE253Microsoft Edge OverviewFred Pullen 6:00pmHall A1/A2Ask the Experts Tuesday 9:00amS401Enterprise Web BrowsingFred Pullen Wednesday 9:00amE451bWindows 10 Browser ManagementDeen King-Smith 3:15pmE451bBrowser Security OverviewFred Pullen Thursday 9:00amN427Enterprise Mode for Internet Explorer 11 Deep DiveDeen King-Smith 3:15pmS502Web App Compat & Modernization for NerdsChris Jackson 11am-5pmN135Drop-In App Compat Troubleshooting Workshop

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.