David Smith | Windows Client | Microsoft Canada Security Primer

Agenda Fundamental security UAC (the former LUA) TPM 1.2 BitLocker

Fundamentals Improved Security Development Lifecycle (SDL) process for Windows Vista Threat modeling as part of design phase Security reviews and testing built into the schedule Security metrics for product teams Common Criteria (CC) Certification EAL 4 and Single Level OS Protection Profile

Service Hardening Windows Service Hardening Defense in depth Services run with reduced privilege compared to Windows XP Active protection File system Registry Network

Service Hardening Windows Service Hardening Defense in depth Windows services are profiled for allowed actions to the network, file system, and registry Active protection File system Registry Network

Service Hardening Windows Service Hardening Defense in depth Designed to block attempts by malicious software to make a Windows service write to an area of the network, file system, or registry that isn’t part of that service’s profile Active protection File system Registry Network

Windows Defender Improved Detection and Removal Redesigned and Simplified User Interface Protection for all users

Windows Vista Firewall Combined firewall and IPsec management New management tools – Windows Firewall with Advanced Security MMC snap-in Reduces conflicts and coordination overhead between technologies Firewall rules become more intelligent Specify security requirements such as authentication and encryption Specify Active Directory computer or user groups Outbound filtering Enterprise management feature – not for consumers Simplified protection policy reduces management overhead

Challenges Users running as admin = unmanaged desktops Viruses and Spyware can damage the system when run with elevated privileges Enterprise users running elevated privileges can compromise the corporation Users can make changes that require re- imaging the machine to undo

Challenges Line of Business (LoB) applications require elevated privileges to run System security must be relaxed to run the LoB application IT Administrators must reevaluate the LoB applications for each Operating System release due to inconsistent configuration settings

Challenges Common Operating System Configuration tasks require elevated privilege Corporations can’t easily deploy applications unless they compromise Operating System Security Simple scenarios like changing the time zone don’t work Users are not able to manage non-sensitive account information

User Account Control Goal: Allow businesses to move to a better-managed desktop and consumers to use parental controls

User Account Control Make the system work well for standard users Allow standard users to change time zone and power management settings, add printers, and connect to secure wireless networks

User Account Control High application compatibility Make it clear when elevation to admin is required and allow that to happen in-place without logging off High application compatibility with file/registry virtualization

User Account Control Administrators use full privilege only for administrative tasks or applications User provides explicit consent before using elevated privilege

Information Leakage Is Top-of-mind With Business Decision Makers “After virus infections, businesses report unintended forwarding of s and loss of mobile devices more frequently than they do any other security breach” Jupiter Research Report, %10%20%30%40%50%60%70% Loss of digital assets, restored piracy Password compromise Loss of mobile devices Unintended forwarding of s 20% 22% 35% 36% 63% Virus infection

BitLocker Drive Encryption BitLocker Drive Encryption fully encrypts the entire Windows Vista volume. Designed specifically to prevent the unauthorized disclosure of data when it is at rest. BitLocker BitLocker

BitLocker Drive Encryption Provides data protection on your Windows client systems, even when the system is in unauthorized hands. Designed to utilize a v1.2 Trusted Platform Module (TPM) for secure key storage and boot environment authentication BitLocker BitLocker

Protects secrets Performs cryptographic functions RSA, SHA-1, RNG Meets encryption export requirements Can create, store and manage keys Provides a unique Endorsement Key (EK) Provides a unique Storage Root Key (SRK) TPM 1.2 spec: A Trusted Platform Module?

Answers the question: “Where do we put the key?” Hardware can be made and certified tamper- resistant Provides anti- hammering protection TPM 1.2 spec: A Trusted Platform Module?

TPM is implementation of Root-Of-Trust Enables implementation of Static-Root-Of-Trust measurement Hardware is easy to validate Difficult for software to self-validate TPM 1.2 spec: A Trusted Platform Module?

Performs digital signature operations Holds Platform Measurements (hashes) Anchors chain of trust for keys and credentials Protects itself against attacks TPM 1.2 spec: A Trusted Platform Module?

Spectrum of Protection

An Integrated Solution BitLocker integrated into WMI and Group Policy AD will automatically escrow keys and passwords for centralized management Recovery console built into Vista for field recovery if needed

Windows Vista Information Protection Who are you protecting against? Other users or administrators on the machine? EFS Unauthorized users with physical access? BitLocker™ ScenariosBitLockerEFSRMS Laptops Branch office server Local single-user file & folder protection Local multi-user file & folder protection Remote file & folder protection Untrusted network admin Remote document policy enforcement Some cases can result in overlap. (e.g. Multi-user roaming laptops with untrusted network admins)

Windows Vista Security Summary SDL Service Hardening Code Scanning Default configuration Code Integrity IE –protected mode/anti- phishing Windows Defender Bi-directional Firewall IPSEC improvements Network Access Protection (NAP) Threat and Vulnerability Mitigation Fundamentals Identify and Access Control User Account Control Plug and Play Smartcards Simplified Logon architecture Bitlocker RMS Client

© 2006 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary. Questions and Answers

© 2006 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

© 2006 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

DISCLAIMER FOR DOCUMENTATION REGARDING PRE-RELEASED SOFTWARE This document supports a preliminary release of a software product that may be changed substantially prior to final commercial release, including URL and other Internet Web sites referenced, and is the confidential and proprietary information of Microsoft Corporation. The entire risk of the use or the results from the use of this document remains with the user. The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. Therefore, MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. Unless otherwise noted, the example companies, organizations, products, domain names, addresses, logos, people, places and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, address, logo, person, place or event is intended or should be inferred. Copyright 2006 Microsoft Corporation. All rights reserved. Microsoft and Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Backup Slides

DD D Reduce size of high risk layers Segment the services Increase # of layers Kernel Drivers Windows Service Hardening Defense In Depth – Factoring/Profiling D D User-mode Drivers D DD Service1 Service2 Service3 Service … Service… ServiceA ServiceB

Phishing Filter Dynamic Protection Against Fraudulent Websites 3 “checks” to protect users from phishing scams: 1.Compares web site with local list of known legitimate sites 2.Scans the web site for characteristics common to phishing sites 3.Double checks site with online Microsoft service of reported phishing sites updated several times every hour Level 1: Warn Suspicious Website Signaled Level 2: Block Confirmed Phishing Site Signaled and Blocked Two Levels of Warning and Protection in IE7 Security Status Bar

IE6 IE6 running with Admin Rights Install a driver, Run Windows Update Change Settings, Download a Picture Cache Web contentExploit can install MALWARE Admin-Rights Access User-Rights Access Temp Internet Files HKLM Program Files HKCU My Documents Startup Folder Untrusted files & settings

IExplore Install an ActiveX control Change settings, Save a picture Integrity Control IEUser Redirected settings & files Compat Redirector Cache Web content Admin-Rights Access User-Rights Access Temp Internet Files HKLM HKCR Program Files HKCU My Documents Startup Folder Untrusted files & settings Advanced Malware Protection Protected Mode IE, UAC contain threats IEAdmin

Bitlocker™ Hardware Requirements Hardware requirements to support BDE Trusted Platform Module (TPM) v1.2 Provides platform integrity measurement and reporting Requires platform support for TPM Interface (TIS) Firmware (Conventional or EFI BIOS) – TCG compliant Establishes chain of trust for pre-OS boot Must support TCG specified Static Root Trust Measurement (SRTM) Additional functionality enabled by USB dongle At least 2 partitions. Partitions should be NTFS.

What Is A Trusted Platform Module (TPM)? Smartcard-like module on the motherboard that: Helps protect secrets Performs cryptographic functions RSA, SHA-1, RNG Meets encryption export requirements Can create, store and manage keys Provides a unique Endorsement Key (EK) Provides a unique Storage Root Key (SRK) Performs digital signature operations Holds Platform Measurements (hashes) Anchors chain of trust for keys and credentials Protects itself against attacks TPM 1.2 spec:

Bitlocker™ Features Overview BitLocker Drive Encryption (BDE) Prevents bypass of Window’s boot process TPM Base Services (TBS) Windows and 3rd party SW access to TPM Pre-OS multi-factor authentication Dongle, BIOS, and TPM- backed SW Identity Bit-chipping Sys-admin ONLY tool to securely speed-up PC re- deployment Single MS TPM driver Improved stability and security Scenarios: Lost or stolen laptop Branch-office Server

Bitlocker™ Drive Appears In XP

Bitlocker™ Drive Appears In Vista