Presentation is loading. Please wait.

Presentation is loading. Please wait.

4 Key Threats Internet was just growing Mail was on the verge Key Threats Melissa (1999), Love Letter (2000) Mainly leveraging social engineering.

Published byShana Cross Modified over 8 years ago

Similar presentations

Presentation on theme: "4 Key Threats Internet was just growing Mail was on the verge Key Threats Melissa (1999), Love Letter (2000) Mainly leveraging social engineering."— Presentation transcript:

1

2

3

4 4 Key Threats Internet was just growing Mail was on the verge Key Threats Melissa (1999), Love Letter (2000) Mainly leveraging social engineering Key Threats Code Red and Nimda (2001), Blaster (2003), Slammer (2003) 9/11 Mainly exploiting buffer overflows Script kiddies Time from patch to exploit: Several days to weeks Key Threats Zotob (2005) Attacks «moving up the stack» (Summer of Office 0-day) Rootkits Exploitation of Buffer Overflows Script Kiddies Raise of Phishing User running as Admin Key Threats Organized Crime Botnets Identity Theft Conficker (2008) Time from patch to exploit: days Key Threats Organized Crime, potential state actors Sophisticated Targeted Attacks Operation Aurora (2009) Stuxnet (2010) Windows 95 - Windows XP Logon (Ctrl+Alt+Del) Access Control User Profiles Security Policy Encrypting File System (File Based) Smartcard and PKI Support Windows Update Windows XP SP2 Address Space Layout Randomization (ASLR) Data Execution Prevention (DEP) Security Development Lifecycle (SDL) Auto Update on by Default Firewall on by Default Windows Security Center WPA Support Windows Vista Bitlocker Patchguard Improved ASLR and DEP Full SDL User Account Control Internet Explorer Smart Screen Filter Digital Right Management Firewall improvements Signed Device Driver Requirements TPM Support Windows Integrity Levels Secure “by default” configuration (Windows features and IE) Windows 7 Improved ASLR and DEP Full SDL Improved IPSec stack Managed Service Accounts Improved User Account Control Enhanced Auditing Internet Explorer Smart Screen Filter AppLocker BitLocker to Go Windows Biometric Service Windows Action Center Windows Defender Windows 8 UEFI (Secure Boot) Firmware Based TPM Trusted Boot (w/ELAM) Measured Boot and Remote Attestation Support Significant Improvements to ASLR and DEP AppContainer Windows Store Internet Explorer 10 (Plugin-less and Enhanced Protected Modes) Application Reputation moved into Core OS BitLocker: Encrypted Hard Drive and Used Disk Space Only Encryption Support Virtual Smartcard Picture Password, PIN Dynamic Access Control Built-in Anti-Virus 199520012004200720092012

5 Windows 8 Investment Areas

6 Passwords aren’t good enough anymore Access to resources is just based on authentication, not device health/integrity Malware can compromise PC before starting Windows Malware can hide from Anti- Malware software Vulnerabilities can be minimized but not completely eliminated Challenges

7

8 Universal Extensible Firmware Interface (UEFI)

9 Trusted Platform Module 2.0

10 #FeaturesTPM 1.2/2.0UEFI 2.3.1 1BitLocker: Volume EncryptionX 2BitLocker: Volume Network UnlockXX 3Trusted Boot: Secure BootX 4Trusted Boot: ELAMX 5Measured BootX 6Virtual Smart CardsX 7Certificate Storage (Hardware Bound)X 8Address Space Layout Randomization (ASLR)X 9Visual Studio CompilerX 10More…

11

12 TrainingRequirementsDesignImplementationVerificationReleaseResponse

13

14 Legacy Boot Modern Boot BIOS Starts any OS Loader, even malware Malware may starts before Windows The firmware enforces policy, only starts signed OS loaders OS loader enforces signature verification of Windows components. If fails Trusted Boot triggers remediation. Result - Malware unable to change boot and OS components BIOS OS Loader (Malware) OS Start

15

16 Windows 7 Windows 8

17

18 LengthPINPassword (a-z)Password (complex)Picture Password 11026n/a2,554 2100676n/a1,581,773 31,00017,57681,1201,155,509,083 410,000456,9764,218,240 5100,00011,881,376182,790,400 61,000,000308,915,7767,128,825,600 710,000,0008,031,810,176259,489,251,840 8100,000,000208,827,064,5768,995,627,397,120

19

20

21

22

23

24

25

26

27 Step 7 Step 1 Step 2 Step 6 Step 4 Step 3 Step 5 Device Registration & Periodic Refresh of Health Data Attestation & Verified Access to Secure Resources Periodic refresh of attestation data BYOD - Unmanaged Device Proof-of-Concept Flow Step 1: User registers personal device Step 2: Portal redirects new device to ADFS Step 3: User auths with domain creds Step 4: ADFS extension doesn’t find user/device info in Attestation Server Step 5: Client agent installed on device Step 6: Agent sends device health data Step 7: Agent enroll vSC for logon cert Step 1: User tries to access project site Step 2: Project site needs device claims Step 3: Device requests claims from extension running on ADFS server Step 4: ADFS extension verifies device information from Attestation Server Step 5: ADFS issues claims token Step 6: Device uses claims token to gain access to documents on project site Step 1 Step 2 Step 3 Step 5 Step 6

28

29

30

31

32 There are two types of enterprises in the U.S. Those who realize they’ve been hacked. Those who haven’t yet realized they’ve been hacked.

33 There are threats that are familiar and those that are modern.

34 FamiliarModern Script Kitties; Cybercrime Cyber-espionage; Cyber-warfare Cybercriminals State sponsored actions; Unlimited resources Attacks on fortune 500 Organizations in all sectors getting targeted Software solutions Hardware rooted trust the only way Secure the perimeter Assume breach. Protect at all levels Hoping I don‘t get hacked You will be hacked. How well did you mitigate?

35 Provable PC Health The Challenge UEFI and Trusted Boot very effective, no promises Malware still able to hide by turn off defenses No great way for devices to vet themselves Opportunities Remote Attestation API’s available for Boot Integrity Security Status Adoption ISV’s not delivering Remote Attestation services IS’s building for niche well funded customers Our Goal in Blue Deliver Remote Health Analysis service for Windows Provide remediation and notification services

36 Introducing Provable PC Health Secure Data 1. Client send periodic heartbeat with state data Measured Boot Action Center Status 2. Cloud service consumes data and analyzes it 3. If issue is detected cloud sends message to Client with remediation recommendation 4. Client responds to recommendation a) Machine Remediation b) Account Remediation 1 2 3 4a4a 4b

37 Enhancements to Windows Defender and Internet Explorer Windows Defender Malware almost always designed to talk to world, that’s their weakness Adding high performance behavior monitoring Identifies malicious patterns of behavior based ( file, registry, process, thread, network ) Activity log sent to cloud for analysis, signatures may be issued later Internet Explorer Malicious websites attempt to exploit vulns in binary extensions (e.g.: ActiveX) Binary extensions are executed immediately bypassing AM API available that enables AM solutions to scan before execution

38 Mitigation Technologies Protected Process Hardening Pass the Hash

39

40 Windows Enterprise: windows.com/enterprisewindows.com/enterprise

41 http://microsoft.com/msdn www.microsoft.com/learning http://channel9.msdn.com/Events/TechEd http://microsoft.com/technet

42 System Center 2012 Configuration Manager http://technet.microsoft.com/en- us/evalcenter/hh667640.aspx?wt.mc_id=TEC_105_1_33 Windows Intune http://www.microsoft.com/en-us/windows/windowsintune/try-and-buy Windows Server 2012 http://www.microsoft.com/en-us/server-cloud/windows-server Windows Server 2012 VDI and Remote Desktop Services http://technet.microsoft.com/en- us/evalcenter/hh670538.aspx?ocid=&wt.mc_id=TEC_108_1_33 http://www.microsoft.com/en-us/server-cloud/windows-server/virtual- desktop-infrastructure.aspx More Resources: microsoft.com/workstyle microsoft.com/server-cloud/user-device-management For More Information

43

44

45

Download ppt "4 Key Threats Internet was just growing Mail was on the verge Key Threats Melissa (1999), Love Letter (2000) Mainly leveraging social engineering."

Similar presentations

Installation & User Guide

Installation & User Guide
Microsoft ® Official Course First Look Clinic Overview of Windows 8 By Ragowo Riantory, S.Kom, MCP.

Microsoft ® Official Course First Look Clinic Overview of Windows 8 By Ragowo Riantory, S.Kom, MCP.
Ljubomir Ivaniš CPU d.o.o.

Ljubomir Ivaniš CPU d.o.o.
Preparing for security in Windows 8

Preparing for security in Windows 8
Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.

Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.
4/14/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/14/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Chapter 10 Securing Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration.

Chapter 10 Securing Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration.
@NEXTXPERT Improvements that Microsoft has made in the Windows platforms have driven BAD GUYS to new tactics.

@NEXTXPERT Improvements that Microsoft has made in the Windows platforms have driven BAD GUYS to new tactics.
Building on the Foundation of Windows Vista: Introduction to Windows 7: Security and Management Dan Stolts IT Pro Evangelist Microsoft

Building on the Foundation of Windows Vista: Introduction to Windows 7: Security and Management Dan Stolts IT Pro Evangelist Microsoft
Windows 8: Windows To Go Overview Zvezdan PavkovicTanya Koval Senior ConsultantArchitect WCL333.

Windows 8: Windows To Go Overview Zvezdan PavkovicTanya Koval Senior ConsultantArchitect WCL333.
Windows 8 Security Capabilities There are two types of enterprises. Those who realize they’ve been hacked. Those who haven’t yet realized they’ve.

Windows 8 Security Capabilities There are two types of enterprises. Those who realize they’ve been hacked. Those who haven’t yet realized they’ve.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Windows Defender Next Generation Anti-malware

Windows Defender Next Generation Anti-malware
Sony White House Anthem Lockheed Aramco Bushehr nuclear reactor NSA Hacked Facebook Hacked Apple,Google,Microsoft,

Sony White House Anthem Lockheed Aramco Bushehr nuclear reactor NSA Hacked Facebook Hacked Apple,Google,Microsoft,
Script Kiddies; CybercrimeCyber-espionage; Cyber-warfare CybercriminalsState sponsored actions; Unlimited resources Attacks on fortune 500All sectors.

Script Kiddies; CybercrimeCyber-espionage; Cyber-warfare CybercriminalsState sponsored actions; Unlimited resources Attacks on fortune 500All sectors.
Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.

Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.
Security and Policy Enforcement Mark Gibson Dave Northey

Security and Policy Enforcement Mark Gibson Dave Northey
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Windows 2003 and 802.1x Secure Wireless Deployments.

Windows 2003 and 802.1x Secure Wireless Deployments.

Similar presentations

Ads by Google