Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Summit West 2004 Redmond, WA Darren Canavor Longhorn Security.

Published byRosalind Melton Modified over 8 years ago

Similar presentations

Presentation on theme: "Security Summit West 2004 Redmond, WA Darren Canavor Longhorn Security."— Presentation transcript:

1 Security Summit West 2004 Redmond, WA Darren Canavor Longhorn Security

2 Agenda Definitions Definitions LUA Customer Pain Points LUA Customer Pain Points LUA Vision LUA Vision Desktop Control Desktop Control Tools Tools Security Questions for you Security Questions for you

3 Definitions LUA = Least Privileged User Account LUA = Least Privileged User Account  Run with just enough privilege to get the job done and no more!  Applications for regular users must be written to run as non-admin Administrator Administrator  A user of a machine that belongs to a user group that has permissions that are able to change local or domain state  Bluntly - a user that can destroy the user experience for everyone  Privilege == Obligation (view as a burden, not an enabler) PA = Protected Administrator PA = Protected Administrator  A user belonging to an admin group which obtains two tokens to run apps  At logon administrators will run a shell that has LUA default privilege  Elevated privileges are only granted to trusted applications AIM = Application Impact Management (aka Strongbox) AIM = Application Impact Management (aka Strongbox)  Virtualizes the legacy application view of Windows to remove admin dependency

4 LUA Customer Pain Points

5 Customer Pain Points Home: Virus and Spyware wrecks my machine Virus and Spyware wrecks my machine  Viruses and Spyware with Admin privilege can damage the machine Legacy applications require Admin to Install Legacy applications require Admin to Install  Users cannot install applications as NonAdmin Legacy applications require Admin to Run Legacy applications require Admin to Run  Users cannot run applications as NonAdmin Common OS Configuration tasks require Admin privilege Common OS Configuration tasks require Admin privilege  Users cannot perform common OS configuration tasks as LUA Users accidentally do the wrong thing Users accidentally do the wrong thing  Users running as Admin can inadvertently damage their machine Enterprise: Virus and Spyware wrecks my machine Virus and Spyware wrecks my machine  Viruses and Spyware with Admin privilege can damage the machine  Enterprise Admin attacks compromise corporation Line of Business applications require Admin to Run Line of Business applications require Admin to Run  Corporate Users cannot run applications as NonAdmin Common OS Configuration tasks require Admin privilege Common OS Configuration tasks require Admin privilege  Corporations can’t easily deploy users as LUA unless they compromise OS Security  Simple scenarios like VPN don’t work without Admin privilege  IT must reevaluate the LoB applications for each OS release due to inconsistent configuration settings

6 LUA Vison Vision Eliminate the risks caused by everyone running as administrator Strategy  Change the way that Windows runs so that common user tasks and most applications don’t require administrative privilege  Then advise and protect when administrator privilege is required Initiatives  Ensure Windows Users can run all Common User Tasks without Admin Privilege  Enable the Windows Infrastructure for users without Admin Privilege  Enable Apps to Install, Run, Update and Uninstall without Admin Privilege  Create Protected/Isolated Sessions for apps that do require Admin  Evangelize LUA to ISVs and Customers with Clear Guidelines, Education and Results Tracking

7 LUA Longhorn UX Goals OS feels like it was built for the LUA user OS feels like it was built for the LUA user Users know when they are about to do something potentially unsafe and are able to make an informed decision Users know when they are about to do something potentially unsafe and are able to make an informed decision  Windows always gives strong Security and Privacy recommendations  Users can undo damaging changes Users feel confident they can install or run any program without compromising their PC Users feel confident they can install or run any program without compromising their PC Users do not need to learn any major new concepts or procedures to be protected Users do not need to learn any major new concepts or procedures to be protected

8 Longhorn Is LUA Friendly Fix OS bugs (CPL, MSC, etc…) Fix OS bugs (CPL, MSC, etc…) Support Common LUA scenarios: Support Common LUA scenarios:  VPN  Display Settings  Power Management  Regional Settings  Clock  Calc  Etc. Support Per User Active X installation Support Per User Active X installation Support Per User File Extension handlers Support Per User File Extension handlers

9 LUA Infrastructure Support Make Per User installs work for LUA Make Per User installs work for LUA  Visual Studio, MSI 4.0, and OS support “MyPrograms”  Location: %USERPROFILE%\Local Settings\My Programs All LH Logo Applications run as LUA All LH Logo Applications run as LUA  AppCompat shims top X ISV applications Applications have manifests (Application or Deployment) Applications have manifests (Application or Deployment)  Defines what the application is and its system impact  Signed by either ISV or IT Department Trust infrastructure to support manifest signature validation Trust infrastructure to support manifest signature validation

10 LUA Deployments Support Runtime File/Registry Virtualization Runtime File/Registry Virtualization  Support / Management tools (debug transaction logs)  Educate PSS on how to debug Virtualization  Explorer support correct File view Trust infrastructure support Trust infrastructure support  Trust Manager  Application Information Service Simple Secure Consent UI Simple Secure Consent UI

11 Desktop Control Full control over what applications and drivers can be installed or run Full control over what applications and drivers can be installed or run Desktop Control Policy settings: Desktop Control Policy settings:  Lockdown: Only predefined publishers can install or run  Prompt: For unknown publishers ask the user for install or run permission  XP compatibility: No Trust check

12 Application Information Svc Overview

13 Managing Application Trust Trust determined by certificate used to sign code with a.k.a. ‘publisher’ Trust determined by certificate used to sign code with a.k.a. ‘publisher’  Authenticate against set of “Trusted Publishers” Administrators set policies controlling which publishers to trust Administrators set policies controlling which publishers to trust  Decide which are “Trusted Publishers”  Pre-populate “Trusted Publishers” certificates in OS Image (IBS)  GP Certificate trust download for machines joined to domain

14 Permissions For Installing Drivers Driver Store Driver Store  Repository of drivers on local machine  Requires Administrator permission to populate  “Stage” drivers for install  Once drivers are added to store they will install regardless of user permission Driver Package Integrity Driver Package Integrity  Longhorn will require all drivers to be digitally signed to install  Authenticode™ code signing works for all driver types in Longhorn  Signing check occurs before adding a driver to the Driver Store

15 Code Validation Process All code validation is a human decision All code validation is a human decision  Publishers can get signed app manifest (need to be in cert store)  Domain admins can sign deployment manifest (enterprise store)  Local admins can “bless” apps  By policy user can decide to change default behavior All local validation decisions are preserved in App Context All local validation decisions are preserved in App Context Code Integrity is assured by checking every.EXE and.DLL for validity Code Integrity is assured by checking every.EXE and.DLL for validity Application trust is assured at Runtime Application trust is assured at Runtime

16 LUA Predictor AppVerifier Intended to predict whether an application would work correctly as a non-admin. Intended to predict whether an application would work correctly as a non-admin.  Identifies API calls that would fail if attempted by a non-administrator  Identifies all Access requiring Admin privilege Example LUA Predictor test pass: Example LUA Predictor test pass:  Logon as Administrator and install LUA Predictor Shim  Build affinity to the applicable application  Test application and save log  Logon as Non Admin  Test application and save log Tool Location: http://www.microsoft.com/windows/appcompatibility/default.mspx Tool Location: http://www.microsoft.com/windows/appcompatibility/default.mspx http://www.microsoft.com/windows/appcompatibility/default.mspx

17 Security Questions For You Do you test applications as Least Privileged User (LUA) – non-administrators? Do you test applications as Least Privileged User (LUA) – non-administrators? Do you perform a threat analysis of applications before deploying them? Do you perform a threat analysis of applications before deploying them? Is it your goal to provision users to run with out administrator credentials, if so what percentage of your users run as non administrators? Is it your goal to provision users to run with out administrator credentials, if so what percentage of your users run as non administrators? Do your IT administrators have a secondary LUA account? Do your IT administrators have a secondary LUA account? Do you have a hard policy on what IT administrators can do when they are logged on? Do you have a hard policy on what IT administrators can do when they are logged on?  Ie. Not surf the internet? Do you write line-of-business applications in.NET managed code? Do you write line-of-business applications in.NET managed code? Do you see value in writing managed code with permission sets that limit what the application can do? Do you see value in writing managed code with permission sets that limit what the application can do? Do you see value in writing line-of-business apps to a highly restricted environment (a sandbox) that restricts that application enough that it doesn’t need a trust dialog to deploy? Do you see value in writing line-of-business apps to a highly restricted environment (a sandbox) that restricts that application enough that it doesn’t need a trust dialog to deploy?

18 © 2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Download ppt "Security Summit West 2004 Redmond, WA Darren Canavor Longhorn Security."

Similar presentations

IEs Protected Mode in Windows Vista TM January 20, 2006 Marc Silbey Program Manager.

IEs Protected Mode in Windows Vista TM January 20, 2006 Marc Silbey Program Manager.
© 2001 3 Leaf Solutions, LLC. All Rights Reserved What’s New in Everett Microsoft.Net V1.1.

© Leaf Solutions, LLC. All Rights Reserved What’s New in Everett Microsoft.Net V1.1.
Remote Desktop Services

Remote Desktop Services
Microsoft Windows XP SP2 Urs P. Küderli Strategic Security Advisor Microsoft Schweiz GmbH.

Microsoft Windows XP SP2 Urs P. Küderli Strategic Security Advisor Microsoft Schweiz GmbH.
Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.

Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Lesson 17: Configuring Security Policies

Lesson 17: Configuring Security Policies
Windows Vista Security model and vulnerabilities.

Windows Vista Security model and vulnerabilities.
©2006 Microsoft Corporation. All rights reserved. Application Compatibility in Windows Vista and the Application Compatibility Toolkit Micheal Sciacqua.

©2006 Microsoft Corporation. All rights reserved. Application Compatibility in Windows Vista and the Application Compatibility Toolkit Micheal Sciacqua.
Sony White House Anthem Lockheed Aramco Bushehr nuclear reactor NSA Hacked Facebook Hacked Apple,Google,Microsoft,

Sony White House Anthem Lockheed Aramco Bushehr nuclear reactor NSA Hacked Facebook Hacked Apple,Google,Microsoft,
Windows Forms 2.0 – ClickOnce Stephen Turner Software Design Engineer

Windows Forms 2.0 – ClickOnce Stephen Turner Software Design Engineer
Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.

Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.
Information for Developers Windows XP Service Pack 2 Information for Developers.

Information for Developers Windows XP Service Pack 2 Information for Developers.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
Lesson 18: Configuring Application Restriction Policies

Lesson 18: Configuring Application Restriction Policies
Installation Requirements. Agenda Installation requirements Installation options Installing to correct folder locations Installing Windows resources Creating.

Installation Requirements. Agenda Installation requirements Installation options Installing to correct folder locations Installing Windows resources Creating.
Visual Studio Whidbey: Deploying Applications Using ClickOnce Sean Draine Program Manager Microsoft Corporation Sean Draine Program Manager Microsoft Corporation.

Visual Studio Whidbey: Deploying Applications Using ClickOnce Sean Draine Program Manager Microsoft Corporation Sean Draine Program Manager Microsoft Corporation.
1 ClickOnce: Advanced Topics in Web Based Application Deployment for Windows Forms and Avalon Jamie Cool Program Manager Microsoft Corporation Jamie Cool.

1 ClickOnce: Advanced Topics in Web Based Application Deployment for Windows Forms and Avalon Jamie Cool Program Manager Microsoft Corporation Jamie Cool.
Module 8: Implementing Administrative Templates and Audit Policy.

Module 8: Implementing Administrative Templates and Audit Policy.
2851A_C01. Microsoft Windows XP Service Pack 2 Security Technologies Bruce Cowper IT Pro Advisor Microsoft Canada.

2851A_C01. Microsoft Windows XP Service Pack 2 Security Technologies Bruce Cowper IT Pro Advisor Microsoft Canada.

Similar presentations

Ads by Google