Windows Accelerate IT Pro Bootcamp: Security (Module 4 of 8)
Download as PPTX, PDF1 like833 views
The document discusses the security advancements in Windows 8.1, focusing on key threats like password attacks, digital identity theft, and organized cybercrime. It highlights significant improvements such as biometric authentication, device encryption, and better malware resistance, while emphasizing the ongoing challenges posed by modern cyber threats. Additionally, the need for effective security strategies to protect both corporate and personal devices in a rapidly evolving threat landscape is underscored.
Windows Accelerate IT Pro Bootcamp: Security (Module 4 of 8)
- 1. Chris Hallum Senior Product Manager Windows 8.1 Security Advancements
- 3. Key Threats • Passwords under attack • Digital identity theft and misuse • Signatures based AV unable to keep up • Digital signature tampering • Browser plug-in exploits • Data loss on BYOD devices Key Threats • Melissa (1999), Love Letter (2000) • Mainly leveraging social engineering Key Threats • Code Red and Nimda (2001), Blaster (2003), Slammer (2003) • 9/11 • Mainly exploiting buffer overflows • Script kiddies • Time from patch to exploit: Several days to weeks Key Threats • Zotob (2005) • Attacks «moving up the stack» (Summer of Office 0-day) • Rootkits • Exploitation of Buffer Overflows • Script Kiddies • Raise of Phishing • User running as Admin Key Threats • Organized Crime • Botnets • Identity Theft • Conficker (2008) • Time from patch to exploit: days Key Threats • Organized Crime, potential state actors • Sophisticated Targeted Attacks • Operation Aurora (2009) • Stuxnet (2010) Windows 8.1 • Touch Fingerprint Sensors • Improved Biometrics • TPM Key Attestation • Certificate Reputation • Improved Virtual Smartcards • Provable PC Health • Improved Windows Defender • Improved Internet Explorer • Device Encryption (All Editions) • Remote Business Data Removable Windows XP • Logon (Ctrl+Alt+Del) • Access Control • User Profiles • Security Policy • Encrypting File System (File Based) • Smartcard and PKI Support • Windows Update Windows XP SP2 • Address Space Layout Randomization (ASLR) • Data Execution Prevention (DEP) • Security Development Lifecycle (SDL) • Auto Update on by Default • Firewall on by Default • Windows Security Center • WPA Support Windows Vista • Bitlocker • Patchguard • Improved ASLR and DEP • Full SDL • User Account Control • Internet Explorer Smart Screen Filter • Digital Right Management • Firewall improvements • Signed Device Driver Requirements • TPM Support • Windows Integrity Levels • Secure “by default” configuration (Windows features and IE) Windows 7 • Improved ASLR and DEP • Full SDL • Improved IPSec stack • Managed Service Accounts • Improved User Account Control • Enhanced Auditing • Internet Explorer Smart Screen Filter • AppLocker • BitLocker to Go • Windows Biometric Service • Windows Action Center • Windows Defender Windows 8 • UEFI (Secure Boot) • Firmware Based TPM • Trusted Boot (w/ELAM) • Measured Boot and Remote Attestation Support • Significant Improvements to ASLR and DEP • AppContainer • TPM Key Protection • Windows Store • Internet Explorer 10 (Plugin-less and Enhanced Protected Modes) • Application Reputation moved into Core OS • BitLocker: Encrypted Hard Drive and Used Disk Space Only Encryption Support • Virtual Smartcard • Picture Password, PIN • Dynamic Access Control • Built-in Anti-Virus 20132001 2004 2007 2009 2012
- 4. Windows 8 Security Capabilities
- 5. The largest volume of security investments ever made in a single release of Windows have yielded great results.
- 6. Those who realize they’ve been hacked. Those who haven’t yet realized they’ve been hacked.
- 7. There are threats that are familiar and those that are modern.
- 8. Script Kiddies; Cybercrime Cyber-espionage; Cyber-warfare Cybercriminals State sponsored actions; Unlimited resources Attacks on fortune 500 All sectors and even suppliers getting targeted Software solutions Hardware rooted trust the only way Secure the perimeter Assume breach. Protect at all levels Hoping I don‘t get hacked You will be hacked. Did I successfully mitigate? Familiar Modern Company owned and tightly managed devices Bring your own device, varied management
- 9. “Commercial based antivirus and security products are designed for and focus on protecting you from prevalent classes of in the wild threats coming from criminals, thugs and digital mobsters (and it's a constant battle). It is not designed to protect you from the digital equivalent of Seal Team Six. So if you're the guy that finds himself in the crosshairs… you're not safe.” -- F-Secure “News from the Lab”, May 30, 2012 A Lockheed Martin official said the firm is “spending more time helping deal with attacks on the supply chain” of partners, subcontractors and suppliers than dealing with attacks directly against the company. “For now, our defenses are strong enough to counter the threat, and many attackers know that, so they go after suppliers. But of course they are always trying to develop new ways to attack.” -- Washington Post “Confidential report lists U.S. weapons system designs compromised by Chinese cyberspies”, May 27, 2013 “When discussing the importance of information security we’ve probably heard excuses such as “we’re too small to be a target” or “we don’t have anything of value”, but if there is anything this report can teach us, is that breaches can and do occur in organizations of all sizes and across a large number of industries.” -- TechRepublic speaking on the 2013 edition of Verizon’s Data Breach Investigations Report (DBIR).
- 10. Windows 8 and 8.1Security Capabilities First Class Biometric Experience Multifactor Authentication for BYOD Trustworthy Identities and Devices Provable PC Health Improved Windows Defender Improved Internet Explorer Pervasive Device Encryption Selective Wipe of Corp Data UEFI Modern Biometric Readers TPM
- 11. Universal Extensible Firmware Interface (UEFI) Trusted Platform Module (TPM)
- 12. Key Improvements in Trustworthy Hardware The Opportunity • Improve security for Consumer and BYOD • Leverage TPM in new way to address modern threats History in Windows • TPM is currently optional component in most devices • Pervasive on commercial devices, and most tablets Our Goal in Windows 8.1 • Drive adoption of InstantGo architecture with OEM’s • Work with Intel to make PTT pervasive on all proc’s • Add TPM requirement to 2015 Windows cert reqs • Secure approval in regions such as Russia and China What is UEFI? • A modern replacement for traditional BIOS • A Windows Certification Requirement (UEFI 2.3.1) Key Benefits • architecture-independent • initializes device and enables operation (e.g.; mouse, apps) Key Security Benefits: • Secure Boot - Supported by Windows 8, Linux, … • Encrypted Drive support for BitLocker • Network unlock support for BitLocker
- 13. Modern Authenticators Trustworthy Identities and Devices Secure Access to Resources
- 14. Key Improvements in Modern Access Control
- 15. Securing the Code and Core Securing the Boot Securing After the Boot
- 16. Key Improvements in Malware Resistance
- 17. Pervasive Device Encryption Selective Wipe of Corp Data
- 18. Key Improvements for Protecting Sensitive Data Remote Business Data Removal is a platform feature that: • protects corporate data using Encrypting File System (EFS) • enables IT to revoke access to corp data on managed and unmanaged devices • requires application support. • Current applications that support RBDR: • Mail • WorkFolders Data protection (FDE) is now considered a fundamental OS feature • Device Encryption included in all editions of Windows • Prevents unauthorized access on lost or stolen devices • enabled out of the box • requires devices with InstantGo technology • built on BitLocker tech; commercial grade protection BitLocker • provides additional configuration options and management capabilities that are attractive to enterprises • easy to deploy and available in Pro and Enterprise editions • enterprise management available with MBAM
- 19. Windows 8 and 8.1 Security Capabilities First Class Biometric Experience Multifactor Authentication for BYOD Trustworthy Identities and Devices Provable PC Health Improved Windows Defender Improved Internet Explorer Pervasive Device Encryption Selective Wipe of Corp Data UEFI Modern Biometric Readers TPM
Editor's Notes
- #6: The reviews and feedback Windows 8 security have been great and we’ve received many accolades We have achieved many of our goals that we set out to achieve particularly in area of Malware Resistance Take a look at how much more secure you are on Windows 8 vs 7 and XP Windows XP is 21 times more likely to be infected by malware than Window 8 Windows 7 is 6 times more likely to be infected by malware than Window 8 We can conclude that these great numbers were direct result of technologies like UEFI, Trusted Boot, ASLR, DEP, SmartScreen just to name a few For customers who are wondering about the Vista numbers which are better than 7 our answer is that there was a very limited sample due to share, attackers aren’t targeting the platform, and because of this the numbers are skewed.
- #7: As we worked on developing Windows 7 and increasingly so on 8 we began to see strong evidence that the likelihood of a organization being hacked had become more likely than not The statistics prove it. For instance the Verizon data breach report where surveyed customers provide information about the data breaches within their organizations had 60+% of the respondents admitting that they had been hacked. How many customers didn’t admit it or simply didn’t know? Hard to say… Regardless the numbers are high enough that we have come to believe that there are customers who realize they’ve been hacked and there are those that simply haven’t realized it yet.
- #8: We’ve been talking about familiar threats forever now and with each version of Windows we’ve improved our capabilities to combat them But we’re starting to see that as Windows defenses becomes increasingly strong that new avenues of attack are being pursued and With it we foresee an entire new class of new attacks that will feel new and quite modern
- #9: So lets compare and contrast the familiar vs the modern We’re all familiar with script kiddies and cybercrime but now were facing cyber espionage and warfare We’re all familiar with cyber criminals and thugs but now we’re talking about teams of full time hacker possible being funded by nation states We’re all familiar with software solutions to solve every security problem but now we’re facing threats where only hardware rooted trust is up to the task We’ve protected the perimeter to keep bad guys out but now they are getting in so you need to assume breach and proytect at all levels We’re familiar with attacks on big well known companies but now small businesses are in the crosshairs We used to own and tighly control all of the devices but now BYOD is going beyond mobile phones And finally we’re all familiar with hoping we don’t get hacked but the reality is that you will and it all comes down to how well you were able to limit your losses
- #10: Here on this slide we have some great quote to help the points just made sink in The first quote here is from F-Secure in response to the Flame virus. They feel, and we agree, that the software that companies having been using to protect themselves isn’t good enough to protect them against the modern attacker who often times is the digital equivalent to Seal Team Six. Think about that. How do you defend against that kind of talent and backing behind it? The second quote is from the 2013 Verizon Data Breach report and in they show us that businesses of all sizes are being attacked. If you think your too small your wrong. If you’ve ever swiped a credit card, which is almost every business, your going to be target as there is a prolific black market to sell they credit card data. If you’re not worried about that think about what happens when the passwords from an another ecommerce site are hacked and now hackers have the passwords to your users accounts since more times than users use the same password everywhere they go. The third quote is from Lockheed and in it they’re telling us that they’re spending as much to protect their vendors, suppliers, contractors, etc as they are on protecting their own assets. Think about that for a minute. Why are they doing this? That’s because they know that if your doing biz with them, even if it’s making nuts and bolts, you’re going to be targeted as possibly they get to you through them.