Академический Документы
Профессиональный Документы
Культура Документы
Internet was just growing Melissa (1999), Love Letter Code Red and Nimda Zotob (2005) Organized Crime Organized Crime, potential
Mail was on the verge (2000) (2001), Blaster (2003), Attacks moving up the Botnets state actors
Mainly leveraging social Slammer (2003) stack (Summer of Office Identity Theft Sophisticated Targeted
engineering 9/11 0-day) Conficker (2008) Attacks
Mainly exploiting buffer Rootkits Time from patch to exploit: Operation Aurora (2009)
overflows Exploitation of Buffer days Stuxnet (2010)
Script kiddies Overflows
Time from patch to exploit: Script Kiddies
Several days to weeks Raise of Phishing
User running as Admin
Architecture-independent
Enables device initialization and operation (mouse, pre-os apps, menus)
Verified OS Loader
Modern Boot Native UEFI
Only
OS Start
Windows Core,
Windows 8
Windows 8
Native UEFI Kernel, Anti- 3rd Party Drivers Windows Logon
OS Loader Malware
Easy to deploy and cost effective way to enable strong multi-factor auth
Provides a secure, seamless, and always ready experience for end users
Deployment at scale requires a management solution. Intercedes MyID solution was first to market and was
available at launch.
Recent Criticism Response
Access based on an Access Control List that defines rights and auditing policy
Access is granted based entirely on successful authentication of the user
Adds vetting of a devices security state to the access decision making process
Leverages Windows 8 Measured Boot, Remote Attestation, Enhanced Access Control,
Secure Access to Corporate Resources Secure Transactions and Banking
Protection of Digital Content More
Tier 1 ISVs very interested but not yet committed to delivering solutions, waiting
Near terms solutions will need to come from Microsoft Services and Solution Integrators
Measurements are secured and protected by the systems Trusted Platform Module (TPM)
Automatically enabled when TPM is present
BYOD - Unmanaged Device SharePoint Step 6: Device uses claims token to gain
access to documents on project site
Proof-of-Concept Flow
http://www.jwsecure.com
http://www.gdc4s.com
http://www.iddataweb.com
http://www.dminc.com
There are two types of enterprises in the U.S.
b) Account Remediation
Enhancements to Windows Defender and Internet Explorer
Windows Defender
Malware almost always designed to talk to world, thats their weakness
Adding high performance behavior monitoring
Identifies malicious patterns of behavior based (file, registry, process, thread, network)
Activity log sent to cloud for analysis, signatures may be issued later
Internet Explorer
Malicious websites attempt to exploit vulns in binary extensions (e.g.: ActiveX)
Binary extensions are executed immediately bypassing AM
API available that enables AM solutions to scan before execution
Mitigation Technologies
Protected Process Hardening
Pass the Hash
Windows Enterprise: windows.com/enterprise
windows.com/ITpro
microsoft.com/mdop
microsoft.com/dv
microsoft.com/windows/wtg
tryoutlook.com
http://channel9.msdn.com/Events/TechEd www.microsoft.com/learning
http://microsoft.com/technet http://microsoft.com/msdn
For More Information
System Center 2012 Configuration Manager
http://technet.microsoft.com/en-
us/evalcenter/hh667640.aspx?wt.mc_id=TEC_105_1_33
Windows Intune
http://www.microsoft.com/en-us/windows/windowsintune/try-and-buy
More Resources:
microsoft.com/workstyle
microsoft.com/server-cloud/user-device-management