Microsoft Work Exposes Magnitude of Botnet Threat Microsoft's Security Intelligence Report sheds light on the expanding threat that bots… Researchers Discover Link Between a Series of Trojans A difficult.
Download ReportTranscript Microsoft Work Exposes Magnitude of Botnet Threat Microsoft's Security Intelligence Report sheds light on the expanding threat that bots… Researchers Discover Link Between a Series of Trojans A difficult.
Microsoft Work Exposes Magnitude of Botnet Threat Microsoft's Security Intelligence Report sheds light on the expanding threat that bots… Researchers Discover Link Between a Series of Trojans A difficult to remove rootkit behind numerous sophisticated attacks, appears to have helped spread yet another Trojan. Groundbreaking Malware Resistance Protect and Manage Threats Protects the client, data, and corporate resources by making the client inherently secure and less vulnerable from the effects from malware. Pervasive Device Encryption Protect Sensitive Data Protect Access to Resources Simplifies provisioning and compliance management the of encrypted drives on the widest variety of PC form factors and storage technologies Modernized Access Control Modernizes access control and data management while increasing data security within the enterprise. Challenges That We Face In Combatting Malware Secure Hardware What is UEFI? An interface built on top of and replaces some aspects of traditional BIOS Like BIOS it hands control of the pre-boot environment to an OS Key Benefits architecture-independent enables device initialization and operation (mouse, pre-os apps, menus) Key Security Benefits: Secure Boot Encrypted Drive support for BitLocker Network unlock support for BitLocker A Windows Certification Requirement (UEFI 2.3.1) Trusted Platform Module 2.0 TPM Value Proposition Enables commercial-grade security via physical and virtual key isolation from OS TPM 1.2 spec: mature standard, years of deployment and hardening Improvements in TPM provisioning lowers deployment barriers TCG Standard evolution: TPM 2.0* Algorithm extensibility allows for implementation and deployment in additional countries Security scenarios are compatible with TPM 1.2 or 2.0 Windows 8: TPM 2.0 support enables implementation choice Discrete TPM Firmware-based (ARM TrustZone® ; Intel’s Platform Trust Technology (PTT)) Windows Logo Requirement for AOAC Only # Feature TPM 1.2/2.0 UEFI 2.3.1 1 BitLocker: Volume Encryption X 2 BitLocker: Volume Network Unlock X 3 Trusted Boot: Secure Boot X 4 Trusted Boot: ELAM X 5 Measured Boot X 6 Virtual Smart Cards X 7 Certificate Storage (Hardware Bound) X 8 Address Space Layout Randomization (ASLR) X 9 Visual Studio Compiler X 10 More… X Securing the Core Gains per use Attacker Return = Cost to acquire vulnerability - x Opportunities to use ???? + Cost to weaponize Training Response Requirements Release Design Verification Implementation Securing the Boot Legacy Boot BIOS OS Loader (Malware) OS Start • BIOS Starts any OS Loader, even malware • Malware may starts before Windows Modern Boot Native UEFI Verified OS Loader Only OS Start • The firmware enforces policy, only starts signed OS loaders • OS loader enforces signature verification of Windows components. If fails Trusted Boot triggers remediation. • Result - Malware unable to change boot and OS components Windows 7 • Malware is able to boot before Windows and Anti-malware • Malware able to hide and remain undetected • Systems can be compromised before AM starts Windows 8 • Secure Boot loads Anti-Malware early in the boot process • Early Load Anti-Malware (ELAM) driver is specially signed by Microsoft • Windows starts AM software before any 3rd party boot drivers • Malware can no longer bypass AM inspection Windows 7 • Measurements of some boot components evaluated as part of boot • Only enabled when BitLocker has been provisioned Windows 8 • • • • Measures all boot components Measurements are stored in a Trusted Platform Module (TPM) Remote attestation, if available, can evaluate client state Enabled when TPM is present. BitLocker not required Secure Boot prevents malicious OS loader UEFI Boot Measurements of components including AM software are Client retrieves TPM stored in the TPM measurements of client and sends it to Remote Attestation Service Boot Policy 1 TPM 3 Windows OS Loader AM Policy Windows Kernel and Drivers AM Software Remote Resource (File Server) (Fie Server) 5 2 AM software is started before all 3rd party software Client provides attempts Client to access Health Claim. Server resource. Server requests reviews and grants Client Health Claim.access to healthy clients. 74 3rd Party Software Windows Logon Client 6 Client Health Claim Remote Attestation Service issues Client Health Claim to Client Remote Attestation Service Securing After Boot Devices and Security http://northamerica.msteched.com www.microsoft.com/learning http://microsoft.com/technet http://microsoft.com/msdn