www.microsoft.com/sir • 1. 2. 3. 4. 5. 6. • 7. 8. 9. • 10. 11. 12. • 1. 2. 3. • • If you want to limit a user’s functionality, don’t make them an administrator.
Download ReportTranscript www.microsoft.com/sir • 1. 2. 3. 4. 5. 6. • 7. 8. 9. • 10. 11. 12. • 1. 2. 3. • • If you want to limit a user’s functionality, don’t make them an administrator.
www.microsoft.com/sir • 1. 2. 3. 4. 5. 6. • 7. 8. 9. • 10. 11. 12. • 1. 2. 3. • • If you want to limit a user’s functionality, don’t make them an administrator. • Europe 2010 • 275 Organizations • +72,000 laptops lost • ~1.79 Billion Euros • United States 2010 • 329 Organizations • +86,000 laptops • ~2.1 Billion Dollars HIPAA Breach: Stolen Hard Drives • March 2012: Large Medical Provider in Tennessee paying $1.5 million to the US Dept. Health & Human Services • Theft of 57 hard drives that contained protected health information (ePHI) for over 1 million individuals • Secured by: • Security Patrols • Biometric scanner • Keycard scanner • Magnetic locks • Keyed locks “71% of health care organizations have suffered at least one data breach within the last year” -Study by Veriphyr US-CERT warned “Complete Java security sandbox bypass” found “Java is the world’s biggest target for hackers. It has been the top exploit vector for many years. Ask anyone involved with detecting and eradicating malware in the enterprise; Java, they will say, it responsible for most of it.” As part of its quarterly patch release cycle, Oracle will be unleashing 86 of the things on Tuesday, January 15, over half of them critical enough to allow full remote code execution without piffling details like a password. “disable it or uninstall Java.” “It’s not like Java got insecure all of a sudden. It’s been insecure for years.” “Java was responsible for half of all cyber attacks last year…” "every company whose security I've audited has a Java problem -- an ongoing one that long predates the current threat. Java provides a convenient attack vector for most of the malware arriving in companies…” Parent Partition Virtual Machines User Mode Provided by: User Mode Virtualization Stack WMI Provider VMMS Service Server Core Windows Kernel VID Device Drivers Hyper-V Guest Applications VM Worker Processes ISV Virtualization Service Providers (VSPs) Virtualization Service Clients (VSCs) OS Kernel Enlightenments VMBus Kernel Mode Kernel Mode Hypervisor Storage Windows NIC CPU MMU APIC • • http://support.microsoft.com/kb/961804 http://www.microsoft.com/en-us/download/details.aspx?id=16776 VM1 Root Partition VM2 VM NIC Host NIC VM NIC BFE Service Forwarding Windows extensions Platformdirect (WFP) Extensions defining canthe inspect, CaptureFilter extensions cantraffic, inspect traffic and drop, destination(s) modify,new and of each insert packet packets using WFP APIs generate traffic for report purposes Forwarding Windows Antivirus extensions andcan Firewall capture software and filter usestraffic WFP for traffic filtering Capture extensions do not modify existing Example: sflow by inMon – NEC ProgrammableFlow's vPFS OpenFlow Firewall Callout Extensible Switch Filtering Engine Extension Protocol Capture Extensions (NDIS) Windows Filter Platform (WFP) Forwarding Extensions Extensions Forwarding (NDIS) Extension Miniport Physical NIC Extensible Switch traffic Examples: Example: Virtual Firewall by 5NINE Software – Cisco Nexus 1000V and UCS • • http://technet.microsoft.com/en-us/library/hh831452.aspx http://msdn.microsoft.com/en-us/library/ff565501(v=VS.85).aspx http://msdn.microsoft.com/en-us/windows/hardware/gg463267.aspx Dynamic Virtual Machine Queue (VMQ) is a feature available to computers running Windows Server 2008 R2 with the Hyper-V server role installed, that have VMQ-capable network hardware. VMQ uses hardware packet filtering to deliver packet data from an external virtual machine network directly to virtual machines, which reduces the overhead of routing packets and copying them from the management operating system to the virtual machine. IPsec Task Offload: Microsoft expects deployment of Internet Protocol security (IPsec) to increase significantly in the coming years. The large demands placed on the CPU by the IPsec integrity and encryption algorithms can reduce the performance of your network connections. IPsec Task Offload is a technology built into the Windows operating system that moves this workload from the main computer's CPU to a dedicated processor on the network adapter. SR-IOV is a specification that allows a PCIe device to appear to be multiple separate physical PCIe devices. The SR-IOV specification was created and is maintained by the PCI SIG, with the idea that a standard specification will help promote interoperability. SR-IOV works by introducing the idea of physical functions (PFs) and virtual functions (VFs). Physical functions (PFs) are full-featured PCIe functions; virtual functions (VFs) are “lightweight” functions that lack configuration resources. • • • • • • • • • http://www.bsi.de/zertifiz/zert/reporte/0570a.pdf https://www.bsi.bund.de/ContentBSI/EN/Topics/Certification/new certificates.html