We ran the "Windows Accelerate IT Pro Bootcamp" one day hands-on workshop in early June 2014. These eight modules were designed to get IT managers, project managers, sysadmin and devops up to speed with the new Windows 8.1 and Office 2013. The bootcamp focused on how to move off earlier versions of Windows and Office to a modern desktop and tablet platforms with the latest security and mobility technologies.
Keep an eye in our SlideShare feed for all eight modules:
Windows Accelerate IT Pro Bootcamp: Introduction (Module 1 of 8)
Windows Accelerate IT Pro Bootcamp: Platform Delivery (Module 2 of 8)
Windows Accelerate IT Pro Bootcamp: Windows ToGo (Module 3 of 8)
Windows Accelerate IT Pro Bootcamp: Security (Module 4 of 8)
Windows Accelerate IT Pro Bootcamp: UE-V (Module 5 of 8)
Windows Accelerate IT Pro Bootcamp: App-V (Module 6 of 8)
Windows Accelerate IT Pro Bootcamp: Devices (Module 7 of 8)
Windows Accelerate IT Pro Bootcamp: Closing (Module 8 of 8)
For other events (Intergen or Microsoft Community) check our events page at http://www.intergen.co.nz/upcoming-events/
3. Key Threats
• Passwords under attack
• Digital identity theft and
misuse
• Signatures based AV unable
to keep up
• Digital signature tampering
• Browser plug-in exploits
• Data loss on BYOD devices
Key Threats
• Melissa (1999), Love Letter
(2000)
• Mainly leveraging social
engineering
Key Threats
• Code Red and Nimda
(2001), Blaster (2003),
Slammer (2003)
• 9/11
• Mainly exploiting buffer
overflows
• Script kiddies
• Time from patch to exploit:
Several days to weeks
Key Threats
• Zotob (2005)
• Attacks «moving up the
stack» (Summer of Office
0-day)
• Rootkits
• Exploitation of Buffer
Overflows
• Script Kiddies
• Raise of Phishing
• User running as Admin
Key Threats
• Organized Crime
• Botnets
• Identity Theft
• Conficker (2008)
• Time from patch to exploit:
days
Key Threats
• Organized Crime, potential
state actors
• Sophisticated Targeted
Attacks
• Operation Aurora (2009)
• Stuxnet (2010)
Windows 8.1
• Touch Fingerprint Sensors
• Improved Biometrics
• TPM Key Attestation
• Certificate Reputation
• Improved Virtual
Smartcards
• Provable PC Health
• Improved Windows
Defender
• Improved Internet Explorer
• Device Encryption (All
Editions)
• Remote Business Data
Removable
Windows XP
• Logon (Ctrl+Alt+Del)
• Access Control
• User Profiles
• Security Policy
• Encrypting File System (File
Based)
• Smartcard and PKI Support
• Windows Update
Windows XP SP2
• Address Space Layout
Randomization (ASLR)
• Data Execution Prevention
(DEP)
• Security Development
Lifecycle (SDL)
• Auto Update on by Default
• Firewall on by Default
• Windows Security Center
• WPA Support
Windows Vista
• Bitlocker
• Patchguard
• Improved ASLR and DEP
• Full SDL
• User Account Control
• Internet Explorer Smart
Screen Filter
• Digital Right Management
• Firewall improvements
• Signed Device Driver
Requirements
• TPM Support
• Windows Integrity Levels
• Secure “by default”
configuration (Windows
features and IE)
Windows 7
• Improved ASLR and DEP
• Full SDL
• Improved IPSec stack
• Managed Service Accounts
• Improved User Account
Control
• Enhanced Auditing
• Internet Explorer Smart
Screen Filter
• AppLocker
• BitLocker to Go
• Windows Biometric Service
• Windows Action Center
• Windows Defender
Windows 8
• UEFI (Secure Boot)
• Firmware Based TPM
• Trusted Boot (w/ELAM)
• Measured Boot and
Remote Attestation
Support
• Significant Improvements
to ASLR and DEP
• AppContainer
• TPM Key Protection
• Windows Store
• Internet Explorer 10
(Plugin-less and Enhanced
Protected Modes)
• Application Reputation
moved into Core OS
• BitLocker: Encrypted Hard
Drive and Used Disk Space
Only Encryption Support
• Virtual Smartcard
• Picture Password, PIN
• Dynamic Access Control
• Built-in Anti-Virus
20132001 2004 2007 2009 2012
8. Script Kiddies; Cybercrime Cyber-espionage; Cyber-warfare
Cybercriminals State sponsored actions; Unlimited resources
Attacks on fortune 500 All sectors and even suppliers getting targeted
Software solutions Hardware rooted trust the only way
Secure the perimeter Assume breach. Protect at all levels
Hoping I don‘t get hacked You will be hacked. Did I successfully mitigate?
Familiar Modern
Company owned and tightly managed devices Bring your own device, varied management
9. “Commercial based antivirus and security products are designed for and focus on
protecting you from prevalent classes of in the wild threats coming from criminals, thugs
and digital mobsters (and it's a constant battle). It is not designed to protect you from
the digital equivalent of Seal Team Six. So if you're the guy that finds himself in the
crosshairs… you're not safe.”
-- F-Secure “News from the Lab”, May 30, 2012
A Lockheed Martin official said the firm is “spending more time helping deal with attacks
on the supply chain” of partners, subcontractors and suppliers than dealing with attacks
directly against the company. “For now, our defenses are strong enough to counter the
threat, and many attackers know that, so they go after suppliers. But of course they are
always trying to develop new ways to attack.”
-- Washington Post “Confidential report lists U.S. weapons system designs compromised
by Chinese cyberspies”, May 27, 2013
“When discussing the importance of information security we’ve probably
heard excuses such as “we’re too small to be a target” or “we don’t have
anything of value”, but if there is anything this report can teach us, is that
breaches can and do occur in organizations of all sizes and across a large
number of industries.”
-- TechRepublic speaking on the 2013 edition of Verizon’s Data Breach
Investigations Report (DBIR).
10. Windows 8 and 8.1Security Capabilities
First Class Biometric Experience
Multifactor Authentication for BYOD
Trustworthy Identities and Devices
Provable PC Health
Improved Windows Defender
Improved Internet Explorer
Pervasive Device Encryption
Selective Wipe of Corp Data
UEFI Modern Biometric Readers TPM
12. Key Improvements in Trustworthy Hardware
The Opportunity
• Improve security for Consumer and BYOD
• Leverage TPM in new way to address modern threats
History in Windows
• TPM is currently optional component in most devices
• Pervasive on commercial devices, and most tablets
Our Goal in Windows 8.1
• Drive adoption of InstantGo architecture with OEM’s
• Work with Intel to make PTT pervasive on all proc’s
• Add TPM requirement to 2015 Windows cert reqs
• Secure approval in regions such as Russia and China
What is UEFI?
• A modern replacement for traditional BIOS
• A Windows Certification Requirement (UEFI 2.3.1)
Key Benefits
• architecture-independent
• initializes device and enables operation (e.g.; mouse, apps)
Key Security Benefits:
• Secure Boot - Supported by Windows 8, Linux, …
• Encrypted Drive support for BitLocker
• Network unlock support for BitLocker
18. Key Improvements for Protecting Sensitive Data
Remote Business Data Removal is a platform feature
that:
• protects corporate data using Encrypting File System (EFS)
• enables IT to revoke access to corp data on managed and
unmanaged devices
• requires application support.
• Current applications that support RBDR:
• Mail
• WorkFolders
Data protection (FDE) is now considered a
fundamental OS feature
• Device Encryption included in all editions of Windows
• Prevents unauthorized access on lost or stolen devices
• enabled out of the box
• requires devices with InstantGo technology
• built on BitLocker tech; commercial grade protection
BitLocker
• provides additional configuration options and
management capabilities that are attractive to enterprises
• easy to deploy and available in Pro and Enterprise editions
• enterprise management available with MBAM
19. Windows 8 and 8.1 Security Capabilities
First Class Biometric Experience
Multifactor Authentication for BYOD
Trustworthy Identities and Devices
Provable PC Health
Improved Windows Defender
Improved Internet Explorer
Pervasive Device Encryption
Selective Wipe of Corp Data
UEFI Modern Biometric Readers TPM
Hinweis der Redaktion
The reviews and feedback Windows 8 security have been great and we’ve received many accolades
We have achieved many of our goals that we set out to achieve particularly in area of Malware Resistance
Take a look at how much more secure you are on Windows 8 vs 7 and XP
Windows XP is 21 times more likely to be infected by malware than Window 8
Windows 7 is 6 times more likely to be infected by malware than Window 8
We can conclude that these great numbers were direct result of technologies like UEFI, Trusted Boot, ASLR, DEP, SmartScreen just to name a few
For customers who are wondering about the Vista numbers which are better than 7 our answer is that there was a very limited sample due to share, attackers aren’t targeting the platform, and because of this the numbers are skewed.
As we worked on developing Windows 7 and increasingly so on 8 we began to see strong evidence that the likelihood of a organization being hacked had become more likely than not
The statistics prove it. For instance the Verizon data breach report where surveyed customers provide information about the data breaches within their organizations had 60+% of the respondents admitting that they had been hacked.
How many customers didn’t admit it or simply didn’t know? Hard to say…
Regardless the numbers are high enough that we have come to believe that there are customers who realize they’ve been hacked and there are those that simply haven’t realized it yet.
We’ve been talking about familiar threats forever now and with each version of Windows we’ve improved our capabilities to combat them
But we’re starting to see that as Windows defenses becomes increasingly strong that new avenues of attack are being pursued and
With it we foresee an entire new class of new attacks that will feel new and quite modern
So lets compare and contrast the familiar vs the modern
We’re all familiar with script kiddies and cybercrime but now were facing cyber espionage and warfare
We’re all familiar with cyber criminals and thugs but now we’re talking about teams of full time hacker possible being funded by nation states
We’re all familiar with software solutions to solve every security problem but now we’re facing threats where only hardware rooted trust is up to the task
We’ve protected the perimeter to keep bad guys out but now they are getting in so you need to assume breach and proytect at all levels
We’re familiar with attacks on big well known companies but now small businesses are in the crosshairs
We used to own and tighly control all of the devices but now BYOD is going beyond mobile phones
And finally we’re all familiar with hoping we don’t get hacked but the reality is that you will and it all comes down to how well you were able to limit your losses
Here on this slide we have some great quote to help the points just made sink in
The first quote here is from F-Secure in response to the Flame virus. They feel, and we agree, that the software that companies having been using to protect themselves isn’t good enough to protect them against the modern attacker who often times is the digital equivalent to Seal Team Six. Think about that. How do you defend against that kind of talent and backing behind it?
The second quote is from the 2013 Verizon Data Breach report and in they show us that businesses of all sizes are being attacked. If you think your too small your wrong. If you’ve ever swiped a credit card, which is almost every business, your going to be target as there is a prolific black market to sell they credit card data. If you’re not worried about that think about what happens when the passwords from an another ecommerce site are hacked and now hackers have the passwords to your users accounts since more times than users use the same password everywhere they go.
The third quote is from Lockheed and in it they’re telling us that they’re spending as much to protect their vendors, suppliers, contractors, etc as they are on protecting their own assets. Think about that for a minute. Why are they doing this? That’s because they know that if your doing biz with them, even if it’s making nuts and bolts, you’re going to be targeted as possibly they get to you through them.