SlideShare ist ein Scribd-Unternehmen logo

Hackcon 2017

Olav Tvedt
Olav Tvedt

Presentation from Hackcon #12, 2017. Windows Security, Device Guard, Credential Guard

Technologie
1 von 45
Downloaden Sie, um offline zu lesen
Protecting your critical systems from new and unknown malware, 0-days, and APT
WE DRIVE BUSINESS EVOLUTION FORWARD The ONE solution https://en.wikipedia.org/wiki/Snake_oil
WE DRIVE BUSINESS EVOLUTION FORWARD Modern Users
WE DRIVE BUSINESS EVOLUTION FORWARD Last Weeks Customer Incident
WE DRIVE BUSINESS EVOLUTION FORWARD Luck vs Solution Luck - Honesty - No Judgment - Response time Bad Luck - (Just about)Only local Admin user - User permission Mitigation - Monitoring (ATA) - User Training - Procedures, monitoring and alerts (ATP/ATA)
WE DRIVE BUSINESS EVOLUTION FORWARD Affected Client Bad Luck • USB Backup Disk • Local Admin (Exception) Mitigation • Azure Backup • LAPS • Local Administrator Password Solution • Device Guard https://www.microsoft.com/en-us/download/details.aspx?id=46899
WE DRIVE BUSINESS EVOLUTION FORWARD WHY!!!
WE DRIVE BUSINESS EVOLUTION FORWARD Man vs Machine
WE DRIVE BUSINESS EVOLUTION FORWARD Old School Security o User Education o Traditional best practices o Avoid Exceptions o Etc. Think!!!
WE DRIVE BUSINESS EVOLUTION FORWARD Windows Security History November 2006August 2004 https://en.wikipedia.org/wiki/Timeline_of_Microsoft_Windows
WE DRIVE BUSINESS EVOLUTION FORWARD Windows Vista UAC: • Stopped more than 50% of 2000 backdoors, keyloggers, rootkits, mass mailers, trojan horses, spyware, adware, and various others directly • Less then 5% survived UAV during reboot http://us.norton.com/support/premium_services/malware_removal_guide.pdf
WE DRIVE BUSINESS EVOLUTION FORWARD The Windows 10 Defense Stack PROTECT, DETECT & RESPOND PRE-BREACH POST-BREACH Windows Defender ATP Breach detection investigation & response Device protection Device Health attestation Device Guard Device Control Security policies Information protection Device protection / Drive encryption Enterprise Data Protection Conditional access Threat resistance SmartScreen AppLocker Device Guard Windows Defender Network/Firewall Built-in 2FA Account lockdown Credential Guard Microsoft Passport Windows Hello ;) Identity protection Breach detection investigation & response Device protection Information protection Threat resistance Conditional Access Windows Defender ATP Device integrity Device control BitLocker and BitLocker to Go Windows Information Protection SmartScreen Windows Firewall Microsoft Edge Device Guard Windows Defender Windows Hello ;) Credential Guard Identity protection
WE DRIVE BUSINESS EVOLUTION FORWARD POST-BREACHPRE-BREACH Breach detection investigation & response Device protection Identity protection Information protection Threat resistance Windows 10 Security on Legacy or Modern Devices (Upgraded from Windows 7 or 32-bit Windows 8)
WE DRIVE BUSINESS EVOLUTION FORWARD Dynamic Lock / Goodbye
WE DRIVE BUSINESS EVOLUTION FORWARD Hello (Word) For business 10 Print «Hello World!» 20 Goto 10 Run
WE DRIVE BUSINESS EVOLUTION FORWARD Hello For Business https://technet.microsoft.com/en-us/itpro/windows/keep-secure/hello-identity-verification
WE DRIVE BUSINESS EVOLUTION FORWARD Secure Boot / Bitlocker / BIOS -> UEFI https://msdn.microsoft.com/en-us/windows/hardware/commercialize/manufacture/desktop/secure-boot-overview
Show & Tell
WE DRIVE BUSINESS EVOLUTION FORWARD
The Guards
WE DRIVE BUSINESS EVOLUTION FORWARD VIRTUALIZATION BASED SECURITY Kernel Windows Platform Services Apps Kernel SystemContainer Trustlet#1 Trustlet#2 Trustlet#3 Hypervisor Device Hardware Windows Operating System Hyper-VHyper-V
WE DRIVE BUSINESS EVOLUTION FORWARD Device guard in vbs environment decisive mitigation Kernel Windows Platform Services Apps Kernel SystemContainer DEVICE GUARD Trustlet#2 Trustlet#3 Hypervisor Device Hardware Windows Operating System Hyper-VHyper-V
WE DRIVE BUSINESS EVOLUTION FORWARD Credential Guard Not currently supported on Windows Server2016
WE DRIVE BUSINESS EVOLUTION FORWARD
WE DRIVE BUSINESS EVOLUTION FORWARD
WE DRIVE BUSINESS EVOLUTION FORWARD Device Guard KMCI – Kernel Mode Code Integrity UMCI – User Mode Code Integrity Whitelist ◦ Applications / Apps ◦ Utilities ◦ Drivers Audit / Enforce Lock Policy https://technet.microsoft.com/itpro/windows/keep-secure/device-guard-deployment-guide
WE DRIVE BUSINESS EVOLUTION FORWARD Drivers https://msdn.microsoft.com/en-us/windows/hardware/drivers/dashboard/windows-certified-products-listv
WE DRIVE BUSINESS EVOLUTION FORWARD Certificates and Views 2 314 831 bytes 888 068 bytes
WE DRIVE BUSINESS EVOLUTION FORWARD Exceptions (Known Threats) • Narrator • Wifi • Blacklist whitelisted • Exploit Monday •https://github.com/mattifestation/DeviceGuardBypassMitigationRules
WE DRIVE BUSINESS EVOLUTION FORWARD Device Guard Getting started • Golden Image • Audit Mode • Failed • Drivers • Policy files • Trial and error • Maintaine NB! Sign the policy https://technet.microsoft.com/itpro/windows/keep-secure/requirements-and-deployment-planning-guidelines-for- device-guard
WE DRIVE BUSINESS EVOLUTION FORWARD Group Policy
WE DRIVE BUSINESS EVOLUTION FORWARD Config Manager https://blogs.technet.microsoft.com/enterprisemobility/2015/10/30/managing-windows-10-device-guard-with- configuration-manager/
WE DRIVE BUSINESS EVOLUTION FORWARD CMD: Powershell Get-ExecutionPolicy Powershell Set-ExecutionPolicy unrestricted -scope process; ./DG_Readiness_Tool_v2.1.ps1 –ready Powershell Get-ExecutionPolicy Powershell: Get-ExecutionPolicy Set-ExecutionPolicy unrestricted -scope process; ./DG_Readiness_Tool_v2.1.ps1 –ready Get-ExecutionPolicy Script -Capable -Enable –CG -Enable -HVCI
WE DRIVE BUSINESS EVOLUTION FORWARD Management • Group Policy • Intune (Comming) • System Center
WE DRIVE BUSINESS EVOLUTION FORWARD New-CIPolicy -FilePath c:MyRulesMyRule.xml -Level PcaCertificate -ScanPath Set-RuleOption -FilePath c:MyRulesMyRule.xml -Option X https://technet.microsoft.com/en-us/itpro/windows/keep-secure/deploy-code-integrity-policies-policy-rules-and-file- rules#code-integrity-policy-rules
WE DRIVE BUSINESS EVOLUTION FORWARD Device Guard Links Basic: https://technet.microsoft.com/en-us/itpro/windows/keep-secure/introduction-to-device-guard-virtualization- based-security-and-code-integrity-policies#how-device-guard-features-help-protect-against-threats https://technet.microsoft.com/itpro/windows/keep-secure/device-guard-deployment-guide https://github.com/iadgov/Secure-Host-Baseline/tree/master/Credential%20Guard http://www.exploit-monday.com/2016/09/introduction-to-windows-device-guard.html Advanced: https://blogs.msdn.microsoft.com/windows_hardware_certification/2015/05/22/driver-compatibility-with-device- guard-in-windows-10/ https://technet.microsoft.com/en-us/library/mt634481.aspx https://www.youtube.com/watch?v=n_fq1WnoQbI https://github.com/mattifestation/DeviceGuardBypassMitigationRules
WE DRIVE BUSINESS EVOLUTION FORWARD Conclusion
WE DRIVE BUSINESS EVOLUTION FORWARD Machine vs Man
Olav Tvedt Senior Principal Architect Lumagate A/S Blog: olavtvedt.blogspot.com Twitter: OlavTwitt Epost: Olav.Tvedt@Lumagate.com Cloud and Datacenter Management Windows and Devices for IT 31. Mai – www.mvpdagen.no

Empfohlen

Vsm 7 8_sasd
Vsm 7 8_sasdVsm 7 8_sasd
Vsm 7 8_sasdDaniel Da Silva Gattai
 
инструкции и утилиты для удаления остатков антивирусных программ
инструкции и утилиты для удаления остатков антивирусных программинструкции и утилиты для удаления остатков антивирусных программ
инструкции и утилиты для удаления остатков антивирусных программbelhonka
 
شهادات تاهلية1
شهادات تاهلية1شهادات تاهلية1
شهادات تاهلية1Salem Salem
 
MTUG - På tide med litt oversikt og kontroll?
MTUG - På tide med litt oversikt og kontroll?MTUG - På tide med litt oversikt og kontroll?
MTUG - På tide med litt oversikt og kontroll?Olav Tvedt
 
ALSO Roadshow - Azure and EMS presentation
ALSO Roadshow - Azure and EMS presentation ALSO Roadshow - Azure and EMS presentation
ALSO Roadshow - Azure and EMS presentation Olav Tvedt
 
OSB120 Beat Ransomware
OSB120 Beat RansomwareOSB120 Beat Ransomware
OSB120 Beat RansomwareIvanti
 
1.3. (In)security Software
1.3. (In)security Software1.3. (In)security Software
1.3. (In)security Softwaredefconmoscow
 
Magento Application Security [EN]
Magento Application Security [EN]Magento Application Security [EN]
Magento Application Security [EN]Anna Völkl
 

Empfohlen

Vsm 7 8_sasd
Vsm 7 8_sasdVsm 7 8_sasd
Vsm 7 8_sasdDaniel Da Silva Gattai
 
инструкции и утилиты для удаления остатков антивирусных программ
инструкции и утилиты для удаления остатков антивирусных программинструкции и утилиты для удаления остатков антивирусных программ
инструкции и утилиты для удаления остатков антивирусных программbelhonka
 
شهادات تاهلية1
شهادات تاهلية1شهادات تاهلية1
شهادات تاهلية1Salem Salem
 
MTUG - På tide med litt oversikt og kontroll?
MTUG - På tide med litt oversikt og kontroll?MTUG - På tide med litt oversikt og kontroll?
MTUG - På tide med litt oversikt og kontroll?Olav Tvedt
 
ALSO Roadshow - Azure and EMS presentation
ALSO Roadshow - Azure and EMS presentation ALSO Roadshow - Azure and EMS presentation
ALSO Roadshow - Azure and EMS presentation Olav Tvedt
 
OSB120 Beat Ransomware
OSB120 Beat RansomwareOSB120 Beat Ransomware
OSB120 Beat RansomwareIvanti
 
1.3. (In)security Software
1.3. (In)security Software1.3. (In)security Software
1.3. (In)security Softwaredefconmoscow
 
Magento Application Security [EN]
Magento Application Security [EN]Magento Application Security [EN]
Magento Application Security [EN]Anna Völkl
 
Managing Storage in Virtualized Environments: Fighting Bottlenecks Hotspots a...
Managing Storage in Virtualized Environments: Fighting Bottlenecks Hotspots a...Managing Storage in Virtualized Environments: Fighting Bottlenecks Hotspots a...
Managing Storage in Virtualized Environments: Fighting Bottlenecks Hotspots a...SolarWinds
 
Agentless System Crawler - InterConnect 2016
Agentless System Crawler - InterConnect 2016Agentless System Crawler - InterConnect 2016
Agentless System Crawler - InterConnect 2016Canturk Isci
 
Best free tools for w d a
Best free tools for w d aBest free tools for w d a
Best free tools for w d aConcentrated Technology
 
Best free tools for win database admin
Best free tools for win database adminBest free tools for win database admin
Best free tools for win database adminConcentrated Technology
 
Care and Feeding of Healthy Computers
Care and Feeding of Healthy ComputersCare and Feeding of Healthy Computers
Care and Feeding of Healthy ComputersLorens Tech Solutions
 
VMworld 2014: ESXi Hypervisor Security
VMworld 2014: ESXi Hypervisor SecurityVMworld 2014: ESXi Hypervisor Security
VMworld 2014: ESXi Hypervisor SecurityVMworld
 
QH-v22.pdf
QH-v22.pdfQH-v22.pdf
QH-v22.pdfQUICK HEAL TECHNOLOGIES LIMITED
 
[RHFSeoul2017]6 Steps to Transform Enterprise Applications
[RHFSeoul2017]6 Steps to Transform Enterprise Applications[RHFSeoul2017]6 Steps to Transform Enterprise Applications
[RHFSeoul2017]6 Steps to Transform Enterprise ApplicationsDaniel Oh
 
System hardening - OS and Application
System hardening - OS and ApplicationSystem hardening - OS and Application
System hardening - OS and Applicationedavid2685
 
ppt_rs.jpg
ppt_rs.jpgppt_rs.jpg
ppt_rs.jpgwebhostingguy
 
Sec devops 2.0 managing your robot army - final
Sec devops 2.0 managing your robot army - finalSec devops 2.0 managing your robot army - final
Sec devops 2.0 managing your robot army - finalJosh Bregman
 
DR Planning and Testing
DR Planning and TestingDR Planning and Testing
DR Planning and TestingJason Dea
 
SecDevOps 2.0 - Managing Your Robot Army
SecDevOps 2.0 - Managing Your Robot ArmySecDevOps 2.0 - Managing Your Robot Army
SecDevOps 2.0 - Managing Your Robot Armyconjur_inc
 
Citrix XenMobile and ShareFile Performance - 5 Steps for a Better BYOD Experi...
Citrix XenMobile and ShareFile Performance - 5 Steps for a Better BYOD Experi...Citrix XenMobile and ShareFile Performance - 5 Steps for a Better BYOD Experi...
Citrix XenMobile and ShareFile Performance - 5 Steps for a Better BYOD Experi...eG Innovations
 
Bootkits step by-step-slides-final-v1-release
Bootkits step by-step-slides-final-v1-releaseBootkits step by-step-slides-final-v1-release
Bootkits step by-step-slides-final-v1-releaseEric Koeppen
 
Disaster Planning Backup, Backup, Backup
Disaster Planning Backup, Backup, BackupDisaster Planning Backup, Backup, Backup
Disaster Planning Backup, Backup, BackupTechSoup
 
EBS in an hour: Build a Vision instance - FAST - in Oracle Virtualbox
EBS in an hour: Build a Vision instance - FAST - in Oracle VirtualboxEBS in an hour: Build a Vision instance - FAST - in Oracle Virtualbox
EBS in an hour: Build a Vision instance - FAST - in Oracle Virtualboxjpiwowar
 
Presentazione SimpliVity @ VMUGIT UserCon 2015
Presentazione SimpliVity @ VMUGIT UserCon 2015Presentazione SimpliVity @ VMUGIT UserCon 2015
Presentazione SimpliVity @ VMUGIT UserCon 2015VMUG IT
 
KTC Profile-august
KTC Profile-augustKTC Profile-august
KTC Profile-augustKTC Host
 
Free tools for win server administration
Free tools for win server administrationFree tools for win server administration
Free tools for win server administrationConcentrated Technology
 
MVP Dagen 2021 - Money for nothing
MVP Dagen 2021 - Money for nothingMVP Dagen 2021 - Money for nothing
MVP Dagen 2021 - Money for nothingOlav Tvedt
 
Brk30010 - With so many different ways to secure data across the Office 365 p...
Brk30010 - With so many different ways to secure data across the Office 365 p...Brk30010 - With so many different ways to secure data across the Office 365 p...
Brk30010 - With so many different ways to secure data across the Office 365 p...Olav Tvedt
 

Weitere ähnliche Inhalte

Ähnlich wie Hackcon 2017

Managing Storage in Virtualized Environments: Fighting Bottlenecks Hotspots a...
Managing Storage in Virtualized Environments: Fighting Bottlenecks Hotspots a...Managing Storage in Virtualized Environments: Fighting Bottlenecks Hotspots a...
Managing Storage in Virtualized Environments: Fighting Bottlenecks Hotspots a...SolarWinds
 
Agentless System Crawler - InterConnect 2016
Agentless System Crawler - InterConnect 2016Agentless System Crawler - InterConnect 2016
Agentless System Crawler - InterConnect 2016Canturk Isci
 
Care and Feeding of Healthy Computers
Care and Feeding of Healthy ComputersCare and Feeding of Healthy Computers
Care and Feeding of Healthy ComputersLorens Tech Solutions
 
VMworld 2014: ESXi Hypervisor Security
VMworld 2014: ESXi Hypervisor SecurityVMworld 2014: ESXi Hypervisor Security
VMworld 2014: ESXi Hypervisor SecurityVMworld
 
[RHFSeoul2017]6 Steps to Transform Enterprise Applications
[RHFSeoul2017]6 Steps to Transform Enterprise Applications[RHFSeoul2017]6 Steps to Transform Enterprise Applications
[RHFSeoul2017]6 Steps to Transform Enterprise ApplicationsDaniel Oh
 
System hardening - OS and Application
System hardening - OS and ApplicationSystem hardening - OS and Application
System hardening - OS and Applicationedavid2685
 
Sec devops 2.0 managing your robot army - final
Sec devops 2.0 managing your robot army - finalSec devops 2.0 managing your robot army - final
Sec devops 2.0 managing your robot army - finalJosh Bregman
 
DR Planning and Testing
DR Planning and TestingDR Planning and Testing
DR Planning and TestingJason Dea
 
SecDevOps 2.0 - Managing Your Robot Army
SecDevOps 2.0 - Managing Your Robot ArmySecDevOps 2.0 - Managing Your Robot Army
SecDevOps 2.0 - Managing Your Robot Armyconjur_inc
 
Citrix XenMobile and ShareFile Performance - 5 Steps for a Better BYOD Experi...
Citrix XenMobile and ShareFile Performance - 5 Steps for a Better BYOD Experi...Citrix XenMobile and ShareFile Performance - 5 Steps for a Better BYOD Experi...
Citrix XenMobile and ShareFile Performance - 5 Steps for a Better BYOD Experi...eG Innovations
 
Bootkits step by-step-slides-final-v1-release
Bootkits step by-step-slides-final-v1-releaseBootkits step by-step-slides-final-v1-release
Bootkits step by-step-slides-final-v1-releaseEric Koeppen
 
Disaster Planning Backup, Backup, Backup
Disaster Planning Backup, Backup, BackupDisaster Planning Backup, Backup, Backup
Disaster Planning Backup, Backup, BackupTechSoup
 
EBS in an hour: Build a Vision instance - FAST - in Oracle Virtualbox
EBS in an hour: Build a Vision instance - FAST - in Oracle VirtualboxEBS in an hour: Build a Vision instance - FAST - in Oracle Virtualbox
EBS in an hour: Build a Vision instance - FAST - in Oracle Virtualboxjpiwowar
 
Presentazione SimpliVity @ VMUGIT UserCon 2015
Presentazione SimpliVity @ VMUGIT UserCon 2015Presentazione SimpliVity @ VMUGIT UserCon 2015
Presentazione SimpliVity @ VMUGIT UserCon 2015VMUG IT
 
KTC Profile-august
KTC Profile-augustKTC Profile-august
KTC Profile-augustKTC Host
 
Free tools for win server administration
Free tools for win server administrationFree tools for win server administration
Free tools for win server administrationConcentrated Technology
 

Ähnlich wie Hackcon 2017 (20)

Managing Storage in Virtualized Environments: Fighting Bottlenecks Hotspots a...
Managing Storage in Virtualized Environments: Fighting Bottlenecks Hotspots a...Managing Storage in Virtualized Environments: Fighting Bottlenecks Hotspots a...
Managing Storage in Virtualized Environments: Fighting Bottlenecks Hotspots a...
 
Agentless System Crawler - InterConnect 2016
Agentless System Crawler - InterConnect 2016Agentless System Crawler - InterConnect 2016
Agentless System Crawler - InterConnect 2016
 
Best free tools for w d a
Best free tools for w d aBest free tools for w d a
Best free tools for w d a
 
Best free tools for win database admin
Best free tools for win database adminBest free tools for win database admin
Best free tools for win database admin
 
Care and Feeding of Healthy Computers
Care and Feeding of Healthy ComputersCare and Feeding of Healthy Computers
Care and Feeding of Healthy Computers
 
VMworld 2014: ESXi Hypervisor Security
VMworld 2014: ESXi Hypervisor SecurityVMworld 2014: ESXi Hypervisor Security
VMworld 2014: ESXi Hypervisor Security
 
QH-v22.pdf
QH-v22.pdfQH-v22.pdf
QH-v22.pdf
 
[RHFSeoul2017]6 Steps to Transform Enterprise Applications
[RHFSeoul2017]6 Steps to Transform Enterprise Applications[RHFSeoul2017]6 Steps to Transform Enterprise Applications
[RHFSeoul2017]6 Steps to Transform Enterprise Applications
 
System hardening - OS and Application
System hardening - OS and ApplicationSystem hardening - OS and Application
System hardening - OS and Application
 
ppt_rs.jpg
ppt_rs.jpgppt_rs.jpg
ppt_rs.jpg
 
Sec devops 2.0 managing your robot army - final
Sec devops 2.0 managing your robot army - finalSec devops 2.0 managing your robot army - final
Sec devops 2.0 managing your robot army - final
 
DR Planning and Testing
DR Planning and TestingDR Planning and Testing
DR Planning and Testing
 
SecDevOps 2.0 - Managing Your Robot Army
SecDevOps 2.0 - Managing Your Robot ArmySecDevOps 2.0 - Managing Your Robot Army
SecDevOps 2.0 - Managing Your Robot Army
 
Citrix XenMobile and ShareFile Performance - 5 Steps for a Better BYOD Experi...
Citrix XenMobile and ShareFile Performance - 5 Steps for a Better BYOD Experi...Citrix XenMobile and ShareFile Performance - 5 Steps for a Better BYOD Experi...
Citrix XenMobile and ShareFile Performance - 5 Steps for a Better BYOD Experi...
 
Bootkits step by-step-slides-final-v1-release
Bootkits step by-step-slides-final-v1-releaseBootkits step by-step-slides-final-v1-release
Bootkits step by-step-slides-final-v1-release
 
Disaster Planning Backup, Backup, Backup
Disaster Planning Backup, Backup, BackupDisaster Planning Backup, Backup, Backup
Disaster Planning Backup, Backup, Backup
 
EBS in an hour: Build a Vision instance - FAST - in Oracle Virtualbox
EBS in an hour: Build a Vision instance - FAST - in Oracle VirtualboxEBS in an hour: Build a Vision instance - FAST - in Oracle Virtualbox
EBS in an hour: Build a Vision instance - FAST - in Oracle Virtualbox
 
Presentazione SimpliVity @ VMUGIT UserCon 2015
Presentazione SimpliVity @ VMUGIT UserCon 2015Presentazione SimpliVity @ VMUGIT UserCon 2015
Presentazione SimpliVity @ VMUGIT UserCon 2015
 
KTC Profile-august
KTC Profile-augustKTC Profile-august
KTC Profile-august
 
Free tools for win server administration
Free tools for win server administrationFree tools for win server administration
Free tools for win server administration
 

Mehr von Olav Tvedt

MVP Dagen 2021 - Money for nothing
MVP Dagen 2021 - Money for nothingMVP Dagen 2021 - Money for nothing
MVP Dagen 2021 - Money for nothingOlav Tvedt
 
Brk30010 - With so many different ways to secure data across the Office 365 p...
Brk30010 - With so many different ways to secure data across the Office 365 p...Brk30010 - With so many different ways to secure data across the Office 365 p...
Brk30010 - With so many different ways to secure data across the Office 365 p...Olav Tvedt
 
SharePoint Conference - Secure the data, not the device
SharePoint Conference - Secure the data, not the deviceSharePoint Conference - Secure the data, not the device
SharePoint Conference - Secure the data, not the deviceOlav Tvedt
 
NIC - Securing one drive and its content
NIC - Securing one drive and its contentNIC - Securing one drive and its content
NIC - Securing one drive and its contentOlav Tvedt
 
NIC - Lets put the business into one drive
NIC - Lets put the business into one driveNIC - Lets put the business into one drive
NIC - Lets put the business into one driveOlav Tvedt
 
Securing the weakest link adding security layers while keeping the use
Securing the weakest link adding security layers while keeping the useSecuring the weakest link adding security layers while keeping the use
Securing the weakest link adding security layers while keeping the useOlav Tvedt
 
The Windows 10 tips you wished you knew last week
The Windows 10 tips you wished you knew last weekThe Windows 10 tips you wished you knew last week
The Windows 10 tips you wished you knew last weekOlav Tvedt
 
What’s new for SMBs in fall creators update
What’s new for SMBs in fall creators updateWhat’s new for SMBs in fall creators update
What’s new for SMBs in fall creators updateOlav Tvedt
 
Let's put the business into onedrive for business
Let's put the business into onedrive for businessLet's put the business into onedrive for business
Let's put the business into onedrive for businessOlav Tvedt
 
Security As A Service
Security As A ServiceSecurity As A Service
Security As A ServiceOlav Tvedt
 
Microsoft Windows 10 Bootcamp - Windows as a service
Microsoft Windows 10 Bootcamp - Windows as a serviceMicrosoft Windows 10 Bootcamp - Windows as a service
Microsoft Windows 10 Bootcamp - Windows as a serviceOlav Tvedt
 
Microsoft Windows 10 Bootcamp - MDT Offline media
Microsoft Windows 10 Bootcamp - MDT Offline mediaMicrosoft Windows 10 Bootcamp - MDT Offline media
Microsoft Windows 10 Bootcamp - MDT Offline mediaOlav Tvedt
 
Microsoft Windows 10 Bootcamp - Active directory
Microsoft Windows 10 Bootcamp - Active directoryMicrosoft Windows 10 Bootcamp - Active directory
Microsoft Windows 10 Bootcamp - Active directoryOlav Tvedt
 
Modern Workplace Summit 2015 - Management
Modern Workplace Summit 2015 - ManagementModern Workplace Summit 2015 - Management
Modern Workplace Summit 2015 - ManagementOlav Tvedt
 
Modern Workplace Summit 2015 - Surface and offline media
Modern Workplace Summit 2015 - Surface and offline mediaModern Workplace Summit 2015 - Surface and offline media
Modern Workplace Summit 2015 - Surface and offline mediaOlav Tvedt
 
#EVRYWhatsNext EMS Slide Deck
#EVRYWhatsNext EMS Slide Deck#EVRYWhatsNext EMS Slide Deck
#EVRYWhatsNext EMS Slide DeckOlav Tvedt
 
Ms @ evry rs june 2015 slidehide
Ms @ evry rs june 2015 slidehideMs @ evry rs june 2015 slidehide
Ms @ evry rs june 2015 slidehideOlav Tvedt
 
Win 10 frokost seminar
Win 10 frokost seminarWin 10 frokost seminar
Win 10 frokost seminarOlav Tvedt
 
Ignite - The 15 minute deploying surface (pro) guide
Ignite - The 15 minute deploying surface (pro) guideIgnite - The 15 minute deploying surface (pro) guide
Ignite - The 15 minute deploying surface (pro) guideOlav Tvedt
 

Mehr von Olav Tvedt (20)

MVP Dagen 2021 - Money for nothing
MVP Dagen 2021 - Money for nothingMVP Dagen 2021 - Money for nothing
MVP Dagen 2021 - Money for nothing
 
Brk30010 - With so many different ways to secure data across the Office 365 p...
Brk30010 - With so many different ways to secure data across the Office 365 p...Brk30010 - With so many different ways to secure data across the Office 365 p...
Brk30010 - With so many different ways to secure data across the Office 365 p...
 
SharePoint Conference - Secure the data, not the device
SharePoint Conference - Secure the data, not the deviceSharePoint Conference - Secure the data, not the device
SharePoint Conference - Secure the data, not the device
 
NIC - Securing one drive and its content
NIC - Securing one drive and its contentNIC - Securing one drive and its content
NIC - Securing one drive and its content
 
NIC - Lets put the business into one drive
NIC - Lets put the business into one driveNIC - Lets put the business into one drive
NIC - Lets put the business into one drive
 
Securing the weakest link adding security layers while keeping the use
Securing the weakest link adding security layers while keeping the useSecuring the weakest link adding security layers while keeping the use
Securing the weakest link adding security layers while keeping the use
 
The Windows 10 tips you wished you knew last week
The Windows 10 tips you wished you knew last weekThe Windows 10 tips you wished you knew last week
The Windows 10 tips you wished you knew last week
 
What’s new for SMBs in fall creators update
What’s new for SMBs in fall creators updateWhat’s new for SMBs in fall creators update
What’s new for SMBs in fall creators update
 
Let's put the business into onedrive for business
Let's put the business into onedrive for businessLet's put the business into onedrive for business
Let's put the business into onedrive for business
 
Security As A Service
Security As A ServiceSecurity As A Service
Security As A Service
 
Bsm mw10
Bsm mw10Bsm mw10
Bsm mw10
 
Microsoft Windows 10 Bootcamp - Windows as a service
Microsoft Windows 10 Bootcamp - Windows as a serviceMicrosoft Windows 10 Bootcamp - Windows as a service
Microsoft Windows 10 Bootcamp - Windows as a service
 
Microsoft Windows 10 Bootcamp - MDT Offline media
Microsoft Windows 10 Bootcamp - MDT Offline mediaMicrosoft Windows 10 Bootcamp - MDT Offline media
Microsoft Windows 10 Bootcamp - MDT Offline media
 
Microsoft Windows 10 Bootcamp - Active directory
Microsoft Windows 10 Bootcamp - Active directoryMicrosoft Windows 10 Bootcamp - Active directory
Microsoft Windows 10 Bootcamp - Active directory
 
Modern Workplace Summit 2015 - Management
Modern Workplace Summit 2015 - ManagementModern Workplace Summit 2015 - Management
Modern Workplace Summit 2015 - Management
 
Modern Workplace Summit 2015 - Surface and offline media
Modern Workplace Summit 2015 - Surface and offline mediaModern Workplace Summit 2015 - Surface and offline media
Modern Workplace Summit 2015 - Surface and offline media
 
#EVRYWhatsNext EMS Slide Deck
#EVRYWhatsNext EMS Slide Deck#EVRYWhatsNext EMS Slide Deck
#EVRYWhatsNext EMS Slide Deck
 
Ms @ evry rs june 2015 slidehide
Ms @ evry rs june 2015 slidehideMs @ evry rs june 2015 slidehide
Ms @ evry rs june 2015 slidehide
 
Win 10 frokost seminar
Win 10 frokost seminarWin 10 frokost seminar
Win 10 frokost seminar
 
Ignite - The 15 minute deploying surface (pro) guide
Ignite - The 15 minute deploying surface (pro) guideIgnite - The 15 minute deploying surface (pro) guide
Ignite - The 15 minute deploying surface (pro) guide
 

Kürzlich hochgeladen

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 

Kürzlich hochgeladen (20)

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 

Hackcon 2017

  • 1. Protecting your critical systems from new and unknown malware, 0-days, and APT
  • 2. WE DRIVE BUSINESS EVOLUTION FORWARD The ONE solution https://en.wikipedia.org/wiki/Snake_oil
  • 3. WE DRIVE BUSINESS EVOLUTION FORWARD Modern Users
  • 4. WE DRIVE BUSINESS EVOLUTION FORWARD Last Weeks Customer Incident
  • 5. WE DRIVE BUSINESS EVOLUTION FORWARD Luck vs Solution Luck - Honesty - No Judgment - Response time Bad Luck - (Just about)Only local Admin user - User permission Mitigation - Monitoring (ATA) - User Training - Procedures, monitoring and alerts (ATP/ATA)
  • 6. WE DRIVE BUSINESS EVOLUTION FORWARD Affected Client Bad Luck • USB Backup Disk • Local Admin (Exception) Mitigation • Azure Backup • LAPS • Local Administrator Password Solution • Device Guard https://www.microsoft.com/en-us/download/details.aspx?id=46899
  • 7. WE DRIVE BUSINESS EVOLUTION FORWARD WHY!!!
  • 8. WE DRIVE BUSINESS EVOLUTION FORWARD Man vs Machine
  • 9. WE DRIVE BUSINESS EVOLUTION FORWARD Old School Security o User Education o Traditional best practices o Avoid Exceptions o Etc. Think!!!
  • 10. WE DRIVE BUSINESS EVOLUTION FORWARD Windows Security History November 2006August 2004 https://en.wikipedia.org/wiki/Timeline_of_Microsoft_Windows
  • 11. WE DRIVE BUSINESS EVOLUTION FORWARD Windows Vista UAC: • Stopped more than 50% of 2000 backdoors, keyloggers, rootkits, mass mailers, trojan horses, spyware, adware, and various others directly • Less then 5% survived UAV during reboot http://us.norton.com/support/premium_services/malware_removal_guide.pdf
  • 12. WE DRIVE BUSINESS EVOLUTION FORWARD The Windows 10 Defense Stack PROTECT, DETECT & RESPOND PRE-BREACH POST-BREACH Windows Defender ATP Breach detection investigation & response Device protection Device Health attestation Device Guard Device Control Security policies Information protection Device protection / Drive encryption Enterprise Data Protection Conditional access Threat resistance SmartScreen AppLocker Device Guard Windows Defender Network/Firewall Built-in 2FA Account lockdown Credential Guard Microsoft Passport Windows Hello ;) Identity protection Breach detection investigation & response Device protection Information protection Threat resistance Conditional Access Windows Defender ATP Device integrity Device control BitLocker and BitLocker to Go Windows Information Protection SmartScreen Windows Firewall Microsoft Edge Device Guard Windows Defender Windows Hello ;) Credential Guard Identity protection
  • 13. WE DRIVE BUSINESS EVOLUTION FORWARD POST-BREACHPRE-BREACH Breach detection investigation & response Device protection Identity protection Information protection Threat resistance Windows 10 Security on Legacy or Modern Devices (Upgraded from Windows 7 or 32-bit Windows 8)
  • 14. WE DRIVE BUSINESS EVOLUTION FORWARD Dynamic Lock / Goodbye
  • 15. WE DRIVE BUSINESS EVOLUTION FORWARD Hello (Word) For business 10 Print «Hello World!» 20 Goto 10 Run
  • 16. WE DRIVE BUSINESS EVOLUTION FORWARD Hello For Business https://technet.microsoft.com/en-us/itpro/windows/keep-secure/hello-identity-verification
  • 17. WE DRIVE BUSINESS EVOLUTION FORWARD Secure Boot / Bitlocker / BIOS -> UEFI https://msdn.microsoft.com/en-us/windows/hardware/commercialize/manufacture/desktop/secure-boot-overview
  • 19. WE DRIVE BUSINESS EVOLUTION FORWARD
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 27. WE DRIVE BUSINESS EVOLUTION FORWARD VIRTUALIZATION BASED SECURITY Kernel Windows Platform Services Apps Kernel SystemContainer Trustlet#1 Trustlet#2 Trustlet#3 Hypervisor Device Hardware Windows Operating System Hyper-VHyper-V
  • 28. WE DRIVE BUSINESS EVOLUTION FORWARD Device guard in vbs environment decisive mitigation Kernel Windows Platform Services Apps Kernel SystemContainer DEVICE GUARD Trustlet#2 Trustlet#3 Hypervisor Device Hardware Windows Operating System Hyper-VHyper-V
  • 29. WE DRIVE BUSINESS EVOLUTION FORWARD Credential Guard Not currently supported on Windows Server2016
  • 30. WE DRIVE BUSINESS EVOLUTION FORWARD
  • 31. WE DRIVE BUSINESS EVOLUTION FORWARD
  • 32. WE DRIVE BUSINESS EVOLUTION FORWARD Device Guard KMCI – Kernel Mode Code Integrity UMCI – User Mode Code Integrity Whitelist ◦ Applications / Apps ◦ Utilities ◦ Drivers Audit / Enforce Lock Policy https://technet.microsoft.com/itpro/windows/keep-secure/device-guard-deployment-guide
  • 33. WE DRIVE BUSINESS EVOLUTION FORWARD Drivers https://msdn.microsoft.com/en-us/windows/hardware/drivers/dashboard/windows-certified-products-listv
  • 34. WE DRIVE BUSINESS EVOLUTION FORWARD Certificates and Views 2 314 831 bytes 888 068 bytes
  • 35. WE DRIVE BUSINESS EVOLUTION FORWARD Exceptions (Known Threats) • Narrator • Wifi • Blacklist whitelisted • Exploit Monday •https://github.com/mattifestation/DeviceGuardBypassMitigationRules
  • 36. WE DRIVE BUSINESS EVOLUTION FORWARD Device Guard Getting started • Golden Image • Audit Mode • Failed • Drivers • Policy files • Trial and error • Maintaine NB! Sign the policy https://technet.microsoft.com/itpro/windows/keep-secure/requirements-and-deployment-planning-guidelines-for- device-guard
  • 37. WE DRIVE BUSINESS EVOLUTION FORWARD Group Policy
  • 38. WE DRIVE BUSINESS EVOLUTION FORWARD Config Manager https://blogs.technet.microsoft.com/enterprisemobility/2015/10/30/managing-windows-10-device-guard-with- configuration-manager/
  • 39. WE DRIVE BUSINESS EVOLUTION FORWARD CMD: Powershell Get-ExecutionPolicy Powershell Set-ExecutionPolicy unrestricted -scope process; ./DG_Readiness_Tool_v2.1.ps1 –ready Powershell Get-ExecutionPolicy Powershell: Get-ExecutionPolicy Set-ExecutionPolicy unrestricted -scope process; ./DG_Readiness_Tool_v2.1.ps1 –ready Get-ExecutionPolicy Script -Capable -Enable –CG -Enable -HVCI
  • 40. WE DRIVE BUSINESS EVOLUTION FORWARD Management • Group Policy • Intune (Comming) • System Center
  • 41. WE DRIVE BUSINESS EVOLUTION FORWARD New-CIPolicy -FilePath c:MyRulesMyRule.xml -Level PcaCertificate -ScanPath Set-RuleOption -FilePath c:MyRulesMyRule.xml -Option X https://technet.microsoft.com/en-us/itpro/windows/keep-secure/deploy-code-integrity-policies-policy-rules-and-file- rules#code-integrity-policy-rules
  • 42. WE DRIVE BUSINESS EVOLUTION FORWARD Device Guard Links Basic: https://technet.microsoft.com/en-us/itpro/windows/keep-secure/introduction-to-device-guard-virtualization- based-security-and-code-integrity-policies#how-device-guard-features-help-protect-against-threats https://technet.microsoft.com/itpro/windows/keep-secure/device-guard-deployment-guide https://github.com/iadgov/Secure-Host-Baseline/tree/master/Credential%20Guard http://www.exploit-monday.com/2016/09/introduction-to-windows-device-guard.html Advanced: https://blogs.msdn.microsoft.com/windows_hardware_certification/2015/05/22/driver-compatibility-with-device- guard-in-windows-10/ https://technet.microsoft.com/en-us/library/mt634481.aspx https://www.youtube.com/watch?v=n_fq1WnoQbI https://github.com/mattifestation/DeviceGuardBypassMitigationRules
  • 43. WE DRIVE BUSINESS EVOLUTION FORWARD Conclusion
  • 44. WE DRIVE BUSINESS EVOLUTION FORWARD Machine vs Man
  • 45. Olav Tvedt Senior Principal Architect Lumagate A/S Blog: olavtvedt.blogspot.com Twitter: OlavTwitt Epost: Olav.Tvedt@Lumagate.com Cloud and Datacenter Management Windows and Devices for IT 31. Mai – www.mvpdagen.no