AppLocker, Windows Information Protection, Device Guard, WDAG - there are many ways to secure Windows 10. Not all ways are compatible with enterprise requirements. In the session, we look at what we are able to do and discuss experiences from the field around what works well and what doesn’t. In addition, we check how Configuration Manager can support us.
https://youtu.be/zqUwgLDmCqY
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Best practices to secure Windows10 with already included features
1.
2. Alexander Benoit
Senior Consultant / Head of Competence Center Microsoft
„Future Workplace“, Security
SCCM, Intune, Windows 10, Defender Framework,…
Alexander.Benoit@sepago.de
@ITPirate
http://it-pirate.com/
8. Good to
know
Exploit:
Computercode that takes advantage of a vulnerability in a software system.
Payload:
Payloads carry the functionality for the greater access into the target.
13. • The Windows Defender SmartScreen provides an early warning system to notify users of suspicious
websites that could be engaging in phishing attacks or distributing malware through a socially
engineered attack.
• Windows Defender SmartScreen is one of the multiple layers of defense in the anti-phishing and
malware protection strategies
Check
downloaded
files Windows Defender
Cloud Protection
Click!
Attacker
Generate new
malware file
Send file
metadata
Evaluate
metadata
Verdict: Malware – Block!
Malware Block!
Including Machine Learning,
proximity, lookup heuristics
Command & Control
User
15. • Windows Defender Application Guard protects the device from advanced attacks launched against
Microsoft Edge.
• Malware and vulnerability exploits targeting the browser, including zero days, are unable to impact the
operating system, apps, data and network.
• Application Guard uses virtualization based security to hardware to isolate Microsoft Edge and any
browsing activity away from the rest of the system.
• Closing Microsoft Edge wipes all traces of attacks that may been encountered while online.
Call
managed
and
unmanaged
homepages
21. • User Account Control (UAC) helps prevent malware from damaging PCs and
helps organizations deploy a better-managed desktop.
• Apps and tasks always run in the security context of a standard user account,
unless an administrator specifically authorizes elevated access to the system
Protect
clients from
unwanted
software
22. Device Guard Kernel Mode Code Integrity
• Protects kernel mode processes and drivers from “zero day” attacks and vulnerabilities by
using HVCI.
• Drivers will must signed.
Device Guard User Mode Code Integrity
• Enterprise-grade application white-listing that achieves PC lockdown for enterprise that runs only
trusted apps.
• Untrusted apps and executables, such as malware, are unable to run.
driver and
application
white-listing
28. • Full drive encryption solution provided natively with Windows 10 Professional and Enterprise
• Used to protect the operating system drive, secondary data drives and removable devices
• System Center Configuration Manager, MDT and Intune can be used to deploy BitLocker
Overview
29. Overview
• Credential Guard isolates secrets that previous versions of Windows stored in the Local Security
Authority (LSA) by using virtualization-based security.
• The LSA process in the operating system talks to the isolated LSA by using remote procedure calls.
• Data stored by using VBS is not accessible to the rest of the operating system.
Windows 10 Enterprise x64 Edition
UEFI 2.3.1 or higher firmware and Secure Boot
TPM 2.0 (Note: TPM 1.2 can be used but is not recommended)
Virtualization capable hardware