Se ha denunciado esta presentación.
Se está descargando tu SlideShare. ×

Best practices to secure Windows10 with already included features

Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Cargando en…3
×

Eche un vistazo a continuación

1 de 32 Anuncio

Best practices to secure Windows10 with already included features

Descargar para leer sin conexión

AppLocker, Windows Information Protection, Device Guard, WDAG - there are many ways to secure Windows 10. Not all ways are compatible with enterprise requirements. In the session, we look at what we are able to do and discuss experiences from the field around what works well and what doesn’t. In addition, we check how Configuration Manager can support us.
https://youtu.be/zqUwgLDmCqY

AppLocker, Windows Information Protection, Device Guard, WDAG - there are many ways to secure Windows 10. Not all ways are compatible with enterprise requirements. In the session, we look at what we are able to do and discuss experiences from the field around what works well and what doesn’t. In addition, we check how Configuration Manager can support us.
https://youtu.be/zqUwgLDmCqY

Anuncio
Anuncio

Más Contenido Relacionado

Presentaciones para usted (20)

Similares a Best practices to secure Windows10 with already included features (20)

Anuncio

Más reciente (20)

Best practices to secure Windows10 with already included features

  1. 1. Alexander Benoit Senior Consultant / Head of Competence Center Microsoft „Future Workplace“, Security SCCM, Intune, Windows 10, Defender Framework,… Alexander.Benoit@sepago.de @ITPirate http://it-pirate.com/
  2. 2. We have a firewall We can‘t get hacked!
  3. 3. The threat landscape No-brainers to secure Windows 10 Latest & greatest mitigation features in Windows 10
  4. 4. The discussion is always about tools!
  5. 5. Phishing Keylogger Ransomware Spyware Worm Compromised accounts
  6. 6. How to secure Windows 10 ?
  7. 7. Good to know Exploit: Computercode that takes advantage of a vulnerability in a software system. Payload: Payloads carry the functionality for the greater access into the target.
  8. 8. Attack PayloadExploit Common way‘s to share payloads: • Fake Hyperlink • PowerPoint Macro • as „JPG“ File
  9. 9. Create Metasploit payload and configure listener port and host IP.
  10. 10. Hide payload behind fake link
  11. 11. Block at first sight support in Microsoft Edge
  12. 12. • The Windows Defender SmartScreen provides an early warning system to notify users of suspicious websites that could be engaging in phishing attacks or distributing malware through a socially engineered attack. • Windows Defender SmartScreen is one of the multiple layers of defense in the anti-phishing and malware protection strategies Check downloaded files Windows Defender Cloud Protection Click! Attacker Generate new malware file Send file metadata Evaluate metadata Verdict: Malware – Block! Malware Block! Including Machine Learning, proximity, lookup heuristics Command & Control User
  13. 13. Call managed and unmanaged homepages
  14. 14. • Windows Defender Application Guard protects the device from advanced attacks launched against Microsoft Edge. • Malware and vulnerability exploits targeting the browser, including zero days, are unable to impact the operating system, apps, data and network. • Application Guard uses virtualization based security to hardware to isolate Microsoft Edge and any browsing activity away from the rest of the system. • Closing Microsoft Edge wipes all traces of attacks that may been encountered while online. Call managed and unmanaged homepages
  15. 15. Call managed and unmanaged homepages
  16. 16. Call managed and unmanaged homepages
  17. 17. Call managed and unmanaged homepages
  18. 18. Hide payload behind fake “jpg”
  19. 19. Run hidden payload and establish connection
  20. 20. • User Account Control (UAC) helps prevent malware from damaging PCs and helps organizations deploy a better-managed desktop. • Apps and tasks always run in the security context of a standard user account, unless an administrator specifically authorizes elevated access to the system Protect clients from unwanted software
  21. 21. Device Guard Kernel Mode Code Integrity • Protects kernel mode processes and drivers from “zero day” attacks and vulnerabilities by using HVCI. • Drivers will must signed. Device Guard User Mode Code Integrity • Enterprise-grade application white-listing that achieves PC lockdown for enterprise that runs only trusted apps. • Untrusted apps and executables, such as malware, are unable to run. driver and application white-listing
  22. 22. driver and application white-listing
  23. 23. Compromise the client
  24. 24. stops the attacker from manipulating processes • Windows Defender Exploit Guard helps you audit, configure, and manage Windows system and application exploit mitigations . • In addition Exploit Guard delivers a new class of capabilities for intrusion prevention. While it provides legacy app protections including: • Arbitrary Code Guard • Block Low Integrity Images • Block Remote Images • Block Untrusted Fonts • Code Integrity Guard • Disable Win32k system calls • Validate Stack Integrity • Do Not Allow Child Processes • Export Address Filtering • Import Address Filtering • Simulate Execution • Validate API Invocation (CallerCheck) • Validate Image Dependency Integrity
  25. 25. Secure Windows 10 – No Brainers
  26. 26. Vulnerabilities are increasing while evidence of actual exploits is decreasing due to mitigation investments
  27. 27. • Full drive encryption solution provided natively with Windows 10 Professional and Enterprise • Used to protect the operating system drive, secondary data drives and removable devices • System Center Configuration Manager, MDT and Intune can be used to deploy BitLocker Overview
  28. 28. Overview • Credential Guard isolates secrets that previous versions of Windows stored in the Local Security Authority (LSA) by using virtualization-based security. • The LSA process in the operating system talks to the isolated LSA by using remote procedure calls. • Data stored by using VBS is not accessible to the rest of the operating system.
  29. 29. Breach detection investigation & response Device protection Identity protection Information protection Threat resistance
  30. 30. Educate your users!
  31. 31. https://aka.ms/ignite.mobileapp https://myignite.microsoft.com/evaluations

Notas del editor

  • Big day for me first session at Ignite
  • Quick checklist – you have them enabled …
  • DIVERSE !
    Compromised accounts
    Drive-by download sites
    Malicious websites
    Ransomware

    Deliver Code
    Elevate (Everybody is local admin)
    Code Injection
    Malicisous Actions
    Malware
    Phishing


  • So you‘ll probably ask yourself…
    What we are going to do today..
    Remember when I said this is my first session at Ignite. Probalbly my last..
  • Remember when I said this is my first Ignite Session
  • SmartScreen was introduced in Internet Explorer 11.
  • Kein SSO
  • Stay current! Analysis: High-level vulnerability & exploit trends
  • Windows 10 Enterprise x64 Edition
    UEFI 2.3.1 or higher firmware and Secure Boot
    TPM 2.0 (Note: TPM 1.2 can be used but is not recommended)
    Virtualization capable hardware

×