Windows Accelerate IT Pro Bootcamp: Security (Module 4 of 8)


Published on

We ran the "Windows Accelerate IT Pro Bootcamp" one day hands-on workshop in early June 2014. These eight modules were designed to get IT managers, project managers, sysadmin and devops up to speed with the new Windows 8.1 and Office 2013. The bootcamp focused on how to move off earlier versions of Windows and Office to a modern desktop and tablet platforms with the latest security and mobility technologies.

Keep an eye in our SlideShare feed for all eight modules:

Windows Accelerate IT Pro Bootcamp: Introduction (Module 1 of 8)
Windows Accelerate IT Pro Bootcamp: Platform Delivery (Module 2 of 8)
Windows Accelerate IT Pro Bootcamp: Windows ToGo (Module 3 of 8)
Windows Accelerate IT Pro Bootcamp: Security (Module 4 of 8)
Windows Accelerate IT Pro Bootcamp: UE-V (Module 5 of 8)
Windows Accelerate IT Pro Bootcamp: App-V (Module 6 of 8)
Windows Accelerate IT Pro Bootcamp: Devices (Module 7 of 8)
Windows Accelerate IT Pro Bootcamp: Closing (Module 8 of 8)

For other events (Intergen or Microsoft Community) check our events page at

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • The reviews and feedback Windows 8 security have been great and we’ve received many accolades
    We have achieved many of our goals that we set out to achieve particularly in area of Malware Resistance
    Take a look at how much more secure you are on Windows 8 vs 7 and XP
    Windows XP is 21 times more likely to be infected by malware than Window 8
    Windows 7 is 6 times more likely to be infected by malware than Window 8
    We can conclude that these great numbers were direct result of technologies like UEFI, Trusted Boot, ASLR, DEP, SmartScreen just to name a few

    For customers who are wondering about the Vista numbers which are better than 7 our answer is that there was a very limited sample due to share, attackers aren’t targeting the platform, and because of this the numbers are skewed.
  • As we worked on developing Windows 7 and increasingly so on 8 we began to see strong evidence that the likelihood of a organization being hacked had become more likely than not
    The statistics prove it. For instance the Verizon data breach report where surveyed customers provide information about the data breaches within their organizations had 60+% of the respondents admitting that they had been hacked.
    How many customers didn’t admit it or simply didn’t know? Hard to say…
    Regardless the numbers are high enough that we have come to believe that there are customers who realize they’ve been hacked and there are those that simply haven’t realized it yet.

  • We’ve been talking about familiar threats forever now and with each version of Windows we’ve improved our capabilities to combat them
    But we’re starting to see that as Windows defenses becomes increasingly strong that new avenues of attack are being pursued and
    With it we foresee an entire new class of new attacks that will feel new and quite modern
  • So lets compare and contrast the familiar vs the modern
    We’re all familiar with script kiddies and cybercrime but now were facing cyber espionage and warfare
    We’re all familiar with cyber criminals and thugs but now we’re talking about teams of full time hacker possible being funded by nation states
    We’re all familiar with software solutions to solve every security problem but now we’re facing threats where only hardware rooted trust is up to the task
    We’ve protected the perimeter to keep bad guys out but now they are getting in so you need to assume breach and proytect at all levels
    We’re familiar with attacks on big well known companies but now small businesses are in the crosshairs
    We used to own and tighly control all of the devices but now BYOD is going beyond mobile phones
    And finally we’re all familiar with hoping we don’t get hacked but the reality is that you will and it all comes down to how well you were able to limit your losses

  • Here on this slide we have some great quote to help the points just made sink in
    The first quote here is from F-Secure in response to the Flame virus. They feel, and we agree, that the software that companies having been using to protect themselves isn’t good enough to protect them against the modern attacker who often times is the digital equivalent to Seal Team Six. Think about that. How do you defend against that kind of talent and backing behind it?
    The second quote is from the 2013 Verizon Data Breach report and in they show us that businesses of all sizes are being attacked. If you think your too small your wrong. If you’ve ever swiped a credit card, which is almost every business, your going to be target as there is a prolific black market to sell they credit card data. If you’re not worried about that think about what happens when the passwords from an another ecommerce site are hacked and now hackers have the passwords to your users accounts since more times than users use the same password everywhere they go.
    The third quote is from Lockheed and in it they’re telling us that they’re spending as much to protect their vendors, suppliers, contractors, etc as they are on protecting their own assets. Think about that for a minute. Why are they doing this? That’s because they know that if your doing biz with them, even if it’s making nuts and bolts, you’re going to be targeted as possibly they get to you through them.
  • Windows Accelerate IT Pro Bootcamp: Security (Module 4 of 8)

    1. 1. Chris Hallum Senior Product Manager Windows 8.1 Security Advancements
    2. 2. Key Threats • Passwords under attack • Digital identity theft and misuse • Signatures based AV unable to keep up • Digital signature tampering • Browser plug-in exploits • Data loss on BYOD devices Key Threats • Melissa (1999), Love Letter (2000) • Mainly leveraging social engineering Key Threats • Code Red and Nimda (2001), Blaster (2003), Slammer (2003) • 9/11 • Mainly exploiting buffer overflows • Script kiddies • Time from patch to exploit: Several days to weeks Key Threats • Zotob (2005) • Attacks «moving up the stack» (Summer of Office 0-day) • Rootkits • Exploitation of Buffer Overflows • Script Kiddies • Raise of Phishing • User running as Admin Key Threats • Organized Crime • Botnets • Identity Theft • Conficker (2008) • Time from patch to exploit: days Key Threats • Organized Crime, potential state actors • Sophisticated Targeted Attacks • Operation Aurora (2009) • Stuxnet (2010) Windows 8.1 • Touch Fingerprint Sensors • Improved Biometrics • TPM Key Attestation • Certificate Reputation • Improved Virtual Smartcards • Provable PC Health • Improved Windows Defender • Improved Internet Explorer • Device Encryption (All Editions) • Remote Business Data Removable Windows XP • Logon (Ctrl+Alt+Del) • Access Control • User Profiles • Security Policy • Encrypting File System (File Based) • Smartcard and PKI Support • Windows Update Windows XP SP2 • Address Space Layout Randomization (ASLR) • Data Execution Prevention (DEP) • Security Development Lifecycle (SDL) • Auto Update on by Default • Firewall on by Default • Windows Security Center • WPA Support Windows Vista • Bitlocker • Patchguard • Improved ASLR and DEP • Full SDL • User Account Control • Internet Explorer Smart Screen Filter • Digital Right Management • Firewall improvements • Signed Device Driver Requirements • TPM Support • Windows Integrity Levels • Secure “by default” configuration (Windows features and IE) Windows 7 • Improved ASLR and DEP • Full SDL • Improved IPSec stack • Managed Service Accounts • Improved User Account Control • Enhanced Auditing • Internet Explorer Smart Screen Filter • AppLocker • BitLocker to Go • Windows Biometric Service • Windows Action Center • Windows Defender Windows 8 • UEFI (Secure Boot) • Firmware Based TPM • Trusted Boot (w/ELAM) • Measured Boot and Remote Attestation Support • Significant Improvements to ASLR and DEP • AppContainer • TPM Key Protection • Windows Store • Internet Explorer 10 (Plugin-less and Enhanced Protected Modes) • Application Reputation moved into Core OS • BitLocker: Encrypted Hard Drive and Used Disk Space Only Encryption Support • Virtual Smartcard • Picture Password, PIN • Dynamic Access Control • Built-in Anti-Virus 20132001 2004 2007 2009 2012
    3. 3. Windows 8 Security Capabilities
    4. 4. The largest volume of security investments ever made in a single release of Windows have yielded great results.
    5. 5. Those who realize they’ve been hacked. Those who haven’t yet realized they’ve been hacked.
    6. 6. There are threats that are familiar and those that are modern.
    7. 7. Script Kiddies; Cybercrime Cyber-espionage; Cyber-warfare Cybercriminals State sponsored actions; Unlimited resources Attacks on fortune 500 All sectors and even suppliers getting targeted Software solutions Hardware rooted trust the only way Secure the perimeter Assume breach. Protect at all levels Hoping I don‘t get hacked You will be hacked. Did I successfully mitigate? Familiar Modern Company owned and tightly managed devices Bring your own device, varied management
    8. 8. “Commercial based antivirus and security products are designed for and focus on protecting you from prevalent classes of in the wild threats coming from criminals, thugs and digital mobsters (and it's a constant battle). It is not designed to protect you from the digital equivalent of Seal Team Six. So if you're the guy that finds himself in the crosshairs… you're not safe.” -- F-Secure “News from the Lab”, May 30, 2012 A Lockheed Martin official said the firm is “spending more time helping deal with attacks on the supply chain” of partners, subcontractors and suppliers than dealing with attacks directly against the company. “For now, our defenses are strong enough to counter the threat, and many attackers know that, so they go after suppliers. But of course they are always trying to develop new ways to attack.” -- Washington Post “Confidential report lists U.S. weapons system designs compromised by Chinese cyberspies”, May 27, 2013 “When discussing the importance of information security we’ve probably heard excuses such as “we’re too small to be a target” or “we don’t have anything of value”, but if there is anything this report can teach us, is that breaches can and do occur in organizations of all sizes and across a large number of industries.” -- TechRepublic speaking on the 2013 edition of Verizon’s Data Breach Investigations Report (DBIR).
    9. 9. Windows 8 and 8.1Security Capabilities First Class Biometric Experience Multifactor Authentication for BYOD Trustworthy Identities and Devices Provable PC Health Improved Windows Defender Improved Internet Explorer Pervasive Device Encryption Selective Wipe of Corp Data UEFI Modern Biometric Readers TPM
    10. 10. Universal Extensible Firmware Interface (UEFI) Trusted Platform Module (TPM)
    11. 11. Key Improvements in Trustworthy Hardware The Opportunity • Improve security for Consumer and BYOD • Leverage TPM in new way to address modern threats History in Windows • TPM is currently optional component in most devices • Pervasive on commercial devices, and most tablets Our Goal in Windows 8.1 • Drive adoption of InstantGo architecture with OEM’s • Work with Intel to make PTT pervasive on all proc’s • Add TPM requirement to 2015 Windows cert reqs • Secure approval in regions such as Russia and China What is UEFI? • A modern replacement for traditional BIOS • A Windows Certification Requirement (UEFI 2.3.1) Key Benefits • architecture-independent • initializes device and enables operation (e.g.; mouse, apps) Key Security Benefits: • Secure Boot - Supported by Windows 8, Linux, … • Encrypted Drive support for BitLocker • Network unlock support for BitLocker
    12. 12. Modern Authenticators Trustworthy Identities and Devices Secure Access to Resources
    13. 13. Key Improvements in Modern Access Control
    14. 14. Securing the Code and Core Securing the Boot Securing After the Boot
    15. 15. Key Improvements in Malware Resistance
    16. 16. Pervasive Device Encryption Selective Wipe of Corp Data
    17. 17. Key Improvements for Protecting Sensitive Data Remote Business Data Removal is a platform feature that: • protects corporate data using Encrypting File System (EFS) • enables IT to revoke access to corp data on managed and unmanaged devices • requires application support. • Current applications that support RBDR: • Mail • WorkFolders Data protection (FDE) is now considered a fundamental OS feature • Device Encryption included in all editions of Windows • Prevents unauthorized access on lost or stolen devices • enabled out of the box • requires devices with InstantGo technology • built on BitLocker tech; commercial grade protection BitLocker • provides additional configuration options and management capabilities that are attractive to enterprises • easy to deploy and available in Pro and Enterprise editions • enterprise management available with MBAM
    18. 18. Windows 8 and 8.1 Security Capabilities First Class Biometric Experience Multifactor Authentication for BYOD Trustworthy Identities and Devices Provable PC Health Improved Windows Defender Improved Internet Explorer Pervasive Device Encryption Selective Wipe of Corp Data UEFI Modern Biometric Readers TPM