Windows Server 2008  新安全功能探討 呂政周 精誠恆逸教育訓練處 資深講師 http://edu.uuu.com.tw - -
課程大綱 <ul><li>前言 </li></ul><ul><li>作業系統安全 </li></ul><ul><li>存取控制安全 </li></ul><ul><li>應用程式安全 </li></ul><ul><li>程式執行安全 </li><...
前言 <ul><li>雖然病毒及駭客占據了頭版頭條的位置 ,  但是安全管理仍然是企業組織電腦與資訊安全的核心內容 . </li></ul><ul><li>SD3+C </li></ul><ul><ul><li>Secure by Design...
作業系統安全 - -
Windows Server 2008  安全的開發生命週期 對程式開發人員作定期與強制的安全教育 安全顧問針對所有系統元件為開發人員提供安全的建議 在設計階段對各種威脅模式納入考量 程式碼安全性檢視與測試 Common Criteria  認證
The bad guys are everywhere! <ul><li>They literally want to do you harm </li></ul><ul><li>Threats exist in two interesting...
Protect the OS When Running
The threats <ul><li>Trojan that replaces a system file to install a rootkit and take control of the computer (e.g. Fun Lov...
Code integrity <ul><li>Validates the integrity of each binary image </li></ul><ul><ul><li>Checks hashes for every page as ...
Hash validation scope - - Windows binaries Yes WHQL-certified third-party drivers Yes Unsigned drivers By policy Third-par...
More on signatures <ul><li>Don’t confuse hash validation with signatures </li></ul>- - x64 <ul><li>All kernel mode code mu...
Recovering from CI failures <ul><li>Potential problems— </li></ul><ul><ul><li>OS won’t boot: kernel code or boot-time driv...
Integrated Windows Defender <ul><li>Integrated detection, cleaning, and real-time blocking of malware: </li></ul><ul><ul><...
Internet Explorer 7 <ul><li>In addition to building on UAC (see later), IE includes: </li></ul><ul><ul><li>Protected Mode ...
Phishing Filter in IE Dynamic Protection Against Fraudulent Websites <ul><li>3 checks to protect users from phishing scams...
存取控制安全 - -
User Account Control <ul><li>Helps implement Least Privilege principle in two distinct ways: </li></ul><ul><ul><li>Every u...
UAC: Fundamental Change to Windows Operation <ul><li>Fixes the system to work well as a standard user </li></ul><ul><li>Re...
Control Over Device Installation <ul><li>Control over removable device installation via a policy </li></ul><ul><ul><li>Mai...
Using Network Access Protection 1 Windows Client Policy Servers such as: Patch, AV MSFT NPS  DHCP, VPN Switch/Router  Clie...
Using Network Access Protection 1 Windows Client 2 Policy Servers such as: Patch, AV MSFT NPS  DHCP, VPN Switch/Router  Cl...
Using Network Access Protection 1 Windows Client 2 3 Policy Servers such as: Patch, AV MSFT NPS  DHCP, VPN Switch/Router  ...
Using Network Access Protection 1 Windows Client 2 3 Policy Servers such as: Patch, AV Not policy compliant MSFT NPS  4 DH...
Using Network Access Protection 1 Windows Client 2 3 Policy Servers such as: Patch, AV Not policy compliant Policy complia...
Windows Firewall Advanced Security  Filter both incoming and  outgoing traffic
Windows Firewall Advanced Security  New Microsoft ®  Management Console (MMC) snap-in for GUI configuration
Windows Firewall Advanced Security  Integrated firewall and IP security (IPsec) settings
Windows Firewall Advanced Security  Several ways to configure exceptions
NG TCP/IP Next Generation TCP/IP in Vista and “Longhorn” <ul><li>A new, fully re-worked replacement of the old TCP/IP stac...
應用程式安全 與 程式執行安全 - -
The threats <ul><li>Remember Blaster? </li></ul><ul><ul><li>Took over RPCSS—made it write msblast.exe to file system and a...
Service hardening - - It’s about the principle of least privilege— it’s good for people, and it’s good for services Servic...
Refactoring <ul><li>Ideally, remove the service out of LocalSystem </li></ul><ul><ul><li>If it doesn’t perform privileged ...
Profiling <ul><li>Every service has a unique service identifier called a “service SID” </li></ul><ul><ul><li>S-1-80- <SHA-...
Restricting services SCM computes service SID SCM adds the SID to service process’s token SCM creates write-restricted tok...
Restricting services: know this <ul><li>A restrictable service will set two properties (stored in the registry)— </li></ul...
Windows Server 2008 Services Hardening Kernel Drivers User-mode Drivers D D D D D
Windows Server 2008 Services Hardening Kernel Drivers User-mode Drivers <ul><li>Reduce size of high-risk layers </li></ul>...
Windows Server 2008 Services Hardening Kernel Drivers User-mode Drivers Service  1 Service  2 Service  3 Service … Service...
Windows Server 2008 Services Hardening <ul><li>Reduce size of high-risk layers </li></ul><ul><li>Segment the services </li...
Granular Audit Policy
Object Access Auditing Object  Access Attempt: Object Server: %1 Handle ID: %2 Object Type: %3 Process ID: %4 Image File N...
Object Access Auditing An operation was performed on an object. Subject :                                                 ...
Added Auditing For <ul><li>Registry value change audit events (old+new values) </li></ul><ul><li>AD change audit events (o...
Address Space Load Randomization (ASLR) <ul><li>Prior to Windows Vista </li></ul><ul><ul><li>Executables and DLLs load at ...
資料傳遞安全 與 資料儲存安全 - -
Terminal Services Gateway Perimeter network Internet Corp LAN External Firewall Internal Firewall Hotel Tunnels RDP over H...
RMS, EFS, and BitLocker <ul><li>Three levels of protection: </li></ul><ul><ul><li>Rights Management Services </li></ul></u...
CNG:  Cryptography Next Generation <ul><li>CAPI 1.0 has been deprecated </li></ul><ul><ul><li>May be dropped altogether in...
Offline Files Encrypted Per User
Encrypted Pagefile
Regulatory Compliance <ul><li>Windows Vista cryptography will comply with: </li></ul><ul><ul><li>Common Criteria (CC) </li...
Supports NSA Suite B www.nsa.gov/ia/industry/crypto_suite_b.cfm <ul><li>Required cryptographic algorithms for all US non-c...
Trusted Platform Module TPM Chip Version 1.2 <ul><li>Hardware present in the computer, usually a chip on the motherboard <...
Code Integrity <ul><li>All DLLs and other OS executables have been digitally signed </li></ul><ul><li>Signatures verified ...
BitLocker™ <ul><li>BitLocker strongly encrypts and signs the entire hard drive (full volume encryption) </li></ul><ul><ul>...
結論
Defense-in-Depth - - <ul><li>Increases an attacker’s risk of detection  </li></ul><ul><li>Reduces an attacker’s chance of ...
Defense-in-Depth ( 續 ) - - Policies, procedures, and awareness Physical security Perimeter Internal network Network defens...
- - © 2007 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft mak...
Upcoming SlideShare
Loading in...5
×

0828 Windows Server 2008 新安全功能探討

1,623

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,623
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
27
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • 0828 Windows Server 2008 新安全功能探討

    1. 1. Windows Server 2008 新安全功能探討 呂政周 精誠恆逸教育訓練處 資深講師 http://edu.uuu.com.tw - -
    2. 2. 課程大綱 <ul><li>前言 </li></ul><ul><li>作業系統安全 </li></ul><ul><li>存取控制安全 </li></ul><ul><li>應用程式安全 </li></ul><ul><li>程式執行安全 </li></ul><ul><li>資料傳遞安全 </li></ul><ul><li>資料儲存安全 </li></ul>- -
    3. 3. 前言 <ul><li>雖然病毒及駭客占據了頭版頭條的位置 , 但是安全管理仍然是企業組織電腦與資訊安全的核心內容 . </li></ul><ul><li>SD3+C </li></ul><ul><ul><li>Secure by Design </li></ul></ul><ul><ul><li>Secure by Default </li></ul></ul><ul><ul><li>Secure in Deployment and Communications </li></ul></ul><ul><li>Trustworthy Computing </li></ul>- -
    4. 4. 作業系統安全 - -
    5. 5. Windows Server 2008 安全的開發生命週期 對程式開發人員作定期與強制的安全教育 安全顧問針對所有系統元件為開發人員提供安全的建議 在設計階段對各種威脅模式納入考量 程式碼安全性檢視與測試 Common Criteria 認證
    6. 6. The bad guys are everywhere! <ul><li>They literally want to do you harm </li></ul><ul><li>Threats exist in two interesting places— </li></ul><ul><ul><li>Online: system started and shows a login screen or a user is logged in </li></ul></ul><ul><ul><li>Offline: system is powered down or in hibernation </li></ul></ul><ul><li>Policies must address both </li></ul>
    7. 7. Protect the OS When Running
    8. 8. The threats <ul><li>Trojan that replaces a system file to install a rootkit and take control of the computer (e.g. Fun Love or others that use root kits) </li></ul><ul><li>Offline attack caused by booting an alternate operating system and attempting to corrupt or modify Windows operating system image files </li></ul><ul><li>Third-party kernel drivers that are not secure </li></ul><ul><li>Any action by an administrator that threatens the integrity of the operating system binary files </li></ul><ul><li>Rogue administrator who changes an operating system binary to hide other acts </li></ul>- -
    9. 9. Code integrity <ul><li>Validates the integrity of each binary image </li></ul><ul><ul><li>Checks hashes for every page as it’s loaded </li></ul></ul><ul><ul><li>Also checks any image loading to a protected process </li></ul></ul><ul><ul><li>Implemented as a file system filter driver </li></ul></ul><ul><ul><li>Hashes stored in system catalog or in X.509 certificate embedded in file </li></ul></ul><ul><li>Also validates the integrity of the boot process </li></ul><ul><ul><li>Checks the kernel, the HAL, boot-start drivers </li></ul></ul><ul><li>If validation fails, image won’t load </li></ul>- -
    10. 10. Hash validation scope - - Windows binaries Yes WHQL-certified third-party drivers Yes Unsigned drivers By policy Third-party application binaries No
    11. 11. More on signatures <ul><li>Don’t confuse hash validation with signatures </li></ul>- - x64 <ul><li>All kernel mode code must be signed or it won’t load </li></ul><ul><li>Third-party drivers must be WHQL-certified or contain a certificate from a Microsoft CA </li></ul><ul><li>No exceptions, period </li></ul><ul><li>User mode binaries need no signature unless they— </li></ul><ul><ul><li>Implement cryptographic functions </li></ul></ul><ul><ul><li>Load into the software licensing service </li></ul></ul>x32 <ul><li>Signing applies only to drivers shipped with Windows </li></ul><ul><li>Can control by policy what to do with third-party </li></ul><ul><li>Unsigned kernel mode code will load </li></ul><ul><li>User mode binaries—same as x64 </li></ul>
    12. 12. Recovering from CI failures <ul><li>Potential problems— </li></ul><ul><ul><li>OS won’t boot: kernel code or boot-time driver failed CI </li></ul></ul><ul><ul><li>OS boots, a device won’t function: non-boot-time driver failed CI </li></ul></ul><ul><ul><li>OS boots, system is “weird”: service failed CI </li></ul></ul><ul><ul><li>OS boots and behaves, task malfunctions: OS component failed CI </li></ul></ul><ul><li>Solve boot-critical problems through standard system recovery tools </li></ul><ul><li>Integrated Windows diagnostic infrastructure helps to repair critical files; non-critical files can be replaced through Microsoft Update </li></ul>- -
    13. 13. Integrated Windows Defender <ul><li>Integrated detection, cleaning, and real-time blocking of malware: </li></ul><ul><ul><li>Malware, rootkits, and spyware </li></ul></ul><ul><ul><li>Targeted at consumers – enterprise manageability will be available as a separate product </li></ul></ul><ul><li>Integrated Microsoft Malicious Software Removal Tool (MSRT) will remove worst worms, bots, and trojans during an upgrade and on a monthly basis </li></ul>
    14. 14. Internet Explorer 7 <ul><li>In addition to building on UAC (see later), IE includes: </li></ul><ul><ul><li>Protected Mode that only allows IE to browse with no other rights, even if the user has them, such as to install software </li></ul></ul><ul><ul><ul><li>“ Read-only” mode, except for Temporary Internet Files when browser is in the Internet Zone of security </li></ul></ul></ul>
    15. 15. Phishing Filter in IE Dynamic Protection Against Fraudulent Websites <ul><li>3 checks to protect users from phishing scams: </li></ul><ul><ul><li>Compares web site with local list of known legitimate sites </li></ul></ul><ul><ul><li>Scans the web site for characteristics common to phishing sites </li></ul></ul><ul><ul><li>Double checks site with online Microsoft service of reported phishing sites updated several times every hour </li></ul></ul><ul><li>Two Levels of Warning and Protection in IE7 Security Status Bar </li></ul>Level 1: Warn Suspicious Website Signaled Level 2: Block Confirmed Phishing Site Signaled and Blocked
    16. 16. 存取控制安全 - -
    17. 17. User Account Control <ul><li>Helps implement Least Privilege principle in two distinct ways: </li></ul><ul><ul><li>Every user is a standard user </li></ul></ul><ul><ul><ul><li>Older, legacy, or just greedy application’s attempts to change your system’s settings will be virtualised so they do not break anything </li></ul></ul></ul><ul><ul><li>Each genuine need to use administrative privileges will require: </li></ul></ul><ul><ul><ul><li>Selection of a user who has those permissions, or </li></ul></ul></ul><ul><ul><ul><li>Confirmation of the intent to carry on with the operation </li></ul></ul></ul>
    18. 18. UAC: Fundamental Change to Windows Operation <ul><li>Fixes the system to work well as a standard user </li></ul><ul><li>Registry and f ile v irtualization to provide compatibility </li></ul><ul><ul><li>Per-machine registry writes are redirected to per-user locations if the user does not have administrative privileges </li></ul></ul><ul><ul><li>Effectively: standard accounts can run “ admin-required” legacy applications safely! </li></ul></ul><ul><ul><li>You can redirect the virtualization store </li></ul></ul>
    19. 19. Control Over Device Installation <ul><li>Control over removable device installation via a policy </li></ul><ul><ul><li>Mainly to disable USB-device installation, as many corporations worry about intellectual property leak </li></ul></ul><ul><ul><li>You can control them by device class or driver </li></ul></ul><ul><li>Approved drivers can be pre-populated into trusted Driver Store </li></ul><ul><li>Driver Store Policies (group policies) govern driver packages that are not in the Driver Store: </li></ul><ul><ul><li>Non-corporate standard drivers </li></ul></ul><ul><ul><li>Unsigned drivers </li></ul></ul>
    20. 20. Using Network Access Protection 1 Windows Client Policy Servers such as: Patch, AV MSFT NPS DHCP, VPN Switch/Router Client requests access to network and presents current health state 1 Corporate Network
    21. 21. Using Network Access Protection 1 Windows Client 2 Policy Servers such as: Patch, AV MSFT NPS DHCP, VPN Switch/Router Client requests access to network and presents current health state 1 2 Dynamic Host Configuration Protocol (DHCP), virtual private network (VPN) or Switch/Router relays health status to Microsoft Network Policy Server (RADIUS) Corporate Network
    22. 22. Using Network Access Protection 1 Windows Client 2 3 Policy Servers such as: Patch, AV MSFT NPS DHCP, VPN Switch/Router Client requests access to network and presents current health state 1 2 DHCP, VPN or Switch/Router relays health status to Microsoft Network Policy Server (RADIUS) 3 Network Policy Server (NPS) validates against IT-defined health policy Corporate Network
    23. 23. Using Network Access Protection 1 Windows Client 2 3 Policy Servers such as: Patch, AV Not policy compliant MSFT NPS 4 DHCP, VPN Switch/Router Restricted Network Client requests access to network and presents current health state 1 2 DHCP, VPN or Switch/Router relays health status to Microsoft Network Policy Server (RADIUS) 3 Network Policy Server (NPS) validates against IT-defined health policy 4 If not policy compliant, client is put in a restricted virtual local area network (VLAN) and given access to fix up resources to download patches, configurations, signatures (Repeat 1 - 4) Fix Up Servers Example: Patch Corporate Network
    24. 24. Using Network Access Protection 1 Windows Client 2 3 Policy Servers such as: Patch, AV Not policy compliant Policy compliant MSFT NPS 5 4 DHCP, VPN Switch/Router Restricted Network Client requests access to network and presents current health state 1 2 DHCP, VPN or Switch/Router relays health status to Microsoft Network Policy Server (RADIUS) 3 Network Policy Server (NPS) validates against IT-defined health policy 4 If not policy compliant, client is put in a restricted VLAN and given access to fix up resources to download patches, configurations, signatures (Repeat 1 - 4) Fix Up Servers Example: Patch 5 If policy compliant, client is granted full access to corporate network Corporate Network
    25. 25. Windows Firewall Advanced Security Filter both incoming and outgoing traffic
    26. 26. Windows Firewall Advanced Security New Microsoft ® Management Console (MMC) snap-in for GUI configuration
    27. 27. Windows Firewall Advanced Security Integrated firewall and IP security (IPsec) settings
    28. 28. Windows Firewall Advanced Security Several ways to configure exceptions
    29. 29. NG TCP/IP Next Generation TCP/IP in Vista and “Longhorn” <ul><li>A new, fully re-worked replacement of the old TCP/IP stack </li></ul><ul><li>Dual-stack IPv6 implementation, with now obligatory IPSec </li></ul><ul><ul><li>IPv6 is more secure than IPv4 by design, esp.: </li></ul></ul><ul><ul><ul><li>Privacy, tracking, network port scanning, confidentiality and integrity </li></ul></ul></ul><ul><li>Other network-level security enhancements for both IPv4 and IPv6 </li></ul><ul><ul><li>Strong Host model </li></ul></ul><ul><ul><li>Windows Filtering Platform </li></ul></ul><ul><ul><li>Improved stack-level resistance to all known TCP/IP-based denial of service and other types of network attacks </li></ul></ul><ul><ul><li>Routing Compartments </li></ul></ul><ul><ul><li>Auto-configuration and no-restart reconfiguration </li></ul></ul>
    30. 30. 應用程式安全 與 程式執行安全 - -
    31. 31. The threats <ul><li>Remember Blaster? </li></ul><ul><ul><li>Took over RPCSS—made it write msblast.exe to file system and added run keys to the registry </li></ul></ul><ul><li>No software is perfect; someone still might find a vulnerability in a service </li></ul><ul><li>Malware often looks to exploit such vulnerabilities </li></ul><ul><li>Services are attractive </li></ul><ul><ul><li>Run without user interaction </li></ul></ul><ul><ul><li>Many services often have free reign over the system—too much access </li></ul></ul><ul><ul><li>Most services can communicate over any port </li></ul></ul>- -
    32. 32. Service hardening - - It’s about the principle of least privilege— it’s good for people, and it’s good for services Service refactoring <ul><li>Move service from LocalSystem to something less privileged </li></ul><ul><li>If necessary, split service so that only the part requiring LocalSystem receives that </li></ul>Service profiling <ul><li>Enables service to restrict its behavior </li></ul><ul><li>Resources can have ACLs that allow the service’s ID to access only what it needs </li></ul><ul><li>Also includes rules for specifying required network behavior </li></ul>
    33. 33. Refactoring <ul><li>Ideally, remove the service out of LocalSystem </li></ul><ul><ul><li>If it doesn’t perform privileged operations </li></ul></ul><ul><ul><li>Make ACL changes to registry keys and driver objects </li></ul></ul><ul><li>Otherwise, split into two pieces </li></ul><ul><ul><li>The main service </li></ul></ul><ul><ul><li>The bits that perform privileged operations </li></ul></ul><ul><ul><li>Authenticate the call between them </li></ul></ul>Memory Main service runs as LocalService Privileged LocalSystem
    34. 34. Profiling <ul><li>Every service has a unique service identifier called a “service SID” </li></ul><ul><ul><li>S-1-80- <SHA-1 hash of logical service name> </li></ul></ul><ul><li>A “service profile” is a set of ACLs that— </li></ul><ul><ul><li>Allow a service to use a resource </li></ul></ul><ul><ul><li>Constrain the service to the resources it needs </li></ul></ul><ul><ul><li>Define which network ports a service can use </li></ul></ul><ul><ul><li>Block the service from using other ports </li></ul></ul><ul><li>Now, service can run as LocalService or NetworkService and still receive additional access when necessary </li></ul>
    35. 35. Restricting services SCM computes service SID SCM adds the SID to service process’s token SCM creates write-restricted token SCM removes unneeded privileges from process token Service places ACL on resource—only service can write to it
    36. 36. Restricting services: know this <ul><li>A restrictable service will set two properties (stored in the registry)— </li></ul><ul><ul><li>One to indicate that it can be restricted </li></ul></ul><ul><ul><li>One to show which privileges it requires </li></ul></ul>Note! This is a voluntary process. The service is choosing to restrict itself. It’s good development practice because it reduces the likelihood of a service being abused by malware, but it isn’t a full-on system-wide restriction mechanism. Third-party services can still run wild and free…
    37. 37. Windows Server 2008 Services Hardening Kernel Drivers User-mode Drivers D D D D D
    38. 38. Windows Server 2008 Services Hardening Kernel Drivers User-mode Drivers <ul><li>Reduce size of high-risk layers </li></ul>D D D D D
    39. 39. Windows Server 2008 Services Hardening Kernel Drivers User-mode Drivers Service 1 Service 2 Service 3 Service … Service … Service A Service B <ul><li>Reduce size of high-risk layers </li></ul><ul><li>Segment the services </li></ul>D D D D D
    40. 40. Windows Server 2008 Services Hardening <ul><li>Reduce size of high-risk layers </li></ul><ul><li>Segment the services </li></ul><ul><li>Increase number of layers </li></ul>Kernel Drivers User-mode Drivers Service 1 Service 2 Service 3 Service … Service … Service A Service B D D D D D D D D
    41. 41. Granular Audit Policy
    42. 42. Object Access Auditing Object Access Attempt: Object Server: %1 Handle ID: %2 Object Type: %3 Process ID: %4 Image File Name: %5 Access Mask: %6
    43. 43. Object Access Auditing An operation was performed on an object. Subject :                                                                 Security ID: %1                 Account Name: %2                          Account Domain: %3                 Logon ID: %4          Object:                 Object Server: %5                 Object Type: %6                 Object Name: %7                 Handle ID: %9 Operation:                 Operation Type: %8                 Accesses: %10                 Access Mask: %11                 Properties: %12                 Additional Info: %13                 Additional Info2: %14
    44. 44. Added Auditing For <ul><li>Registry value change audit events (old+new values) </li></ul><ul><li>AD change audit events (old+new values) </li></ul><ul><li>Improved operation-based audit </li></ul><ul><li>Audit events for UAC </li></ul><ul><li>Improved IPSec audit events including support for AuthIP </li></ul><ul><li>RPC Call audit events </li></ul><ul><li>Share Access audit events </li></ul><ul><li>Share Management events </li></ul><ul><li>Cryptographic function audit events </li></ul><ul><li>NAP audit events (server only) </li></ul><ul><li>IAS (RADIUS) audit events (server only) </li></ul>
    45. 45. Address Space Load Randomization (ASLR) <ul><li>Prior to Windows Vista </li></ul><ul><ul><li>Executables and DLLs load at fixed locations </li></ul></ul><ul><ul><li>Buffer overflows commonly relied on known system function addresses to cause specific code to execute </li></ul></ul><ul><li>The Windows Vista loader bases modules at one of 256 random points in the address space </li></ul><ul><ul><li>OS images now include relocation information </li></ul></ul><ul><ul><li>Relocation performed once per image and shared across processes </li></ul></ul><ul><li>User stack locations are also randomized </li></ul>
    46. 46. 資料傳遞安全 與 資料儲存安全 - -
    47. 47. Terminal Services Gateway Perimeter network Internet Corp LAN External Firewall Internal Firewall Hotel Tunnels RDP over HTTPS Home Terminal Server Internet Terminal Server Terminal Services Gateway Server E-mail Server Business partner / client site Roaming wireless
    48. 48. RMS, EFS, and BitLocker <ul><li>Three levels of protection: </li></ul><ul><ul><li>Rights Management Services </li></ul></ul><ul><ul><ul><li>Per-document enforcement of policy-based rights </li></ul></ul></ul><ul><ul><li>Encrypting File Systems </li></ul></ul><ul><ul><ul><li>Per file or folder encryption of data for confidentiality </li></ul></ul></ul><ul><ul><li>BitLocker™ Full Volume Encryption </li></ul></ul><ul><ul><ul><li>Per volume encryption (see earlier) </li></ul></ul></ul><ul><li>Note: it is not necessary to use a TPM for RMS and EFS </li></ul><ul><ul><li>EFS can use smartcards and tokens in Vista </li></ul></ul><ul><ul><li>RMS is based, at present, on a “lockbox.dll” technology, not a TPM </li></ul></ul>
    49. 49. CNG: Cryptography Next Generation <ul><li>CAPI 1.0 has been deprecated </li></ul><ul><ul><li>May be dropped altogether in future Windows releases </li></ul></ul><ul><li>CNG: Open Cryptographic Interface for Windows </li></ul><ul><ul><li>Ability to plug in kernel or user mode implementations for: </li></ul></ul><ul><ul><ul><li>Proprietary cryptographic algorithms </li></ul></ul></ul><ul><ul><ul><li>Replacements for standard cryptographic algorithms </li></ul></ul></ul><ul><ul><ul><li>Key Storage Providers (KSP) </li></ul></ul></ul><ul><ul><li>Enables cryptography configuration at enterprise and machine levels </li></ul></ul>
    50. 50. Offline Files Encrypted Per User
    51. 51. Encrypted Pagefile
    52. 52. Regulatory Compliance <ul><li>Windows Vista cryptography will comply with: </li></ul><ul><ul><li>Common Criteria (CC) </li></ul></ul><ul><ul><ul><li>csrc.nist.gov/cc </li></ul></ul></ul><ul><ul><ul><li>Currently in version 3 </li></ul></ul></ul><ul><ul><li>FIPS requirements for strong isolation and auditing </li></ul></ul><ul><ul><ul><li>FIPS-140-2 on selected platforms and 140-1 on all </li></ul></ul></ul><ul><ul><li>US NSA (National Security Agency) CSS (Central Security Service) Suite B </li></ul></ul>
    53. 53. Supports NSA Suite B www.nsa.gov/ia/industry/crypto_suite_b.cfm <ul><li>Required cryptographic algorithms for all US non-classified and classified (SECRET and TOP-SECRET) needs </li></ul><ul><ul><li>Higher special-security needs (e.g. nuclear security) – guided by Suite A (definition classified) </li></ul></ul><ul><ul><li>Announced by NSA at RSA conference in Feb 2005 </li></ul></ul><ul><li>Encryption : AES </li></ul><ul><ul><li>FIPS 197 (with keys sizes of 128 and 256 bits) </li></ul></ul><ul><li>Digital Signature : Elliptic Curve Digital Signature Algorithm </li></ul><ul><ul><li>FIPS 186-2 (using the curves with 256 and 384-bit prime moduli) </li></ul></ul><ul><li>Key Exchange : Elliptic Curve Diffie-Hellman or Elliptic Curve MQV </li></ul><ul><ul><li>Draft NIST Special Publication 800-56 (using the curves with 256 and 384-bit prime moduli) </li></ul></ul><ul><li>Hashing : Secure Hash Algorithm </li></ul><ul><ul><li>FIPS 180-2 (using SHA-256 and SHA-384) </li></ul></ul>
    54. 54. Trusted Platform Module TPM Chip Version 1.2 <ul><li>Hardware present in the computer, usually a chip on the motherboard </li></ul><ul><li>Securely stores credentials, such as a private key of a machine certificate and is crypto-enabled </li></ul><ul><ul><li>Effectively, the essence of a smart smartcard </li></ul></ul><ul><li>TPM can be used to request encryption and digital signing of code and files and for mutual authentication of devices </li></ul><ul><li>See www.trustedcomputinggroup.org </li></ul>
    55. 55. Code Integrity <ul><li>All DLLs and other OS executables have been digitally signed </li></ul><ul><li>Signatures verified when components load into memory </li></ul>
    56. 56. BitLocker™ <ul><li>BitLocker strongly encrypts and signs the entire hard drive (full volume encryption) </li></ul><ul><ul><li>TPM chip provides key management </li></ul></ul><ul><ul><li>Can use additional protection factors such as a USB dongle, PIN or password </li></ul></ul><ul><li>Any unauthorised off-line modification to your data or OS is discovered and no access is granted </li></ul><ul><ul><li>Prevents attacks which use utilities that access the hard drive while Windows is not running and enforces Windows boot process </li></ul></ul><ul><li>Protects data after laptop theft etc. </li></ul><ul><li>Data recovery strategy must be planned carefully! </li></ul><ul><ul><li>Vista supports three modes: key escrow, recovery agent, backup </li></ul></ul>
    57. 57. 結論
    58. 58. Defense-in-Depth - - <ul><li>Increases an attacker’s risk of detection </li></ul><ul><li>Reduces an attacker’s chance of success </li></ul>Security policies, procedures, and education Policies, procedures, and awareness Guards, locks, tracking devices Physical security Application hardening Application OS hardening, authentication, update management, antivirus updates, auditing Host Network segments, IPSec, NIDS Internal network Firewalls, boarder routers, VPNs with quarantine procedures Perimeter Strong passwords, ACLs, encryption, EFS, backup and restore strategy Data
    59. 59. Defense-in-Depth ( 續 ) - - Policies, procedures, and awareness Physical security Perimeter Internal network Network defenses Host Application Data Client defenses Server defenses Host Application Data
    60. 60. - - © 2007 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×