SlideShare a Scribd company logo
Alexander Benoit
Senior Consultant / Head of Competence Center Microsoft
„Future Workplace“, Security
SCCM, Intune, Windows 10, Defender Framework,…
Alexander.Benoit@sepago.de
@ITPirate
http://it-pirate.com/
We have a firewall
We can‘t get
hacked!
The threat landscape
No-brainers to secure Windows 10
Latest & greatest mitigation features in Windows 10
The discussion is always about tools!
Phishing
Keylogger
Ransomware Spyware
Worm Compromised accounts
How to secure Windows 10 ?
Good to
know
Exploit:
Computercode that takes advantage of a vulnerability in a software system.
Payload:
Payloads carry the functionality for the greater access into the target.
Attack
PayloadExploit
Common way‘s to share payloads:
• Fake Hyperlink
• PowerPoint Macro
• as „JPG“ File
Create
Metasploit
payload and
configure
listener port
and host IP.
Hide
payload
behind fake
link
Block at first
sight
support in
Microsoft
Edge
• The Windows Defender SmartScreen provides an early warning system to notify users of suspicious
websites that could be engaging in phishing attacks or distributing malware through a socially
engineered attack.
• Windows Defender SmartScreen is one of the multiple layers of defense in the anti-phishing and
malware protection strategies
Check
downloaded
files Windows Defender
Cloud Protection
Click!
Attacker
Generate new
malware file
Send file
metadata
Evaluate
metadata
Verdict: Malware – Block!
Malware Block!
Including Machine Learning,
proximity, lookup heuristics
Command & Control
User
Call
managed
and
unmanaged
homepages
• Windows Defender Application Guard protects the device from advanced attacks launched against
Microsoft Edge.
• Malware and vulnerability exploits targeting the browser, including zero days, are unable to impact the
operating system, apps, data and network.
• Application Guard uses virtualization based security to hardware to isolate Microsoft Edge and any
browsing activity away from the rest of the system.
• Closing Microsoft Edge wipes all traces of attacks that may been encountered while online.
Call
managed
and
unmanaged
homepages
Call
managed
and
unmanaged
homepages
Call
managed
and
unmanaged
homepages
Call
managed
and
unmanaged
homepages
Hide
payload
behind fake
“jpg”
Run hidden
payload and
establish
connection
• User Account Control (UAC) helps prevent malware from damaging PCs and
helps organizations deploy a better-managed desktop.
• Apps and tasks always run in the security context of a standard user account,
unless an administrator specifically authorizes elevated access to the system
Protect
clients from
unwanted
software
Device Guard Kernel Mode Code Integrity
• Protects kernel mode processes and drivers from “zero day” attacks and vulnerabilities by
using HVCI.
• Drivers will must signed.
Device Guard User Mode Code Integrity
• Enterprise-grade application white-listing that achieves PC lockdown for enterprise that runs only
trusted apps.
• Untrusted apps and executables, such as malware, are unable to run.
driver and
application
white-listing
driver and
application
white-listing
Compromise
the client
stops the
attacker from
manipulating
processes
• Windows Defender Exploit Guard helps you audit, configure, and manage Windows system and
application exploit mitigations .
• In addition Exploit Guard delivers a new class of capabilities for intrusion prevention.
While it provides legacy app protections including:
• Arbitrary Code Guard
• Block Low Integrity Images
• Block Remote Images
• Block Untrusted Fonts
• Code Integrity Guard
• Disable Win32k system calls
• Validate Stack Integrity
• Do Not Allow Child Processes
• Export Address Filtering
• Import Address Filtering
• Simulate Execution
• Validate API Invocation (CallerCheck)
• Validate Image Dependency Integrity
Secure Windows 10 – No Brainers
Vulnerabilities are increasing while evidence of actual exploits is decreasing due to mitigation investments
• Full drive encryption solution provided natively with Windows 10 Professional and Enterprise
• Used to protect the operating system drive, secondary data drives and removable devices
• System Center Configuration Manager, MDT and Intune can be used to deploy BitLocker
Overview
Overview
• Credential Guard isolates secrets that previous versions of Windows stored in the Local Security
Authority (LSA) by using virtualization-based security.
• The LSA process in the operating system talks to the isolated LSA by using remote procedure calls.
• Data stored by using VBS is not accessible to the rest of the operating system.
Breach detection
investigation &
response
Device
protection
Identity
protection
Information
protection
Threat
resistance
Educate your users!
https://aka.ms/ignite.mobileapp
https://myignite.microsoft.com/evaluations

More Related Content

What's hot

Computer security basics
Computer security  basicsComputer security  basics
Computer security basics
Srinu Potnuru
 
chap 2 lab 2 {(bryan123)}
chap 2 lab 2 {(bryan123)}chap 2 lab 2 {(bryan123)}
chap 2 lab 2 {(bryan123)}
richbryansalvo
 
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet KolkataSecurity Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
amiyadutta
 
Malware Defense-in-Depth 2.0
Malware Defense-in-Depth 2.0Malware Defense-in-Depth 2.0
Malware Defense-in-Depth 2.0
Ayed Al Qartah
 
Operating system security
Operating system securityOperating system security
Operating system security
Rachel Jeewa
 
Virus & Computer security threats
Virus & Computer security threatsVirus & Computer security threats
Virus & Computer security threats
Azri Abdin
 
Program and System Threats
Program and System ThreatsProgram and System Threats
Program and System Threats
Reddhi Basu
 

What's hot (20)

Computer security basics
Computer security  basicsComputer security  basics
Computer security basics
 
Network Security Risk
Network Security RiskNetwork Security Risk
Network Security Risk
 
OS Security 2009
OS Security 2009OS Security 2009
OS Security 2009
 
Pahdi Yadav 1(bryan salvo)
Pahdi Yadav 1(bryan salvo)Pahdi Yadav 1(bryan salvo)
Pahdi Yadav 1(bryan salvo)
 
chap 2 lab 2 {(bryan123)}
chap 2 lab 2 {(bryan123)}chap 2 lab 2 {(bryan123)}
chap 2 lab 2 {(bryan123)}
 
system Security
system Security system Security
system Security
 
OPERATING SYSTEM SECURITY
OPERATING SYSTEM SECURITYOPERATING SYSTEM SECURITY
OPERATING SYSTEM SECURITY
 
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet KolkataSecurity Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
 
RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5
 
Malware Defense-in-Depth 2.0
Malware Defense-in-Depth 2.0Malware Defense-in-Depth 2.0
Malware Defense-in-Depth 2.0
 
Operating system security
Operating system securityOperating system security
Operating system security
 
Spikes Security Isla Isolation
Spikes Security Isla IsolationSpikes Security Isla Isolation
Spikes Security Isla Isolation
 
Chap 2 lab 2
Chap 2 lab 2Chap 2 lab 2
Chap 2 lab 2
 
Technical guidance to prevent wanna cry ransomware attack
Technical guidance to prevent wanna cry ransomware attackTechnical guidance to prevent wanna cry ransomware attack
Technical guidance to prevent wanna cry ransomware attack
 
Operating System Security
Operating System SecurityOperating System Security
Operating System Security
 
System security
System securitySystem security
System security
 
Security & protection in operating system
Security & protection in operating systemSecurity & protection in operating system
Security & protection in operating system
 
Virus & Computer security threats
Virus & Computer security threatsVirus & Computer security threats
Virus & Computer security threats
 
Demo how to detect ransomware with alien vault usm_gg
Demo  how to detect ransomware with alien vault usm_ggDemo  how to detect ransomware with alien vault usm_gg
Demo how to detect ransomware with alien vault usm_gg
 
Program and System Threats
Program and System ThreatsProgram and System Threats
Program and System Threats
 

Similar to Best practices to secure Windows10 with already included features

01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security
Harish Chaudhary
 

Similar to Best practices to secure Windows10 with already included features (20)

Experts Live Europe 2017 - Best Practices to secure Windows 10 with already i...
Experts Live Europe 2017 - Best Practices to secure Windows 10 with already i...Experts Live Europe 2017 - Best Practices to secure Windows 10 with already i...
Experts Live Europe 2017 - Best Practices to secure Windows 10 with already i...
 
Protecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareProtecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry Ransomware
 
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelines
 
ransomware keylogger rootkit.pptx
ransomware keylogger rootkit.pptxransomware keylogger rootkit.pptx
ransomware keylogger rootkit.pptx
 
For Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecFor Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSec
 
Solvay secure application layer v2015 seba
Solvay secure application layer v2015   sebaSolvay secure application layer v2015   seba
Solvay secure application layer v2015 seba
 
DEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.pptDEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.ppt
 
Uncover What's Inside the Mind of a Hacker
Uncover What's Inside the Mind of a HackerUncover What's Inside the Mind of a Hacker
Uncover What's Inside the Mind of a Hacker
 
Defending Your IBM i Against Malware
Defending Your IBM i Against MalwareDefending Your IBM i Against Malware
Defending Your IBM i Against Malware
 
Do You Write Secure Code? by Erez Metula
Do You Write Secure Code? by Erez MetulaDo You Write Secure Code? by Erez Metula
Do You Write Secure Code? by Erez Metula
 
Botnets Attacks.pptx
Botnets Attacks.pptxBotnets Attacks.pptx
Botnets Attacks.pptx
 
How Endpoint Security works ?
How Endpoint Security works ?How Endpoint Security works ?
How Endpoint Security works ?
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security Presentation
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protection
 
PoS Malware and Other Threats to the Retail Industry
PoS Malware and Other Threats to the Retail IndustryPoS Malware and Other Threats to the Retail Industry
PoS Malware and Other Threats to the Retail Industry
 
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
 
Your Datacenter at risk? – Patching for the Datacenter
Your Datacenter at risk? – Patching for the DatacenterYour Datacenter at risk? – Patching for the Datacenter
Your Datacenter at risk? – Patching for the Datacenter
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security
 
Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities
Protect Your IT Infrastructure from Zero-Day Attacks and New VulnerabilitiesProtect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities
Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities
 

Recently uploaded

Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Peter Udo Diehl
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
UXDXConf
 

Recently uploaded (20)

Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджера
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1
 
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsPLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. Startups
 
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfIntroduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
 
Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutes
 
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfSimplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
 
Buy Epson EcoTank L3210 Colour Printer Online.pptx
Buy Epson EcoTank L3210 Colour Printer Online.pptxBuy Epson EcoTank L3210 Colour Printer Online.pptx
Buy Epson EcoTank L3210 Colour Printer Online.pptx
 
ECS 2024 Teams Premium - Pretty Secure
ECS 2024   Teams Premium - Pretty SecureECS 2024   Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty Secure
 
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxWSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
 
The Metaverse: Are We There Yet?
The  Metaverse:    Are   We  There  Yet?The  Metaverse:    Are   We  There  Yet?
The Metaverse: Are We There Yet?
 

Best practices to secure Windows10 with already included features

Editor's Notes

  1. Big day for me first session at Ignite
  2. Quick checklist – you have them enabled …
  3. DIVERSE ! Compromised accounts Drive-by download sites Malicious websites Ransomware Deliver Code Elevate (Everybody is local admin) Code Injection Malicisous Actions Malware Phishing
  4. So you‘ll probably ask yourself… What we are going to do today.. Remember when I said this is my first session at Ignite. Probalbly my last..
  5. Remember when I said this is my first Ignite Session
  6. SmartScreen was introduced in Internet Explorer 11.
  7. Kein SSO
  8. Stay current! Analysis: High-level vulnerability & exploit trends
  9. Windows 10 Enterprise x64 Edition UEFI 2.3.1 or higher firmware and Secure Boot TPM 2.0 (Note: TPM 1.2 can be used but is not recommended) Virtualization capable hardware