Hi and welcome to the Microsoft Virtual Academy and

Size: px
Start display at page:

Download "Hi and welcome to the Microsoft Virtual Academy and"

Transcription

1 Hi and welcome to the Microsoft Virtual Academy and 2012 Microsoft Corporation 1

2 the start of the Windows 8 Security Insights training. My name is Milad Aslaner I m part of the Premier Field Engineering group and based in Germany. As a Premier Field Engineer I m an technical expert in delivering critical IT services to Microsoft customers. My focus area is Windows Reliability and Performance. This means that I m daily utilizing tools such as the Windows Performance Toolkit to troubleshoot at nanoseconds level performance issues and I m a regular speaker at Microsoft events around how Windows and how it all works under the hood Microsoft Corporation 2

3 In this module we will talk about SecureBoot, ELAM (Early Launch Anti-Malware) and Measured Boot. So let s begin with SecureBoot Microsoft Corporation 3

4 Secure Boot is a UEFI firmware-based feature which helps prevent unauthorized UEFI drivers also known as Option ROMs, firmware or DLLs to be loaded at boot time. This is done by maintaining databases of software signers and software images that are pre-approved to run on the computer. As I mentioned it s a UEFI feature but what is UEFI actually? In the past was BIOS (Basic Input and Output System) firmware which was written in assembly and use software interrupt for I/O (disk activity). Due to changes in the computer landscape their was a need for a modern firmware to start the next generation of devices. It allows a very modular firmware design which enables vendors a better flexibility. Whereas I/O was very limited by software interrupt, UEFI utilize the concept of architecture-neutral coding standards and is event-based Microsoft Corporation 4

5 If we compare the legacy boot process with the modern boot process we can shortly identify that the change happens at OS Loader level. With the legacy boot process the biggest issue we had was that malware had the opportunity to launch before the OS Loader. Malware engineers/hackers could specifically build rootkits for it and try to get their code loaded before the boot manager. With the modern boot process we introduce the Secure Boot feature to part of Windows 8. With that the firmware feature is only starting an signed OS loader and boot components. If the boot process fails; immediately a remediation process is started. But how does it work really under the hood? When you turn on your computer it starts the process to execute kernel level code responsible for memory management, processing, hardware etcetera. this is all done in order to be prepared for the OS execution. Once the system is powered on and important BEFORE THE OS LOADER is started the firmware (UEF) is now checking for the signature of the firmware code that exists on hardware peripherals such as network cards, video cards or storage devices. After that it will continue and start checking for embedded signature inside the firmware module. These signatures are stored in databases in firmware. These databases are the Allowed and Disallowed lists that determine if the booting process can continue Microsoft Corporation 5

6 To utilize Secure Boot the system must be UEFI compliant and running in a native UEFI mode. UEFI+CSM implementations will need to disable CSM to get Secure Boot work. We got two databases; first the populated signature database which contains pre-approved signatures and images specified by the OEM for their UEFI drivers and the forbidden signature database which contains a list of signatures and images known to be malware. The private encryption key must be included in the UEFI database during system manufacturing process. Secure Boot also requires a public key which is stored in the firmware flash storage. Only the OEM partner owns this key with the private key guarded by Microsoft. The initial signature set stores as the name says the initial set of signatures which is stored in flash memory as well. Updates to the database can only be done by the OEM or an KEK (Key-Exchange Key) update. In any case it will require you physical access to the machine Microsoft Corporation 6

7 Some notes about Secure Boot, it s a Kernel level security so it s not related to the user mode. Secure Boot is a required feature in order that OEMs get the Windows 8 logo on their devices. You can actually check if Secure Boot occurred correctly by accessing the registry. The registry for this is HKLM\SYSTEM\CurrentControlSet\Control\SecureBoot\State\UEFISecureBootEnabled you can check there if the registry value is set on 1. 1 indicate that the Secure Boot occurred correctly. Any kind of remediation work will be logged in the Windows event logs, specifically the System Event Logs Microsoft Corporation 7

8 So what does really happen If a unauthorized boot DLL, firmware or OS loader is trying to be executed. Secure Boot triggers at that moment remediation work. This means that the system will boot in WindowsRE to replace the corrupted binary with a known good version from the Windows components store. In case the component store binary is also corrupt, the in-box corruption repair process is started Microsoft Corporation 8

9 As a recap Secure Boot is there to prevent unauthorized firmware or DLLs to be loaded at boot time. It requires UEFI firmware Any kind of remediation is documented in the System event logs and it s a kernel mode security feature Microsoft Corporation 9

10 Now let s focus on Early Launch Anti Malware. ELAM is a new feature which provides a way that supported malware software will start as first third-party component. With that antimalware get the ability to control the initialization phase of boot drivers. Antimalware drivers must use existing tools for installation and registering a driver through typical INF processing routine. The drivers must advertise itself as a boot-start driver similar to other boot-start drivers. The boot drivers are initialized based on a classification system which is returned from ELAM driver according to initialization policy. System Administrators can specific custom policies through Group Policy which helps to prevent unknown drivers from initializing or can enable drivers that are critical to the boot process Microsoft Corporation 10

11 If you compare between Windows 7 and Windows 8 what has actually changed? If we look at how the Windows 7 boot process was, we can identify that without Secure Boot the first attack surface was the OS loader phase. Then as next step the malware engineers or hackers had the opportunity to exploit their code as a boot-start driver. For the OS loader security we talked earlier already about Secure Boot and how we fight back with it. Now with Early Launch Anti-Malware (ELAM) we focus on the boot-start drivers. Specifically with Windows 8 we make sure that the first 3 rd -party driver will be the antimalware driver. Just like Secure Boot, if the system detects that it has been compromised remediation will be immediately executed Microsoft Corporation 11

12 If a crash happens due to a compromised boot-start drivers a crash dump will be generated if the disk stack has been already started. If that is the case, you can use WindowsRE to determine the reason for the crash. The malware signature database so the place where the driver hashes are stored is provided by the antimalware vendor. Microsoft recommend that this malware signature has at minimum a whitelist of driver hashes Microsoft Corporation 12

13 As a System Administrator you are able to configure ELAM depending on your needs. For this you can utilize group policies which are stored under Administrative Templates/System/Early Launch Antimalware. You have there 3 options; the first one is good only. This means that only drivers that are signed and have not been tampered will be allowed to be loaded. Second is good and unknown which means that drivers have to be signed and flagged as tampered or drivers that are not classified by ELAM are allowed to loaded. Last option is Good, unknown and bad critical. Which means that similar to good and unknown option but also give the ability that drivers that are known as malware are allowed to be loaded. Important to know is that if the antimalware driver does not include a boot-start component, the policy does not apply even if you configure it Microsoft Corporation 13

14 To summarize it; with ELAM Windows 8 introduce a functionality to make sure that the first 3 rd -party driver loaded during the boot process is the antimalware driver. In case anything goes wrong and the disk stack is already started ELAM will generate a crash dump which can be analyzed to identify the root cause. The malware signature database is provided by the antimalware vendor and all functions are stored under HKLM\ELAM\ and the <vendor name> which utilize ELAM functionality Microsoft Corporation 14

15 With Measured Boot Windows 8 introduce a feature which provides AntiMalware software the ability to have a log of all boot components that has been started before AM software. It can help to determine whether components that ran before are compromised or not. Supported AntiMalware software has the ability to send that log to a remote server so that the machine is able to prove that it is in a trustworthy state Microsoft Corporation 15

16 When Measured Boot is enabled it will record the integrity of the Windows Kernel and all boot start drivers, including third-party. If AM software is starting as a boot start driver it will be flagged in the log so that its possible to determine when AM has been successfully started Microsoft Corporation 16

17 So how does measured boot get provisioned? First of all TPM chip must exist and must be activated. Second, establishing an AIK the server associate with the client. Third, turning on Boot measurements Fourth, install AntiMalware solutions with a boot start driver and Fifth, install client component that can communicate with the remote server Microsoft Corporation 17

18 As a recap; Measured Boot is a new feature in Windows 8 which gives AM software opportunity to get a log of the boot activities before AntiMalware software is started. This log can be extremely useful to validate whether there may be malware on the computer, or any kind of evidence of tampering with boot components Microsoft Corporation 18

19 So lets look at the big picture at Windows 8 Boot Security. This graph illustrates how all those boot security components come together. The 1 st component is Secure Boot which prevents running a unknown OS loader. Then ELAM get started which make sure that the first third-party boot start driver is the AntiMalware software. 3 rd Measured Boot kicks in and records the entire boot activity and saves it to the TPM module. 4 th to prove the client is in a healthy state, AM has now the ability to query the Measured Boot log from the TPM module and perform a remote verification Microsoft Corporation 19

20 In this module we have covered Secure Boot, Early Launch Anti Malware and Measured Boot, those are the top 3 boot security components which customers currently frequently ask Microsoft consultants or engineers are on site. Thank You Microsoft Corporation 20

21 2012 Microsoft Corporation 21

22 2012 Microsoft Corporation 22

23 2012 Microsoft Corporation 23

Trustworthy Computing

Trustworthy Computing Stefan Thom Senior Software Development Engineer and Security Architect for IEB, Microsoft Rob Spiger, Senior Security Strategist Trustworthy Computing Agenda Windows 8 TPM Scenarios Hardware Choices with

More information

Session ID: Session Classification:

Session ID: Session Classification: Session ID: Session Classification: Protecting Data with Encryption Access Control Protect Sensitive Data Protect and Manage Threats Groundbreaking Malware Resistance Protects the client, data, and corporate

More information

Protecting Data with Short- Lived Encryption Keys and Hardware Root of Trust. Dan Griffin DefCon 2013

Protecting Data with Short- Lived Encryption Keys and Hardware Root of Trust. Dan Griffin DefCon 2013 Protecting Data with Short- Lived Encryption Keys and Hardware Root of Trust Dan Griffin DefCon 2013 Time-Bound Keys Announcements New tool: TimedKey.exe New whitepaper: Trusted Tamperproof Time on Mobile

More information

UEFI Secure Boot. Where we stand. James Bottomley CTO, Server Virtualization; SCSI Subsystem, Parisc Kernel Maintainer

UEFI Secure Boot. Where we stand. James Bottomley CTO, Server Virtualization; SCSI Subsystem, Parisc Kernel Maintainer UEFI Secure Boot Where we stand James Bottomley CTO, Server Virtualization; SCSI Subsystem, Parisc Kernel Maintainer 25 October 2012 Introduction UEFI Secure boot is a static way of assigning trust to

More information

Windows 8 Security. Security Response. November, 2011

Windows 8 Security. Security Response. November, 2011 November, 2011 Introduction You have almost certainly heard by now about the exciting changes from Microsoft planned for Windows 8. If you have followed the press or, better yet, played with the Windows

More information

UEFI on Dell BizClient Platforms

UEFI on Dell BizClient Platforms UEFI on Dell BizClient Platforms Authors: Anand Joshi Kurt Gillespie This document is for informational purposes only and may contain typographical errors and technical inaccuracies. The content is provided

More information

Trusted Boot Loader Steve Johnson, Panasonic Chair Security WG San Jose April 12, 2006

Trusted Boot Loader Steve Johnson, Panasonic Chair Security WG San Jose April 12, 2006 Trusted Boot Loader Steve Johnson, Panasonic Chair Security WG San Jose April 12, 2006 April 12th, 2006 1 Synopsis Background Trusted boot Security enhancements to boot loader Necessary code U-Boot Kernel

More information

Too Young to be Secure: Analysis of UEFI Threats and Vulnerabilities

Too Young to be Secure: Analysis of UEFI Threats and Vulnerabilities St. Petersburg State University of Aerospace Instrumentation Department of Information Systems Security Too Young to be Secure: Analysis of UEFI Threats and Vulnerabilities Anton Sergeev Vladimir Bashun

More information

Exclusive Boot Features

Exclusive Boot Features DE119 Exclusive Boot Features Fast Boot... 2 ASUS Boot Setting... 2 Windows 8 BIOS Boot settings... 5 Direct BIOS access... 11 DirectKey button (DirectKey)...11 Direct connector (2-pin DRCT)... 12 Fast

More information

Technical Brief Distributed Trusted Computing

Technical Brief Distributed Trusted Computing Technical Brief Distributed Trusted Computing Josh Wood Look inside to learn about Distributed Trusted Computing in Tectonic Enterprise, an industry-first set of technologies that cryptographically verify,

More information

Bootkit Threats: In Depth Reverse Engineering & Defense. Eugene Rodionov Aleksandr Matrosov

Bootkit Threats: In Depth Reverse Engineering & Defense. Eugene Rodionov Aleksandr Matrosov Bootkit Threats: In Depth Reverse Engineering & Defense Eugene Rodionov Aleksandr Matrosov Outline of The Presentation Bootkit technology Why? How? Bootkit design principles Architecture Analysis instrumentation

More information

Making UEFI Secure Boot Work With Open Platforms

Making UEFI Secure Boot Work With Open Platforms » The Linux Foundation Making UEFI Secure Boot Work With Open Platforms James Bottomley, CTO, Server Virtualization at Parallels & Linux Foundation Technical Advisory Board Chair Jonathan Corbet, Editor

More information

Windows Phone 8 Security deep dive

Windows Phone 8 Security deep dive October 2012 Windows Phone 8 Security deep dive David Hernie Technical Evangelist Microsoft Belux Office Microsoft Corporation All large screen, dual-core, LTE and NFC Nokia Lumia 920 Nokia Lumia 820 Samsung

More information

The PC Boot Process - Windows XP.

The PC Boot Process - Windows XP. The PC Boot Process - Windows XP. Power supply switched on. The power supply performs a selftest. When all voltages and current levels are acceptable, the supply indicates that the power is stable and

More information

Overview of Windows 10 Requirements for TPM, HVCI and SecureBoot

Overview of Windows 10 Requirements for TPM, HVCI and SecureBoot presented by Overview of Windows 10 Requirements for TPM, HVCI and SecureBoot UEFI Spring Plugfest May 18-22, 2015 Gabe Stocco, Scott Anderson, Suhas Manangi Updated 2011-06-01 UEFI Plugfest May 2015 www.uefi.org

More information

Windows Operating Systems. Basic Security

Windows Operating Systems. Basic Security Windows Operating Systems Basic Security Objectives Explain Windows Operating System (OS) common configurations Recognize OS related threats Apply major steps in securing the OS Windows Operating System

More information

Lecture Overview. INF3510 Information Security Spring 2015. Lecture 4 Computer Security. Meaningless transport defences when endpoints are insecure

Lecture Overview. INF3510 Information Security Spring 2015. Lecture 4 Computer Security. Meaningless transport defences when endpoints are insecure Lecture Overview INF3510 Information Security Spring 2015 Fundamental computer security concepts CPU and OS kernel security mechanisms Virtualization Memory Protection Trusted computing and TPM Lecture

More information

Security Policy for FIPS 140 2 Validation

Security Policy for FIPS 140 2 Validation BitLocker Windows OS Loader Security Policy for FIPS 140 2 Validation BitLocker Windows OS Loader (winload) in Microsoft Windows 8.1 Enterprise Windows Server 2012 R2 Windows Storage Server 2012 R2 Surface

More information

McAfee Deep Safe. Security beyond the OS. Kai-Ping Seidenschnur Senior Security Engineer. October 16, 2012

McAfee Deep Safe. Security beyond the OS. Kai-Ping Seidenschnur Senior Security Engineer. October 16, 2012 McAfee Deep Safe Security beyond the OS Kai-Ping Seidenschnur Senior Security Engineer October 16, 2012 Intel/McAfee Initiatives: epo Deep Command and Deep Defender McAfee epo Deep Command Security Management

More information

CDM Software Asset Management (SWAM) Capability

CDM Software Asset Management (SWAM) Capability CDM Software Asset Management (SWAM) Capability Department of Homeland Security Office of Cybersecurity and Communications Federal Network Resilience Table of Contents 1 PURPOSE AND SCOPE... 2 2 THREAT

More information

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013 CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control

More information

Get Success in Passing Your Certification Exam at first attempt!

Get Success in Passing Your Certification Exam at first attempt! Get Success in Passing Your Certification Exam at first attempt! Vendor: Microsoft Exam Code: 70-687 Exam Name: Microsoft Configuring Windows 8 Exam Version: Demo QUESTION: 1 A company has an Active Directory

More information

Software Execution Protection in the Cloud

Software Execution Protection in the Cloud Software Execution Protection in the Cloud Miguel Correia 1st European Workshop on Dependable Cloud Computing Sibiu, Romania, May 8 th 2012 Motivation clouds fail 2 1 Motivation accidental arbitrary faults

More information

Windows 8: Redmond s Safest Operating System Ever?

Windows 8: Redmond s Safest Operating System Ever? Windows 8: Redmond s Safest Operating System Ever? By Chet Wisniewski, Senior Security Advisor, Sophos, 2012 With its Windows 8 operating system Microsoft has introduced sweeping changes to the desktop

More information

Common Course Outline DCOM 141 Introduction to PC Operation and Repair 4 Semester Hours. The Community College of Baltimore County

Common Course Outline DCOM 141 Introduction to PC Operation and Repair 4 Semester Hours. The Community College of Baltimore County Description Common Course Outline DCOM 141 Introduction to PC Operation and Repair 4 Semester Hours The Community College of Baltimore County DCOM 141 4 credits - Introduction to PC Operation and Repair

More information

A+ Guide to Managing and Maintaining Your PC, 7e. Chapter 12 7 th Edition Installing Windows (02/06/2014)

A+ Guide to Managing and Maintaining Your PC, 7e. Chapter 12 7 th Edition Installing Windows (02/06/2014) A+ Guide to Managing and Maintaining Your PC, 7e Chapter 12 7 th Edition Installing Windows (02/06/2014) Objectives How to plan a Windows installation How to install Windows Vista/7 Enterprise deployment

More information

Patterns for Secure Boot and Secure Storage in Computer Systems

Patterns for Secure Boot and Secure Storage in Computer Systems Patterns for Secure Boot and Secure Storage in Computer Systems Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy Horst Görtz Institute for IT Security, Ruhr-University Bochum, Germany {hans.loehr,ahmad.sadeghi,marcel.winandy}@trust.rub.de

More information

Troubleshooting Guide for BIOS POST on 13 th Generation of Dell PowerEdge Servers

Troubleshooting Guide for BIOS POST on 13 th Generation of Dell PowerEdge Servers Troubleshooting Guide for BIOS POST on 13 th Generation of Dell PowerEdge Servers Wei Liu Dell Server BIOS Development September 2014 Troubleshooting Guide for BIOS POST on Dell 13 th Generation of PowerEdge

More information

Embedded Trusted Computing on ARM-based systems

Embedded Trusted Computing on ARM-based systems 1 / 26 Embedded Trusted Computing on ARM-based systems Martin Schramm, M.Eng. 10.04.2014 Agenda 2 of 26 martin.schramm@th-deg.de Embedded computing platforms have become omnipresent intend to alleviate

More information

Start building a trusted environment now... (before it s too late) IT Decision Makers

Start building a trusted environment now... (before it s too late) IT Decision Makers YOU CAN T got HAP Start building a trusted environment now... IT Decision Makers (before it s too late) HAP reference implementations and commercial solutions are available now in the HAP Developer Kit.

More information

Frontiers in Cyber Security: Beyond the OS

Frontiers in Cyber Security: Beyond the OS 2013 DHS S&T/DoD ASD (R&E) CYBER SECURITY SBIR WORKSHOP Frontiers in Cyber Security: Beyond the OS Clear Hat Consulting, Inc. Sherri Sparks 7/23/13 Company Profile CHC was founded in 2007 by S. Sparks

More information

Index. BIOS rootkit, 119 Broad network access, 107

Index. BIOS rootkit, 119 Broad network access, 107 Index A Administrative components, 81, 83 Anti-malware, 125 ANY policy, 47 Asset tag, 114 Asymmetric encryption, 24 Attestation commercial market, 85 facts, 79 Intel TXT conceptual architecture, 85 models,

More information

Introducing Windows 8

Introducing Windows 8 Introducing Windows 8 Introduction Very Aggressive Change Building block for the future and future of devices Biggest Obstacle: Where is!?!? The New User Experience Start Screen Full screen Start Menu

More information

ARM: A Security Opportunity against Advanced Persistent Threats

ARM: A Security Opportunity against Advanced Persistent Threats SESSION ID: CCT-R05 ARM: A Security Opportunity against Advanced Persistent Threats Siddharth Anbalahan Practice Head-Security Testing Paladaion Networks Pvt Ltd. Siddharth.anbalahan@paladion.net Agenda

More information

1. Blue screen errors happen when which type of processes encounter an error?

1. Blue screen errors happen when which type of processes encounter an error? REVIEWING THE BASICS 1. Blue screen errors happen when which type of processes encounter an error? Processes running in kernel mode 2. Which Vista tool keeps a record of STOP errors and allows you to view

More information

The TCG Dynamic Root for Trusted Measurement

The TCG Dynamic Root for Trusted Measurement Copyright Trusted Computing Group 1 The TCG Dynamic Root for Trusted Measurement Author: Lee Wilson TCG D-RTM Subgroup Chair PureFlex Security Architect, IBM Corporation BASIC CONCEPTS Copyright 2013 Trusted

More information

Example of Standard API

Example of Standard API 16 Example of Standard API System Call Implementation Typically, a number associated with each system call System call interface maintains a table indexed according to these numbers The system call interface

More information

DELL. Unified Server Configurator: IT and Systems Management Overview. A Dell Technical White Paper

DELL. Unified Server Configurator: IT and Systems Management Overview. A Dell Technical White Paper DELL A Dell Technical White Paper Unified Server Configurator: IT and Systems Management Overview By Shelli Allgood, Anand Narayanan, Hai Phung, Pritesh Prabhu and Ganesh Viswanathan THIS WHITE PAPER IS

More information

DriveLock and Windows 7

DriveLock and Windows 7 Why alone is not enough CenterTools Software GmbH 2011 Copyright Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise

More information

TPM Key Backup and Recovery. For Trusted Platforms

TPM Key Backup and Recovery. For Trusted Platforms TPM Key Backup and Recovery For Trusted Platforms White paper for understanding and support proper use of backup and recovery procedures for Trusted Computing Platforms. 2006-09-21 V0.95 Page 1 / 17 Contents

More information

Ovation Security Center Data Sheet

Ovation Security Center Data Sheet Features Scans for vulnerabilities Discovers assets Deploys security patches transparently Allows only white-listed applications to run in workstations Provides virus protection for Ovation Windows workstations

More information

Optimizing ARM Cortex-A9 support in Windows Embedded Compact

Optimizing ARM Cortex-A9 support in Windows Embedded Compact Optimizing ARM Cortex-A9 support in Windows Embedded Compact A DISCUSSION OF RANDOM HANGS AND OTHER ISSUES USING WINDOWS EMBEDDED COMPACT ON FREESCALE I.MX6 APPLICATION PROCESSOR AND HOW THEY WERE SOLVED

More information

A Tale of One Software Bypass of Windows 8 Secure Boot. Yuriy Bulygin Andrew Furtak Oleksandr Bazhaniuk

A Tale of One Software Bypass of Windows 8 Secure Boot. Yuriy Bulygin Andrew Furtak Oleksandr Bazhaniuk A Tale of One Software Bypass of Windows 8 Secure Boot Yuriy Bulygin Andrew Furtak Oleksandr Bazhaniuk and Bootkits Windows 8 Secure Boot Attacking Secure Boot Recommendations Agenda and Bootkits OS Kernel

More information

DELL. Unified Server Configurator Security Overview. A Dell Technical White Paper. By Raja Tamilarasan, Wayne Liles, Marshal Savage and Weijia Zhang

DELL. Unified Server Configurator Security Overview. A Dell Technical White Paper. By Raja Tamilarasan, Wayne Liles, Marshal Savage and Weijia Zhang DELL A Dell Technical White Paper Unified Server Configurator Security Overview By Raja Tamilarasan, Wayne Liles, Marshal Savage and Weijia Zhang THIS WHITE PAPER IS FOR INFORMATIONAL PURPOSES ONLY, AND

More information

UNCLASSIFIED Version 1.0 May 2012

UNCLASSIFIED Version 1.0 May 2012 Secure By Default: Platforms Computing platforms contain vulnerabilities that can be exploited for malicious purposes. Often exploitation does not require a high degree of expertise, as tools and advice

More information

Elements to a Secure Environment Becoming Resilient Towards Modern Cyberthreats. Windows XP Support Has Ended Why It Concerns You

Elements to a Secure Environment Becoming Resilient Towards Modern Cyberthreats. Windows XP Support Has Ended Why It Concerns You Elements to a Secure Environment Becoming Resilient Towards Modern Cyberthreats Windows XP Support Has Ended Why It Concerns You Protect Detect Respond 1 02 Windows XP support has ended Windows XP support

More information

Cautions When Using BitLocker Drive Encryption on PRIMERGY

Cautions When Using BitLocker Drive Encryption on PRIMERGY Cautions When Using BitLocker Drive Encryption on PRIMERGY July 2008 Fujitsu Limited Table of Contents Preface...3 1 Recovery mode...4 2 Changes in hardware configurations...5 3 Prior to hardware maintenance

More information

Bypassing Local Windows Authentication to Defeat Full Disk Encryption. Ian Haken

Bypassing Local Windows Authentication to Defeat Full Disk Encryption. Ian Haken Bypassing Local Windows Authentication to Defeat Full Disk Encryption Ian Haken Who Am I? Currently a security researcher at Synopsys, working on application security tools and Coverity s static analysis

More information

DriveLock and Windows 8

DriveLock and Windows 8 Why alone is not enough CenterTools Software GmbH 2013 Copyright Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise

More information

A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e. Chapter 3 Installing Windows

A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e. Chapter 3 Installing Windows : Managing, Maintaining, and Troubleshooting, 5e Chapter 3 Installing Windows Objectives How to plan a Windows installation How to install Windows Vista How to install Windows XP How to install Windows

More information

One motivation for having trusted code is that software development has migrated to a

One motivation for having trusted code is that software development has migrated to a 1 One problem that is not addressed by firewalls, secure communications, and by the operating system itself is: what safeguards can we impose when we want to run someone else s software? The general model

More information

Whitepaper Enhancing BitLocker Deployment and Management with SimplySecure. Addressing the Concerns of the IT Professional Rob Weber February 2015

Whitepaper Enhancing BitLocker Deployment and Management with SimplySecure. Addressing the Concerns of the IT Professional Rob Weber February 2015 Whitepaper Enhancing BitLocker Deployment and Management with SimplySecure Addressing the Concerns of the IT Professional Rob Weber February 2015 Page 2 Table of Contents What is BitLocker?... 3 What is

More information

A+ Guide to Managing and Maintaining Your PC. Installing and Using Windows XP Professional

A+ Guide to Managing and Maintaining Your PC. Installing and Using Windows XP Professional A+ Guide to Managing and Maintaining Your PC Fifth Edition Chapter 15 Installing and Using Windows XP Professional You Will Learn About the features and architecture of Windows XP How to install Windows

More information

Full Drive Encryption Security Problem Definition - Encryption Engine

Full Drive Encryption Security Problem Definition - Encryption Engine 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 Full Drive Encryption Security Problem Definition - Encryption Engine Introduction for the FDE Collaborative Protection Profiles

More information

Dell Client BIOS: Signed Firmware Update

Dell Client BIOS: Signed Firmware Update Dell Client BIOS: Signed Firmware Update An Implementation and Deployment Guide to NIST SP800-147 BIOS Protections for Dell Client BIOS Rick Martinez Dell Client BIOS This white paper is for informational

More information

Recipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory

Recipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory Recipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory Tom Olzak October 2007 If your business is like mine, laptops regularly disappear. Until recently, centrally managed

More information

Lab: B I O S, C M O S a n d t h e B o o t P r o c e s s

Lab: B I O S, C M O S a n d t h e B o o t P r o c e s s Lab: B I O S, C M O S a n d t h e B o o t P r o c e s s Time: 50 Minutes Revision Date: 2/2/10 Overview In this lab you will learn how to examine and configure the BIOS / CMOS / Firmware settings and components.

More information

Hardware-Assisted Workspace Virtualization RingCube vdesk on Intel Core vpro Processors

Hardware-Assisted Workspace Virtualization RingCube vdesk on Intel Core vpro Processors Hardware-Assisted Workspace Virtualization RingCube vdesk on Intel Core vpro Processors About the Authors Dr. Charlton Barreto Platform Architect Intel Corporation Charlton Barreto is a member of Intel

More information

Windows Server 2008 R2 Boot Manager Security Policy For FIPS 140-2 Validation

Windows Server 2008 R2 Boot Manager Security Policy For FIPS 140-2 Validation Boot Manager Security Policy Windows Server 2008 R2 Boot Manager Security Policy For FIPS 140-2 Validation v 1.3 6/8/11 1 INTRODUCTION... 1 1.1 Cryptographic Boundary for BOOTMGR... 1 2 SECURITY POLICY...

More information

One-Stop Intel TXT Activation Guide

One-Stop Intel TXT Activation Guide One-Stop Intel TXT Activation Guide DELL* PowerEdge 12G Server Systems Intel Trusted Execution Technology (Intel TXT) for Intel Xeon processor-based servers is commonly used to enhance platform security

More information

Application Whitelisting - Extend your Security Arsenal? Mike Baldi Cyber Security Architect Honeywell Process Solutions

Application Whitelisting - Extend your Security Arsenal? Mike Baldi Cyber Security Architect Honeywell Process Solutions Application Whitelisting - Extend your Security Arsenal? Mike Baldi Cyber Security Architect Honeywell Process Solutions 1 Agenda What is Application Whitelisting (AWL) Protection provided by Application

More information

Windows XP Support stops on 8. April 2014

Windows XP Support stops on 8. April 2014 Elements to a Secure Environment Becoming Resilient Towards Modern Cyberthreats 1 Windows XP Support stops on 8. April 2014 Elements to a Secure Environment Becoming Resilient Towards Modern Cyberthreats

More information

One-Stop Intel TXT Activation Guide

One-Stop Intel TXT Activation Guide One-Stop Intel TXT Activation Guide HP Gen8 Family Based Server Systems Intel Trusted Execution Technology (Intel TXT) for Intel Xeon processor-based servers is commonly used to enhance platform security

More information

UEFI Firmware Security Best Practices

UEFI Firmware Security Best Practices UEFI Firmware Security Best Practices Presented by: Dick Wilkins, PhD Principal Technology Liaison presented by UEFI Plugfest May 2014 Agenda Introduction Threats and Vulnerabilities Mitigation Guidelines

More information

UEFI on ThinkServer TS140 and TS440

UEFI on ThinkServer TS140 and TS440 Lenovo ThinkServer TS Series Servers Lenovo Enterprise Product Group Version 1.0 September 17, 2013 2013 Lenovo. All rights reserved. LENOVO PROVIDES THIS PUBLICATION AS IS WITHOUT WARRANTY OF ANY KIND,

More information

Using Process Monitor

Using Process Monitor Using Process Monitor Process Monitor Tutorial This information was adapted from the help file for the program. Process Monitor is an advanced monitoring tool for Windows that shows real time file system,

More information

CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules

CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules Dr. Frederic Stumpf, ESCRYPT GmbH Embedded Security, Stuttgart, Germany 1 Introduction Electronic Control Units (ECU) are embedded

More information

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 2 Systems Threats and Risks

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 2 Systems Threats and Risks Security+ Guide to Network Security Fundamentals, Third Edition Chapter 2 Systems Threats and Risks Objectives Describe the different types of software-based attacks List types of hardware attacks Define

More information

How to Secure Infrastructure Clouds with Trusted Computing Technologies

How to Secure Infrastructure Clouds with Trusted Computing Technologies How to Secure Infrastructure Clouds with Trusted Computing Technologies Nicolae Paladi Swedish Institute of Computer Science 2 Contents 1. Infrastructure-as-a-Service 2. Security challenges of IaaS 3.

More information

Chapter 12 - Installing Windows Objectives How to plan a Windows installation How to install Windows Vista How to install Windows XP How to install

Chapter 12 - Installing Windows Objectives How to plan a Windows installation How to install Windows Vista How to install Windows XP How to install Chapter 12 - Installing Windows Objectives How to plan a Windows installation How to install Windows Vista How to install Windows XP How to install Windows 2000 How to Plan a Windows Installation Situations

More information

Section 12 MUST BE COMPLETED BY: 4/22

Section 12 MUST BE COMPLETED BY: 4/22 Test Out Online Lesson 12 Schedule Section 12 MUST BE COMPLETED BY: 4/22 Section 12.1: Best Practices This section discusses the following security best practices: Implement the Principle of Least Privilege

More information

Hardware Enabled Zero Day Protection

Hardware Enabled Zero Day Protection Hardware Enabled Zero Day Protection Cyber Security Division 2012 Principal Investigators Meeting October 11, 2012 Paul A. Rivera President/CEO Def-Logix, Inc. Email: privera@def-logix.com Phone: 210-478-1369

More information

Absolute Backdoor Revisited. Vitaliy Kamlyuk, Kaspersky Lab Sergey Belov, Kaspersky Lab Anibal Sacco, Cubica Labs

Absolute Backdoor Revisited. Vitaliy Kamlyuk, Kaspersky Lab Sergey Belov, Kaspersky Lab Anibal Sacco, Cubica Labs Absolute Backdoor Revisited Vitaliy Kamlyuk, Kaspersky Lab Sergey Belov, Kaspersky Lab Anibal Sacco, Cubica Labs BlackHat, Las Vegas August, 2014 What is Computrace? Computrace is an Anti-Theft software

More information

UEFI Implications for Windows Server

UEFI Implications for Windows Server presented by UEFI Implications for Windows Server Taipei UEFI Plugfest March 18-22, 2013 Presented by Arie van der Hoeven (Microsoft Corporation) Updated 2011-06-01 Taipei UEFI Plugfest March 2013 www.uefi.org

More information

Ovation Security Center Data Sheet

Ovation Security Center Data Sheet Features Scans for vulnerabilities Discovers assets Deploys security patches easily Allows only white-listed applications in workstations to run Provides virus protection for Ovation Windows stations Aggregates,

More information

WIND RIVER SECURE ANDROID CAPABILITY

WIND RIVER SECURE ANDROID CAPABILITY WIND RIVER SECURE ANDROID CAPABILITY Cyber warfare has swiftly migrated from hacking into enterprise networks and the Internet to targeting, and being triggered from, mobile devices. With the recent explosion

More information

A M D DA S 1. 0 For the Manageability, Virtualization and Security of Embedded Solutions

A M D DA S 1. 0 For the Manageability, Virtualization and Security of Embedded Solutions A M D DA S 1. 0 For the Manageability, Virtualization and Security of Embedded Solutions AMD DAS (DASH, AMD Virtualization (AMD-V ) Technology, and Security) 1.0 is a term used to describe the various

More information

Choosing Between Whitelisting and Blacklisting Endpoint Security Software for Fixed Function Devices

Choosing Between Whitelisting and Blacklisting Endpoint Security Software for Fixed Function Devices Choosing Between Whitelisting and Blacklisting Endpoint Security Software for Fixed Function Devices McAfee* application whitelisting combined with Intel vpro technology can improve security, increase

More information

BIOS and CMOS. Overview. The Function of BIOS. The Bus

BIOS and CMOS. Overview. The Function of BIOS. The Bus Overview BIOS and CMOS In this chapter, you will learn to Explain the function of BIOS Distinguish among various CMOS setup utility options Describe BIOS and device drives Troubleshoot the Power-On Self

More information

BitLocker Drive Encryption Hardware Enhanced Data Protection. Shon Eizenhoefer, Program Manager Microsoft Corporation

BitLocker Drive Encryption Hardware Enhanced Data Protection. Shon Eizenhoefer, Program Manager Microsoft Corporation BitLocker Drive Encryption Hardware Enhanced Data Protection Shon Eizenhoefer, Program Manager Microsoft Corporation Agenda Security Background BitLocker Drive Encryption TPM Overview Building a BitLocker

More information

Enhanced Mitigation Experience Toolkit 2.0.0

Enhanced Mitigation Experience Toolkit 2.0.0 Enhanced Mitigation Experience Toolkit 2.0.0 User Guide Microsoft Corporation Table of Contents 1. Introduction... 2 1.1. Capabilities... 3 1.2. Supported mitigations... 3 1.3. Supported operating systems...

More information

Chapter 12 Network Administration and Support

Chapter 12 Network Administration and Support Chapter 12 Network Administration and Support Objectives Manage networked accounts Monitor network performance Protect your servers from data loss Guide to Networking Essentials, Fifth Edition 2 Managing

More information

Advanced Endpoint Protection Overview

Advanced Endpoint Protection Overview Advanced Endpoint Protection Overview Advanced Endpoint Protection is a solution that prevents Advanced Persistent Threats (APTs) and Zero-Day attacks and enables protection of your endpoints by blocking

More information

PSM/SAK Event Log Error Codes

PSM/SAK Event Log Error Codes PSM Error Codes PSM/SAK Event Log Error Codes If you experience a problem using Persistent Storage Manager, the following list of event log messages can be used to troubleshoot. Error codes are logged

More information

LEARNING SOLUTIONS website milner.com/learning email training@milner.com phone 800 875 5042

LEARNING SOLUTIONS website milner.com/learning email training@milner.com phone 800 875 5042 Course 6451B: Planning, Deploying and Managing Microsoft System Center Configuration Manager 2007 Length: 3 Days Published: June 29, 2012 Language(s): English Audience(s): IT Professionals Level: 300 Technology:

More information

Acronis Universal Restore

Acronis Universal Restore Acronis Universal Restore USER GUIDE Table of contents 1 What is Acronis Universal Restore...3 2 Installing Acronis Universal Restore...3 3 Creating bootable media...3 4 Using Acronis Universal Restore...3

More information

Creating a More Secure Device with Windows Embedded Compact 7. Douglas Boling Boling Consulting Inc.

Creating a More Secure Device with Windows Embedded Compact 7. Douglas Boling Boling Consulting Inc. Creating a More Secure Device with Windows Embedded Compact 7 Douglas Boling Boling Consulting Inc. About Douglas Boling Independent consultant specializing in Windows Mobile and Windows Embedded Compact

More information

How McAfee Endpoint Security Intelligently Collaborates to Protect and Perform

How McAfee Endpoint Security Intelligently Collaborates to Protect and Perform How McAfee Endpoint Security Intelligently Collaborates to Protect and Perform McAfee Endpoint Security 10 provides customers with an intelligent, collaborative framework, enabling endpoint defenses to

More information

HP Client Manager 6.2

HP Client Manager 6.2 HP Client Manager 6.2 Introduction... 2 New Features in HPCM 6.2... 4 Understanding how HPCM works... 5 Extensive reporting capability... 5 HPCM in operation... 6 Client inventory... 6 Health monitoring...

More information

Agenda. BitLocker Drive. BitLocker Drive Encryption Hardware Enhanced Data Protection. BitLocker And TPM Features

Agenda. BitLocker Drive. BitLocker Drive Encryption Hardware Enhanced Data Protection. BitLocker And TPM Features BitLocker Drive Encryption Hardware Enhanced Data Protection Shon Eizenhoefer, Program Manager Microsoft Corporation Agenda Security Background BitLocker Drive Encryption TPM Overview Building a BitLocker

More information

Windows Server Virtualization & The Windows Hypervisor

Windows Server Virtualization & The Windows Hypervisor Windows Server Virtualization & The Windows Hypervisor Brandon Baker Lead Security Engineer Windows Kernel Team Microsoft Corporation Agenda - Windows Server Virtualization (WSV) Why a hypervisor? Quick

More information

MS 50292: Administering and Maintaining Windows 7

MS 50292: Administering and Maintaining Windows 7 MS 50292: Administering and Maintaining Windows 7 Description: This five-day instructor-led course provides students with the knowledge and skills to successfully administer, maintain, and troubleshoot

More information

Advanced Malware Cleaning Techniques for the IT Professional

Advanced Malware Cleaning Techniques for the IT Professional Advanced Malware Cleaning Techniques for the IT Professional Mark Russinovich Microsoft Technical Fellow This section of the Microsoft Security Intelligence Report provides information and guidance for

More information

RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst

RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst ESG Lab Review RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst Abstract: This ESG Lab review documents

More information

What Do You Mean My Cloud Data Isn t Secure?

What Do You Mean My Cloud Data Isn t Secure? Kaseya White Paper What Do You Mean My Cloud Data Isn t Secure? Understanding Your Level of Data Protection www.kaseya.com As today s businesses transition more critical applications to the cloud, there

More information

The road to hardware free from restrictions: how hardware vendors can help the free software community

The road to hardware free from restrictions: how hardware vendors can help the free software community The road to hardware free from restrictions: how hardware vendors can help the free software community Justin Baugh Senior systems administator Free Software Foundation Ward Vandewege Senior systems administrator

More information

NETWORK SEGMENTATION FOR INDUSTRIAL CONTROL SYSTEM SECURITY

NETWORK SEGMENTATION FOR INDUSTRIAL CONTROL SYSTEM SECURITY September 2013 Trusted Computing Conference: Demonstration Guide Demonstration Topics Include: Network Segmentation for Industrial Control System Security A Resilient Infrastructure for Point of Sale Systems

More information

PROTECTION FOR SERVERS, WORKSTATIONS AND TERMINALS ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

PROTECTION FOR SERVERS, WORKSTATIONS AND TERMINALS ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY PROTECTION FOR SERVERS, WORKSTATIONS AND TERMINALS ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY FACT: WORKSTATIONS AND SERVERS ARE STILL AT RISK CONVENTIONAL TOOLS NO LONGER MEASURE

More information

Matthieu Suiche Founder, MoonSols

Matthieu Suiche Founder, MoonSols Matthieu Suiche Founder, MoonSols msuiche@moonsols.com Founder of MoonSols (based in France) Twitter Addict Turned 21 (Beers please!) Reverse Engineering works related to Physical Memory Windows Hibernation

More information

Dual-boot Windows 10 alongside Windows 8

Dual-boot Windows 10 alongside Windows 8 Most of the people are very much interested to install the newly launched Operating System Windows 10 on their devices. But, it is not recommended to directly use Windows 10 as the primary OS because it

More information