Title: Windows Vista Security
1Windows Vista Security
Tal Sarid , Digital Defense Architect talsa_at_MSecur
ity.net v-talsa_at_Microsoft.com
2(No Transcript)
3Todays Agenda
930 1030Â Â Tal Sarid, Defense
Architect Introduction and Overview of Windows
Vista Security  1030 1045 Break  1100
1200 Yariv Bashan, Enterprise Security
Architect Drill Down into EFS, Smartcards and Bit
locker and 2003 as the Server  1200 1215
Break  1215 1315 Idan Plotilk, CTO Drill
Down into Kernel level Enhancements, FW, NAP LH
as the Server 1315 Lunch
4Whats New?
Identity and Access Control
Information Protection
- User Account Control
- Plug and Play Smartcards
- Granular Auditing
- BitLocker Drive Encryption
- EFS Smartcards
- RMS Client
5Vista OS Threats
- Trojan that replaces a system file to installa
rootkit and take control of the computer(e.g.
Fun Love or others that use root kits) - Offline attack caused by booting an alternate
operating system and attempting to corrupt or
modify Windows operating system image files - Third-party kernel drivers that are not secure
- Any action by an administrator thatthreatens the
integrity of the operatingsystem binary files
6Working with Partners
7Elevation Model
Administrator Privileges
Ways to Request ElevationApplication
markingSetup detectionCompatibility fix
(shim)Compatibility assistantRun as
administrator
Administrator Account
Standard User Account
Standard User Privileges (Default)
8Barriers to Deploying as Standard User
Can user perform required tasks to be productive
without help desk support? (Connect to network,
add printer, etc.)
Will existing 3rd party and LOB applications run
for standard users?
Does enterprise have required tools, processes,
and policies to support and maintain desktops
where users do not have administrator privileges?
9Data Redirection for Legacy Apps
- Legacy apps write to admin locations
- HLKM\Software
- SystemDrive\Program Files etc.
- Redirection removes need for elevation
- Writes to HKLM go to HKCU redirected store
- Writes to system directories redirected to
per-user store - Copy-on-write
- This is a crutch for legacy applications.
10Clark Wilson
- Classical computer security concept known since
the 1970s - Lots of recent work in various operating systems
11Mandatory Integrity Control
- Method to prevent low-integrity code from
modifying high-integrity code - Integrity level policies associated with generic
access rights - No-Write-Up lower IL process cannot modify
higher IL object - No-Read-Up prevents lower IL process from having
generic read - No-Execute-Up prevents lower IL process generic
execute access
12Integrity Levels
Shell runs here
13End Point Security
- Windows Advanced Firewall w/ AuthIP
- Network Access Protection
- Device Control
- Information Protection and Expire Policy
- Enhanced Management
- Auditing
- Next gen Crypto ?
14Auditing XP vs. Vista
An operation was performed on an object. Subject
                                              Â
               Security ID 1               Â
Account Name 2Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â
Account Domain 3 Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Logon
ID 4         Object                Object
Server 5 Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Object
Type 6 Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Object
Name 7 Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Handle
ID 9 Operation                Operation
Type 8 Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Accesses 10 Â Â Â Â Â Â Â Â
       Access Mask 11               Â
Properties 12 Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Additional
Info 13 Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Additional Info2 14
Object Access Attempt Object Server 1 Handle
ID 2 Object Type 3 Process
ID 4 Image File Name 5 Access Mask 6
15CNG with Suite B
- IPsec (support for AES and ECDH)
- ECC cipher suites in SSL
- EFS with smart cards with ECC
- Certificates with ECC
- S/MIME with ECDSA
16Algorithms In Vista
17Smart Cards
- Base Smartcard CSP
- UAC Integration
- WinLogonUI Integration Enhancements
- Backend Raven Integration
- Group Policy Enhancements
- EFS Private Keys on Smartcards
18Offline Threats
- Computer is lost or stolen
- Theft or compromise of data
- Attack against corporate network
- Damage to OS if attacker installsalternate OS
19TPM Hardware Root of Trust
- Smartcard-like module on motherboard
- Helps protect secrets
- Performs cryptographic functions
- RSA, SHA-1, RNG
- Performs digital signature operations
- Holds Platform Measurements (hashes)
- Protects itself against attacks
- Support for TMP 1.2 Specs and UP Only
20Disk Layout Key Storage
- Wheres the Encryption Key?
- SRK (Storage Root Key) contained in TPM
- SRK encrypts VEK (Volume Encryption Key)
protected by TPM/PIN/Dongle - VEK stored (encrypted by SRK) on hard drive in
Boot Partition
- Windows Partition Contains
- Encrypted OS
- Encrypted Page File
- Encrypted Temp Files
- Encrypted Data
- Encrypted Hibernation File
1
2
SRK
Windows
3
Boot
Boot Partition Contains MBR, Loader, Boot
Utilities (Unencrypted, small)
21SoWhat Did We See?
Information Protection
Identity and Access Control
- BitLocker Drive Encryption with TPMs
- Next Generation Crypto (CNG)
- EFS
- User Account Control ?
- Smartcards and New CSP Model
- Certificate Services
22For More Info ITPRO
23For More Info Developers
24Thank youToda!?