SIM307. Securing Your Windows Platform. Mark Simos , William Dixon Microsoft Consulting Services. Solomon Lukie Trustworthy Computing. Securing your Windows Platform Objectives. Demonstrate how to create a secure and usable administrative desktop using SCM, EMET, Applocker, and ASA
Goal: Make Defenses cheaper/easier to achieve
Threat: Attacker tools always getting cheaper, more sophisticated
Goal: Better defenses require attacks to be sophisticated (expensive and difficult) to be effective
Ooops, did not realize a value of 0 disabled password history enforcement ! Hmmmm….
NOTE: unapplying registry policy does not reset registry
Mitigate applications against exploit techniques
Whitelist Launch of Windows Applications
Identify the changes in system state, runtime parameters, and securable objects on the Windows operating system.
The industry-leading software security assurance processCombining a holistic and practical approach, the SDL introduces security and privacy throughout all phases of the development process.
Download the Simplified Implementation of the Microsoft SDL to learn more about the Security Development Lifecycle process and practices.
Code within a computer system that can be run by unauthenticated users.
Attack surface reduction reduces security risk by giving attackers less opportunity to exploit a potential weakness or vulnerability: DID
It’s FREE and a unique industry leading tool
An object is securable if it can have unique security permissions associated with it.
The security permissions of a securable object can be unique or can be inherited from a parent.
All non-securable objects inherit the security permissions of their parent.
Each securable object has its security permissions set by its ACL and other security metadata.
(analysis requires .Net 3.5)
Command line capability to;
SIM302 Lessons from Hackwarts Vol 1: Defense against the Dark Arts 2011
Safety and Security Center
Security Development Lifecycle
Security Intelligence Report
End to End Trust
© 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Reference slides on Enterprise Deployment
Planning & Process
Create a process for managing rules
End user calls into Helpdesk
Helpdesk responds to issue
Helpdesk escalates application to ITPro / Tier 3
ITPro/ Tier 3determines if a global rule is needed
ITProescalates to Group Policy Admin
New rule is deployed globally via Group Policy
Rule remains local for that user only