Windows Vista Security

1
Windows Vista Security
Tal Sarid , Digital Defense Architect talsa_at_MSecur
ity.net v-talsa_at_Microsoft.com
2
(No Transcript)
3
Todays Agenda
930 1030   Tal Sarid, Defense
Architect Introduction and Overview of Windows
Vista Security   1030 1045 Break   1100
1200 Yariv Bashan, Enterprise Security
Architect Drill Down into EFS, Smartcards and Bit
locker and 2003 as the Server   1200 1215
Break   1215 1315 Idan Plotilk, CTO Drill
Down into Kernel level Enhancements, FW, NAP LH
as the Server 1315 Lunch
4
Whats New?
Identity and Access Control
Information Protection

• User Account Control
• Plug and Play Smartcards
• Granular Auditing

• BitLocker Drive Encryption
• EFS Smartcards
• RMS Client

5
Vista OS Threats

• Trojan that replaces a system file to installa
  rootkit and take control of the computer(e.g.
  Fun Love or others that use root kits)
• Offline attack caused by booting an alternate
  operating system and attempting to corrupt or
  modify Windows operating system image files
• Third-party kernel drivers that are not secure
• Any action by an administrator thatthreatens the
  integrity of the operatingsystem binary files

6
Working with Partners
7
Elevation Model
Administrator Privileges
Ways to Request ElevationApplication
markingSetup detectionCompatibility fix
(shim)Compatibility assistantRun as
administrator
Administrator Account
Standard User Account
Standard User Privileges (Default)
8
Barriers to Deploying as Standard User
Can user perform required tasks to be productive
without help desk support? (Connect to network,
add printer, etc.)
Will existing 3rd party and LOB applications run
for standard users?
Does enterprise have required tools, processes,
and policies to support and maintain desktops
where users do not have administrator privileges?
9
Data Redirection for Legacy Apps

• Legacy apps write to admin locations
• HLKM\Software
• SystemDrive\Program Files etc.
• Redirection removes need for elevation
• Writes to HKLM go to HKCU redirected store
• Writes to system directories redirected to
  per-user store
• Copy-on-write
• This is a crutch for legacy applications.

10
Clark Wilson

• Classical computer security concept known since
  the 1970s
• Lots of recent work in various operating systems

11
Mandatory Integrity Control

• Method to prevent low-integrity code from
  modifying high-integrity code
• Integrity level policies associated with generic
  access rights
• No-Write-Up lower IL process cannot modify
  higher IL object
• No-Read-Up prevents lower IL process from having
  generic read
• No-Execute-Up prevents lower IL process generic
  execute access

12
Integrity Levels
Shell runs here
13
End Point Security

• Windows Advanced Firewall w/ AuthIP
• Network Access Protection
• Device Control
• Information Protection and Expire Policy
• Enhanced Management
• Auditing
• Next gen Crypto ?

14
Auditing XP vs. Vista
An operation was performed on an object. Subject
                                                
                Security ID 1                
Account Name 2                         
Account Domain 3                 Logon
ID 4          Object                 Object
Server 5                 Object
Type 6                 Object
Name 7                 Handle
ID 9 Operation                 Operation
Type 8                 Accesses 10         
        Access Mask 11                
Properties 12                 Additional
Info 13                 Additional Info2 14
Object Access Attempt Object Server 1 Handle
ID 2 Object Type 3 Process
ID 4 Image File Name 5 Access Mask 6
15
CNG with Suite B

• IPsec (support for AES and ECDH)
• ECC cipher suites in SSL
• EFS with smart cards with ECC
• Certificates with ECC
• S/MIME with ECDSA

16
Algorithms In Vista
17
Smart Cards

• Base Smartcard CSP
• UAC Integration
• WinLogonUI Integration Enhancements
• Backend Raven Integration
• Group Policy Enhancements
• EFS Private Keys on Smartcards

18
Offline Threats

• Computer is lost or stolen
• Theft or compromise of data
• Attack against corporate network
• Damage to OS if attacker installsalternate OS

19
TPM Hardware Root of Trust

• Smartcard-like module on motherboard
• Helps protect secrets
• Performs cryptographic functions
• RSA, SHA-1, RNG
• Performs digital signature operations
• Holds Platform Measurements (hashes)
• Protects itself against attacks
• Support for TMP 1.2 Specs and UP Only

20
Disk Layout Key Storage

• Wheres the Encryption Key?
• SRK (Storage Root Key) contained in TPM
• SRK encrypts VEK (Volume Encryption Key)
  protected by TPM/PIN/Dongle
• VEK stored (encrypted by SRK) on hard drive in
  Boot Partition

• Windows Partition Contains
• Encrypted OS
• Encrypted Page File
• Encrypted Temp Files
• Encrypted Data
• Encrypted Hibernation File

1
2
SRK
Windows
3
Boot
Boot Partition Contains MBR, Loader, Boot
Utilities (Unencrypted, small)
21
SoWhat Did We See?
Information Protection
Identity and Access Control

• BitLocker Drive Encryption with TPMs
• Next Generation Crypto (CNG)
• EFS

• User Account Control ?
• Smartcards and New CSP Model
• Certificate Services

22
For More Info ITPRO
23
For More Info Developers
24
Thank youToda!?