Windows 8 
Recuperação e Segurança 
Rodrigo Immaginario, CISSP 
MVP: Enterprise Security 
MCSE: Security 
http://rodrigoi....
Conhecidas e Novas Ferramentas ... 
Proteção de 
Incidentes e 
Ataques 
Acesso Seguro 
Ferramentas conhecidas - Windows 7 ...
O que há de novo ? 
Refresh e Reset 
Enhanced BitLocker protectors 
Novas opções de boot seguro
Ferramentas de Recovery 
Windows 7 
• System Restore 
• Safe Mode 
Novidades … 
New Refresh and Reset
Refresh and Reset 
Refreshmantém a personalização 
Reset formata e reinstala
Refresh vs. Reset 
Refresh: Reset: 
• Não mantém personalização 
e os dados 
• Não mantém os apps 
Windows 8 
• Formata o ...
Demo: Refreshing the PC
Diagnóstico e Recuperação Avançada 
DaRT – nível avançadoem 
recuperação 
DaRT atualizado p/ Windows 8 
DaRT parte do MDOP
Recovery Image Wizard 
PowerShell Script 
x86 e x64 na mesma estação 
Imagens WIM e ISO 
Criação de : 
• CD ou DVD 
• USB ...
Opções mais flexíveis 
Discos 
USB drives 
InstalaçãoLocal 
• MDT 2012 Update 1 
• System Center 2012 Configuration 
Manag...
Demo: DaRT
Enterprise Security 
• Base no Windows 7 
• Melhorias BitLocker 
• SuporteUEFI para Trusted Boot 
• Windows Defender e Fir...
Melhorias no BitLocker
Suporte ao TPM 2.0
Melhoria de Desempenho no BitLocker 
Criptografia do espaço utilizado 
Criptografia durante a instalação 
Suporte a eDrive...
Novas opções de Recovery no BitLocker 
Several recovery options SkyDrive escrow is new to Windows 8
Group Policy e BitLocker 
Novo conjunto de Políticas
Opções de Protetores BitLocker 
• Password para non-TPM 
• Active Directory 
• Network
Windows RT 
Disponível para DispositivosWindows RT 
Otimizado (dado é criptografado na 
escrita)
MBAM: Conformidade e Segurança 
Complex 
PINs and 
FIPs 
MBAM is 
enterprise-level 
tool for 
BitLocker 
Role-based 
acces...
MBAM: Integração 
Integração com 
Configuration 
Manager 
Relatórios 
personalizados 
com SSRS 
Automatização 
de criptogr...
MBAM: Reducing Costs 
Users help themselves Self Service Recovery Console
Suporte UEFI 
Windows 8 suporta UEFI 
Trusted operating system loading
Legado vs. Moderno 
Legado - Boot 
Moderno - Boot 
BIOS 
OS Loader 
(Malware) 
Legado pode usar loaders não confiáveis 
Mo...
Como confiar no UEFI 
Atualização via Windows Update UEFI - self-check
O que significa: Trusting Boot 
UEFI Boot 
Windows 
OS Loader 
Windows Kernel 
and Drivers AM Software 
AM software is 
st...
Proteção por Padrão 
Malware-resistant by design 
Ferramentas conhecidas melhoradas no 
Windows 8
Proteção do Cliente
Windows 8 App - Proteção 
Processo rígido (seguro) para 
publicação naWindows Store 
Baixo privilégio e qualquer acesso 
d...
Resumo 
DaRT atualizado no Windows 8 
Evolução de ferramentas já conhecidas 
Diversas melhorias no BitLocker 
Trusted boot...
Obrigado!
Windows 8 - Recuperação e Segurança
Windows 8 - Recuperação e Segurança
Windows 8 - Recuperação e Segurança
Windows 8 - Recuperação e Segurança
Próximos SlideShares
Carregando em…5
×

Windows 8 - Recuperação e Segurança

742 visualizações

Publicada em

Rodrigo Immaginario
CISSP
MVP Security
http://rodrigoi.org.br

Publicada em: Educação
0 comentários
1 gostou
Estatísticas
Notas
  • Seja o primeiro a comentar

Sem downloads
Visualizações
Visualizações totais
742
No SlideShare
0
A partir de incorporações
0
Número de incorporações
24
Ações
Compartilhamentos
0
Downloads
7
Comentários
0
Gostaram
1
Incorporações 0
Nenhuma incorporação

Nenhuma nota no slide
  • New Features, Familiar Tools
     
    Key Messages:
    Windows 8 enhances security and recovery
    Three focus areas: protecting devices, protecting data, secure access
    Many tools are familiar to IT pros
     
    Windows 8 represents a step forward in security. Microsoft’s goals with Windows 8 focus on protecting devices against threats, protecting sensitive data, and securing access to resources.
     
    When it comes to Windows 8 recovery and security, you'll already be familiar with most of the tools and terminology from your experience with Windows 7. There are a few new capabilities surrounding recovery and security, though. For example, Windows 8 uses BitLocker Drive Encryption, which has been improved, and the Diagnostic and Recovery Toolset (DaRT), which carries forward from Windows 7. Many of the advanced recovery tools like Safe Mode are still available, as well. And you can use System Restore, too.
     
    This session looks at those new capabilities and shows how Windows 8 accomplishes its security goals. As you'll see in the coming slides, Windows 8 provides a comprehensive approach to security.
  • New Capabilities
     
    Key Messages:
    Refresh and Reset make recovery easier
    BitLocker has been enhanced
    Client protections have been enhanced
    New secure boot options support UEFI
     
    Windows 8 includes new features to refresh and reset computers so that recovery is easier and faster. A refresh keeps many user personalizations intact while reinstalling the underlying operating system. This helps lessen the time spent re-creating personalizations that a user has introduced over time to help in their work. A reset completely begins again, providing a fresh copy of the operating system while losing individualized personalizations.
     
    BitLocker has been enhanced for Windows 8. With BitLocker in Windows 8, you can encrypt only the part of the disk that is used; alternatively, you can use full disk encryption. BitLocker in Windows 8 allows for network unlock, and PIN and password changes by a regular user. The provisioning process has also been improved with BitLocker for Windows 8. Windows 8 includes vulnerability mitigating techniques and new device protections such as SmartScreen Application Reputation and sandboxing for Windows 8 apps.
     
    Windows 8 includes two boot options that take advantage of Unified Extensible Firmware Interface (UEFI) Secure Boot and Measured Boot. Secure Boot uses digital signatures to ensure that only trusted firmware is allowed to boot the computer. Measured Boot works in conjunction with anti-malware software and provides a log of the drivers and other items that have loaded prior to the anti-malware software taking over.
     
    Finally, Windows 8 secures access to resources through virtual smart cards and Dynamic Access Control. These features will be addressed throughout this session.
  • Tools for Recovery
     
    Key Messages:
    Windows 7 tools still work
    Boot options are used for providing recovery
    Refresh and Reset provide a clean installation
     
    You're probably familiar with the tools and techniques for recovering a Windows 7 computer. Many of these tools and techniques still work with Windows 8, but Windows 8 includes new options for recovery, too.
     
    The System Restore tool is available with Windows 8. As in Windows 7, this tool restores the computer to a previous state based on a recovery point that was created at an earlier time. Advanced recovery options are also available, and you can boot into Safe Mode, too.
     
    Getting into Safe Mode or the Boot Options screen is a little different in Windows 8. Windows 8 starts the Boot Options screen after two unsuccessful attempts to boot, as might be the case with a power failure or a driver issue. You can also get into the Boot Options screen by manually choosing to do so from within PC Settings in Windows 8.
     
    Two new recovery features with Windows 8 are Refresh and Reset. These features take advantage of the Windows Recovery Environment (Windows RE).
  • Refresh and Reset
     
    Key Messages:
    Refresh keeps personalizations
    Reset formats and reinstalls
     
    Refresh works to retain items such as personalizations, Windows 8 apps, and many other customizations even while installing a fresh copy of the operating system. It does so by first examining the computer for data and settings, along with Windows 8 apps, and then placing them in a safe location on the computer.
     
    A new version of Windows 8 is installed, and then the data, settings, and apps are restored onto that new version. The great thing about this option is that you don't need to re-create all of the customizations and initial setup steps that you would with a fresh install.
     
    That said, there are times when the computer simply needs to be set back to its original state, and this is what the Reset option is for. When a computer goes through the Reset process, no data or customizations are kept. The Reset process erases the hard drive partitions, thus also erasing both Windows and any data that's there. Once that's done, a fresh copy of Windows is installed.
  • Refresh and Reset: Compared
     
    Key Message:
    Comparing the Refresh and Reset options
     
    A quick comparison of the Refresh and Reset options clearly shows the difference between the two options. Refresh keeps personalizations such as the desktop background; Reset does not. Refresh keeps Windows 8 apps; Reset does not. Refresh installs a clean copy of Windows onto the drive without formatting it; Reset formats the drive before installing Windows.
  • Advanced Diagnostics and Recovery
     
    Key Messages:
    DaRT provides the next level in recovery
    DaRT has been updated for Windows 8
    DaRT is part of MDOP
     
    DaRT is an advanced environment to facilitate the troubleshooting, repair, and recovery of computers. DaRT helps IT evolve from reactive to proactive in the support of desktop systems. DaRT includes several tools that help determine the root cause of issues and then help to correct those issues. DaRT contains tools such as Crash Analyzer and System Restore and other tools familiar to IT pros.
     
    Some of the things you can do with DaRT include resetting passwords, analyzing crashes, scanning for malware, removing hotfixes, repairing system files, disabling device drivers, and wiping disks.
     
    DaRT has been updated for Windows 8 and Windows Server 2012. DaRT 8 includes support for UEFI boot modes, and GUID partition tables are also supported so that disk-related tools such as Disk Wipe will work with those types of partitions.
     
    DaRT is part of the Microsoft Desktop Optimization Pack (MDOP). For that reason, an organization needs to have Software Assurance in order to use DaRT. DaRT requires that you have the Windows Assessment and Deployment Kit (ADK) before you can install the recovery-related items in DaRT. The Crash Analyzer in DaRT requires the Windows 8 Debugging Tools from the Windows Driver Kit. If you're going to be creating a Windows 8 x64 ISO image, you'll need the Windows RE image from the original Windows 8 media.
  • A Reimagined Recovery Image Wizard
     
    Key Messages:
    The Recovery Image Wizard has been reimagined
    The wizard can generate a PowerShell script
    The wizard includes advanced tools and settings for image creation
     
    The DaRT 8 Recovery Image Wizard has been reimagined for Windows 8. Images are now built by using PowerShell cmdlets. When an administrator uses Recovery Image Wizard, the end result is a script. This script can then be customized and used from that point forward.
     
    DaRT can also now produce 32-bit and 64-bit images without requiring the use of specific 32-bit or 64-bit computers to produce the images; they can come from the same administrative workstation. All you need is access to the source media.
     
    The DaRT Recovery Image Wizard walks you through each step of the process and gives you the opportunity to customize which tools will be added to the recovery image. You can add advanced options such as drivers, and you can configure Windows Defender to download the latest updates.
     
    When you create the image, you can choose whether to create a standard Windows Image, an ISO image, or a PowerShell script (or all three). DaRT 8 includes the ability to create both Windows Imaging Format (WIM)- and ISO-formatted images. The ISO-formatted images can be placed directly onto USB media, which is a change from previous versions of DaRT, with which you needed to use more than one tool to use USB media.
  • More Flexible Deployment Options
     
    Key Messages:
    DaRT has many deployment options
    DaRT can create USB media
     
    DaRT can create images that are bootable with many types of media, but it's rare to find a floppy disk on a computer these days and it's also becoming rare to see even CD or DVD drives on an information worker's computer. That said, DaRT can create bootable CD or DVD media, as well as native USB media.

    Not only can DaRT images be deployed on separate media, such as a USB flash drive, but DaRT images can also be placed directly on the local disk so that the DaRT tools can be accessed through the Boot Options screen whenever they're needed. In fact, DaRT 8 includes transparent UEFI support, so UEFI isn't a concern when using DaRT 8.
     
    Local deployment is accomplished using tools such as MDT 2012 Update 1 or System Center 2012 Configuration Manager with Service Pack 1. You can also use Windows Deployment Services to deploy DaRT as a network service.
     
    You'll see much more about the deployment options for DaRT images shortly.
  • Groundbreaking Enterprise Security
     
    Key Messages:
    Windows 8 builds on the tools from Windows 7
    BitLocker has been improved
    Trusted boot works with UEFI
    Numerous other enhancements and improvements
     
    Now that you’ve seen some of the powerful and flexible features for recovery available in Windows 8, it's time to look at how Windows 8 has enhanced security. Windows 8 builds on the security features in Windows 7. Tools such as BitLocker have been improved for Windows 8, and Windows Defender and Windows Firewall continue to provide security for Windows 8 computers.
     
    Windows 8 provides a comprehensive protection framework built around protecting devices against threats, protecting sensitive data, and securing access to resources.
     
    When it comes to protecting devices against threats, Windows 8 supports the UEFI specification. The Windows 8 boot process, known as Trusted Boot, works with UEFI's Secure Boot to provide a more secure boot process Windows 8 also greatly enhances BitLocker to add new features such as used disk space encryption, network boot, and support for Trusted Platform Module (TPM) 2.0. Windows 8 is malware-resistant by design. Windows Defender provides an in-the-box anti-malware solution.
     
    Windows 8 includes a feature called Smart Screen Application Reputation. Smart Screen Application Reputation uses a reputation-based system to examine websites and files downloaded from the Internet. If the file or site appears to be untrusted or has a bad reputation, the user is alerted to that fact before continuing.
  • Windows 8 Enhancements
     
    Key Messages:
    BitLocker provides encryption of data at rest
    BitLocker has been vastly improved for Windows 8
     
    BitLocker provides disk encryption that helps enterprise customers achieve their goal of securing data at rest. This means preventing unauthorized access to data when a device is lost or stolen.
     
    BitLocker has been improved from Windows 8 to add support for new technology while adding value for enterprise customers.
     
    The next several slides look at the new features in BitLocker.
  • TPM 2.0 Support
     
    Key Messages:
    BitLocker supports TPM 2.0
    Crypto Agility is now available
     
    BitLocker includes support for TPM 2.0, in addition to the previous support for TPM 1.2. With TPM 2.0 comes Crypto Agility, which essentially means that the encryption algorithm used by TPM can be replaced later. This might be the case if a future encryption algorithm comes out that provides more security. It also enables the choice of encryption algorithm, which means that TPM 2.0 can be used in places where its use might have been prevented before.
     
    This support includes both discrete and firmware-based TPM. When a supported secured execution environment is used, Windows Setup will provision a firmware-based TPM.
  • Improved Performance

    Key Messages:
    Performance is improved with used disk space encryption
    SAN support is available with BitLocker
    Support for eDrives
     
    Encrypting an entire drive partition can take quite a long time. When you’re provisioning computers, this process can really add time to the entire deployment. BitLocker in Windows 8 can encrypt only used disk space. This capability is beneficial during installation when the encryption process can take place at the same time as the installation of Windows but only to the parts of the drive being used for the install.
     
    Used disk encryption helps with SAN disks, as well. SAN volumes tend to be big, and used disk encryption cuts down on the time needed to make the SAN volume available. BitLocker supports iSCSI and Fibre Channel storage when the host bus adapter (HBA) or external RAID hardware have met Windows certification requirements.
     
    Another area where BitLocker has improved performance is support for encrypted drives. Microsoft has worked with hardware vendors to add support for self-encrypting eDrive technology to Windows 8. This means that encryption processing can be offloaded to hardware, which both reduces power use and increases battery life. BitLocker still manages the keys, but the initial encryption of volumes is eliminated because the encryption is provided at the hardware level.
     
    BitLocker also supports Cluster Shared Volumes (CSV) and traditional failover disks on Windows Server clusters.
  • New Recovery Options
     
    Key Messages:
    Several recovery options
    SkyDrive is new to Windows 8
     
    BitLocker has several options for recovery, most of which are unchanged from Windows 7. This recovery provides for key backup in several locations. For example, you can store the backup key in Active Directory, store it on a USB drive, print the key, or use the Data Recovery Agent.
     
    New to Windows 8 is the ability to escrow the recovery key on SkyDrive. This feature can be used for computers that aren't joined to the domain. The recovery password for operating system, data, and removable volumes can be escrowed to SkyDrive.
  • Group Policy and BitLocker
     
    Key Messages:
    BitLocker works with Group Policy
    Numerous aspects of BitLocker are available through Group Policy
     
    BitLocker takes advantage of Group Policy. You can set several aspects related to BitLocker and its performance within your enterprise.
     
    There are Group Policy settings for frequently encountered enterprise scenarios. These include settings around the Unlock method and how to recover protected drives. Among the new settings is a Group Policy configuration determining whether used disk space encryption will be used.
     
    You can use Group Policy to deny write access to volumes that aren't protected by BitLocker. The encryption strength and cipher can be set with Group Policy. As already noted, the ability to set the encryption cipher is an important aspect of BitLocker.
     
    Group Policy can also be used to configure policies surrounding custom deployments, such as allowing access to BitLocker-protected volumes from earlier versions of Windows.
  • BitLocker Protectors
     
    Key Messages:
    Numerous protectors are available for BitLocker, depending on the scenario
    Password protector, Active Directory protector, and network protector are all available options
     
    There are several methods for protecting data with BitLocker. One is the password protector, which is helpful when the computer doesn't have TPM. The password protector can be used to protect operating system, data, and removable volumes alike. The password protector is used for Windows To Go devices.
     
    Active Directory protector is another method, eligible for data and removable volumes. This protector can be used at the account or group level. The advantage is that the volume is decrypted automatically when a specific user or machine account accesses the volume.
     
    The network protector, eligible for operating system volumes, enables automatic unlocking when a device is connected to the corporate network. This protector is especially helpful for users and IT staff alike.
     
    The network protector simplifies the patching process. Instead of needing to manually unlock each computer , using the network protector means that the computer will be unlocked without manual intervention.
     
    The network protector requires UEFI 2.3.1 with support for DHCPv4 and DHCPv6 within the UEFI firmware.
  • Windows RT Encryption
     
    Key Messages:
    BitLocker is available for Windows RT Devices
    Optimized for slate form factor
     
    Windows RT Devices are encrypted out of the box. BitLocker has been optimized for slate form factors by enabling a TPM-only protector. On Windows RT Devices, data is encrypted on write.
     
    The recovery key is automatically escrowed on SkyDrive for Windows RT Devices.
     
    Finally, Trusted Boot is used with Windows RT to ensure pre-boot integrity.
  • Compliance and Security
     
    Key Messages:
    MBAM is an enterprise-level BitLocker tool
    Provides encryption compliance reporting
    Role-based access control splits tasks among areas 

    Microsoft BitLocker Administration and Monitoring (MBAM) is an enterprise-level tool for administering BitLocker deployments. MBAM, part of MDOP, helps reduce costs by simplifying the provisioning process for BitLocker.
     
    MBAM helps with compliance and security. Using MBAM, you can generate compliance reports for encryption and IT can audit access to encryption keys.
     
    MBAM uses role-based access control. There are several predefined roles within MBAM with different privileges. The use of role-based management within MBAM means that individuals don't need to have administrator privileges to run reports and support staff can be assigned the least privilege in order to accomplish their tasks.
     
    MBAM supports complex PINs and supports the management of BitLocker in Federal Information Processing Standards (FIPS) mode. Additionally, BitLocker helps to prevent unauthorized access to data with single-use recovery keys.
  • Integration
     
    Key Messages:
    Integration with Configuration Manager
    Automated encryption provisioning
    Customized reporting with SSRS
     
    MBAM can now be integrated with Configuration Manager. Doing so moves the compliance pieces of MBAM to Configuration Manager. This means that IT staff can use a single environment for compliance reporting through Configuration Manager and don't need to jump between applications to get an enterprise-level picture of compliance.
     
    MBAM enables the automation of encryption provisioning at the enterprise level. Organizations can also target specific encryption policies for specific devices, users, or groups.
     
    MBAM includes several reports that can then be further customized by using SQL Server Reporting Services (SSRS).
  • Reducing Costs
     
    Key Messages:
    Key for enterprises: Users help themselves
    Self-service portal for key recovery
     
     Self-service is key to an enterprise. When users can help themselves, it means they don't need to call IT, which means more time for IT to add value to the organization. MBAM includes a self-service portal that you can customize.
     
    The Self Service Recovery Console enables users to manage their PIN and initiate volume encryption. Users can also recover encrypted devices through the console.
     
    IT can provide support through the Extensible Recovery Console by accessing recovery data.
  • UEFI Support
     
    Key Messages:
    Windows 8 supports UEFI
    Trusted boot is important for end-to-end security
     
    Windows 8 supports the UEFI specification. UEFI replaces some aspects of the traditional computer BIOS but is built on top of the traditional BIOS. Both UEFI and BIOS handle the pre-boot environment of a computer and then pass control over the boot process to the operating system. UEFI offers several key advantages over the traditional boot process, however, and these will be discussed in the next slides.
     
    UEFI is an architecture-independent way to ensure that only trusted operating systems are used after the pre-boot process is complete. UEFI is also more advanced than traditional BIOS. For example, devices such as mice are initialized within the UEFI environment.
     
    UEFI works with BitLocker to provide encrypted drive and network unlock support, along with secure boot capabilities, which we'll describe shortly.
     
    UEFI is a requirement for Windows certification.
  • Legacy vs. Modern Boot
     
    Key Messages:
    Legacy boot can hand off control to untrusted boot loaders
    Trusted boot hands off control to only trusted loaders
     
    Let's talk about the boot process. In the legacy boot process, the BIOS performs hardware checks and then hands execution off to the operating system loader. As we've seen, this operating system loader can be anything, even malware. This enables malware to start before the operating system starts, thus compromising everything thereafter.
     
    With modern boot through UEFI, the firmware enforces policy, and as part of the process will start an operating system only if the OS loader has been signed by a trusted authority. The operating system loader then enforces signature verification and triggers remediation, if necessary.
     
    Once the operating system loader boots, it can activate the Early Launch Anti-Malware (ELAM) driver. The ELAM driver is specially signed by Microsoft and is loaded prior to third-party drivers as part of the boot process.
     
    The end result of the modern boot cycle is that malware is unable to make changes to the boot process or operating system components. UEFI hands the boot process to the trusted OS loader, which activates the ELAM driver, which then monitors the remainder of the boot process.
  • Trusting UEFI
     
    Key Messages:
    Updates to UEFI are secure
    UEFI can perform self-integrity checking
     
    But how do we trust UEFI, and more important, how do we update UEFI securely? The components of UEFI—such as its firmware, drivers, applications, and OS loaders—need to be signed by a trusted authority. UEFI maintains a database of trusted keys and image hashes, along with a revocation database of untrusted keys and image hashes.
     
    UEFI can be updated with Windows Update. Windows Update can provide updates for UEFI firmware, drivers, applications, and OS loaders. Just as important, the revocation database for keys and image hashes can also be updated.
     
    Further, UEFI can check its own firmware by using an integrity check and can self-remediate if there are unknown changes. UEFI is also able to recover the Windows boot manager if its integrity check fails.
  • What It Means: Trusting Boot
     
    Key Message:
    A high-level illustration of the boot process shows how all the pieces fit together
     
    Windows 8 has added a lot of value for enterprises around the boot process, helping to make Windows 8 malware-resistant by design. It is helpful to look at the process from a high level now that you've seen its components.
     
    UEFI works to prevent untrusted boot loaders from being loaded. UEFI hands processing directly to the Windows boot loader. This starts up the Windows kernel and drivers and loads anti-malware software. From power-on until the anti-malware software starts, there's simply no vector for untrusted software to be loaded. Once the anti-malware software takes over, it then monitors third-party drivers as part of the boot process.
  • Protect Against the Known and Unknown
     
    Key Messages:
    Malware resistant by design
    Several familiar components are used for protection
     
    Everything we've discussed so far gets us to the point of the Windows logon screen. So what happens post-boot? Windows 8 is malware-resistant by design both during boot and post-boot.
     
    Windows 8 uses several components that are familiar to IT pros, including Windows Defender, System Center 2012 Endpoint Protection, Windows Firewall, and SmartScreen Filter.
     
    The following slides illustrate some of the highlights of post-boot protection for Windows 8. Additionally, since the Windows Store is new for Windows 8, we'll also discuss security considerations specific to Windows 8 apps.
  • Client Protection
     
    Key Messages:
    Windows Defender and Windows Firewall play key roles
    SmartScreen Filter has been enhanced for Windows 8
     
    Windows Defender is central to security in Windows 8, providing a comprehensive anti-malware solution in the box with Windows 8. Windows Defender protects against a full range of malware, well beyond simple adware and spyware protection.
     
    Windows Defender provides real-time active protection that's optimized for the user experience. For enterprises, Endpoint Protection adds manageability. Sharing the same anti-malware engine with Windows Defender, Endpoint Protection adds the Network Inspection System (NIS), which has the ability to block infections before they occur.
     
    Windows Firewall helps reduce the surface area available for an attacker by filtering the ports available to an attacker scanning a computer. Windows Firewall has been improved for Windows 8 and is also manageable with Endpoint Protection and PowerShell.
     
    Internet Explorer 10 has been improved with additional features in SmartScreen Filter. Not only does SmartScreen Filter protect against phishing sites and malicious downloads, but it now includes Application Reputation. Application Reputation protects users regardless of the method in which the application was downloaded.
     
    Internet Explorer 10 also includes Enhanced Protected Mode, which isolates tabs and processes and makes it more difficult to exploit. Do Not Track capabilities are included in Internet Explorer 10, and user interaction is required in order for a web page to gain access to user data.
  • Windows 8 App Protection
     
    Key Messages:
    Windows Store provides rigorous certification
    Windows 8 apps run with low privilege and must declare capabilities
    Apps are installed into discrete containers
     
    Windows 8 apps offered through the Windows Store need to pass through a rigorous certification and app screening process. Part of the process in making trustworthy apps is a manual screening process by Microsoft for every app available in the Windows Store. Apps also develop their own reputation through community-based ratings and reviews.
     
    Windows 8 apps run with low privilege, and their access to resources is limited. Access to resources, called capabilities, needs to be declared by the developer, so you always know what capabilities a given app will have. The contract aspect of apps also means that they use a standard interface to communicate with one another.
     
    Each app is installed into its own discrete container, and all of the installation steps are handled by the operating system. This means that users can't accidentally install an app into the wrong location or have an old version alongside a new version of an app.
  • Summary
     
    Key Messages:
    Familiar tools used for Windows 8
    DaRT and BitLocker are both updated
    Boot and post-boot are protected
     
    In this session, we discussed several technologies surrounding recovery and security in Windows 8. Windows 8 improves on many of the recovery and security tools that you're familiar with from Windows 7. There are key recovery features in Windows 8 that are new, including the ability to reset or refresh the computer. Many of the tools such as Safe Mode and System Restore are still there, too.
     
    DaRT has been updated for Windows 8 with the release of DaRT 8. DaRT 8 introduces many new features for Windows 8 including the ability to deploy onto USB media, support for GUID partition tables, UEFI, and full PowerShell capabilities. DaRT offers several ways to deploy images, including manually, through MDT 2012 Update 1, or using Configuration Manager.
     
    Security changes in Windows 8 also build on features in Windows 7. BitLocker has been updated with several new IT-friendly features that also enhance security. Support for TPM 2.0 is included in BitLocker, and the ability to encrypt only used disk space is a time-saver for deployment and usage in SAN environments. BitLocker has new protectors and recovery options, including the ability to escrow keys on SkyDrive.
     
    Windows 8 works with UEFI to provide a trusted boot sequence that's both secure and verifiable. Once booted, the operating system uses technologies such as Windows Defender, Endpoint Protection, Windows Firewall, and SmartScreen Filter to enhance the security of the system at run time.
  • Windows 8 - Recuperação e Segurança

    1. 1. Windows 8 Recuperação e Segurança Rodrigo Immaginario, CISSP MVP: Enterprise Security MCSE: Security http://rodrigoi.org.br @rodrigoi
    2. 2. Conhecidas e Novas Ferramentas ... Proteção de Incidentes e Ataques Acesso Seguro Ferramentas conhecidas - Windows 7 Proteção de Dados Três áreas : Windows 8, uma passo a frente em segurança e recuperação • BitLocker and DaRT • Safe Mode and System Restore
    3. 3. O que há de novo ? Refresh e Reset Enhanced BitLocker protectors Novas opções de boot seguro
    4. 4. Ferramentas de Recovery Windows 7 • System Restore • Safe Mode Novidades … New Refresh and Reset
    5. 5. Refresh and Reset Refreshmantém a personalização Reset formata e reinstala
    6. 6. Refresh vs. Reset Refresh: Reset: • Não mantém personalização e os dados • Não mantém os apps Windows 8 • Formata o disco antes de reinstalar • Mantém personalização e os dados • Mantém os apps Windows 8 • Não formata antes de reinstalar
    7. 7. Demo: Refreshing the PC
    8. 8. Diagnóstico e Recuperação Avançada DaRT – nível avançadoem recuperação DaRT atualizado p/ Windows 8 DaRT parte do MDOP
    9. 9. Recovery Image Wizard PowerShell Script x86 e x64 na mesma estação Imagens WIM e ISO Criação de : • CD ou DVD • USB drives
    10. 10. Opções mais flexíveis Discos USB drives InstalaçãoLocal • MDT 2012 Update 1 • System Center 2012 Configuration Manager with Service Pack 1 Boot pela rede
    11. 11. Demo: DaRT
    12. 12. Enterprise Security • Base no Windows 7 • Melhorias BitLocker • SuporteUEFI para Trusted Boot • Windows Defender e Firewall • Smart Screen Application Reputation
    13. 13. Melhorias no BitLocker
    14. 14. Suporte ao TPM 2.0
    15. 15. Melhoria de Desempenho no BitLocker Criptografia do espaço utilizado Criptografia durante a instalação Suporte a eDrives Suporte a Cluster Shared Volumes (CSV)
    16. 16. Novas opções de Recovery no BitLocker Several recovery options SkyDrive escrow is new to Windows 8
    17. 17. Group Policy e BitLocker Novo conjunto de Políticas
    18. 18. Opções de Protetores BitLocker • Password para non-TPM • Active Directory • Network
    19. 19. Windows RT Disponível para DispositivosWindows RT Otimizado (dado é criptografado na escrita)
    20. 20. MBAM: Conformidade e Segurança Complex PINs and FIPs MBAM is enterprise-level tool for BitLocker Role-based access control Compliance reports
    21. 21. MBAM: Integração Integração com Configuration Manager Relatórios personalizados com SSRS Automatização de criptografia
    22. 22. MBAM: Reducing Costs Users help themselves Self Service Recovery Console
    23. 23. Suporte UEFI Windows 8 suporta UEFI Trusted operating system loading
    24. 24. Legado vs. Moderno Legado - Boot Moderno - Boot BIOS OS Loader (Malware) Legado pode usar loaders não confiáveis Modernos usam somente loaders confiáveis OS Start
    25. 25. Como confiar no UEFI Atualização via Windows Update UEFI - self-check
    26. 26. O que significa: Trusting Boot UEFI Boot Windows OS Loader Windows Kernel and Drivers AM Software AM software is started before all 3rd party software Boot Policy AM Policy 3rd Party Software 2 Measurements of components including AM software are stored in the TPM 3 TPM Client Remote Attestation Service 5 Client retrieves TPM measurements of client and sends it to Remote Attestation Service Windows Logon Client Health Claim 6 Remote Attestation Service issues Client Health Claim to Client Secure Boot prevents malicious OS loader 1 (Fie 4 attempts to access resource. Server requests Client Health Claim. Remote Resource (File Server) 7 Client provides Client Health Claim. Server reviews and grants access to healthy clients. Illustrating the boot process
    27. 27. Proteção por Padrão Malware-resistant by design Ferramentas conhecidas melhoradas no Windows 8
    28. 28. Proteção do Cliente
    29. 29. Windows 8 App - Proteção Processo rígido (seguro) para publicação naWindows Store Baixo privilégio e qualquer acesso deve ser declarado CadaApp é instaladoem seu container próprio
    30. 30. Resumo DaRT atualizado no Windows 8 Evolução de ferramentas já conhecidas Diversas melhorias no BitLocker Trusted boot e post-boot protected
    31. 31. Obrigado!

    ×