microsoft. Александр Худяков "windows 10 - защита от современных...
TRANSCRIPT
Windows 10 [email protected]
Windows10Windows Windows 10
Windows10 . Windows , , .2
Windows10 , Windows7/8.1 Windows10, Windows Software AssuranceWindows10 ,
OEM/ESD 1Windows10 Pro
OEM/ESD 1Windows10 2 Microsoft Desktop Optimization Pack (MDOP)2
Windows10 , , Windows10 Windows10
Windows, .
Windows10 Windows10, . , . Windows10 , .
Windows10 Pro , , , . Windows10 Pro , CYOD ( ), . Windows10 Pro , . Windows10 Pro , .
Windows10 , Windows10 Pro, , . , , . Windows10 , . Windows10 .
Windows10 Windows10 Pro , . , . , Windows10 Windows10 Pro Windows10 , . Windows10 .
3
Microsoft User Experience Virtualization (UE-V)Microsoft Application Virtualization (App-V)Microsoft BitLocker Administration & Monitoring (MBAM) (AGPM)Microsoft Diagnostic and Recovery Toolset (DaRT)MDOP , LTSB Windows To Go - TechNet , Long Term Servicing Branch (10- )
:Current Branch Current Branch for Business Long Term Servicing Branch (LTSB) Windows - Pass-the-Hash MDMDevice GuardDirectAccessWindows To Go AppLockerBranchCache Windows10 Software Assurance
SA
Windows10 Windows10 Pro, Windows8.1 , :
. - Windows , , ( ) ( ).
Pass-the-Hash. (, NTLM Kerberos) (, LSASS) Hyper-V. (VSM). VSM Windows. Pass-the-Hash (PtH), .
Device Guard. Device Guard Windows . Device Guard Windows, (, EXE-, DLL-), ( , ). , Windows, , . Device Guard AppLocker. Applocker , , , .
MDOPMDOP , , . Windows10 MDOP SA.
, . , Windows, Microsoft User Experience Virtualization (UE-V). Microsoft Application Virtualization (App-V) , . Microsoft Enterprise Desktop Virtualization (MED-V) Windows, Windows7.
MDOP , Windows. Microsoft BitLocker Administration and Monitoring (MBAM) BitLocker , . (AGPM) , , .
, Microsoft Diagnostics and Recovery Toolset (DaRT) , .
SA Windows. SA Current Branch/Current Branch for Business . SA , SA .
, , , Windows. , , - - .
4
Long Term Servicing Branch
Current Branch Windows , WSUS: -,
-Current Branch for Business
Windows
Windows 4 2015. Windows, Windows . : Windows . : , . : .
, . , , ., , , - , , , , . Windows10 , Long Term Servicing . , : . , (5), ( 5) . Long Term Servicing , Windows Server Update Services (WSUS) , Windows. WSUS , System Center Configuration Manager. , , , . , , . - , . , , . Current Branch for Business. , , , . . - , ( , Windows). Current Branch for Business Windows , . . , Windows Windows WSUS, ., Windows, , , .
10/29/2015 10:39 AM (Microsoft Corporation), 2015. . , , , , .5
. , , , - . 10, . , , , . ., , , , , ?
2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.10/29/2015 11:03 AM6
BLASTER, SLAMMER
: 2003-2004
10 2003
2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.10/28/20157
2005-
.
RANSOMWARE, CLICK-FRAUD, IDENTITY THEFT
:
BLASTER, SLAMMER
: 2003-2004
2005
2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.10/28/20158
2005-
.
RANSOMWARE, CLICK-FRAUD, IDENTITY THEFT
:
BLASTER, SLAMMER
:
2012 , ,
, ,
: ,,
2003-2004
2012
2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.10/28/20159
,
Windows HelloMicrosoft PassportBitLockerEnterprise Data ProtectionDevice GuardWindows Defender
DLP DLP Windows300Ks+ Windows
UEFI Secure BootTPM 2.0, Virtualization
MICROSOFT CONFIDENTIAL INTERNAL ONLY
10 7 ---- . DLP . 10 enterprise data protection . (EDP) , ---- , . ? Device guard.----- - Windows 8 desighned for win uefi uefi secure boot. Secure Boot? , . , , , / , , .
2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.10/29/201510
, 10 . ?
2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.10/29/201511
, ,
!!
, , . ? , , .
, 10 2 2 Microsoft passport Hello Microsoft passport windows Hello :
, , 20% , 2014
12
1
Social.com
Bank.com
Network.com
LOL.com
Obscure.com
1
2
: . . . . .
2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.10/28/201513
135 ADWindows
IDP
IDP
IDP
24
, , ., . .. . () , .
2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.10/28/201514
.
, .15
MICROSOFT PASSPORT
PKI Windows 10
. . , . . , . ?
: TPM user gesture win hello .. : , , , - , 10 , = , api js
, Windows 10, - , . . ( ), Windows. , PKI. Windows 10 , PKI. - , PKI . Active Directory, Azure Active Directory - , , - . , , -.
2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.10/29/201516
IDPActive DirectoryAzure ADGoogleFacebookMicrosoft Account1
2
Windows10
3
IntranetResource44 IDP
IntranetResource
, . . , TPM. IDP (Identity provider), ,. , AD, , FB , . (3) , (4) . ? , ! , .
.. , .. pki
. ( ), Windows. , PKI. Windows 10 , PKI.
(, . PKI - Public Key Infrastructure)
2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.10/29/201517
PIN .
Windows Hello
Sample design, UI not final
, TPM - . Windows10 : ( )
TMP () 100 18
WINDOWS HELLO
(, , ) , ,
10 , . + api win 10 ,
19
:)
, 60 15-20
20
VIRTUAL SECURE MODE
Virtual Secure Mode (VSM)Local Security Auth ServiceWindowsVirtual TPMHyper-Visor Code Integrity
. , . , , , , . . , -
21
VSM Windows Hyper-V Windows Kernel
LSA NTLM . (VT-X, VT-D)VIRTUAL SECURE MODE (VSM) Windows
22
Device Guard
. . - , . . ., .
Applocker . .
Device Guard , , (APT). Windows 10 : , , . . , , Windows . , Device Guard . (Win32) , . 10 2 , , ---- 10 , ..
Windows 10 , . . Windows 10 , , , . , Windows, . , , , Windows Phone. , : , ; , ; Windows . Windows Phone, (Win32). , , Windows, . , Windows 10, , .
23
DEVICE GUARD Win32 , (: Windows Phone)
, (TPM) (code integrity) , MDM PowerShell
( , .. -)
- . , : , , , , , . , , ,
Device Guard. HP, Acer, Lenovo, Toshiba, Fujitsu
24
2HIPPA Secure Now, A look at the cost of healthcare data breaches, Art Gross, March 30, 2012
158%
187%
2$240
1Stroz Friedberg, On The Pulse: Information Security In American Business, 2013
? , . , . , .
, 87 % , , 58 % , .---- ,
,
,
, edp Edp , ..
( , , ) ,
2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.10/29/201525
Enterprise Data Protection . , , . Windows, iOS, Android
EFS, Applocker, Bitlocker,RMS. , .
. , .
, ()
edp efs
Epd Windows 10 (DLP), . , , . , . , . Windows 10 , , , - . , . , , , . , , , .
10 10 , -
26
2015 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
27IT GETTING STARTED10/28/2015 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.