Module 1 - Security Threat Landscape_0617

Содержание

Слайд 3

After completing this learning unit, you will have an understanding of:
The impact

After completing this learning unit, you will have an understanding of: The
security has, the evolution of attacks and the anatomy of an attack
How credentials and privileged access can be protected
How to protect applications and data in any cloud
How to protect the virtualization fabric
How to protect with “just enough” OS

Objectives

Слайд 4

Lesson 1: Security, attacks and threats
Introduction
Lesson 2: Securing the environment
Basics
Help protect

Lesson 1: Security, attacks and threats Introduction Lesson 2: Securing the environment
credentials and privileged access
Help protect applications and data in any cloud
Help protect the virtualization fabric
Protect with just enough OS
Windows Server 2016 security summary

Lessons

Слайд 5

Security Threat Landscape

Lesson 1: Security, attacks and threats

Section: Introduction

Security Threat Landscape Lesson 1: Security, attacks and threats Section: Introduction

Слайд 6

Increasing incidents

Multiple motivations

Bigger risk

Security is a Top Priority for IT

Increasing incidents Multiple motivations Bigger risk Security is a Top Priority for IT

Слайд 7

Evolution of Attacks

Evolution of Attacks

Слайд 8

Source: McKinsey, Ponemon Institute, Verizon

“Cyber security is a CEO issue.”
-McKinsey

Source: McKinsey, Ponemon Institute, Verizon “Cyber security is a CEO issue.” -McKinsey

Слайд 10

Corporate secrets are public knowledge; potential loss of competitive advantage

Corporate secrets are public knowledge; potential loss of competitive advantage

Слайд 11

Different Attack Vectors

Different Attack Vectors

Слайд 12

Attack Timeline

24–48 hours

Mean dwell time 150+ days (varies by industry)

First host compromised

Domain admin

Attack Timeline 24–48 hours Mean dwell time 150+ days (varies by industry)
compromised

Attack discovered

Attacker undetected (data exfiltration)

Research & preparation

Слайд 13

Malicious Attachment Execution

Browser or Doc Exploit Execution

Stolen Credential Use

Internet Service Compromise

Kernel-mode Malware

Kernel

Malicious Attachment Execution Browser or Doc Exploit Execution Stolen Credential Use Internet
Exploits

Pass-the-Hash

Malicious Attachment Delivery

Browser or Doc Exploit Delivery

Phishing Attacks

ESPIONAGE, LOSS OF IP

DATA THEFT

RANSOM

LOST PRODUCTIVITY

BUSINESS DISRUPTION

Enter

Establish

Expand

Endgame

Anatomy of an Attack

Слайд 14

Example Attack Scenario

Domain controllers

Directory database(s)

Persist presence

Example Attack Scenario Domain controllers Directory database(s) Persist presence

Слайд 15

Schoolboard
50 Employees
300 Students
Public funds

Construction
4,000 Employees
$30 millions YR
Private funds

Energy
95,000 Employees
$5 billions YR
Private funds
Shareholders

Schoolboard 50 Employees 300 Students Public funds Construction 4,000 Employees $30 millions

Слайд 16

Schoolboard, from the Attacker’s Perspective

June the 3rd
Email sent to
[email protected]
with a PPTX attached

June

Schoolboard, from the Attacker’s Perspective June the 3rd Email sent to helpdesk@schoolboard.com
the 3rd + 2 minutes
At least 5 members of
the helpdesk opened the
attachment

June the 3rd + 5 minutes
2 machines start beaconing

Слайд 17

Schoolboard, from the Attacker’s Perspective

June the 3rd + 6 minutes
The malware is

Schoolboard, from the Attacker’s Perspective June the 3rd + 6 minutes The
extracting
credentials and sends them
to its C2 server

June the 3rd + 15 minutes
The attacker is dumping emails
from the helpdesk users.

June the 4th
The attacker found an email
about the new payroll application
crashing on server PAY01.

Слайд 18

Schoolboard, from the Attacker’s Perspective

June the 4th
The attacker takes remote
control of

Schoolboard, from the Attacker’s Perspective June the 4th The attacker takes remote
one of the sleeping
helpdesk computers and then accesses
to PAY01

June the 4th
The helpdesk user is an
Administrator of the payroll application and more (Domain Admins member)

June the 4th
The attacker downloads the public
documentation of the payroll
application

July the 1st
The attacker creates fake employees
in the payroll system and assigns
them foreign bank accounts

Слайд 19

Schoolboard, from the Attacker’s Perspective

August the 1st
The attacker fires its fake

Schoolboard, from the Attacker’s Perspective August the 1st The attacker fires its
employees
and delete the transaction logs

$140 K
Money embezzlement
½ of the yearly budget of the schoolboard
Tax payers’ money

Слайд 20

Schoolboard, from the Other Side

June the 4th
One helpdesk user reports
receiving spam

Schoolboard, from the Other Side June the 4th One helpdesk user reports
to its IT admin

June the 15th
The IT admin scans the machine
of the user and doesn’t find
anything

June the 30th
Vacation time ?

Слайд 21

Schoolboard, from the Other Side

August the 15th
The bank calls the accountant

Schoolboard, from the Other Side August the 15th The bank calls the
to
inform him of the recent unusual
summer activities

August the 16th
The accountant listens to his voicemail
and realizes that the budget is wrong

August the 31st
Press release

81%
In 81% of breaches, the affected organization did not detect the breach themselves but were notified by others.

Слайд 22

Spam/phishing detection
Phishing awareness training
Suspicious activities reporting process (Security Incident Management)
No separation of

Spam/phishing detection Phishing awareness training Suspicious activities reporting process (Security Incident Management)
privileged accounts
Helpdesk accounts have too many privileges

What went wrong?

Слайд 23

Construction
4,000 Employees
$30 millions YR
Private funds

Construction 4,000 Employees $30 millions YR Private funds

Слайд 24

Construction, from the Attacker’s Perspective

January the 3rd
A mobile server room
disappears from a

Construction, from the Attacker’s Perspective January the 3rd A mobile server room
construction
site

January the 5th
Most of the hardware is sold
A domain controller is identified

January the 6th
The NTDS.DIT database is cracked.
A majority of the passwords are discovered
Planning a targeted attack
This includes the passwords of privileged accounts

January the 7th
Review of the other stolen
data, identified webmail and
VPN endpoints

Слайд 25

Construction, from the Attacker’s Perspective

January the 10th
VPN connection made
on behalf of

Construction, from the Attacker’s Perspective January the 10th VPN connection made on

CONSTRUCTION\Joe

January the 10th
From Joe’s session, runas as
Administrator and discovery of
all connected assets

January the 10th to February the 15th
Extract all targeted data
Implement a shutdown script via GPO
to extract credentials of the connected
users and send them to a remote server

February the 16th
All assets are now a member
of a botnet. Machines are waiting
for instructions

Слайд 26

Construction, from the Attacker’s Perspective

March the 1st
Some identities are sold
The attacker

Construction, from the Attacker’s Perspective March the 1st Some identities are sold
prepares the field for
a ransomware drop

March the 2nd
VSS is stopped on a majority
of servers and backup software
Is configured to backup only OS

April the 1st
D-day for Ransomware activation
Use GPO to deploy the payload on
every AD joined machine

April the 2nd
All enterprise data is encrypted

Слайд 27

Construction, from the Attacker’s Perspective

April the 14th
After 12 days of work

Construction, from the Attacker’s Perspective April the 14th After 12 days of
without
IT data, and because the most of
the backups are too old, most of the
ransoms are paid

$220K ransom
Some old data has been restored
The attacker is still present on the network

$2M business impact
Lost work / Cannot respond to offers

Слайд 28

Construction, from the Other Side

January the 6th
A construction site is back

Construction, from the Other Side January the 6th A construction site is
to
work after the holiday break
Servers and laptops are reported
stolen

January the 7th
The IT admins are not too worried as the
file server has not a lot of data and laptops
were old

January the 12th
New hardware is shipped
Security is reinforced
CCTV is implemented
Security guards patrol more often

Слайд 29

Construction, from the Other Side

March the 15th
DBA are complaining about
backups failing

Construction, from the Other Side March the 15th DBA are complaining about

March the 22th
The backup team is performing manual
backups of critical servers in the meantime
this got resolved

April the 2nd
Users cannot access their personal
data nor their corporate (server hosted)
data

~200 days
Most of attacks go undetected for around a year (on average), leaving organizations vulnerable to ongoing loss and damage.

Слайд 30

Physical protection
Procedures in case of theft
Inefficient monitoring

What went wrong?

Physical protection Procedures in case of theft Inefficient monitoring What went wrong?

Слайд 31

Energy
95,000 Employees
$5 billions YR
Private funds
Shareholders

Networks
Corporate network
Closed network in
production sites

Energy 95,000 Employees $5 billions YR Private funds Shareholders Networks Corporate network

Слайд 32

Energy, from the Attacker’s Perspective

March the 3rd
The attacker got a valid
account from

Energy, from the Attacker’s Perspective March the 3rd The attacker got a
a previous
hack

March the 5th
Lateral movemenent to more than 50 machines
Harvest new set of credentials

March the 7th
Drop new malware
It exploits a vulnerability patched
last month

Слайд 33

Energy, from the Attacker’s Perspective

April the 5th
Giga bytes of data
are extracted
The

Energy, from the Attacker’s Perspective April the 5th Giga bytes of data
attacker gets intel about
the ID used in the closed network

April the 30th
The attacker is installing its own VMs and deploy a Kali

May the 1st
The attacker is creating service accounts
member of the Backup Operators group

May the 5th
Drop custom USB flash drives
with embedded cred around
the production staff

Слайд 34

Energy, from the Attacker’s Perspective

May the 7th
The production is down
in one

Energy, from the Attacker’s Perspective May the 7th The production is down
critical site

May the 8th
Ransomware are deployed in
Corp and production networks

$12k ransom
Some old data has been restored
The attacker is still present on the network

$35M fines
Failed to comply to security regulations

$90M loss market share
Stock is going down

Слайд 35

Energy, from the Other Side

April the 4th
AV team clean up malwares

Energy, from the Other Side April the 4th AV team clean up
found
on several workstations
(systems are formatted)

May the 6th
Network team detect abnormal
network activities. Delete suspicious VM
and change passwords of VM admins

May the 7th
Major production outage
Production site down, no ETA

Слайд 36

Energy, from the Other Side

May the 8th
Ransomware on many systems

June the

Energy, from the Other Side May the 8th Ransomware on many systems
1st
The company announce the new to the shareholder
Net losses

June the 2nd
Press release

Слайд 37

More than 200 days (varies by industry)

Typical Attack Timeline & Observations

Attack Sophistication
Attack

More than 200 days (varies by industry) Typical Attack Timeline & Observations
operators exploit any weakness
Target information on any device or service

Target AD & Identities
Active Directory controls access to business assets
Attackers commonly target AD and IT Admins

Attacks not detected
Current detection tools miss most attacks
You may be under attack (or compromised)

Response and Recovery
Response requires advanced expertise and tools
Expensive and challenging to successfully recover

24-48 Hours

Слайд 38

Cost of an attack
The cost of these attacks to the global economy,

Cost of an attack The cost of these attacks to the global
and to an individual company, is significant. It is estimated that the total potential cost of cybercrime to the global economy is $500 billion. The average cost of a data breach to a company is estimated at $3.5 million. However, the cumulative impact as a result from damage to brand reputation, loss of confidential data, and intellectual property is just as, if not more, damaging.
(Source: CSIS-McAfee Report)
(Source: Ponemon Institute releases 2014 Cost of Data Breach)

Слайд 39

Security Threat Landscape

Lesson 2: Securing the environment

Section: Basics

Security Threat Landscape Lesson 2: Securing the environment Section: Basics

Слайд 40

Hard Lessons…

Hard Lessons…

Слайд 41

Windows Server Security Posture

Windows Server Security Posture

Слайд 42

Secure the OS

Managed privileged identities

Secure virtualization

What do we need

Secure the OS Managed privileged identities Secure virtualization What do we need to secure and how?
to secure and how?

Слайд 43

Fundamentals of Information Security

Fundamentals of Information Security

Слайд 44

Information Security Concepts and Fundamental Principles

Confidentiality
Integrity
Availability

The CIA Triad

Information Security Concepts and Fundamental Principles Confidentiality Integrity Availability The CIA Triad

Слайд 45

The three pillars

Fundamentals of Information Security

The three pillars Fundamentals of Information Security

Слайд 46

References for Canada
• Annex 1 - Departmental IT Security Risk Management Activities:

References for Canada • Annex 1 - Departmental IT Security Risk Management
IT Security Risk Management: A Lifecycle Approach ( mentioned all over the place in that order here) https://www.cse-cst.gc.ca/en/node/265/html/24453
• Overview: IT Security Risk Management: A Lifecycle Approach
https://www.cse-cst.gc.ca/en/node/265/html/22814
• IT Security Risk Management: A Lifecycle Approach
https://www.cse-cst.gc.ca/en/publication/itsg-33

HIDDEN – More Information

Слайд 47

Constraints

Fundamentals of Information Security

Constraints Fundamentals of Information Security

Слайд 48

You want to make it…
Harder
Longer
More noisy
… for the attacker
You want to

You want to make it… Harder Longer More noisy … for the
be an unattractive target

Defense-in-Depth Modeling

Слайд 49

Defense-in-Depth Modeling

Layers of Defense:
When talking about the various layers to protect, we

Defense-in-Depth Modeling Layers of Defense: When talking about the various layers to
want to consider a variety of attack vectors. Take a moment to review each layer as presented in the picture on the right. Consider where your organization might be vulnerable.
During this class, we will be discussing various ways you can harden your Microsoft infrastructure. However, you should always think about how the concepts we present here can be applied elsewhere within your environment.

Physical Security

Perimeter

Internal Network

Host

Application

Data

ACLs, encryption, Rights management

Application design, antivirus

Operating system hardening, authentication, patch management, HIDS

Network segments, IPsec, NIDS

Firewalls, Network Access Quarantine Control, NAP

Guards, locks, tracking devices

Security documents, user education

People, Policies, Process

Слайд 52

Strategic shift

Defense-in-Depth Modeling

From perimeter security …

… to assumed breach

Protect information
Establish security practices
Manage

Strategic shift Defense-in-Depth Modeling From perimeter security … … to assumed breach
threats
Respond strongly

Слайд 53

Risk Management

Risk Management

Слайд 54

What is a vulnerability?
A flaw or weakness in a system’s design, implementation,

What is a vulnerability? A flaw or weakness in a system’s design,
or operation and management.
What is a risk?
The probability of a vulnerability being exploited in the current environment, leading to a degree of loss of confidentiality, integrity, or availability, of an asset

Key Concepts

Слайд 55

Basic Security Principles

Security decisions are risk management decisions
Risk can never be reduced

Basic Security Principles Security decisions are risk management decisions Risk can never
to zero
Prioritization and focus becomes important
Assess Risk
Identify and prioritize risks to the business
Conduct Decision Support
Identify and evaluate control solutions based on a defined cost-benefit analysis process
Implement Controls
Deploy and operate control solutions to reduce risk to the business.
Measure Effectiveness
Analyze the risk management process for effectiveness
Verify that controls are providing the expected degree of protection

Слайд 56

Basic Security Principles: How We Protect It

Principle of Least Privilege (POLP)
Access varies

Basic Security Principles: How We Protect It Principle of Least Privilege (POLP)
based on minimum amount of privilege for the requirement
Access allowed only for required duration
Reduce the Attack Surface
Lower attack surface directly reduces the probability of a successful attack
Security Zones
Objects with similar security requirements are grouped
Similar security is then applied to the whole group
Role-Based Security
Security applied based on job or task requirements
Based on the Principle of Least Privilege

Слайд 57

The 10 Immutable Laws of Security Administration:

Nobody believes that anything bad can

The 10 Immutable Laws of Security Administration: Nobody believes that anything bad
happen to them, until it does
Security only works if the secure way also happens to be the easy way
If you do not keep up with security fixes, your network will not be yours for long
It does not do much good to install security fixes on a computer that was never secured to begin with.
Eternal vigilance is the price of security
There is really someone out there trying to guess your passwords
The most secure network is a well-administered one
The difficulty of defending a network is directly proportional to its complexity
Security is not about risk avoidance; it is about risk management
Technology is not a panacea
10 Immutable Laws of Security Administration: http://technet.microsoft.com/en-us/library/cc722488.aspx

Слайд 58

The 10 Immutable Laws of Security Administration:

If a bad guy can persuade

The 10 Immutable Laws of Security Administration: If a bad guy can
you to run his program on your computer, it's not solely your computer anymore.
If a bad guy can alter the operating system on your computer, it's not your computer anymore.
If a bad guy has unrestricted physical access to your computer, it's not your computer anymore.
If you allow a bad guy to run active content in your website, it's not your website any more.
Weak passwords trump strong security.
A computer is only as secure as the administrator is trustworthy.
Encrypted data is only as secure as its decryption key.
An out-of-date antimalware scanner is only marginally better than no scanner at all.
Absolute anonymity isn't practically achievable, online or offline.
Technology is not a panacea.

Слайд 59

Sample AD assets

Domain Controllers
Active Directory Backups
Administrative Accounts and Groups
Identities and attributes
Group

Sample AD assets Domain Controllers Active Directory Backups Administrative Accounts and Groups
Policies
Administrative Workstations
Administrative Delegations
Administration Team

Слайд 60

Vulnerabilities

A flaw or weakness in a system’s design, implementation, or operation and

Vulnerabilities A flaw or weakness in a system’s design, implementation, or operation
management that could be exploited to violate the system’s security policy
Examples:
Physical
Unlocked doors
Unguarded access to computing facilities
Insufficient fire suppression systems
Natural
Facility located on a fault line
Facility located in a flood zone
Facility located in an avalanche area

Слайд 61

Vulnerabilities (continued)

Hardware
Outdated firmware
Systems not physically secured
Misconfigured systems
Software
Out-of-date antivirus software
Missing patches
Poorly written applications

Vulnerabilities (continued) Hardware Outdated firmware Systems not physically secured Misconfigured systems Software

Слайд 62

Vulnerabilities (continued)

Communications
Unencrypted network protocols
Connections to multiple networks
No filtering between network segments
Human
Poorly defined

Vulnerabilities (continued) Communications Unencrypted network protocols Connections to multiple networks No filtering
procedures
Stolen credentials
Media
Electrical interference

Слайд 63

Vulnerabilities (continued)

Poorly written or secured scripts
Weak admin accounts security
Poorly secured

Vulnerabilities (continued) Poorly written or secured scripts Weak admin accounts security Poorly
AD objects
Unnecessary software and services installed on domain controllers
Lack of Security Audit and Monitoring

Слайд 64

Security Threat Landscape

Lesson 2: Securing the environment

Section: Help protect credentials and privileged

Security Threat Landscape Lesson 2: Securing the environment Section: Help protect credentials and privileged access
access

Слайд 65

Challenges in Protecting Credentials

Ben

Mary

Jake

Admin

Domain admin

Typical administrator

Capability

Time

Social engineering leads to credential theft
Most attacks

Challenges in Protecting Credentials Ben Mary Jake Admin Domain admin Typical administrator
involve gathering credentials (Pass-the-Hash attacks)
Administrative credentials typically provide unnecessary extra rights for unlimited time

Слайд 66

Helping Protect Privileged Credentials

Ben

Mary

Jake

Admin

Domain admin

JEA and JIT administration

Capability

Time

Just Enough Administration (JEA) limits

Helping Protect Privileged Credentials Ben Mary Jake Admin Domain admin JEA and
administrative privileges to the bare-minimum required set of actions (limited in space)
Just in Time Administration (JIT) provides privileged access upon request through a workflow that is audited and limited in time

Слайд 67

Helping Protect Privileged Credentials

Ben

Mary

Jake

Admin

Domain admin

JEA and JIT administration

Capability

Time

Just Enough Administration (JEA) limits

Helping Protect Privileged Credentials Ben Mary Jake Admin Domain admin JEA and
administrative privileges to the bare-minimum required set of actions (limited in space)
Just in Time Administration (JIT) provides privileged access upon request through a workflow that is audited and limited in time
Credential Guard prevents Pass the Hash and Pass the Ticket attacks by protecting stored credentials and credential artifacts using Virtualization based Security (VBS)

Слайд 68

Helping Protect Privileged Credentials

Ben

Mary

Jake

Admin

Domain admin

JEA and JIT administration

Capability

Time

Just Enough Administration (JEA) limits

Helping Protect Privileged Credentials Ben Mary Jake Admin Domain admin JEA and
administrative privileges to the bare-minimum required set of actions (limited in space)
Just in Time Administration (JIT) provides privileged access upon request through a workflow that is audited and limited in time
Credential Guard prevents Pass the Hash and Pass the Ticket attacks by protecting stored credentials and credential artifacts using Virtualization based Security (VBS)
Remote Credential Guard works in conjunction with Credential Guard for RDP sessions providing SSO over RDP while eliminating the need for credentials to be passed to the host

Слайд 69

Security Threat Landscape

Lesson 2: Securing the environment

Section: Help protect applications and data

Security Threat Landscape Lesson 2: Securing the environment Section: Help protect applications
in any cloud

Слайд 70

Challenges Protecting the OS and Applications

New exploits can attack the OS boot-path

Challenges Protecting the OS and Applications New exploits can attack the OS
all the way up through applications operations
Known and unknown threats need to be blocked without impacting legitimate workloads
Security Information and Event Management (SIEM) systems are only as intelligent as the information provided from the OS

Слайд 71

Helping Protect OS and Applications

Device Guard
Ensure that only permitted binaries can be

Helping Protect OS and Applications Device Guard Ensure that only permitted binaries
executed from the moment the OS is booted.
Windows Defender
Actively protects from known malware without impacting workloads.
Control Flow Guard
Protects against unknown vulnerabilities by helping prevent memory corruption attacks. 
Enhanced Logs Log new audit events to better detect malicious behavior by providing more detailed information to security operation centers

Слайд 72

Security Threat Landscape

Lesson 2: Securing the environment

Section: Help protect the virtualization fabric

Security Threat Landscape Lesson 2: Securing the environment Section: Help protect the virtualization fabric

Слайд 73

Help Protect the Virtualization Fabric

Help Protect the Virtualization Fabric

Слайд 74

Challenges Protecting Virtual Machines

Any compromised or malicious fabric administrators can access guest

Challenges Protecting Virtual Machines Any compromised or malicious fabric administrators can access
virtual machines.
Health of hosts not taken into account before running VMs.
Tenant’s VMs are exposed to storage and network attacks.
Virtual machines can’t take advantage of hardware- rooted security capabilities such as TPMs.

Слайд 75

Helping Protect Virtual Machines

Shielded Virtual Machines
Use BitLocker to encrypt the disk

Helping Protect Virtual Machines Shielded Virtual Machines Use BitLocker to encrypt the
and state of virtual machines protecting secrets from compromised admins and malware.
Host Guardian Service
Attests to host health releasing the keys required to boot or migrate a Shielded VM only to healthy hosts.
Generation 2 VMs
Supports virtualized equivalents of hardware security technologies (e.g., TPMs) enabling BitLocker encryption for Shielded Virtual Machines.

`

Слайд 76

Decryption keys: controlled by external system

HYPER-V HOST 1

+ KEY PROTECTION
+ HEALTH ATTESTATION

HOST

Decryption keys: controlled by external system HYPER-V HOST 1 + KEY PROTECTION
GUARDIAN SERVICE (HGS)

WINDOWS SERVER 2016 HYPER-V HOSTS

GUARDED FABRIC

HYPER-V HOST 2

HYPER-V HOST 3

Why certainly, I know you & I must say you’re looking very healthy today!

Virtual Secure Mode

Virtual Secure Mode

Virtual Secure Mode

Hello, I’m HOST1, can I have some keys, please?

Слайд 77

Decryption keys: controlled by external system

HYPER-V HOST 1

+ KEY PROTECTION
+ HEALTH ATTESTATION

HOST

Decryption keys: controlled by external system HYPER-V HOST 1 + KEY PROTECTION
GUARDIAN SERVICE (HGS)

GUARDED FABRIC

HYPER-V HOST 2

HYPER-V HOST 3
Sure, your certificate of health authorizes me to release keys to you for 8 hours

Virtual Secure Mode

Virtual Secure Mode

Virtual Secure Mode

OK, so I’m healthy then! Can I have the keys now?

WINDOWS SERVER 2016 HYPER-V HOSTS

Слайд 78

Philip Moss Chief Product Officer
Acuutech

Shielded Virtual Machines remove a hosting obstacle and are

Philip Moss Chief Product Officer Acuutech Shielded Virtual Machines remove a hosting
a huge competitive differentiator. No one but Microsoft has this technology now.



Слайд 79

Security Threat Landscape

Lesson 2: Securing the environment

Section: Protect with just enough OS

Security Threat Landscape Lesson 2: Securing the environment Section: Protect with just enough OS

Слайд 80

Challenges in Protecting New Apps

Developers are protecting by making use of packaging

Challenges in Protecting New Apps Developers are protecting by making use of
and deployment tools such as containers.
Containers share the same kernel which limits isolation and exposes compliance and regulatory risks.
Reduce the risk by providing only the components required by application to run.

Слайд 81

Windows Server 2016 Approach

Hyper-V containers Provide hypervisor isolation for each container with

Windows Server 2016 Approach Hyper-V containers Provide hypervisor isolation for each container
no additional coding requirements.
Helps align with regulatory requirements for PCI and PII data.
Nano Server Reduce the attack surface by deploying a minimal “just enough” server footprint.

Слайд 82

Security Threat Landscape

Lesson 2: Securing the environment

Section: Windows Server 2016 security summary

Security Threat Landscape Lesson 2: Securing the environment Section: Windows Server 2016 security summary

Слайд 83

Windows Server 2016 Security Summary


Windows Server 2016 Security Summary 

Слайд 84

DO NOT REMOVE: this is a hidden slide for notes purposes

DO NOT REMOVE: this is a hidden slide for notes purposes

Слайд 85

Question #1: What is the new security perimeter?
Question #2: What are the

Question #1: What is the new security perimeter? Question #2: What are
four option we discussed that are used to protect against credential theft?
Question #3: Why is a shielded-VM more secure then a regular VM?

Knowledge Check

Имя файла: Module-1---Security-Threat-Landscape_0617.pptx
Количество просмотров: 45
Количество скачиваний: 0