Windows 10 Security
Watch this Channel 9 Video by Chris Hallum, Dustin Ingalls on Cyper security & how Windows 10 Solves this problem
Video Takeaway -
Virtual secure mode (VSM) -
Hypervisor in the PC, Boot a mini OS & put sensitive windows component in the OS. This secure the kernel.
Watch this Channel 9 Video by Chris Hallum, Dustin Ingalls on Cyper security & how Windows 10 Solves this problem
Video Takeaway -
Virtual secure mode (VSM) -
Hypervisor in the PC, Boot a mini OS & put sensitive windows component in the OS. This secure the kernel.
VSM, or Virtual Secure Mode, is a security feature introduced in Windows 10 and Windows Server 2016. It is designed to provide enhanced protection for sensitive processes and data by isolating them in a secure environment. Here are a few key points about VSM:
1. Secure Isolation: VSM uses hardware virtualization capabilities to create a separate, isolated environment called the Virtual Trust Level (VTL). It provides a secure execution environment for critical system processes and sensitive data, isolating them from the regular operating system and user space.
2. Protection against Kernel Attacks: VSM protects against various types of kernel-level attacks by running the Windows 10 security kernel (Secure Kernel) in the VTL. This isolation ensures that even if the regular operating system is compromised, the Secure Kernel remains secure, preventing unauthorized access and manipulation of critical system components.
3. Credential Guard: One of the primary features enabled by VSM is Credential Guard, which protects user credentials such as NTLM password hashes and Kerberos tickets. It stores these sensitive credentials in the VTL, making them inaccessible to regular processes and malware that may be present in the main operating system.
4. Device Guard: VSM is also leveraged by Device Guard, another security feature in Windows 10. Device Guard uses VSM to ensure that only trusted and signed applications can run on a system, effectively protecting against unauthorized code execution and malware attacks.
5. Hardware Requirements: VSM requires specific hardware capabilities to function. It relies on virtualization extensions, such as Intel VT-x or AMD-V, in the underlying processor to create and manage the VTL. Additionally, the system must have a TPM (Trusted Platform Module) version 2.0 or higher to securely store and manage cryptographic keys and other security-related information.
6. Administrative Control: VSM is primarily managed and controlled by the operating system and system components. As a security administrator, you may need to ensure that VSM is enabled and properly configured on systems where it is applicable, especially if you are implementing features such as Credential Guard or Device Guard.
7. Compatibility Considerations: Certain applications or hardware drivers may not be compatible with VSM due to the level of isolation it provides. It is important to test compatibility and ensure that critical applications and drivers function properly in a VSM-enabled environment before deployment.
8. Additional Security Measures: While VSM provides an additional layer of security, it is important to remember that it is not a standalone solution. It should be implemented as part of a comprehensive security strategy that includes other security measures such as antivirus, firewall, and regular patching.
Local security Auth Service - Trust list mini OS own security authority.
No network, No UI, Nothing to touch it's just a black box that runs of its own.
Virtual TPM Component - on server VTPM runs on a secure environment.
Hyper-visor code integrity - Looks at the image & see if it's signed.
Password - Microsoft passport
an asymmetrical key pair
use pin
provisioned via PKI or create locally via Windows 10
Passport has the ability to generate it's own key.
Your device is one of the factors
credentials can be secured by hardware(TPM).
can use biometrics
No comments:
Post a Comment