With enterprise certificate pinning, you can "pin" (associate) an X.509 certificate and its public key to its Certification Authority, either root or leaf. More information: Protect derived domain credentials with Credential GuardĮnterprise certificate pinning enables you to protect your internal domain names from chaining to unwanted certificates or to fraudulently issued certificates. More information: Windows Defender SmartScreen, later in this topicĬredential Guard uses virtualization-based security to isolate secrets, such as NTLM password hashes and Kerberos Ticket Granting Tickets, so that only privileged system software can access them.Ĭredential Guard is included in Windows 10 Enterprise and Windows Server 2016. The first time a user runs an app that originates from the Internet (even if the user copied it from another PC), SmartScreen checks to see if the app lacks a reputation or is known to be malicious, and responds accordingly. Windows Defender SmartScreen can check the reputation of a downloaded application by using a service that Microsoft maintains. Table 1 Windows 10 mitigations that you can configure Mitigation and corresponding threat Memory protection options provide specific mitigations against malware that attempts to manipulate memory in order to gain control of a system. The first table covers a wide array of protections for devices and users across the enterprise and the second table drills down into specific memory protections such as Data Execution Prevention. Windows 10 mitigations that you can configure are listed in the following two tables. Windows 10 mitigations that you can configure The following sections provide more detail about security mitigations in Windows 10, version 1703. Limit the window of opportunity to exploit These features are designed to:Įliminate entire classes of vulnerabilitiesĬontain the damage and prevent persistence In recognition of this landscape, Windows 10 Creator's Update (Windows 10, version 1703) includes multiple security features that were created to make it difficult (and costly) to find and exploit many software vulnerabilities. Threats like these require an approach that can meet this challenge. These attackers are typically highly trained individuals and security experts, some of whom are in the employ of nation states that have large budgets and seemingly unlimited human resources. Modern attacks increasingly focus on large-scale intellectual property theft targeted system degradation that can result in financial loss and now even cyberterrorism that threatens the security of individuals, businesses, and national interests all over the world. Since then, attacker's motives have shifted toward making money, including holding devices and data hostage until the owner pays the demanded ransom. In previous years, malicious attackers mostly focused on gaining community recognition through their attacks or the thrill of temporarily taking a system offline. Today's security threat landscape is one of aggressive and tenacious threats. Device protection and threat resistance as part of the Windows 10 security defenses The security threat landscape These protections work with other security defenses in Windows 10, as shown in the following illustration:įigure 1. This topic focuses on pre-breach mitigations aimed at device protection and threat resistance. Understanding Windows 10 in relation to the Enhanced Mitigation Experience Toolkitĭescribes how mitigations in the Enhanced Mitigation Experience Toolkit (EMET) correspond to features built into Windows 10 and how to convert EMET settings into mitigation policies for Windows 10. For example, heap protections and kernel pool protections are built into Windows 10. Provides descriptions of Windows 10 mitigations that require no configuration-they're built into the operating system. Mitigations that are built in to Windows 10 Product features such as Device Guard appear in Table 1, and memory protection options such as Data Execution Prevention appear in Table 2. Provides tables of configurable threat mitigations with links to more information. Sectionĭescribes the current nature of the security threat landscape, and outlines how Windows 10 is designed to mitigate software exploits and similar threats. For information about related types of protection offered by Microsoft, see Related topics. This topic provides an overview of some of the software and firmware threats faced in the current security landscape, and the mitigations that Windows 10 offers in response to these threats.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |