Netherlands: Software

Introductie Windows Server 2016

Issue link: http://hub-nl.insight.com/i/692748

Contents of this Issue

Navigation

Page 115 of 173

106 C H A P T E R 5 | Security access the memory used to store these keys, even with complete kernel access. If I'm running with a debugger attached, for example, that would be flagged as part of the attestation process, the health check would fail, and the keys would not be released to the host. Remember I mentioned the keys from the key protection service are sent encrypted? It's the VSM where they are decrypted, always keeping the decrypted key protected from the host OS. When you put all of this together you have the ability to create a secure VM environment that is protected from any level of administrator (when using TPM 2.0 in the host) and will close a security hole many environments cannot close today. More info To read detailed guides that Microsoft has provided to implement this scenario in your environment, go to https://gallery.technet.microsoft.com/Shielded-VMs-and-Guarded- 44176db3/view/Discussions. Threat-resistant technologies Windows Server 2016 Technical Preview includes integrated threat-resistance technologies that make it an active component in your overall security story. These technologies range from blocking external attackers trying to exploit vulnerabilities (Control Flow Guard) to resistance to attacks by malicious users and software that gained administrator access to the server (Credential Guard and Device Guard). In this section, we dive into some of these new features. Control Flow Guard In Windows Server 2016 Technical Preview and Windows 10, the operating system is protected by Control Flow Guard. This highly optimized platform security feature makes it much harder to run arbitrary code through exploits such as buffer overflows. In addition, when a developer compiles his code, the compiler will perform some security checks on the code and then identify the set of functions that are considered a source for an indirect call. These indirect calls might come from a code exploit whereby malformed data is sent into the function, causing it to behave abnormally. The indirect call in non–Control Flow Guard–aware code can cause a memory buffer overrun, which can corrupt other applications or lead to privileged execution. However, because the compiler has identified these sets of functions as potential vulnerabilities and marked them, the runtime will detect and provide additional logic that verifies whether an indirect call is actually valid. If the indirect call validation fails, the application will terminate, preventing the application from causing further damage to the system. Device Guard (Code Integrity) In the Windows operating system, there are two modes of operation: kernel mode and user mode. Kernel mode is the one in which the operating system is interacting with the hardware resources on the machine, and user mode is essentially that in which the user experience of running applications takes place. In the past few generations of software that Microsoft has released, it signs its code to ensure that if someone tampers with a binary, it has the ability to detect that something is different. Code Integrity is the part of Windows that performs this function. A common scenario involves hardware drivers. Microsoft requires signed drivers in order to install them onto the operating system so that they can operate in kernel mode. In Windows Server 2016 Technical Preview, further improvements have been made to Code Integrity whereby you can now create policies for your organization's needs. You can deploy these Code Integrity policies to an environment such that an end user cannot download and run untrusted code. This has a direct effective on the spread of malware, given that we know most malware programs typically disguise themselves as something

Articles in this issue

Links on this page

Archives of this issue

view archives of Netherlands: Software - Introductie Windows Server 2016