Protecting Against Credential Theft: Today and Tomorrow Chris Jackson M330 2012 - Beyond Sophistication 2005-PRESENT Organized Crime 2003-2004 RANSOMWARE, CLICK-FRAUD, IDENTITY THEFT Motive: Profit Script Kiddies BLASTER, SLAMMER Motive: Mischief Targeting Nation States, Activists, Terror Groups BRAZEN, COMPLEX, PERSISTENT Motives: IP Theft, Damage, Disruption.

Report
Protecting Against Credential
Theft: Today and Tomorrow
Chris Jackson
M330
2012 - Beyond
Sophistication
2005-PRESENT
Organized
Crime
2003-2004
RANSOMWARE,
CLICK-FRAUD,
IDENTITY THEFT
Motive: Profit
Script Kiddies
BLASTER, SLAMMER
Motive: Mischief
Targeting
Nation States,
Activists,
Terror Groups
BRAZEN,
COMPLEX,
PERSISTENT
Motives:
IP Theft,
Damage,
Disruption
Microsoft Defies Court Order, Will Not Give Emails to US Government
NSA internet snooping: EU threatens to suspend data sharing with US
1. Beachhead (e.g. Phishing)
2. Steal credentials
3. Move laterally
4. Acquire Domain Admin credentials
5. Execute attacker mission
24–48 Hours
Initial
compromise
or entry
Vector.
Core security
compromised.
Average 8 Months 
Service outage,
data theft, or
exfiltration.
Attack
detected.
Control
Tier-0
Tier-1
Tier-2
Data and
Services
Access
“If you protect your paper clips and
diamonds with equal vigor, you’ll soon
have more paper clips and fewer
diamonds”
-Attributed to Dean Rusk,
US Secretary of State, 1961-1969
Control
Tier-0
Tier-1
Tier-2
Privileged
Access
IPsec
Data and
Services
Access
ESAE / Red Forest
Production Domain
IPsec
Domain Controllers
SCOM Gateway
Domain Admins
Admin Workstations
Monitoring
(SCOM)
Certificate
Authority
WSUS
Red Forest
Domain Controllers
Secure Vault
Break-glass Account
Red Forest Admins
X
X
X
Hyper-Visor
Code Integrity
Virtual TPM
Local Security
Auth Service
Virtual Secure Mode
Kernel
Apps
Kernel
Virtual Secure Mode (VSM)
Hypervisor
Windows
Stay current on
security updates
Use the newest
versions of applications
Use the Enhanced
Mitigation Experience
Toolkit (EMET)
4,000
Other applications
3,500
Industrywide vulnerability disclosures
3,000
2,500
2,000
1,500
Core operating system
1,000
Operating system applications
500
Web browsers
0
1
2
3
4
5
6
TODAYS
CHALLENGE
APPS
Hyper-Visor
Code Integrity
Virtual TPM
Local Security
Auth Service
Virtual Secure Mode
Kernel
Apps
Kernel
Virtual Secure Mode (VSM)
Hypervisor
Windows
www.microsoft.com/sdl
Training
Requirements
Design
Implementation
Verification
Release
Response
Tier 2
Tier 1
Tier 0
the era of cloud computing
is being born
in a time of war-like constant hostility
1
2
3
4
5
6
Find me later at…
 Hub Happy Hour Thu 5:30-6:30pm
Free Online Learning
http://aka.ms/mva
Subscribe to our fortnightly newsletter
http://aka.ms/technetnz
http://aka.ms/msdnnz
Sessions on Demand
http://aka.ms/ch9nz
© 2015 Microsoft Corporation. All rights reserved.
Microsoft, Windows and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

similar documents