Protecting Against Credential Theft: Today and Tomorrow Chris Jackson M330 2012 - Beyond Sophistication 2005-PRESENT Organized Crime 2003-2004 RANSOMWARE, CLICK-FRAUD, IDENTITY THEFT Motive: Profit Script Kiddies BLASTER, SLAMMER Motive: Mischief Targeting Nation States, Activists, Terror Groups BRAZEN, COMPLEX, PERSISTENT Motives: IP Theft, Damage, Disruption Microsoft Defies Court Order, Will Not Give Emails to US Government NSA internet snooping: EU threatens to suspend data sharing with US 1. Beachhead (e.g. Phishing) 2. Steal credentials 3. Move laterally 4. Acquire Domain Admin credentials 5. Execute attacker mission 24–48 Hours Initial compromise or entry Vector. Core security compromised. Average 8 Months Service outage, data theft, or exfiltration. Attack detected. Control Tier-0 Tier-1 Tier-2 Data and Services Access “If you protect your paper clips and diamonds with equal vigor, you’ll soon have more paper clips and fewer diamonds” -Attributed to Dean Rusk, US Secretary of State, 1961-1969 Control Tier-0 Tier-1 Tier-2 Privileged Access IPsec Data and Services Access ESAE / Red Forest Production Domain IPsec Domain Controllers SCOM Gateway Domain Admins Admin Workstations Monitoring (SCOM) Certificate Authority WSUS Red Forest Domain Controllers Secure Vault Break-glass Account Red Forest Admins X X X Hyper-Visor Code Integrity Virtual TPM Local Security Auth Service Virtual Secure Mode Kernel Apps Kernel Virtual Secure Mode (VSM) Hypervisor Windows Stay current on security updates Use the newest versions of applications Use the Enhanced Mitigation Experience Toolkit (EMET) 4,000 Other applications 3,500 Industrywide vulnerability disclosures 3,000 2,500 2,000 1,500 Core operating system 1,000 Operating system applications 500 Web browsers 0 1 2 3 4 5 6 TODAYS CHALLENGE APPS Hyper-Visor Code Integrity Virtual TPM Local Security Auth Service Virtual Secure Mode Kernel Apps Kernel Virtual Secure Mode (VSM) Hypervisor Windows www.microsoft.com/sdl Training Requirements Design Implementation Verification Release Response Tier 2 Tier 1 Tier 0 the era of cloud computing is being born in a time of war-like constant hostility 1 2 3 4 5 6 Find me later at… Hub Happy Hour Thu 5:30-6:30pm Free Online Learning http://aka.ms/mva Subscribe to our fortnightly newsletter http://aka.ms/technetnz http://aka.ms/msdnnz Sessions on Demand http://aka.ms/ch9nz © 2015 Microsoft Corporation. All rights reserved. Microsoft, Windows and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.