Endpoint security assurance with Device Health Attestation ...€¦ · DHA DHA Enterprises are...
Transcript of Endpoint security assurance with Device Health Attestation ...€¦ · DHA DHA Enterprises are...
![Page 1: Endpoint security assurance with Device Health Attestation ...€¦ · DHA DHA Enterprises are increasingly exposed to a new class of exploits that: Infect a device at runtime, or](https://reader034.fdocuments.in/reader034/viewer/2022052320/5f0d51257e708231d439bf59/html5/thumbnails/1.jpg)
Kam Kouladjie (Senior Program Manager – WDG)
Endpoint security assurance with
Device Health Attestation service (DHA)
Kam Kouladjie – Senior Program Manager, WDG
DHA
![Page 2: Endpoint security assurance with Device Health Attestation ...€¦ · DHA DHA Enterprises are increasingly exposed to a new class of exploits that: Infect a device at runtime, or](https://reader034.fdocuments.in/reader034/viewer/2022052320/5f0d51257e708231d439bf59/html5/thumbnails/2.jpg)
Session objectives
1. Learn more about advance threats & security challenges that impact enterprises
2. Learn how you can protect enterprise assets from compromised devices using Windows
10 Device Health Attestation service
![Page 3: Endpoint security assurance with Device Health Attestation ...€¦ · DHA DHA Enterprises are increasingly exposed to a new class of exploits that: Infect a device at runtime, or](https://reader034.fdocuments.in/reader034/viewer/2022052320/5f0d51257e708231d439bf59/html5/thumbnails/3.jpg)
What are some of the security challenges that impact enterprises today?
![Page 4: Endpoint security assurance with Device Health Attestation ...€¦ · DHA DHA Enterprises are increasingly exposed to a new class of exploits that: Infect a device at runtime, or](https://reader034.fdocuments.in/reader034/viewer/2022052320/5f0d51257e708231d439bf59/html5/thumbnails/4.jpg)
DHA
DHA
Volume and Impact
Script Kiddies
BLASTER, SLAMMER
Motive: Mischief
2003-2004
Targeting
So
ph
istica
tio
nThe evolution of attacks
![Page 5: Endpoint security assurance with Device Health Attestation ...€¦ · DHA DHA Enterprises are increasingly exposed to a new class of exploits that: Infect a device at runtime, or](https://reader034.fdocuments.in/reader034/viewer/2022052320/5f0d51257e708231d439bf59/html5/thumbnails/5.jpg)
DHA
DHA
2005 - 2012
Organized Crime
RANSOMWARE, CLICK-FRAUD,
IDENTITY THEFT
Motive: Profit
Script Kiddies
BLASTER, SLAMMER
Motive: Mischief
2003-2004
So
ph
istica
tio
nThe evolution of attacks
Targeting
![Page 6: Endpoint security assurance with Device Health Attestation ...€¦ · DHA DHA Enterprises are increasingly exposed to a new class of exploits that: Infect a device at runtime, or](https://reader034.fdocuments.in/reader034/viewer/2022052320/5f0d51257e708231d439bf59/html5/thumbnails/6.jpg)
DHA
DHA
2005 - 2012
Organized Crime
RANSOMWARE, CLICK-FRAUD,
IDENTITY THEFT
Motive: Profit
Script Kiddies
BLASTER, SLAMMER
Motive: Mischief
2012 - Beyond
Nation States, Activists, Terror
Groups
BRAZEN, COMPLEX,
PERSISTENT
Motives:IP Theft,Damage,
Disruption
2003-2004
Targeting
So
ph
istica
tio
n
![Page 7: Endpoint security assurance with Device Health Attestation ...€¦ · DHA DHA Enterprises are increasingly exposed to a new class of exploits that: Infect a device at runtime, or](https://reader034.fdocuments.in/reader034/viewer/2022052320/5f0d51257e708231d439bf59/html5/thumbnails/7.jpg)
DHA
DHA
![Page 8: Endpoint security assurance with Device Health Attestation ...€¦ · DHA DHA Enterprises are increasingly exposed to a new class of exploits that: Infect a device at runtime, or](https://reader034.fdocuments.in/reader034/viewer/2022052320/5f0d51257e708231d439bf59/html5/thumbnails/8.jpg)
DHA
DHA
Enterprises are increasingly exposed to a new class of exploits that:
Infect a device at runtime, or via supply chain attack surfaces
Exploit firmware bugs, early boot component code and device boot
configuration vulnerabilities
Hide themselves from Windows security stack, capable of remaining obfuscated
from local or remote detection
Persist across multiple boots or recovery sessions
Survive clean installations and re-imaging
Used to compromise enterprises’ valuable assets directly, or abused as a launch
pad for multi-phased attacks or a backdoor for future exploits
![Page 9: Endpoint security assurance with Device Health Attestation ...€¦ · DHA DHA Enterprises are increasingly exposed to a new class of exploits that: Infect a device at runtime, or](https://reader034.fdocuments.in/reader034/viewer/2022052320/5f0d51257e708231d439bf59/html5/thumbnails/9.jpg)
DHA
DHA
![Page 10: Endpoint security assurance with Device Health Attestation ...€¦ · DHA DHA Enterprises are increasingly exposed to a new class of exploits that: Infect a device at runtime, or](https://reader034.fdocuments.in/reader034/viewer/2022052320/5f0d51257e708231d439bf59/html5/thumbnails/10.jpg)
DHA
Questions?
![Page 11: Endpoint security assurance with Device Health Attestation ...€¦ · DHA DHA Enterprises are increasingly exposed to a new class of exploits that: Infect a device at runtime, or](https://reader034.fdocuments.in/reader034/viewer/2022052320/5f0d51257e708231d439bf59/html5/thumbnails/11.jpg)
DHA
Identifying the weakest link…
![Page 12: Endpoint security assurance with Device Health Attestation ...€¦ · DHA DHA Enterprises are increasingly exposed to a new class of exploits that: Infect a device at runtime, or](https://reader034.fdocuments.in/reader034/viewer/2022052320/5f0d51257e708231d439bf59/html5/thumbnails/12.jpg)
DHA
DHA
• Boot (CI policy, SBCP
policy, test signing,..)
• Runtime policiesConfig.
issues
Attestation
• Host (Windows, *nix)
• Clients
(Windows, *nix, IOS,..)
Breach (Unauthorized
access)
Supply chain
Datacenter
Manufacturing
TPM Manufacturer OEM
Provisioning
Daily operation
Shipping
ErrorAdmin
Operator
Malicious actor
(external)
Logic bombs, zombies,
automated attacks,..
Malicious operator
Malicious admin
• Firmware
• Boot component
• Kernel/system level
• Application – Win 32/64
• Application – UAP
Bugs
DecommissionBack-up (archival)
Business continuity
& disaster recovery
Offline detection (log monitoring )
Automated retention
Continuous diagnostics
Automated audit
![Page 13: Endpoint security assurance with Device Health Attestation ...€¦ · DHA DHA Enterprises are increasingly exposed to a new class of exploits that: Infect a device at runtime, or](https://reader034.fdocuments.in/reader034/viewer/2022052320/5f0d51257e708231d439bf59/html5/thumbnails/13.jpg)
DHA
DHA
Introduction to TPM (Trusted Platform Module)
![Page 14: Endpoint security assurance with Device Health Attestation ...€¦ · DHA DHA Enterprises are increasingly exposed to a new class of exploits that: Infect a device at runtime, or](https://reader034.fdocuments.in/reader034/viewer/2022052320/5f0d51257e708231d439bf59/html5/thumbnails/14.jpg)
DHA
DHA
Discrete TPM (Laptop, Desktop, Servers)
Virtual TPM (Virtual PC)
Firmware TPM (Phone, Tablet, Laptop,..)
TPM Types
![Page 15: Endpoint security assurance with Device Health Attestation ...€¦ · DHA DHA Enterprises are increasingly exposed to a new class of exploits that: Infect a device at runtime, or](https://reader034.fdocuments.in/reader034/viewer/2022052320/5f0d51257e708231d439bf59/html5/thumbnails/15.jpg)
DHA
DHATPM components
![Page 16: Endpoint security assurance with Device Health Attestation ...€¦ · DHA DHA Enterprises are increasingly exposed to a new class of exploits that: Infect a device at runtime, or](https://reader034.fdocuments.in/reader034/viewer/2022052320/5f0d51257e708231d439bf59/html5/thumbnails/16.jpg)
DHA
DHA
EK certificate - EK public key signed in OEM factory
- Used to enable remote attestation of the device
AIK certificate - AIK public key signed by Microsoft after remote attestation
of the device to the AIK provisioning service
- Designed to reduce privacy risks
TPM certificates
![Page 17: Endpoint security assurance with Device Health Attestation ...€¦ · DHA DHA Enterprises are increasingly exposed to a new class of exploits that: Infect a device at runtime, or](https://reader034.fdocuments.in/reader034/viewer/2022052320/5f0d51257e708231d439bf59/html5/thumbnails/17.jpg)
DHA
DHATPM secrets, certificates & manufacturing (sample flow)
1- Fuse EK Seed
2- Generate EK Key Pairs (EK_PRIV, EK_PUB)
3- Send EK_PUB to signing server
4- Sign the EK_PUB, issue an EK_CERT
5- Store the EK_CERT on the device
6- Ship the device
7- User purchases the device,
turns the device on
8- Device sends the EK_CERT and EK_PUB
to AIK provisioning service
9- AIK Provisioning service issues a challenge:
- Verifies the EK_CERT
- Issues a challenge:
- Generates a random value
- Encrypts it with EK_PUB
- Sends the encrypted challenge to the device
10- Device decrypts the challenge with EK_PRIV,
forward the required information to the AIK provisioning service
11- AIK provision service, gets the data:
- Validates if the challenge data are correct
- Issues an AIK certificate
![Page 18: Endpoint security assurance with Device Health Attestation ...€¦ · DHA DHA Enterprises are increasingly exposed to a new class of exploits that: Infect a device at runtime, or](https://reader034.fdocuments.in/reader034/viewer/2022052320/5f0d51257e708231d439bf59/html5/thumbnails/18.jpg)
DHA
DHA
What is Device Health Attestation (DHA) ?
![Page 19: Endpoint security assurance with Device Health Attestation ...€¦ · DHA DHA Enterprises are increasingly exposed to a new class of exploits that: Infect a device at runtime, or](https://reader034.fdocuments.in/reader034/viewer/2022052320/5f0d51257e708231d439bf59/html5/thumbnails/19.jpg)
DHA
DHA
Before Windows 10 Device Health Attestation (DHA)
release device health was assumed
![Page 20: Endpoint security assurance with Device Health Attestation ...€¦ · DHA DHA Enterprises are increasingly exposed to a new class of exploits that: Infect a device at runtime, or](https://reader034.fdocuments.in/reader034/viewer/2022052320/5f0d51257e708231d439bf59/html5/thumbnails/20.jpg)
DHA
DHA
Device Health Attestation (DHA) enables enterprises to
validate device health remotely based on hardware
measured & attested data
![Page 21: Endpoint security assurance with Device Health Attestation ...€¦ · DHA DHA Enterprises are increasingly exposed to a new class of exploits that: Infect a device at runtime, or](https://reader034.fdocuments.in/reader034/viewer/2022052320/5f0d51257e708231d439bf59/html5/thumbnails/21.jpg)
DHA
DHA
Device Health Attestation builds upon existing Windows
security technologies that were released in Windows 8
❖ Secure Boot
❖ Measured Boot
❖ Early Launch Anti-Malware
❖ TPM Attestation
![Page 22: Endpoint security assurance with Device Health Attestation ...€¦ · DHA DHA Enterprises are increasingly exposed to a new class of exploits that: Infect a device at runtime, or](https://reader034.fdocuments.in/reader034/viewer/2022052320/5f0d51257e708231d439bf59/html5/thumbnails/22.jpg)
DHA
DHA
DHA enables IT administrators to monitor device
health remotely based on “TPM protected”,
“tamper resistant” and “tamper evident” data.
![Page 23: Endpoint security assurance with Device Health Attestation ...€¦ · DHA DHA Enterprises are increasingly exposed to a new class of exploits that: Infect a device at runtime, or](https://reader034.fdocuments.in/reader034/viewer/2022052320/5f0d51257e708231d439bf59/html5/thumbnails/23.jpg)
Windows 10 DHA TPM
Device management solution
Windows 10, TPM enabled device Device Health Attestation service
Cloud Support
OnPrem Support
Cloud Support
OnPrem Support
Enterprise managed assets
![Page 24: Endpoint security assurance with Device Health Attestation ...€¦ · DHA DHA Enterprises are increasingly exposed to a new class of exploits that: Infect a device at runtime, or](https://reader034.fdocuments.in/reader034/viewer/2022052320/5f0d51257e708231d439bf59/html5/thumbnails/24.jpg)
Windows 10 DHA TPM
1. TPM
Windows 10 Device (phone, tablet, laptop, PC,…)
Device
managements
solution (MDM)
Boot Loader
Kernel
Early LaunchAnti-Malware
Early Drivers
2. Device Health
CSP
Step 2: DHA-CSP Forwards Measurements to HAS, Gets an Encrypted Report
3.4
.SSL { D
evice
Health
Rep
ort }
Microsoft
Device Health
Attestation
Service (DHA-Service)
BIOS / UEFI
TPM
Boot Log
PCR
Step 1: Device Measures Boot Components in the TPM
Step 3: Device Management Solution Gets and Verifies Device Health Report
![Page 25: Endpoint security assurance with Device Health Attestation ...€¦ · DHA DHA Enterprises are increasingly exposed to a new class of exploits that: Infect a device at runtime, or](https://reader034.fdocuments.in/reader034/viewer/2022052320/5f0d51257e708231d439bf59/html5/thumbnails/25.jpg)
DHA
DHA
BitlockerStatus
SecureBootEnabled
CodeIntegrityEnabled
ELAMDriverLoaded
VSMEnabled
CIPolicyHash
SBCPPolicyHash
DEPPolicy State
SafeMode
Sample data points that are evaluated/reported by DHA-Service
WinPE
BootDebuggingEanabled
OSKernelDebuggingEnabled
TestSigningEnabled
AIKCertPresent
Value of PCR 0
Reset Count (Hibernation)
Restart Count (Boot/reboot)
And more ….
![Page 26: Endpoint security assurance with Device Health Attestation ...€¦ · DHA DHA Enterprises are increasingly exposed to a new class of exploits that: Infect a device at runtime, or](https://reader034.fdocuments.in/reader034/viewer/2022052320/5f0d51257e708231d439bf59/html5/thumbnails/26.jpg)
DHA
DHA
Implementation Options?
![Page 27: Endpoint security assurance with Device Health Attestation ...€¦ · DHA DHA Enterprises are increasingly exposed to a new class of exploits that: Infect a device at runtime, or](https://reader034.fdocuments.in/reader034/viewer/2022052320/5f0d51257e708231d439bf59/html5/thumbnails/27.jpg)
DHA
DHA
DHA - Implementation options
DHA-Cloud Microsoft owned and operated service running in 4 datacenter <free>
DHA-OnPrem DHA-Services running on Server 2016 <no added/extra licensing fee>
DHA-Azure DHA-Services running on Server 2016 <Azure traffic/usage cost>
![Page 28: Endpoint security assurance with Device Health Attestation ...€¦ · DHA DHA Enterprises are increasingly exposed to a new class of exploits that: Infect a device at runtime, or](https://reader034.fdocuments.in/reader034/viewer/2022052320/5f0d51257e708231d439bf59/html5/thumbnails/28.jpg)
DHA
DHA
List of DHA-Enabled capabilities
** Please contact your MDM for a full/more up-to-date list.. **
Data Collection (i.e. Anomaly analysis, Audit)
Compliance Reporting ( i.e. On demand, Scheduled)
Live Monitoring (i.e. Continuous diagnostics)
Zero Day Incident Response (i.e. Incident Response Agility)
Online Enforcement (i.e. Conditional Access)
Out of band enforcement (i.e. Alert, notification, expiring access tokens..)
![Page 29: Endpoint security assurance with Device Health Attestation ...€¦ · DHA DHA Enterprises are increasingly exposed to a new class of exploits that: Infect a device at runtime, or](https://reader034.fdocuments.in/reader034/viewer/2022052320/5f0d51257e708231d439bf59/html5/thumbnails/29.jpg)
DHA
DHA
DHA-Enabled MDM’s
more integration coming ………
![Page 30: Endpoint security assurance with Device Health Attestation ...€¦ · DHA DHA Enterprises are increasingly exposed to a new class of exploits that: Infect a device at runtime, or](https://reader034.fdocuments.in/reader034/viewer/2022052320/5f0d51257e708231d439bf59/html5/thumbnails/30.jpg)
DHADHA dependencies
Attestation Server/Service:• Cloud Service:
• Microsoft Heath Attestation Service
• On Premise Server:• Windows Server 2016 Health Attestation
Server Role
Endpoint Software:• Windows 10 RTM (All editions)
• Windows 10 Mobile
• Windows Server 2016
Device Management Solution :• Microsoft Intune
• System Center Config Manager (SCCM)
• Airwatch
• MobileIron
• SOTI
• Citrix
• Symantec,
• More …….
Endpoint Hardware:• TPM is required
• Win 10 RTM & TH2 (build 10586):
• TPM 2.0 Required
• Windows Redstone:
• TPM 1.2 support will be added
![Page 31: Endpoint security assurance with Device Health Attestation ...€¦ · DHA DHA Enterprises are increasingly exposed to a new class of exploits that: Infect a device at runtime, or](https://reader034.fdocuments.in/reader034/viewer/2022052320/5f0d51257e708231d439bf59/html5/thumbnails/31.jpg)
DHA
DHA
https://technet.microsoft.com/en-us/library/mt750346.aspx
https://technet.microsoft.com/en-us/library/mt750346.aspx
![Page 32: Endpoint security assurance with Device Health Attestation ...€¦ · DHA DHA Enterprises are increasingly exposed to a new class of exploits that: Infect a device at runtime, or](https://reader034.fdocuments.in/reader034/viewer/2022052320/5f0d51257e708231d439bf59/html5/thumbnails/32.jpg)
DHA
DHA
https://technet.microsoft.com/en-us/library/mt750346.aspx
https://technet.microsoft.com/en-us/library/mt750346.aspx
![Page 34: Endpoint security assurance with Device Health Attestation ...€¦ · DHA DHA Enterprises are increasingly exposed to a new class of exploits that: Infect a device at runtime, or](https://reader034.fdocuments.in/reader034/viewer/2022052320/5f0d51257e708231d439bf59/html5/thumbnails/34.jpg)
DHA
DHA
Thank you!
![Page 35: Endpoint security assurance with Device Health Attestation ...€¦ · DHA DHA Enterprises are increasingly exposed to a new class of exploits that: Infect a device at runtime, or](https://reader034.fdocuments.in/reader034/viewer/2022052320/5f0d51257e708231d439bf59/html5/thumbnails/35.jpg)
Windows 10 DHA TPM
DHA-Service MDM
Win 10 Device
TPM
Device Health
CSP
MDMClient
(B2)
Forw
ard
He
alth
Da
ta
B5) Issue Device Health Report
(B4)
Va
lida
te
Devic
e
Hea
lth
Data
Other DeviceConfiguration Service
Providers (CSP’s)
(C1
) Q
uery
De
vic
e C
onfig
-S
tate
(C2)
Forw
ard
De
vic
e C
onfig
–S
tate
Info
D) Set “IsCompliant”
Device Attribute
(C3) V
alid
ate
Com
plia
nce
Sa
te D
ata
(A) Get Device Health Certificate
TCG
Boot Log
PCR
Measure
d b
oot
Bios UEFI
Boot Loader
Early Launch
Antimalware
Kernel
Early Drivers
(B) Validate Device Health
(D) Set “IsCompliant” Device Attribute
(C) Query Device Config - State
Office 365 Resource
AAD TB Plugin/ADAL
Office Apps
AAD
(E2
)R
equ
est A
cce
ss T
oke
n
(Au
thN
, Au
thZ
)
(E4
) Is
su
e O
ffice
365
Acce
ss T
oke
n
(E6) Present Token
(F) Access
Office 365 Protected
Resources
(E3) Validate
Device
Compliance
Sate
(E) Request Office 365 Access Token
(F) Access Office 365
Protected Resources
DHA-Enabled MDM – O365 CA flow
![Page 36: Endpoint security assurance with Device Health Attestation ...€¦ · DHA DHA Enterprises are increasingly exposed to a new class of exploits that: Infect a device at runtime, or](https://reader034.fdocuments.in/reader034/viewer/2022052320/5f0d51257e708231d439bf59/html5/thumbnails/36.jpg)
Windows 10 DHA TPM
VPN Server
MDM
Win 10 Device
TPM
AAD Token Broker
Plugin
VPN Client
Device Health
CSP
MDMClient
(B2
)F
orw
ard
He
alth
Da
ta
B5) Issue Device Health Report
(B4)
Va
lida
te
De
vic
e
Hea
lth
Data
Other DeviceConfiguration Service
Providers (CSP’s)
(C1
) Q
uery
De
vic
e C
onfig
-S
tate
(C2)
Forw
ard
De
vic
e C
onfig
–S
tate
Info
AADD) Set “IsCompliant”
Device Attribute
Certificate Store
(C3) V
alid
ate
Com
plia
nce
Sa
te D
ata
AAD mini CA
(E2) Validate
Compliance State
[VPN
Compliance Policy configured]
(F1) Retrieve VPN
Short Lived Cert
(F2) Present Short Lived Cert (EAP-TLS)
(F3) VPN client authenticated
(A) Get Device Health Certificate
(G) Access Internal Network Resources
TCG
Boot Log
PCR
Measure
d b
oot
Bios UEFI
Boot Loader
Early Launch
Antimalware
Kernel
Early Drivers
(B) Validate Device Health
(D) Set “IsCompliant” Device Attribute
(C) Query Device Config - State
(F) F- Client connects to VPN Server
(E) Request VPN Certificate
(G) Access Internal Network Resources
DHA-Service
DHA-Enabled MDM – VPN CA flow