Microsoft Windows Defender Device Guard | Analysis

2. Summary

A Device guard is a security feature which is grouping of creativity linked of hardware and software together to configure and make lock the system on which it will be deployed. This will help the user just to run the trusted applications which are already defined in the integrity policies. Sometimes the application does not look like the trusted one. When it is not trusted, then it won’t be able to run or execute on the system whether it is on server side or the client side. The attacker can also attack the windows kernel as well. This can resolve this problem and can reduce the risk of malware or attacker enter the system. The attacker can run the malicious executable code to enter the system or computer. This device guard can be implemented on Windows 10 and Windows Server 2016. One can deploy on the server and the other systems to which the server is providing services, can use it from that only. For deploying this onto the system, one should have the proper hardware and their compatible drivers. We have done it on the physical hardware in which we have installed a Windows Server 2016 and two different Windows 10 which is a client side (Mariano, 2018).

3. Introduction of the project

This part of the report will be going to include :

• Background of the project
• Project requirements in detail
• Designing of the project
• Block Diagrams or any Flow Chart relating with the project

Project Background

The project titled as Microsoft Windows Defender Device Guard is one of the old technology been used in the computer system which can stop the entry of the    The main working or motive of this project is to stop the entry or installation of any unauthorized/untrusted application or software program to get installed whose policies are not been defined in the existing computer system. In this project we have designed and configured a system which will act as a server and it will be connected and providing services to the other systems which are completely dependent on the server. The clients will be getting the services as per their demand and the server will additionally provide them the security which is programmed on the server only.

Project Requirements in Detail

As per the requirements of the project we have enclosed some of the main necessary needs to deploy our project:

• Hardware Requirements

For establishing our project, we need fast processing computer system with 16GB of RAM, Intel i7 processor, Graphic Card, Coolant fan for cooling, 2TB of hard drive to store the data and configurations. A stable working internet connection as well.

• Software Requirements

We require 2 different types of Windows operating system which is considered under software. These are Windows Server 2016 on which all the configurations will be done for itself and for the clients as well, Windows 10 for the client side.

• Human Resource

Project Design

Deploy Device Guard is basically a guard for the security based on virtualization. This isolates the credentials as to make the system get access to the authorized applications which are being installed in the system. If this type of security is not present in the system, the attacker can easily get into the system and can easily access and steal the confidential data from the server of the system. These type of attacks can be prevented by the guard by protecting the NTLM which stands for The designing of the project is done by taking a complete good time. Every project should have a plan before initiating it. We first created the block diagrams, flow charts and rough idea of how the project will run. After the execution of the project created, we had a plan to check before handing over to the customer’s hand. The execution of the project gave a good and planned result which has stopped the unauthorized installation of the applications in to the system. This is very important and is widely used in today’s organizations. These are the reliable configurations for the company to add it to their server side which can help them in enhancing their as well as the client system. It is a combination of the hardware and software security feature which combines together to  lock the device temporarily so that they can evaluate and then allow only the trusted application to go through (John, 2018).

What type of security does it involves?

Hardware Security: The derived domain’s credential security is also increased as they perform the secure boot and virtualization for the system.

Manageability: By using the command prompt and PowerShell, we can manage the Group Policy and WMI in the credential guard.

Better protection can be provided against the threats: By using the virtualization based security, the attack on the credentials by attack techniques and tools are managed by that (Rozzy, 2018).

How this Device Guard can be Managed?

To manage the device guard, we have introduced four methods:

• It can be managed by using  the PowerShell
• Second procedure by which this can be managed is through Microsoft Intune
• The Microsoft System Center Configuration Manager is used in the management of the files known as catalog files, policies and other features which are hardware based.
• The last includes the Group Policy as in Windows 10, they provide an template which is administrative that can be configured and for the organization the codes and policies can be enabled and then applied.

How to check whether the Code Integrity is enabled or not?

One can check this by going and opening the System information app i.e msinfo32. In that just look for Device Guard Security Services Running. This will show you the current situation where of the Device Guard.

Under given is the design/flowchart of the project been implemented:

As per the flow chart, all the steps has been performed in order to complete the project for the customer. Firstly, everything is planned as per the customer’s need. Then we decided to make a rough design or idea for the implementation of the project. When the design has been completed, we started implementing the steps according to the design or the flow chart. According to the flow chart, we then downloaded the genuine Windows Operating systems as per the requirements that are Windows 10 and Windows Server 2016. Then the operating system will be installed according to the design. After installing of the operating systems, the requirements for configuring the device guard are matched and then the system is been configured. If the configuration is not successful, we will perform the configuration steps again. And if it is completed, then we will move further for creating, audit and merge the code integrity policy for the system. Then the group policy is been used for deploying the code integrity. After that we are up to creating a code signing certificate for signing code and catalog files. When these steps has been completed, then we can go further for finishing the project. If not, then we will perform these steps again. Then the catalog files would be created for the completion of the project.

4. Discussions

Client Server Implementation

Client Implementation

In our project, the client is the person who is seeking the services from the server side. All the configurations has been installed in the server’s system. The client is just connected with the server by providing the IP address and connecting them with the common domain so that they can share everything. The service and configuration for the client side which has been designed for the deploy device to keep the confidential data and credentials store in a safe place will be implemented on the server side. This is because, this is a virtualization based security which is been provided to the client. In this, the client is completely dependent on the server for the operating system, virtual hard drive, virtualized RAM and others. In order to get the advantage from the server side for themselves, they can go up to the server and wait for them for configuring the system as per their needs.

Some of the code integrity policies have been installed or configured onto the client side as well. For the client side, there are some requirements for the device guard to be enabled for the system:

1. Latitude and venue devices should be Windows 10 Enterprise ready. The BIOS and drivers of the client side must be updated to the latest version been running on to the scale.
2. Customers must be having a Microsoft Volume License as Windows 10 enterprise is not an OEM SKU.
3. DG/CG capable processors only be used by the clients. They are friendly with the deployment of the device guard on the system (Laing, 2019).

Server Implementation

Here in the project, Server plays the main role on which all the configurations has been done. The server side actually needs a higher capability drivers, hard drives, speed booster RAMS and all the things required for the configurations. For knowledge, if the UEFI is locked down, we cannot change the settings in UEFI to compromise the deploy device guard on client’s system. Configuring the server side has been a bit complicated. The deploy device is basically nowadays been found in Windows 10. But in our project we have connected the three different operating systems with a common domain which has been made by the server only. The service to the Windows 10 is been taken from the main computer system connected as a server to the client. This we are doing with the process of virtualization that means taking virtualized services from the device the actual physical device and been configured properly. After implementing, we just have to be careful of the settings should be in order and has to be solid. The device will be locked after implementing the configurations to the server side as they have to run only trusted applications. If the application is not trusted, then the application will not run on the system. They will actually run the applications that are defined in the code integrity policies.

The outcome of the project

After implementing all the configurations, services and code integrity policies, the outcome of the project seems to be like the server side is completely configured and installed. Then these all services and configurations will be virtualized to the client side of the system. As there are thousands of malicious files entering the device is been preserved like the antivirus software which protects the computer from these kinds of stuffs. The deploy device on the Windows 10 enterprise is mostly changed from a mode as the applications can be trusted until the antivirus system or some other application has blocked them. Then it changes to the applications which are trusted will be executed further.

Figure 1

Figure 2

Figure 3

Problems faced in the project

There were many problems which has been faced me and my group members. Firstly we implemented all this on the physical environment to check the working. Then we implemented all this setup on the three hard drives physically. But this was showing some sort of error like internet was not connected and working, the hard drive was crashing in between. Then we decided to implemented that on single hard drive by installing Windows server 2016 and windows 10 on a single hard drive. We have created a server and two clients connected with the server as well. Then we implemented and configured on the server side which was used by the clients at the other end.

5. Conclusion

After implementing this project, we understood the importance of security in the technological life. If it is left unsecured the credentials and the confidential files will be hacked and the information will be leaked with the other unauthorized user. This Deploy Device Guard can keep the malicious and untrusted applications to run and execute for the user on the client side. The device guard in our deployment model is situated at two sides of the system. One is at the end of the local user and the other one at the downloadable side of the internet. Deploy Device Guard can be best implemented in the Windows 10 Enterprise. It goes well when it is done with the virtualization process.

Bibliography

• John. (2018, February). Windows 10 Enterprise Security. Retrieved from www.dell.com: https://www.dell.com/support/article/nz/en/nzdhs1/sln304974/windows-10-enterprise-security-credential-guard-and-device-guard?lang=en
• Laing, J. (2019, January). SUGI25:. Retrieved from support.sas.com: https://support.sas.com/resources/papers/proceedings/proceedings/sugi25/25/aa/25p019.pdf
• Mariano, A. (2018, May). Planning and getting. Retrieved from docs.microsoft.com: https://docs.microsoft.com/en-nz/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide
• Rozzy. (2018, July). Device Guard is the . Retrieved from docs.microsoft.com: https://docs.microsoft.com/en-us/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control