Website under construction



Download 13,37 Mb.
Pdf ko'rish
bet95/131
Sana27.03.2022
Hajmi13,37 Mb.
#512480
1   ...   91   92   93   94   95   96   97   98   ...   131
Bog'liq
9780735697744 Introducing Windows Server 2016 pdf

Control Flow Guard 
In Windows Server 2016 and Windows 10, the OS is protected by Control Flow Guard. This highly 
optimized platform security feature makes it much more difficult to run arbitrary code through 
exploits such as buffer overflows
In addition, when a developer compiles his code, the compiler will perform some security checks on 
the code and then identify the set of functions that are considered a source for an indirect call. These 
indirect calls might come from a code exploit whereby malformed data is sent into the function, 
causing it to behave abnormally. The indirect call in non–Control Flow Guard–aware code can cause 
a memory buffer overrun, which can corrupt other applications or lead to privileged execution. 
However, because the compiler has identified these sets of functions as potential vulnerabilities and 
marked them, the runtime will detect and provide additional logic that verifies whether an indirect 
call is actually valid. If the indirect call validation fails, the application will terminate, preventing the 
application from causing further damage to the system. 


109 
CHAPTER 4 | Security and identity 
Device Guard on Windows Server 2016 
With thousands of new malicious files created every day, using traditional methods like antivirus 
solutions—signature-based detection to fight against malware—might not be sufficient for some 
environments. Device Guard on Windows Server 2016 changes from a mode in which apps are trusted 
unless blocked by an antivirus or other security solution, to a mode in which the operating system 
trusts only apps authorized by your enterprise. 
What is Device Guard 
Device Guard can protect software running in Kernel mode and User mode. Under Kernel mode 
protection, Device Guard ensures that the drivers are at the very least signed by a known signature 
(WHQL signed) or you can further restrict the drivers by placing them in a safe-programs list in the 
policy. Device Guard will block drivers from loading dynamic code and block any driver that is not on 
the safe-programs list. If there is a compromised driver that tries to modify code in memory, it cannot 
be run on the machine. Device Guard also provides User mode protection (UMCI), meaning that you 
can create Code Integrity (CI) policies that define what’s trusted and authorized to run on individual 
servers. 
For details on Device Guard, here are some good references (note that this is not a complete list): 

Introduction to Device Guard
 

Requirements for deployment planning for Device Guard 

Code integrity policies
 

Download 13,37 Mb.

Do'stlaringiz bilan baham:
1   ...   91   92   93   94   95   96   97   98   ...   131




Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling

kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha


yuklab olish