End-to-end security & Virtualization
End-to-end security & Virtualization
The following list describes new and enhanced security features in Windows 8:
Trusted boot: Some malware programs target the boot process and insert themselves into the system before Windows or antimalware software is able to start. Because of this, the ability of Windows or the antimalware software to protect the system might be compromised. With UEFI 2.3.1 equipped devices, the UEFI Secure Boot feature helps to ensure that malware is not able to start before Windows 8. The Windows 8 Trusted boot feature protects the integrity of the remainder of the boot process, including the kernel, system files, boot critical drivers, and even the antimalware software itself. The system’s antimalware software is the first third party application or driver to start. Moving antimalware into the Trusted boot process prevents it from being tampered with. In the event that malware is able to successfully tamper with the boot process, Windows can automatically detect and repair the system.
Measured boot: On Trusted Platform Module (TPM)-based systems, Windows 8 can perform a comprehensive chain of measurements during the boot process that can be used to further validate the boot process beyond trusted boot. Measured boot process enables all aspects of the boot process to be measured, signed, and stored in a TPM chip. This information can be evaluated by a remote service to further validate a computer’s integrity before granting it access to resources. This process is called Remote Attestation.
BitLocker Drive Encryption: BitLocker Drive Encryption is a data protection feature in Windows 8 Pro and Windows 8 Enterprise editions that helps protect data theft from lost, stolen, or inappropriately decommissioned computers. BitLocker now encrypts hard drives more quickly, helping to keep data safe without significantly interrupting worker productivity.
BitLocker now supports encrypted drives, which are hard drives that come pre-encrypted from the manufacturer. BitLocker offloads the cryptographic operations to hardware, increasing overall encryption performance and decreasing CPU and power consumption.
On devices without hardware encryption, Bitlocker encrypts data more quickly. BitLocker allows you to choose to encrypt the used space on a disk instead of the entire disk. As free space is used, it will be encrypted. This results in a faster, less disruptive encryption of a hard drive, so that enterprises canmore easily provision BitLocker, and they can do it with little time impact. In addition, the user experience is improved by allowing a standard user, one without administrative privileges, to reset the BitLocker PIN.
AppLocker: AppLocker is a simple and flexible mechanism that allows you to specify exactly which apps are allowed to run on users' PCs. Traditional access control technologies such as Active Directory Rights Management Services and Access Control Lists (ACLs) help control the data users are allowed to access. However, these technologies can't prevent users from installing or using nonstandard software. In Windows 8 Enterprise editions, AppLocker enables you to create security policies through Group Policy to prevent potentially harmful or other non-approved apps from running. With AppLocker, you can set rules based on a number of properties, including the signature of the application's package or the app's package installer, and can more effectively control apps with less management.
Windows SmartScreen: Windows SmartScreen app reputation is a safety feature in Windows 8. This service provides application reputation-based technologies to help protect users from malicious software that they may encounter on the Internet. This technology checks the reputation on any new application, helping to keep users safe no matter what browser they use in Windows 8. This helps to prevent malware and other viruses from infiltrating your organization. The Windows SmartScreen app reputation feature works with the SmartScreen feature in Internet Explorer, which also protects users from websites seeking to acquire personal information such as usernames, passwords, and billing data.
Claim-based access control: Claim-based access control enables you to set up and manage usage policies for files, folders, and shared resources. With Windows 8, you can dynamically allow users access to the data they need based on the user's role in the company. Unlike previous statically-controlled security groups, Claim-based access control allows you to dynamically control access to corporate resources based on the user and device properties that are stored in Active Directory. For example, a policy can be created that enables individuals in the finance group to have access to specific budget and forecast data, and the human resources group to have access to personnel files.
Client Hyper-V: Client Hyper-V on Windows 8 Pro and Windows 8 Enterprise is a robust virtualization platform that enables IT Pros and developers to run diverse client and server environments on their Windows 8 PCs. You can test and manage multiple environments from a single PC, allowing you to evaluate changes in a test environment in advance of deploying to a production environment. With support for wireless networking and sleep and hibernate modes, Client Hyper-V can run on any Second Level Address Translation (SLAT)-enabled 64-bit PC, including most Intel- and AMD-based laptops. Virtual Machines (VMs) can be migrated easily between server and Client Hyper-V without modification, making developers and IT pros more efficient. Client Hyper-V also supports both 32-bit and 64-bit guest operating systems. Client Hyper-V leverages the security enhancements in Windows 8 and can be managed easily by existing IT tools such as System Center. For more information about Client Hyper-V.
Windows PowerShell: Management tasks are simplified with Windows PowerShell automation. Windows PowerShell provides easy-to-learn language syntax. New features in the Windows PowerShell Integrated Scripting Environment (ISE) make it easier and faster for both new and experienced users to author clear, maintainable, production-ready automation scripts. IntelliSense tap completion, snippets, and GUI based search features provide improved cmdlet discovery, making it easier to find and run any of the 1,200 new high-level, task-oriented cmdlets. For more information about Windows PowerShell, see Chapter 10, "Windows 8 management."
Testing, deployment, and migration: Deploying Windows 8 in your organization is faster and easier than Windows 7. Enhanced tools help you make the right decisions with minimal downtime for users. A new version of the Application Compatibility Toolkit (ACT) helps you understand potential application compatibility issues by identifying which apps are or are not compatible with Windows 8. ACT helps you to deploy Windows 8 more quickly by helping to prioritize, test, and detect compatibility issues with your apps.
Migrating user data from a previous Windows installation can be automated with the User State Migration Tool (USMT). This tool now supports migrating user data from Windows XP installations. With the end of support for Windows XP approaching, now is a great time to plan your migration to Windows 8.
Refresh and Reset your PC: Windows 8 helps streamline the recovery process for PCs. Refresh
your PC and Reset your PC allow users to restore their Windows 8 installation and more easily get their systems up and running again. Even when Windows 8 cannot start, you can use these new features from within the Windows Recovery Environment (Windows RE). Refresh your PC allows users to reinstall Windows 8 while maintaining their personal files, accounts, and personalization settings. These features make it faster and easier to get a PC up and running again. For more information about Refresh your PC and Reset your PC, see Chapter 9, "Windows 8 recovery." This chapter also describes the Microsoft Diagnostics and Recovery Toolset, which provides more advanced troubleshooting and recovery tools that are built into Windows 8.
Virtual Desktop Infrastructure (VDI): Powered by Window Server 8, Microsoft VDI provides the best value for virtual desktops today. The new Remote Desktop client in Windows 8 works with VDI. Windows Server 8 provides customers with deployment choices through a single platform and a consistently rich user experience. Setting up a VDI environment is easy with the simple setup wizard, and managing your VDI environment is simple with administration, intelligent patching, and unified management capabilities. Features such as user profile disks and Fair Share ensure high performance and flexibility, while support for lower cost storage and sessions help reduce the cost of VDI. In addition, Microsoft RemoteFX provides users with a rich, local-like desktop experience, with the ability to play multimedia, 3D graphics, use USB peripherals, and touch-enabled devices across any type of network (LAN or WAN). All of these benefits are available across different types of VDI desktops (personal VM, pooled VM, or sessionbased desktops). For more information about Windows 8 in a VDI environment.
Windows 8: Windows 8 is the basic stock-keeping unit (SKU) for home users. It includes the core feature set that home users require but does not include key business features, such as support for the ability to join domains, process Group Policy, and so on.
Windows 8 Pro: Windows 8 Pro is for small- and medium-sized businesses. It delivers new levels of productivity, security, and mobility—without sacrificing performance or choice. It provides enhanced features that help to easily connect to company networks, access files on the go, encrypt data, and more.
Windows 8 Enterprise: Windows 8 Enterprise edition is available through Windows Software Assurance. It includes all the capabilities of Windows 8 Pro, plus premium features designed to meet the mobility, productivity, security and manageability, and virtualization needs of today’s large businesses. Key examples are Windows To Go, DirectAccess, BranchCache, AppLocker, VDI, and Windows 8 app deployment. You will learn about these features in this book.
Windows RT Devices: Windows RT Devices run low-powered ARM processors, which helps OEMs build devices with long battery lives and new form factors (thin, light, and sleek devices). Also, Windows RT Devices are built on a new paradigm (preconfigured system on certified hardware), which helps ensure that users have high-quality and predictable experiences over time. While Windows RT Devices offer the great benefits this chapter just mentioned, they have commonality and shared code with Windows 8, offering a consistent, great Windows experience. For example, Windows RT Devices support the new UI (including desktop). Both Windows RT Devices and Windows 8 can run apps from the Windows Store. Windows RT Devices are compatible with most peripherals, since they include class drivers for most peripherals, and the majority of mice, keyboards, printers, and USB storages are supported out of the box.
I have checked this end to end security and virtualization by installing various application on various type of systems. It is the best knowledge for beginner of Windows 8.
These contents are taken from Microsoft resources for windows 8 or related, connected websites
The following list describes new and enhanced security features in Windows 8:
Trusted boot: Some malware programs target the boot process and insert themselves into the system before Windows or antimalware software is able to start. Because of this, the ability of Windows or the antimalware software to protect the system might be compromised. With UEFI 2.3.1 equipped devices, the UEFI Secure Boot feature helps to ensure that malware is not able to start before Windows 8. The Windows 8 Trusted boot feature protects the integrity of the remainder of the boot process, including the kernel, system files, boot critical drivers, and even the antimalware software itself. The system’s antimalware software is the first third party application or driver to start. Moving antimalware into the Trusted boot process prevents it from being tampered with. In the event that malware is able to successfully tamper with the boot process, Windows can automatically detect and repair the system.
Measured boot: On Trusted Platform Module (TPM)-based systems, Windows 8 can perform a comprehensive chain of measurements during the boot process that can be used to further validate the boot process beyond trusted boot. Measured boot process enables all aspects of the boot process to be measured, signed, and stored in a TPM chip. This information can be evaluated by a remote service to further validate a computer’s integrity before granting it access to resources. This process is called Remote Attestation.
BitLocker Drive Encryption: BitLocker Drive Encryption is a data protection feature in Windows 8 Pro and Windows 8 Enterprise editions that helps protect data theft from lost, stolen, or inappropriately decommissioned computers. BitLocker now encrypts hard drives more quickly, helping to keep data safe without significantly interrupting worker productivity.
BitLocker now supports encrypted drives, which are hard drives that come pre-encrypted from the manufacturer. BitLocker offloads the cryptographic operations to hardware, increasing overall encryption performance and decreasing CPU and power consumption.
On devices without hardware encryption, Bitlocker encrypts data more quickly. BitLocker allows you to choose to encrypt the used space on a disk instead of the entire disk. As free space is used, it will be encrypted. This results in a faster, less disruptive encryption of a hard drive, so that enterprises canmore easily provision BitLocker, and they can do it with little time impact. In addition, the user experience is improved by allowing a standard user, one without administrative privileges, to reset the BitLocker PIN.
AppLocker: AppLocker is a simple and flexible mechanism that allows you to specify exactly which apps are allowed to run on users' PCs. Traditional access control technologies such as Active Directory Rights Management Services and Access Control Lists (ACLs) help control the data users are allowed to access. However, these technologies can't prevent users from installing or using nonstandard software. In Windows 8 Enterprise editions, AppLocker enables you to create security policies through Group Policy to prevent potentially harmful or other non-approved apps from running. With AppLocker, you can set rules based on a number of properties, including the signature of the application's package or the app's package installer, and can more effectively control apps with less management.
Windows SmartScreen: Windows SmartScreen app reputation is a safety feature in Windows 8. This service provides application reputation-based technologies to help protect users from malicious software that they may encounter on the Internet. This technology checks the reputation on any new application, helping to keep users safe no matter what browser they use in Windows 8. This helps to prevent malware and other viruses from infiltrating your organization. The Windows SmartScreen app reputation feature works with the SmartScreen feature in Internet Explorer, which also protects users from websites seeking to acquire personal information such as usernames, passwords, and billing data.
Claim-based access control: Claim-based access control enables you to set up and manage usage policies for files, folders, and shared resources. With Windows 8, you can dynamically allow users access to the data they need based on the user's role in the company. Unlike previous statically-controlled security groups, Claim-based access control allows you to dynamically control access to corporate resources based on the user and device properties that are stored in Active Directory. For example, a policy can be created that enables individuals in the finance group to have access to specific budget and forecast data, and the human resources group to have access to personnel files.
Client Hyper-V: Client Hyper-V on Windows 8 Pro and Windows 8 Enterprise is a robust virtualization platform that enables IT Pros and developers to run diverse client and server environments on their Windows 8 PCs. You can test and manage multiple environments from a single PC, allowing you to evaluate changes in a test environment in advance of deploying to a production environment. With support for wireless networking and sleep and hibernate modes, Client Hyper-V can run on any Second Level Address Translation (SLAT)-enabled 64-bit PC, including most Intel- and AMD-based laptops. Virtual Machines (VMs) can be migrated easily between server and Client Hyper-V without modification, making developers and IT pros more efficient. Client Hyper-V also supports both 32-bit and 64-bit guest operating systems. Client Hyper-V leverages the security enhancements in Windows 8 and can be managed easily by existing IT tools such as System Center. For more information about Client Hyper-V.
Windows PowerShell: Management tasks are simplified with Windows PowerShell automation. Windows PowerShell provides easy-to-learn language syntax. New features in the Windows PowerShell Integrated Scripting Environment (ISE) make it easier and faster for both new and experienced users to author clear, maintainable, production-ready automation scripts. IntelliSense tap completion, snippets, and GUI based search features provide improved cmdlet discovery, making it easier to find and run any of the 1,200 new high-level, task-oriented cmdlets. For more information about Windows PowerShell, see Chapter 10, "Windows 8 management."
Testing, deployment, and migration: Deploying Windows 8 in your organization is faster and easier than Windows 7. Enhanced tools help you make the right decisions with minimal downtime for users. A new version of the Application Compatibility Toolkit (ACT) helps you understand potential application compatibility issues by identifying which apps are or are not compatible with Windows 8. ACT helps you to deploy Windows 8 more quickly by helping to prioritize, test, and detect compatibility issues with your apps.
Migrating user data from a previous Windows installation can be automated with the User State Migration Tool (USMT). This tool now supports migrating user data from Windows XP installations. With the end of support for Windows XP approaching, now is a great time to plan your migration to Windows 8.
Refresh and Reset your PC: Windows 8 helps streamline the recovery process for PCs. Refresh
your PC and Reset your PC allow users to restore their Windows 8 installation and more easily get their systems up and running again. Even when Windows 8 cannot start, you can use these new features from within the Windows Recovery Environment (Windows RE). Refresh your PC allows users to reinstall Windows 8 while maintaining their personal files, accounts, and personalization settings. These features make it faster and easier to get a PC up and running again. For more information about Refresh your PC and Reset your PC, see Chapter 9, "Windows 8 recovery." This chapter also describes the Microsoft Diagnostics and Recovery Toolset, which provides more advanced troubleshooting and recovery tools that are built into Windows 8.
Virtual Desktop Infrastructure (VDI): Powered by Window Server 8, Microsoft VDI provides the best value for virtual desktops today. The new Remote Desktop client in Windows 8 works with VDI. Windows Server 8 provides customers with deployment choices through a single platform and a consistently rich user experience. Setting up a VDI environment is easy with the simple setup wizard, and managing your VDI environment is simple with administration, intelligent patching, and unified management capabilities. Features such as user profile disks and Fair Share ensure high performance and flexibility, while support for lower cost storage and sessions help reduce the cost of VDI. In addition, Microsoft RemoteFX provides users with a rich, local-like desktop experience, with the ability to play multimedia, 3D graphics, use USB peripherals, and touch-enabled devices across any type of network (LAN or WAN). All of these benefits are available across different types of VDI desktops (personal VM, pooled VM, or sessionbased desktops). For more information about Windows 8 in a VDI environment.
Windows 8: Windows 8 is the basic stock-keeping unit (SKU) for home users. It includes the core feature set that home users require but does not include key business features, such as support for the ability to join domains, process Group Policy, and so on.
Windows 8 Pro: Windows 8 Pro is for small- and medium-sized businesses. It delivers new levels of productivity, security, and mobility—without sacrificing performance or choice. It provides enhanced features that help to easily connect to company networks, access files on the go, encrypt data, and more.
Windows 8 Enterprise: Windows 8 Enterprise edition is available through Windows Software Assurance. It includes all the capabilities of Windows 8 Pro, plus premium features designed to meet the mobility, productivity, security and manageability, and virtualization needs of today’s large businesses. Key examples are Windows To Go, DirectAccess, BranchCache, AppLocker, VDI, and Windows 8 app deployment. You will learn about these features in this book.
Windows RT Devices: Windows RT Devices run low-powered ARM processors, which helps OEMs build devices with long battery lives and new form factors (thin, light, and sleek devices). Also, Windows RT Devices are built on a new paradigm (preconfigured system on certified hardware), which helps ensure that users have high-quality and predictable experiences over time. While Windows RT Devices offer the great benefits this chapter just mentioned, they have commonality and shared code with Windows 8, offering a consistent, great Windows experience. For example, Windows RT Devices support the new UI (including desktop). Both Windows RT Devices and Windows 8 can run apps from the Windows Store. Windows RT Devices are compatible with most peripherals, since they include class drivers for most peripherals, and the majority of mice, keyboards, printers, and USB storages are supported out of the box.
I have checked this end to end security and virtualization by installing various application on various type of systems. It is the best knowledge for beginner of Windows 8.
These contents are taken from Microsoft resources for windows 8 or related, connected websites
Comments
Post a Comment