Sunday, September 27, 2015

What is Credential Guard?

It is a new feature in Windows 10 but only available in Windows 10 Enterprise or Windows 10 Education. This is meant to beef up on security. It protects the core kernel from malware by not allowing taking control of the machine remotely.
Credential Guard provides isolation for the secrets held in Local Security Authority in the older systems by a virtualization based security. Data stored by virtualization is not accessible to the rest of the OS. Credit Guard has no device drivers but hosts a reduced subset of OS binaries needed for security only. Of course the binaries are signed with trusted certificates.

The Credential Guard feature depends on the Hypervisor.  Here is a high-level overview of Credential Guard(virtualization based security).


The Credit Guard offers the following features/solutions:
Hardware security Credentials Guard takes advantage of platform security features, such as Secure Boot and virtualization to increase security.

•Virtualization-based security Windows services can run in a protected environment that is isolated from the running operating system.

•Better protection against advanced persistent threats Credential Guard does this by securing domain user's credentials in the virtualization-based security environment. Malware running in the operating system, even with administrative privileges, cannot extract secrets that are protected by virtualization-based security.

•Manageability You can manage Credential Guard by using Group Policy, WMI, from a command prompt, and Windows PowerShell.
The following virtualization extensions are required to support virtualization-based security:
•Intel VT-x or AMD-V
•Second Level Address Translation
It run only on X64 Bit platforms.
Watch this video from Channel 9:

No comments: