Automated Windows 8 Security Console

Introduction:
Automated Windows 8 Security Console is software program which is developed to help Windows 8 Users
to protect their privacy & from malicious attacks. Automated Windows 8 Security Console is a Graphical
User Interface Software which guides an average user about the latest security issues involved in windows
8. Software then offers a feature to implement the security by simple approval by user. The approval can
be a simple click or an enter button.
Automated windows 8 Security Console will establish a security configuration posture for Microsoft
Windows 8. Automated Windows 8 Security Console will help system and application administrators,
security specialists, auditors, help desk, and platform deployment person who plan to develop, deploy,
assess, or secure solutions that incorporate Microsoft Windows 8.
Automated Windows 8 Security Console is designed for systems in which security and integrity are the
highest priorities, even at the expense of functionality, performance, and interoperability. Therefore, each
setting should be considered carefully and can be applied by an average administrator who has a
understanding of the potential impact of each setting or action in a particular environment.
Automated Windows 8 Security Console will protect complete Windows 8 System in an automated
manner. The automation can be configured on the basis of System Scan or Manual Intention of a User to
protect the system. Automated Windows 8 Security Console will have the following security modules:
1. ActiveX Security Console: The ActiveX Console enables you to add an MMC node with a results
view containing an ActiveX control.
2. Authorization Console: The Authorization Console allows you to set role-based permissions for
Authorization Manager-enabled applications.
3. Certificates Security Console: This allows you to browse the contents of the certificate stores for
yourself, a service, or a computer.
4. Computer Security Console: This allows you to protect Software, Windows & Security Settings.
Computer Security Console is an important module of the software. This will ensure the security
configurations for Accounts Security, Privileges Security, Firewall Security Configuration, Network
Management Configurations, Public key Security Issues, Software Restriction Configuration,
Application Control, IP Security & Advanced Audit for the system.
The motivation behind Automated Windows 8 Security Console is to provide users a learning platform for
security services and practically implementing the security standards to protect the system. The software
will help in learning sector for learning information security for windows based operating systems. The
software will be required at various organizations which deploy windows 8 operating system in near
future. This is a platform for complete learning and to implement security.


Why it is believed that Automated Windows 8 Security Console will help learn the security?
This is because Automated Windows 8 Security Console will guide the users in the following directions to
realize the importance of security. The security messages which will guide the users are as follows:
Password Security: Enforcing a password security will increase the efficacy of password-based
authentication systems by reducing the opportunity for an attacker to leverage a known credential.
Password Complexities: This control determines if new passwords are required to satisfy a certain level
of complexity. This is accomplished by requiring the composition of all new passwords to be such that
they are longer than six characters, are not comprised or the principal's username or real name, and
contain characters from at least three distinct character classes (uppercase, lowercase, integer, non-
alphanumeric). For all profiles, the recommended state for this setting is Enabled.
Encryption Security: If the system becomes compromised or the system hard disk is insecurely discarded,
the confidentiality of passwords stored using reversible encryption is at a higher risk of compromise.
Additionally, in the event of such a compromise, all systems, services, and applications accessible via the
compromised credentials may realize an increased exposure to attacks via those credentials
Account Security: Establishing a reasonable length of time a user must wait before attempting to re-
authenticate after lockout reduces the number of authentication attempts an attacker may conduct in a
given period of time against a single account. This in turn reduces the probability of an attacker
successfully determining a valid credential. Additionally, establishing a reasonable time out period will
prevent attackers from intentionally locking out all accounts until help desk manually resets them.
Audit Functions in Windows 8: Windows 8 has detailed audit facilities that allow administrators to tune
their audit policy with greater specificity. By enabling the legacy audit facilities, it is probable that the
performance of the system may be reduced and that the security event log will realize high event
volumes.
Firewall Security Check Console: Enabling the Windows Firewall for this profile will reduce the remote
attack surface of the system. Notifying the user that an application is attempting to add a firewall
exception may alert the user of unexpected application behavior that will increase the remote attack
surface of the system. Blocking these responses will reduce an attacker's ability to introduce malformed
ICMP packets.
Windows 8 Update Console: Establishing automated means to deploy and apply system updates will
help ensure the system always has the most recent critical operating system updates and service packs
installed. Ensuring that the 'Install Updates and Shut Down' option is visible in the shut down Windows
dialog will reinforce the positive behavior of installing security updates. Enforcing and restricting access to
this control is important because if computer cannot restart automatically, then the most recent update
will not completely install and no new updates will download to the computer until it is restarted.

Windows 8 User Account Control Console: Requiring users to re-authenticate when performing
administrative actions will reduce the probability of malicious software or unauthorized users accessing an
unlocked console from being able to view or manipulate sensitive Windows settings. Standard users will
not have credentials required to approve the elevation request. Configuring the system will help ensure
that users and administrators are aware of and explicitly approve software installations. Configuring the
system as recommended will help reduce the probability of elevating the privileges of an application that
may have been created or altered by a malicious user. Leveraging UAC will make it more difficult for a
compromised process that is executing under the context of an administrative user to silently change
Windows settings.
User Rights Console: Configuring the system for User Rights will ensure only authorized accounts can
access the local computer from the network. This user right is very powerful as it enables grantees to
effectively circumvent access controls on the local system by assuming the identity of any other user.
Limiting the grant of this right will help minimize the chance of a user maliciously or unintentionally
impacting system performance, which may result in a denial of service. This security will reduce the
probability of unauthorized disclosure of historic sensitive data. Additionally, restricting the grant of this
right will limit the exposure to user maliciously or unintentionally overwriting data that is more recent.















Brief Literature Survey:
Windows 8 is an operating system produced by Microsoft for use on personal computers, including
home and business desktops, laptops, tablets, and home theater PCs. Development of this operating
system started before the release of its predecessor in 2009. Its existence was first announced in January
2011 at Consumer Electronics Show. During its development and test phases, Microsoft released three
pre-release versions: Developer Preview (September 13, 2011), Consumer Preview (February 29, 2012), and
Release Preview (May 31, 2012). On August 1, 2012, Windows 8 graduated from the development stage
and was released to manufacturing. Windows 8 is slated for general availability on October 26, 2012 [1].
Windows 8 introduces significant changes to the operating system's graphical user interface and platform;
such as a new interface design incorporating a new design language used by other Microsoft products, a
new Start screen to replace the Start menu used by previous versions of Windows, a new online store that
can be used to obtain new applications, along with a new platform for apps that can provide what
developers described as a "fast and fluid" experience with emphasis on touchscreen input.
[3]
Additional
security features were also added to the operating system, such as a built-in antivirus program and a
secure boot feature on systems with UEFI firmware. Secure boot requires the operating system to be
digitally signed to protect malware from infecting the boot process. The implementation of this feature
has sparked controversy among supporters of free software. Windows 8 also introduces an edition of the
operating system designed to run on devices that utilize the ARM architecture, known as Windows RT [1].
The important features of windows 8 are:
BranchCache
Client Hyper-V
Connection Manager Overview
Folder Redirection, Offline Files, and Roaming User Profiles overview
Group Policy Overview
IPv6 - Technology Overview
NTFS Health and Chkdsk
Supporting Information Workers with Reliable File Services and Storage
Windows Store Overview



Security in Windows 8 Platform [2]:
Many technologies, features, and configuration options can be used to enhance the security of computers
and networks. Windows 8 supports and enhances critical security needs, including:
Authentication and identity
Authorization and isolation
Data protection
Secure networking
fig: 1.1
Some of the benefits of Encrypted Hard Drives include:
Better performance: Encryption hardware, integrated into the drive controller, allows the drive to
operate at full data rate with no performance degradation.
Strong security based in hardware: Encryption is always "on" and the keys for encryption never
leave the hard drive. User authentication is performed by the drive before it will unlock,
independently of the operating system
Ease of use: Encryption is transparent to the user because it is on by default. There is no user
interaction needed to enable encryption. Encrypted Hard Drives are easily erased using on-board
encryption key; there is no need to re-encrypt data on the drive.
Lower cost of ownership: There is no need for new infrastructure to manage encryption keys,
since BitLocker leverages your Active Directory Domain Services infrastructure to store recovery
information. Your computer operates more efficiently because processor cycles do not need to be
used for the encryption process.
Windows 8 support Encrypted Hard Drives natively in the operating system through the following
mechanisms:
Identification: The operating system can identify that the drive is an Encrypted Hard Drive device
type
Activation: The operating system disk management utility can activate, create and map volumes
to ranges/bands as appropriate
Configuration: The operating system can create and map volumes to ranges/bands as
appropriate
API: Windows 8 and Windows Server 2012 provides API support for applications to manage
Encrypted Hard Drives independently of BitLocker Drive Encryption (BDE)
BitLocker support: Integration with the BitLocker Control Panel provides a seamless BitLocker
end user experience.

Security Settings Description:
Security settings incorporated into policies are rules that administrators configure on a computer or
multiple computers for the purpose of protecting resources on a computer or network. The GPOs are
linked to Active Directory containers such as sites, domains, or organizational units, and enable
administrators to manage security settings for multiple computers from any computer joined to the
domain. Security settings are used as part of your overall security implementation to help secure domain
controllers, servers, clients and other resources in your organization.
Security settings can control:
User authentication to a network or computer.
The resources that users are permitted to access.
Whether to record a users or groups actions in the Event log.
Membership in a group.

User Account Control Description:
UAC allows all users to log on to their computers using a standard user account. Processes launched using
a standard user token may perform tasks using access rights granted to a standard user. For instance,
Windows Explorer automatically inherits standard user level permissions. Additionally, any programs that
are executed using Windows Explorer (for example, by double-clicking an application shortcut) also run
with the standard set of user permissions. Many applications, including those that are included with the
operating system itself, are designed to work properly in this way.
Other applications, especially those that were not specifically designed with security settings in mind,
often require additional permissions to run successfully. These types of programs are referred to as legacy
applications. Additionally, actions such as installing new software and making configuration changes to
programs such as Windows Firewall, require more permissions than what is available to a standard user
account.
When an applications needs to run with more than standard user rights, UAC can restore additional user
groups to the token. This enables the user to have explicit control of programs that are making system
level changes to their machine.
Admin Approval Mode in UAC helps prevent malicious programs from silently installing without an
administrator's knowledge. It also helps protect from inadvertent system-wide changes. Lastly, it can be
used to enforce a higher level of compliance where administrators must actively consent or provide
credentials for each administrative process.
Windows 8 Firewall Security Feature:
Windows Firewall with Advanced Security is an important part of a layered security model. By providing
host-based, two-way network traffic filtering for a computer, Windows Firewall with Advanced Security
blocks unauthorized network traffic flowing into or out of the local computer. Windows Firewall with
Advanced Security also works with Network Awareness so that it can apply security settings appropriate
to the types of networks to which the computer is connected. Windows Firewall and Internet Protocol
Security (IPsec) configuration settings are integrated into a single Microsoft Management Console (MMC)
named Windows Firewall with Advanced Security, so Windows Firewall is also an important part of your
networks isolation strategy.
To help address your organizational network security challenges, Windows Firewall with Advanced
Security offers the following benefits:
Reduces the risk of network security threats. Windows Firewall with Advanced Security
reduces the attack surface of a computer, providing an additional layer to the defense-in-depth
model. Reducing the attack surface of a computer increases manageability and decreases the
likelihood of a successful attack. Network Access Protection (NAP), a feature of Windows Server
2012, also helps ensure client computers comply with policies that define the required software
and system configurations for computers that connect to your network. The integration of NAP
helps prevent communications between compliant and noncompliant computers.
Safeguards sensitive data and intellectual property. With its integration with IPsec, Windows
Firewall with Advanced Security provides a simple way to enforce authenticated, end-to-end
network communications. It provides scalable, tiered access to trusted network resources, helping
to enforce integrity of the data, and optionally helping to protect the confidentiality of the data.
Extends the value of existing investments. Because Windows Firewall with Advanced Security
is a host-based firewall that is included with Windows Server 2012, and prior Windows operating
systems and because it is tightly integrated with Active Directory Domain Services (AD DS) and
Group Policy, there is no additional hardware or software required. Windows Firewall with
Advanced Security is also designed to complement existing non-Microsoft network security
solutions through a documented application programming interface (API).
Windows 8 Software Restrictions:
Software Restriction Policies (SRP) is Group Policy-based feature that identifies software programs running
on computers in a domain, and controls the ability of those programs to run. Software restriction policies
are part of the Microsoft security and management strategy to assist enterprises in increasing the
reliability, integrity, and manageability of their computers.
You can also use software restriction policies to create a highly restricted configuration for computers, in
which you allow only specifically identified applications to run. Software restriction policies are integrated
with Microsoft Active Directory and Group Policy. You can also create software restriction policies on
stand-alone computers. Software restriction policies are trust policies, which are regulations set by an
administrator to restrict scripts and other code that is not fully trusted from running.
Administrators can use software restriction policies for the following tasks:
Define what is trusted code
Design a flexible Group Policy for regulating scripts, executable files, and ActiveX controls
Software restriction policies are enforced by the operating system and by applications (such as scripting
applications) that comply with software restriction policies.
Specifically, administrators can use software restriction policies for the following purposes:
Specify which software (executable files) can run on clients
Prevent users from running specific programs on shared computers
Specify who can add trusted publishers to clients
Set the scope of the software restriction policies (specify whether policies affect all users or a
subset of users on clients)
Prevent executable files from running on the local computer, organizational unit (OU), site, or
domain. This would be appropriate in cases when you are not using software restriction policies
to address potential issues with malicious users.
Problem Formulation:
Windows 8 provides a lot of security features which are built into windows 8. Windows 8 provide a
command line utility as well to manage the policies. The problem lies where the implementation the
security is required. Windows operating systems are the most used operating systems due to easy to use
interface.
In day to day scenario, Windows operating systems have manage to make their positions in the following
places:
1. Schools, Colleges, Educational Institute&, Research Centers.
2. Organizations, Companies, Industries, Small scale, Large Scale firms.
3. Shopping Places, Shops, Distribution Centers, Purchase Centers
4. Web Servers to store important information, which can be accessed over internet.
5. Smartphone, Mobile Phones & tablet pcs.
Windows have managed their place at every place. The security is of much concern to protect user data.
Systems are developed a bit insecure due to provide ease of access to users. Security mechanisms are
provided in the system but are disabled by default to provide easy operations. Technical Skills are
required by a user to implement or enable disable the security feature.
To avoid the lack of technical capabilities situation, we require automated windows 8 security console,
which suggests a user about the risks of the availability of feature in user understandable language, so
that he can analyze the appropriate risks involved and can allow permissions to protect the system. The
software console will be on a monitor mode which scans the system to identify what features are enabled
and disabled. The security console will seek for permission from the user and keeps the system secure.










Objectives:
Create a graphical user interface software knows as Automated Windows 8 Security Console. This console
will provide a platform to implement the security for windows 8 operating systems.
System scanner identifies the current posture of Microsoft Windows 8 operating system. Generation of
state report after the current scan.
Enabling the security features depending on the set of rules maintained by local database server. A report
will be generated after the changes have been made to the system. The analysis of the state change can
then be done by Users or Technical Analysts or Security Auditors.
Platform Support:
The Software is developed to run only for windows 8 Operating Systems.
Programming Language:
The program will be made in C#.net or VB.net in order to use platform support from Microsoft Windows
Application Programmer Interface.
Methods Used:
1. Scanning of System will be done by identifying the open ports on the system and identifying the
services running on the system. A set or requests will be sent to the system in order to identify the
open gates in the system.
2. Methods to enable the policy and disable the policy will be used which will be automated so that
the user clicks to secure the system and the system attains a security posture.
3. Parsing and File Handling Methods will be used by the software to generate documented and
organized reports.
User Interface:
The program will be Graphical User Interface based software which can enable interactivity between the
user and software. The software program focuses on learning as well so it will have multiple panes which
includes command and graphical panes to broaden a visualized learning environment.
Installation Type:
The software application will be made for Ready to Run Basis. In order to improve time complexity and
least resource usage so as to keep protect the system, avoiding Programming Language security issues
for threat, to make the application run with least privileges.


Methodology / Planning:
I have organized the methodology to be followed to develop the successful application, step by step

Information Gathering Phase:

In this phase, I will search for all the information related to Windows 8 possible attack vectors
from the Internetwork. The data gathered will be analyzed to extract potential information related
to Windows 8 attack vectors. I will analyze recent attacks performed over Windows Platforms, and
kind of data compromised. I will develop a statistical analysis of the attacks on local and remote
scenarios. This will help our project to be updated from the very recent attack performed. This will
help to identify the scope of attacks and the important data targeted by the attackers.

Feasibility Study:

I will identify the scope of implementation of the project depending on the following factors:
Cost Effective
Operational User Efficiency
Response Time of the Software while securing Operating System.
Performance over Platforms under process communication, memory Usage.
Hardware Requirements Dependency.
Amount of Random Access Memory can be used, due to other running services.
Amount of memory used to keep the database over the same server to protect against man
in the middle attack issues

Coding The Software:

Module 1: Simple Scanner
I will start coding for a simple scanner which can send specially crafted request with the attack
methods to test whether operating system reacts in a vulnerable way. After adding all the attack
vectors possible I will test a number of applications to record responses to test program code and
build effective software scanner. I will make use of Application Programmer Interface of Dot Net
Programming language to make the application a Graphical User Interface Based.

Module 2: Result Generator
I will develop a prototype for a result generator. This will provide us the current system state. &
attack possible over the current state. Security risks which can be manipulated and result in data
compromise.

Module 3: Security Update Benchmark Server
This server is parsed for the accurate security update and the set of rules to update Windows 8
System.

Module 4: Security Update or Patch Installer
This program will get the security update rules as an input and will try to update the security of
the Windows 8 System scanned. In case of security code remote injection issues we will publish a
How-To Protect document based output for the Tester or User. In any problematic situation, the
user can update the security manually.

Module 5: Report Generator
This program is a snapshot based program which takes the snaps of the test requests sent to the
server and the response recorded. In case of the vulnerable services, all services will be
documented step by step so that a Tester can understand the possible vulnerable services, the
attack possible & the security update implemented.
This will help the normal users to understand the problem and security required. This can be used
by software testers to identify vulnerabilities and present a detailed report for customers.


Testing Phase:

The tests will be performed in two ways:

Unit Testing Approach
The software modules will be tested on stand-alone basis for performance and accuracy.

Complete Software Testing
A complete testing will be done under Alpha & Beta Testing Phases to find out real time bugs
for the software. The duration of the testing phase can range from 2 Months to 6 Months.

Maintenance

The software will be maintained over online repository. The software code will always be updated
to incorporate more security implementation features related to cross site attack vectors and
more.
The update code can be downloaded from online repositories.



Facilities required for proposed work:
Hardware Requirements:
1. Windows 8 Installed computer system with all supported hardware devices.
Software requirements:
1. Microsoft Visual Studio 2012
2. Microsoft Dot Net Framework 4.5
3. SQL Server or any other database server.
4. Windows Application Programmer Interface Support for coding.


Proposed Place of Work:

The software can be developed and tested in a Laboratory Environment. The laboratory environment will
help test the application for a real time request and response mechanisms to update security. The
software will be tested and run in stand-alone manner on a dedicated windows 8 system.



References:
[1] Windows 8, from Wikipedia, February 29, 2012; http://en.wikipedia.org/wiki/Windows_8
[2] Secure Windows 8, TechNet Microsoft, February 29, 2012; http://technet.microsoft.com/en-
us/library/hh832030.aspx
Fig 1.1 Building Blocks of Security for Windows 8