1
00:00:01,040 --> 00:00:05,740
We're going to have a look at VBS, or virtualization‑based security,

2
00:00:05,740 --> 00:00:09,470
and all the features of it in Windows Server 2022.

3
00:00:09,470 --> 00:00:14,910
How VBS works is it creates and isolates a secure region of

4
00:00:14,910 --> 00:00:17,930
memory from the normal operating system.

5
00:00:17,930 --> 00:00:21,160
It uses something called Credential Guard and Credential

6
00:00:21,160 --> 00:00:25,800
Guard stores the user credentials and any secrets inside of

7
00:00:25,800 --> 00:00:28,190
this virtual container, again,

8
00:00:28,190 --> 00:00:32,200
hidden from the operating system. It has something called user mode

9
00:00:32,200 --> 00:00:36,840
configurable code integrity and what this policy does is it checks the

10
00:00:36,840 --> 00:00:40,140
application before they're even loaded.

11
00:00:40,140 --> 00:00:45,070
What we're trying to do here is protect from the most recent and most

12
00:00:45,070 --> 00:00:51,630
aggressive and most successful attacks in computing today and that is

13
00:00:51,630 --> 00:00:56,490
getting at the kernel, getting at something before the operating

14
00:00:56,490 --> 00:00:58,540
system has a chance to look at it.

15
00:00:58,540 --> 00:01:05,050
VBS uses something called hypervisor‑based code integrity, or HVCI and

16
00:01:05,050 --> 00:01:08,590
what this does is it checks all kernel mode drivers,

17
00:01:08,590 --> 00:01:12,240
it checks all the binaries in a virtualized environment

18
00:01:12,240 --> 00:01:16,550
before they're even started. In your Windows machine, HVCI

19
00:01:16,550 --> 00:01:19,300
is referred to as memory integrity.

20
00:01:19,300 --> 00:01:22,270
If your hardware meets certain requirements,

21
00:01:22,270 --> 00:01:27,460
it is turned on by default and you have to go in there and manually shut it off.

22
00:01:27,460 --> 00:01:28,960
So, with VBS,

23
00:01:28,960 --> 00:01:34,040
what we're looking at here is virtualizing a little section of the memory,

24
00:01:34,040 --> 00:01:39,040
creating a container that the operating system just can't see.

25
00:01:39,040 --> 00:01:43,010
And what we're trying to do is protect from the very sophisticated

26
00:01:43,010 --> 00:01:49,250
attacks by isolating a part of memory to store credentials,

27
00:01:49,250 --> 00:01:55,310
to store secrets, and to check everything that is being loaded inside of

28
00:01:55,310 --> 00:01:59,870
the kernel inside of the operating system so anything installed on the

29
00:01:59,870 --> 00:02:03,030
operating system can't get access to it.

30
00:02:03,030 --> 00:02:14,000
That is a look at VBS With Windows Server 2022. Up next, we'll take a look at some of the security enhancements to networking.