Faronics Deep Freeze Presenter Zoltan Karaszi zkarasziatkent edu

Faronics Deep. Freeze Presenter: Zoltan Karaszi zkaraszi(at)kent. edu Design of Secure Operating Systems 1

Introduction • Deep. Freeze is an application that “freezes” the desired configuration of the computer • Once a system is frozen, any change to data or the system itself does not actually take place • With a simple restore-to-reboot the system integrity is maintained • When the computer is restarted, the system goes back to the state when it was frozen 2

Why we need this application? • Users can change the operation system set up. • Students frequently download and deploy proprietary software or other not permitted contents onto the Computer Lab computers at Kent State University. • Finding these elements and fixing the changes manually every day in a huge lab is almost impossible. • 60, 000 new unique pieces of malware emerging daily • Anti-Virus programs keep the known threats out but often unknown malicious software infections appear and infect the systems. • Need a brilliant solution to make the OS Secure like Deep Freeze 3

Compatibility Windows Fully compatible with • Windows 7 • Windows Vista and • Windows XP Macintosh Compatible with • Mac OS X 10. 7 (Lion) • Mac OS X 10. 6 (Snow Leopard) • Mac OS X 10. 5 (Leopard) • Mac OS X 10. 4 (Tiger) 4

How does Deep. Freeze make the OS Secure? • This is proprietary software => no open source version. . . • “Deep. Freeze is a kernel-level driver that protects hard drive integrity by redirecting information being written to the hard drive or partition, leaving the original data intact. This redirected information is no longer referenced once the computer is restarted, thus restoring the system to its original state at the disk sector level. ” - Wikipedia • Only the system administrator can thaw the machines and make any change on them; otherwise they are tamperproof. 5

Three core principles Integrity of data • Remain at all times when the system is frozen • With a simple restore-to-reboot the system integrity is maintained Confidentiality • Malicious users can get confidential data, even if the system is frozen • The system needs a novel and updated antivirus protection Tamperproof • When a system is frozen, any change to data does not take place • With one reboot, the original state of the system (when it was first frozen) is brought back • Windows can be tamperproofed with Deep. Freeze 6

The Layered Security Approach Protects against multiple layers of potential threats on one central console, offering a simple, first-rate security system The Components: • UIT: (User In. Terface) manage and monitor Core Servers and workstations • LT: (Logical Tier) management of workstations • DT: (Data Tier) stores the workstation list and the information about the workstations 7 • CA (Core Agent): installed on the workstation, enables communication between the workstations and the Faronics Core Server

Why are universities still using the Enterprise Console of Deep. Freeze? Easier to set it up and basically has the same functionality Prerequisites to install the new Core Console: • NET 3. 5 SP 1 • SQL Server System CLR Types 2008 R 2 • Microsoft SLQ Server 2008 R 2 Management Objects • SQL Server Client 2008 R 2 Why is KSU planning to go to the (new) Core Console ? • It contains several additional features such as antivirus software and “wake up” function • Provides a better service with a complex software package 8

Important Notes • The Faronics Core Agent is only compatible with Deep. Freeze 7. 0 or higher • In order to bring up the Deep. Freeze console - a combination of Ctrl + Alt + Shift + F 6 is needed • “Client” (any deepfreeze installed computer) – can be controlled only by one IP address to prevent tampering (“Server” or “Host”) • Without the centralized control - manually disabling Deep. Freeze is tedious • With centralized control - easy to thaw the machine, reboot it, push the updates, make changes, freeze the machine and reboot it • Kent State IT departments use the benefits of this application 9

Host Consoles • Supports multiple hard drives and multi boot environments • Reboot in "Thawed" mode to make permanent configuration changes • In completely shut-down state, the administrator can wake up and turn on those machines; the client PC’s motherboard has to support this feature. 10

Deep. Freeze Configuration Administrator Passwords and Drives • Preset multiple passwords can be used on a workstation or via Command Line Control with varying activation and expiration dates • Thawspace: the administrator can create up to 8 virtual partitions on the PC’s HDD allows files to be saved there that survive after the reboot 11

Deep. Freeze Configuration Administrator Embedded Events and Maintenance • Set up a maintenance cycle /e. g. 12 -2 am/ when the computers automatically thaw themselves and do the system restore and run windows updates • Batch Tuesday: spec batch run on that specific day of every week • Idle: if there is no user activity for 20 minutes the PC reboots itself & restores system • Disable keyboard and mouse : Useful if Library is open 24/7 during finals week 12

Deep. Freeze Configuration Administrator Advanced Options • Using SUS/WSUS ((wide)System Update Service) we can download the updates for one PC and use that one as a server So we won’t slow down the entire internet network on the department • License Key – do not forget – this is proprietary software 13

Vulnerabilities • System boot from a different medium (USB device, network server) no protection • Deep Unfreezer /for Deep. Freeze version 5 and 6/ We can change the state of Deep. Freeze without needing the password no protection • Faronics Deep. Freeze has a modified driver that bypasses the deepfreeze program and allows the user to get in without knowing the password. Just afew people know this driver but what if one day one of them just shares this specific driver on the internet… no protection 14

Deep Unfreezer Successfully tested on WIN 9 X and WIN 2 K/XP /with DF v 5&v 6/ It can crack Deep. Freeze and our super secure system is not safe anymore… 1. Deep. Freeze Detected Click boot Thawed on Next 1 restart 2. Load Deep Freeze Un. Freezer Save the Status and Exit 3. Restart your Computer …this is just an illustration… 15

“Faronics Deep. Freeze makes the computer indestructible”… but … Can your Operation System protected with Deep. Freeze be really Secure? The truth is out there… / X-Files / 16

Literature • http: //www. faronics. com/en/Products/Deep. Freeze. Corporate. asp x • http: //en. wikipedia. org/wiki/Deep_Freeze_(software) • http: //answers. yahoo. com/question/index? qid=20091123023642 AAIIAwb • http: //www. faronics. com/Faronics/Documents/DFL_Manual. pdf • http: //www. faronics. com/enterprise/deep-freeze/ 17 Thank you !