1

Faronics DeepFreeze

Presenter: Zoltan Karaszizkaraszi(at)kent.edu

Design of Secure Operating Systems

2

Introduction

•DeepFreeze is an application that “freezes” the desired configuration of the computer

•Once a system is frozen, any change to data or the system itself does not actually take place

•With a simple restore-to-reboot the system integrity is maintained

•When the computer is restarted, the system goes back to the state when it was frozen

3

Why we need this application?

•Users can change the operation system set up.

•Students frequently download and deploy proprietary software or other not permitted contents onto the Computer Lab computers at Kent State University.

•Finding these elements and fixing the changes manually every day in a huge lab is almost impossible.

•60,000 new unique pieces of malware are emerging daily

•Anti-Virus programs keep the known threats out but often unknown malicious software infections appear and infect the systems.

•Need a brilliant solution to make the OS Secure like Deep Freeze

4

Compatibility

WindowsFully compatible with •Windows 7•Windows Vista and •Windows XP

MacintoshCompatible with •Mac OS X 10.7 (Lion)•Mac OS X 10.6 (Snow Leopard)•Mac OS X 10.5 (Leopard)•Mac OS X 10.4 (Tiger)

5

How does DeepFreeze make the OS Secure?

•This is proprietary software => no open source version...

•“DeepFreeze is a kernel-level driver that protects hard drive integrity by redirecting information being written to the hard drive or partition, leaving the original data intact. This redirected information is no longer referenced once the computer is restarted, thus restoring the system to its original state at the disk sector level.” - Wikipedia

•Only the system administrator can thaw the machines and make any change on them; otherwise they are tamperproof.

6

Three core principles

Integrity of data•Remain at all times when the system is frozen•With a simple restore-to-reboot the system integrity is maintained

Confidentiality•Malicious users can get confidential data, even if the system is frozen •The system needs a novel and updated antivirus protection

Tamperproof•When a system is frozen, any change to data does not take place•With one reboot, the original state of the system (when it was first frozen) is brought back•Windows can be tamperproofed with DeepFreeze

7

The Layered Security Approach

Protects against multiple layers of potential threats on one central console, offering a simple, first-rate security system

The Components:

• UIT: (User InTerface) manage and monitor Core Servers and workstations

• LT: (Logical Tier) management of workstations

• DT: (Data Tier) stores the workstation list and the information about the workstations

• CA (Core Agent): installed on the workstation, enables communication between the workstations and the Faronics Core Server

8

Why are universities still using the Enterprise Console of DeepFreeze?

Easier to set it up and basically has the same functionality

Prerequisites to install the new Core Console: • NET 3.5 SP1• SQL Server System CLR Types 2008 R2• Microsoft SLQ Server 2008 R2 Management Objects• SQL Server Client 2008 R2

Why is KSU planning to go to the (new) Core Console ?

•It contains several additional features such as antivirus software and “wake up” function•Provides a better service with a complex software package

9

Important Notes

•The Faronics Core Agent is only compatible with DeepFreeze 7.0 or higher

•In order to bring up the DeepFreeze console - a combination of Ctrl + Alt + Shift + F6 is needed

•“Client” (any deepfreeze installed computer) – can be controlled only by one IP address to prevent tampering (“Server” or “Host”)

•Without the centralized control - manually disabling DeepFreeze is tedious

•With centralized control - easy to thaw the machine, reboot it, push the updates, make changes, freeze the machine and reboot it

•Kent State IT departments use the benefits of this application

10

Host Consoles

•Supports multiple hard drives and multi boot environments•Reboot in "Thawed" mode to make permanent configuration changes•In completely shut-down state, the administrator can wake up and turn on those machines; the client PC’s motherboard has to support this feature.

11

DeepFreeze Configuration AdministratorPasswords and Drives

•Preset multiple passwords can be used on a workstation or via Command Line Control with varying activation and expiration dates •Thawspace: the administrator can create up to 8 virtual partitions on the PC’s HDD allows files to be saved there that survive after the reboot

12

DeepFreeze Configuration AdministratorEmbedded Events and Maintenance

•Set up a maintenance cycle /e.g. 12-2am/ when the computers automatically thaw themselves and do the system restore and run windows updates•Batch Tuesday: spec batch run on that specific day of every week•Idle: if there is no user activity for 20 minutes the PC reboots itself & restores system•Disable keyboard and mouse : Useful if Library is open 24/7 during finals week

13

DeepFreeze Configuration AdministratorAdvanced Options

•Using SUS/WSUS ((wide)System Update Service) we can download the updates for one PC and use that one as a server So we won’t slow down the entire internet network on the department•License Key – do not forget – this is proprietary software

14

 Vulnerabilities

•System boot from a different medium (USB device, network server) no protection

•Deep Unfreezer /for DeepFreeze version 5 and 6/ We can change the state of DeepFreeze without needing the password no protection

•Faronics DeepFreeze has a modified driver that bypasses the deepfreeze program and allows the user to get in without knowing the password. Just afew people know this driver but what if one day one of them just shares this specific driver on the internet… no protection

15

Deep Unfreezer

Successfully tested on WIN9X and WIN2K/XP /with DF v5&v6/It can crack DeepFreeze and our super secure system is not safe anymore…

1.DeepFreeze Detected Click boot Thawed on Next 1 restart2.Load Deep Freeze UnFreezer Save the Status and Exit3.Restart your Computer

…this is just an illustration…

16

“Faronics DeepFreeze makes the computer indestructible”… but …

Can your Operation System protected with DeepFreeze be really Secure?

The truth is out there… / X-Files /

17

Literature

•http://www.faronics.com/en/Products/DeepFreeze/DeepFreezeCorporate.aspx

•http://en.wikipedia.org/wiki/Deep_Freeze_(software)

•http://answers.yahoo.com/question/index?qid=20091123023642AAIIAwb

•http://www.faronics.com/Faronics/Documents/DFL_Manual.pdf

•http://www.faronics.com/enterprise/deep-freeze/

Thank you !