From 5a788e023db7bb69c0839dd16add7d1b7f09d4c4 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 12 Jul 2018 08:47:41 -0700 Subject: [PATCH] revised file name --- windows/security/threat-protection/TOC.md | 2 +- ...hunderbolt.md => kernel-dma-protection-for-thunderbolt.md} | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) rename windows/security/threat-protection/{kernel-mode-protection-for-thunderbolt.md => kernel-dma-protection-for-thunderbolt.md} (98%) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 5c6cfa96b5..98c5f0de2a 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -323,7 +323,7 @@ ## [Windows Defender Device Guard: virtualization-based security and WDAC](device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md) -## [Kernel mode protection for Thunderbolt™ 3](kernel-mode-protection-for-thunderbolt.md) +## [Kernel DMA protection for Thunderbolt™ 3](kernel-dma-protection-for-thunderbolt.md) ## [Windows Defender SmartScreen](windows-defender-smartscreen/windows-defender-smartscreen-overview.md) ### [Available Windows Defender SmartScreen Group Policy and mobile device management (MDM) settings](windows-defender-smartscreen/windows-defender-smartscreen-available-settings.md) diff --git a/windows/security/threat-protection/kernel-mode-protection-for-thunderbolt.md b/windows/security/threat-protection/kernel-dma-protection-for-thunderbolt.md similarity index 98% rename from windows/security/threat-protection/kernel-mode-protection-for-thunderbolt.md rename to windows/security/threat-protection/kernel-dma-protection-for-thunderbolt.md index 1a789b5595..e8e9272bef 100644 --- a/windows/security/threat-protection/kernel-mode-protection-for-thunderbolt.md +++ b/windows/security/threat-protection/kernel-dma-protection-for-thunderbolt.md @@ -1,6 +1,6 @@ --- title: Kernel DMA protection for Thunderbolt™ 3 -description: In the Windows 10 version 1803 release, Microsoft introduced Kernel DMA Protection, a native OS solution for protecting PCs against drive-by DMA attacks via Thunderbolt™ 3 enabled ports. +description: In the Windows 10 version 1803 release, Microsoft introduced kernel DMA protection, a native OS solution for protecting PCs against drive-by DMA attacks via Thunderbolt™ 3 enabled ports. keywords: virtualization, security, malware ms.prod: w10 ms.mktglfcycl: deploy @@ -22,7 +22,7 @@ Beginning in 2013, Intel added incremental capabilities to Thunderbolt technolog When the host is properly configured with these capabilities, an end user would have to first approve the Thunderbolt peripheral when initially attached to the port, approved as either “Connect Only Once” or “Connect Always”. Although this methodology mitigates most Physical DMA attacks from un-authorized Thunderbolt devices, if a Thunderbolt device with a PCIe slot is approved as “Connect Always”, a physical “DMA attack” might still be possible, given the correct hardware and physical access to a previously approved Thunderbolt device with PCIe expandability (such as ae.g. PCIe slot or, ExpressCard). Although the “Connect Only Once” does provide additional mitigation from such attacks, it places an unwelcome burden on the end user who would be required to approve the device every time it’s connected. -In the Windows 10 version 1803 release, Microsoft introduced a native OS solution for protecting PCs against drive-by DMA attacks via Thunderbolt™ 3 enabled ports called *Kernel DMA Protection*. +In the Windows 10 version 1803 release, Microsoft introduced a native OS solution for protecting PCs against drive-by DMA attacks via Thunderbolt™ 3 enabled ports called *kernel DMA protection*. Drive-by DMA attacks are attacks that can be performed in less the 10 minutes, with off-the-shelf equipment costing less than $1,000, that do not require disassembly of the PC chassis. Without protection, a drive-by DMA attacker could dump or overwrite the entire memory of the system, inject malware, or even short-circuit the login algorithm to gain full access to the PC being attacked.