Ramnish Singh Platform Security Briefing

  • 1,880 views
Uploaded on

 

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,880
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
38
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • LEAD: Who is responsible for driving the evolution of the threats that impact your business?It started with those that were curious and wanted personal fame in hacking into different systems and networks.Then, the motivation moved to those that found a sport in CyberTrespassing and those that look at financial gains from CyberThief. As more individuals made money, the group began to grow larger and larger.Now we are finding experts and specialist that focus on large hacking efforts gaining access to sensitive data that they can sell on the black market. We are also seeing CyberSpy Specialist with national interests at stake.<CLICK>Vandals are the largest group.<CLICK>We see Theives driving the largest area where money is lost<CLICK>The largest segment of spend is focused defending national interests.<CLICK>The fastest growing segment are the experts that are in the business of stealing your business assets.????? Customer QuestionsAre you seeing security threats evolve before the attacked technology is mainstreamed?Why do you think this is happening?
  • LEAD: Engineering Excellence is focused upon providing fundamentally secure platforms for our customers. They should be secure by design, secure by default, and remain secure after deployment.???? Customer QuestionsWhat kind of security configuration management do you utilize to deploy servers? Desktops?Are you using Group Policy to keep your platforms secure after they are deployed?What is your platform patching strategy?

Transcript

  • 1. Platform Security Briefing
    Ramnish Singh
    PMP, CISSP, Microsoft Certified Architect (Infrastructure)
    MCITP (Windows 2008),MCTS (Windows Server,Vista, Exchange), MCSE (Windows 2003, 2000, NT), MCT
    Cisco Certified Design Professional, Cisco Certified Network Professional, Sun CSA
    IT Advisor | Microsoft Corporation
    Blog Address (optional) | Email (optional)
  • 2.
  • 3.
  • 4. Security Versus Access
    Demand for access
    Escalating threats
    23 million branch offices WW(IDC, 2006)
    3.6 billion mobile users WW by 2010 (Infonetics, 2007)
    85% of companies will have WLANs by 2010 (Infonetics, 2006)
    8x increase in phishing sites in past year (AWG, 2006)
    One message-based Trojan attack per day in 2006 vs. one per week in 2005 (Message Labs, 2006)
    Strong indication of increase in profit-motivated attacks (Multiple sources)
  • 5. Evolving Threat Landscape
    Local Area Networks
    First PC virus
    Boot sector viruses
    Create notorietyor cause havoc
    Slow propagation
    16-bit DOS
    Internet Era
    Macro viruses
    Script viruses
    Create notorietyor cause havoc
    Faster propagation
    32-bit Windows
    Hyper jacking
    Peer to Peer
    Social engineering
    Application attacks
    Financial motivation
    Targeted attacks
    64-bit Windows
    Broadbandprevalent
    Spyware, Spam
    Phishing
    Botnets
    Rootkits
    Financial motivation
    Internet wide impact
    32-bit Windows
    1986–1995
    1995–2000
    2000–2005
    2007
  • 6. National Interest
    Personal Gain
    Personal Fame
    Curiosity
    Largest segment by $ spent on defense
    Spy
    Largest area by $ lost
    Fastest
    growing
    segment
    Thief
    Largest area by volume
    Trespasser
    Author
    Vandal
    Undergraduate
    Script-Kiddy
    Expert
    Specialist
    Evolving Threats
  • 7. 1st known hack...
    The need for security in communication networks is not new. In the late nineteenth century an American undertaker named AlmonStrowger discovered that he was losing business to his rivals because telephone operators, responsible for the manual connection of call requests, were unfairly diverting calls from the newly bereaved to his competitors. Strowger developed switching systems that led to the introduction of the first automated telephone exchanges in 1897. This enabled users to make their own connections using rotary dialling to signal the required destination.
    AlmonStrowger
  • 8. Addressing Security Threats
    Helps turn IT into a business asset not a cost center
    Supports your day to day security processes
    Is the Enabler to running your business successfully
    Technology
    Data privacy processes to manage data effectively
    IT security processes to implement, manage, and govern security
    Financial reporting processes that include security of the business
    Process
    Company understands the importance of security in the workplace
    Individuals know their role with security governance and compliance
    IT staff has the security skills and knowledge to support your business
    People
  • 9. Microsoft’s Promises To You
    Manage Complexity,
    Achieve Agility
    Amplifythe Impactof YourPeople
    ProtectInformation,ControlAccess
    Advance the Businesswith IT Solutions
  • 10. Delivering On The Promise:Infrastructure Optimization
    *Source: Microsoft CSO Summit 2007 Registration Survey
  • 11. Core Infrastructure Optimization
    More Efficient Cost Center
    Cost Center
    Strategic Asset
    Business Enabler
    Basic
    No centralized enterprise directory
    No automated patch management
    Anti-malwarenot centrally managed
    Message security for e-mail only
    No secure coding practices in place
    Standardized
    Using enterprise directory for authentication
    Automated patch management tools deployed
    Anti-malwareis managed centrally
    Unified message security in place
    Rationalized
    Integrated directory services, PKIin place
    Formal patch management process
    Defense in depth threat protection
    Security extended to remote and mobile workforce
    Dynamic
    Full identity lifecycle management.ID Federation,Rights Mgt Services in use
    Metrics driven update process
    Client quarantine and access policy enforcement
    $1320/PC Cost
    $580/PC Cost
    $230/PC Cost
    Source:GCR and IDC data analyzed by Microsoft, 2006
  • 12. Core Infrastructure Optimization Model: Security
    Basic
    Standardized
    Rationalized
    Dynamic
    Technology
    Self provisioning and quarantine capable systems ensure compliance and high availability
    Automate identity and access management
    Automatedsystem management
    Multiple directories for authentication
    Limited automated software distribution
    Patch statusof desktopsis unknown
    No unified directory for access mgmt
    Self-assessing and continuous improvement
    Easy, secure access to info from anywhereon Internet
    SLAs are linkedto business objectives
    Clearly defined and enforced images, security, best practices
    CentralAdmin and configurationof security
    Standard desktop images defined,not adopted by all
    IT processes undefined
    Complexity dueto localized processesand minimal central control
    Process
    Improve IT Maturity while Gaining ROI
    IT is astrategic asset
    Users look to ITas a valued partner to enable new business initiatives
    IT Staff manages an efficient,controlled environment
    Users have the right tools,availability, and access to info
    IT Staff trained in best practices such as MOF,ITIL, etc.
    Users expect basic services from IT
    IT staff taxed by operational challenges
    Users come up with their ownIT solutions
    People
  • 13. SC information system = {(confidentiality, impact), (integrity, impact), (availability, impact)}
    where the acceptable values for potential impact are low, moderate, or high.
  • 14. Trustworthy Computing
  • 15. Microsoft Security Strategy
  • 16. LawEnforcement
    Public Policy
    VIA
    GIAIS
    Microsoft Security Strategy
    IndustryPartnerships
    ConsumerAwareness
  • 17. Microsoft SecurityAssessment Toolkit
    SecurityTools
    Microsoft Windows VistaSecurity Whitepapers
    SecurityReadiness
    Educationand Training
    Microsoft SecurityIntelligence Report
    Learning Paths forSecurity Professionals
    www.microsoft.com/technet/security
    Microsoft Security Strategy
  • 18. Security Development Lifecycle
    Design
    Threat Modeling
    Standards, best practices, and tools
    Security Push
    Final Security Review
    RTM and Deployment
    Signoff
    Security Response
    Product Inception
  • 19. Priority #1 - Platform Security
    Security Development Lifecycle
    Security Response Center
    Better Updates And Tools
  • 20. Comprehensive Security Portfolio
    Services
    Edge
    Encrypting File System (EFS)
    Server Applications
    BitLocker™
    Information Protection
    Network Access Protection (NAP)
    Client and Server OS
    IdentityManagement
    Windows
    CardSpace
    SystemsManagement
    Active Directory Federation Services (ADFS)
    Guidance
    Developer Tools
  • 21. Security Development Lifecycle (SDL)
    Kernel Patch Protection
    Kernel-mode Driver Signing
    Secure Startup
    Windows Service Hardening
    Secure
    Platform
    Rights Management Services (RMS)
    SharePoint, Exchange, Windows Mobile integration
    Encrypting File System (EFS)
    Bitlocker
    Secure
    Access
    User Account Control
    Network Access Protection (NAP)
    IPv6
    IPsec
    Windows CardSpace
    Native smart card support
    GINA Re-architecture
    Certificate Services
    Credential roaming
    Windows Defender
    IE Protected Mode
    Address Space Layout Randomization (ASLR)
    Data Execution Prevention (DEP)
    Bi-directional Firewall
    Windows Security Center
    Data
    Protection
    Malware
    Protection
  • 22. Windows Vista SP1 includes
    Additional Kernel Patch Protection APIs
    Enhanced Windows Security Center reporting
    Expanded BitLocker Drive Encryption (BDE)
    Additional multifactor authentication methods
  • 23. Security Development Lifecycle (SDL)
    Windows Server Virtualization (Hypervisor)
    Role Management Tool
    OS File Integrity
    Secure
    Platform
    Network
    Protection
    Network Access Protection (NAP)
    Server and Domain Isolation with IPsec
    End-to-end Network Authentication
    Windows Firewall With Advanced Security
    On By Default
    Identity
    Access
    Rights Management Services (RMS)
    Full volume encryption (Bitlocker)
    USB Device-connection rules with Group Policy
    Improved Auditing
    Windows Server Backup
    Data
    Protection
    Read-only Domain Controller (RODC)
    Active Directory Federation Srvcs. (ADFS)
    Administrative Role Separation
    PKI Management Console
    Online CertificateStatus Protocol
  • 24. Secure
    Platform
    Surface Area Configuration tool
    Password Policy Enforcement; Granular Roles
    Built in Encryption;Key Mgmt.
    Auditing – Data Definition Language (DDL)
    Advanced Spam and Virus Defenses
    Compliance
    Business Continuity
    Trust Center
    New Document Security Model
    Open XML File Formats
    Rich Authentication
    GranularAccess Control
    Complianceand Auditing
    Hierarchical Encryption
    Document Inspector
    Information Rights Management
    Strong Encryption,Digital Signatures
    Suite-B: For U.S. Government
    Data
    Protection
    Platform Security Progress
    Essential Security and Mobile Device Mgmt
    Built-in Protection with Business Continuity
    Compliance Support
    EnhancedMessage Filtering
  • 25. Security Threat Landscape Evolution
    Microsoft Security Strategy
    Engineering Excellence
    Security Development Lifecycle
    Engineering Excellence
    Security Development Lifecycle
  • 26. Trusted
    Unhealthy PC
    Isolated
    Remediation Server
    Web Server
    Infrastructure Servers
    New Customer
    Remote Access Gateway
    Trusted Home
    Unmanaged Devices
    MaliciousUsers
    Network Security
    Secure Anywhere Access
    End-to-end security with IPv6 and IPsec
    Access driven by policy not topology
    Certificate based multi-factor authentication
    Health checks and remediation prior to access
    Policy-driven network access solutions
    Windows Firewall with advanced filtering
    Server and Domain Isolation
    Network Access Protection (NAP)
    ISA Server 2006
    Intelligent Application Gateway (2007)
    Windows Filtering Platform
  • 27. Identity and Access Management
    Your COMPANYandyour EMPLOYEES
    Secure and seamlesscross-organizational collaboration
    Easily managing multiple identities
    Government sponsored identities (eID)
    Hardware supported trust platform
    Disparate directories synchronization
    Centralized ID controls and mgmt.
    Embedded identity into applications
    Policy Governance / Compliance
    Role Based Permissions
    Identity and Data Privacy
    Identity Lifecycle Manager 2007
    Active Directory Federation Services
    Active Directory Lightweight Directory Services
    Windows Certificate Services
    Windows CardSpace™
  • 28. Edge, server and client protection
    “Point to Point” Solutions
    Security of data at rest and in transit
    Mobile workforce
    Manageability
    Corporate
    Client Protection
    Server Protection
    Consumer/ Small Business
    Simple PC maintenance
    Anti-Virus
    Anti-Spyware
    Anti-Phishing
    Firewall
    Performance Tuning
    Backup and Restore
    Edge Protection
    Protection
  • 29. Interoperability
    Industry Standards
    Web Services (WS-*)
    Open document format (XPS)
    OpenID
    Partner Products
    Network Access Protection
    EV Certificate support in IE7
    Windows CardSpace
    Windows Security Center
    Industry Partnerships
    SecureIT Alliance
    Microsoft SecurityResponse Alliance
    Interop Vendor Alliance
  • 30. Security Stack Interoperability
    Integrated security eases defense in depth architecture deployment
    Adoption of open standards allows cross platform integration
    Management System
    System Center, Active Directory GPO
    Data
    BitLocker, EFS, RMS, SharePoint, SQL
    User
    Active Directory and Identity Lifecycle Mgr
    Application
    SDL process, IIS, Visual Studio, and .NET
    Device
    Forefront Client Security, Exchange MSFP
    Internal Network
    Network Access Protection, IPSec
    Perimeter
    Forefront Edge and Server Security, NAP
  • 31. Management Systems Integration
  • 32. Engineering Excellence
    Security Development Lifecycle
    Microsoft Security Strategy
  • 33. Some hard questions…
    Who
    Why
    What
    When
    Where
    How
  • 34. The lighter side
  • 35. And the press is doing its bit...
  • 36. User Experience
    Application Platform Optimization Model
    Development
    BASIC
    ADVANCED
    DYNAMIC
    STANDARDIZED
    Infrastructure Optimization
    SOA and Business Process
    Data Management
    Business Intelligence
    Business Productivity Infrastructure Optimization Model
    Unified Communications
    Collaboration
    IT and Security Process
    Enterprise Content Management
    BASIC
    RATIONALIZED
    DYNAMIC
    STANDARDIZED
    Enterprise Search
    Business Intelligence
    Core Infrastructure Optimization Model
    Identity and Access Management
    Desktop, Device, and Server Mgmt
    BASIC
    RATIONALIZED
    DYNAMIC
    STANDARDIZED
    Security and Networking
    Data Protection and Recovery
  • 37. Infrastructure OptimizationBuilding a People-Ready Business
    Model-Based Approach
    User Experience
    • Provides capability framework to help you build an optimized infrastructure (not Microsoft-specific)
    • 38. Establishes a foundation based on industry analyst, academic, and consortium research
    • 39. Provides guidance and best practices for step-by-step implementation
    • 40. Drives cost reduction, security and efficiency gains
    • 41. Enables agility
    Application Platform Optimization Model
    STANDARDIZED
    BASIC
    ADVANCED
    DYNAMIC
    Development
    SOA and Business Process
    Data Management
    Business Intelligence
    Business Productivity Infrastructure Optimization Model
    Unified Communications
    Collaboration
    IT and Security Process
    STANDARDIZED
    BASIC
    DYNAMIC
    RATIONALIZED
    Enterprise Content Management
    Enterprise Search
    Business Intelligence
    Core Infrastructure Optimization Model
    Identity and Access Management
    Desktop, Device, and Server Mgmt
    BASIC
    STANDARDIZED
    DYNAMIC
    RATIONALIZED
    Security and Networking
    Data Protection and Recovery
  • 42. Core Infrastructure Optimization
    Policy and Compliance
    Risk Assessment
    User Awareness
    Basic
    Standardized
    Rationalized
    Dynamic
    Identity and Access Management
    Patch Management
    Threat and Vulnerability Mitigation
    Secure Messaging and Collaboration
    Secure Application Architecture
    Legacy Platform Migration
  • 43. Solutions
    Benefits
    Costs
    Challenges
    Two Factor Authentication
    Secure Remote User
    Basic to Standardized
    Enforce Strong Passwords
    Secure Wireless Access
    Network Intrusion Detection
    Optimizing SecurityMoving from Basic to Standardized
    Developer-focused environment
    Sophisticated and targeted threats
    Executive sponsorship
    Awareness campaign
    Cultural shift to awareness
    Able to mitigate current high priority risk
    Labor intensive to maintain
    Defense in Depth
  • 44. Solutions
    Benefits
    Costs
    Challenges
    Standardized to Rationalized
    Network Segmentation
    Identity &
    Access Mgmt
    2FA: Elevated Access Accts
    Security Event Monitoring
    Certificate
    Provisioning
    & Renewals
    Vulnerability
    Assessments
    SDL IT
    Optimizing SecurityMoving from Standardized to Rationalized
    Evolving and faster threats
    Ownership largely resided with Security
    Risk management framework
    Service manager accountability
    Accountability closer to business
    Environmental awareness
    Improved response
    Lack of integration between service managers and business
    Defense in Depth
    Automate
  • 45. Solutions
    Benefits
    Costs
    Challenges
    Network Access Protection
    Rationalized to Dynamic
    Strong User Authentication
    User Account Control
    Bitlocker Drive Encryption
    Optimizing SecurityMoving from Rationalized to Dynamic
    Security viewed as a tax to the business
    Information security governance
    Information security becomes a strategic asset
    Culture shift may cause friction
    Defense in Depth
  • 46. Application Security
    Authentication
    Intrusion Detection/Prevention
    Identity & Access Management
    Network Firewalls
    NAC
    Wireless
    Email
    Unified Threat Management
    Secure Remote Access
    Antimalware
    SIMs
    Mobile Data Security
    Vulnerability Management
    Web Security Gateways
  • 47. People
    Mobile
    Mobile
    Office
    Task
    Office
    Contract
    Task
    Home
    Contract Offshore
    Home
  • 48. Separation Creates Flexibility
    Data, User Settings
    Applications
    OS
    Hardware
    Dependencies Create Complexity
  • 49. Mobile
  • 50. Microsoft Enterprise Desktop
    Virtualization (MED-V)
    End User Benefits
    Offline Use
    Flexible Configurations
    Rich user experience
    IT Benefits
    Protection of the local data
    Easy to migrate user
    Mitigation of application compatibility issues
    Mobile Worker
    Bitlocker Drive Encryption
    OPERATING SYSTEM
    Hardware
  • 51. Mobile Worker
    Bi-Directional Firewall, Defender, Malicious Software Removal Tool
    Bitlocker Drive Encryption
    Security Center & UAC
    Network Location Protection
    OS
    Microsoft Enterprise Desktop
    Virtualization (MED-V)
    OPERATING SYSTEM
    Hardware
    End User Benefits
    Offline Use
    Flexible Configurations
    Rich user experience
    IT Benefits
    Protection of the local data
    Easy to migrate user
    Mitigation of application compatibility issues
  • 52. Mobile Worker
    Terminal Server Access
    RMS Protected Documents
    Bi-Directional Firewall, Defender, Malicious Software Removal Tool
    Bitlocker Drive Encryption
    Security Center & UAC
    Network Location Protection
    Applications
    Anti Virus & Antispyware
    Network Access Protection
    OS
    Application (APP-V) & Enterprise Desktop (MED-V) Virtualization
    Group Policy and AGPM
    Folder Redirection
    Offline Files
    Hardware
    End User Benefits
    Offline Use
    Flexible Configurations
    Rich user experience
    IT Benefits
    Protection of the local data
    Easy to migrate user
    Mitigation of application compatibility issues
  • 53. Mobile Worker
    Terminal Server Access
    RMS Protected Documents
    Network Access Protection
    Data, User Settings
    Applications
    Anti Virus & Antispyware
    Folder Redirection
    Offline Files
    Group Policy and AGPM
    Data Backup
    OS
    Application (APP-V) & Enterprise Desktop (MED-V) Virtualization
    Hardware
    End User Benefits
    Offline Use
    Flexible Configurations
    Rich user experience
    IT Benefits
    Protection of the local data
    Easy to migrate user
    Mitigation of application compatibility issues
  • 54. Mobile Worker
    RMS Protected Documents
    Data, User Settings
    Applications
    Folder Redirection
    Offline Files
    Group Policy and AGPM
    Data Backup
    System Monitoring
    System Management
    Mobile Device Management
    Corporate Security Policy
    OS
    Hardware
    End User Benefits
    Offline Use
    Flexible Configurations
    Rich user experience
    IT Benefits
    Protection of the local data
    Easy to migrate user
    Mitigation of application compatibility issues
  • 55. Office
  • 56. Microsoft Enterprise Desktop
    Virtualization (MED-V)
    End User Benefits
    Offline Use
    Flexible Configurations
    Rich user experience
    IT Benefits
    Protection of the local data
    Easy to migrate user
    Mitigation of application compatibility issues
    Office Worker
    Bitlocker Drive Encryption
    OPERATING SYSTEM
    Hardware
  • 57. Office Worker
    Bi-Directional Firewall, Defender, Malicious Software Removal Tool
    Bitlocker Drive Encryption
    Security Center & UAC
    Network Location Protection
    OS
    Microsoft Enterprise Desktop
    Virtualization (MED-V)
    OPERATING SYSTEM
    Hardware
    End User Benefits
    Offline Use
    Flexible Configurations
    Rich user experience
    IT Benefits
    Protection of the local data
    Easy to migrate user
    Mitigation of application compatibility issues
  • 58. Office Worker
    Terminal Server Access
    RMS Protected Documents
    Bi-Directional Firewall, Defender, Malicious Software Removal Tool
    Bitlocker Drive Encryption
    Security Center & UAC
    Network Location Protection
    Applications
    Anti Virus & Antispyware
    Network Access Protection
    OS
    Application (APP-V) & Enterprise Desktop (MED-V) Virtualization
    Hardware
    End User Benefits
    Offline Use
    Flexible Configurations
    Rich user experience
    IT Benefits
    Protection of the local data
    Easy to migrate user
    Mitigation of application compatibility issues
  • 59. Office Worker
    Terminal Server Access
    RMS Protected Documents
    Network Access Protection
    Data, User Settings
    Applications
    Anti Virus & Antispyware
    Folder Redirection
    Offline Files
    Group Policy and AGPM
    Data Backup
    OS
    Application (APP-V) & Enterprise Desktop (MED-V) Virtualization
    Hardware
    End User Benefits
    Offline Use
    Flexible Configurations
    Rich user experience
    IT Benefits
    Protection of the local data
    Easy to migrate user
    Mitigation of application compatibility issues
  • 60. Office Worker
    RMS Protected Documents
    Data, User Settings
    Applications
    Folder Redirection
    Offline Files
    Group Policy and AGPM
    Data Backup
    System Monitoring
    System Management
    Mobile Device Management
    Corporate Security Policy
    OS
    Hardware
    End User Benefits
    Offline Use
    Flexible Configurations
    Rich user experience
    IT Benefits
    Protection of the local data
    Easy to migrate user
    Mitigation of application compatibility issues
  • 61. Task
  • 62. Microsoft Enterprise Desktop
    Virtualization (MED-V)
    End User Benefits
    Offline Use
    Flexible Configurations
    Rich user experience
    IT Benefits
    Protection of the local data
    Easy to migrate user
    Mitigation of application compatibility issues
    Task Worker
    Bitlocker Drive Encryption
    OPERATING SYSTEM
    Hardware
  • 63. Task Worker
    Bi-Directional Firewall, Defender, Malicious Software Removal Tool
    Bitlocker Drive Encryption
    Security Center & UAC
    Network Location Protection
    OS
    Microsoft Enterprise Desktop
    Virtualization (MED-V)
    OPERATING SYSTEM
    Hardware
    End User Benefits
    Offline Use
    Flexible Configurations
    Rich user experience
    IT Benefits
    Protection of the local data
    Easy to migrate user
    Mitigation of application compatibility issues
  • 64. Task Worker
    Terminal Server Access
    RMS Protected Documents
    Bi-Directional Firewall, Defender, Malicious Software Removal Tool
    Bitlocker Drive Encryption
    Security Center & UAC
    Network Location Protection
    Applications
    Anti Virus & Antispyware
    Network Access Protection
    OS
    Application (APP-V) & Enterprise Desktop (MED-V) Virtualization
    Group Policy and AGPM
    Folder Redirection
    Offline Files
    Hardware
    End User Benefits
    Offline Use
    Flexible Configurations
    Rich user experience
    IT Benefits
    Protection of the local data
    Easy to migrate user
    Mitigation of application compatibility issues
  • 65. Task Worker
    Terminal Server Access
    RMS Protected Documents
    Network Access Protection
    Data, User Settings
    Applications
    Anti Virus & Antispyware
    Folder Redirection
    Offline Files
    Group Policy and AGPM
    Data Backup
    OS
    Application (APP-V) & Enterprise Desktop (MED-V) Virtualization
    Hardware
    End User Benefits
    Offline Use
    Flexible Configurations
    Rich user experience
    IT Benefits
    Protection of the local data
    Easy to migrate user
    Mitigation of application compatibility issues
  • 66. Task Worker
    RMS Protected Documents
    Data, User Settings
    Applications
    Folder Redirection
    Offline Files
    Group Policy and AGPM
    Data Backup
    System Monitoring
    System Management
    Mobile Device Management
    Corporate Security Policy
    OS
    Hardware
    End User Benefits
    Offline Use
    Flexible Configurations
    Rich user experience
    IT Benefits
    Protection of the local data
    Easy to migrate user
    Mitigation of application compatibility issues
  • 67. Contract / Offshore
  • 68. Microsoft Enterprise Desktop
    Virtualization (MED-V)
    End User Benefits
    Offline Use
    Flexible Configurations
    Rich user experience
    IT Benefits
    Protection of the local data
    Easy to migrate user
    Mitigation of application compatibility issues
    Contract / Offshore Worker
    Bitlocker Drive Encryption
    OPERATING SYSTEM
    Hardware
  • 69. Bi-Directional Firewall, Defender, Malicious Software Removal Tool
    Network Location Protection
    Bitlocker Drive Encryption
    Security Center & UAC
    OS
    Microsoft Enterprise Desktop
    Virtualization (MED-V)
    Contract / Offshore Worker
    OPERATING SYSTEM
    Hardware
    End User Benefits
    Offline Use
    Flexible Configurations
    Rich user experience
    IT Benefits
    Protection of the local data
    Easy to migrate user
    Mitigation of application compatibility issues
  • 70. Contract / Offshore Worker
    Terminal Server Access
    RMS Protected Documents
    Bi-Directional Firewall, Defender, Malicious Software Removal Tool
    Bitlocker Drive Encryption
    Security Center & UAC
    Network Location Protection
    Applications
    Anti Virus & Antispyware
    Network Access Protection
    OS
    Application (APP-V) & Enterprise Desktop (MED-V) Virtualization
    Hardware
    End User Benefits
    Offline Use
    Flexible Configurations
    Rich user experience
    IT Benefits
    Protection of the local data
    Easy to migrate user
    Mitigation of application compatibility issues
  • 71. Contract / Offshore Worker
    Terminal Server Access
    RMS Protected Documents
    Network Access Protection
    Data, User Settings
    Applications
    Anti Virus & Antispyware
    Folder Redirection
    Offline Files
    Group Policy and AGPM
    Data Backup
    OS
    Application (APP-V) & Enterprise Desktop (MED-V) Virtualization
    Hardware
    End User Benefits
    Offline Use
    Flexible Configurations
    Rich user experience
    IT Benefits
    Protection of the local data
    Easy to migrate user
    Mitigation of application compatibility issues
  • 72. Contract / Offshore Worker
    RMS Protected Documents
    Data, User Settings
    Applications
    Folder Redirection
    Offline Files
    Group Policy and AGPM
    Data Backup
    System Monitoring
    System Management
    Mobile Device Management
    Corporate Security Policy
    OS
    Hardware
    End User Benefits
    Offline Use
    Flexible Configurations
    Rich user experience
    IT Benefits
    Protection of the local data
    Easy to migrate user
    Mitigation of application compatibility issues
  • 73. Home
  • 74. Microsoft Enterprise Desktop
    Virtualization (MED-V)
    End User Benefits
    Offline Use
    Flexible Configurations
    Rich user experience
    IT Benefits
    Protection of the local data
    Easy to migrate user
    Mitigation of application compatibility issues
    Home Worker
    Bitlocker Drive Encryption
    OPERATING SYSTEM
    Hardware
  • 75. Home Worker
    Bi-Directional Firewall, Defender, Malicious Software Removal Tool
    Bitlocker Drive Encryption
    Security Center & UAC
    Network Location Protection
    OS
    Microsoft Enterprise Desktop
    Virtualization (MED-V)
    OPERATING SYSTEM
    Hardware
    End User Benefits
    Offline Use
    Flexible Configurations
    Rich user experience
    IT Benefits
    Protection of the local data
    Easy to migrate user
    Mitigation of application compatibility issues
  • 76. Home Worker
    Terminal Server Access
    RMS Protected Documents
    Bi-Directional Firewall, Defender, Malicious Software Removal Tool
    Bitlocker Drive Encryption
    Security Center & UAC
    Network Location Protection
    Applications
    Anti Virus & Antispyware
    Network Access Protection
    OS
    Application (APP-V) & Enterprise Desktop (MED-V) Virtualization
    Hardware
    End User Benefits
    Offline Use
    Flexible Configurations
    Rich user experience
    IT Benefits
    Protection of the local data
    Easy to migrate user
    Mitigation of application compatibility issues
  • 77. Home Worker
    Terminal Server Access
    RMS Protected Documents
    Network Access Protection
    Data, User Settings
    Applications
    Anti Virus & Antispyware
    Folder Redirection
    Offline Files
    Group Policy and AGPM
    Data Backup
    OS
    Application (APP-V) & Enterprise Desktop (MED-V) Virtualization
    Hardware
    End User Benefits
    Offline Use
    Flexible Configurations
    Rich user experience
    IT Benefits
    Protection of the local data
    Easy to migrate user
    Mitigation of application compatibility issues
  • 78. Home Worker
    RMS Protected Documents
    Data, User Settings
    Applications
    Folder Redirection
    Offline Files
    Group Policy and AGPM
    Data Backup
    System Monitoring
    System Management
    Mobile Device Management
    Corporate Security Policy
    OS
    Hardware
    End User Benefits
    Offline Use
    Flexible Configurations
    Rich user experience
    IT Benefits
    Protection of the local data
    Easy to migrate user
    Mitigation of application compatibility issues
  • 79. 7 Tips for Secure Client Computing
    Protect your personal information. It’s valuable
    Know who you’re dealing with
    Use anti-virus and firewall and update both regularly
    Setup your OS and Web Browser properly and update both regularly
    Protect your password
    Backup important files
    Learn who to contact if something goes wrong
  • 80. Technology
    Internet
    Intranet Web Server
    Exchange
    External Web Server
    User
    BRANCH OFFICE
    DMZ
    CSS
    Internal Network
    Internet
    SharePoint
    Active Directory
    HEAD QUARTERS
    User
    Customer
  • 81. Technology – Another View
    Trusted
    Unhealthy PC
    Isolated
    Remediation Server
    Web Server
    Infrastructure Servers
    New Customer
    Remote Access Gateway
    Trusted Home
    Unmanaged Devices
    MaliciousUsers
  • 82. OSI Model
    Application
    Presentation
    Session
    Transport
    Network
    Media layers
    Host layers
    Data Link
    Physical
  • 83. Head Office
  • 84. Head Office (Media Layer)
    Bitlocker Drive Encryption
    Microsoft Enterprise Desktop
    Virtualization (MED-V)
    OPERATING SYSTEM
    Physical
    End User Benefits
    Offline Use
    Flexible Configurations
    Rich user experience
    IT Benefits
    Protection of the local data
    Easy to migrate user
    Mitigation of application compatibility issues
  • 85. Head Office (Media Layer)
    Bitlocker Drive Encryption
    Secure Wireless Access
    Secure Remote Access
    Network Access Protection
    Intrusion Detection System
    Data Link
    Microsoft Enterprise Desktop
    Virtualization (MED-V)
    OPERATING SYSTEM
    Physical
    End User Benefits
    Offline Use
    Flexible Configurations
    Rich user experience
    IT Benefits
    Protection of the local data
    Easy to migrate user
    Mitigation of application compatibility issues
  • 86. Head Office (Media Layer)
    Secure Wireless Access
    Network Access Protection
    Secure Remote Access
    Site-to-Site VPN
    Address Translation
    Intrusion Detection System
    Network
    Data Link
    Microsoft Enterprise Desktop
    Virtualization (MED-V)
    OPERATING SYSTEM
    Physical
    End User Benefits
    Offline Use
    Flexible Configurations
    Rich user experience
    IT Benefits
    Protection of the local data
    Easy to migrate user
    Mitigation of application compatibility issues
  • 87. Head Office (Host Layer)
    IPSec Enabled Protection
    Server & Domain Isolation
    Transport
    Firewall Protection
    Microsoft Enterprise Desktop
    Virtualization (MED-V)
    OPERATING SYSTEM
    End User Benefits
    Offline Use
    Flexible Configurations
    Rich user experience
    IT Benefits
    Protection of the local data
    Easy to migrate user
    Mitigation of application compatibility issues
  • 88. Head Office (Host Layer)
    IPSec Enabled Protection
    Server & Domain Isolation
    Active Directory
    Remote Access Protocols
    Session
    Transport
    Firewall Protection
    Folder Redirection
    Offline Files
    Microsoft Enterprise Desktop
    Virtualization (MED-V)
    OPERATING SYSTEM
    End User Benefits
    Offline Use
    Flexible Configurations
    Rich user experience
    IT Benefits
    Protection of the local data
    Easy to migrate user
    Mitigation of application compatibility issues
  • 89. Head Office (Host Layer)
    GINA Protection
    GINA Protection
    Terminal Server Access
    Active Directory
    Remote Access Protocols
    Encrypted File System
    Presentation
    Session
    OPERATING SYSTEM
    Transport
    Folder Redirection
    Offline Files
    Anti Virus & Antispyware
    Group Policy and AGPM
    CTRL + ALT + DEL
    CTRL + ALT + DEL
    Microsoft Enterprise Desktop
    Virtualization (MED-V)
    OPERATING SYSTEM
    End User Benefits
    Offline Use
    Flexible Configurations
    Rich user experience
    IT Benefits
    Protection of the local data
    Easy to migrate user
    Mitigation of application compatibility issues
  • 90. Head Office (Host Layer)
    Application
    Defender, Malicious Software Removal Tool
    GINA Protection
    Terminal Server Access
    Encrypted File System
    Presentation
    Session
    Transport
    Application Protection
    Management
    Anti Virus & Antispyware
    Group Policy and AGPM
    CTRL + ALT + DEL
    Application (APP-V) Virtualization
    Microsoft Enterprise Desktop
    Virtualization (MED-V)
    OPERATING SYSTEM
    End User Benefits
    Offline Use
    Flexible Configurations
    Rich user experience
    IT Benefits
    Protection of the local data
    Easy to migrate user
    Mitigation of application compatibility issues
  • 91. Head Office (Host Layer)
    Application
    Defender, Malicious Software Removal Tool
    Presentation
    Session
    Transport
    Application Protection
    Management
    Web
    DHCP & DNS
    Audio Video
    Messaging
    Anti Virus & Antispyware
    Microsoft Enterprise Desktop
    Virtualization (MED-V)
    OPERATING SYSTEM
    End User Benefits
    Offline Use
    Flexible Configurations
    Rich user experience
    IT Benefits
    Protection of the local data
    Easy to migrate user
    Mitigation of application compatibility issues
  • 92. Head Office (Host Layer)
    Application
    Presentation
    Session
    Transport
    Web
    Audio Video
    Messaging
    DHCP & DNS
    Identity Management
    Data Protection
    Content Management
    Database
    Microsoft Enterprise Desktop
    Virtualization (MED-V)
    OPERATING SYSTEM
    End User Benefits
    Offline Use
    Flexible Configurations
    Rich user experience
    IT Benefits
    Protection of the local data
    Easy to migrate user
    Mitigation of application compatibility issues
  • 93. Branch Office
  • 94. Branch Office (Media Layer)
    Bitlocker Drive Encryption
    Microsoft Enterprise Desktop
    Virtualization (MED-V)
    OPERATING SYSTEM
    Physical
    End User Benefits
    Offline Use
    Flexible Configurations
    Rich user experience
    IT Benefits
    Protection of the local data
    Easy to migrate user
    Mitigation of application compatibility issues
  • 95. Branch Office (Media Layer)
    Bitlocker Drive Encryption
    Secure Wireless Access
    Secure Remote Access
    Network Access Protection
    Intrusion Detection System
    Data Link
    Microsoft Enterprise Desktop
    Virtualization (MED-V)
    OPERATING SYSTEM
    Physical
    End User Benefits
    Offline Use
    Flexible Configurations
    Rich user experience
    IT Benefits
    Protection of the local data
    Easy to migrate user
    Mitigation of application compatibility issues
  • 96. Branch Office (Media Layer)
    Secure Wireless Access
    Network Access Protection
    Secure Remote Access
    Site-to-Site VPN
    Address Translation
    Intrusion Detection System
    Network
    Data Link
    Microsoft Enterprise Desktop
    Virtualization (MED-V)
    OPERATING SYSTEM
    Physical
    End User Benefits
    Offline Use
    Flexible Configurations
    Rich user experience
    IT Benefits
    Protection of the local data
    Easy to migrate user
    Mitigation of application compatibility issues
  • 97. Branch Office (Host Layer)
    IPSec Enabled Protection
    Server & Domain Isolation
    Transport
    Firewall Protection
    Microsoft Enterprise Desktop
    Virtualization (MED-V)
    OPERATING SYSTEM
    End User Benefits
    Offline Use
    Flexible Configurations
    Rich user experience
    IT Benefits
    Protection of the local data
    Easy to migrate user
    Mitigation of application compatibility issues
  • 98. Branch Office (Host Layer)
    IPSec Enabled Protection
    Server & Domain Isolation
    Active Directory
    Remote Access Protocols
    Session
    Transport
    Firewall Protection
    Folder Redirection
    Offline Files
    Microsoft Enterprise Desktop
    Virtualization (MED-V)
    OPERATING SYSTEM
    End User Benefits
    Offline Use
    Flexible Configurations
    Rich user experience
    IT Benefits
    Protection of the local data
    Easy to migrate user
    Mitigation of application compatibility issues
  • 99. Branch Office (Host Layer)
    GINA Protection
    GINA Protection
    Terminal Server Access
    Active Directory
    Remote Access Protocols
    Encrypted File System
    Presentation
    Session
    OPERATING SYSTEM
    Transport
    Folder Redirection
    Offline Files
    Anti Virus & Antispyware
    Group Policy and AGPM
    CTRL + ALT + DEL
    CTRL + ALT + DEL
    Microsoft Enterprise Desktop
    Virtualization (MED-V)
    OPERATING SYSTEM
    End User Benefits
    Offline Use
    Flexible Configurations
    Rich user experience
    IT Benefits
    Protection of the local data
    Easy to migrate user
    Mitigation of application compatibility issues
  • 100. Branch Office (Host Layer)
    Application
    Defender, Malicious Software Removal Tool
    GINA Protection
    Terminal Server Access
    Encrypted File System
    Presentation
    Session
    Transport
    Application Protection
    Management
    Anti Virus & Antispyware
    Group Policy and AGPM
    CTRL + ALT + DEL
    Application (APP-V) Virtualization
    Microsoft Enterprise Desktop
    Virtualization (MED-V)
    OPERATING SYSTEM
    End User Benefits
    Offline Use
    Flexible Configurations
    Rich user experience
    IT Benefits
    Protection of the local data
    Easy to migrate user
    Mitigation of application compatibility issues
  • 101. Branch Office (Host Layer)
    Application
    Defender, Malicious Software Removal Tool
    Presentation
    Session
    Transport
    Application Protection
    Management
    Web
    DHCP & DNS
    Audio Video
    Messaging
    Anti Virus & Antispyware
    Microsoft Enterprise Desktop
    Virtualization (MED-V)
    OPERATING SYSTEM
    End User Benefits
    Offline Use
    Flexible Configurations
    Rich user experience
    IT Benefits
    Protection of the local data
    Easy to migrate user
    Mitigation of application compatibility issues
  • 102. Branch Office (Host Layer)
    Application
    Presentation
    Session
    Transport
    Web
    Audio Video
    Messaging
    DHCP & DNS
    Identity Management
    Data Protection
    Content Management
    Database
    Microsoft Enterprise Desktop
    Virtualization (MED-V)
    OPERATING SYSTEM
    End User Benefits
    Offline Use
    Flexible Configurations
    Rich user experience
    IT Benefits
    Protection of the local data
    Easy to migrate user
    Mitigation of application compatibility issues
  • 103. IntranetExtranet
  • 104. Intranet/Extranet (Media Layer)
    Bitlocker Drive Encryption
    Microsoft Enterprise Desktop
    Virtualization (MED-V)
    OPERATING SYSTEM
    Physical
    End User Benefits
    Offline Use
    Flexible Configurations
    Rich user experience
    IT Benefits
    Protection of the local data
    Easy to migrate user
    Mitigation of application compatibility issues
  • 105. Intranet/Extranet (Media Layer)
    Bitlocker Drive Encryption
    Secure Wireless Access
    Secure Remote Access
    Network Access Protection
    Intrusion Detection System
    Data Link
    Microsoft Enterprise Desktop
    Virtualization (MED-V)
    OPERATING SYSTEM
    Physical
    End User Benefits
    Offline Use
    Flexible Configurations
    Rich user experience
    IT Benefits
    Protection of the local data
    Easy to migrate user
    Mitigation of application compatibility issues
  • 106. Intranet/Extranet (Media Layer)
    Secure Wireless Access
    Network Access Protection
    Secure Remote Access
    Site-to-Site VPN
    Address Translation
    Intrusion Detection System
    Network
    Data Link
    Microsoft Enterprise Desktop
    Virtualization (MED-V)
    OPERATING SYSTEM
    Physical
    End User Benefits
    Offline Use
    Flexible Configurations
    Rich user experience
    IT Benefits
    Protection of the local data
    Easy to migrate user
    Mitigation of application compatibility issues
  • 107. Intranet/Extranet (Host Layer)
    IPSec Enabled Protection
    Server & Domain Isolation
    Transport
    Firewall Protection
    Microsoft Enterprise Desktop
    Virtualization (MED-V)
    OPERATING SYSTEM
    End User Benefits
    Offline Use
    Flexible Configurations
    Rich user experience
    IT Benefits
    Protection of the local data
    Easy to migrate user
    Mitigation of application compatibility issues
  • 108. Intranet/Extranet (Host Layer)
    IPSec Enabled Protection
    Server & Domain Isolation
    Active Directory
    Remote Access Protocols
    Session
    Transport
    Firewall Protection
    Folder Redirection
    Offline Files
    Microsoft Enterprise Desktop
    Virtualization (MED-V)
    OPERATING SYSTEM
    End User Benefits
    Offline Use
    Flexible Configurations
    Rich user experience
    IT Benefits
    Protection of the local data
    Easy to migrate user
    Mitigation of application compatibility issues
  • 109. Intranet/Extranet (Host Layer)
    GINA Protection
    GINA Protection
    Terminal Server Access
    Active Directory
    Remote Access Protocols
    Encrypted File System
    Presentation
    Session
    OPERATING SYSTEM
    Transport
    Folder Redirection
    Offline Files
    Anti Virus & Antispyware
    Group Policy and AGPM
    CTRL + ALT + DEL
    CTRL + ALT + DEL
    Microsoft Enterprise Desktop
    Virtualization (MED-V)
    OPERATING SYSTEM
    End User Benefits
    Offline Use
    Flexible Configurations
    Rich user experience
    IT Benefits
    Protection of the local data
    Easy to migrate user
    Mitigation of application compatibility issues
  • 110. Intranet/Extranet (Host Layer)
    Application
    Defender, Malicious Software Removal Tool
    GINA Protection
    Terminal Server Access
    Encrypted File System
    Presentation
    Session
    Transport
    Application Protection
    Management
    Anti Virus & Antispyware
    Group Policy and AGPM
    CTRL + ALT + DEL
    Application (APP-V) Virtualization
    Microsoft Enterprise Desktop
    Virtualization (MED-V)
    OPERATING SYSTEM
    End User Benefits
    Offline Use
    Flexible Configurations
    Rich user experience
    IT Benefits
    Protection of the local data
    Easy to migrate user
    Mitigation of application compatibility issues
  • 111. Intranet/Extranet (Host Layer)
    Application
    Defender, Malicious Software Removal Tool
    Presentation
    Session
    Transport
    Application Protection
    Management
    Web
    DHCP & DNS
    Audio Video
    Messaging
    Anti Virus & Antispyware
    Microsoft Enterprise Desktop
    Virtualization (MED-V)
    OPERATING SYSTEM
    End User Benefits
    Offline Use
    Flexible Configurations
    Rich user experience
    IT Benefits
    Protection of the local data
    Easy to migrate user
    Mitigation of application compatibility issues
  • 112. Intranet/Extranet (Host Layer)
    Application
    Presentation
    Session
    Transport
    Web
    Audio Video
    Messaging
    DHCP & DNS
    Identity Management
    Data Protection
    Content Management
    Database
    Microsoft Enterprise Desktop
    Virtualization (MED-V)
    OPERATING SYSTEM
    End User Benefits
    Offline Use
    Flexible Configurations
    Rich user experience
    IT Benefits
    Protection of the local data
    Easy to migrate user
    Mitigation of application compatibility issues
  • 113. Remote Access
  • 114. Wired Access
    ADSL / Cable
    Power Line
    Dial-in / ISDN
    Fiber Optic
  • 115. Wireless Access
    WiFi
    GPRS / UMTS / HSPA / LTE
    Wireless USB
    Bluetooth
    WiMAX
    Satellite
  • 116. Securing Wireless…
    Internet
    Wired Enterprise Network
  • 117. VPN security models
  • 118. Direct Access
    Microsoft Solution
    Situation Today
    Direct Access
    Office
    Home
    Home
    Office
    • New network paradigm enables same experience inside & outside the office
    • 119. Seamless access to network resources increases productivity of mobile users
    • 120. Infrastructure investments also make it easier to service mobile PCs and distribute updates and polices
    • 121. Difficult for users to access corporate resources from outside the office
    • 122. Challenging for IT to manage, update, patch mobile PCs while disconnected from company network
  • Process
  • 123. Process
    Application Security
    Cryptography
    Access Control
    Business Continuity & Disaster Recovery
    Information Security and Risk Management
    Operations Security
    Physical (Environmental) Security
    Security Architecture and Design
    Telecommunications and Network Security
    Legal, Regulations, Compliance & Investigations
  • 124. Access Control
  • 125. Application Security
  • 126. Business Continuity
    Business Continuity Planning Lifecycle
  • 127. Disaster Recovery
  • 128. Cryptography
    Symmetric-key
    Asymmetric-key
  • 129. Information Security
    Administrative
    Logical
    Physical
  • 130. Risk Management
    Risk avoidance
    Risk reduction
    Risk retention
    Risk transfer
  • 131. Operations Security
    World War II-era poster promoting OPSEC
  • 132. Security Architecture and Design
  • 133. Legal, Regulations, Compliance & Investigations
  • 134. Telecommunications and Network Security
  • 135. Physical Security
    Key Elements
    Key Features
  • 136. Security Guidance and Resources
    Microsoft Security Home Page: www.microsoft.com/security
    Microsoft Forefront: http://www.microsoft.com/forefront/default.mspx
    General Information:
    Microsoft Live Safety Center: http://safety.live.com
    Microsoft Security Response Center: www.microsoft.com/security/msrc
    Security Development Lifecycle: http://msdn.microsoft.com/security/sdl
    Get the Facts on Windows and Linux: www.microsoft.com/getthefacts
    Anti-Malware:
    Microsoft OneCare Live: https://beta.windowsonecare.com
    Microsoft Defender: www.microsoft.com/athome/security/spyware/software
    Spyware Criteria: www.microsoft.com/athome/security/spyware/software/isv
    Guidance Centers:
    Security Guidance Centers: www.microsoft.com/security/guidance
    Security Guidance for IT Professionals: www.microsoft.com/technet/security
    The Microsoft Security Developer Center: msdn.microsoft.com/security
    The Security at Home Consumer Site: www.microsoft.com/athome/security
  • 137. આભાર
    ধন্যবাদ
    நன்றி
    धन्यवाद
    ಧನ್ಯವಾದಗಳು
    ధన్యవాదాలు
    ଧନ୍ୟବାଦ
    നിങ്ങള്‍‌ക്ക് നന്ദി
    ਧੰਨਵਾਦ
  • 138. © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
    The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.