Your SlideShare is downloading. ×
Ramnish Singh Platform Security Briefing
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Ramnish Singh Platform Security Briefing

1,918
views

Published on

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,918
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
38
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • LEAD: Who is responsible for driving the evolution of the threats that impact your business?It started with those that were curious and wanted personal fame in hacking into different systems and networks.Then, the motivation moved to those that found a sport in CyberTrespassing and those that look at financial gains from CyberThief. As more individuals made money, the group began to grow larger and larger.Now we are finding experts and specialist that focus on large hacking efforts gaining access to sensitive data that they can sell on the black market. We are also seeing CyberSpy Specialist with national interests at stake.<CLICK>Vandals are the largest group.<CLICK>We see Theives driving the largest area where money is lost<CLICK>The largest segment of spend is focused defending national interests.<CLICK>The fastest growing segment are the experts that are in the business of stealing your business assets.????? Customer QuestionsAre you seeing security threats evolve before the attacked technology is mainstreamed?Why do you think this is happening?
  • LEAD: Engineering Excellence is focused upon providing fundamentally secure platforms for our customers. They should be secure by design, secure by default, and remain secure after deployment.???? Customer QuestionsWhat kind of security configuration management do you utilize to deploy servers? Desktops?Are you using Group Policy to keep your platforms secure after they are deployed?What is your platform patching strategy?
  • Transcript

    • 1. Platform Security Briefing
      Ramnish Singh
      PMP, CISSP, Microsoft Certified Architect (Infrastructure)
      MCITP (Windows 2008),MCTS (Windows Server,Vista, Exchange), MCSE (Windows 2003, 2000, NT), MCT
      Cisco Certified Design Professional, Cisco Certified Network Professional, Sun CSA
      IT Advisor | Microsoft Corporation
      Blog Address (optional) | Email (optional)
    • 2.
    • 3.
    • 4. Security Versus Access
      Demand for access
      Escalating threats
      23 million branch offices WW(IDC, 2006)
      3.6 billion mobile users WW by 2010 (Infonetics, 2007)
      85% of companies will have WLANs by 2010 (Infonetics, 2006)
      8x increase in phishing sites in past year (AWG, 2006)
      One message-based Trojan attack per day in 2006 vs. one per week in 2005 (Message Labs, 2006)
      Strong indication of increase in profit-motivated attacks (Multiple sources)
    • 5. Evolving Threat Landscape
      Local Area Networks
      First PC virus
      Boot sector viruses
      Create notorietyor cause havoc
      Slow propagation
      16-bit DOS
      Internet Era
      Macro viruses
      Script viruses
      Create notorietyor cause havoc
      Faster propagation
      32-bit Windows
      Hyper jacking
      Peer to Peer
      Social engineering
      Application attacks
      Financial motivation
      Targeted attacks
      64-bit Windows
      Broadbandprevalent
      Spyware, Spam
      Phishing
      Botnets
      Rootkits
      Financial motivation
      Internet wide impact
      32-bit Windows
      1986–1995
      1995–2000
      2000–2005
      2007
    • 6. National Interest
      Personal Gain
      Personal Fame
      Curiosity
      Largest segment by $ spent on defense
      Spy
      Largest area by $ lost
      Fastest
      growing
      segment
      Thief
      Largest area by volume
      Trespasser
      Author
      Vandal
      Undergraduate
      Script-Kiddy
      Expert
      Specialist
      Evolving Threats
    • 7. 1st known hack...
      The need for security in communication networks is not new. In the late nineteenth century an American undertaker named AlmonStrowger discovered that he was losing business to his rivals because telephone operators, responsible for the manual connection of call requests, were unfairly diverting calls from the newly bereaved to his competitors. Strowger developed switching systems that led to the introduction of the first automated telephone exchanges in 1897. This enabled users to make their own connections using rotary dialling to signal the required destination.
      AlmonStrowger
    • 8. Addressing Security Threats
      Helps turn IT into a business asset not a cost center
      Supports your day to day security processes
      Is the Enabler to running your business successfully
      Technology
      Data privacy processes to manage data effectively
      IT security processes to implement, manage, and govern security
      Financial reporting processes that include security of the business
      Process
      Company understands the importance of security in the workplace
      Individuals know their role with security governance and compliance
      IT staff has the security skills and knowledge to support your business
      People
    • 9. Microsoft’s Promises To You
      Manage Complexity,
      Achieve Agility
      Amplifythe Impactof YourPeople
      ProtectInformation,ControlAccess
      Advance the Businesswith IT Solutions
    • 10. Delivering On The Promise:Infrastructure Optimization
      *Source: Microsoft CSO Summit 2007 Registration Survey
    • 11. Core Infrastructure Optimization
      More Efficient Cost Center
      Cost Center
      Strategic Asset
      Business Enabler
      Basic
      No centralized enterprise directory
      No automated patch management
      Anti-malwarenot centrally managed
      Message security for e-mail only
      No secure coding practices in place
      Standardized
      Using enterprise directory for authentication
      Automated patch management tools deployed
      Anti-malwareis managed centrally
      Unified message security in place
      Rationalized
      Integrated directory services, PKIin place
      Formal patch management process
      Defense in depth threat protection
      Security extended to remote and mobile workforce
      Dynamic
      Full identity lifecycle management.ID Federation,Rights Mgt Services in use
      Metrics driven update process
      Client quarantine and access policy enforcement
      $1320/PC Cost
      $580/PC Cost
      $230/PC Cost
      Source:GCR and IDC data analyzed by Microsoft, 2006
    • 12. Core Infrastructure Optimization Model: Security
      Basic
      Standardized
      Rationalized
      Dynamic
      Technology
      Self provisioning and quarantine capable systems ensure compliance and high availability
      Automate identity and access management
      Automatedsystem management
      Multiple directories for authentication
      Limited automated software distribution
      Patch statusof desktopsis unknown
      No unified directory for access mgmt
      Self-assessing and continuous improvement
      Easy, secure access to info from anywhereon Internet
      SLAs are linkedto business objectives
      Clearly defined and enforced images, security, best practices
      CentralAdmin and configurationof security
      Standard desktop images defined,not adopted by all
      IT processes undefined
      Complexity dueto localized processesand minimal central control
      Process
      Improve IT Maturity while Gaining ROI
      IT is astrategic asset
      Users look to ITas a valued partner to enable new business initiatives
      IT Staff manages an efficient,controlled environment
      Users have the right tools,availability, and access to info
      IT Staff trained in best practices such as MOF,ITIL, etc.
      Users expect basic services from IT
      IT staff taxed by operational challenges
      Users come up with their ownIT solutions
      People
    • 13. SC information system = {(confidentiality, impact), (integrity, impact), (availability, impact)}
      where the acceptable values for potential impact are low, moderate, or high.
    • 14. Trustworthy Computing
    • 15. Microsoft Security Strategy
    • 16. LawEnforcement
      Public Policy
      VIA
      GIAIS
      Microsoft Security Strategy
      IndustryPartnerships
      ConsumerAwareness
    • 17. Microsoft SecurityAssessment Toolkit
      SecurityTools
      Microsoft Windows VistaSecurity Whitepapers
      SecurityReadiness
      Educationand Training
      Microsoft SecurityIntelligence Report
      Learning Paths forSecurity Professionals
      www.microsoft.com/technet/security
      Microsoft Security Strategy
    • 18. Security Development Lifecycle
      Design
      Threat Modeling
      Standards, best practices, and tools
      Security Push
      Final Security Review
      RTM and Deployment
      Signoff
      Security Response
      Product Inception
    • 19. Priority #1 - Platform Security
      Security Development Lifecycle
      Security Response Center
      Better Updates And Tools
    • 20. Comprehensive Security Portfolio
      Services
      Edge
      Encrypting File System (EFS)
      Server Applications
      BitLocker™
      Information Protection
      Network Access Protection (NAP)
      Client and Server OS
      IdentityManagement
      Windows
      CardSpace
      SystemsManagement
      Active Directory Federation Services (ADFS)
      Guidance
      Developer Tools
    • 21. Security Development Lifecycle (SDL)
      Kernel Patch Protection
      Kernel-mode Driver Signing
      Secure Startup
      Windows Service Hardening
      Secure
      Platform
      Rights Management Services (RMS)
      SharePoint, Exchange, Windows Mobile integration
      Encrypting File System (EFS)
      Bitlocker
      Secure
      Access
      User Account Control
      Network Access Protection (NAP)
      IPv6
      IPsec
      Windows CardSpace
      Native smart card support
      GINA Re-architecture
      Certificate Services
      Credential roaming
      Windows Defender
      IE Protected Mode
      Address Space Layout Randomization (ASLR)
      Data Execution Prevention (DEP)
      Bi-directional Firewall
      Windows Security Center
      Data
      Protection
      Malware
      Protection
    • 22. Windows Vista SP1 includes
      Additional Kernel Patch Protection APIs
      Enhanced Windows Security Center reporting
      Expanded BitLocker Drive Encryption (BDE)
      Additional multifactor authentication methods
    • 23. Security Development Lifecycle (SDL)
      Windows Server Virtualization (Hypervisor)
      Role Management Tool
      OS File Integrity
      Secure
      Platform
      Network
      Protection
      Network Access Protection (NAP)
      Server and Domain Isolation with IPsec
      End-to-end Network Authentication
      Windows Firewall With Advanced Security
      On By Default
      Identity
      Access
      Rights Management Services (RMS)
      Full volume encryption (Bitlocker)
      USB Device-connection rules with Group Policy
      Improved Auditing
      Windows Server Backup
      Data
      Protection
      Read-only Domain Controller (RODC)
      Active Directory Federation Srvcs. (ADFS)
      Administrative Role Separation
      PKI Management Console
      Online CertificateStatus Protocol
    • 24. Secure
      Platform
      Surface Area Configuration tool
      Password Policy Enforcement; Granular Roles
      Built in Encryption;Key Mgmt.
      Auditing – Data Definition Language (DDL)
      Advanced Spam and Virus Defenses
      Compliance
      Business Continuity
      Trust Center
      New Document Security Model
      Open XML File Formats
      Rich Authentication
      GranularAccess Control
      Complianceand Auditing
      Hierarchical Encryption
      Document Inspector
      Information Rights Management
      Strong Encryption,Digital Signatures
      Suite-B: For U.S. Government
      Data
      Protection
      Platform Security Progress
      Essential Security and Mobile Device Mgmt
      Built-in Protection with Business Continuity
      Compliance Support
      EnhancedMessage Filtering
    • 25. Security Threat Landscape Evolution
      Microsoft Security Strategy
      Engineering Excellence
      Security Development Lifecycle
      Engineering Excellence
      Security Development Lifecycle
    • 26. Trusted
      Unhealthy PC
      Isolated
      Remediation Server
      Web Server
      Infrastructure Servers
      New Customer
      Remote Access Gateway
      Trusted Home
      Unmanaged Devices
      MaliciousUsers
      Network Security
      Secure Anywhere Access
      End-to-end security with IPv6 and IPsec
      Access driven by policy not topology
      Certificate based multi-factor authentication
      Health checks and remediation prior to access
      Policy-driven network access solutions
      Windows Firewall with advanced filtering
      Server and Domain Isolation
      Network Access Protection (NAP)
      ISA Server 2006
      Intelligent Application Gateway (2007)
      Windows Filtering Platform
    • 27. Identity and Access Management
      Your COMPANYandyour EMPLOYEES
      Secure and seamlesscross-organizational collaboration
      Easily managing multiple identities
      Government sponsored identities (eID)
      Hardware supported trust platform
      Disparate directories synchronization
      Centralized ID controls and mgmt.
      Embedded identity into applications
      Policy Governance / Compliance
      Role Based Permissions
      Identity and Data Privacy
      Identity Lifecycle Manager 2007
      Active Directory Federation Services
      Active Directory Lightweight Directory Services
      Windows Certificate Services
      Windows CardSpace™
    • 28. Edge, server and client protection
      “Point to Point” Solutions
      Security of data at rest and in transit
      Mobile workforce
      Manageability
      Corporate
      Client Protection
      Server Protection
      Consumer/ Small Business
      Simple PC maintenance
      Anti-Virus
      Anti-Spyware
      Anti-Phishing
      Firewall
      Performance Tuning
      Backup and Restore
      Edge Protection
      Protection
    • 29. Interoperability
      Industry Standards
      Web Services (WS-*)
      Open document format (XPS)
      OpenID
      Partner Products
      Network Access Protection
      EV Certificate support in IE7
      Windows CardSpace
      Windows Security Center
      Industry Partnerships
      SecureIT Alliance
      Microsoft SecurityResponse Alliance
      Interop Vendor Alliance
    • 30. Security Stack Interoperability
      Integrated security eases defense in depth architecture deployment
      Adoption of open standards allows cross platform integration
      Management System
      System Center, Active Directory GPO
      Data
      BitLocker, EFS, RMS, SharePoint, SQL
      User
      Active Directory and Identity Lifecycle Mgr
      Application
      SDL process, IIS, Visual Studio, and .NET
      Device
      Forefront Client Security, Exchange MSFP
      Internal Network
      Network Access Protection, IPSec
      Perimeter
      Forefront Edge and Server Security, NAP
    • 31. Management Systems Integration
    • 32. Engineering Excellence
      Security Development Lifecycle
      Microsoft Security Strategy
    • 33. Some hard questions…
      Who
      Why
      What
      When
      Where
      How
    • 34. The lighter side
    • 35. And the press is doing its bit...
    • 36. User Experience
      Application Platform Optimization Model
      Development
      BASIC
      ADVANCED
      DYNAMIC
      STANDARDIZED
      Infrastructure Optimization
      SOA and Business Process
      Data Management
      Business Intelligence
      Business Productivity Infrastructure Optimization Model
      Unified Communications
      Collaboration
      IT and Security Process
      Enterprise Content Management
      BASIC
      RATIONALIZED
      DYNAMIC
      STANDARDIZED
      Enterprise Search
      Business Intelligence
      Core Infrastructure Optimization Model
      Identity and Access Management
      Desktop, Device, and Server Mgmt
      BASIC
      RATIONALIZED
      DYNAMIC
      STANDARDIZED
      Security and Networking
      Data Protection and Recovery
    • 37. Infrastructure OptimizationBuilding a People-Ready Business
      Model-Based Approach
      User Experience
      • Provides capability framework to help you build an optimized infrastructure (not Microsoft-specific)
      • 38. Establishes a foundation based on industry analyst, academic, and consortium research
      • 39. Provides guidance and best practices for step-by-step implementation
      • 40. Drives cost reduction, security and efficiency gains
      • 41. Enables agility
      Application Platform Optimization Model
      STANDARDIZED
      BASIC
      ADVANCED
      DYNAMIC
      Development
      SOA and Business Process
      Data Management
      Business Intelligence
      Business Productivity Infrastructure Optimization Model
      Unified Communications
      Collaboration
      IT and Security Process
      STANDARDIZED
      BASIC
      DYNAMIC
      RATIONALIZED
      Enterprise Content Management
      Enterprise Search
      Business Intelligence
      Core Infrastructure Optimization Model
      Identity and Access Management
      Desktop, Device, and Server Mgmt
      BASIC
      STANDARDIZED
      DYNAMIC
      RATIONALIZED
      Security and Networking
      Data Protection and Recovery
    • 42. Core Infrastructure Optimization
      Policy and Compliance
      Risk Assessment
      User Awareness
      Basic
      Standardized
      Rationalized
      Dynamic
      Identity and Access Management
      Patch Management
      Threat and Vulnerability Mitigation
      Secure Messaging and Collaboration
      Secure Application Architecture
      Legacy Platform Migration
    • 43. Solutions
      Benefits
      Costs
      Challenges
      Two Factor Authentication
      Secure Remote User
      Basic to Standardized
      Enforce Strong Passwords
      Secure Wireless Access
      Network Intrusion Detection
      Optimizing SecurityMoving from Basic to Standardized
      Developer-focused environment
      Sophisticated and targeted threats
      Executive sponsorship
      Awareness campaign
      Cultural shift to awareness
      Able to mitigate current high priority risk
      Labor intensive to maintain
      Defense in Depth
    • 44. Solutions
      Benefits
      Costs
      Challenges
      Standardized to Rationalized
      Network Segmentation
      Identity &
      Access Mgmt
      2FA: Elevated Access Accts
      Security Event Monitoring
      Certificate
      Provisioning
      & Renewals
      Vulnerability
      Assessments
      SDL IT
      Optimizing SecurityMoving from Standardized to Rationalized
      Evolving and faster threats
      Ownership largely resided with Security
      Risk management framework
      Service manager accountability
      Accountability closer to business
      Environmental awareness
      Improved response
      Lack of integration between service managers and business
      Defense in Depth
      Automate
    • 45. Solutions
      Benefits
      Costs
      Challenges
      Network Access Protection
      Rationalized to Dynamic
      Strong User Authentication
      User Account Control
      Bitlocker Drive Encryption
      Optimizing SecurityMoving from Rationalized to Dynamic
      Security viewed as a tax to the business
      Information security governance
      Information security becomes a strategic asset
      Culture shift may cause friction
      Defense in Depth
    • 46. Application Security
      Authentication
      Intrusion Detection/Prevention
      Identity & Access Management
      Network Firewalls
      NAC
      Wireless
      Email
      Unified Threat Management
      Secure Remote Access
      Antimalware
      SIMs
      Mobile Data Security
      Vulnerability Management
      Web Security Gateways
    • 47. People
      Mobile
      Mobile
      Office
      Task
      Office
      Contract
      Task
      Home
      Contract Offshore
      Home
    • 48. Separation Creates Flexibility
      Data, User Settings
      Applications
      OS
      Hardware
      Dependencies Create Complexity
    • 49. Mobile
    • 50. Microsoft Enterprise Desktop
      Virtualization (MED-V)
      End User Benefits
      Offline Use
      Flexible Configurations
      Rich user experience
      IT Benefits
      Protection of the local data
      Easy to migrate user
      Mitigation of application compatibility issues
      Mobile Worker
      Bitlocker Drive Encryption
      OPERATING SYSTEM
      Hardware
    • 51. Mobile Worker
      Bi-Directional Firewall, Defender, Malicious Software Removal Tool
      Bitlocker Drive Encryption
      Security Center & UAC
      Network Location Protection
      OS
      Microsoft Enterprise Desktop
      Virtualization (MED-V)
      OPERATING SYSTEM
      Hardware
      End User Benefits
      Offline Use
      Flexible Configurations
      Rich user experience
      IT Benefits
      Protection of the local data
      Easy to migrate user
      Mitigation of application compatibility issues
    • 52. Mobile Worker
      Terminal Server Access
      RMS Protected Documents
      Bi-Directional Firewall, Defender, Malicious Software Removal Tool
      Bitlocker Drive Encryption
      Security Center & UAC
      Network Location Protection
      Applications
      Anti Virus & Antispyware
      Network Access Protection
      OS
      Application (APP-V) & Enterprise Desktop (MED-V) Virtualization
      Group Policy and AGPM
      Folder Redirection
      Offline Files
      Hardware
      End User Benefits
      Offline Use
      Flexible Configurations
      Rich user experience
      IT Benefits
      Protection of the local data
      Easy to migrate user
      Mitigation of application compatibility issues
    • 53. Mobile Worker
      Terminal Server Access
      RMS Protected Documents
      Network Access Protection
      Data, User Settings
      Applications
      Anti Virus & Antispyware
      Folder Redirection
      Offline Files
      Group Policy and AGPM
      Data Backup
      OS
      Application (APP-V) & Enterprise Desktop (MED-V) Virtualization
      Hardware
      End User Benefits
      Offline Use
      Flexible Configurations
      Rich user experience
      IT Benefits
      Protection of the local data
      Easy to migrate user
      Mitigation of application compatibility issues
    • 54. Mobile Worker
      RMS Protected Documents
      Data, User Settings
      Applications
      Folder Redirection
      Offline Files
      Group Policy and AGPM
      Data Backup
      System Monitoring
      System Management
      Mobile Device Management
      Corporate Security Policy
      OS
      Hardware
      End User Benefits
      Offline Use
      Flexible Configurations
      Rich user experience
      IT Benefits
      Protection of the local data
      Easy to migrate user
      Mitigation of application compatibility issues
    • 55. Office
    • 56. Microsoft Enterprise Desktop
      Virtualization (MED-V)
      End User Benefits
      Offline Use
      Flexible Configurations
      Rich user experience
      IT Benefits
      Protection of the local data
      Easy to migrate user
      Mitigation of application compatibility issues
      Office Worker
      Bitlocker Drive Encryption
      OPERATING SYSTEM
      Hardware
    • 57. Office Worker
      Bi-Directional Firewall, Defender, Malicious Software Removal Tool
      Bitlocker Drive Encryption
      Security Center & UAC
      Network Location Protection
      OS
      Microsoft Enterprise Desktop
      Virtualization (MED-V)
      OPERATING SYSTEM
      Hardware
      End User Benefits
      Offline Use
      Flexible Configurations
      Rich user experience
      IT Benefits
      Protection of the local data
      Easy to migrate user
      Mitigation of application compatibility issues
    • 58. Office Worker
      Terminal Server Access
      RMS Protected Documents
      Bi-Directional Firewall, Defender, Malicious Software Removal Tool
      Bitlocker Drive Encryption
      Security Center & UAC
      Network Location Protection
      Applications
      Anti Virus & Antispyware
      Network Access Protection
      OS
      Application (APP-V) & Enterprise Desktop (MED-V) Virtualization
      Hardware
      End User Benefits
      Offline Use
      Flexible Configurations
      Rich user experience
      IT Benefits
      Protection of the local data
      Easy to migrate user
      Mitigation of application compatibility issues
    • 59. Office Worker
      Terminal Server Access
      RMS Protected Documents
      Network Access Protection
      Data, User Settings
      Applications
      Anti Virus & Antispyware
      Folder Redirection
      Offline Files
      Group Policy and AGPM
      Data Backup
      OS
      Application (APP-V) & Enterprise Desktop (MED-V) Virtualization
      Hardware
      End User Benefits
      Offline Use
      Flexible Configurations
      Rich user experience
      IT Benefits
      Protection of the local data
      Easy to migrate user
      Mitigation of application compatibility issues
    • 60. Office Worker
      RMS Protected Documents
      Data, User Settings
      Applications
      Folder Redirection
      Offline Files
      Group Policy and AGPM
      Data Backup
      System Monitoring
      System Management
      Mobile Device Management
      Corporate Security Policy
      OS
      Hardware
      End User Benefits
      Offline Use
      Flexible Configurations
      Rich user experience
      IT Benefits
      Protection of the local data
      Easy to migrate user
      Mitigation of application compatibility issues
    • 61. Task
    • 62. Microsoft Enterprise Desktop
      Virtualization (MED-V)
      End User Benefits
      Offline Use
      Flexible Configurations
      Rich user experience
      IT Benefits
      Protection of the local data
      Easy to migrate user
      Mitigation of application compatibility issues
      Task Worker
      Bitlocker Drive Encryption
      OPERATING SYSTEM
      Hardware
    • 63. Task Worker
      Bi-Directional Firewall, Defender, Malicious Software Removal Tool
      Bitlocker Drive Encryption
      Security Center & UAC
      Network Location Protection
      OS
      Microsoft Enterprise Desktop
      Virtualization (MED-V)
      OPERATING SYSTEM
      Hardware
      End User Benefits
      Offline Use
      Flexible Configurations
      Rich user experience
      IT Benefits
      Protection of the local data
      Easy to migrate user
      Mitigation of application compatibility issues
    • 64. Task Worker
      Terminal Server Access
      RMS Protected Documents
      Bi-Directional Firewall, Defender, Malicious Software Removal Tool
      Bitlocker Drive Encryption
      Security Center & UAC
      Network Location Protection
      Applications
      Anti Virus & Antispyware
      Network Access Protection
      OS
      Application (APP-V) & Enterprise Desktop (MED-V) Virtualization
      Group Policy and AGPM
      Folder Redirection
      Offline Files
      Hardware
      End User Benefits
      Offline Use
      Flexible Configurations
      Rich user experience
      IT Benefits
      Protection of the local data
      Easy to migrate user
      Mitigation of application compatibility issues
    • 65. Task Worker
      Terminal Server Access
      RMS Protected Documents
      Network Access Protection
      Data, User Settings
      Applications
      Anti Virus & Antispyware
      Folder Redirection
      Offline Files
      Group Policy and AGPM
      Data Backup
      OS
      Application (APP-V) & Enterprise Desktop (MED-V) Virtualization
      Hardware
      End User Benefits
      Offline Use
      Flexible Configurations
      Rich user experience
      IT Benefits
      Protection of the local data
      Easy to migrate user
      Mitigation of application compatibility issues
    • 66. Task Worker
      RMS Protected Documents
      Data, User Settings
      Applications
      Folder Redirection
      Offline Files
      Group Policy and AGPM
      Data Backup
      System Monitoring
      System Management
      Mobile Device Management
      Corporate Security Policy
      OS
      Hardware
      End User Benefits
      Offline Use
      Flexible Configurations
      Rich user experience
      IT Benefits
      Protection of the local data
      Easy to migrate user
      Mitigation of application compatibility issues
    • 67. Contract / Offshore
    • 68. Microsoft Enterprise Desktop
      Virtualization (MED-V)
      End User Benefits
      Offline Use
      Flexible Configurations
      Rich user experience
      IT Benefits
      Protection of the local data
      Easy to migrate user
      Mitigation of application compatibility issues
      Contract / Offshore Worker
      Bitlocker Drive Encryption
      OPERATING SYSTEM
      Hardware
    • 69. Bi-Directional Firewall, Defender, Malicious Software Removal Tool
      Network Location Protection
      Bitlocker Drive Encryption
      Security Center & UAC
      OS
      Microsoft Enterprise Desktop
      Virtualization (MED-V)
      Contract / Offshore Worker
      OPERATING SYSTEM
      Hardware
      End User Benefits
      Offline Use
      Flexible Configurations
      Rich user experience
      IT Benefits
      Protection of the local data
      Easy to migrate user
      Mitigation of application compatibility issues
    • 70. Contract / Offshore Worker
      Terminal Server Access
      RMS Protected Documents
      Bi-Directional Firewall, Defender, Malicious Software Removal Tool
      Bitlocker Drive Encryption
      Security Center & UAC
      Network Location Protection
      Applications
      Anti Virus & Antispyware
      Network Access Protection
      OS
      Application (APP-V) & Enterprise Desktop (MED-V) Virtualization
      Hardware
      End User Benefits
      Offline Use
      Flexible Configurations
      Rich user experience
      IT Benefits
      Protection of the local data
      Easy to migrate user
      Mitigation of application compatibility issues
    • 71. Contract / Offshore Worker
      Terminal Server Access
      RMS Protected Documents
      Network Access Protection
      Data, User Settings
      Applications
      Anti Virus & Antispyware
      Folder Redirection
      Offline Files
      Group Policy and AGPM
      Data Backup
      OS
      Application (APP-V) & Enterprise Desktop (MED-V) Virtualization
      Hardware
      End User Benefits
      Offline Use
      Flexible Configurations
      Rich user experience
      IT Benefits
      Protection of the local data
      Easy to migrate user
      Mitigation of application compatibility issues
    • 72. Contract / Offshore Worker
      RMS Protected Documents
      Data, User Settings
      Applications
      Folder Redirection
      Offline Files
      Group Policy and AGPM
      Data Backup
      System Monitoring
      System Management
      Mobile Device Management
      Corporate Security Policy
      OS
      Hardware
      End User Benefits
      Offline Use
      Flexible Configurations
      Rich user experience
      IT Benefits
      Protection of the local data
      Easy to migrate user
      Mitigation of application compatibility issues
    • 73. Home
    • 74. Microsoft Enterprise Desktop
      Virtualization (MED-V)
      End User Benefits
      Offline Use
      Flexible Configurations
      Rich user experience
      IT Benefits
      Protection of the local data
      Easy to migrate user
      Mitigation of application compatibility issues
      Home Worker
      Bitlocker Drive Encryption
      OPERATING SYSTEM
      Hardware
    • 75. Home Worker
      Bi-Directional Firewall, Defender, Malicious Software Removal Tool
      Bitlocker Drive Encryption
      Security Center & UAC
      Network Location Protection
      OS
      Microsoft Enterprise Desktop
      Virtualization (MED-V)
      OPERATING SYSTEM
      Hardware
      End User Benefits
      Offline Use
      Flexible Configurations
      Rich user experience
      IT Benefits
      Protection of the local data
      Easy to migrate user
      Mitigation of application compatibility issues
    • 76. Home Worker
      Terminal Server Access
      RMS Protected Documents
      Bi-Directional Firewall, Defender, Malicious Software Removal Tool
      Bitlocker Drive Encryption
      Security Center & UAC
      Network Location Protection
      Applications
      Anti Virus & Antispyware
      Network Access Protection
      OS
      Application (APP-V) & Enterprise Desktop (MED-V) Virtualization
      Hardware
      End User Benefits
      Offline Use
      Flexible Configurations
      Rich user experience
      IT Benefits
      Protection of the local data
      Easy to migrate user
      Mitigation of application compatibility issues
    • 77. Home Worker
      Terminal Server Access
      RMS Protected Documents
      Network Access Protection
      Data, User Settings
      Applications
      Anti Virus & Antispyware
      Folder Redirection
      Offline Files
      Group Policy and AGPM
      Data Backup
      OS
      Application (APP-V) & Enterprise Desktop (MED-V) Virtualization
      Hardware
      End User Benefits
      Offline Use
      Flexible Configurations
      Rich user experience
      IT Benefits
      Protection of the local data
      Easy to migrate user
      Mitigation of application compatibility issues
    • 78. Home Worker
      RMS Protected Documents
      Data, User Settings
      Applications
      Folder Redirection
      Offline Files
      Group Policy and AGPM
      Data Backup
      System Monitoring
      System Management
      Mobile Device Management
      Corporate Security Policy
      OS
      Hardware
      End User Benefits
      Offline Use
      Flexible Configurations
      Rich user experience
      IT Benefits
      Protection of the local data
      Easy to migrate user
      Mitigation of application compatibility issues
    • 79. 7 Tips for Secure Client Computing
      Protect your personal information. It’s valuable
      Know who you’re dealing with
      Use anti-virus and firewall and update both regularly
      Setup your OS and Web Browser properly and update both regularly
      Protect your password
      Backup important files
      Learn who to contact if something goes wrong
    • 80. Technology
      Internet
      Intranet Web Server
      Exchange
      External Web Server
      User
      BRANCH OFFICE
      DMZ
      CSS
      Internal Network
      Internet
      SharePoint
      Active Directory
      HEAD QUARTERS
      User
      Customer
    • 81. Technology – Another View
      Trusted
      Unhealthy PC
      Isolated
      Remediation Server
      Web Server
      Infrastructure Servers
      New Customer
      Remote Access Gateway
      Trusted Home
      Unmanaged Devices
      MaliciousUsers
    • 82. OSI Model
      Application
      Presentation
      Session
      Transport
      Network
      Media layers
      Host layers
      Data Link
      Physical
    • 83. Head Office
    • 84. Head Office (Media Layer)
      Bitlocker Drive Encryption
      Microsoft Enterprise Desktop
      Virtualization (MED-V)
      OPERATING SYSTEM
      Physical
      End User Benefits
      Offline Use
      Flexible Configurations
      Rich user experience
      IT Benefits
      Protection of the local data
      Easy to migrate user
      Mitigation of application compatibility issues
    • 85. Head Office (Media Layer)
      Bitlocker Drive Encryption
      Secure Wireless Access
      Secure Remote Access
      Network Access Protection
      Intrusion Detection System
      Data Link
      Microsoft Enterprise Desktop
      Virtualization (MED-V)
      OPERATING SYSTEM
      Physical
      End User Benefits
      Offline Use
      Flexible Configurations
      Rich user experience
      IT Benefits
      Protection of the local data
      Easy to migrate user
      Mitigation of application compatibility issues
    • 86. Head Office (Media Layer)
      Secure Wireless Access
      Network Access Protection
      Secure Remote Access
      Site-to-Site VPN
      Address Translation
      Intrusion Detection System
      Network
      Data Link
      Microsoft Enterprise Desktop
      Virtualization (MED-V)
      OPERATING SYSTEM
      Physical
      End User Benefits
      Offline Use
      Flexible Configurations
      Rich user experience
      IT Benefits
      Protection of the local data
      Easy to migrate user
      Mitigation of application compatibility issues
    • 87. Head Office (Host Layer)
      IPSec Enabled Protection
      Server & Domain Isolation
      Transport
      Firewall Protection
      Microsoft Enterprise Desktop
      Virtualization (MED-V)
      OPERATING SYSTEM
      End User Benefits
      Offline Use
      Flexible Configurations
      Rich user experience
      IT Benefits
      Protection of the local data
      Easy to migrate user
      Mitigation of application compatibility issues
    • 88. Head Office (Host Layer)
      IPSec Enabled Protection
      Server & Domain Isolation
      Active Directory
      Remote Access Protocols
      Session
      Transport
      Firewall Protection
      Folder Redirection
      Offline Files
      Microsoft Enterprise Desktop
      Virtualization (MED-V)
      OPERATING SYSTEM
      End User Benefits
      Offline Use
      Flexible Configurations
      Rich user experience
      IT Benefits
      Protection of the local data
      Easy to migrate user
      Mitigation of application compatibility issues
    • 89. Head Office (Host Layer)
      GINA Protection
      GINA Protection
      Terminal Server Access
      Active Directory
      Remote Access Protocols
      Encrypted File System
      Presentation
      Session
      OPERATING SYSTEM
      Transport
      Folder Redirection
      Offline Files
      Anti Virus & Antispyware
      Group Policy and AGPM
      CTRL + ALT + DEL
      CTRL + ALT + DEL
      Microsoft Enterprise Desktop
      Virtualization (MED-V)
      OPERATING SYSTEM
      End User Benefits
      Offline Use
      Flexible Configurations
      Rich user experience
      IT Benefits
      Protection of the local data
      Easy to migrate user
      Mitigation of application compatibility issues
    • 90. Head Office (Host Layer)
      Application
      Defender, Malicious Software Removal Tool
      GINA Protection
      Terminal Server Access
      Encrypted File System
      Presentation
      Session
      Transport
      Application Protection
      Management
      Anti Virus & Antispyware
      Group Policy and AGPM
      CTRL + ALT + DEL
      Application (APP-V) Virtualization
      Microsoft Enterprise Desktop
      Virtualization (MED-V)
      OPERATING SYSTEM
      End User Benefits
      Offline Use
      Flexible Configurations
      Rich user experience
      IT Benefits
      Protection of the local data
      Easy to migrate user
      Mitigation of application compatibility issues
    • 91. Head Office (Host Layer)
      Application
      Defender, Malicious Software Removal Tool
      Presentation
      Session
      Transport
      Application Protection
      Management
      Web
      DHCP & DNS
      Audio Video
      Messaging
      Anti Virus & Antispyware
      Microsoft Enterprise Desktop
      Virtualization (MED-V)
      OPERATING SYSTEM
      End User Benefits
      Offline Use
      Flexible Configurations
      Rich user experience
      IT Benefits
      Protection of the local data
      Easy to migrate user
      Mitigation of application compatibility issues
    • 92. Head Office (Host Layer)
      Application
      Presentation
      Session
      Transport
      Web
      Audio Video
      Messaging
      DHCP & DNS
      Identity Management
      Data Protection
      Content Management
      Database
      Microsoft Enterprise Desktop
      Virtualization (MED-V)
      OPERATING SYSTEM
      End User Benefits
      Offline Use
      Flexible Configurations
      Rich user experience
      IT Benefits
      Protection of the local data
      Easy to migrate user
      Mitigation of application compatibility issues
    • 93. Branch Office
    • 94. Branch Office (Media Layer)
      Bitlocker Drive Encryption
      Microsoft Enterprise Desktop
      Virtualization (MED-V)
      OPERATING SYSTEM
      Physical
      End User Benefits
      Offline Use
      Flexible Configurations
      Rich user experience
      IT Benefits
      Protection of the local data
      Easy to migrate user
      Mitigation of application compatibility issues
    • 95. Branch Office (Media Layer)
      Bitlocker Drive Encryption
      Secure Wireless Access
      Secure Remote Access
      Network Access Protection
      Intrusion Detection System
      Data Link
      Microsoft Enterprise Desktop
      Virtualization (MED-V)
      OPERATING SYSTEM
      Physical
      End User Benefits
      Offline Use
      Flexible Configurations
      Rich user experience
      IT Benefits
      Protection of the local data
      Easy to migrate user
      Mitigation of application compatibility issues
    • 96. Branch Office (Media Layer)
      Secure Wireless Access
      Network Access Protection
      Secure Remote Access
      Site-to-Site VPN
      Address Translation
      Intrusion Detection System
      Network
      Data Link
      Microsoft Enterprise Desktop
      Virtualization (MED-V)
      OPERATING SYSTEM
      Physical
      End User Benefits
      Offline Use
      Flexible Configurations
      Rich user experience
      IT Benefits
      Protection of the local data
      Easy to migrate user
      Mitigation of application compatibility issues
    • 97. Branch Office (Host Layer)
      IPSec Enabled Protection
      Server & Domain Isolation
      Transport
      Firewall Protection
      Microsoft Enterprise Desktop
      Virtualization (MED-V)
      OPERATING SYSTEM
      End User Benefits
      Offline Use
      Flexible Configurations
      Rich user experience
      IT Benefits
      Protection of the local data
      Easy to migrate user
      Mitigation of application compatibility issues
    • 98. Branch Office (Host Layer)
      IPSec Enabled Protection
      Server & Domain Isolation
      Active Directory
      Remote Access Protocols
      Session
      Transport
      Firewall Protection
      Folder Redirection
      Offline Files
      Microsoft Enterprise Desktop
      Virtualization (MED-V)
      OPERATING SYSTEM
      End User Benefits
      Offline Use
      Flexible Configurations
      Rich user experience
      IT Benefits
      Protection of the local data
      Easy to migrate user
      Mitigation of application compatibility issues
    • 99. Branch Office (Host Layer)
      GINA Protection
      GINA Protection
      Terminal Server Access
      Active Directory
      Remote Access Protocols
      Encrypted File System
      Presentation
      Session
      OPERATING SYSTEM
      Transport
      Folder Redirection
      Offline Files
      Anti Virus & Antispyware
      Group Policy and AGPM
      CTRL + ALT + DEL
      CTRL + ALT + DEL
      Microsoft Enterprise Desktop
      Virtualization (MED-V)
      OPERATING SYSTEM
      End User Benefits
      Offline Use
      Flexible Configurations
      Rich user experience
      IT Benefits
      Protection of the local data
      Easy to migrate user
      Mitigation of application compatibility issues
    • 100. Branch Office (Host Layer)
      Application
      Defender, Malicious Software Removal Tool
      GINA Protection
      Terminal Server Access
      Encrypted File System
      Presentation
      Session
      Transport
      Application Protection
      Management
      Anti Virus & Antispyware
      Group Policy and AGPM
      CTRL + ALT + DEL
      Application (APP-V) Virtualization
      Microsoft Enterprise Desktop
      Virtualization (MED-V)
      OPERATING SYSTEM
      End User Benefits
      Offline Use
      Flexible Configurations
      Rich user experience
      IT Benefits
      Protection of the local data
      Easy to migrate user
      Mitigation of application compatibility issues
    • 101. Branch Office (Host Layer)
      Application
      Defender, Malicious Software Removal Tool
      Presentation
      Session
      Transport
      Application Protection
      Management
      Web
      DHCP & DNS
      Audio Video
      Messaging
      Anti Virus & Antispyware
      Microsoft Enterprise Desktop
      Virtualization (MED-V)
      OPERATING SYSTEM
      End User Benefits
      Offline Use
      Flexible Configurations
      Rich user experience
      IT Benefits
      Protection of the local data
      Easy to migrate user
      Mitigation of application compatibility issues
    • 102. Branch Office (Host Layer)
      Application
      Presentation
      Session
      Transport
      Web
      Audio Video
      Messaging
      DHCP & DNS
      Identity Management
      Data Protection
      Content Management
      Database
      Microsoft Enterprise Desktop
      Virtualization (MED-V)
      OPERATING SYSTEM
      End User Benefits
      Offline Use
      Flexible Configurations
      Rich user experience
      IT Benefits
      Protection of the local data
      Easy to migrate user
      Mitigation of application compatibility issues
    • 103. IntranetExtranet
    • 104. Intranet/Extranet (Media Layer)
      Bitlocker Drive Encryption
      Microsoft Enterprise Desktop
      Virtualization (MED-V)
      OPERATING SYSTEM
      Physical
      End User Benefits
      Offline Use
      Flexible Configurations
      Rich user experience
      IT Benefits
      Protection of the local data
      Easy to migrate user
      Mitigation of application compatibility issues
    • 105. Intranet/Extranet (Media Layer)
      Bitlocker Drive Encryption
      Secure Wireless Access
      Secure Remote Access
      Network Access Protection
      Intrusion Detection System
      Data Link
      Microsoft Enterprise Desktop
      Virtualization (MED-V)
      OPERATING SYSTEM
      Physical
      End User Benefits
      Offline Use
      Flexible Configurations
      Rich user experience
      IT Benefits
      Protection of the local data
      Easy to migrate user
      Mitigation of application compatibility issues
    • 106. Intranet/Extranet (Media Layer)
      Secure Wireless Access
      Network Access Protection
      Secure Remote Access
      Site-to-Site VPN
      Address Translation
      Intrusion Detection System
      Network
      Data Link
      Microsoft Enterprise Desktop
      Virtualization (MED-V)
      OPERATING SYSTEM
      Physical
      End User Benefits
      Offline Use
      Flexible Configurations
      Rich user experience
      IT Benefits
      Protection of the local data
      Easy to migrate user
      Mitigation of application compatibility issues
    • 107. Intranet/Extranet (Host Layer)
      IPSec Enabled Protection
      Server & Domain Isolation
      Transport
      Firewall Protection
      Microsoft Enterprise Desktop
      Virtualization (MED-V)
      OPERATING SYSTEM
      End User Benefits
      Offline Use
      Flexible Configurations
      Rich user experience
      IT Benefits
      Protection of the local data
      Easy to migrate user
      Mitigation of application compatibility issues
    • 108. Intranet/Extranet (Host Layer)
      IPSec Enabled Protection
      Server & Domain Isolation
      Active Directory
      Remote Access Protocols
      Session
      Transport
      Firewall Protection
      Folder Redirection
      Offline Files
      Microsoft Enterprise Desktop
      Virtualization (MED-V)
      OPERATING SYSTEM
      End User Benefits
      Offline Use
      Flexible Configurations
      Rich user experience
      IT Benefits
      Protection of the local data
      Easy to migrate user
      Mitigation of application compatibility issues
    • 109. Intranet/Extranet (Host Layer)
      GINA Protection
      GINA Protection
      Terminal Server Access
      Active Directory
      Remote Access Protocols
      Encrypted File System
      Presentation
      Session
      OPERATING SYSTEM
      Transport
      Folder Redirection
      Offline Files
      Anti Virus & Antispyware
      Group Policy and AGPM
      CTRL + ALT + DEL
      CTRL + ALT + DEL
      Microsoft Enterprise Desktop
      Virtualization (MED-V)
      OPERATING SYSTEM
      End User Benefits
      Offline Use
      Flexible Configurations
      Rich user experience
      IT Benefits
      Protection of the local data
      Easy to migrate user
      Mitigation of application compatibility issues
    • 110. Intranet/Extranet (Host Layer)
      Application
      Defender, Malicious Software Removal Tool
      GINA Protection
      Terminal Server Access
      Encrypted File System
      Presentation
      Session
      Transport
      Application Protection
      Management
      Anti Virus & Antispyware
      Group Policy and AGPM
      CTRL + ALT + DEL
      Application (APP-V) Virtualization
      Microsoft Enterprise Desktop
      Virtualization (MED-V)
      OPERATING SYSTEM
      End User Benefits
      Offline Use
      Flexible Configurations
      Rich user experience
      IT Benefits
      Protection of the local data
      Easy to migrate user
      Mitigation of application compatibility issues
    • 111. Intranet/Extranet (Host Layer)
      Application
      Defender, Malicious Software Removal Tool
      Presentation
      Session
      Transport
      Application Protection
      Management
      Web
      DHCP & DNS
      Audio Video
      Messaging
      Anti Virus & Antispyware
      Microsoft Enterprise Desktop
      Virtualization (MED-V)
      OPERATING SYSTEM
      End User Benefits
      Offline Use
      Flexible Configurations
      Rich user experience
      IT Benefits
      Protection of the local data
      Easy to migrate user
      Mitigation of application compatibility issues
    • 112. Intranet/Extranet (Host Layer)
      Application
      Presentation
      Session
      Transport
      Web
      Audio Video
      Messaging
      DHCP & DNS
      Identity Management
      Data Protection
      Content Management
      Database
      Microsoft Enterprise Desktop
      Virtualization (MED-V)
      OPERATING SYSTEM
      End User Benefits
      Offline Use
      Flexible Configurations
      Rich user experience
      IT Benefits
      Protection of the local data
      Easy to migrate user
      Mitigation of application compatibility issues
    • 113. Remote Access
    • 114. Wired Access
      ADSL / Cable
      Power Line
      Dial-in / ISDN
      Fiber Optic
    • 115. Wireless Access
      WiFi
      GPRS / UMTS / HSPA / LTE
      Wireless USB
      Bluetooth
      WiMAX
      Satellite
    • 116. Securing Wireless…
      Internet
      Wired Enterprise Network
    • 117. VPN security models
    • 118. Direct Access
      Microsoft Solution
      Situation Today
      Direct Access
      Office
      Home
      Home
      Office
      • New network paradigm enables same experience inside & outside the office
      • 119. Seamless access to network resources increases productivity of mobile users
      • 120. Infrastructure investments also make it easier to service mobile PCs and distribute updates and polices
      • 121. Difficult for users to access corporate resources from outside the office
      • 122. Challenging for IT to manage, update, patch mobile PCs while disconnected from company network
    • Process
    • 123. Process
      Application Security
      Cryptography
      Access Control
      Business Continuity & Disaster Recovery
      Information Security and Risk Management
      Operations Security
      Physical (Environmental) Security
      Security Architecture and Design
      Telecommunications and Network Security
      Legal, Regulations, Compliance & Investigations
    • 124. Access Control
    • 125. Application Security
    • 126. Business Continuity
      Business Continuity Planning Lifecycle
    • 127. Disaster Recovery
    • 128. Cryptography
      Symmetric-key
      Asymmetric-key
    • 129. Information Security
      Administrative
      Logical
      Physical
    • 130. Risk Management
      Risk avoidance
      Risk reduction
      Risk retention
      Risk transfer
    • 131. Operations Security
      World War II-era poster promoting OPSEC
    • 132. Security Architecture and Design
    • 133. Legal, Regulations, Compliance & Investigations
    • 134. Telecommunications and Network Security
    • 135. Physical Security
      Key Elements
      Key Features
    • 136. Security Guidance and Resources
      Microsoft Security Home Page: www.microsoft.com/security
      Microsoft Forefront: http://www.microsoft.com/forefront/default.mspx
      General Information:
      Microsoft Live Safety Center: http://safety.live.com
      Microsoft Security Response Center: www.microsoft.com/security/msrc
      Security Development Lifecycle: http://msdn.microsoft.com/security/sdl
      Get the Facts on Windows and Linux: www.microsoft.com/getthefacts
      Anti-Malware:
      Microsoft OneCare Live: https://beta.windowsonecare.com
      Microsoft Defender: www.microsoft.com/athome/security/spyware/software
      Spyware Criteria: www.microsoft.com/athome/security/spyware/software/isv
      Guidance Centers:
      Security Guidance Centers: www.microsoft.com/security/guidance
      Security Guidance for IT Professionals: www.microsoft.com/technet/security
      The Microsoft Security Developer Center: msdn.microsoft.com/security
      The Security at Home Consumer Site: www.microsoft.com/athome/security
    • 137. આભાર
      ধন্যবাদ
      நன்றி
      धन्यवाद
      ಧನ್ಯವಾದಗಳು
      ధన్యవాదాలు
      ଧନ୍ୟବାଦ
      നിങ്ങള്‍‌ക്ക് നന്ദി
      ਧੰਨਵਾਦ
    • 138. © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
      The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.