Enhance Security and Control<br />NarendaWicaksono<br />IT Pro Advisor, Microsoft Indonesia<br />
Windows 7 Enterprise Security<br />Building upon the security foundations of Windows Vista, Windows 7 provides IT Professi...
A. Fundamentally Secure Platform<br />Windows Vista Foundation<br />Streamlined User Account Control<br />Enhanced Auditin...
B. Securing Anywhere Access<br />Network Security<br />Network Access Protection<br />Direct AccessTM<br />
C. Protect Users & Infrastructure<br />AppLockerTM<br />Internet Explorer<br />Data Recovery<br />
D. Protect Data from Unauthorized Viewing<br />RMS<br />EFS<br />BitLocker & BitLocker To GoTM<br />
A. Fundamentally Secure Platform<br />Windows Vista Foundation<br />Streamlined User Account Control<br />Enhanced Auditin...
Windows Vista Foundation<br />Security Development Lifecycle process<br />Kernel Patch Protection<br />Windows Service Har...
Streamlined User Account Control<br />Make the system work well for standard users<br />Administrators use full privilege ...
Enhanced Auditing<br />XML based<br />Granular audit categories<br />Detailed collection of audit results<br />Simplified ...
User Account Control – Windows Vista<br />System Works for Standard User<br />All users, including administrators, run as ...
User Account Control – Windows 7<br />Streamlined UAC<br />Reduce the number of OS applications and tasks that require ele...
Desktop Auditing – Windows Vista<br />New XML based events<br />Fine grained support for audit of administrative privilege...
Desktop Auditing – Windows 7<br />Enhanced Auditing<br />Simplified configuration results in lower TCO<br />Demonstrate wh...
B. Securing Anywhere Access<br />Network Security<br />Network Access Protection<br />DirectAccess<br />
Network Security<br />Policy based network segmentation for more secure and isolated logical networks<br />Multi-Home Fire...
Network Access Protection<br />Ensure that only “healthy” machines can access corporate data<br />Enable “unhealthy” machi...
DirectAccess<br />Security protected, seamless, always on  connection to corporate network<br />Improved management of rem...
Network Access Protection<br />Remediation<br />Servers<br />Example: Patch<br />Restricted<br />Network<br />CORPORATE NE...
Remote Access for Mobile Workers Access Information Anywhere<br />SITUATION TODAY<br />Difficult for users to access corpo...
Remote Access for Mobile Workers Access Information Anywhere<br />DirectAccess<br />Windows 7 SOLUTION<br />Same experienc...
C. Protect Users & Infrastructure<br />Data Recovery<br />AppLockerTM<br />Internet Explorer 8<br />
AppLockerTM<br />Enables application standardization within an organization without increasing TCO<br />Increase security ...
Internet Explorer 8<br />Protect users against social engineering and privacy exploits<br />Protect users against browser ...
Data Recovery<br />File back up and restore<br />CompletePC™ image-based backup <br />System Restore<br />Volume Shadow Co...
Application Control<br />SITUATION TODAY<br />Users can install and run non-standard applications<br />Even standard users...
Application Control<br />AppLocker<br />Windows 7 SOLUTION<br />Eliminate unwanted/unknown applications in your network<br...
AppLocker<br />Technical Details<br />Simple Rule Structure: Allow, Exception & Deny<br />Publisher Rules<br />Product Pub...
Building on IE7 and addressing the evolving threat landscape<br />Social Engineering & Exploits<br />Reduce unwanted commu...
D. Protect Data from Unauthorized Viewing<br />BitLocker<br />RMS<br />EFS<br />
RMS<br />Policy definitionand enforcement<br />Protects information wherever it travels<br />Integrated RMS Client <br />P...
EFS<br />User-based file and folder encryption <br />Ability to store EFS keys on a smart card<br />
BitLocker<br />Easier to configure and deploy<br />Roam protected data between work and home<br />Share protected data wit...
BitLocker<br />SITUATION TODAY<br />Worldwide Shipments (000s)<br /><ul><li>Gartner “Forecast: USB Flash Drives, Worldwide...
Gartner “Dataquest Insight: PC Forecast Analysis, Worldwide, 1H08” 18 April 2008, Mikako Kitagawa, George Shiffler III </l...
BitLocker<br />Technical Details<br />BitLocker Enhancements<br />Automatic 200 Mb hidden boot partition<br />New Key Prot...
Windows 7 Enterprise Security<br />Building upon the security foundations of Windows Vista, Windows 7 provides IT Professi...
Next Steps<br />Partner with your Microsoft Account Team to create or review your Security Action Plan <br />Talk about In...
Security Guidance and Resources<br />Windows 7 Information:<br />Windows Enterprise: <br />http://www.microsoft.com/window...
Learning curriculum<br />Hands on lab<br />Sample codes<br />Videos<br />Slides<br />E-Certification<br />Online Assessmen...
eBooks in Bahasa<br />
Indonesia Developer Portal<br />http://geeks.netindonesia.net<br />
IT Professional Portal<br />http://wss-id.org<br />
Upcoming SlideShare
Loading in …5
×

Windows 7 Security Enhancements

1,959 views
1,885 views

Published on

Published in: Technology
0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,959
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
0
Comments
0
Likes
4
Embeds 0
No embeds

No notes for slide
  • UAC was introduced in Windows Vista to help provide customers more control of their system by enabling IT administrators to lock down the system for certain users by running them within standard, non privileged user accounts. UAC has delivered successfully on this in the Windows Vista timeframe and customers continue to value the ability to create a standard user and be confident an administrator can make the decisions on what software is added to the system and what changes should be allowed. However, we have received substantial feedback about the number of notifications for change. In Windows 7, we have invested in addressing the key customer feedback around UAC, while still maintaining the ability for IT administrators to be confident about a standard user environment.We have enabled the Windows operations that users do often to be done in a standard user environment with the goal of providing prompt free daily activities. For example, a standard user can now adjust the readability of the screen (dpi) without having to change it for the entire system. Additionally, we have reduced key duplicate notifications for common activities such as installing applications from IE. We have also made it easier for IT to look at key setting on the system without needing administrative privileges by refactoring many of our control panel applications into read only and write sections.In line with our overall Windows 7focus on user-in-control, we have enabled a person running as a protected administrator to determine the range of notifications s/he receives. Based on customer feedback and actual instrumented data from our customers’ response to UAC prompts, we default the initial setting for UAC such that administrators are notified when software other than Windows is requesting to change the overall system and such that standard users will receive a request for administrator authorization for any change to the overall system. We believe this default setting has the right balance of establishing an ecosystem where a broad range of ISV software can be run in a standard user environment while providing administrators with control over the experience of configuring Windows.
  • UAC was introduced in Windows Vista to help provide customers more control of their system by enabling IT administrators to lock down the system for certain users by running them within standard, non privileged user accounts. UAC has delivered successfully on this in the Windows Vista timeframe and customers continue to value the ability to create a standard user and be confident an administrator can make the decisions on what software is added to the system and what changes should be allowed. However, we have received substantial feedback about the number of notifications for change. In Windows 7, we have invested in addressing the key customer feedback around UAC, while still maintaining the ability for IT administrators to be confident about a standard user environment.We have enabled the Windows operations that users do often to be done in a standard user environment with the goal of providing prompt free daily activities. For example, a standard user can now adjust the readability of the screen (dpi) without having to change it for the entire system. Additionally, we have reduced key duplicate notifications for common activities such as installing applications from IE. We have also made it easier for IT to look at key setting on the system without needing administrative privileges by refactoring many of our control panel applications into read only and write sections.In line with our overall Windows 7focus on user-in-control, we have enabled a person running as a protected administrator to determine the range of notifications s/he receives. Based on customer feedback and actual instrumented data from our customers’ response to UAC prompts, we default the initial setting for UAC such that administrators are notified when software other than Windows is requesting to change the overall system and such that standard users will receive a request for administrator authorization for any change to the overall system. We believe this default setting has the right balance of establishing an ecosystem where a broad range of ISV software can be run in a standard user environment while providing administrators with control over the experience of configuring Windows.
  • UAC was introduced in Windows Vista to help provide customers more control of their system by enabling IT administrators to lock down the system for certain users by running them within standard, non privileged user accounts. UAC has delivered successfully on this in the Windows Vista timeframe and customers continue to value the ability to create a standard user and be confident an administrator can make the decisions on what software is added to the system and what changes should be allowed. However, we have received substantial feedback about the number of notifications for change. In Windows 7, we have invested in addressing the key customer feedback around UAC, while still maintaining the ability for IT administrators to be confident about a standard user environment.We have enabled the Windows operations that users do often to be done in a standard user environment with the goal of providing prompt free daily activities. For example, a standard user can now adjust the readability of the screen (dpi) without having to change it for the entire system. Additionally, we have reduced key duplicate notifications for common activities such as installing applications from IE. We have also made it easier for IT to look at key setting on the system without needing administrative privileges by refactoring many of our control panel applications into read only and write sections.In line with our overall Windows 7focus on user-in-control, we have enabled a person running as a protected administrator to determine the range of notifications s/he receives. Based on customer feedback and actual instrumented data from our customers’ response to UAC prompts, we default the initial setting for UAC such that administrators are notified when software other than Windows is requesting to change the overall system and such that standard users will receive a request for administrator authorization for any change to the overall system. We believe this default setting has the right balance of establishing an ecosystem where a broad range of ISV software can be run in a standard user environment while providing administrators with control over the experience of configuring Windows.
  • UAC was introduced in Windows Vista to help provide customers more control of their system by enabling IT administrators to lock down the system for certain users by running them within standard, non privileged user accounts. UAC has delivered successfully on this in the Windows Vista timeframe and customers continue to value the ability to create a standard user and be confident an administrator can make the decisions on what software is added to the system and what changes should be allowed. However, we have received substantial feedback about the number of notifications for change. In Windows 7, we have invested in addressing the key customer feedback around UAC, while still maintaining the ability for IT administrators to be confident about a standard user environment.We have enabled the Windows operations that users do often to be done in a standard user environment with the goal of providing prompt free daily activities. For example, a standard user can now adjust the readability of the screen (dpi) without having to change it for the entire system. Additionally, we have reduced key duplicate notifications for common activities such as installing applications from IE. We have also made it easier for IT to look at key setting on the system without needing administrative privileges by refactoring many of our control panel applications into read only and write sections.In line with our overall Windows 7focus on user-in-control, we have enabled a person running as a protected administrator to determine the range of notifications s/he receives. Based on customer feedback and actual instrumented data from our customers’ response to UAC prompts, we default the initial setting for UAC such that administrators are notified when software other than Windows is requesting to change the overall system and such that standard users will receive a request for administrator authorization for any change to the overall system. We believe this default setting has the right balance of establishing an ecosystem where a broad range of ISV software can be run in a standard user environment while providing administrators with control over the experience of configuring Windows.
  • One of the most time-consuming challenges that network administrators we talk to face is ensuring that computers that connect to private networks are up to date and meet health policy requirements. This complex task is commonly referred to as maintaining computer health. Enforcing requirements is even more difficult when the computers, such as home computers or traveling laptops, are not under the administrator’s control. Yet failure to keep computers that connect to the network up to date is one of the most common ways to jeopardize the integrity of a network. Network Access Protection NAP was introduced in Windows Vista and remains a key component of Windows 7. While there are no major additions in Windows 7, NAP is a core Windows technology that provides components that can help you enforce compliance with health requirement policies for network access or communication. With NAP, you can create solutions for validating computers that connect to your networks, provide needed updates or access to needed health update resources, and limit the access or communication of noncompliant computers. The enforcement features of NAP can be integrated with software from other vendors or with custom programs. One point to really understand, NAP is not designed to protect a network from malicious users. It is designed to help your administrators automatically maintain the health of the computers on the network, which in turn helps maintain your network’s overall integrity.
  • UAC was introduced in Windows Vista to help provide customers more control of their system by enabling IT administrators to lock down the system for certain users by running them within standard, non privileged user accounts. UAC has delivered successfully on this in the Windows Vista timeframe and customers continue to value the ability to create a standard user and be confident an administrator can make the decisions on what software is added to the system and what changes should be allowed. However, we have received substantial feedback about the number of notifications for change. In Windows 7, we have invested in addressing the key customer feedback around UAC, while still maintaining the ability for IT administrators to be confident about a standard user environment.We have enabled the Windows operations that users do often to be done in a standard user environment with the goal of providing prompt free daily activities. For example, a standard user can now adjust the readability of the screen (dpi) without having to change it for the entire system. Additionally, we have reduced key duplicate notifications for common activities such as installing applications from IE. We have also made it easier for IT to look at key setting on the system without needing administrative privileges by refactoring many of our control panel applications into read only and write sections.In line with our overall Windows 7focus on user-in-control, we have enabled a person running as a protected administrator to determine the range of notifications s/he receives. Based on customer feedback and actual instrumented data from our customers’ response to UAC prompts, we default the initial setting for UAC such that administrators are notified when software other than Windows is requesting to change the overall system and such that standard users will receive a request for administrator authorization for any change to the overall system. We believe this default setting has the right balance of establishing an ecosystem where a broad range of ISV software can be run in a standard user environment while providing administrators with control over the experience of configuring Windows.
  • The longer a computer has been deployed, the more the software on them drifts away from their desired configuration. These inconsistencies are greatly accelerated by installation and execution of non-standard software within the desktop environment. Users today bring software into the environment by bringing in software from home, Internet downloads (intended and not intended!), and through email. The result is higher incidence of malware infections, more help desk calls, and difficulty in ensuring that your PCs are running only approved, licensed software. Coupled with the required on compliance in the enterprise through OCI, SOX, HIPPA and other compliance regulations, enterprises are renewing efforts to lock down their desktops as a means to: Reduce total cost of ownership (TCO)Increase security to safeguard against data loss and the threat of IT theft and to secure privacySupport compliance solutions by validating which users can run specific applicationsWith Windows XP and Windows Vista, we gave IT administrators Software Restriction Policies to enable the definition of a relatively secure application lockdown policy. SRP has been utilized with tremendous success in many customer situations, but customers have requested more flexibility and control over the applications in their desktop environment.Windows 7 reenergizes application lockdown policies with a totally revamped set of capabilities in AppLocker. AppLocker provides a flexible mechanism that allows administrators to specify exactly what is allowed to run on their systems and gives users the ability to run applications, installation programs, and scripts that administrators have explicitly granted permission to execute. As a result, IT can enforce application standardization within their organization with minimal TCO implications.
  • AppLocker provides a flexible mechanism that allows IT administrators to specify exactly which applications, install packages, and scripts are allowed to run on their systems. When enabled, the feature operates as an “allow list” by default. Users may only run applications, installation programs, and scripts that administrators have approved. Within these allow lists, IT administrators can call out exceptions to the allow list (e.g. allow everything in c:windowssystem32 to run, except the registry editor). In specific instances, where required, specific deny rules can also be enforced. AppLocker enables IT to enforce application standardization within their organization with minimal cost implications. AppLocker enables IT administrators to manage applications beyond the traditional file name and hash mechanisms that are prevalent. This gives AppLocker rules a resiliency throughout the software update lifecycle. For example, a rule could be written that says “allow all versions greater than 8.1 of the program Photoshop to run if it is signed by the software publisher Adobe.” Such a rule can be associated with existing security groups within an organization, providing controls that allow an organization to support compliance requirements by validating and enforcing which users can run specific applications.AppLocker is a totally new feature that will only be available in the premium SKUs, while the legacy Software Restriction Policies will be available in the Business and Enterprise SKUs.
  • Delivering a Web browser that helps protect an organizations security posture in addition to a user’s privacy has been a focus for Microsoft for several years. From the ability to block cookies from Web sites without privacy policies that comply with user settings that was introduced in IE 6 to the first integrated browser based phishing filter in IE 7, Microsoft has been a leader in browser security and privacy controls.User safety, choice, and control also were key themes in the development of Internet Explorer 8, which includes many innovations that contribute to a more trustworthy Web browsing experience. For example, the SmartScreen® Filter helps protect against known phishing and malware sites. Internet Explorer 8 also highlights the domain name in the URL string in the Address Bar in black text, making it easier for users to identify deceptive sites. And the new Cross-Site Scripting Filter (XSS), helps prevent against type-1 cross-site scripting attacks, which can be used to capture keystrokes, steal user credentials, deface Web pages, or launch more exotic attacks.From a privacy standpoint, Internet Explorer 8 includes an enhanced Delete Browsing History option that enables users to retain cookies and temporary Internet files for their favorite Web sites when deleting their browsing history, so that those favorite sites can continue to retain user preferences providing users increased browsing productivity.InPrivate™ Browsing is another new feature which helps prevent users’ browsing history, temporary Internet files, form data, cookies, and usernames/passwords from being stored or retained locally by the browser.InPrivate Filtering provides greater user choice and control over the third-parties from which content is retrieved and displayed on Web sites that the user visits—and thus how those same third parties can potentially track and aggregate users’ Web browsing activities.
  • Windows 7 Security Enhancements

    1. 1. Enhance Security and Control<br />NarendaWicaksono<br />IT Pro Advisor, Microsoft Indonesia<br />
    2. 2. Windows 7 Enterprise Security<br />Building upon the security foundations of Windows Vista, Windows 7 provides IT Professionals security features that are simple to use, manageable, and valuable.<br />FUNDAMENTALY SECURE PLATFORM<br />SECURING ANYWHERE ACCESS<br />PROTECT DATA FROM UNAUTHORIZED VIEWING<br />PROTECT USERS & INFRASTRUCTURE<br />
    3. 3. A. Fundamentally Secure Platform<br />Windows Vista Foundation<br />Streamlined User Account Control<br />Enhanced Auditing<br />
    4. 4. B. Securing Anywhere Access<br />Network Security<br />Network Access Protection<br />Direct AccessTM<br />
    5. 5. C. Protect Users & Infrastructure<br />AppLockerTM<br />Internet Explorer<br />Data Recovery<br />
    6. 6. D. Protect Data from Unauthorized Viewing<br />RMS<br />EFS<br />BitLocker & BitLocker To GoTM<br />
    7. 7. A. Fundamentally Secure Platform<br />Windows Vista Foundation<br />Streamlined User Account Control<br />Enhanced Auditing<br />
    8. 8. Windows Vista Foundation<br />Security Development Lifecycle process<br />Kernel Patch Protection<br />Windows Service Hardening<br />DEP & ASLR<br />IE 8 inclusive<br />Mandatory Integrity Controls<br />
    9. 9. Streamlined User Account Control<br />Make the system work well for standard users<br />Administrators use full privilege only for administrative tasks<br />File and registry virtualization helps applications that are not UAC compliant <br />
    10. 10. Enhanced Auditing<br />XML based<br />Granular audit categories<br />Detailed collection of audit results<br />Simplified compliance management<br />
    11. 11. User Account Control – Windows Vista<br />System Works for Standard User<br />All users, including administrators, run as Standard User by default<br />Administrators use full privilege only for administrative tasks or applications<br />CHALLENGES<br />User provides explicit consent before using elevated privilege<br />Disabling UAC removes protections, not just consent prompt<br />
    12. 12. User Account Control – Windows 7<br />Streamlined UAC<br />Reduce the number of OS applications and tasks that require elevation<br />Refactor applications into elevated/non-elevated pieces<br />Flexible prompt behavior for administrators<br />Customer’s Value<br />Users can do even more as a standard user<br />Administrators will see fewer UAC Elevation Prompts<br />
    13. 13. Desktop Auditing – Windows Vista<br />New XML based events<br />Fine grained support for audit of administrative privilege<br />Simplified filtering of “noise” to find the event you’re looking for<br />Tasks tied to events<br />CHALLENGES<br />Granular auditing complex to configure<br />Auditing access and privilege use for a group of users<br />
    14. 14. Desktop Auditing – Windows 7<br />Enhanced Auditing<br />Simplified configuration results in lower TCO<br />Demonstrate why a person has access to specific information<br />Understand why a person has been denied access to specific information<br />Track all changes made by specific people or groups<br />
    15. 15. B. Securing Anywhere Access<br />Network Security<br />Network Access Protection<br />DirectAccess<br />
    16. 16. Network Security<br />Policy based network segmentation for more secure and isolated logical networks<br />Multi-Home Firewall Profiles<br />DNSSec Support<br />
    17. 17. Network Access Protection<br />Ensure that only “healthy” machines can access corporate data<br />Enable “unhealthy” machines to get clean before they gain access <br />
    18. 18. DirectAccess<br />Security protected, seamless, always on connection to corporate network<br />Improved management of remote users <br />Consistent security for all access scenarios<br />
    19. 19. Network Access Protection<br />Remediation<br />Servers<br />Example: Patch<br />Restricted<br />Network<br />CORPORATE NETWORK<br />Windows 7<br />Health policy validation and remediation<br />Helps keep mobile, desktop and server devices in compliance<br />Reduces risk from unauthorized systems on the network<br />POLICY SERVERS<br />such as: Patch, AV<br />Windows<br />Client<br />DHCP, VPN<br />Switch/Router <br />NPS<br />Not Policy Compliant<br />Policy Compliant<br />
    20. 20. Remote Access for Mobile Workers Access Information Anywhere<br />SITUATION TODAY<br />Difficult for users to access corporate resources from outside the office<br />Challenging for IT to manage, update, patch mobile PCs while disconnected from company network<br />
    21. 21. Remote Access for Mobile Workers Access Information Anywhere<br />DirectAccess<br />Windows 7 SOLUTION<br />Same experience accessing corporate resources inside and outside the office<br />Seamless connection increases productivity of mobile users<br />Easy to service mobile PCs and distribute updates and polices<br />
    22. 22. C. Protect Users & Infrastructure<br />Data Recovery<br />AppLockerTM<br />Internet Explorer 8<br />
    23. 23. AppLockerTM<br />Enables application standardization within an organization without increasing TCO<br />Increase security to safeguard against data and privacy loss<br />Support compliance enforcement<br />
    24. 24. Internet Explorer 8<br />Protect users against social engineering and privacy exploits<br />Protect users against browser based exploits<br />Protect users against web server exploits<br />
    25. 25. Data Recovery<br />File back up and restore<br />CompletePC™ image-based backup <br />System Restore<br />Volume Shadow Copies<br />Volume Revert <br />
    26. 26. Application Control<br />SITUATION TODAY<br />Users can install and run non-standard applications<br />Even standard users can install some types of software<br />Unauthorized applications may:<br />Introduce malware, Increase helpdesk calls, Reduce user productivity, Undermine compliance efforts<br />
    27. 27. Application Control<br />AppLocker<br />Windows 7 SOLUTION<br />Eliminate unwanted/unknown applications in your network<br />Enforce application standardization within your organization<br />Easily create and manage flexible rules using Group Policy<br />
    28. 28. AppLocker<br />Technical Details<br />Simple Rule Structure: Allow, Exception & Deny<br />Publisher Rules<br />Product Publisher, Name, Filename & Version<br />Multiple Policies<br />Executables, installers, scripts & DLLs<br />Rule creation tools & wizard<br />Audit only mode<br />SKU Availability<br />AppLocker – Enterprise<br />Legacy SRP – Business & Enterprise<br />
    29. 29. Building on IE7 and addressing the evolving threat landscape<br />Social Engineering & Exploits<br />Reduce unwanted communications<br />Freedom from intrusion<br />International Domain Names<br />Pop-up Blocker<br />Increased usability <br />Browser & Web Server Exploits<br />Protection from deceptive websites, malicious code, online fraud, identity theft<br />Protection from harm<br />Secure Development Lifecycle<br />Extended Validation (EV) SSL certs<br />SmartScreen® Filter<br />Domain Highlighting<br />XSS Filter/ DEP/NX<br />ActiveX Controls<br />Choice and control<br />Clear notice of information use<br />Provide only what is needed<br />Control of information<br />User-friendly, discoverable notices<br />P3P-enabled cookie controls<br />Delete Browsing History<br />InPrivate™ Browsing & Filtering<br />Internet Explorer 8 Security<br />
    30. 30. D. Protect Data from Unauthorized Viewing<br />BitLocker<br />RMS<br />EFS<br />
    31. 31. RMS<br />Policy definitionand enforcement<br />Protects information wherever it travels<br />Integrated RMS Client <br />Policy-based protection of document libraries in SharePoint<br />
    32. 32. EFS<br />User-based file and folder encryption <br />Ability to store EFS keys on a smart card<br />
    33. 33. BitLocker<br />Easier to configure and deploy<br />Roam protected data between work and home<br />Share protected data with co-workers, clients, partners, etc.<br />Improve compliance and data security<br />
    34. 34. BitLocker<br />SITUATION TODAY<br />Worldwide Shipments (000s)<br /><ul><li>Gartner “Forecast: USB Flash Drives, Worldwide, 2001-2011” 24 September 2007, Joseph Unsworth  
    35. 35. Gartner “Dataquest Insight: PC Forecast Analysis, Worldwide, 1H08” 18 April 2008, Mikako Kitagawa, George Shiffler III </li></li></ul><li>BitLocker<br />BitLocker To Go<br />+<br />Windows 7 SOLUTION<br />Extend BitLocker drive encryption to removable devices<br />Create group policies to mandate the use of encryption and block unencrypted drives <br />Simplify BitLocker setup and configuration of primary hard drive<br />
    36. 36. BitLocker<br />Technical Details<br />BitLocker Enhancements<br />Automatic 200 Mb hidden boot partition<br />New Key Protectors<br />Domain Recovery Agent (DRA)<br />Smart card – data volumes only<br />BitLocker To Go<br />Support for FAT*<br />Protectors: DRA, passphrase, smart card and/or auto-unlock<br />Management: protector configuration, encryption enforcement<br />Read-only access on Vista & XP<br />SKU Availability<br />Encrypting – Enterprise<br />Unlocking – All<br />
    37. 37. Windows 7 Enterprise Security<br />Building upon the security foundations of Windows Vista, Windows 7 provides IT Professionals security features that are simple to use, manageable, and valuable.<br />SECURING ANYWHERE ACCESS<br />PROTECT DATA FROM UNAUTHORIZED VIEWING<br />FUNDAMENTALY SECURE PLATFORM<br />PROTECT USERS & INFRASTRUCTURE<br />Windows Vista Foundation<br />Streamlined UAC<br />Enhanced Auditing<br />Network Security<br />Network Access Protection<br />DirectAccess<br />AppLocker<br />Internet Explorer 8<br />Data Recovery<br />RMS<br />EFS<br />BitLocker<br />
    38. 38. Next Steps<br />Partner with your Microsoft Account Team to create or review your Security Action Plan <br />Talk about Infrastructure Optimization and the value it could bring to your organization<br />Implement a Defense-in-Depth security architecture using our advanced security technologies <br />Leverage Microsoft prescriptive security guidance and online security training <br />Stay informed through Microsoft Security Bulletins,Security Newsletters and Security Events<br />
    39. 39. Security Guidance and Resources<br />Windows 7 Information:<br />Windows Enterprise: <br />http://www.microsoft.com/windows/enterprise/products/windows-7.aspx<br />Windows For IT Pros:<br />http://technet.microsoft.com/en-us/windows/default.aspx<br />General Security Information:<br />Microsoft Security Home Page: www.microsoft.com/security<br />Microsoft Live Safety Center: http://safety.live.com<br />Microsoft Security Response Center: www.microsoft.com/security/msrc<br />Security Development Lifecycle: http://msdn.microsoft.com/security/sdl<br />Get the Facts on Windows and Linux: www.microsoft.com/getthefacts<br />Guidance Centers:<br />Security Guidance Centers: www.microsoft.com/security/guidance<br />Security Guidance for IT Professionals: www.microsoft.com/technet/security<br />The Microsoft Security Developer Center: msdn.microsoft.com/security<br />The Security at Home Consumer Site: www.microsoft.com/athome/security<br />
    40. 40. Learning curriculum<br />Hands on lab<br />Sample codes<br />Videos<br />Slides<br />E-Certification<br />Online Assessment<br />
    41. 41. eBooks in Bahasa<br />
    42. 42. Indonesia Developer Portal<br />http://geeks.netindonesia.net<br />
    43. 43. IT Professional Portal<br />http://wss-id.org<br />
    44. 44. © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.<br />The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.<br />

    ×