Microsoft Platform Security Briefing

  • 1,052 views
Uploaded on

 

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,052
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
25
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1.
  • 2. You are in a workshop…
    Not a training…
  • 3.
  • 4. Who are we - Introductions
    Ranjana JainIT Pro Evangelist – Platform SecurityMicrosoft IndiaMCSE, MCT, RHCE, CISSP, CIW Security Analyst
    Srinivas LTechnology Specialist – Security Microsoft IndiaMCTS-Security, CCNA, CCNE, CNA
    Gautam DuaSolution Specialist – Management and Security Microsoft IndiaMCSE, MCT
  • 5.
  • 6. Evolving Threat Landscape
    Local Area Networks
    First PC virus
    Boot sector viruses
    Create notorietyor cause havoc
    Slow propagation
    16-bit DOS
    Internet Era
    Macro viruses
    Script viruses
    Create notorietyor cause havoc
    Faster propagation
    32-bit Windows
    Hyper jacking
    Peer to Peer
    Social engineering
    Application attacks
    Financial motivation
    Targeted attacks
    64-bit Windows
    Broadbandprevalent
    Spyware, Spam
    Phishing
    Botnets
    Rootkits
    Financial motivation
    Internet wide impact
    32-bit Windows
    1986–1995
    1995–2000
    2000–2005
    2007
  • 7. National Interest
    Personal Gain
    Personal Fame
    Curiosity
    Largest segment by $ spent on defense
    Spy
    Largest area by $ lost
    Fastest
    growing
    segment
    Thief
    Largest area by volume
    Trespasser
    Author
    Vandal
    Undergraduate
    Script-Kiddy
    Expert
    Specialist
    Evolving Threats
  • 8. Addressing Security Threats
    Helps turn IT into a business asset not a cost center
    Supports your day to day security processes
    Is the Enabler to running your business successfully
    Technology
    Data privacy processes to manage data effectively
    IT security processes to implement, manage, and govern security
    Financial reporting processes that include security of the business
    Process
    Company understands the importance of security in the workplace
    Individuals know their role with security governance and compliance
    IT staff has the security skills and knowledge to support your business
    People
  • 9. Microsoft’s Promises To You
    Manage Complexity,
    Achieve Agility
    Amplifythe Impactof YourPeople
    ProtectInformation,ControlAccess
    Advance the Businesswith IT Solutions
  • 10. Delivering On The Promise:Infrastructure Optimization
    *Source: Microsoft CSO Summit 2007 Registration Survey
  • 11. Core Infrastructure Optimization
    More Efficient Cost Center
    Cost Center
    Strategic Asset
    Business Enabler
    Basic
    No centralized enterprise directory
    No automated patch management
    Anti-malwarenot centrally managed
    Message security for e-mail only
    No secure coding practices in place
    Standardized
    Using enterprise directory for authentication
    Automated patch management tools deployed
    Anti-malwareis managed centrally
    Unified message security in place
    Rationalized
    Integrated directory services, PKIin place
    Formal patch management process
    Defense in depth threat protection
    Security extended to remote and mobile workforce
    Dynamic
    Full identity lifecycle management.ID Federation,Rights Mgt Services in use
    Metrics driven update process
    Client quarantine and access policy enforcement
    <$100/PC Cost
    $1320/PC Cost
    $580/PC Cost
    $230/PC Cost
    Source:GCR and IDC data analyzed by Microsoft, 2006
  • 12. Core Infrastructure Optimization Model: Security
    Basic
    Standardized
    Rationalized
    Dynamic
    Technology
    Self provisioning and quarantine capable systems ensure compliance and high availability
    Automate identity and access management
    Automatedsystem management
    Multiple directories for authentication
    Limited automated software distribution
    Patch statusof desktopsis unknown
    No unified directory for access mgmt
    Self-assessing and continuous improvement
    Easy, secure access to info from anywhereon Internet
    SLAs are linkedto business objectives
    Clearly defined and enforced images, security, best practices
    CentralAdmin and configurationof security
    Standard desktop images defined,not adopted by all
    IT processes undefined
    Complexity dueto localized processesand minimal central control
    Process
    Improve IT Maturity while Gaining ROI
    IT is astrategic asset
    Users look to ITas a valued partner to enable new business initiatives
    IT Staff manages an efficient,controlled environment
    Users have the right tools,availability, and access to info
    IT Staff trained in best practices such as MOF,ITIL, etc.
    Users expect basic services from IT
    IT staff taxed by operational challenges
    Users come up with their ownIT solutions
    People
  • 13.
  • 14. Secure
    You get to pick any two!
    Usable
    Cheap
  • 15. Trustworthy Computing
  • 16. Security Development Lifecycle
    Design
    Threat Modeling
    Standards, best practices, and tools
    Security Push
    Final Security Review
    RTM and Deployment
    Signoff
    Security Response
    Product Inception
  • 17. Comprehensive Security Portfolio
    Services
    Edge
    Encrypting File System (EFS)
    Server Applications
    BitLocker™
    Information Protection
    Network Access Protection (NAP)
    Client and Server OS
    IdentityManagement
    Windows
    CardSpace
    SystemsManagement
    Active Directory Federation Services (ADFS)
    Guidance
    Developer Tools
  • 18.
  • 19. Priority #1 - Platform Security
    Security Development Lifecycle
    Security Response Center
    Better Updates And Tools
  • 20. Security Development Lifecycle (SDL)
    Kernel Patch Protection
    Kernel-mode Driver Signing
    Secure Startup
    Windows Service Hardening
    Secure
    Platform
    Rights Management Services (RMS)
    SharePoint, Exchange, Windows Mobile integration
    Encrypting File System (EFS)
    Bitlocker
    Secure
    Access
    User Account Control
    Network Access Protection (NAP)
    IPv6
    IPsec
    Windows CardSpace
    Native smart card support
    GINA Re-architecture
    Certificate Services
    Credential roaming
    Windows Defender
    IE Protected Mode
    Address Space Layout Randomization (ASLR)
    Data Execution Prevention (DEP)
    Bi-directional Firewall
    Windows Security Center
    Data
    Protection
    Malware
    Protection
  • 21. Security Development Lifecycle (SDL)
    Windows Server Virtualization (Hypervisor)
    Role Management Tool
    OS File Integrity
    Secure
    Platform
    Network
    Protection
    Network Access Protection (NAP)
    Server and Domain Isolation with IPsec
    End-to-end Network Authentication
    Windows Firewall With Advanced Security
    On By Default
    Identity
    Access
    Rights Management Services (RMS)
    Full volume encryption (Bitlocker)
    USB Device-connection rules with Group Policy
    Improved Auditing
    Windows Server Backup
    Data
    Protection
    Read-only Domain Controller (RODC)
    Active Directory Federation Srvcs. (ADFS)
    Administrative Role Separation
    PKI Management Console
    Online CertificateStatus Protocol
  • 22. Physical and Infrastructure Security
    Windows Firewall with Advanced Security
    Network Access Protection
    IPSec
    Supports both inbound and outbound filtering
    Set filtering policies by port, traffic type, or application
    Built-in support for IPv6, IPSec, and NAP policies
    Windows Vista has built-in support for NAP
    NAP Policies support conditional exclusions so unhealthy clients can connect to update servers to become compliant with established policies
    Windows Vista has built-in support for IPSec
    Windows Vista IPSec policies support NAP/NAC and Domain Isolation
    IPSec policies support conditional exclusions
  • 23. Identity and Access Control
    Windows Security Center
    Authentication Methods
    Windows CardSpace
    Shows status of security software and settings
    Monitor multiple vendors’ security solutions running on a computer and indicate which are enabled and up-to-date
    New deployment and management tools like PIN reset tools
    Common API model to help make it easier for smart card developers to make new tools
    Improved support for biometrics and tokens
    Manages Internet identities and allows for user control of personally identifiable information
    Allows users to view what personal information will be shared and how it will be used
  • 24. Identity and Access Control
    Malware Protection
    Windows Defender
    Internet Explorer 7
    Malicious Software Removal Tool
    Protects against damage caused by malware installations
    IE processes are ‘sandboxed’ to protect against infection
    Designed for security and compatibility
    Leverages UAC and improved caching technology integration for better performance
    Integration with IE7 allows downloaded files to be scanned prior to saving or execution
    Scans computers for infections by specific types of prevalent malware families
    Updated versions are released each month or as needed when new threats are discovered
  • 25. Information Protection
    BitLocker Drive Encryption
    Data Storage Group Policies
    Encrypting File System
    Data encryption for volumes and hard drives
    Uses AES encryption and integration with Trusted Platform Module (TPM 1.2) to secure data
    Enforce data storage policies by controlling where users can store data
    Prevent data loss and theft by limiting what media can be used to store sensitive information
    User-based data encryption for files and folders
    EFS keys can be stored on roaming profiles or on smart cards
  • 26. New Windows Firewall
    Inbound and Outbound Filtering
    New Management MMC
    Integrated Firewall and IPsec Policies
    Rule Configuration on Active Directory Groups and Users
    Support for IPv4 and IPv6
    Advanced Rule Options
    On by Default (Beta 3)
  • 27. Windows Service HardeningDefense In Depth – Factoring/Profiling
    D
    D
    D
    D
    D
    D
    D
    D
    Reduce size of high risk layers
    Segment the services
    Increases number of layers
    Service
    1
    Service

    Service
    2
    Service…
    Service
    A
    Service
    3
    Service
    B
    Kernel Drivers
    User-mode Drivers
  • 28. Network Access Protection
    Corporate LAN
    NAP Network
    Microsoft NetworkPolicy Server
    1
    2
    5
    Not PolicyCompliant
    PolicyCompliant
    DHCP, VPNSwitch/Router
    3
    WindowsClient
    Policy Server(Patch, AV)
    1
    Client requests access to network and presents current health state
    DHCP, VPN or Switch/Router relays health status to Microsoft Network Policy Server (RADIUS)
    2
    PatchServer
    4
    3
    Network Policy Server (NPS) validates against IT-defined health policy
    RestrictedNetwork
    If not policy compliant, client is put in a restricted VLAN and given access to download patches, configurations, signatures (Repeat 1 - 4)
    4
    5
    If policy compliant, client is granted full access to corporate network
  • 29. Benefits
    Features
    Windows Server Core
    Limits the server roles used.
    Installs only a subset of the binaries.
    Only required features are installed
    Command line interface, no GUI shell
    Takes about 1 GB for installation
    Reduced Software Maintenance
    Reduced Attack Surface
    Reduced Management
    Less Disk Space Required
  • 30. Windows Server Core Architecture
    Features
    WINS
    SNMP
    BitLocker Drive Encryption
    Telnet Client
    Failover Clustering
    Removable Storage Management
    Backup
    Roles
    FileServer
    Active Directory
    AD Lightweight Directory Service
    PrintServer
    MediaServices
    Windows Virtualization Server
    DNS
    DHCP
    Server Core
    Thin Management Tools (Local and Remote)
    Configure IP Address, Join a Domain, Create Users, etc.
    Core Subsystems
    Security (Logon Scenarios) Networking (TCP/IP) , File Systems, RPC, Winlogon, Necessary Dependencies.
    Infrastructure Features
    Command Shell, Domain Join, Event Log, Perform. Counter Infra., WS-Mgmt, WMI Infra, Licensing Service, WFP, HTTP Support, IPsec
    Resolved Category Dependencies – HAL, Kernel, VGA, Logon, etc.
    Hardware Support Components – Disk, Network Adapter, etc.
  • 31. Microsoft Security …
  • 32. Edge, server and client protection
    “Point to Point” Solutions
    Security of data at rest and in transit
    Mobile workforce
    Manageability
    Corporate
    Client Protection
    Server Protection
    Consumer/ Small Business
    Simple PC maintenance
    Anti-Virus
    Anti-Spyware
    Anti-Phishing
    Firewall
    Performance Tuning
    Backup and Restore
    Edge Protection
    Protection
  • 33. Unified malware protection for business desktops, laptops, and server operating systems that is easy to manage and control
    One spyware and virus protection solution
    Built on protection technology based
    Effective threat response
    UnifiedProtection
    One simplified security administration console
    Define one policy to manage client protectionagent settings
    Integrates with your existing infrastructure
    SimplifiedAdminis-tration
    One dashboard for visibility into threatsand vulnerabilities
    View insightful reports
    Stay informed with state assessment scansand security alerts
    VisibilityandControl
  • 34. Server and Domain Isolation (SD&I)
    Combined Solution
    Forefront™ Client Security
    Windows Vista™
    User Account Control
    IE7 with Protected Mode
    Randomize Address Space Layout
    Advanced Desktop Firewall
    Kernel Patch Protection (64bit)
    Policy Based Network Segmentation
    Restrict-To-Trusted Net Communications
    Infrastructure Software Integration
    Unified Virus & Spyware Protection
    Central Management
    Reporting, Alerting and State Assessment
  • 35. Microsoft
    Update
    Reporting and
    Alerting Server
    (OR ALTERNATE SYSTEM)
    (OR ALTERNATE SYSTEM)
    Desktops, Laptops and Server Operating Systems
    Running Microsoft Forefront Client Security
    REPORTS
    SETTINGS
    Management
    Server
    DEFINITIONS
    EVENTS
    Operations Architecture
  • 36. Forefront Client Security
    demo
  • 37. Tea/Coffee Break
  • 38. Security
    ApplicationLayer
  • 39. Anti-Virus For Application Servers
    Gartner Magic Quadrant:
    E-Mail Security Boundary -Leader-
    Distributed protection
    Performance tuning
    Content filtering
    Central management
    Exchange Server/ Windows-based SMTP Server
    Internet
    A
    B
    C
    D
    E
  • 40. Optimized access for employees, partners, andcustomers from virtually any device or location
    SecureRemoteAccess
    Enhanced connectivity and securityfor remote sites and applications
    BranchOfficeSecurity
    Increased resiliency for IT infrastructurefrom Internet-based threats
    InternetAccessProtection
  • 41. Microsoft IAG For Secure Access
    Customizable Enterprise Security
    SSL VPN access to internal applications
    Microsoft, third-party, and custom apps supported
    Granular access control rules
    Support for multiple authentication mechanisms
  • 42. Intelligent Application Gateway
    demo
  • 43. Lunch Break
  • 44. Security and Management
    Systems ManagementSuite Enterprise
  • 45. www.microsoft.com/security/guidance
  • 46. Join Us…
    http://delhiitpro.groups.live.com
    Mail me: ranjanaj@microsoft.com
    IT Pro Momentum Program
    Technet Plus Subscription
    Quaterly VTD: http://www.ConnectWithLife.com
  • 47. આભાર
    ধন্যবাদ
    நன்றி
    धन्यवाद
    ధన్యవాదాలు
    ಧನ್ಯವಾದಗಳು
    ଧନ୍ୟବାଦ
    നിങ്ങള്‍‌ക്ക് നന്ദി
    ਧੰਨਵਾਦ
  • 48. © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
    The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.