Microsoft on open source and security

1. Technical Evangelist DaveVoyles.com @DaveVoyles

2. Microsoft + Open Source Momentum Dead and buried: Microsoft's holy war on open-source software “Years ago, Microsoft's CEO described open source as a cancer. Times have changed. Just ask 22- year Redmond veteran and open- source proponent Mark Hill.” Charles Cooper Redmond top man Satya Nadella: 'Microsoft LOVES Linux‘ Neil McAllister Microsoft: the Open Source Company “This is not your dad’s Microsoft” Steven J. Vaughan-Nichols Tweet “Azure Container Service is different and offers the broadest hint yet that Microsoft wants to build real products with open source, not merely leverage it where it's convenient” Serdar Yegulalp

3. 10+ Years of Open Source Involvement Docker on Microsoft Azure O365+Moodle Integration

4. We’re Reimagining Microsoft We will empower every person and every organization on the planet to achieve more Build the best-in-class platforms and productivity services for the mobile-first, cloud-first world Create more personal computing Reinvent productivity & business processes Build the intelligent cloud platform

5. Your Infrastructure is a Function of Time How do you plot your journey to the cloud? The Landscape of Now!

6. The Microsoft Open Approach For your journey to the cloud Empowering Customers By Enabling Choice To Provide a Trusted Cloud Freedom to Choose Freedom to Change Optimal Value Vibrant Local IT Economy X-Platform Open Standards Interoperability Open Source Ecosystem Engagement Secure Privacy & Control Compliance Transparent

7. +Hundreds of community supported images on VM Depot SQL Server Microsoft Azure is an Open Cloud We’ve delivered an open, broad, and flexible cloud across the stack Web App Gallery Dozens of .NET & PHP CMS and Web apps Microsoft Azure One in Four VMs on Azure Runs Linux Today!

8. Open Source on Azure: Addressing Industry Trends

9. Azure Open Source Customers

10. Facing increasing malware threats and a growing trend of BYOD with

11. 11

12. 12

13. “The Target hackers broke into the network using a stolen user name and password that had been created for the company servicing their air conditioning systems.” BRAIN KREBS (SECURITY BLOGGER) Target - Exploiting Weak Identities Source: “Cards Stolen in Target Breach Flood Underground Markets,” KrebsOnSecurity.com, December 20, 2013 13

14. 14

15. THREAT RESISTANCE Increasing password theft Poor password practices Support infrastructure and costs Cumbersome and costly MFA deployment Disk encryption optional Lacking integrated DLP Varying experience in mobile and desktops Platform security built of software alone Bootkit and rootkit Pass-the-hash Trusted until detected as a threat, Not realistic facing numerous new threats per day 15@yungchou

16. Internet username and password 16

17. Business username and password 17

18. 18

19. Shared secrets shhh! Weak authentication 19

20. WINDOWS HELLO Hello Chris 20

21. Multi-factor authentication (MFA) On-premises • Physical smartcard • Reader • User-and-smartcard specific • Virtual smartcard • Company issued device • Hardware-specific pin • User-and-device specific Cloud-centric • Azure Active Directory • Identity as a Service • 2FA as a Service • User-specific with designated phone Windows 10 MDM device enrollment • Microsoft Passport • Windows Hello biometrics as primary • BYOD MDM enrollment • Device Guard and Credential Guard 21@yungchou

22. 87% Source: Stroz Friedberg, “On The Pulse: Information Security In American Business,” 2013 22

23. 58% ? Source: Stroz Friedberg, “On The Pulse: Information Security In American Business,” 2013 23

24. The Fappening On August 31, 2014, a collection of almost 500 private pictures of various celebrities, mostly women, and with many containing nudity, were posted on the imageboard 4chan, via Apple’s iCloud. 24

25. Protecting data with Enterprise Data Protection (EDP) • Specifying “privileged apps” that can access enterprise data • Blocking selected apps from accessing enterprise data • Offering consistent UX while switching between personal & enterprise apps w/ enterprise policies in place without the need to switch environments or sign in again https://technet.microsoft.com/en-us/library/dn985838%28v=vs.85%29.aspx 25

26. Protecting data with Enterprise Data Protection (EDP) • Requiring Intune, Configuration Manager or an MDM solution • Encrypting enterprise data on employee-owned & corporate- owned devices • Remotely wiping enterprise data off corporate devices and employee-owned computers, without affecting the personal data https://technet.microsoft.com/en-us/library/dn985838%28v=vs.85%29.aspx 26

27. 27

28. Windows 10 Enterprise Device Guard • Restricts OS to run only code signed by trusted signers • Defined by your code integrity policy through specific hardware & security configurations • OS trusts only apps authorized by your enterprise How it works: 1. Universal Extensible Firmware Interface (UEFI) 2.3.1 (or later) Secure Boot • Bootkits and rootkis • Loading/starting Windows 10 Enterprise before anything else 2. Virtualization-based security services including the core (Kernel), while preventing malware from running early in the boot process 3. User Mode Code Integrity to ensure only trusted apps/binaries to run 4. TPM to provide an isolated hardware to helps protect user credentials, certificates and secure information https://technet.microsoft.com/en-us/library/dn986865(v=vs.85).aspx 28

29. Dangers - - Rootkits, Bootkits 29 • Firmware/kernel/driver rootkits • Overwrite the system’s basic I/O system • Bootkits • System’s OS, infects MBR • Allows the malicious program to be executed before the OS boots

30. Counter Measures 30 • Secure Boot • PCs with UEFI firmware and a Trusted Platform Module (TPM) can be configured to load only trusted OS bootloaders • Trusted Boot • Windows checks the integrity of every component of the startup process before loading it. • Early Launch Anti-Malware (ELAM) • Tests all drivers before they load and prevents unapproved drivers from loading • Measured Boot • PC’s firmware logs the boot process, & Windows can send it to a trusted server that can objectively assess the PC’s health.

31. Prove to me you are healthy IMPORTANT RESOURCES WINDOWS PPCH & INTUNE Measured Boot Integrity Data (PPCH) Client policies (AV, Firewall, Patch state (Intune) Here is my proof Access please Provable PC Health (PPCH) Approved 31

32. THREAT RESISTANCE Biometrics and strong MFA with Windows Hello Microsoft Passport Enterprise Data Protection (EDP) Bitlocker auto-drive encryption Device Guard Credential Guard Windows Defender Provable PC Health Boot integrity and platform integrity with Device Guard, UEFI Secure Boot, Trusted Boot, Measured Boot, and TPM 32

33. Call to action 33 • Learn Windows 10 security and “Windows as a Service” • Microsoft Virtual Academy: http://aka.ms/MVA1 • Inventory hardware and software of your IT environment • Microsoft Deployment Tool Kit (MDT) • Assess your business needs for • Windows Hello and Microsoft Passport • Device Guard and Credential Guard

34. Call to action 34 • Roll out UEFI and Secure Boot sooner than later • Plan your next hardware/software refresh accordingly • X64, UEFI 2.3.1, TPM 2.0, Intel VT-x/AMD-V, Windows 10 Enterprise • Evaluate Windows 10, Office 365, Enterprise Management Suits, and Azure AD

35. Reach out to me! 35 @DaveVoyles DaveVoyles.com

Microsoft on open source and security

You are reading a preview.

Check these out next

Microsoft on open source and security

More Related Content

Slideshows for you (20)

Similar to Microsoft on open source and security (20)

More from David Voyles (20)

Recently uploaded (20)