This document provides a high-level overview of platform security and the evolving security landscape. It discusses increasing demands for access and escalating security threats. It outlines the evolution of threats from local area networks to the internet era to today. It also discusses different types of attackers and their motivations. The document proposes addressing security threats by focusing on technology, processes, and people. It promotes an infrastructure optimization approach to security and discusses Microsoft's security strategy and development lifecycle.

1. Platform Security BriefingRamnish SinghPMP, CISSP, Microsoft Certified Architect (Infrastructure)MCITP (Windows 2008),MCTS (Windows Server,Vista, Exchange), MCSE (Windows 2003, 2000, NT), MCTCisco Certified Design Professional, Cisco Certified Network Professional, Sun CSAIT Advisor | Microsoft CorporationBlog Address (optional) | Email (optional)

4. Security Versus AccessDemand for accessEscalating threats23 million branch offices WW(IDC, 2006)3.6 billion mobile users WW by 2010 (Infonetics, 2007)85% of companies will have WLANs by 2010 (Infonetics, 2006)8x increase in phishing sites in past year (AWG, 2006)One message-based Trojan attack per day in 2006 vs. one per week in 2005 (Message Labs, 2006)Strong indication of increase in profit-motivated attacks (Multiple sources)

5. Evolving Threat LandscapeLocal Area NetworksFirst PC virusBoot sector virusesCreate notorietyor cause havocSlow propagation16-bit DOSInternet EraMacro virusesScript virusesCreate notorietyor cause havocFaster propagation32-bit WindowsHyper jackingPeer to PeerSocial engineeringApplication attacksFinancial motivationTargeted attacks64-bit WindowsBroadbandprevalentSpyware, SpamPhishingBotnetsRootkitsFinancial motivationInternet wide impact32-bit Windows1986–19951995–20002000–20052007

6. National InterestPersonal GainPersonal FameCuriosityLargest segment by $ spent on defenseSpyLargest area by $ lostFastest growing segmentThiefLargest area by volumeTrespasserAuthorVandalUndergraduateScript-KiddyExpertSpecialistEvolving Threats

7. 1st known hack...The need for security in communication networks is not new. In the late nineteenth century an American undertaker named AlmonStrowger discovered that he was losing business to his rivals because telephone operators, responsible for the manual connection of call requests, were unfairly diverting calls from the newly bereaved to his competitors. Strowger developed switching systems that led to the introduction of the first automated telephone exchanges in 1897. This enabled users to make their own connections using rotary dialling to signal the required destination.AlmonStrowger

8. Addressing Security ThreatsHelps turn IT into a business asset not a cost center Supports your day to day security processes Is the Enabler to running your business successfullyTechnologyData privacy processes to manage data effectivelyIT security processes to implement, manage, and govern securityFinancial reporting processes that include security of the businessProcessCompany understands the importance of security in the workplaceIndividuals know their role with security governance and complianceIT staff has the security skills and knowledge to support your business People

9. Microsoft’s Promises To YouManage Complexity,Achieve AgilityAmplifythe Impactof YourPeopleProtectInformation,ControlAccessAdvance the Businesswith IT Solutions

10. Delivering On The Promise:Infrastructure Optimization*Source: Microsoft CSO Summit 2007 Registration Survey

11. Core Infrastructure OptimizationMore Efficient Cost CenterCost Center Strategic AssetBusiness EnablerBasicNo centralized enterprise directoryNo automated patch managementAnti-malwarenot centrally managedMessage security for e-mail onlyNo secure coding practices in placeStandardizedUsing enterprise directory for authenticationAutomated patch management tools deployedAnti-malwareis managed centrallyUnified message security in placeRationalizedIntegrated directory services, PKIin placeFormal patch management processDefense in depth threat protectionSecurity extended to remote and mobile workforceDynamicFull identity lifecycle management.ID Federation,Rights Mgt Services in useMetrics driven update processClient quarantine and access policy enforcement$1320/PC Cost$580/PC Cost$230/PC CostSource:GCR and IDC data analyzed by Microsoft, 2006

12. Core Infrastructure Optimization Model: SecurityBasicStandardizedRationalizedDynamicTechnologySelf provisioning and quarantine capable systems ensure compliance and high availability Automate identity and access managementAutomatedsystem management Multiple directories for authenticationLimited automated software distributionPatch statusof desktopsis unknownNo unified directory for access mgmtSelf-assessing and continuous improvementEasy, secure access to info from anywhereon InternetSLAs are linkedto business objectivesClearly defined and enforced images, security, best practicesCentralAdmin and configurationof securityStandard desktop images defined,not adopted by allIT processes undefinedComplexity dueto localized processesand minimal central controlProcessImprove IT Maturity while Gaining ROIIT is astrategic assetUsers look to ITas a valued partner to enable new business initiativesIT Staff manages an efficient,controlled environmentUsers have the right tools,availability, and access to infoIT Staff trained in best practices such as MOF,ITIL, etc.Users expect basic services from ITIT staff taxed by operational challengesUsers come up with their ownIT solutionsPeople

13. SC information system = {(confidentiality, impact), (integrity, impact), (availability, impact)}where the acceptable values for potential impact are low, moderate, or high.

14. Trustworthy Computing

15. Microsoft Security Strategy

16. LawEnforcementPublic PolicyVIAGIAISMicrosoft Security StrategyIndustryPartnershipsConsumerAwareness

17. Microsoft SecurityAssessment ToolkitSecurityToolsMicrosoft Windows VistaSecurity WhitepapersSecurityReadinessEducationand TrainingMicrosoft SecurityIntelligence ReportLearning Paths forSecurity Professionalswww.microsoft.com/technet/securityMicrosoft Security Strategy

18. Security Development LifecycleDesignThreat ModelingStandards, best practices, and toolsSecurity PushFinal Security Review RTM and DeploymentSignoffSecurity ResponseProduct Inception

19. Priority #1 - Platform SecuritySecurity Development LifecycleSecurity Response CenterBetter Updates And Tools

20. Comprehensive Security PortfolioServicesEdgeEncrypting File System (EFS)Server ApplicationsBitLocker™Information ProtectionNetwork Access Protection (NAP)Client and Server OSIdentityManagementWindowsCardSpaceSystemsManagementActive Directory Federation Services (ADFS)GuidanceDeveloper Tools

21. Security Development Lifecycle (SDL)Kernel Patch ProtectionKernel-mode Driver SigningSecure StartupWindows Service HardeningSecure PlatformRights Management Services (RMS) SharePoint, Exchange, Windows Mobile integrationEncrypting File System (EFS)BitlockerSecure AccessUser Account ControlNetwork Access Protection (NAP)IPv6IPsecWindows CardSpaceNative smart card supportGINA Re-architectureCertificate ServicesCredential roamingWindows DefenderIE Protected ModeAddress Space Layout Randomization (ASLR)Data Execution Prevention (DEP) Bi-directional FirewallWindows Security CenterData ProtectionMalwareProtection

22. Windows Vista SP1 includesAdditional Kernel Patch Protection APIsEnhanced Windows Security Center reportingExpanded BitLocker Drive Encryption (BDE) Additional multifactor authentication methods

23. Security Development Lifecycle (SDL)Windows Server Virtualization (Hypervisor)Role Management ToolOS File IntegritySecure PlatformNetwork ProtectionNetwork Access Protection (NAP)Server and Domain Isolation with IPsecEnd-to-end Network AuthenticationWindows Firewall With Advanced Security On By DefaultIdentityAccessRights Management Services (RMS) Full volume encryption (Bitlocker)USB Device-connection rules with Group PolicyImproved AuditingWindows Server BackupData ProtectionRead-only Domain Controller (RODC)Active Directory Federation Srvcs. (ADFS)Administrative Role SeparationPKI Management ConsoleOnline CertificateStatus Protocol

24. Secure PlatformSurface Area Configuration toolPassword Policy Enforcement; Granular RolesBuilt in Encryption;Key Mgmt.Auditing – Data Definition Language (DDL)Advanced Spam and Virus DefensesComplianceBusiness ContinuityTrust CenterNew Document Security ModelOpen XML File FormatsRich AuthenticationGranularAccess ControlComplianceand Auditing Hierarchical EncryptionDocument InspectorInformation Rights ManagementStrong Encryption,Digital SignaturesSuite-B: For U.S. Government Data ProtectionPlatform Security ProgressEssential Security and Mobile Device MgmtBuilt-in Protection with Business ContinuityCompliance SupportEnhancedMessage Filtering

25. Security Threat Landscape EvolutionMicrosoft Security StrategyEngineering ExcellenceSecurity Development LifecycleEngineering ExcellenceSecurity Development Lifecycle

26. TrustedUnhealthy PCIsolatedRemediation ServerWeb ServerInfrastructure ServersNew CustomerRemote Access GatewayTrusted HomeUnmanaged DevicesMaliciousUsersNetwork SecuritySecure Anywhere AccessEnd-to-end security with IPv6 and IPsecAccess driven by policy not topologyCertificate based multi-factor authenticationHealth checks and remediation prior to accessPolicy-driven network access solutionsWindows Firewall with advanced filteringServer and Domain IsolationNetwork Access Protection (NAP)ISA Server 2006Intelligent Application Gateway (2007)Windows Filtering Platform

27. Identity and Access ManagementYour COMPANYandyour EMPLOYEESSecure and seamlesscross-organizational collaborationEasily managing multiple identitiesGovernment sponsored identities (eID)Hardware supported trust platformDisparate directories synchronizationCentralized ID controls and mgmt.Embedded identity into applicationsPolicy Governance / ComplianceRole Based PermissionsIdentity and Data PrivacyIdentity Lifecycle Manager 2007Active Directory Federation ServicesActive Directory Lightweight Directory ServicesWindows Certificate Services Windows CardSpace™

28. Edge, server and client protection“Point to Point” SolutionsSecurity of data at rest and in transitMobile workforceManageabilityCorporateClient ProtectionServer Protection Consumer/ Small BusinessSimple PC maintenanceAnti-Virus Anti-SpywareAnti-PhishingFirewallPerformance TuningBackup and RestoreEdge Protection Protection

29. InteroperabilityIndustry StandardsWeb Services (WS-*)Open document format (XPS)OpenIDPartner ProductsNetwork Access ProtectionEV Certificate support in IE7 Windows CardSpaceWindows Security CenterIndustry PartnershipsSecureIT AllianceMicrosoft SecurityResponse Alliance Interop Vendor Alliance

30. Security Stack InteroperabilityIntegrated security eases defense in depth architecture deploymentAdoption of open standards allows cross platform integrationManagement SystemSystem Center, Active Directory GPODataBitLocker, EFS, RMS, SharePoint, SQLUserActive Directory and Identity Lifecycle MgrApplicationSDL process, IIS, Visual Studio, and .NETDeviceForefront Client Security, Exchange MSFPInternal NetworkNetwork Access Protection, IPSecPerimeterForefront Edge and Server Security, NAP

31. Management Systems Integration

32. Engineering ExcellenceSecurity Development LifecycleMicrosoft Security Strategy

33. Some hard questions…WhoWhyWhatWhenWhereHow

34. The lighter side

35. And the press is doing its bit...

36. User ExperienceApplication Platform Optimization ModelDevelopmentBASICADVANCEDDYNAMICSTANDARDIZEDInfrastructure OptimizationSOA and Business ProcessData ManagementBusiness IntelligenceBusiness Productivity Infrastructure Optimization ModelUnified CommunicationsCollaborationIT and Security ProcessEnterprise Content ManagementBASICRATIONALIZEDDYNAMICSTANDARDIZEDEnterprise SearchBusiness IntelligenceCore Infrastructure Optimization ModelIdentity and Access ManagementDesktop, Device, and Server MgmtBASICRATIONALIZEDDYNAMICSTANDARDIZEDSecurity and NetworkingData Protection and Recovery

37. Infrastructure OptimizationBuilding a People-Ready BusinessModel-Based ApproachUser ExperienceProvides capability framework to help you build an optimized infrastructure (not Microsoft-specific)

38. Establishes a foundation based on industry analyst, academic, and consortium research

39. Provides guidance and best practices for step-by-step implementation

40. Drives cost reduction, security and efficiency gains

41. Enables agilityApplication Platform Optimization ModelSTANDARDIZEDBASICADVANCEDDYNAMICDevelopmentSOA and Business ProcessData ManagementBusiness IntelligenceBusiness Productivity Infrastructure Optimization ModelUnified CommunicationsCollaborationIT and Security ProcessSTANDARDIZEDBASICDYNAMICRATIONALIZEDEnterprise Content ManagementEnterprise SearchBusiness IntelligenceCore Infrastructure Optimization ModelIdentity and Access ManagementDesktop, Device, and Server MgmtBASICSTANDARDIZEDDYNAMICRATIONALIZEDSecurity and NetworkingData Protection and Recovery

42. Core Infrastructure OptimizationPolicy and ComplianceRisk AssessmentUser AwarenessBasicStandardizedRationalizedDynamicIdentity and Access ManagementPatch ManagementThreat and Vulnerability MitigationSecure Messaging and CollaborationSecure Application ArchitectureLegacy Platform Migration

43. SolutionsBenefitsCostsChallengesTwo Factor AuthenticationSecure Remote UserBasic to StandardizedEnforce Strong PasswordsSecure Wireless AccessNetwork Intrusion DetectionOptimizing SecurityMoving from Basic to StandardizedDeveloper-focused environmentSophisticated and targeted threatsExecutive sponsorshipAwareness campaignCultural shift to awarenessAble to mitigate current high priority riskLabor intensive to maintainDefense in Depth

44. SolutionsBenefitsCostsChallengesStandardized to RationalizedNetwork SegmentationIdentity &Access Mgmt2FA: Elevated Access AcctsSecurity Event MonitoringCertificateProvisioning& RenewalsVulnerabilityAssessmentsSDL ITOptimizing SecurityMoving from Standardized to RationalizedEvolving and faster threatsOwnership largely resided with SecurityRisk management frameworkService manager accountabilityAccountability closer to businessEnvironmental awarenessImproved responseLack of integration between service managers and businessDefense in DepthAutomate

45. SolutionsBenefitsCostsChallengesNetwork Access ProtectionRationalized to DynamicStrong User AuthenticationUser Account ControlBitlocker Drive EncryptionOptimizing SecurityMoving from Rationalized to DynamicSecurity viewed as a tax to the businessInformation security governanceInformation security becomes a strategic assetCulture shift may cause frictionDefense in Depth

46. Application SecurityAuthenticationIntrusion Detection/PreventionIdentity & Access ManagementNetwork FirewallsNACWirelessEmailUnified Threat ManagementSecure Remote AccessAntimalwareSIMsMobile Data SecurityVulnerability ManagementWeb Security Gateways

47. PeopleMobileMobileOfficeTaskOfficeContractTaskHomeContract OffshoreHome

48. Separation Creates FlexibilityData, User SettingsApplicationsOSHardwareDependencies Create Complexity

49. Mobile

50. Microsoft Enterprise Desktop Virtualization (MED-V)End User BenefitsOffline UseFlexible ConfigurationsRich user experience IT Benefits Protection of the local dataEasy to migrate userMitigation of application compatibility issuesMobile WorkerBitlocker Drive EncryptionOPERATING SYSTEMHardware

51. Mobile WorkerBi-Directional Firewall, Defender, Malicious Software Removal ToolBitlocker Drive EncryptionSecurity Center & UACNetwork Location ProtectionOSMicrosoft Enterprise Desktop Virtualization (MED-V)OPERATING SYSTEMHardwareEnd User BenefitsOffline UseFlexible ConfigurationsRich user experience IT Benefits Protection of the local dataEasy to migrate userMitigation of application compatibility issues

52. Mobile WorkerTerminal Server AccessRMS Protected DocumentsBi-Directional Firewall, Defender, Malicious Software Removal ToolBitlocker Drive EncryptionSecurity Center & UACNetwork Location ProtectionApplicationsAnti Virus & AntispywareNetwork Access ProtectionOSApplication (APP-V) & Enterprise Desktop (MED-V) Virtualization Group Policy and AGPM Folder RedirectionOffline FilesHardwareEnd User BenefitsOffline UseFlexible ConfigurationsRich user experience IT Benefits Protection of the local dataEasy to migrate userMitigation of application compatibility issues

53. Mobile WorkerTerminal Server AccessRMS Protected DocumentsNetwork Access ProtectionData, User SettingsApplicationsAnti Virus & AntispywareFolder RedirectionOffline FilesGroup Policy and AGPM Data BackupOSApplication (APP-V) & Enterprise Desktop (MED-V) Virtualization HardwareEnd User BenefitsOffline UseFlexible ConfigurationsRich user experience IT Benefits Protection of the local dataEasy to migrate userMitigation of application compatibility issues

54. Mobile WorkerRMS Protected DocumentsData, User SettingsApplicationsFolder RedirectionOffline FilesGroup Policy and AGPM Data BackupSystem MonitoringSystem ManagementMobile Device ManagementCorporate Security PolicyOSHardwareEnd User BenefitsOffline UseFlexible ConfigurationsRich user experience IT Benefits Protection of the local dataEasy to migrate userMitigation of application compatibility issues

55. Office

56. Microsoft Enterprise Desktop Virtualization (MED-V)End User BenefitsOffline UseFlexible ConfigurationsRich user experience IT Benefits Protection of the local dataEasy to migrate userMitigation of application compatibility issuesOffice WorkerBitlocker Drive EncryptionOPERATING SYSTEMHardware

57. Office WorkerBi-Directional Firewall, Defender, Malicious Software Removal ToolBitlocker Drive EncryptionSecurity Center & UACNetwork Location ProtectionOSMicrosoft Enterprise Desktop Virtualization (MED-V)OPERATING SYSTEMHardwareEnd User BenefitsOffline UseFlexible ConfigurationsRich user experience IT Benefits Protection of the local dataEasy to migrate userMitigation of application compatibility issues

58. Office WorkerTerminal Server AccessRMS Protected DocumentsBi-Directional Firewall, Defender, Malicious Software Removal ToolBitlocker Drive EncryptionSecurity Center & UACNetwork Location ProtectionApplicationsAnti Virus & AntispywareNetwork Access ProtectionOSApplication (APP-V) & Enterprise Desktop (MED-V) Virtualization HardwareEnd User BenefitsOffline UseFlexible ConfigurationsRich user experience IT Benefits Protection of the local dataEasy to migrate userMitigation of application compatibility issues

59. Office WorkerTerminal Server AccessRMS Protected DocumentsNetwork Access ProtectionData, User SettingsApplicationsAnti Virus & AntispywareFolder RedirectionOffline FilesGroup Policy and AGPM Data BackupOSApplication (APP-V) & Enterprise Desktop (MED-V) Virtualization HardwareEnd User BenefitsOffline UseFlexible ConfigurationsRich user experience IT Benefits Protection of the local dataEasy to migrate userMitigation of application compatibility issues

60. Office WorkerRMS Protected DocumentsData, User SettingsApplicationsFolder RedirectionOffline FilesGroup Policy and AGPM Data BackupSystem MonitoringSystem ManagementMobile Device ManagementCorporate Security PolicyOSHardwareEnd User BenefitsOffline UseFlexible ConfigurationsRich user experience IT Benefits Protection of the local dataEasy to migrate userMitigation of application compatibility issues

61. Task

62. Microsoft Enterprise Desktop Virtualization (MED-V)End User BenefitsOffline UseFlexible ConfigurationsRich user experience IT Benefits Protection of the local dataEasy to migrate userMitigation of application compatibility issuesTask WorkerBitlocker Drive EncryptionOPERATING SYSTEMHardware

63. Task WorkerBi-Directional Firewall, Defender, Malicious Software Removal ToolBitlocker Drive EncryptionSecurity Center & UACNetwork Location ProtectionOSMicrosoft Enterprise Desktop Virtualization (MED-V)OPERATING SYSTEMHardwareEnd User BenefitsOffline UseFlexible ConfigurationsRich user experience IT Benefits Protection of the local dataEasy to migrate userMitigation of application compatibility issues

64. Task WorkerTerminal Server AccessRMS Protected DocumentsBi-Directional Firewall, Defender, Malicious Software Removal ToolBitlocker Drive EncryptionSecurity Center & UACNetwork Location ProtectionApplicationsAnti Virus & AntispywareNetwork Access ProtectionOSApplication (APP-V) & Enterprise Desktop (MED-V) Virtualization Group Policy and AGPM Folder RedirectionOffline FilesHardwareEnd User BenefitsOffline UseFlexible ConfigurationsRich user experience IT Benefits Protection of the local dataEasy to migrate userMitigation of application compatibility issues

65. Task WorkerTerminal Server AccessRMS Protected DocumentsNetwork Access ProtectionData, User SettingsApplicationsAnti Virus & AntispywareFolder RedirectionOffline FilesGroup Policy and AGPM Data BackupOSApplication (APP-V) & Enterprise Desktop (MED-V) Virtualization HardwareEnd User BenefitsOffline UseFlexible ConfigurationsRich user experience IT Benefits Protection of the local dataEasy to migrate userMitigation of application compatibility issues

66. Task WorkerRMS Protected DocumentsData, User SettingsApplicationsFolder RedirectionOffline FilesGroup Policy and AGPM Data BackupSystem MonitoringSystem ManagementMobile Device ManagementCorporate Security PolicyOSHardwareEnd User BenefitsOffline UseFlexible ConfigurationsRich user experience IT Benefits Protection of the local dataEasy to migrate userMitigation of application compatibility issues

67. Contract / Offshore

68. Microsoft Enterprise Desktop Virtualization (MED-V)End User BenefitsOffline UseFlexible ConfigurationsRich user experience IT Benefits Protection of the local dataEasy to migrate userMitigation of application compatibility issuesContract / Offshore WorkerBitlocker Drive EncryptionOPERATING SYSTEMHardware

69. Bi-Directional Firewall, Defender, Malicious Software Removal ToolNetwork Location ProtectionBitlocker Drive EncryptionSecurity Center & UACOSMicrosoft Enterprise Desktop Virtualization (MED-V)Contract / Offshore WorkerOPERATING SYSTEMHardwareEnd User BenefitsOffline UseFlexible ConfigurationsRich user experience IT Benefits Protection of the local dataEasy to migrate userMitigation of application compatibility issues

70. Contract / Offshore WorkerTerminal Server AccessRMS Protected DocumentsBi-Directional Firewall, Defender, Malicious Software Removal ToolBitlocker Drive EncryptionSecurity Center & UACNetwork Location ProtectionApplicationsAnti Virus & AntispywareNetwork Access ProtectionOSApplication (APP-V) & Enterprise Desktop (MED-V) Virtualization HardwareEnd User BenefitsOffline UseFlexible ConfigurationsRich user experience IT Benefits Protection of the local dataEasy to migrate userMitigation of application compatibility issues

71. Contract / Offshore WorkerTerminal Server AccessRMS Protected DocumentsNetwork Access ProtectionData, User SettingsApplicationsAnti Virus & AntispywareFolder RedirectionOffline FilesGroup Policy and AGPM Data BackupOSApplication (APP-V) & Enterprise Desktop (MED-V) Virtualization HardwareEnd User BenefitsOffline UseFlexible ConfigurationsRich user experience IT Benefits Protection of the local dataEasy to migrate userMitigation of application compatibility issues

72. Contract / Offshore WorkerRMS Protected DocumentsData, User SettingsApplicationsFolder RedirectionOffline FilesGroup Policy and AGPM Data BackupSystem MonitoringSystem ManagementMobile Device ManagementCorporate Security PolicyOSHardwareEnd User BenefitsOffline UseFlexible ConfigurationsRich user experience IT Benefits Protection of the local dataEasy to migrate userMitigation of application compatibility issues

73. Home

74. Microsoft Enterprise Desktop Virtualization (MED-V)End User BenefitsOffline UseFlexible ConfigurationsRich user experience IT Benefits Protection of the local dataEasy to migrate userMitigation of application compatibility issuesHome WorkerBitlocker Drive EncryptionOPERATING SYSTEMHardware

75. Home WorkerBi-Directional Firewall, Defender, Malicious Software Removal ToolBitlocker Drive EncryptionSecurity Center & UACNetwork Location ProtectionOSMicrosoft Enterprise Desktop Virtualization (MED-V)OPERATING SYSTEMHardwareEnd User BenefitsOffline UseFlexible ConfigurationsRich user experience IT Benefits Protection of the local dataEasy to migrate userMitigation of application compatibility issues

76. Home WorkerTerminal Server AccessRMS Protected DocumentsBi-Directional Firewall, Defender, Malicious Software Removal ToolBitlocker Drive EncryptionSecurity Center & UACNetwork Location ProtectionApplicationsAnti Virus & AntispywareNetwork Access ProtectionOSApplication (APP-V) & Enterprise Desktop (MED-V) Virtualization HardwareEnd User BenefitsOffline UseFlexible ConfigurationsRich user experience IT Benefits Protection of the local dataEasy to migrate userMitigation of application compatibility issues

77. Home WorkerTerminal Server AccessRMS Protected DocumentsNetwork Access ProtectionData, User SettingsApplicationsAnti Virus & AntispywareFolder RedirectionOffline FilesGroup Policy and AGPM Data BackupOSApplication (APP-V) & Enterprise Desktop (MED-V) Virtualization HardwareEnd User BenefitsOffline UseFlexible ConfigurationsRich user experience IT Benefits Protection of the local dataEasy to migrate userMitigation of application compatibility issues

78. Home WorkerRMS Protected DocumentsData, User SettingsApplicationsFolder RedirectionOffline FilesGroup Policy and AGPM Data BackupSystem MonitoringSystem ManagementMobile Device ManagementCorporate Security PolicyOSHardwareEnd User BenefitsOffline UseFlexible ConfigurationsRich user experience IT Benefits Protection of the local dataEasy to migrate userMitigation of application compatibility issues

79. 7 Tips for Secure Client ComputingProtect your personal information. It’s valuableKnow who you’re dealing withUse anti-virus and firewall and update both regularlySetup your OS and Web Browser properly and update both regularlyProtect your passwordBackup important filesLearn who to contact if something goes wrong

80. TechnologyInternetIntranet Web ServerExchangeExternal Web ServerUserBRANCH OFFICEDMZCSSInternal NetworkInternetSharePointActive DirectoryHEAD QUARTERSUserCustomer

81. Technology – Another ViewTrustedUnhealthy PCIsolatedRemediation ServerWeb ServerInfrastructure ServersNew CustomerRemote Access GatewayTrusted HomeUnmanaged DevicesMaliciousUsers

82. OSI ModelApplicationPresentationSessionTransportNetworkMedia layersHost layersData LinkPhysical

83. Head Office

84. Head Office (Media Layer)Bitlocker Drive EncryptionMicrosoft Enterprise Desktop Virtualization (MED-V)OPERATING SYSTEMPhysicalEnd User BenefitsOffline UseFlexible ConfigurationsRich user experience IT Benefits Protection of the local dataEasy to migrate userMitigation of application compatibility issues

85. Head Office (Media Layer)Bitlocker Drive EncryptionSecure Wireless AccessSecure Remote AccessNetwork Access ProtectionIntrusion Detection SystemData LinkMicrosoft Enterprise Desktop Virtualization (MED-V)OPERATING SYSTEMPhysicalEnd User BenefitsOffline UseFlexible ConfigurationsRich user experience IT Benefits Protection of the local dataEasy to migrate userMitigation of application compatibility issues

86. Head Office (Media Layer)Secure Wireless AccessNetwork Access ProtectionSecure Remote AccessSite-to-Site VPNAddress TranslationIntrusion Detection SystemNetworkData LinkMicrosoft Enterprise Desktop Virtualization (MED-V)OPERATING SYSTEMPhysicalEnd User BenefitsOffline UseFlexible ConfigurationsRich user experience IT Benefits Protection of the local dataEasy to migrate userMitigation of application compatibility issues

87. Head Office (Host Layer)IPSec Enabled ProtectionServer & Domain IsolationTransportFirewall ProtectionMicrosoft Enterprise Desktop Virtualization (MED-V)OPERATING SYSTEMEnd User BenefitsOffline UseFlexible ConfigurationsRich user experience IT Benefits Protection of the local dataEasy to migrate userMitigation of application compatibility issues

88. Head Office (Host Layer)IPSec Enabled ProtectionServer & Domain IsolationActive DirectoryRemote Access ProtocolsSessionTransportFirewall ProtectionFolder RedirectionOffline FilesMicrosoft Enterprise Desktop Virtualization (MED-V)OPERATING SYSTEMEnd User BenefitsOffline UseFlexible ConfigurationsRich user experience IT Benefits Protection of the local dataEasy to migrate userMitigation of application compatibility issues

89. Head Office (Host Layer)GINA ProtectionGINA ProtectionTerminal Server AccessActive DirectoryRemote Access ProtocolsEncrypted File SystemPresentationSessionOPERATING SYSTEMTransportFolder RedirectionOffline FilesAnti Virus & AntispywareGroup Policy and AGPM CTRL + ALT + DELCTRL + ALT + DELMicrosoft Enterprise Desktop Virtualization (MED-V)OPERATING SYSTEMEnd User BenefitsOffline UseFlexible ConfigurationsRich user experience IT Benefits Protection of the local dataEasy to migrate userMitigation of application compatibility issues

90. Head Office (Host Layer)ApplicationDefender, Malicious Software Removal ToolGINA ProtectionTerminal Server AccessEncrypted File SystemPresentationSessionTransportApplication ProtectionManagementAnti Virus & AntispywareGroup Policy and AGPM CTRL + ALT + DELApplication (APP-V) Virtualization Microsoft Enterprise Desktop Virtualization (MED-V)OPERATING SYSTEMEnd User BenefitsOffline UseFlexible ConfigurationsRich user experience IT Benefits Protection of the local dataEasy to migrate userMitigation of application compatibility issues

91. Head Office (Host Layer)ApplicationDefender, Malicious Software Removal ToolPresentationSessionTransportApplication ProtectionManagementWebDHCP & DNS Audio VideoMessagingAnti Virus & AntispywareMicrosoft Enterprise Desktop Virtualization (MED-V)OPERATING SYSTEMEnd User BenefitsOffline UseFlexible ConfigurationsRich user experience IT Benefits Protection of the local dataEasy to migrate userMitigation of application compatibility issues

92. Head Office (Host Layer)ApplicationPresentationSessionTransportWeb Audio VideoMessagingDHCP & DNSIdentity ManagementData ProtectionContent ManagementDatabaseMicrosoft Enterprise Desktop Virtualization (MED-V)OPERATING SYSTEMEnd User BenefitsOffline UseFlexible ConfigurationsRich user experience IT Benefits Protection of the local dataEasy to migrate userMitigation of application compatibility issues

93. Branch Office

94. Branch Office (Media Layer)Bitlocker Drive EncryptionMicrosoft Enterprise Desktop Virtualization (MED-V)OPERATING SYSTEMPhysicalEnd User BenefitsOffline UseFlexible ConfigurationsRich user experience IT Benefits Protection of the local dataEasy to migrate userMitigation of application compatibility issues

95. Branch Office (Media Layer)Bitlocker Drive EncryptionSecure Wireless AccessSecure Remote AccessNetwork Access ProtectionIntrusion Detection SystemData LinkMicrosoft Enterprise Desktop Virtualization (MED-V)OPERATING SYSTEMPhysicalEnd User BenefitsOffline UseFlexible ConfigurationsRich user experience IT Benefits Protection of the local dataEasy to migrate userMitigation of application compatibility issues

96. Branch Office (Media Layer)Secure Wireless AccessNetwork Access ProtectionSecure Remote AccessSite-to-Site VPNAddress TranslationIntrusion Detection SystemNetworkData LinkMicrosoft Enterprise Desktop Virtualization (MED-V)OPERATING SYSTEMPhysicalEnd User BenefitsOffline UseFlexible ConfigurationsRich user experience IT Benefits Protection of the local dataEasy to migrate userMitigation of application compatibility issues

97. Branch Office (Host Layer)IPSec Enabled ProtectionServer & Domain IsolationTransportFirewall ProtectionMicrosoft Enterprise Desktop Virtualization (MED-V)OPERATING SYSTEMEnd User BenefitsOffline UseFlexible ConfigurationsRich user experience IT Benefits Protection of the local dataEasy to migrate userMitigation of application compatibility issues

98. Branch Office (Host Layer)IPSec Enabled ProtectionServer & Domain IsolationActive DirectoryRemote Access ProtocolsSessionTransportFirewall ProtectionFolder RedirectionOffline FilesMicrosoft Enterprise Desktop Virtualization (MED-V)OPERATING SYSTEMEnd User BenefitsOffline UseFlexible ConfigurationsRich user experience IT Benefits Protection of the local dataEasy to migrate userMitigation of application compatibility issues

99. Branch Office (Host Layer)GINA ProtectionGINA ProtectionTerminal Server AccessActive DirectoryRemote Access ProtocolsEncrypted File SystemPresentationSessionOPERATING SYSTEMTransportFolder RedirectionOffline FilesAnti Virus & AntispywareGroup Policy and AGPM CTRL + ALT + DELCTRL + ALT + DELMicrosoft Enterprise Desktop Virtualization (MED-V)OPERATING SYSTEMEnd User BenefitsOffline UseFlexible ConfigurationsRich user experience IT Benefits Protection of the local dataEasy to migrate userMitigation of application compatibility issues

100. Branch Office (Host Layer)ApplicationDefender, Malicious Software Removal ToolGINA ProtectionTerminal Server AccessEncrypted File SystemPresentationSessionTransportApplication ProtectionManagementAnti Virus & AntispywareGroup Policy and AGPM CTRL + ALT + DELApplication (APP-V) Virtualization Microsoft Enterprise Desktop Virtualization (MED-V)OPERATING SYSTEMEnd User BenefitsOffline UseFlexible ConfigurationsRich user experience IT Benefits Protection of the local dataEasy to migrate userMitigation of application compatibility issues

101. Branch Office (Host Layer)ApplicationDefender, Malicious Software Removal ToolPresentationSessionTransportApplication ProtectionManagementWebDHCP & DNS Audio VideoMessagingAnti Virus & AntispywareMicrosoft Enterprise Desktop Virtualization (MED-V)OPERATING SYSTEMEnd User BenefitsOffline UseFlexible ConfigurationsRich user experience IT Benefits Protection of the local dataEasy to migrate userMitigation of application compatibility issues

102. Branch Office (Host Layer)ApplicationPresentationSessionTransportWeb Audio VideoMessagingDHCP & DNSIdentity ManagementData ProtectionContent ManagementDatabaseMicrosoft Enterprise Desktop Virtualization (MED-V)OPERATING SYSTEMEnd User BenefitsOffline UseFlexible ConfigurationsRich user experience IT Benefits Protection of the local dataEasy to migrate userMitigation of application compatibility issues

103. IntranetExtranet

104. Intranet/Extranet (Media Layer)Bitlocker Drive EncryptionMicrosoft Enterprise Desktop Virtualization (MED-V)OPERATING SYSTEMPhysicalEnd User BenefitsOffline UseFlexible ConfigurationsRich user experience IT Benefits Protection of the local dataEasy to migrate userMitigation of application compatibility issues

105. Intranet/Extranet (Media Layer)Bitlocker Drive EncryptionSecure Wireless AccessSecure Remote AccessNetwork Access ProtectionIntrusion Detection SystemData LinkMicrosoft Enterprise Desktop Virtualization (MED-V)OPERATING SYSTEMPhysicalEnd User BenefitsOffline UseFlexible ConfigurationsRich user experience IT Benefits Protection of the local dataEasy to migrate userMitigation of application compatibility issues

106. Intranet/Extranet (Media Layer)Secure Wireless AccessNetwork Access ProtectionSecure Remote AccessSite-to-Site VPNAddress TranslationIntrusion Detection SystemNetworkData LinkMicrosoft Enterprise Desktop Virtualization (MED-V)OPERATING SYSTEMPhysicalEnd User BenefitsOffline UseFlexible ConfigurationsRich user experience IT Benefits Protection of the local dataEasy to migrate userMitigation of application compatibility issues

107. Intranet/Extranet (Host Layer)IPSec Enabled ProtectionServer & Domain IsolationTransportFirewall ProtectionMicrosoft Enterprise Desktop Virtualization (MED-V)OPERATING SYSTEMEnd User BenefitsOffline UseFlexible ConfigurationsRich user experience IT Benefits Protection of the local dataEasy to migrate userMitigation of application compatibility issues

108. Intranet/Extranet (Host Layer)IPSec Enabled ProtectionServer & Domain IsolationActive DirectoryRemote Access ProtocolsSessionTransportFirewall ProtectionFolder RedirectionOffline FilesMicrosoft Enterprise Desktop Virtualization (MED-V)OPERATING SYSTEMEnd User BenefitsOffline UseFlexible ConfigurationsRich user experience IT Benefits Protection of the local dataEasy to migrate userMitigation of application compatibility issues

109. Intranet/Extranet (Host Layer)GINA ProtectionGINA ProtectionTerminal Server AccessActive DirectoryRemote Access ProtocolsEncrypted File SystemPresentationSessionOPERATING SYSTEMTransportFolder RedirectionOffline FilesAnti Virus & AntispywareGroup Policy and AGPM CTRL + ALT + DELCTRL + ALT + DELMicrosoft Enterprise Desktop Virtualization (MED-V)OPERATING SYSTEMEnd User BenefitsOffline UseFlexible ConfigurationsRich user experience IT Benefits Protection of the local dataEasy to migrate userMitigation of application compatibility issues

110. Intranet/Extranet (Host Layer)ApplicationDefender, Malicious Software Removal ToolGINA ProtectionTerminal Server AccessEncrypted File SystemPresentationSessionTransportApplication ProtectionManagementAnti Virus & AntispywareGroup Policy and AGPM CTRL + ALT + DELApplication (APP-V) Virtualization Microsoft Enterprise Desktop Virtualization (MED-V)OPERATING SYSTEMEnd User BenefitsOffline UseFlexible ConfigurationsRich user experience IT Benefits Protection of the local dataEasy to migrate userMitigation of application compatibility issues

111. Intranet/Extranet (Host Layer)ApplicationDefender, Malicious Software Removal ToolPresentationSessionTransportApplication ProtectionManagementWebDHCP & DNS Audio VideoMessagingAnti Virus & AntispywareMicrosoft Enterprise Desktop Virtualization (MED-V)OPERATING SYSTEMEnd User BenefitsOffline UseFlexible ConfigurationsRich user experience IT Benefits Protection of the local dataEasy to migrate userMitigation of application compatibility issues

112. Intranet/Extranet (Host Layer)ApplicationPresentationSessionTransportWeb Audio VideoMessagingDHCP & DNSIdentity ManagementData ProtectionContent ManagementDatabaseMicrosoft Enterprise Desktop Virtualization (MED-V)OPERATING SYSTEMEnd User BenefitsOffline UseFlexible ConfigurationsRich user experience IT Benefits Protection of the local dataEasy to migrate userMitigation of application compatibility issues

113. Remote Access

114. Wired AccessADSL / CablePower LineDial-in / ISDN Fiber Optic

115. Wireless AccessWiFiGPRS / UMTS / HSPA / LTEWireless USBBluetoothWiMAXSatellite

116. Securing Wireless…InternetWired Enterprise Network

117. VPN security models

118. Direct AccessMicrosoft SolutionSituation TodayDirect AccessOfficeHomeHomeOfficeNew network paradigm enables same experience inside & outside the office

119. Seamless access to network resources increases productivity of mobile users

120. Infrastructure investments also make it easier to service mobile PCs and distribute updates and polices

121. Difficult for users to access corporate resources from outside the office

122. Challenging for IT to manage, update, patch mobile PCs while disconnected from company networkProcess

123. ProcessApplication Security CryptographyAccess Control Business Continuity & Disaster RecoveryInformation Security and Risk Management Operations Security Physical (Environmental) Security Security Architecture and Design Telecommunications and Network Security Legal, Regulations, Compliance & Investigations

124. Access Control

125. Application Security

126. Business ContinuityBusiness Continuity Planning Lifecycle

127. Disaster Recovery

128. CryptographySymmetric-key Asymmetric-key

129. Information SecurityAdministrative Logical Physical

130. Risk ManagementRisk avoidanceRisk reductionRisk retentionRisk transfer

131. Operations SecurityWorld War II-era poster promoting OPSEC

132. Security Architecture and Design

133. Legal, Regulations, Compliance & Investigations

134. Telecommunications and Network Security

135. Physical SecurityKey ElementsKey Features

136. Security Guidance and ResourcesMicrosoft Security Home Page: www.microsoft.com/securityMicrosoft Forefront: http://www.microsoft.com/forefront/default.mspxGeneral Information:Microsoft Live Safety Center: http://safety.live.comMicrosoft Security Response Center: www.microsoft.com/security/msrcSecurity Development Lifecycle: http://msdn.microsoft.com/security/sdlGet the Facts on Windows and Linux: www.microsoft.com/getthefactsAnti-Malware:Microsoft OneCare Live: https://beta.windowsonecare.comMicrosoft Defender: www.microsoft.com/athome/security/spyware/softwareSpyware Criteria: www.microsoft.com/athome/security/spyware/software/isvGuidance Centers:Security Guidance Centers: www.microsoft.com/security/guidanceSecurity Guidance for IT Professionals: www.microsoft.com/technet/securityThe Microsoft Security Developer Center: msdn.microsoft.com/securityThe Security at Home Consumer Site: www.microsoft.com/athome/security

137. આભારধন্যবাদநன்றிधन्यवादಧನ್ಯವಾದಗಳುధన్యవాదాలుଧନ୍ୟବାଦനിങ്ങള്‍‌ക്ക് നന്ദിਧੰਨਵਾਦ

138. © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.