Technology Overview - Symantec IT Management Suite (ITMS)Iftikhar Ali Iqbal
The presentation provides the following:
- Symantec Corporate Overview
- Solution Portfolio of Symantec
- Symantec IT Management Suite - Introduction
- Symantec IT Management Suite - Features
- Symantec IT Management Suite - Architecture & Design
- Symantec IT Management Suite - System Requirements
- Symantec IT Management Suite - Use Cases
- Symantec IT Management Suite - Licensing & Packaging
This provides a brief overview of Symantec - Symantec IT Management Suite (ITMS). Please note all the information is based prior to February 2016 and the full integration of Blue Coat Systems's set of solutions.
SkypeShield - Securing Skype for BusinessYoav Crombie
The leading Skype for Business security solution treating external access security risks.
SkypeShield offers Two Factor Authentication, Device access control, Account lockout protection, Exchange Web Service protection, MDM binding, VPN, DLP , Ethical Wall and application Firewall.
Technology Overview - Symantec IT Management Suite (ITMS)Iftikhar Ali Iqbal
The presentation provides the following:
- Symantec Corporate Overview
- Solution Portfolio of Symantec
- Symantec IT Management Suite - Introduction
- Symantec IT Management Suite - Features
- Symantec IT Management Suite - Architecture & Design
- Symantec IT Management Suite - System Requirements
- Symantec IT Management Suite - Use Cases
- Symantec IT Management Suite - Licensing & Packaging
This provides a brief overview of Symantec - Symantec IT Management Suite (ITMS). Please note all the information is based prior to February 2016 and the full integration of Blue Coat Systems's set of solutions.
SkypeShield - Securing Skype for BusinessYoav Crombie
The leading Skype for Business security solution treating external access security risks.
SkypeShield offers Two Factor Authentication, Device access control, Account lockout protection, Exchange Web Service protection, MDM binding, VPN, DLP , Ethical Wall and application Firewall.
8-step Guide to Administering Windows without Domain Admin PrivilegesBeyondTrust
In this presentation from his highly popular webinar, Windows security expert, Russell Smith, explains how to effectively administer Windows systems without using privileged domain accounts, enabling you to drastically reduce your organization’s threat surface.
Symantec Altiris IT Management Suite 7.0, provides customers with complete management capabilities that enhance effectiveness through faster deployments and increased security, reduces costs by closing technology gaps and improves manageability amidst the increasing information and infrastructure sprawl.
Cyberoam network security appliances offer next generation security features and deliver future-ready security to highly complex enterprise networks. The unique Layer 8 identity-based security gives enterprises complete visibility and control over user activity.
Eric Golpe. Security, privacy, and compliance concerns can be significant hurdles to cloud adoption. Azure can help customers move to the cloud with confidence by providing a trusted foundation, demonstrating compliance with security standards, and making strong commitments to safeguard the privacy of customer data. This presentation will educate you in the fundamentals of Azure security as they pertain to the Cortana Analytics Suite, including capabilities in place for threat defense, network security, access control, and data protection as well as data privacy and compliance. Go to https://channel9.msdn.com/ to find the recording of this session.
Technology Overview - Validation & ID Protection (VIP)Iftikhar Ali Iqbal
The presentation provides the following:
- Symantec Corporate Overview
- Solution Portfolio of Symantec
- Symantec Validation & ID Protection - Introduction
- Symantec Validation & ID Protection - Components
- Symantec Validation & ID Protection - Architecture
- Symantec Validation & ID Protection - Use Cases
- Symantec Validation & ID Protection - Licensing & Packaging
- Symantec Validation & ID Protection - Appendix (extra information)
This provides a brief overview of Symantec Validation & ID Protection (VIP). Please note all the information is based prior to May 2016 and the full integration of Blue Coat Systems's set of solutions.
Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...Precisely
Regulatory compliance and security of critical systems, applications and data are top-of-mind issues for IT organizations in 2018. New capabilities are now available from the Syncsort Assure products that can help your organization achieve and maintain compliance while strengthening IBM i security.
View this webinar on-demand to discover how new innovations from Syncsort can help you meet your auditing and control needs.
Cisco Trustsec & Security Group TaggingCisco Canada
This presentation covers the protocols and functions that create a trusted network. We will discuss the best practices when deploying this tagging ability using campus switches including migration techniques from non-SGT capable to devices to a fully SGT capable network deployment. For more information please visit our website here: http://www.cisco.com/web/CA/index.html
Introduction to the business challenges of securely managing access to privileged accounts and the technical processes built into Privileged Access Manager to secure access to administrator, service and application-to-application IDs.
ObserveIT Software acts like a "security camera" for your servers, it will allow you to watch with full video playback every step your 3rdparty contractors, developers or IT administrators takes on your servers – exactly as they happen.
Watch full video playback of Remote Desktop, Citrix and VMWare Sessions
View sessions in real time or from historical recordings
Quickly find any user action, without playing back the entire session
A Single Strong Authentication Platform for Cloud and On-Premise ApplicationsSafeNet
Strong authentication and single sign-on for SaaS applications is available with SafeNet
Authentication Manager and SafeWord 2008.
With either platform, the enterprise security team retains complete control over the
configuration, deployment, and administration of the authentication infrastructure, which
remains in the enterprise’s IT domain.
Organizations can deploy either platform in their network’s DMZ, so users can authenticate
directly to cloud-based applications and services, rather than having to go through the corporate VPN. As a result, users have a faster, more seamless experience accessing on-premise and
cloud-based applications, while enterprises enjoy optimized security.
Virtualization Forum 2015, Praha, 7.10.2015
sál VMware
Jestliže SlideShare nezobrazí prezentaci korektně, můžete si ji stáhnout ve formátu .ppsx nebo .pdf.
Security 101: Multi-Factor Authentication for IBM iPrecisely
Stories of data breaches caused by stolen or guessed passwords have increased scrutiny around login password practices.
Multi-factor authentication has become a popular method for strengthening login security and is now required by certain regulations such as the New York Department of Financial Services’ Cybersecurity Regulation (23 NYCRR 500).
During this webcast, you’ll learn more about:
• What multi-factor authentication means
• The difference between multi-step and multi-factor authentication
• Authentication options and tradeoffs
• How Syncsort can help
View this 15-minute webcast on-demand to learn the fundamentals of multi-factor authentication and how it can be implemented for IBM i users.
Build 2016 - P493 - Managing Windows in an Enterprise: Empower Your Users & P...Windows Developer
Enabling people to access their corporate apps and data on their devices, whether in the office or on the road, doesn’t need to be a challenge. Windows 10 helps protect corporate resources though mobile device management, data protection, and identity both from on-premises and in the cloud. This session will explain how Windows 10 can help organizations give people the best apps to do their jobs while reducing costs and keeping data safe.
3 Steps to Security Intelligence - How to Build a More Secure EnterpriseIBM Security
We are in the midst of upheaval in the world of IT Security. Attackers are highly organized and using increasingly sophisticated methods to gain entry to your most sensitive data. At the same time, Cloud and mobile are redefining the concept of the perimeter. Check out this insightful discussion of how today's CISO is building a more secure enterprise using analytics, risk-based protection, and activity monitoring to protect the most valuable assets of the organization.
For more visit: http://securityintelligence.com
This session will explore Windows 7 core platform security improvements, securing anywhere access, data protection, and protecting desktop users. We will explain how Windows 7 features in each of these areas provide the foundation for secure and reliable platform. We will discuss User Account Control improvements, enhanced auditing, Network Access Protection (NAP), Firewall improvements, Applocker, Bitlocker and Bitlocker to go enhancements, Direct Access, Internet Explorer 8 security improvements, and EFS enhancements.
8-step Guide to Administering Windows without Domain Admin PrivilegesBeyondTrust
In this presentation from his highly popular webinar, Windows security expert, Russell Smith, explains how to effectively administer Windows systems without using privileged domain accounts, enabling you to drastically reduce your organization’s threat surface.
Symantec Altiris IT Management Suite 7.0, provides customers with complete management capabilities that enhance effectiveness through faster deployments and increased security, reduces costs by closing technology gaps and improves manageability amidst the increasing information and infrastructure sprawl.
Cyberoam network security appliances offer next generation security features and deliver future-ready security to highly complex enterprise networks. The unique Layer 8 identity-based security gives enterprises complete visibility and control over user activity.
Eric Golpe. Security, privacy, and compliance concerns can be significant hurdles to cloud adoption. Azure can help customers move to the cloud with confidence by providing a trusted foundation, demonstrating compliance with security standards, and making strong commitments to safeguard the privacy of customer data. This presentation will educate you in the fundamentals of Azure security as they pertain to the Cortana Analytics Suite, including capabilities in place for threat defense, network security, access control, and data protection as well as data privacy and compliance. Go to https://channel9.msdn.com/ to find the recording of this session.
Technology Overview - Validation & ID Protection (VIP)Iftikhar Ali Iqbal
The presentation provides the following:
- Symantec Corporate Overview
- Solution Portfolio of Symantec
- Symantec Validation & ID Protection - Introduction
- Symantec Validation & ID Protection - Components
- Symantec Validation & ID Protection - Architecture
- Symantec Validation & ID Protection - Use Cases
- Symantec Validation & ID Protection - Licensing & Packaging
- Symantec Validation & ID Protection - Appendix (extra information)
This provides a brief overview of Symantec Validation & ID Protection (VIP). Please note all the information is based prior to May 2016 and the full integration of Blue Coat Systems's set of solutions.
Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...Precisely
Regulatory compliance and security of critical systems, applications and data are top-of-mind issues for IT organizations in 2018. New capabilities are now available from the Syncsort Assure products that can help your organization achieve and maintain compliance while strengthening IBM i security.
View this webinar on-demand to discover how new innovations from Syncsort can help you meet your auditing and control needs.
Cisco Trustsec & Security Group TaggingCisco Canada
This presentation covers the protocols and functions that create a trusted network. We will discuss the best practices when deploying this tagging ability using campus switches including migration techniques from non-SGT capable to devices to a fully SGT capable network deployment. For more information please visit our website here: http://www.cisco.com/web/CA/index.html
Introduction to the business challenges of securely managing access to privileged accounts and the technical processes built into Privileged Access Manager to secure access to administrator, service and application-to-application IDs.
ObserveIT Software acts like a "security camera" for your servers, it will allow you to watch with full video playback every step your 3rdparty contractors, developers or IT administrators takes on your servers – exactly as they happen.
Watch full video playback of Remote Desktop, Citrix and VMWare Sessions
View sessions in real time or from historical recordings
Quickly find any user action, without playing back the entire session
A Single Strong Authentication Platform for Cloud and On-Premise ApplicationsSafeNet
Strong authentication and single sign-on for SaaS applications is available with SafeNet
Authentication Manager and SafeWord 2008.
With either platform, the enterprise security team retains complete control over the
configuration, deployment, and administration of the authentication infrastructure, which
remains in the enterprise’s IT domain.
Organizations can deploy either platform in their network’s DMZ, so users can authenticate
directly to cloud-based applications and services, rather than having to go through the corporate VPN. As a result, users have a faster, more seamless experience accessing on-premise and
cloud-based applications, while enterprises enjoy optimized security.
Virtualization Forum 2015, Praha, 7.10.2015
sál VMware
Jestliže SlideShare nezobrazí prezentaci korektně, můžete si ji stáhnout ve formátu .ppsx nebo .pdf.
Security 101: Multi-Factor Authentication for IBM iPrecisely
Stories of data breaches caused by stolen or guessed passwords have increased scrutiny around login password practices.
Multi-factor authentication has become a popular method for strengthening login security and is now required by certain regulations such as the New York Department of Financial Services’ Cybersecurity Regulation (23 NYCRR 500).
During this webcast, you’ll learn more about:
• What multi-factor authentication means
• The difference between multi-step and multi-factor authentication
• Authentication options and tradeoffs
• How Syncsort can help
View this 15-minute webcast on-demand to learn the fundamentals of multi-factor authentication and how it can be implemented for IBM i users.
Build 2016 - P493 - Managing Windows in an Enterprise: Empower Your Users & P...Windows Developer
Enabling people to access their corporate apps and data on their devices, whether in the office or on the road, doesn’t need to be a challenge. Windows 10 helps protect corporate resources though mobile device management, data protection, and identity both from on-premises and in the cloud. This session will explain how Windows 10 can help organizations give people the best apps to do their jobs while reducing costs and keeping data safe.
3 Steps to Security Intelligence - How to Build a More Secure EnterpriseIBM Security
We are in the midst of upheaval in the world of IT Security. Attackers are highly organized and using increasingly sophisticated methods to gain entry to your most sensitive data. At the same time, Cloud and mobile are redefining the concept of the perimeter. Check out this insightful discussion of how today's CISO is building a more secure enterprise using analytics, risk-based protection, and activity monitoring to protect the most valuable assets of the organization.
For more visit: http://securityintelligence.com
This session will explore Windows 7 core platform security improvements, securing anywhere access, data protection, and protecting desktop users. We will explain how Windows 7 features in each of these areas provide the foundation for secure and reliable platform. We will discuss User Account Control improvements, enhanced auditing, Network Access Protection (NAP), Firewall improvements, Applocker, Bitlocker and Bitlocker to go enhancements, Direct Access, Internet Explorer 8 security improvements, and EFS enhancements.
Share Point Server Security with Joel OlesonJoel Oleson
From Authentication and Authorization to ports, firewall rules, and server to server communication, this session goes into depth on a number of topic with further resources on SharePoint Security by Joel Oleson
Praktiline pilvekonverents - IT haldust hõlbustavad uuendusedPrimend
IT halduse lihtsustamiseks on lisandunud mitmeid mõnusaid uuendusi. Andres Nurk rääkis põhilisematest nagu: Windows Server 2016, Windows 10 E3, ATP, OMS. Uuenduste tuules on muutunud ka WinServeri litsentsimine. Aleksei Räim andis kiire ülevaate, mida peab silmas pidama.
Selleks, et julgeks andmed pilveteenusesse viia, peab esmalt teenusepakkujat usaldama. Mida on Microsoft ära teinud selleks, et klientide usaldust võita? Kuidas hoida andmeid pilve-Exchange’is ja pilve-SharePointis turvaliselt, jagada välja krüpteeritult ning põhjalikult kontrollida süsteemide kasutajate volitusi.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
2. Agenda Security Fundamentals Threat and Vulnerability Mitigation Identity and Access Control Compliance Enhancements Technology Coverage Read Only Domain Controller, Bit Locker, Service Hardening, Server Core, Device Installation, Next Gen firewall, NAP and Terminal Services/RDP changes, Rights management, … and more
3. SECURITY: FUNDAMENTALS THREAT & VULNERABILITY MITIGATION Network Access Protection Read-Only Domain Controller Enhanced Auditing Server and Domain Isolation Security Development Lifecycle Windows Service Hardening Next Generation Crypto PKI Enhancements IDENTITY & ACCESS CONTROL COMPLIANCE ENHANCEMENTS BitLocker™ Drive Encryption EFS Smartcards Rights Management Server Removable Device Control Active Directory Federation Services Plug and Play Smartcards Granular Auditing Granular Password Control Security and Compliance
5. Security Development Lifecycle Mandated development process for Windows Server and Windows Vista Periodic mandatory security training Assignment of security advisors for all components Threat modeling as part of design phase Security reviews and testing built into the schedule Security metrics for product teams Common Criteria (CC) Certification
6. Windows Service HardeningDefense-in-Depth / Factoring D D D D D D D D Reduce size ofhigh risk layers Segment theservices Increase # of layers Service 1 Service … Service 2 Service… Service A Service 3 Service B Kernel Drivers User-mode Drivers
7. Server Core Minimal installation option Low surface area Command line interface Limited set of server roles SERVER, SERVER ROLES (for example only) TS IAS WebServer SharePoint Etc… SERVER With WinFx, Shell, Tools, etc. SERVER CORE SERVER ROLES DNS DHCP File AD WV IIS SERVER CORE Security, TCP/IP, File Systems, RPC,plus other Core Server Sub-Systems GUI, CLR, Shell, IE, Media, OE, etc.
9. Cryptography Next Generation (CNG) Cryptography Next Generation Includes algorithms for encryption, digital signatures, key exchange, and hashing Supports cryptography in kernel mode Supports the current set of CryptoAPI 1.0 algorithms Support for elliptic curve cryptography (ECC) algorithms Perform basic cryptographic operations, such as creating hashes and encrypting and decrypting data
10. PKI Enhancements Online Certificate Status Protocol (OSCP) Enterprise PKI (PKIView) Network Device Enrollment Service and Simple Certificate Enrollment Protocol Web Enrollment
18. Servers with Sensitive Data Server Isolation HR Workstation Managed Computer Domain Isolation Domain Isolation Managed Computer Active Directory Domain Controller Corporate Network Trusted Resource Server X Unmanaged/Rogue Computer X Untrusted Server and Domain Isolation
19. POLICY SERVERS e.g. MSFT Security Center, SMS, Antigenor 3rd party Fix Up Servers e.g. MSFT WSUS, SMS & 3rd party Restricted Network CORPORATE NETWORK Network Access ProtectionWindows Server 2008 3 Not policy compliant 1 2 4 MSFT Network Policy Server Windows Vista Client Policy compliant DHCP, VPN Switch/Router 5 Enhanced Security All communications are authenticated, authorized & healthy Defense-in-depth on your terms with DHCP, VPN, IPsec, 802.1X Policy-based access that IT Pros can set and control BENEFITS Increased Business Value Preserves user productivity Extends existing investments in Microsoft and 3rd party infrastructure Broad industry partnership
20. Read-Only Domain Controller Read-Only Copy of AD Database Can Hold all Directory Objects & Attributes Maintains Read-Only Copy of DNS Zones HUB Writeable DC Secure Location Unidirectional Replication No Local Changes – Pull from Upstream Only Controlled Replication - Limits Bandwidth Use Credential Handling Can Cache User Passwords (Explicitly Set) Admin Knowledge of Accounts if Compromised RODC May Only Issue Local Auth Tickets Branch Administrative Role Separation Management Delegated to Local User No Enterprise or Domain DC Membership Read-Only DC Read-Only DNS One-way Replication Credential Cache Local Admin Role
21. How RODC Works AS_Req sent to RODC (request for TGT) 1 2 RODC: Looks in DB: "I don't have the users secrets" 3 Hub Branch Forwards Request to Windows Server "Longhorn" DC 3 7 Windows Server "Longhorn" DC Read Only DC Windows Server "Longhorn" DC authenticates request 4 4 2 5 Returns authentication response and TGT back to the RODC 5 1 RODC gives TGT to User and RODC will cache credentials 6 6 At this point the user will have a hub signed TGT 7
24. Improved Auditing More Granularity Support for many auditing subcategories: Logon, logoff, file system access, registry access, use of administrative privilege, Active Directory Captures the Who, the What, & the When From and To Values for Objects or Attributes Logs All – Creates, Modifies, Moves, Deletes New Logging Infrastructure Easier to filter out “noise” in logs Tasks tied to events: When an event occurs tasks such as sending an Email to an auditor can run automatically
26. Active Directory Federation Services Full implementation of a ‘claims-based’ architecture based on WS-Federation Fully integrated with Active Directory Supports group, role and rules-based models Partner Value Add BMC, Centrify & Quest: Multi-platform support Business Benefits Enables new models for cross-company single sign-on systems Facilitates single-sign across Windows and non-Windows environments Reduces the risk of unauthorized access by eliminating the need for cross-company synchronization of user and rights information
27. Authentication Improvements Plug and Play Smart Cards Drivers and Certificate Service Provider (CSP) included Login and credential prompts for User Account Control all support Smart Cards New logon architecture GINA (the old Windows logon model) is gone Third parties can add biometrics, one-time password tokens, and other authentication methods with much less coding
28. Granular Policy Control Allows to set Password Policies on Users and/or Groups (different from the domain‘s Password Policies) Big Win for Customers:Requirements for different Password Policies do not result in deploying multiple domains anymore New Object-Type in Active Directory, the Password Settings Object Password Settings are configured using those Objects in the Password Settings Container
30. AD Rights Management Services AD RMS protects access to an organization’s digital files AD RMS in Windows Server "Longhorn" includes several new features Improved installation and administration experience Self-enrollment of the AD RMS cluster Integration with AD FS New AD RMS administrative roles SQL Server Active Directory RMS Server 1 3 2 Information Author The Recipient
31. BitLocker™ Drive Encryption Full Volume Encryption Key (FVEK) Encryption Policy Group Policy allows central encryption policy and provides Branch Office protection Provides data protection, even when the system is in unauthorized hands or is running a different or exploiting Operating System Uses a v1.2 TPM or USB flash drive for key storage
32. Information Protection Who are you protecting against? Other users or administrators on the machine? EFS Unauthorized users with physical access? BitLocker™ Some cases can result in overlap. (e.g. Multi-user roaming laptops with untrusted network admins)
33. Removable Device Installation Control Benefits: Reduced Support Costs Reduced Risk of Data Theft Scenarios: Prevent installation of all devices Allow installation of only allowed devices Prevent installation of only prohibited devices