A special closed group were invited for a Windows Server 8 Sneak Peek event. It was MVUG's event for 2011 and was held in Microsoft Auditorium on 22nd Dec with more than 60 participants. Thank you to all who made it. I want to thank Raymond Chou, Kevin Lim, Lai Yoong Seng, Beh Chor How, Wong Chon Kit, Poo Ching Loong, and Brandon Liew who spoke and deliver some awesome demos and of course to Noel Teng who have organize the event. We had great questions.

1. Windows Server 8 Security
Wong Chon Kit
(CISSP, RHCT, C|EH, E|CSA,MCSA, MCSE,MCTIP Enterprise Contribution from Noel Teng
Administrator , VCP)

2. Agenda:
 Key IT Security Issues In 2011
 What you going to be expected from the
developer preview version
• Improving usability
• Improving security enhancement & features

3. IT security incidents around the world
Citigroup hackers made $2.7 million from about 3,400 accounts and the breach cost
1
$77 million – networkworld.com
2
Japanese electronics giant Sony has reported a loss of $3.1bn (£1.9bn) for the year
to 31 March. – bbc.co.uk
3
Lockheed Martin – one of the world’s biggest military and aerospace companies
and Pentagon's top supplier – nationalcybersecurity.com
4 (IMF) has reportedly been hit with and potentially puts sensitive, confidential data
about national economies at risk of exposure – computerworld.com

4. Fundamental Tradeoff
Secure
You get to pick any two!
Cheap
Usable

5. Enhanced Security Features
• Bit locker
• Windows patch management
• DHCP Failover

6. BitLocker
1 Zero Cost provisioning & protection against theft
2
Improved performance and encrypt hard drive base on the HDD
usage
Windows Update Service
1 Part of the Windows Server 8
http://www.microsoft.com/download/en/details.aspx?DisplayLang=en&id=6416

7. Demo
• Enable Bitlocker on
Windows Server 8
without TPM

8. Windows DHCP
1 DHCP Failover by synchronizing IP address lease information
between 2 server
2 Load balancing supported
http://www.jonathanmedd.net/2011/09/now-with-powershell-cmdlets-for-dhcp.html

9. Demo
• High availability on
DHCP
• 2 Servers running the Windows 8 Server Developer
Preview
• The Domain Controller Role Installed on 1 server
• The DHCP Role installed on both servers

10. New Security Features
• Dynamic access control
• Flexi auditing
• Securing window surface

11. Dynamic Access Control
1 Compliances Challenge
2
Information is tag base on user & classification, it doesn’t matter
where the files is reside
Authorization Latest model access control is base on expression
3 (e.g. and / or)
4 Real time protection on non-MS Office document
http://www.windowsitpro.com/article/windowsserver8/windows-server-8-dynamic-access-
control-140572

12. Access Control Comparison
Windows 7 New in Windows 8 Example
• No expressions in ACL Support for Expression User.memberOf (USA-Employees)
AND User.memberOf (Finance-Division)
• Led to group bloat with ‘AND’/’OR ’ primitives AND User.memberOf (Authorization-Project)
• ACLs only based on groups Support for User Claims from AD
User.Division = ‘Finance’
AND User.CostCenter = 20000
• Led to group bloat
• No ability to control access Support for Static Device Claims User.Division = ‘Finance’
based on device state from AD AND Device.ITManaged = True
• No way to target policy Target Policy based on IF (Resource.Impact = ‘HBI’)
based on Resource Type Resource Type ALLOW AU Read User.EmployeeType = ‘FTE’

13. Expression-based Access Control Policy
User claims Device claims Resource properties
User.Department = Finance Device.Department = Finance Resource.Department = Finance
User.Clearance = High Device.Managed = True Resource.Impact = High
Central Access Rule
Applies to: @Resource.Impact == High
Allow | Read, Write | if (@User.Clearance == High) AND (@Device.Managed == True)

14. Flexible Audit
1 Challenges in Auditing
2 Improve auditing capabilities based on expression

15. Challenges in Auditing
Event Logs

16. Auditing Capabilities Based on Expression
Active Directory File server
User claims Resource properties
Clearance = High | Med | Low Department = Finance | HR | Engg
Status = Fulltime | Contract Impact = High | Med | Low
Central audit policy for HBI data
Audit | Read, Write | if (@Resource.Impact == High) AND (@User.Status != Fulltime)

17. History
1 Require proper planning on choosing the right installation method ( full
system or core)
New version
Microsoft understand the IT challenge and now you have the ability to
switch both installation method
1. ServerManager.exe cant be executed
1 2. Metro UI will be removed
3. Explorer and internet explorer will be remove
4. Patching will be lesser
5. Surface attack will be minimize

18. Demo
• Removing GUI from
Window Server 8

19. What happen to the patches that was installed in
the server full when you have change the system to
the core system.?
Come and join me and share your opinion
Usergroup : http://www.facebook.com/groups/MCIM2011/
Blog : http://www.wongchonkit.com
Email : wongchonkit@gmail.com

20. “Design it is not just what it looks like
and feels like. Design is how it
works.”
-Steve Jobs

21. Terima Kasih
- -
Thank You danke
당신을 감사하십시오