Lets talk about Microsoft forefront client security. Forefront helps guard against many different emerging threats like viruses, root kits, and spyware. Organizations need to protect their PCs and servers from various threats. Yet many protection-software suites are difficult to use and integrate into existing IT infrastructures, making it challenging to identify threats and vulnerabilities. With Fore front your getting more advanced security tools and a more simple way of operating. Think of a house that has locks and bolts and Fore front is added to that as a simple alarm system that reinforces the basic security, let me hit on each bullet point and some features of the software.
With unified protection you have the single engine that enhances performance and detection capabilities by minimizing end-user disruptions. By using “mini-filter” technology with the Windows Filter Manager, Forefront Client Security is able to scan virus and spyware files before they run, providing better security against spyware and blended threats (for example, spyware that infects a PC through backdoor Trojans or other means). Simplified Administration makes things easier like having central management with one console for simplified client security, Microsoft Forefront Client Security saves time and reduces complexity. Integrating with the familiar Microsoft infrastructure saves administrative time and reduces the “learning curve.” The last point is the Visibility and control which when you receive an alert the event is recorded into the fore front summary report which gives a support link on how to deal with that alert. The Security State Assessment (SSA) checks to examine data from the file system and others allowing the administrator to detect common vulnerabilities in the environment. With that many features why turn it down and for the very low low subscription price of $12.72 per user or device, per year. So don’t just sit there purchase now for ease of mind and ultimate protection for your client or home network. And now the moment you have been waiting for thank you for your time/ our feature presentation!!!!!
Good morning class, my name is Stephanie Wilks. We are Team 3. I’d like to introduce the rest of my team. First, we have Kendra Moyer, who will be presenting the second half of this presentation, Rhonda Walker, who contributed research to this presentation, and Willie Solomon, who designed this slideshow and was also our team leader. Today we will talk to you about Windows Server 2008 and a few of the many new security features that it has.
The purpose of this presentation is to explain these five security features for server 2008. BitLocker Driver Encryption, User Account Control, Read Only Domain Controller , Network Access Protection (NAP), Cryptography Next Generation(CNG).
Two things that should be explained just in case anyone was unsure are what a server is and what Windows Server 2008 is. A server is a computer program that provides services to other computer programs (and their users), in the same or other computer. Microsoft Windows Server 2008 is the most advanced Windows Server operating system yet, designed to power the next generation of networks, applications, and Web services. With Windows Server 2008 you can develop, deliver, and manage rich user experiences and applications, provide a highly secure network infrastructure, and increase technological efficiency and value within an organization. In the Windows Server 2008 operating system, Microsoft is introducing many new features and technologies, which were not available in Windows Server 2003 with Service Pack 1 (SP1), that will help to reduce the power consumption of server and client operating systems, increase the security of computers running Windows Server 2008, and increase server efficiency and productivity.
Windows BitLocker Drive Encryption (BitLocker) is a security feature in the Windows Vista and Windows Server 2008 operating systems that can provide protection for the operating system on your computer and data stored on the operating system volume. In Windows Server 2008, BitLocker protection can be extended to volumes used for data storage as well. In windows Server 2008, Bitlocker is an optional component that must be installed before it can be used.
BitLocker performs two functions: • BitLocker encrypts all data stored on the Windows operating system volume (and configured data volumes). This includes the Windows operating system, hibernation and paging files, applications, and data used by applications. • BitLocker is configured by default to use a Trusted Platform Module (TPM) to help ensure the integrity of early startup components (components used in the earlier stages of the startup process), and "locks" any BitLocker-protected volumes so that they remain protected even if the computer is tampered with when the operating system is not running.
The major features of BitLocker include full-volume encryption, verification of the integrity of early startup components, a recovery mechanism, and support for a secure decommissioning process. Some things that should be considered before you enable BitLocker are your hardware requirements. You want your existing hardware to be powerful enough to handle the encryption, and if you want to use the system integrity features, your hardware platform must be equipped with a version 1.2 TPM. You should also evaluate your current corporate policies regarding data retention, encryption, and compliance. Always make sure you have a plan for data recovery. And also consider how recovery information will be stored and what decommissioning process will be used when servers will no longer be used.
First, with Full-Volume encryption, everything written to a BitLocker-protected volume is encrypted. This includes the operating system itself, and all applications and data. This helps protect data from unauthorized access. While the physical security of servers remains important, BitLocker can help protect data whenever a computer is stolen, shipped from one location to another, or otherwise out of your physical control. Encrypting the disk helps prevent offline attacks such as the removal of a disk drive from one computer and its installation in another in an attempt to bypass Windows security provisions. Second, BitLocker uses the TPM to verify the integrity of early boot components and boot configuration data. This helps ensure that BitLocker makes the encrypted volume accessible only if those components have not been tampered with and the encrypted drive is located in the original computer, which helps prevent additional offline attacks, such as attempts to insert anything that could cause harm those components. In day-to-day use, BitLocker protection is virtually transparent to the user. And in the event that system lockout occurs—for example, due to hardware failure, hardware changes, or an attempted security breach—BitLocker offers a simple, efficient recovery process, which is our third step. When BitLocker is enabled, the user is prompted to store a "recovery password" that can be used to unlock a locked BitLocker volume. The BitLocker setup wizard requires that at least one copy of the recovery password is saved. At some point, all computers need to be removed from service and many are reassigned to different purposes during their useful life. Enterprises might have plans to recycle equipment, donate or sell it, or return it at the expiration of a lease, but every enterprise must also ensure that no confidential data can be retrieved from the decommissioned or reassigned equipment. Most processes that remove confidential data from disk drives are time consuming, costly, or result in the permanent destruction of the hardware. BitLocker helps ensure that data is never stored on disk in a way that would be useful to an attacker, thief or new hardware owner by making it inaccessible, which is the last step.
User Account Control (UAC) is a new technology and security infrastructure for Microsoft’s Server 2008 and Window’s Vista operating system. If you have Vista or are familiar with it you would recognize it as the annoying box that pops up asking for permission. But what UAC aims to improve is the security of Microsoft Windows by limiting application software to standard user privileges until an administrator authorizes an increase in privilege level.
A read Only Domain Controller (RODC) is a new type of domain controller in Windows Server 2008. Its main purpose is to improve security in branch offices that might have a writable domain controller but not the physical security, network bandwidth, or local expertise to support it. Writeable domain controllers store sensitive data, such as passwords and other credentials and can lead to a security breach if that data ends up in the hands of unauthorized user. An RODC holds all Active Directory objects (Active Directory provides the means to manage the identities and relationships that make up network environments), attributes that a writable domain controller holds but RODCs can help with this problem in four ways: With the Read only feature If an application needs write access to Active Directory objects the RODC will send an Lightweight Directory Access Protocol (LDAP) which is a set of protocols for accessing information. LDAP redirects the application to a writable domain controller. An intruder on the RODC can’t manipulate the Active Directory database because nothing was ever written to the Active Directory. Second, If the RODC server host a Domain Name System server (DNS), the intruder won’t be able to tamper with the DNS data. A DNS is a naming system for computers, services, or any resource participating in the Internet. The third way is you can delegate a local Administrator role to a domain user. If an intruder gains access to the credentials of this local administrator account, they won’t be able to make changes on other domain controllers. And the final way is with Password Protection a malicious user won’t be able to access passwords using a brute-force-attack. This applies only if password caching is disabled on the RODC. If a password isn’t cached, the RODC will forward the authentication request to a writable DC. This ends my portion of the presentation, next my teammate Kendra will present the remainder of the presentation.
NAP is a policy enforcement platform that was built into Windows Server 2008 and some other windows software. It basically helps ensure that your system of lines (network) isn't compromised by unhealthy computers, isolating and/or remediating those computers that don't comply with the security policies you set. There is the Components for NAP and the Server Components which I will mention in this slide and go more in detail in the next slide. The Components are NAP agent, System Health Agent, and the server component is NAP administration server.
In this slide I’m going to tell you about the client components. This slide will go over the five steps of how it works. First the client request access then for step two the computers health state is validated against policies set by the administrator. As part of third step the request is sent to the Network Policy Server (NPS) and what this does is provide a central authentication and authorization service for all access sent by radius client. Don’t worry I know you don’t know what a radius client is so let me explain, a radius client is new software that a Network Access Server (NAS) uses. The NAS is used to connect to a large network and the radius communicates with radius clients verifying that the client complies with the radius protocol. For step four if the request for access is compliant access is granted and welcome to the network! Step five is only if the request isn't compliant the client is restricted and remediation is called. What happens is the remediation server issues updates so the computer requesting access meets the minimum requirements.
CNG has the ability to convert the use of protocols like SSL/TLS, CMS (S/MIME), IPsec, Kereberos, etc. Prior to CNG, the protocol APIs needed to add algorithm selection and other options that didn’t exist. CNG is targeting Federal Information Processing Standards (FIPS). CNG complies with common criteria requirements by storing and using long lived keys in a secure process. CNG supports Suite B algorithms. This is the new standard required by the NSA to designate information as Top Secret. The standard is now necessary to all software vendors and system integrators. CNG supports the current set of Algorithms in Crypto AGI 1.0. CNG supports cryptography in kernel mode(Kernel mode means a program has complete control over the information and the hardware). The same APIs are used in both kernel and user mode to fully support the cryptography features. Many actions that happen in the CNG layer are audited in the Microsoft software key storage provider (KSP). CNG provides the ability to replace the default random number generator (RNG). All functions within CNG are designed to support multithreaded or concurrent execution. CNG supports the three modes of operation that can be used with symmetric block ciphers through the encryption APIs. CNG provides a model for private key storage that adapts for current and future demands in cryptographic features. That would conclude the complete security features that we have selected to discuss today and to bring this presentation to a close I will like to test the audiences knowledge of the information given with ten questions.
1)Answer: When a client tries to access a network or communicate on a network it must present its system health requirements to gain unlimited access. 2)Answer: It stands for Network Access Protection 3) A computer program that provides services to other computer programs 4) Suite B is the new encryption standard for the NSA to which Microsoft and other software and hardware providers must now be compliant. 5) Cryptography is a system which allows the transferring of sensitive data online without detection. 6) Windows Vista and Windows Server 2008 7) User account control 8)Read Only Domain Controller 9)To improve security in office branches 10)No
Server 2008 Project
•Unified malware protection for business
desktops, lap tops and server operating systems
that’s easier to control
•Visibility and Control
Real time virus
One policy to
Discuss five Security Features for Server 2008
1: BitLocker Driver Encryption
2: User Account Control
3: Read Only Domain Controller
4: Network Access Protection (NAP)
5: Cryptography Next Generation (CNG)
WHAT IS A SERVER?
A server is a computer program that provides
services to other computer programs
Microsoft Windows Server 2008 is the most
advanced Windows Server operating system
yet, designed to power the next generation of
networks, applications, and Web services.
BitLocker Drive Encryption
BitLocker performs two
BitLocker encrypts all data
stored on the Windows
operating system volume
BitLocker uses a Trusted
Platform Module (TPM)
Verification of the integrity of early startup
A recovery mechanism
Support for a secure decommissioning process
How does it work?
With Full-Volume encryption,
everything written to a
BitLocker-protected volume is
BitLocker uses the TPM to verify
the integrity of early boot
components and boot
User is prompted to store a
"recovery password" that can be
used to unlock a locked BitLocker
volume in case of system failure
of security breach.
BitLocker helps ensure that data
is never stored on disk in a way
that would be useful to an
attacker, thief or new hardware
•UAC is a new technology for Microsoft Server 2008 and Windows
•Additional settings are available by configuring Group policy
•UAC provides authentication protection against malicious
•A DNS server
running on an
•A Domain user
Network Access Protection
Resources for NAP
Certification and Compliance
Suite B support
Kernel Mode Support
Replaceable Random Number Generators
Mode of Operation
Key Storage and Retrieval
1. How does NAP work?
2. What does the acronym NAP stand for?
3. What is a server?
4. How does the US government use the innovations of CNG?
5. Why do we use cryptography?
6. What two products are using UAC?
7. What Does UAC stand for?
8. What does RODC stand for?
9. What is the main purpose of RODC?
10. Does BitLocker come installed on Windows Server 2008?
1. “The Windows Vista and Windows Server 2008 Developer Story: Windows Vista Application for User
Account Control (UAC)” April 2007 Retrieved on 2007-10-08 Wikipedia
2. Microsoft Server 2008 (2009 Microsoft Corporation ) TechNet http://technet.microsoft.com/en-
3. “Fore Front Client Security excerpt “ Microsoft Partner Program retrieved 02-05-09
4. Microsoft Fore Front Client Security
5. (Network Access Protection) Wikipedia “ Windows Network Access Protection Web page”
6. Microsoft TechNet “Networking and Access Technologies “ (NAP ) http://technet.microsoft.com/en-
7. (Read Only Domain Controller) Microsoft TechNet http://technet.microsoft.com/en-
8. Microsoft Developer Network “CNG “http://msdn.microsoft.com/en-us/library/aa376210(VS.85).aspx
9. Microsoft TechNet “CNG” http://technet.microsoft.com/en-us/library/cc730763.aspx
10. BitLocker Wikipedia http://en.wikipedia.org/wiki/BitLocker_Drive_Encryption