4. Who are we - Introductions Ranjana JainIT Pro Evangelist – Platform SecurityMicrosoft IndiaMCSE, MCT, RHCE, CISSP, CIW Security Analyst Srinivas LTechnology Specialist – Security Microsoft IndiaMCTS-Security, CCNA, CCNE, CNA Gautam DuaSolution Specialist – Management and Security Microsoft IndiaMCSE, MCT
5.
6. Evolving Threat Landscape Local Area Networks First PC virus Boot sector viruses Create notorietyor cause havoc Slow propagation 16-bit DOS Internet Era Macro viruses Script viruses Create notorietyor cause havoc Faster propagation 32-bit Windows Hyper jacking Peer to Peer Social engineering Application attacks Financial motivation Targeted attacks 64-bit Windows Broadbandprevalent Spyware, Spam Phishing Botnets Rootkits Financial motivation Internet wide impact 32-bit Windows 1986–1995 1995–2000 2000–2005 2007
7. National Interest Personal Gain Personal Fame Curiosity Largest segment by $ spent on defense Spy Largest area by $ lost Fastest growing segment Thief Largest area by volume Trespasser Author Vandal Undergraduate Script-Kiddy Expert Specialist Evolving Threats
8. Addressing Security Threats Helps turn IT into a business asset not a cost center Supports your day to day security processes Is the Enabler to running your business successfully Technology Data privacy processes to manage data effectively IT security processes to implement, manage, and govern security Financial reporting processes that include security of the business Process Company understands the importance of security in the workplace Individuals know their role with security governance and compliance IT staff has the security skills and knowledge to support your business People
9. Microsoft’s Promises To You Manage Complexity, Achieve Agility Amplifythe Impactof YourPeople ProtectInformation,ControlAccess Advance the Businesswith IT Solutions
10. Delivering On The Promise:Infrastructure Optimization *Source: Microsoft CSO Summit 2007 Registration Survey
11. Core Infrastructure Optimization More Efficient Cost Center Cost Center Strategic Asset Business Enabler Basic No centralized enterprise directory No automated patch management Anti-malwarenot centrally managed Message security for e-mail only No secure coding practices in place Standardized Using enterprise directory for authentication Automated patch management tools deployed Anti-malwareis managed centrally Unified message security in place Rationalized Integrated directory services, PKIin place Formal patch management process Defense in depth threat protection Security extended to remote and mobile workforce Dynamic Full identity lifecycle management.ID Federation,Rights Mgt Services in use Metrics driven update process Client quarantine and access policy enforcement <$100/PC Cost $1320/PC Cost $580/PC Cost $230/PC Cost Source:GCR and IDC data analyzed by Microsoft, 2006
12. Core Infrastructure Optimization Model: Security Basic Standardized Rationalized Dynamic Technology Self provisioning and quarantine capable systems ensure compliance and high availability Automate identity and access management Automatedsystem management Multiple directories for authentication Limited automated software distribution Patch statusof desktopsis unknown No unified directory for access mgmt Self-assessing and continuous improvement Easy, secure access to info from anywhereon Internet SLAs are linkedto business objectives Clearly defined and enforced images, security, best practices CentralAdmin and configurationof security Standard desktop images defined,not adopted by all IT processes undefined Complexity dueto localized processesand minimal central control Process Improve IT Maturity while Gaining ROI IT is astrategic asset Users look to ITas a valued partner to enable new business initiatives IT Staff manages an efficient,controlled environment Users have the right tools,availability, and access to info IT Staff trained in best practices such as MOF,ITIL, etc. Users expect basic services from IT IT staff taxed by operational challenges Users come up with their ownIT solutions People
16. Security Development Lifecycle Design Threat Modeling Standards, best practices, and tools Security Push Final Security Review RTM and Deployment Signoff Security Response Product Inception
17. Comprehensive Security Portfolio Services Edge Encrypting File System (EFS) Server Applications BitLocker™ Information Protection Network Access Protection (NAP) Client and Server OS IdentityManagement Windows CardSpace SystemsManagement Active Directory Federation Services (ADFS) Guidance Developer Tools
18.
19. Priority #1 - Platform Security Security Development Lifecycle Security Response Center Better Updates And Tools
20. Security Development Lifecycle (SDL) Kernel Patch Protection Kernel-mode Driver Signing Secure Startup Windows Service Hardening Secure Platform Rights Management Services (RMS) SharePoint, Exchange, Windows Mobile integration Encrypting File System (EFS) Bitlocker Secure Access User Account Control Network Access Protection (NAP) IPv6 IPsec Windows CardSpace Native smart card support GINA Re-architecture Certificate Services Credential roaming Windows Defender IE Protected Mode Address Space Layout Randomization (ASLR) Data Execution Prevention (DEP) Bi-directional Firewall Windows Security Center Data Protection Malware Protection
21. Security Development Lifecycle (SDL) Windows Server Virtualization (Hypervisor) Role Management Tool OS File Integrity Secure Platform Network Protection Network Access Protection (NAP) Server and Domain Isolation with IPsec End-to-end Network Authentication Windows Firewall With Advanced Security On By Default Identity Access Rights Management Services (RMS) Full volume encryption (Bitlocker) USB Device-connection rules with Group Policy Improved Auditing Windows Server Backup Data Protection Read-only Domain Controller (RODC) Active Directory Federation Srvcs. (ADFS) Administrative Role Separation PKI Management Console Online CertificateStatus Protocol
22. Physical and Infrastructure Security Windows Firewall with Advanced Security Network Access Protection IPSec Supports both inbound and outbound filtering Set filtering policies by port, traffic type, or application Built-in support for IPv6, IPSec, and NAP policies Windows Vista has built-in support for NAP NAP Policies support conditional exclusions so unhealthy clients can connect to update servers to become compliant with established policies Windows Vista has built-in support for IPSec Windows Vista IPSec policies support NAP/NAC and Domain Isolation IPSec policies support conditional exclusions
23. Identity and Access Control Windows Security Center Authentication Methods Windows CardSpace Shows status of security software and settings Monitor multiple vendors’ security solutions running on a computer and indicate which are enabled and up-to-date New deployment and management tools like PIN reset tools Common API model to help make it easier for smart card developers to make new tools Improved support for biometrics and tokens Manages Internet identities and allows for user control of personally identifiable information Allows users to view what personal information will be shared and how it will be used
24. Identity and Access Control Malware Protection Windows Defender Internet Explorer 7 Malicious Software Removal Tool Protects against damage caused by malware installations IE processes are ‘sandboxed’ to protect against infection Designed for security and compatibility Leverages UAC and improved caching technology integration for better performance Integration with IE7 allows downloaded files to be scanned prior to saving or execution Scans computers for infections by specific types of prevalent malware families Updated versions are released each month or as needed when new threats are discovered
25. Information Protection BitLocker Drive Encryption Data Storage Group Policies Encrypting File System Data encryption for volumes and hard drives Uses AES encryption and integration with Trusted Platform Module (TPM 1.2) to secure data Enforce data storage policies by controlling where users can store data Prevent data loss and theft by limiting what media can be used to store sensitive information User-based data encryption for files and folders EFS keys can be stored on roaming profiles or on smart cards
26. New Windows Firewall Inbound and Outbound Filtering New Management MMC Integrated Firewall and IPsec Policies Rule Configuration on Active Directory Groups and Users Support for IPv4 and IPv6 Advanced Rule Options On by Default (Beta 3)
27. Windows Service HardeningDefense In Depth – Factoring/Profiling D D D D D D D D Reduce size of high risk layers Segment the services Increases number of layers Service 1 Service … Service 2 Service… Service A Service 3 Service B Kernel Drivers User-mode Drivers
28. Network Access Protection Corporate LAN NAP Network Microsoft NetworkPolicy Server 1 2 5 Not PolicyCompliant PolicyCompliant DHCP, VPNSwitch/Router 3 WindowsClient Policy Server(Patch, AV) 1 Client requests access to network and presents current health state DHCP, VPN or Switch/Router relays health status to Microsoft Network Policy Server (RADIUS) 2 PatchServer 4 3 Network Policy Server (NPS) validates against IT-defined health policy RestrictedNetwork If not policy compliant, client is put in a restricted VLAN and given access to download patches, configurations, signatures (Repeat 1 - 4) 4 5 If policy compliant, client is granted full access to corporate network
29. Benefits Features Windows Server Core Limits the server roles used. Installs only a subset of the binaries. Only required features are installed Command line interface, no GUI shell Takes about 1 GB for installation Reduced Software Maintenance Reduced Attack Surface Reduced Management Less Disk Space Required
30. Windows Server Core Architecture Features WINS SNMP BitLocker Drive Encryption Telnet Client Failover Clustering Removable Storage Management Backup Roles FileServer Active Directory AD Lightweight Directory Service PrintServer MediaServices Windows Virtualization Server DNS DHCP Server Core Thin Management Tools (Local and Remote) Configure IP Address, Join a Domain, Create Users, etc. Core Subsystems Security (Logon Scenarios) Networking (TCP/IP) , File Systems, RPC, Winlogon, Necessary Dependencies. Infrastructure Features Command Shell, Domain Join, Event Log, Perform. Counter Infra., WS-Mgmt, WMI Infra, Licensing Service, WFP, HTTP Support, IPsec Resolved Category Dependencies – HAL, Kernel, VGA, Logon, etc. Hardware Support Components – Disk, Network Adapter, etc.
32. Edge, server and client protection “Point to Point” Solutions Security of data at rest and in transit Mobile workforce Manageability Corporate Client Protection Server Protection Consumer/ Small Business Simple PC maintenance Anti-Virus Anti-Spyware Anti-Phishing Firewall Performance Tuning Backup and Restore Edge Protection Protection
33. Unified malware protection for business desktops, laptops, and server operating systems that is easy to manage and control One spyware and virus protection solution Built on protection technology based Effective threat response UnifiedProtection One simplified security administration console Define one policy to manage client protectionagent settings Integrates with your existing infrastructure SimplifiedAdminis-tration One dashboard for visibility into threatsand vulnerabilities View insightful reports Stay informed with state assessment scansand security alerts VisibilityandControl
34. Server and Domain Isolation (SD&I) Combined Solution Forefront™ Client Security Windows Vista™ User Account Control IE7 with Protected Mode Randomize Address Space Layout Advanced Desktop Firewall Kernel Patch Protection (64bit) Policy Based Network Segmentation Restrict-To-Trusted Net Communications Infrastructure Software Integration Unified Virus & Spyware Protection Central Management Reporting, Alerting and State Assessment
35. Microsoft Update Reporting and Alerting Server (OR ALTERNATE SYSTEM) (OR ALTERNATE SYSTEM) Desktops, Laptops and Server Operating Systems Running Microsoft Forefront Client Security REPORTS SETTINGS Management Server DEFINITIONS EVENTS Operations Architecture
39. Anti-Virus For Application Servers Gartner Magic Quadrant: E-Mail Security Boundary -Leader- Distributed protection Performance tuning Content filtering Central management Exchange Server/ Windows-based SMTP Server Internet A B C D E
40. Optimized access for employees, partners, andcustomers from virtually any device or location SecureRemoteAccess Enhanced connectivity and securityfor remote sites and applications BranchOfficeSecurity Increased resiliency for IT infrastructurefrom Internet-based threats InternetAccessProtection
41. Microsoft IAG For Secure Access Customizable Enterprise Security SSL VPN access to internal applications Microsoft, third-party, and custom apps supported Granular access control rules Support for multiple authentication mechanisms
46. Join Us… http://delhiitpro.groups.live.com Mail me: ranjanaj@microsoft.com IT Pro Momentum Program Technet Plus Subscription Quaterly VTD: http://www.ConnectWithLife.com
47. આભાર ধন্যবাদ நன்றி धन्यवाद ధన్యవాదాలు ಧನ್ಯವಾದಗಳು ଧନ୍ୟବାଦ നിങ്ങള്ക്ക് നന്ദി ਧੰਨਵਾਦ