2. Enhance Security and Control
Narenda Wicaksono
IT Pro Advisor, Microsoft Indonesia
3. Windows 7 Enterprise Security
Building upon the security foundations of Windows Vista, Windows 7 provides IT
Professionals security features that are simple to use, manageable, and valuable.
4. A. Fundamentally Secure Platform
Windows Vista Foundation
Streamlined User Account
Control
Enhanced Auditing
5. B. Securing Anywhere Access
Network Security
Network Access Protection
Direct AccessTM
6. C. Protect Users & Infrastructure
AppLockerTM
Internet Explorer
Data Recovery
7. D. Protect Data from Unauthorized
Viewing
RMS
EFS
BitLocker &
BitLocker To GoTM
8. A. Fundamentally Secure Platform
Windows Vista Streamlined User Enhanced Auditing
Foundation Account Control
9. Streamlined User Account Control
Make the system work well for
standard users
Administrators use full privilege
only for administrative tasks
File and registry virtualization
helps applications that are not
UAC compliant
10. User Account Control – Windows 7
Reduce the number of OS applications and tasks that require elevation
Refactor applications into elevated/non-elevated pieces
Flexible prompt behavior for administrators
Users can do even more as a standard user
Administrators will see fewer UAC Elevation Prompts
12. Network Security
Policy based network
segmentation for more
secure and isolated logical
networks
Multi-Home Firewall
Profiles
DNSSec Support
13. Network Access Protection
Ensure that only “healthy”
machines can access
corporate data
Enable “unhealthy”
machines to get clean
before they gain access
14. DirectAccess
Security protected,
seamless, always on
connection to corporate
network
Improved management of
remote users
Consistent security for all
access scenarios
15. Network Access Protection
POLICY
SERVERS
such as: Patch, AV
Windows DHCP, VPN
Client Switch/Router NPS
Not Policy Remediation
Compliant Servers
Example: Patch
Restricted
Network
Health policy validation and
remediation
Helps keep mobile, desktop
and server devices in Policy CORPORATE NETWORK
compliance Compliant
Reduces risk from
unauthorized systems on the
network
16. Remote Access for Mobile Workers
Access Information Anywhere
Difficult for users to access corporate resources from outside the office
Challenging for IT to manage, update, patch mobile PCs while disconnected
from company network
17. Remote Access for Mobile Workers
Access Information Anywhere
Same experience accessing corporate resources inside and outside the office
Seamless connection increases productivity of mobile users
Easy to service mobile PCs and distribute updates and polices
18. C. Protect Users & Infrastructure
AppLockerTM Internet Explorer 8 Data Recovery
19. AppLockerTM
Enables application
standardization within an
organization without
increasing TCO
Increase security to safeguard
against data and privacy loss
Support compliance
enforcement
20. Internet Explorer 8
Protect users against social
engineering and privacy
exploits
Protect users against browser
based exploits
Protect users against web
server exploits
21. Data Recovery
File back up and restore
CompletePC™ image-based
backup
System Restore
Volume Shadow Copies
Volume Revert
22. Application Control
Users can install and run non-standard applications
Even standard users can install some types of software
Unauthorized applications may:
Introduce malware, Increase helpdesk calls, Reduce user productivity,
Undermine compliance efforts
23. Application Control
Eliminate unwanted/unknown applications in your network
Enforce application standardization within your organization
Easily create and manage flexible rules using Group Policy
26. RMS
Policy definition
and enforcement
Protects information
wherever it travels
Integrated RMS Client
Policy-based protection of
document libraries in
SharePoint
27. EFS
User-based file and folder
encryption
Ability to store EFS keys
on a smart card
28. BitLocker
Easier to configure and
deploy
Roam protected data
between work and home
Share protected data with
co-workers, clients,
partners, etc.
Improve compliance and
data security
29. BitLocker
Worldwide Shipments (000s)
1200 Removable Solid-
State Storage
1000
Shipments
800
600
400 PC
200 Shipments
0
2007 2008 2009 2010 2011
• Gartner “Forecast: USB Flash Drives, Worldwide, 2001-2011” 24 September 2007, Joseph Unsworth
• Gartner “Dataquest Insight: PC Forecast Analysis, Worldwide, 1H08” 18 April 2008, Mikako Kitagawa,
George Shiffler III
30. BitLocker
+
Extend BitLocker drive encryption to removable devices
Create group policies to mandate the use of encryption and block
unencrypted drives
Simplify BitLocker setup and configuration of primary hard drive
31. BitLocker
BitLocker Enhancements
Automatic 200 Mb hidden boot partition
New Key Protectors
Domain Recovery Agent (DRA)
Smart card – data volumes only
BitLocker To Go
Support for FAT*
Protectors: DRA, passphrase, smart card and/or auto-unlock
Management: protector configuration, encryption enforcement
Read-only access on Vista & XP
SKU Availability
Encrypting – Enterprise
Unlocking – All
32. Windows 7 Enterprise Security
Building upon the security foundations of Windows Vista, Windows 7 provides IT
Professionals security features that are simple to use, manageable, and valuable.
Windows Vista Network Security AppLocker RMS
Foundation
Network Access Internet Explorer 8 EFS
Streamlined UAC Protection
Data Recovery BitLocker
Enhanced Auditing DirectAccess