Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.
Technical Evangelist
DaveVoyles.com
@DaveVoyles
Microsoft + Open Source
Momentum
Dead and buried:
Microsoft's holy war on
open-source software
“Years ago, Microsoft's CEO...
10+ Years of Open Source
Involvement
Docker on
Microsoft
Azure
O365+Moodle
Integration
We’re Reimagining Microsoft
We will empower
every person and
every organization
on the planet
to achieve more
Build the be...
Your Infrastructure is a Function of Time
How do you plot your journey to the cloud?
The
Landscape
of Now!
The Microsoft Open Approach
For your journey to the cloud
Empowering
Customers
By Enabling
Choice
To Provide a
Trusted Clo...
+Hundreds of community
supported images on
VM Depot
SQL Server
Microsoft Azure is an Open Cloud
We’ve delivered an open, b...
Open Source on Azure: Addressing Industry
Trends
Azure Open Source Customers
Facing increasing malware threats
and a growing trend of BYOD
with
11
12
“The Target hackers broke into the
network using a stolen user name
and password that had been created
for the company ser...
14
THREAT
RESISTANCE
Increasing password theft
Poor password practices
Support infrastructure and costs
Cumbersome and costly...
Internet username and password
16
Business username and password
17
18
Shared secrets
shhh!
Weak authentication
19
WINDOWS
HELLO
Hello Chris
20
Multi-factor authentication (MFA)
On-premises
• Physical smartcard
• Reader
• User-and-smartcard specific
• Virtual smartc...
87%
Source: Stroz Friedberg, “On The Pulse: Information Security In American Business,” 2013
22
58%
?
Source: Stroz Friedberg, “On The Pulse: Information Security In American Business,” 2013
23
The Fappening
On August 31, 2014, a collection of almost 500 private pictures of various celebrities, mostly women,
and wi...
Protecting data with Enterprise Data Protection (EDP)
• Specifying “privileged apps” that can access enterprise data
• Blo...
Protecting data with Enterprise Data Protection (EDP)
• Requiring Intune, Configuration Manager or an MDM solution
• Encry...
27
Windows 10 Enterprise Device Guard
• Restricts OS to run only code signed by trusted signers
• Defined by your code integr...
Dangers - - Rootkits, Bootkits
29
• Firmware/kernel/driver rootkits
• Overwrite the system’s basic I/O system
• Bootkits
•...
Counter Measures
30
• Secure Boot
• PCs with UEFI firmware and a Trusted Platform Module (TPM) can be configured to load o...
Prove to me you are healthy
IMPORTANT RESOURCES
WINDOWS
PPCH & INTUNE
Measured Boot Integrity Data (PPCH)
Client policies ...
THREAT
RESISTANCE
Biometrics and
strong MFA with
Windows Hello
Microsoft Passport
Enterprise Data Protection (EDP)
Bitlock...
Call to action
33
• Learn Windows 10 security and “Windows as a Service”
• Microsoft Virtual Academy: http://aka.ms/MVA1
•...
Call to action
34
• Roll out UEFI and Secure Boot sooner than later
• Plan your next hardware/software refresh accordingly...
Reach out to me!
35
@DaveVoyles
DaveVoyles.com
Próxima SlideShare
Cargando en…5
×

Microsoft on open source and security

374 visualizaciones

Publicado el

This is a presentation I gave at Angelbeat's IT conference in Princeton, NJ on Nov 4, 2016.

Publicado en: Tecnología
  • Sé el primero en comentar

  • Sé el primero en recomendar esto

Microsoft on open source and security

  1. 1. Technical Evangelist DaveVoyles.com @DaveVoyles
  2. 2. Microsoft + Open Source Momentum Dead and buried: Microsoft's holy war on open-source software “Years ago, Microsoft's CEO described open source as a cancer. Times have changed. Just ask 22- year Redmond veteran and open- source proponent Mark Hill.” Charles Cooper Redmond top man Satya Nadella: 'Microsoft LOVES Linux‘ Neil McAllister Microsoft: the Open Source Company “This is not your dad’s Microsoft” Steven J. Vaughan-Nichols Tweet “Azure Container Service is different and offers the broadest hint yet that Microsoft wants to build real products with open source, not merely leverage it where it's convenient” Serdar Yegulalp
  3. 3. 10+ Years of Open Source Involvement Docker on Microsoft Azure O365+Moodle Integration
  4. 4. We’re Reimagining Microsoft We will empower every person and every organization on the planet to achieve more Build the best-in-class platforms and productivity services for the mobile-first, cloud-first world Create more personal computing Reinvent productivity & business processes Build the intelligent cloud platform
  5. 5. Your Infrastructure is a Function of Time How do you plot your journey to the cloud? The Landscape of Now!
  6. 6. The Microsoft Open Approach For your journey to the cloud Empowering Customers By Enabling Choice To Provide a Trusted Cloud Freedom to Choose Freedom to Change Optimal Value Vibrant Local IT Economy X-Platform Open Standards Interoperability Open Source Ecosystem Engagement Secure Privacy & Control Compliance Transparent
  7. 7. +Hundreds of community supported images on VM Depot SQL Server Microsoft Azure is an Open Cloud We’ve delivered an open, broad, and flexible cloud across the stack Web App Gallery Dozens of .NET & PHP CMS and Web apps Microsoft Azure One in Four VMs on Azure Runs Linux Today!
  8. 8. Open Source on Azure: Addressing Industry Trends
  9. 9. Azure Open Source Customers
  10. 10. Facing increasing malware threats and a growing trend of BYOD with
  11. 11. 11
  12. 12. 12
  13. 13. “The Target hackers broke into the network using a stolen user name and password that had been created for the company servicing their air conditioning systems.” BRAIN KREBS (SECURITY BLOGGER) Target - Exploiting Weak Identities Source: “Cards Stolen in Target Breach Flood Underground Markets,” KrebsOnSecurity.com, December 20, 2013 13
  14. 14. 14
  15. 15. THREAT RESISTANCE Increasing password theft Poor password practices Support infrastructure and costs Cumbersome and costly MFA deployment Disk encryption optional Lacking integrated DLP Varying experience in mobile and desktops Platform security built of software alone Bootkit and rootkit Pass-the-hash Trusted until detected as a threat, Not realistic facing numerous new threats per day 15@yungchou
  16. 16. Internet username and password 16
  17. 17. Business username and password 17
  18. 18. 18
  19. 19. Shared secrets shhh! Weak authentication 19
  20. 20. WINDOWS HELLO Hello Chris 20
  21. 21. Multi-factor authentication (MFA) On-premises • Physical smartcard • Reader • User-and-smartcard specific • Virtual smartcard • Company issued device • Hardware-specific pin • User-and-device specific Cloud-centric • Azure Active Directory • Identity as a Service • 2FA as a Service • User-specific with designated phone Windows 10 MDM device enrollment • Microsoft Passport • Windows Hello biometrics as primary • BYOD MDM enrollment • Device Guard and Credential Guard 21@yungchou
  22. 22. 87% Source: Stroz Friedberg, “On The Pulse: Information Security In American Business,” 2013 22
  23. 23. 58% ? Source: Stroz Friedberg, “On The Pulse: Information Security In American Business,” 2013 23
  24. 24. The Fappening On August 31, 2014, a collection of almost 500 private pictures of various celebrities, mostly women, and with many containing nudity, were posted on the imageboard 4chan, via Apple’s iCloud. 24
  25. 25. Protecting data with Enterprise Data Protection (EDP) • Specifying “privileged apps” that can access enterprise data • Blocking selected apps from accessing enterprise data • Offering consistent UX while switching between personal & enterprise apps w/ enterprise policies in place without the need to switch environments or sign in again https://technet.microsoft.com/en-us/library/dn985838%28v=vs.85%29.aspx 25
  26. 26. Protecting data with Enterprise Data Protection (EDP) • Requiring Intune, Configuration Manager or an MDM solution • Encrypting enterprise data on employee-owned & corporate- owned devices • Remotely wiping enterprise data off corporate devices and employee-owned computers, without affecting the personal data https://technet.microsoft.com/en-us/library/dn985838%28v=vs.85%29.aspx 26
  27. 27. 27
  28. 28. Windows 10 Enterprise Device Guard • Restricts OS to run only code signed by trusted signers • Defined by your code integrity policy through specific hardware & security configurations • OS trusts only apps authorized by your enterprise How it works: 1. Universal Extensible Firmware Interface (UEFI) 2.3.1 (or later) Secure Boot • Bootkits and rootkis • Loading/starting Windows 10 Enterprise before anything else 2. Virtualization-based security services including the core (Kernel), while preventing malware from running early in the boot process 3. User Mode Code Integrity to ensure only trusted apps/binaries to run 4. TPM to provide an isolated hardware to helps protect user credentials, certificates and secure information https://technet.microsoft.com/en-us/library/dn986865(v=vs.85).aspx 28
  29. 29. Dangers - - Rootkits, Bootkits 29 • Firmware/kernel/driver rootkits • Overwrite the system’s basic I/O system • Bootkits • System’s OS, infects MBR • Allows the malicious program to be executed before the OS boots
  30. 30. Counter Measures 30 • Secure Boot • PCs with UEFI firmware and a Trusted Platform Module (TPM) can be configured to load only trusted OS bootloaders • Trusted Boot • Windows checks the integrity of every component of the startup process before loading it. • Early Launch Anti-Malware (ELAM) • Tests all drivers before they load and prevents unapproved drivers from loading • Measured Boot • PC’s firmware logs the boot process, & Windows can send it to a trusted server that can objectively assess the PC’s health.
  31. 31. Prove to me you are healthy IMPORTANT RESOURCES WINDOWS PPCH & INTUNE Measured Boot Integrity Data (PPCH) Client policies (AV, Firewall, Patch state (Intune) Here is my proof Access please Provable PC Health (PPCH) Approved 31
  32. 32. THREAT RESISTANCE Biometrics and strong MFA with Windows Hello Microsoft Passport Enterprise Data Protection (EDP) Bitlocker auto-drive encryption Device Guard Credential Guard Windows Defender Provable PC Health Boot integrity and platform integrity with Device Guard, UEFI Secure Boot, Trusted Boot, Measured Boot, and TPM 32
  33. 33. Call to action 33 • Learn Windows 10 security and “Windows as a Service” • Microsoft Virtual Academy: http://aka.ms/MVA1 • Inventory hardware and software of your IT environment • Microsoft Deployment Tool Kit (MDT) • Assess your business needs for • Windows Hello and Microsoft Passport • Device Guard and Credential Guard
  34. 34. Call to action 34 • Roll out UEFI and Secure Boot sooner than later • Plan your next hardware/software refresh accordingly • X64, UEFI 2.3.1, TPM 2.0, Intel VT-x/AMD-V, Windows 10 Enterprise • Evaluate Windows 10, Office 365, Enterprise Management Suits, and Azure AD
  35. 35. Reach out to me! 35 @DaveVoyles DaveVoyles.com

×