Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Ramnish Singh Platform Security Briefing
1. Platform Security Briefing Ramnish Singh PMP, CISSP, Microsoft Certified Architect (Infrastructure) MCITP (Windows 2008),MCTS (Windows Server,Vista, Exchange), MCSE (Windows 2003, 2000, NT), MCT Cisco Certified Design Professional, Cisco Certified Network Professional, Sun CSA IT Advisor | Microsoft Corporation Blog Address (optional) | Email (optional)
2.
3.
4. Security Versus Access Demand for access Escalating threats 23 million branch offices WW(IDC, 2006) 3.6 billion mobile users WW by 2010 (Infonetics, 2007) 85% of companies will have WLANs by 2010 (Infonetics, 2006) 8x increase in phishing sites in past year (AWG, 2006) One message-based Trojan attack per day in 2006 vs. one per week in 2005 (Message Labs, 2006) Strong indication of increase in profit-motivated attacks (Multiple sources)
5. Evolving Threat Landscape Local Area Networks First PC virus Boot sector viruses Create notorietyor cause havoc Slow propagation 16-bit DOS Internet Era Macro viruses Script viruses Create notorietyor cause havoc Faster propagation 32-bit Windows Hyper jacking Peer to Peer Social engineering Application attacks Financial motivation Targeted attacks 64-bit Windows Broadbandprevalent Spyware, Spam Phishing Botnets Rootkits Financial motivation Internet wide impact 32-bit Windows 1986–1995 1995–2000 2000–2005 2007
6. National Interest Personal Gain Personal Fame Curiosity Largest segment by $ spent on defense Spy Largest area by $ lost Fastest growing segment Thief Largest area by volume Trespasser Author Vandal Undergraduate Script-Kiddy Expert Specialist Evolving Threats
7. 1st known hack... The need for security in communication networks is not new. In the late nineteenth century an American undertaker named AlmonStrowger discovered that he was losing business to his rivals because telephone operators, responsible for the manual connection of call requests, were unfairly diverting calls from the newly bereaved to his competitors. Strowger developed switching systems that led to the introduction of the first automated telephone exchanges in 1897. This enabled users to make their own connections using rotary dialling to signal the required destination. AlmonStrowger
8. Addressing Security Threats Helps turn IT into a business asset not a cost center Supports your day to day security processes Is the Enabler to running your business successfully Technology Data privacy processes to manage data effectively IT security processes to implement, manage, and govern security Financial reporting processes that include security of the business Process Company understands the importance of security in the workplace Individuals know their role with security governance and compliance IT staff has the security skills and knowledge to support your business People
9. Microsoft’s Promises To You Manage Complexity, Achieve Agility Amplifythe Impactof YourPeople ProtectInformation,ControlAccess Advance the Businesswith IT Solutions
10. Delivering On The Promise:Infrastructure Optimization *Source: Microsoft CSO Summit 2007 Registration Survey
11. Core Infrastructure Optimization More Efficient Cost Center Cost Center Strategic Asset Business Enabler Basic No centralized enterprise directory No automated patch management Anti-malwarenot centrally managed Message security for e-mail only No secure coding practices in place Standardized Using enterprise directory for authentication Automated patch management tools deployed Anti-malwareis managed centrally Unified message security in place Rationalized Integrated directory services, PKIin place Formal patch management process Defense in depth threat protection Security extended to remote and mobile workforce Dynamic Full identity lifecycle management.ID Federation,Rights Mgt Services in use Metrics driven update process Client quarantine and access policy enforcement $1320/PC Cost $580/PC Cost $230/PC Cost Source:GCR and IDC data analyzed by Microsoft, 2006
12. Core Infrastructure Optimization Model: Security Basic Standardized Rationalized Dynamic Technology Self provisioning and quarantine capable systems ensure compliance and high availability Automate identity and access management Automatedsystem management Multiple directories for authentication Limited automated software distribution Patch statusof desktopsis unknown No unified directory for access mgmt Self-assessing and continuous improvement Easy, secure access to info from anywhereon Internet SLAs are linkedto business objectives Clearly defined and enforced images, security, best practices CentralAdmin and configurationof security Standard desktop images defined,not adopted by all IT processes undefined Complexity dueto localized processesand minimal central control Process Improve IT Maturity while Gaining ROI IT is astrategic asset Users look to ITas a valued partner to enable new business initiatives IT Staff manages an efficient,controlled environment Users have the right tools,availability, and access to info IT Staff trained in best practices such as MOF,ITIL, etc. Users expect basic services from IT IT staff taxed by operational challenges Users come up with their ownIT solutions People
13. SC information system = {(confidentiality, impact), (integrity, impact), (availability, impact)} where the acceptable values for potential impact are low, moderate, or high.
17. Microsoft SecurityAssessment Toolkit SecurityTools Microsoft Windows VistaSecurity Whitepapers SecurityReadiness Educationand Training Microsoft SecurityIntelligence Report Learning Paths forSecurity Professionals www.microsoft.com/technet/security Microsoft Security Strategy
18. Security Development Lifecycle Design Threat Modeling Standards, best practices, and tools Security Push Final Security Review RTM and Deployment Signoff Security Response Product Inception
19. Priority #1 - Platform Security Security Development Lifecycle Security Response Center Better Updates And Tools
20. Comprehensive Security Portfolio Services Edge Encrypting File System (EFS) Server Applications BitLocker™ Information Protection Network Access Protection (NAP) Client and Server OS IdentityManagement Windows CardSpace SystemsManagement Active Directory Federation Services (ADFS) Guidance Developer Tools
21. Security Development Lifecycle (SDL) Kernel Patch Protection Kernel-mode Driver Signing Secure Startup Windows Service Hardening Secure Platform Rights Management Services (RMS) SharePoint, Exchange, Windows Mobile integration Encrypting File System (EFS) Bitlocker Secure Access User Account Control Network Access Protection (NAP) IPv6 IPsec Windows CardSpace Native smart card support GINA Re-architecture Certificate Services Credential roaming Windows Defender IE Protected Mode Address Space Layout Randomization (ASLR) Data Execution Prevention (DEP) Bi-directional Firewall Windows Security Center Data Protection Malware Protection
22. Windows Vista SP1 includes Additional Kernel Patch Protection APIs Enhanced Windows Security Center reporting Expanded BitLocker Drive Encryption (BDE) Additional multifactor authentication methods
23. Security Development Lifecycle (SDL) Windows Server Virtualization (Hypervisor) Role Management Tool OS File Integrity Secure Platform Network Protection Network Access Protection (NAP) Server and Domain Isolation with IPsec End-to-end Network Authentication Windows Firewall With Advanced Security On By Default Identity Access Rights Management Services (RMS) Full volume encryption (Bitlocker) USB Device-connection rules with Group Policy Improved Auditing Windows Server Backup Data Protection Read-only Domain Controller (RODC) Active Directory Federation Srvcs. (ADFS) Administrative Role Separation PKI Management Console Online CertificateStatus Protocol
24. Secure Platform Surface Area Configuration tool Password Policy Enforcement; Granular Roles Built in Encryption;Key Mgmt. Auditing – Data Definition Language (DDL) Advanced Spam and Virus Defenses Compliance Business Continuity Trust Center New Document Security Model Open XML File Formats Rich Authentication GranularAccess Control Complianceand Auditing Hierarchical Encryption Document Inspector Information Rights Management Strong Encryption,Digital Signatures Suite-B: For U.S. Government Data Protection Platform Security Progress Essential Security and Mobile Device Mgmt Built-in Protection with Business Continuity Compliance Support EnhancedMessage Filtering
25. Security Threat Landscape Evolution Microsoft Security Strategy Engineering Excellence Security Development Lifecycle Engineering Excellence Security Development Lifecycle
26. Trusted Unhealthy PC Isolated Remediation Server Web Server Infrastructure Servers New Customer Remote Access Gateway Trusted Home Unmanaged Devices MaliciousUsers Network Security Secure Anywhere Access End-to-end security with IPv6 and IPsec Access driven by policy not topology Certificate based multi-factor authentication Health checks and remediation prior to access Policy-driven network access solutions Windows Firewall with advanced filtering Server and Domain Isolation Network Access Protection (NAP) ISA Server 2006 Intelligent Application Gateway (2007) Windows Filtering Platform
27. Identity and Access Management Your COMPANYandyour EMPLOYEES Secure and seamlesscross-organizational collaboration Easily managing multiple identities Government sponsored identities (eID) Hardware supported trust platform Disparate directories synchronization Centralized ID controls and mgmt. Embedded identity into applications Policy Governance / Compliance Role Based Permissions Identity and Data Privacy Identity Lifecycle Manager 2007 Active Directory Federation Services Active Directory Lightweight Directory Services Windows Certificate Services Windows CardSpace™
28. Edge, server and client protection “Point to Point” Solutions Security of data at rest and in transit Mobile workforce Manageability Corporate Client Protection Server Protection Consumer/ Small Business Simple PC maintenance Anti-Virus Anti-Spyware Anti-Phishing Firewall Performance Tuning Backup and Restore Edge Protection Protection
29. Interoperability Industry Standards Web Services (WS-*) Open document format (XPS) OpenID Partner Products Network Access Protection EV Certificate support in IE7 Windows CardSpace Windows Security Center Industry Partnerships SecureIT Alliance Microsoft SecurityResponse Alliance Interop Vendor Alliance
30. Security Stack Interoperability Integrated security eases defense in depth architecture deployment Adoption of open standards allows cross platform integration Management System System Center, Active Directory GPO Data BitLocker, EFS, RMS, SharePoint, SQL User Active Directory and Identity Lifecycle Mgr Application SDL process, IIS, Visual Studio, and .NET Device Forefront Client Security, Exchange MSFP Internal Network Network Access Protection, IPSec Perimeter Forefront Edge and Server Security, NAP
36. User Experience Application Platform Optimization Model Development BASIC ADVANCED DYNAMIC STANDARDIZED Infrastructure Optimization SOA and Business Process Data Management Business Intelligence Business Productivity Infrastructure Optimization Model Unified Communications Collaboration IT and Security Process Enterprise Content Management BASIC RATIONALIZED DYNAMIC STANDARDIZED Enterprise Search Business Intelligence Core Infrastructure Optimization Model Identity and Access Management Desktop, Device, and Server Mgmt BASIC RATIONALIZED DYNAMIC STANDARDIZED Security and Networking Data Protection and Recovery
41. Enables agilityApplication Platform Optimization Model STANDARDIZED BASIC ADVANCED DYNAMIC Development SOA and Business Process Data Management Business Intelligence Business Productivity Infrastructure Optimization Model Unified Communications Collaboration IT and Security Process STANDARDIZED BASIC DYNAMIC RATIONALIZED Enterprise Content Management Enterprise Search Business Intelligence Core Infrastructure Optimization Model Identity and Access Management Desktop, Device, and Server Mgmt BASIC STANDARDIZED DYNAMIC RATIONALIZED Security and Networking Data Protection and Recovery
42. Core Infrastructure Optimization Policy and Compliance Risk Assessment User Awareness Basic Standardized Rationalized Dynamic Identity and Access Management Patch Management Threat and Vulnerability Mitigation Secure Messaging and Collaboration Secure Application Architecture Legacy Platform Migration
43. Solutions Benefits Costs Challenges Two Factor Authentication Secure Remote User Basic to Standardized Enforce Strong Passwords Secure Wireless Access Network Intrusion Detection Optimizing SecurityMoving from Basic to Standardized Developer-focused environment Sophisticated and targeted threats Executive sponsorship Awareness campaign Cultural shift to awareness Able to mitigate current high priority risk Labor intensive to maintain Defense in Depth
44. Solutions Benefits Costs Challenges Standardized to Rationalized Network Segmentation Identity & Access Mgmt 2FA: Elevated Access Accts Security Event Monitoring Certificate Provisioning & Renewals Vulnerability Assessments SDL IT Optimizing SecurityMoving from Standardized to Rationalized Evolving and faster threats Ownership largely resided with Security Risk management framework Service manager accountability Accountability closer to business Environmental awareness Improved response Lack of integration between service managers and business Defense in Depth Automate
45. Solutions Benefits Costs Challenges Network Access Protection Rationalized to Dynamic Strong User Authentication User Account Control Bitlocker Drive Encryption Optimizing SecurityMoving from Rationalized to Dynamic Security viewed as a tax to the business Information security governance Information security becomes a strategic asset Culture shift may cause friction Defense in Depth
50. Microsoft Enterprise Desktop Virtualization (MED-V) End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues Mobile Worker Bitlocker Drive Encryption OPERATING SYSTEM Hardware
51. Mobile Worker Bi-Directional Firewall, Defender, Malicious Software Removal Tool Bitlocker Drive Encryption Security Center & UAC Network Location Protection OS Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM Hardware End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues
52. Mobile Worker Terminal Server Access RMS Protected Documents Bi-Directional Firewall, Defender, Malicious Software Removal Tool Bitlocker Drive Encryption Security Center & UAC Network Location Protection Applications Anti Virus & Antispyware Network Access Protection OS Application (APP-V) & Enterprise Desktop (MED-V) Virtualization Group Policy and AGPM Folder Redirection Offline Files Hardware End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues
53. Mobile Worker Terminal Server Access RMS Protected Documents Network Access Protection Data, User Settings Applications Anti Virus & Antispyware Folder Redirection Offline Files Group Policy and AGPM Data Backup OS Application (APP-V) & Enterprise Desktop (MED-V) Virtualization Hardware End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues
54. Mobile Worker RMS Protected Documents Data, User Settings Applications Folder Redirection Offline Files Group Policy and AGPM Data Backup System Monitoring System Management Mobile Device Management Corporate Security Policy OS Hardware End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues
56. Microsoft Enterprise Desktop Virtualization (MED-V) End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues Office Worker Bitlocker Drive Encryption OPERATING SYSTEM Hardware
57. Office Worker Bi-Directional Firewall, Defender, Malicious Software Removal Tool Bitlocker Drive Encryption Security Center & UAC Network Location Protection OS Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM Hardware End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues
58. Office Worker Terminal Server Access RMS Protected Documents Bi-Directional Firewall, Defender, Malicious Software Removal Tool Bitlocker Drive Encryption Security Center & UAC Network Location Protection Applications Anti Virus & Antispyware Network Access Protection OS Application (APP-V) & Enterprise Desktop (MED-V) Virtualization Hardware End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues
59. Office Worker Terminal Server Access RMS Protected Documents Network Access Protection Data, User Settings Applications Anti Virus & Antispyware Folder Redirection Offline Files Group Policy and AGPM Data Backup OS Application (APP-V) & Enterprise Desktop (MED-V) Virtualization Hardware End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues
60. Office Worker RMS Protected Documents Data, User Settings Applications Folder Redirection Offline Files Group Policy and AGPM Data Backup System Monitoring System Management Mobile Device Management Corporate Security Policy OS Hardware End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues
62. Microsoft Enterprise Desktop Virtualization (MED-V) End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues Task Worker Bitlocker Drive Encryption OPERATING SYSTEM Hardware
63. Task Worker Bi-Directional Firewall, Defender, Malicious Software Removal Tool Bitlocker Drive Encryption Security Center & UAC Network Location Protection OS Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM Hardware End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues
64. Task Worker Terminal Server Access RMS Protected Documents Bi-Directional Firewall, Defender, Malicious Software Removal Tool Bitlocker Drive Encryption Security Center & UAC Network Location Protection Applications Anti Virus & Antispyware Network Access Protection OS Application (APP-V) & Enterprise Desktop (MED-V) Virtualization Group Policy and AGPM Folder Redirection Offline Files Hardware End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues
65. Task Worker Terminal Server Access RMS Protected Documents Network Access Protection Data, User Settings Applications Anti Virus & Antispyware Folder Redirection Offline Files Group Policy and AGPM Data Backup OS Application (APP-V) & Enterprise Desktop (MED-V) Virtualization Hardware End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues
66. Task Worker RMS Protected Documents Data, User Settings Applications Folder Redirection Offline Files Group Policy and AGPM Data Backup System Monitoring System Management Mobile Device Management Corporate Security Policy OS Hardware End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues
68. Microsoft Enterprise Desktop Virtualization (MED-V) End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues Contract / Offshore Worker Bitlocker Drive Encryption OPERATING SYSTEM Hardware
69. Bi-Directional Firewall, Defender, Malicious Software Removal Tool Network Location Protection Bitlocker Drive Encryption Security Center & UAC OS Microsoft Enterprise Desktop Virtualization (MED-V) Contract / Offshore Worker OPERATING SYSTEM Hardware End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues
70. Contract / Offshore Worker Terminal Server Access RMS Protected Documents Bi-Directional Firewall, Defender, Malicious Software Removal Tool Bitlocker Drive Encryption Security Center & UAC Network Location Protection Applications Anti Virus & Antispyware Network Access Protection OS Application (APP-V) & Enterprise Desktop (MED-V) Virtualization Hardware End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues
71. Contract / Offshore Worker Terminal Server Access RMS Protected Documents Network Access Protection Data, User Settings Applications Anti Virus & Antispyware Folder Redirection Offline Files Group Policy and AGPM Data Backup OS Application (APP-V) & Enterprise Desktop (MED-V) Virtualization Hardware End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues
72. Contract / Offshore Worker RMS Protected Documents Data, User Settings Applications Folder Redirection Offline Files Group Policy and AGPM Data Backup System Monitoring System Management Mobile Device Management Corporate Security Policy OS Hardware End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues
74. Microsoft Enterprise Desktop Virtualization (MED-V) End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues Home Worker Bitlocker Drive Encryption OPERATING SYSTEM Hardware
75. Home Worker Bi-Directional Firewall, Defender, Malicious Software Removal Tool Bitlocker Drive Encryption Security Center & UAC Network Location Protection OS Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM Hardware End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues
76. Home Worker Terminal Server Access RMS Protected Documents Bi-Directional Firewall, Defender, Malicious Software Removal Tool Bitlocker Drive Encryption Security Center & UAC Network Location Protection Applications Anti Virus & Antispyware Network Access Protection OS Application (APP-V) & Enterprise Desktop (MED-V) Virtualization Hardware End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues
77. Home Worker Terminal Server Access RMS Protected Documents Network Access Protection Data, User Settings Applications Anti Virus & Antispyware Folder Redirection Offline Files Group Policy and AGPM Data Backup OS Application (APP-V) & Enterprise Desktop (MED-V) Virtualization Hardware End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues
78. Home Worker RMS Protected Documents Data, User Settings Applications Folder Redirection Offline Files Group Policy and AGPM Data Backup System Monitoring System Management Mobile Device Management Corporate Security Policy OS Hardware End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues
79. 7 Tips for Secure Client Computing Protect your personal information. It’s valuable Know who you’re dealing with Use anti-virus and firewall and update both regularly Setup your OS and Web Browser properly and update both regularly Protect your password Backup important files Learn who to contact if something goes wrong
80. Technology Internet Intranet Web Server Exchange External Web Server User BRANCH OFFICE DMZ CSS Internal Network Internet SharePoint Active Directory HEAD QUARTERS User Customer
81. Technology – Another View Trusted Unhealthy PC Isolated Remediation Server Web Server Infrastructure Servers New Customer Remote Access Gateway Trusted Home Unmanaged Devices MaliciousUsers
82. OSI Model Application Presentation Session Transport Network Media layers Host layers Data Link Physical
84. Head Office (Media Layer) Bitlocker Drive Encryption Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM Physical End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues
85. Head Office (Media Layer) Bitlocker Drive Encryption Secure Wireless Access Secure Remote Access Network Access Protection Intrusion Detection System Data Link Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM Physical End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues
86. Head Office (Media Layer) Secure Wireless Access Network Access Protection Secure Remote Access Site-to-Site VPN Address Translation Intrusion Detection System Network Data Link Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM Physical End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues
87. Head Office (Host Layer) IPSec Enabled Protection Server & Domain Isolation Transport Firewall Protection Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues
88. Head Office (Host Layer) IPSec Enabled Protection Server & Domain Isolation Active Directory Remote Access Protocols Session Transport Firewall Protection Folder Redirection Offline Files Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues
89. Head Office (Host Layer) GINA Protection GINA Protection Terminal Server Access Active Directory Remote Access Protocols Encrypted File System Presentation Session OPERATING SYSTEM Transport Folder Redirection Offline Files Anti Virus & Antispyware Group Policy and AGPM CTRL + ALT + DEL CTRL + ALT + DEL Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues
90. Head Office (Host Layer) Application Defender, Malicious Software Removal Tool GINA Protection Terminal Server Access Encrypted File System Presentation Session Transport Application Protection Management Anti Virus & Antispyware Group Policy and AGPM CTRL + ALT + DEL Application (APP-V) Virtualization Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues
91. Head Office (Host Layer) Application Defender, Malicious Software Removal Tool Presentation Session Transport Application Protection Management Web DHCP & DNS Audio Video Messaging Anti Virus & Antispyware Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues
92. Head Office (Host Layer) Application Presentation Session Transport Web Audio Video Messaging DHCP & DNS Identity Management Data Protection Content Management Database Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues
94. Branch Office (Media Layer) Bitlocker Drive Encryption Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM Physical End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues
95. Branch Office (Media Layer) Bitlocker Drive Encryption Secure Wireless Access Secure Remote Access Network Access Protection Intrusion Detection System Data Link Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM Physical End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues
96. Branch Office (Media Layer) Secure Wireless Access Network Access Protection Secure Remote Access Site-to-Site VPN Address Translation Intrusion Detection System Network Data Link Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM Physical End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues
97. Branch Office (Host Layer) IPSec Enabled Protection Server & Domain Isolation Transport Firewall Protection Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues
98. Branch Office (Host Layer) IPSec Enabled Protection Server & Domain Isolation Active Directory Remote Access Protocols Session Transport Firewall Protection Folder Redirection Offline Files Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues
99. Branch Office (Host Layer) GINA Protection GINA Protection Terminal Server Access Active Directory Remote Access Protocols Encrypted File System Presentation Session OPERATING SYSTEM Transport Folder Redirection Offline Files Anti Virus & Antispyware Group Policy and AGPM CTRL + ALT + DEL CTRL + ALT + DEL Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues
100. Branch Office (Host Layer) Application Defender, Malicious Software Removal Tool GINA Protection Terminal Server Access Encrypted File System Presentation Session Transport Application Protection Management Anti Virus & Antispyware Group Policy and AGPM CTRL + ALT + DEL Application (APP-V) Virtualization Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues
101. Branch Office (Host Layer) Application Defender, Malicious Software Removal Tool Presentation Session Transport Application Protection Management Web DHCP & DNS Audio Video Messaging Anti Virus & Antispyware Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues
102. Branch Office (Host Layer) Application Presentation Session Transport Web Audio Video Messaging DHCP & DNS Identity Management Data Protection Content Management Database Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues
104. Intranet/Extranet (Media Layer) Bitlocker Drive Encryption Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM Physical End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues
105. Intranet/Extranet (Media Layer) Bitlocker Drive Encryption Secure Wireless Access Secure Remote Access Network Access Protection Intrusion Detection System Data Link Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM Physical End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues
106. Intranet/Extranet (Media Layer) Secure Wireless Access Network Access Protection Secure Remote Access Site-to-Site VPN Address Translation Intrusion Detection System Network Data Link Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM Physical End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues
107. Intranet/Extranet (Host Layer) IPSec Enabled Protection Server & Domain Isolation Transport Firewall Protection Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues
108. Intranet/Extranet (Host Layer) IPSec Enabled Protection Server & Domain Isolation Active Directory Remote Access Protocols Session Transport Firewall Protection Folder Redirection Offline Files Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues
109. Intranet/Extranet (Host Layer) GINA Protection GINA Protection Terminal Server Access Active Directory Remote Access Protocols Encrypted File System Presentation Session OPERATING SYSTEM Transport Folder Redirection Offline Files Anti Virus & Antispyware Group Policy and AGPM CTRL + ALT + DEL CTRL + ALT + DEL Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues
110. Intranet/Extranet (Host Layer) Application Defender, Malicious Software Removal Tool GINA Protection Terminal Server Access Encrypted File System Presentation Session Transport Application Protection Management Anti Virus & Antispyware Group Policy and AGPM CTRL + ALT + DEL Application (APP-V) Virtualization Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues
111. Intranet/Extranet (Host Layer) Application Defender, Malicious Software Removal Tool Presentation Session Transport Application Protection Management Web DHCP & DNS Audio Video Messaging Anti Virus & Antispyware Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues
112. Intranet/Extranet (Host Layer) Application Presentation Session Transport Web Audio Video Messaging DHCP & DNS Identity Management Data Protection Content Management Database Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues
123. Process Application Security Cryptography Access Control Business Continuity & Disaster Recovery Information Security and Risk Management Operations Security Physical (Environmental) Security Security Architecture and Design Telecommunications and Network Security Legal, Regulations, Compliance & Investigations
136. Security Guidance and Resources Microsoft Security Home Page: www.microsoft.com/security Microsoft Forefront: http://www.microsoft.com/forefront/default.mspx General Information: Microsoft Live Safety Center: http://safety.live.com Microsoft Security Response Center: www.microsoft.com/security/msrc Security Development Lifecycle: http://msdn.microsoft.com/security/sdl Get the Facts on Windows and Linux: www.microsoft.com/getthefacts Anti-Malware: Microsoft OneCare Live: https://beta.windowsonecare.com Microsoft Defender: www.microsoft.com/athome/security/spyware/software Spyware Criteria: www.microsoft.com/athome/security/spyware/software/isv Guidance Centers: Security Guidance Centers: www.microsoft.com/security/guidance Security Guidance for IT Professionals: www.microsoft.com/technet/security The Microsoft Security Developer Center: msdn.microsoft.com/security The Security at Home Consumer Site: www.microsoft.com/athome/security
137. આભાર ধন্যবাদ நன்றி धन्यवाद ಧನ್ಯವಾದಗಳು ధన్యవాదాలు ଧନ୍ୟବାଦ നിങ്ങള്ക്ക് നന്ദി ਧੰਨਵਾਦ
LEAD: Who is responsible for driving the evolution of the threats that impact your business?It started with those that were curious and wanted personal fame in hacking into different systems and networks.Then, the motivation moved to those that found a sport in CyberTrespassing and those that look at financial gains from CyberThief. As more individuals made money, the group began to grow larger and larger.Now we are finding experts and specialist that focus on large hacking efforts gaining access to sensitive data that they can sell on the black market. We are also seeing CyberSpy Specialist with national interests at stake.<CLICK>Vandals are the largest group.<CLICK>We see Theives driving the largest area where money is lost<CLICK>The largest segment of spend is focused defending national interests.<CLICK>The fastest growing segment are the experts that are in the business of stealing your business assets.????? Customer QuestionsAre you seeing security threats evolve before the attacked technology is mainstreamed?Why do you think this is happening?
LEAD: Engineering Excellence is focused upon providing fundamentally secure platforms for our customers. They should be secure by design, secure by default, and remain secure after deployment.???? Customer QuestionsWhat kind of security configuration management do you utilize to deploy servers? Desktops?Are you using Group Policy to keep your platforms secure after they are deployed?What is your platform patching strategy?