1. Platform Security Briefing Ramnish Singh PMP, CISSP, Microsoft Certified Architect (Infrastructure) MCITP (Windows 2008),MCTS (Windows Server,Vista, Exchange), MCSE (Windows 2003, 2000, NT), MCT Cisco Certified Design Professional, Cisco Certified Network Professional, Sun CSA IT Advisor | Microsoft Corporation Blog Address (optional) | Email (optional)

4. Security Versus Access Demand for access Escalating threats 23 million branch offices WW(IDC, 2006) 3.6 billion mobile users WW by 2010 (Infonetics, 2007) 85% of companies will have WLANs by 2010 (Infonetics, 2006) 8x increase in phishing sites in past year (AWG, 2006) One message-based Trojan attack per day in 2006 vs. one per week in 2005 (Message Labs, 2006) Strong indication of increase in profit-motivated attacks (Multiple sources)

5. Evolving Threat Landscape Local Area Networks First PC virus Boot sector viruses Create notorietyor cause havoc Slow propagation 16-bit DOS Internet Era Macro viruses Script viruses Create notorietyor cause havoc Faster propagation 32-bit Windows Hyper jacking Peer to Peer Social engineering Application attacks Financial motivation Targeted attacks 64-bit Windows Broadbandprevalent Spyware, Spam Phishing Botnets Rootkits Financial motivation Internet wide impact 32-bit Windows 1986–1995 1995–2000 2000–2005 2007

6. National Interest Personal Gain Personal Fame Curiosity Largest segment by $ spent on defense Spy Largest area by $ lost Fastest growing segment Thief Largest area by volume Trespasser Author Vandal Undergraduate Script-Kiddy Expert Specialist Evolving Threats

7. 1st known hack... The need for security in communication networks is not new. In the late nineteenth century an American undertaker named AlmonStrowger discovered that he was losing business to his rivals because telephone operators, responsible for the manual connection of call requests, were unfairly diverting calls from the newly bereaved to his competitors. Strowger developed switching systems that led to the introduction of the first automated telephone exchanges in 1897. This enabled users to make their own connections using rotary dialling to signal the required destination. AlmonStrowger

8. Addressing Security Threats Helps turn IT into a business asset not a cost center Supports your day to day security processes Is the Enabler to running your business successfully Technology Data privacy processes to manage data effectively IT security processes to implement, manage, and govern security Financial reporting processes that include security of the business Process Company understands the importance of security in the workplace Individuals know their role with security governance and compliance IT staff has the security skills and knowledge to support your business People

9. Microsoft’s Promises To You Manage Complexity, Achieve Agility Amplifythe Impactof YourPeople ProtectInformation,ControlAccess Advance the Businesswith IT Solutions

10. Delivering On The Promise:Infrastructure Optimization *Source: Microsoft CSO Summit 2007 Registration Survey

11. Core Infrastructure Optimization More Efficient Cost Center Cost Center Strategic Asset Business Enabler Basic No centralized enterprise directory No automated patch management Anti-malwarenot centrally managed Message security for e-mail only No secure coding practices in place Standardized Using enterprise directory for authentication Automated patch management tools deployed Anti-malwareis managed centrally Unified message security in place Rationalized Integrated directory services, PKIin place Formal patch management process Defense in depth threat protection Security extended to remote and mobile workforce Dynamic Full identity lifecycle management.ID Federation,Rights Mgt Services in use Metrics driven update process Client quarantine and access policy enforcement $1320/PC Cost $580/PC Cost $230/PC Cost Source:GCR and IDC data analyzed by Microsoft, 2006

12. Core Infrastructure Optimization Model: Security Basic Standardized Rationalized Dynamic Technology Self provisioning and quarantine capable systems ensure compliance and high availability Automate identity and access management Automatedsystem management Multiple directories for authentication Limited automated software distribution Patch statusof desktopsis unknown No unified directory for access mgmt Self-assessing and continuous improvement Easy, secure access to info from anywhereon Internet SLAs are linkedto business objectives Clearly defined and enforced images, security, best practices CentralAdmin and configurationof security Standard desktop images defined,not adopted by all IT processes undefined Complexity dueto localized processesand minimal central control Process Improve IT Maturity while Gaining ROI IT is astrategic asset Users look to ITas a valued partner to enable new business initiatives IT Staff manages an efficient,controlled environment Users have the right tools,availability, and access to info IT Staff trained in best practices such as MOF,ITIL, etc. Users expect basic services from IT IT staff taxed by operational challenges Users come up with their ownIT solutions People

13. SC information system = {(confidentiality, impact), (integrity, impact), (availability, impact)} where the acceptable values for potential impact are low, moderate, or high.

14. Trustworthy Computing

15. Microsoft Security Strategy

16. LawEnforcement Public Policy VIA GIAIS Microsoft Security Strategy IndustryPartnerships ConsumerAwareness

17. Microsoft SecurityAssessment Toolkit SecurityTools Microsoft Windows VistaSecurity Whitepapers SecurityReadiness Educationand Training Microsoft SecurityIntelligence Report Learning Paths forSecurity Professionals www.microsoft.com/technet/security Microsoft Security Strategy

18. Security Development Lifecycle Design Threat Modeling Standards, best practices, and tools Security Push Final Security Review RTM and Deployment Signoff Security Response Product Inception

19. Priority #1 - Platform Security Security Development Lifecycle Security Response Center Better Updates And Tools

20. Comprehensive Security Portfolio Services Edge Encrypting File System (EFS) Server Applications BitLocker™ Information Protection Network Access Protection (NAP) Client and Server OS IdentityManagement Windows CardSpace SystemsManagement Active Directory Federation Services (ADFS) Guidance Developer Tools

21. Security Development Lifecycle (SDL) Kernel Patch Protection Kernel-mode Driver Signing Secure Startup Windows Service Hardening Secure Platform Rights Management Services (RMS) SharePoint, Exchange, Windows Mobile integration Encrypting File System (EFS) Bitlocker Secure Access User Account Control Network Access Protection (NAP) IPv6 IPsec Windows CardSpace Native smart card support GINA Re-architecture Certificate Services Credential roaming Windows Defender IE Protected Mode Address Space Layout Randomization (ASLR) Data Execution Prevention (DEP) Bi-directional Firewall Windows Security Center Data Protection Malware Protection

22. Windows Vista SP1 includes Additional Kernel Patch Protection APIs Enhanced Windows Security Center reporting Expanded BitLocker Drive Encryption (BDE) Additional multifactor authentication methods

23. Security Development Lifecycle (SDL) Windows Server Virtualization (Hypervisor) Role Management Tool OS File Integrity Secure Platform Network Protection Network Access Protection (NAP) Server and Domain Isolation with IPsec End-to-end Network Authentication Windows Firewall With Advanced Security On By Default Identity Access Rights Management Services (RMS) Full volume encryption (Bitlocker) USB Device-connection rules with Group Policy Improved Auditing Windows Server Backup Data Protection Read-only Domain Controller (RODC) Active Directory Federation Srvcs. (ADFS) Administrative Role Separation PKI Management Console Online CertificateStatus Protocol

24. Secure Platform Surface Area Configuration tool Password Policy Enforcement; Granular Roles Built in Encryption;Key Mgmt. Auditing – Data Definition Language (DDL) Advanced Spam and Virus Defenses Compliance Business Continuity Trust Center New Document Security Model Open XML File Formats Rich Authentication GranularAccess Control Complianceand Auditing Hierarchical Encryption Document Inspector Information Rights Management Strong Encryption,Digital Signatures Suite-B: For U.S. Government Data Protection Platform Security Progress Essential Security and Mobile Device Mgmt Built-in Protection with Business Continuity Compliance Support EnhancedMessage Filtering

25. Security Threat Landscape Evolution Microsoft Security Strategy Engineering Excellence Security Development Lifecycle Engineering Excellence Security Development Lifecycle

26. Trusted Unhealthy PC Isolated Remediation Server Web Server Infrastructure Servers New Customer Remote Access Gateway Trusted Home Unmanaged Devices MaliciousUsers Network Security Secure Anywhere Access End-to-end security with IPv6 and IPsec Access driven by policy not topology Certificate based multi-factor authentication Health checks and remediation prior to access Policy-driven network access solutions Windows Firewall with advanced filtering Server and Domain Isolation Network Access Protection (NAP) ISA Server 2006 Intelligent Application Gateway (2007) Windows Filtering Platform

27. Identity and Access Management Your COMPANYandyour EMPLOYEES Secure and seamlesscross-organizational collaboration Easily managing multiple identities Government sponsored identities (eID) Hardware supported trust platform Disparate directories synchronization Centralized ID controls and mgmt. Embedded identity into applications Policy Governance / Compliance Role Based Permissions Identity and Data Privacy Identity Lifecycle Manager 2007 Active Directory Federation Services Active Directory Lightweight Directory Services Windows Certificate Services Windows CardSpace™

28. Edge, server and client protection “Point to Point” Solutions Security of data at rest and in transit Mobile workforce Manageability Corporate Client Protection Server Protection Consumer/ Small Business Simple PC maintenance Anti-Virus Anti-Spyware Anti-Phishing Firewall Performance Tuning Backup and Restore Edge Protection Protection

29. Interoperability Industry Standards Web Services (WS-*) Open document format (XPS) OpenID Partner Products Network Access Protection EV Certificate support in IE7 Windows CardSpace Windows Security Center Industry Partnerships SecureIT Alliance Microsoft SecurityResponse Alliance Interop Vendor Alliance

30. Security Stack Interoperability Integrated security eases defense in depth architecture deployment Adoption of open standards allows cross platform integration Management System System Center, Active Directory GPO Data BitLocker, EFS, RMS, SharePoint, SQL User Active Directory and Identity Lifecycle Mgr Application SDL process, IIS, Visual Studio, and .NET Device Forefront Client Security, Exchange MSFP Internal Network Network Access Protection, IPSec Perimeter Forefront Edge and Server Security, NAP

31. Management Systems Integration

32. Engineering Excellence Security Development Lifecycle Microsoft Security Strategy

33. Some hard questions… Who Why What When Where How

34. The lighter side

35. And the press is doing its bit...

36. User Experience Application Platform Optimization Model Development BASIC ADVANCED DYNAMIC STANDARDIZED Infrastructure Optimization SOA and Business Process Data Management Business Intelligence Business Productivity Infrastructure Optimization Model Unified Communications Collaboration IT and Security Process Enterprise Content Management BASIC RATIONALIZED DYNAMIC STANDARDIZED Enterprise Search Business Intelligence Core Infrastructure Optimization Model Identity and Access Management Desktop, Device, and Server Mgmt BASIC RATIONALIZED DYNAMIC STANDARDIZED Security and Networking Data Protection and Recovery

38. Establishes a foundation based on industry analyst, academic, and consortium research

39. Provides guidance and best practices for step-by-step implementation

40. Drives cost reduction, security and efficiency gains

41. Enables agilityApplication Platform Optimization Model STANDARDIZED BASIC ADVANCED DYNAMIC Development SOA and Business Process Data Management Business Intelligence Business Productivity Infrastructure Optimization Model Unified Communications Collaboration IT and Security Process STANDARDIZED BASIC DYNAMIC RATIONALIZED Enterprise Content Management Enterprise Search Business Intelligence Core Infrastructure Optimization Model Identity and Access Management Desktop, Device, and Server Mgmt BASIC STANDARDIZED DYNAMIC RATIONALIZED Security and Networking Data Protection and Recovery

42. Core Infrastructure Optimization Policy and Compliance Risk Assessment User Awareness Basic Standardized Rationalized Dynamic Identity and Access Management Patch Management Threat and Vulnerability Mitigation Secure Messaging and Collaboration Secure Application Architecture Legacy Platform Migration

43. Solutions Benefits Costs Challenges Two Factor Authentication Secure Remote User Basic to Standardized Enforce Strong Passwords Secure Wireless Access Network Intrusion Detection Optimizing SecurityMoving from Basic to Standardized Developer-focused environment Sophisticated and targeted threats Executive sponsorship Awareness campaign Cultural shift to awareness Able to mitigate current high priority risk Labor intensive to maintain Defense in Depth

44. Solutions Benefits Costs Challenges Standardized to Rationalized Network Segmentation Identity & Access Mgmt 2FA: Elevated Access Accts Security Event Monitoring Certificate Provisioning & Renewals Vulnerability Assessments SDL IT Optimizing SecurityMoving from Standardized to Rationalized Evolving and faster threats Ownership largely resided with Security Risk management framework Service manager accountability Accountability closer to business Environmental awareness Improved response Lack of integration between service managers and business Defense in Depth Automate

45. Solutions Benefits Costs Challenges Network Access Protection Rationalized to Dynamic Strong User Authentication User Account Control Bitlocker Drive Encryption Optimizing SecurityMoving from Rationalized to Dynamic Security viewed as a tax to the business Information security governance Information security becomes a strategic asset Culture shift may cause friction Defense in Depth

46. Application Security Authentication Intrusion Detection/Prevention Identity & Access Management Network Firewalls NAC Wireless Email Unified Threat Management Secure Remote Access Antimalware SIMs Mobile Data Security Vulnerability Management Web Security Gateways

47. People Mobile Mobile Office Task Office Contract Task Home Contract Offshore Home

48. Separation Creates Flexibility Data, User Settings Applications OS Hardware Dependencies Create Complexity

49. Mobile

50. Microsoft Enterprise Desktop Virtualization (MED-V) End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues Mobile Worker Bitlocker Drive Encryption OPERATING SYSTEM Hardware

51. Mobile Worker Bi-Directional Firewall, Defender, Malicious Software Removal Tool Bitlocker Drive Encryption Security Center & UAC Network Location Protection OS Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM Hardware End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues

52. Mobile Worker Terminal Server Access RMS Protected Documents Bi-Directional Firewall, Defender, Malicious Software Removal Tool Bitlocker Drive Encryption Security Center & UAC Network Location Protection Applications Anti Virus & Antispyware Network Access Protection OS Application (APP-V) & Enterprise Desktop (MED-V) Virtualization Group Policy and AGPM Folder Redirection Offline Files Hardware End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues

53. Mobile Worker Terminal Server Access RMS Protected Documents Network Access Protection Data, User Settings Applications Anti Virus & Antispyware Folder Redirection Offline Files Group Policy and AGPM Data Backup OS Application (APP-V) & Enterprise Desktop (MED-V) Virtualization Hardware End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues

54. Mobile Worker RMS Protected Documents Data, User Settings Applications Folder Redirection Offline Files Group Policy and AGPM Data Backup System Monitoring System Management Mobile Device Management Corporate Security Policy OS Hardware End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues

55. Office

56. Microsoft Enterprise Desktop Virtualization (MED-V) End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues Office Worker Bitlocker Drive Encryption OPERATING SYSTEM Hardware

57. Office Worker Bi-Directional Firewall, Defender, Malicious Software Removal Tool Bitlocker Drive Encryption Security Center & UAC Network Location Protection OS Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM Hardware End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues

58. Office Worker Terminal Server Access RMS Protected Documents Bi-Directional Firewall, Defender, Malicious Software Removal Tool Bitlocker Drive Encryption Security Center & UAC Network Location Protection Applications Anti Virus & Antispyware Network Access Protection OS Application (APP-V) & Enterprise Desktop (MED-V) Virtualization Hardware End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues

59. Office Worker Terminal Server Access RMS Protected Documents Network Access Protection Data, User Settings Applications Anti Virus & Antispyware Folder Redirection Offline Files Group Policy and AGPM Data Backup OS Application (APP-V) & Enterprise Desktop (MED-V) Virtualization Hardware End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues

60. Office Worker RMS Protected Documents Data, User Settings Applications Folder Redirection Offline Files Group Policy and AGPM Data Backup System Monitoring System Management Mobile Device Management Corporate Security Policy OS Hardware End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues

61. Task

62. Microsoft Enterprise Desktop Virtualization (MED-V) End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues Task Worker Bitlocker Drive Encryption OPERATING SYSTEM Hardware

63. Task Worker Bi-Directional Firewall, Defender, Malicious Software Removal Tool Bitlocker Drive Encryption Security Center & UAC Network Location Protection OS Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM Hardware End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues

64. Task Worker Terminal Server Access RMS Protected Documents Bi-Directional Firewall, Defender, Malicious Software Removal Tool Bitlocker Drive Encryption Security Center & UAC Network Location Protection Applications Anti Virus & Antispyware Network Access Protection OS Application (APP-V) & Enterprise Desktop (MED-V) Virtualization Group Policy and AGPM Folder Redirection Offline Files Hardware End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues

65. Task Worker Terminal Server Access RMS Protected Documents Network Access Protection Data, User Settings Applications Anti Virus & Antispyware Folder Redirection Offline Files Group Policy and AGPM Data Backup OS Application (APP-V) & Enterprise Desktop (MED-V) Virtualization Hardware End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues

66. Task Worker RMS Protected Documents Data, User Settings Applications Folder Redirection Offline Files Group Policy and AGPM Data Backup System Monitoring System Management Mobile Device Management Corporate Security Policy OS Hardware End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues

67. Contract / Offshore

68. Microsoft Enterprise Desktop Virtualization (MED-V) End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues Contract / Offshore Worker Bitlocker Drive Encryption OPERATING SYSTEM Hardware

69. Bi-Directional Firewall, Defender, Malicious Software Removal Tool Network Location Protection Bitlocker Drive Encryption Security Center & UAC OS Microsoft Enterprise Desktop Virtualization (MED-V) Contract / Offshore Worker OPERATING SYSTEM Hardware End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues

70. Contract / Offshore Worker Terminal Server Access RMS Protected Documents Bi-Directional Firewall, Defender, Malicious Software Removal Tool Bitlocker Drive Encryption Security Center & UAC Network Location Protection Applications Anti Virus & Antispyware Network Access Protection OS Application (APP-V) & Enterprise Desktop (MED-V) Virtualization Hardware End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues

71. Contract / Offshore Worker Terminal Server Access RMS Protected Documents Network Access Protection Data, User Settings Applications Anti Virus & Antispyware Folder Redirection Offline Files Group Policy and AGPM Data Backup OS Application (APP-V) & Enterprise Desktop (MED-V) Virtualization Hardware End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues

72. Contract / Offshore Worker RMS Protected Documents Data, User Settings Applications Folder Redirection Offline Files Group Policy and AGPM Data Backup System Monitoring System Management Mobile Device Management Corporate Security Policy OS Hardware End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues

73. Home

74. Microsoft Enterprise Desktop Virtualization (MED-V) End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues Home Worker Bitlocker Drive Encryption OPERATING SYSTEM Hardware

75. Home Worker Bi-Directional Firewall, Defender, Malicious Software Removal Tool Bitlocker Drive Encryption Security Center & UAC Network Location Protection OS Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM Hardware End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues

76. Home Worker Terminal Server Access RMS Protected Documents Bi-Directional Firewall, Defender, Malicious Software Removal Tool Bitlocker Drive Encryption Security Center & UAC Network Location Protection Applications Anti Virus & Antispyware Network Access Protection OS Application (APP-V) & Enterprise Desktop (MED-V) Virtualization Hardware End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues

77. Home Worker Terminal Server Access RMS Protected Documents Network Access Protection Data, User Settings Applications Anti Virus & Antispyware Folder Redirection Offline Files Group Policy and AGPM Data Backup OS Application (APP-V) & Enterprise Desktop (MED-V) Virtualization Hardware End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues

78. Home Worker RMS Protected Documents Data, User Settings Applications Folder Redirection Offline Files Group Policy and AGPM Data Backup System Monitoring System Management Mobile Device Management Corporate Security Policy OS Hardware End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues

79. 7 Tips for Secure Client Computing Protect your personal information. It’s valuable Know who you’re dealing with Use anti-virus and firewall and update both regularly Setup your OS and Web Browser properly and update both regularly Protect your password Backup important files Learn who to contact if something goes wrong

80. Technology Internet Intranet Web Server Exchange External Web Server User BRANCH OFFICE DMZ CSS Internal Network Internet SharePoint Active Directory HEAD QUARTERS User Customer

81. Technology – Another View Trusted Unhealthy PC Isolated Remediation Server Web Server Infrastructure Servers New Customer Remote Access Gateway Trusted Home Unmanaged Devices MaliciousUsers

82. OSI Model Application Presentation Session Transport Network Media layers Host layers Data Link Physical

83. Head Office

84. Head Office (Media Layer) Bitlocker Drive Encryption Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM Physical End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues

85. Head Office (Media Layer) Bitlocker Drive Encryption Secure Wireless Access Secure Remote Access Network Access Protection Intrusion Detection System Data Link Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM Physical End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues

86. Head Office (Media Layer) Secure Wireless Access Network Access Protection Secure Remote Access Site-to-Site VPN Address Translation Intrusion Detection System Network Data Link Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM Physical End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues

87. Head Office (Host Layer) IPSec Enabled Protection Server & Domain Isolation Transport Firewall Protection Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues

88. Head Office (Host Layer) IPSec Enabled Protection Server & Domain Isolation Active Directory Remote Access Protocols Session Transport Firewall Protection Folder Redirection Offline Files Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues

89. Head Office (Host Layer) GINA Protection GINA Protection Terminal Server Access Active Directory Remote Access Protocols Encrypted File System Presentation Session OPERATING SYSTEM Transport Folder Redirection Offline Files Anti Virus & Antispyware Group Policy and AGPM CTRL + ALT + DEL CTRL + ALT + DEL Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues

90. Head Office (Host Layer) Application Defender, Malicious Software Removal Tool GINA Protection Terminal Server Access Encrypted File System Presentation Session Transport Application Protection Management Anti Virus & Antispyware Group Policy and AGPM CTRL + ALT + DEL Application (APP-V) Virtualization Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues

91. Head Office (Host Layer) Application Defender, Malicious Software Removal Tool Presentation Session Transport Application Protection Management Web DHCP & DNS Audio Video Messaging Anti Virus & Antispyware Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues

92. Head Office (Host Layer) Application Presentation Session Transport Web Audio Video Messaging DHCP & DNS Identity Management Data Protection Content Management Database Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues

93. Branch Office

94. Branch Office (Media Layer) Bitlocker Drive Encryption Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM Physical End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues

95. Branch Office (Media Layer) Bitlocker Drive Encryption Secure Wireless Access Secure Remote Access Network Access Protection Intrusion Detection System Data Link Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM Physical End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues

96. Branch Office (Media Layer) Secure Wireless Access Network Access Protection Secure Remote Access Site-to-Site VPN Address Translation Intrusion Detection System Network Data Link Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM Physical End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues

97. Branch Office (Host Layer) IPSec Enabled Protection Server & Domain Isolation Transport Firewall Protection Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues

98. Branch Office (Host Layer) IPSec Enabled Protection Server & Domain Isolation Active Directory Remote Access Protocols Session Transport Firewall Protection Folder Redirection Offline Files Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues

99. Branch Office (Host Layer) GINA Protection GINA Protection Terminal Server Access Active Directory Remote Access Protocols Encrypted File System Presentation Session OPERATING SYSTEM Transport Folder Redirection Offline Files Anti Virus & Antispyware Group Policy and AGPM CTRL + ALT + DEL CTRL + ALT + DEL Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues

100. Branch Office (Host Layer) Application Defender, Malicious Software Removal Tool GINA Protection Terminal Server Access Encrypted File System Presentation Session Transport Application Protection Management Anti Virus & Antispyware Group Policy and AGPM CTRL + ALT + DEL Application (APP-V) Virtualization Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues

101. Branch Office (Host Layer) Application Defender, Malicious Software Removal Tool Presentation Session Transport Application Protection Management Web DHCP & DNS Audio Video Messaging Anti Virus & Antispyware Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues

102. Branch Office (Host Layer) Application Presentation Session Transport Web Audio Video Messaging DHCP & DNS Identity Management Data Protection Content Management Database Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues

103. IntranetExtranet

104. Intranet/Extranet (Media Layer) Bitlocker Drive Encryption Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM Physical End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues

105. Intranet/Extranet (Media Layer) Bitlocker Drive Encryption Secure Wireless Access Secure Remote Access Network Access Protection Intrusion Detection System Data Link Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM Physical End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues

106. Intranet/Extranet (Media Layer) Secure Wireless Access Network Access Protection Secure Remote Access Site-to-Site VPN Address Translation Intrusion Detection System Network Data Link Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM Physical End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues

107. Intranet/Extranet (Host Layer) IPSec Enabled Protection Server & Domain Isolation Transport Firewall Protection Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues

108. Intranet/Extranet (Host Layer) IPSec Enabled Protection Server & Domain Isolation Active Directory Remote Access Protocols Session Transport Firewall Protection Folder Redirection Offline Files Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues

109. Intranet/Extranet (Host Layer) GINA Protection GINA Protection Terminal Server Access Active Directory Remote Access Protocols Encrypted File System Presentation Session OPERATING SYSTEM Transport Folder Redirection Offline Files Anti Virus & Antispyware Group Policy and AGPM CTRL + ALT + DEL CTRL + ALT + DEL Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues

110. Intranet/Extranet (Host Layer) Application Defender, Malicious Software Removal Tool GINA Protection Terminal Server Access Encrypted File System Presentation Session Transport Application Protection Management Anti Virus & Antispyware Group Policy and AGPM CTRL + ALT + DEL Application (APP-V) Virtualization Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues

111. Intranet/Extranet (Host Layer) Application Defender, Malicious Software Removal Tool Presentation Session Transport Application Protection Management Web DHCP & DNS Audio Video Messaging Anti Virus & Antispyware Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues

112. Intranet/Extranet (Host Layer) Application Presentation Session Transport Web Audio Video Messaging DHCP & DNS Identity Management Data Protection Content Management Database Microsoft Enterprise Desktop Virtualization (MED-V) OPERATING SYSTEM End User Benefits Offline Use Flexible Configurations Rich user experience IT Benefits Protection of the local data Easy to migrate user Mitigation of application compatibility issues

113. Remote Access

114. Wired Access ADSL / Cable Power Line Dial-in / ISDN Fiber Optic

115. Wireless Access WiFi GPRS / UMTS / HSPA / LTE Wireless USB Bluetooth WiMAX Satellite

116. Securing Wireless… Internet Wired Enterprise Network

117. VPN security models

119. Seamless access to network resources increases productivity of mobile users

120. Infrastructure investments also make it easier to service mobile PCs and distribute updates and polices

121. Difficult for users to access corporate resources from outside the office

123. Process Application Security Cryptography Access Control Business Continuity & Disaster Recovery Information Security and Risk Management Operations Security Physical (Environmental) Security Security Architecture and Design Telecommunications and Network Security Legal, Regulations, Compliance & Investigations

124. Access Control

125. Application Security

126. Business Continuity Business Continuity Planning Lifecycle

127. Disaster Recovery

128. Cryptography Symmetric-key Asymmetric-key

129. Information Security Administrative Logical Physical

130. Risk Management Risk avoidance Risk reduction Risk retention Risk transfer

131. Operations Security World War II-era poster promoting OPSEC

132. Security Architecture and Design

133. Legal, Regulations, Compliance & Investigations

134. Telecommunications and Network Security

135. Physical Security Key Elements Key Features

136. Security Guidance and Resources Microsoft Security Home Page: www.microsoft.com/security Microsoft Forefront: http://www.microsoft.com/forefront/default.mspx General Information: Microsoft Live Safety Center: http://safety.live.com Microsoft Security Response Center: www.microsoft.com/security/msrc Security Development Lifecycle: http://msdn.microsoft.com/security/sdl Get the Facts on Windows and Linux: www.microsoft.com/getthefacts Anti-Malware: Microsoft OneCare Live: https://beta.windowsonecare.com Microsoft Defender: www.microsoft.com/athome/security/spyware/software Spyware Criteria: www.microsoft.com/athome/security/spyware/software/isv Guidance Centers: Security Guidance Centers: www.microsoft.com/security/guidance Security Guidance for IT Professionals: www.microsoft.com/technet/security The Microsoft Security Developer Center: msdn.microsoft.com/security The Security at Home Consumer Site: www.microsoft.com/athome/security

137. આભાર ধন্যবাদ நன்றி धन्यवाद ಧನ್ಯವಾದಗಳು ధన్యవాదాలు ଧନ୍ୟବାଦ നിങ്ങള്‍‌ക്ക് നന്ദി ਧੰਨਵਾਦ

138. © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.