SlideShare una empresa de Scribd logo

Windows Server 2008 Security Enhancements

Presentologics
Presentologics
Tecnología
1 de 37
Security Enhancement NarendaWicaksono IT Pro Advisor, Microsoft Indonesia
Agenda Security Fundamentals Threat and Vulnerability Mitigation Identity and Access Control Compliance Enhancements Technology Coverage Read Only Domain Controller, Bit Locker, Service Hardening, Server Core, Device Installation, Next Gen firewall, NAP and Terminal Services/RDP changes, Rights management, … and more
SECURITY: FUNDAMENTALS THREAT & VULNERABILITY MITIGATION Network Access Protection Read-Only Domain Controller Enhanced Auditing Server and Domain Isolation Security Development Lifecycle Windows Service Hardening Next Generation Crypto PKI Enhancements IDENTITY & ACCESS CONTROL COMPLIANCE ENHANCEMENTS BitLocker™ Drive Encryption EFS Smartcards Rights Management Server Removable Device Control Active Directory Federation Services Plug and Play Smartcards Granular Auditing Granular Password Control Security and Compliance
Security Fundamentals
Security Development Lifecycle Mandated development process for Windows Server and Windows Vista Periodic mandatory security training Assignment of security advisors for all components Threat modeling as part of design phase Security reviews and testing built into the schedule Security metrics for product teams Common Criteria (CC) Certification
Windows Service HardeningDefense-in-Depth / Factoring D D D D D D D D Reduce size ofhigh risk layers Segment theservices Increase # of layers Service 1 Service … Service 2 Service… Service A Service 3 Service B Kernel Drivers User-mode Drivers
Server Core Minimal installation option Low surface area Command line interface Limited set of server roles SERVER, SERVER ROLES (for example only) TS IAS WebServer SharePoint Etc… SERVER With WinFx, Shell, Tools, etc. SERVER CORE SERVER ROLES DNS DHCP File AD WV IIS SERVER CORE Security, TCP/IP, File Systems, RPC,plus other Core Server Sub-Systems GUI, CLR, Shell, IE, Media, OE, etc.
Windows Server 2008 Services
Cryptography Next Generation (CNG) Cryptography Next Generation Includes algorithms for encryption, digital signatures, key exchange, and hashing Supports cryptography in kernel mode Supports the current set of CryptoAPI 1.0 algorithms Support for elliptic curve cryptography (ECC) algorithms Perform basic cryptographic operations, such as creating hashes and encrypting and decrypting data
PKI Enhancements Online Certificate Status Protocol (OSCP) Enterprise PKI (PKIView) Network Device Enrollment Service and Simple Certificate Enrollment Protocol Web Enrollment
Windows Server Firewall More Control Combined firewall and IPsec management
Windows Server Firewall More Control Firewall rules become more intelligent
Windows Server Firewall More Control Firewall rules become more intelligent
Windows Server Firewall More Control Firewall rules become more intelligent
Windows Server Firewall More Control Policy-based networking
Enhancing and Simplifying IPsec
Threat and Vulnerability Mitigation
Servers with Sensitive Data Server Isolation HR Workstation Managed Computer Domain Isolation Domain Isolation Managed Computer Active Directory Domain Controller Corporate Network Trusted Resource Server X Unmanaged/Rogue Computer X Untrusted Server and Domain Isolation
POLICY SERVERS e.g. MSFT Security Center, SMS, Antigenor 3rd party Fix Up Servers e.g. MSFT WSUS, SMS & 3rd party Restricted Network CORPORATE NETWORK Network Access ProtectionWindows Server 2008 3 Not policy compliant 1 2 4 MSFT Network Policy Server Windows Vista Client Policy compliant DHCP, VPN Switch/Router 5 Enhanced Security All communications are authenticated, authorized & healthy Defense-in-depth on your terms with DHCP, VPN, IPsec, 802.1X Policy-based access that IT Pros can set and control BENEFITS Increased Business Value Preserves user productivity Extends existing investments in Microsoft and 3rd party infrastructure Broad industry partnership
Read-Only Domain Controller Read-Only Copy of AD Database Can Hold all Directory Objects & Attributes Maintains Read-Only Copy of DNS Zones HUB  Writeable DC  Secure Location Unidirectional Replication No Local Changes – Pull from Upstream Only Controlled Replication - Limits Bandwidth Use Credential Handling Can Cache User Passwords (Explicitly Set) Admin Knowledge of Accounts if Compromised RODC May Only Issue Local Auth Tickets Branch Administrative Role Separation Management Delegated to Local User No Enterprise or Domain DC Membership  Read-Only DC  Read-Only DNS  One-way Replication  Credential Cache  Local Admin Role 
How RODC Works AS_Req sent to RODC (request for TGT) 1 2 RODC: Looks in DB: "I don't have the users secrets" 3 Hub Branch Forwards Request to Windows Server "Longhorn" DC 3 7 Windows Server "Longhorn" DC Read Only DC Windows Server "Longhorn" DC authenticates request 4 4 2 5 Returns authentication response and TGT back to the RODC 5 1 RODC gives TGT to User and RODC will cache credentials 6 6 At this point the user will have a hub signed TGT 7
Read-only DC Mitigates Stolen DC Attacker Perspective
Read-only DC Mitigates Stolen DC Hub Admin Perspective
Improved Auditing More Granularity Support for many auditing subcategories: Logon, logoff, file system access, registry access, use of administrative privilege, Active Directory Captures the Who, the What, & the When From and To Values for Objects or Attributes Logs All – Creates, Modifies, Moves, Deletes New Logging Infrastructure Easier to filter out “noise” in logs Tasks tied to events: When an event occurs tasks such as sending an Email to an auditor can run automatically
Identity and Access Control
Active Directory Federation Services Full implementation of a ‘claims-based’ architecture based on WS-Federation Fully integrated with Active Directory Supports group, role and rules-based models Partner Value Add BMC, Centrify & Quest: Multi-platform support Business Benefits Enables new models for cross-company single sign-on systems Facilitates single-sign across Windows and non-Windows environments Reduces the risk of unauthorized access by eliminating the need for cross-company synchronization of user and rights information
Authentication Improvements Plug and Play Smart Cards Drivers and Certificate Service Provider (CSP) included Login and credential prompts for User Account Control all support Smart Cards New logon architecture GINA (the old Windows logon model) is gone Third parties can add biometrics, one-time password tokens, and other authentication methods with much less coding
Granular Policy Control Allows to set Password Policies on Users and/or Groups (different from the domain‘s Password Policies) Big Win for Customers:Requirements for different Password Policies do not result in deploying multiple domains anymore New Object-Type in Active Directory, the Password Settings Object Password Settings are configured using those Objects in the Password Settings Container
ComplianceEnhancements
AD Rights Management Services AD RMS protects access to an organization’s digital files AD RMS in Windows Server "Longhorn" includes several new features Improved installation and administration experience Self-enrollment of the AD RMS cluster Integration with AD FS New AD RMS administrative roles SQL Server Active Directory RMS Server 1 3 2 Information Author The Recipient
BitLocker™ Drive Encryption Full Volume Encryption Key (FVEK) Encryption Policy Group Policy allows central encryption policy and provides Branch Office protection Provides data protection, even when the system is in unauthorized hands or is running a different or exploiting Operating System Uses a v1.2 TPM or USB flash drive for key storage
Information Protection Who are you protecting against? Other users or administrators on the machine? EFS Unauthorized users with physical access? BitLocker™ Some cases can result in overlap. (e.g. Multi-user roaming laptops with untrusted network admins)
Removable Device Installation Control Benefits: Reduced Support Costs Reduced Risk of Data Theft Scenarios: Prevent installation of all devices Allow installation of only allowed devices Prevent installation of only prohibited devices
Learning curriculum Hands on lab Sample codes Videos Slides E-Certification Online Assessment
eBooks in Bahasa
Indonesia Developer Portal http://geeks.netindonesia.net
IT Professional Portal http://wss-id.org

Recomendados

Wave 14 - Winodws 7 Security Story Core by MVP Azra Rizal
Wave 14 - Winodws 7 Security Story Core by MVP Azra RizalWave 14 - Winodws 7 Security Story Core by MVP Azra Rizal
Wave 14 - Winodws 7 Security Story Core by MVP Azra RizalQuek Lilian
 
Secure Email Communications from Symantec
Secure Email Communications from SymantecSecure Email Communications from Symantec
Secure Email Communications from SymantecArrow ECS UK
 
Symantec AntiSpam Complete Overview (PowerPoint)
Symantec AntiSpam Complete Overview (PowerPoint)Symantec AntiSpam Complete Overview (PowerPoint)
Symantec AntiSpam Complete Overview (PowerPoint)webhostingguy
 
IT Pros and The Cloud
IT Pros and The CloudIT Pros and The Cloud
IT Pros and The CloudStephen Rose
 
Technology Overview - Symantec IT Management Suite (ITMS)
Technology Overview - Symantec IT Management Suite (ITMS)Technology Overview - Symantec IT Management Suite (ITMS)
Technology Overview - Symantec IT Management Suite (ITMS)Iftikhar Ali Iqbal
 
Technet System Center Mobile Device Manager Presentation
Technet System Center Mobile Device Manager PresentationTechnet System Center Mobile Device Manager Presentation
Technet System Center Mobile Device Manager Presentationjasonlan
 
SkypeShield - Securing Skype for Business
SkypeShield - Securing Skype for BusinessSkypeShield - Securing Skype for Business
SkypeShield - Securing Skype for BusinessYoav Crombie
 
QualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
QualysGuard InfoDay 2012 - Secure Digital Vault for QualysQualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
QualysGuard InfoDay 2012 - Secure Digital Vault for QualysRisk Analysis Consultants, s.r.o.
 

Recomendados

Wave 14 - Winodws 7 Security Story Core by MVP Azra Rizal
Wave 14 - Winodws 7 Security Story Core by MVP Azra RizalWave 14 - Winodws 7 Security Story Core by MVP Azra Rizal
Wave 14 - Winodws 7 Security Story Core by MVP Azra RizalQuek Lilian
 
Secure Email Communications from Symantec
Secure Email Communications from SymantecSecure Email Communications from Symantec
Secure Email Communications from SymantecArrow ECS UK
 
Symantec AntiSpam Complete Overview (PowerPoint)
Symantec AntiSpam Complete Overview (PowerPoint)Symantec AntiSpam Complete Overview (PowerPoint)
Symantec AntiSpam Complete Overview (PowerPoint)webhostingguy
 
IT Pros and The Cloud
IT Pros and The CloudIT Pros and The Cloud
IT Pros and The CloudStephen Rose
 
Technology Overview - Symantec IT Management Suite (ITMS)
Technology Overview - Symantec IT Management Suite (ITMS)Technology Overview - Symantec IT Management Suite (ITMS)
Technology Overview - Symantec IT Management Suite (ITMS)Iftikhar Ali Iqbal
 
Technet System Center Mobile Device Manager Presentation
Technet System Center Mobile Device Manager PresentationTechnet System Center Mobile Device Manager Presentation
Technet System Center Mobile Device Manager Presentationjasonlan
 
SkypeShield - Securing Skype for Business
SkypeShield - Securing Skype for BusinessSkypeShield - Securing Skype for Business
SkypeShield - Securing Skype for BusinessYoav Crombie
 
QualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
QualysGuard InfoDay 2012 - Secure Digital Vault for QualysQualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
QualysGuard InfoDay 2012 - Secure Digital Vault for QualysRisk Analysis Consultants, s.r.o.
 
8-step Guide to Administering Windows without Domain Admin Privileges
8-step Guide to Administering Windows without Domain Admin Privileges8-step Guide to Administering Windows without Domain Admin Privileges
8-step Guide to Administering Windows without Domain Admin PrivilegesBeyondTrust
 
Altiris IT Management Suite 7
Altiris IT Management Suite 7Altiris IT Management Suite 7
Altiris IT Management Suite 7Symantec
 
Enterprise firewalls feature and benefits
Enterprise firewalls feature and benefitsEnterprise firewalls feature and benefits
Enterprise firewalls feature and benefitsAnthony Daniel
 
Sweden dst tpam 2014
Sweden dst tpam 2014Sweden dst tpam 2014
Sweden dst tpam 2014Ronny Stavem
 
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & ComplianceCortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & ComplianceMSAdvAnalytics
 
Technology Overview - Validation & ID Protection (VIP)
Technology Overview - Validation & ID Protection (VIP)Technology Overview - Validation & ID Protection (VIP)
Technology Overview - Validation & ID Protection (VIP)Iftikhar Ali Iqbal
 
Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...
Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...
Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...Precisely
 
Cisco Trustsec & Security Group Tagging
Cisco Trustsec & Security Group TaggingCisco Trustsec & Security Group Tagging
Cisco Trustsec & Security Group TaggingCisco Canada
 
Privileged Access Manager Product Q&A
Privileged Access Manager Product Q&APrivileged Access Manager Product Q&A
Privileged Access Manager Product Q&AHitachi ID Systems, Inc.
 
Windows 7 And Windows Server 2008 R2 Combined Value
Windows 7 And Windows Server 2008 R2 Combined ValueWindows 7 And Windows Server 2008 R2 Combined Value
Windows 7 And Windows Server 2008 R2 Combined ValueAmit Gatenyo
 
040711 webcast securing vmachine
040711 webcast securing vmachine 040711 webcast securing vmachine
040711 webcast securing vmachine Erin Banks
 
Sem cis ise
Sem cis iseSem cis ise
Sem cis iseLino Quivén
 
ObserveIT Remote Access Monitoring Software - Corporate Presentation
ObserveIT Remote Access Monitoring Software - Corporate PresentationObserveIT Remote Access Monitoring Software - Corporate Presentation
ObserveIT Remote Access Monitoring Software - Corporate PresentationObserveIT
 
A Single Strong Authentication Platform for Cloud and On-Premise Applications
A Single Strong Authentication Platform for Cloud and On-Premise ApplicationsA Single Strong Authentication Platform for Cloud and On-Premise Applications
A Single Strong Authentication Platform for Cloud and On-Premise ApplicationsSafeNet
 
Business Mobility - otevřete svou mysl k tomu, co je možné
Business Mobility - otevřete svou mysl k tomu, co je možnéBusiness Mobility - otevřete svou mysl k tomu, co je možné
Business Mobility - otevřete svou mysl k tomu, co je možnéMarketingArrowECS_CZ
 
Security 101: Multi-Factor Authentication for IBM i
Security 101: Multi-Factor Authentication for IBM iSecurity 101: Multi-Factor Authentication for IBM i
Security 101: Multi-Factor Authentication for IBM iPrecisely
 
Windows 7 security enhancements
Windows 7 security enhancementsWindows 7 security enhancements
Windows 7 security enhancementsNarenda Wicaksono
 
Dell Quest TPAM Privileged Access Control
Dell Quest TPAM Privileged Access ControlDell Quest TPAM Privileged Access Control
Dell Quest TPAM Privileged Access ControlAidy Tificate
 
Build 2016 - P493 - Managing Windows in an Enterprise: Empower Your Users & P...
Build 2016 - P493 - Managing Windows in an Enterprise: Empower Your Users & P...Build 2016 - P493 - Managing Windows in an Enterprise: Empower Your Users & P...
Build 2016 - P493 - Managing Windows in an Enterprise: Empower Your Users & P...Windows Developer
 
3 Steps to Security Intelligence - How to Build a More Secure Enterprise
3 Steps to Security Intelligence - How to Build a More Secure Enterprise3 Steps to Security Intelligence - How to Build a More Secure Enterprise
3 Steps to Security Intelligence - How to Build a More Secure EnterpriseIBM Security
 
Windows 7 Security Enhancements
Windows 7 Security EnhancementsWindows 7 Security Enhancements
Windows 7 Security EnhancementsPresentologics
 
Microsoft Windows 7 Enhanced Security And Control
Microsoft Windows 7 Enhanced Security And ControlMicrosoft Windows 7 Enhanced Security And Control
Microsoft Windows 7 Enhanced Security And ControlMicrosoft TechNet
 

Más contenido relacionado

La actualidad más candente

8-step Guide to Administering Windows without Domain Admin Privileges
8-step Guide to Administering Windows without Domain Admin Privileges8-step Guide to Administering Windows without Domain Admin Privileges
8-step Guide to Administering Windows without Domain Admin PrivilegesBeyondTrust
 
Altiris IT Management Suite 7
Altiris IT Management Suite 7Altiris IT Management Suite 7
Altiris IT Management Suite 7Symantec
 
Enterprise firewalls feature and benefits
Enterprise firewalls feature and benefitsEnterprise firewalls feature and benefits
Enterprise firewalls feature and benefitsAnthony Daniel
 
Sweden dst tpam 2014
Sweden dst tpam 2014Sweden dst tpam 2014
Sweden dst tpam 2014Ronny Stavem
 
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & ComplianceCortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & ComplianceMSAdvAnalytics
 
Technology Overview - Validation & ID Protection (VIP)
Technology Overview - Validation & ID Protection (VIP)Technology Overview - Validation & ID Protection (VIP)
Technology Overview - Validation & ID Protection (VIP)Iftikhar Ali Iqbal
 
Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...
Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...
Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...Precisely
 
Cisco Trustsec & Security Group Tagging
Cisco Trustsec & Security Group TaggingCisco Trustsec & Security Group Tagging
Cisco Trustsec & Security Group TaggingCisco Canada
 
Windows 7 And Windows Server 2008 R2 Combined Value
Windows 7 And Windows Server 2008 R2 Combined ValueWindows 7 And Windows Server 2008 R2 Combined Value
Windows 7 And Windows Server 2008 R2 Combined ValueAmit Gatenyo
 
040711 webcast securing vmachine
040711 webcast securing vmachine 040711 webcast securing vmachine
040711 webcast securing vmachine Erin Banks
 
ObserveIT Remote Access Monitoring Software - Corporate Presentation
ObserveIT Remote Access Monitoring Software - Corporate PresentationObserveIT Remote Access Monitoring Software - Corporate Presentation
ObserveIT Remote Access Monitoring Software - Corporate PresentationObserveIT
 
A Single Strong Authentication Platform for Cloud and On-Premise Applications
A Single Strong Authentication Platform for Cloud and On-Premise ApplicationsA Single Strong Authentication Platform for Cloud and On-Premise Applications
A Single Strong Authentication Platform for Cloud and On-Premise ApplicationsSafeNet
 
Business Mobility - otevřete svou mysl k tomu, co je možné
Business Mobility - otevřete svou mysl k tomu, co je možnéBusiness Mobility - otevřete svou mysl k tomu, co je možné
Business Mobility - otevřete svou mysl k tomu, co je možnéMarketingArrowECS_CZ
 
Security 101: Multi-Factor Authentication for IBM i
Security 101: Multi-Factor Authentication for IBM iSecurity 101: Multi-Factor Authentication for IBM i
Security 101: Multi-Factor Authentication for IBM iPrecisely
 
Windows 7 security enhancements
Windows 7 security enhancementsWindows 7 security enhancements
Windows 7 security enhancementsNarenda Wicaksono
 
Dell Quest TPAM Privileged Access Control
Dell Quest TPAM Privileged Access ControlDell Quest TPAM Privileged Access Control
Dell Quest TPAM Privileged Access ControlAidy Tificate
 
Build 2016 - P493 - Managing Windows in an Enterprise: Empower Your Users & P...
Build 2016 - P493 - Managing Windows in an Enterprise: Empower Your Users & P...Build 2016 - P493 - Managing Windows in an Enterprise: Empower Your Users & P...
Build 2016 - P493 - Managing Windows in an Enterprise: Empower Your Users & P...Windows Developer
 
3 Steps to Security Intelligence - How to Build a More Secure Enterprise
3 Steps to Security Intelligence - How to Build a More Secure Enterprise3 Steps to Security Intelligence - How to Build a More Secure Enterprise
3 Steps to Security Intelligence - How to Build a More Secure EnterpriseIBM Security
 

La actualidad más candente (20)

8-step Guide to Administering Windows without Domain Admin Privileges
8-step Guide to Administering Windows without Domain Admin Privileges8-step Guide to Administering Windows without Domain Admin Privileges
8-step Guide to Administering Windows without Domain Admin Privileges
 
Altiris IT Management Suite 7
Altiris IT Management Suite 7Altiris IT Management Suite 7
Altiris IT Management Suite 7
 
Enterprise firewalls feature and benefits
Enterprise firewalls feature and benefitsEnterprise firewalls feature and benefits
Enterprise firewalls feature and benefits
 
Sweden dst tpam 2014
Sweden dst tpam 2014Sweden dst tpam 2014
Sweden dst tpam 2014
 
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & ComplianceCortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
 
Technology Overview - Validation & ID Protection (VIP)
Technology Overview - Validation & ID Protection (VIP)Technology Overview - Validation & ID Protection (VIP)
Technology Overview - Validation & ID Protection (VIP)
 
Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...
Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...
Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...
 
Cisco Trustsec & Security Group Tagging
Cisco Trustsec & Security Group TaggingCisco Trustsec & Security Group Tagging
Cisco Trustsec & Security Group Tagging
 
Privileged Access Manager Product Q&A
Privileged Access Manager Product Q&APrivileged Access Manager Product Q&A
Privileged Access Manager Product Q&A
 
Windows 7 And Windows Server 2008 R2 Combined Value
Windows 7 And Windows Server 2008 R2 Combined ValueWindows 7 And Windows Server 2008 R2 Combined Value
Windows 7 And Windows Server 2008 R2 Combined Value
 
040711 webcast securing vmachine
040711 webcast securing vmachine 040711 webcast securing vmachine
040711 webcast securing vmachine
 
Sem cis ise
Sem cis iseSem cis ise
Sem cis ise
 
ObserveIT Remote Access Monitoring Software - Corporate Presentation
ObserveIT Remote Access Monitoring Software - Corporate PresentationObserveIT Remote Access Monitoring Software - Corporate Presentation
ObserveIT Remote Access Monitoring Software - Corporate Presentation
 
A Single Strong Authentication Platform for Cloud and On-Premise Applications
A Single Strong Authentication Platform for Cloud and On-Premise ApplicationsA Single Strong Authentication Platform for Cloud and On-Premise Applications
A Single Strong Authentication Platform for Cloud and On-Premise Applications
 
Business Mobility - otevřete svou mysl k tomu, co je možné
Business Mobility - otevřete svou mysl k tomu, co je možnéBusiness Mobility - otevřete svou mysl k tomu, co je možné
Business Mobility - otevřete svou mysl k tomu, co je možné
 
Security 101: Multi-Factor Authentication for IBM i
Security 101: Multi-Factor Authentication for IBM iSecurity 101: Multi-Factor Authentication for IBM i
Security 101: Multi-Factor Authentication for IBM i
 
Windows 7 security enhancements
Windows 7 security enhancementsWindows 7 security enhancements
Windows 7 security enhancements
 
Dell Quest TPAM Privileged Access Control
Dell Quest TPAM Privileged Access ControlDell Quest TPAM Privileged Access Control
Dell Quest TPAM Privileged Access Control
 
Build 2016 - P493 - Managing Windows in an Enterprise: Empower Your Users & P...
Build 2016 - P493 - Managing Windows in an Enterprise: Empower Your Users & P...Build 2016 - P493 - Managing Windows in an Enterprise: Empower Your Users & P...
Build 2016 - P493 - Managing Windows in an Enterprise: Empower Your Users & P...
 
3 Steps to Security Intelligence - How to Build a More Secure Enterprise
3 Steps to Security Intelligence - How to Build a More Secure Enterprise3 Steps to Security Intelligence - How to Build a More Secure Enterprise
3 Steps to Security Intelligence - How to Build a More Secure Enterprise
 

Similar a Windows Server 2008 Security Enhancements

Windows 7 Security Enhancements
Windows 7 Security EnhancementsWindows 7 Security Enhancements
Windows 7 Security EnhancementsPresentologics
 
Microsoft Windows 7 Enhanced Security And Control
Microsoft Windows 7 Enhanced Security And ControlMicrosoft Windows 7 Enhanced Security And Control
Microsoft Windows 7 Enhanced Security And ControlMicrosoft TechNet
 
Share Point Server Security with Joel Oleson
Share Point Server Security with Joel OlesonShare Point Server Security with Joel Oleson
Share Point Server Security with Joel OlesonJoel Oleson
 
Praktiline pilvekonverents - IT haldust hõlbustavad uuendused
Praktiline pilvekonverents - IT haldust hõlbustavad uuendusedPraktiline pilvekonverents - IT haldust hõlbustavad uuendused
Praktiline pilvekonverents - IT haldust hõlbustavad uuendusedPrimend
 
A Critical Analysis of Microsoft Data Protection Solutions
A Critical Analysis of Microsoft Data Protection SolutionsA Critical Analysis of Microsoft Data Protection Solutions
A Critical Analysis of Microsoft Data Protection SolutionsJohn Rhoton
 
Microsoft Platform Security Briefing
Microsoft Platform Security BriefingMicrosoft Platform Security Briefing
Microsoft Platform Security Briefingtechnext1
 
Primend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisusPrimend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisusPrimend
 
0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討Timothy Chen
 
ISS SA le presenta los Escenarios para IdentityGuard de Entrust
ISS SA le presenta los Escenarios para IdentityGuard de EntrustISS SA le presenta los Escenarios para IdentityGuard de Entrust
ISS SA le presenta los Escenarios para IdentityGuard de EntrustInformation Security Services SA
 
ISS SA le presenta los escenarios para IdentityGuard de Entrust
ISS SA le presenta los escenarios para IdentityGuard de EntrustISS SA le presenta los escenarios para IdentityGuard de Entrust
ISS SA le presenta los escenarios para IdentityGuard de EntrustInformation Security Services SA
 
Microsoft (Data Protection Solutions)
Microsoft (Data Protection Solutions)Microsoft (Data Protection Solutions)
Microsoft (Data Protection Solutions)Vinayak Hegde
 
How to deploy Windows Mobile to 40,000 users
How to deploy Windows Mobile to 40,000 usersHow to deploy Windows Mobile to 40,000 users
How to deploy Windows Mobile to 40,000 usersjasonlan
 
Windowsserver2003twpppt
Windowsserver2003twppptWindowsserver2003twpppt
Windowsserver2003twppptMizuhashi Yuki
 
W7 Enterprise
W7 EnterpriseW7 Enterprise
W7 Enterprisearalves
 
W7 for IT Professionals
W7 for IT ProfessionalsW7 for IT Professionals
W7 for IT Professionalsguest632c73
 
Microsoft.Virtualization.Technologies Son Vu
Microsoft.Virtualization.Technologies Son VuMicrosoft.Virtualization.Technologies Son Vu
Microsoft.Virtualization.Technologies Son Vuvncson
 
Institutional IT Security
Institutional IT SecurityInstitutional IT Security
Institutional IT SecurityCRISIL Limited
 
Windows 2008 R2 Security
Windows 2008 R2 SecurityWindows 2008 R2 Security
Windows 2008 R2 SecurityAmit Gatenyo
 

Similar a Windows Server 2008 Security Enhancements (20)

Windows 7 Security Enhancements
Windows 7 Security EnhancementsWindows 7 Security Enhancements
Windows 7 Security Enhancements
 
Microsoft Windows 7 Enhanced Security And Control
Microsoft Windows 7 Enhanced Security And ControlMicrosoft Windows 7 Enhanced Security And Control
Microsoft Windows 7 Enhanced Security And Control
 
Share Point Server Security with Joel Oleson
Share Point Server Security with Joel OlesonShare Point Server Security with Joel Oleson
Share Point Server Security with Joel Oleson
 
Praktiline pilvekonverents - IT haldust hõlbustavad uuendused
Praktiline pilvekonverents - IT haldust hõlbustavad uuendusedPraktiline pilvekonverents - IT haldust hõlbustavad uuendused
Praktiline pilvekonverents - IT haldust hõlbustavad uuendused
 
A Critical Analysis of Microsoft Data Protection Solutions
A Critical Analysis of Microsoft Data Protection SolutionsA Critical Analysis of Microsoft Data Protection Solutions
A Critical Analysis of Microsoft Data Protection Solutions
 
Microsoft Platform Security Briefing
Microsoft Platform Security BriefingMicrosoft Platform Security Briefing
Microsoft Platform Security Briefing
 
Primend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisusPrimend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisus
 
Overview of Microsoft Exchange Online
Overview of Microsoft Exchange OnlineOverview of Microsoft Exchange Online
Overview of Microsoft Exchange Online
 
0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討
 
HMSC_AD Event V3
HMSC_AD Event V3HMSC_AD Event V3
HMSC_AD Event V3
 
ISS SA le presenta los Escenarios para IdentityGuard de Entrust
ISS SA le presenta los Escenarios para IdentityGuard de EntrustISS SA le presenta los Escenarios para IdentityGuard de Entrust
ISS SA le presenta los Escenarios para IdentityGuard de Entrust
 
ISS SA le presenta los escenarios para IdentityGuard de Entrust
ISS SA le presenta los escenarios para IdentityGuard de EntrustISS SA le presenta los escenarios para IdentityGuard de Entrust
ISS SA le presenta los escenarios para IdentityGuard de Entrust
 
Microsoft (Data Protection Solutions)
Microsoft (Data Protection Solutions)Microsoft (Data Protection Solutions)
Microsoft (Data Protection Solutions)
 
How to deploy Windows Mobile to 40,000 users
How to deploy Windows Mobile to 40,000 usersHow to deploy Windows Mobile to 40,000 users
How to deploy Windows Mobile to 40,000 users
 
Windowsserver2003twpppt
Windowsserver2003twppptWindowsserver2003twpppt
Windowsserver2003twpppt
 
W7 Enterprise
W7 EnterpriseW7 Enterprise
W7 Enterprise
 
W7 for IT Professionals
W7 for IT ProfessionalsW7 for IT Professionals
W7 for IT Professionals
 
Microsoft.Virtualization.Technologies Son Vu
Microsoft.Virtualization.Technologies Son VuMicrosoft.Virtualization.Technologies Son Vu
Microsoft.Virtualization.Technologies Son Vu
 
Institutional IT Security
Institutional IT SecurityInstitutional IT Security
Institutional IT Security
 
Windows 2008 R2 Security
Windows 2008 R2 SecurityWindows 2008 R2 Security
Windows 2008 R2 Security
 

Último

Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 

Último (20)

Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 

Windows Server 2008 Security Enhancements

  • 1. Security Enhancement NarendaWicaksono IT Pro Advisor, Microsoft Indonesia
  • 2. Agenda Security Fundamentals Threat and Vulnerability Mitigation Identity and Access Control Compliance Enhancements Technology Coverage Read Only Domain Controller, Bit Locker, Service Hardening, Server Core, Device Installation, Next Gen firewall, NAP and Terminal Services/RDP changes, Rights management, … and more
  • 3. SECURITY: FUNDAMENTALS THREAT & VULNERABILITY MITIGATION Network Access Protection Read-Only Domain Controller Enhanced Auditing Server and Domain Isolation Security Development Lifecycle Windows Service Hardening Next Generation Crypto PKI Enhancements IDENTITY & ACCESS CONTROL COMPLIANCE ENHANCEMENTS BitLocker™ Drive Encryption EFS Smartcards Rights Management Server Removable Device Control Active Directory Federation Services Plug and Play Smartcards Granular Auditing Granular Password Control Security and Compliance
  • 5. Security Development Lifecycle Mandated development process for Windows Server and Windows Vista Periodic mandatory security training Assignment of security advisors for all components Threat modeling as part of design phase Security reviews and testing built into the schedule Security metrics for product teams Common Criteria (CC) Certification
  • 6. Windows Service HardeningDefense-in-Depth / Factoring D D D D D D D D Reduce size ofhigh risk layers Segment theservices Increase # of layers Service 1 Service … Service 2 Service… Service A Service 3 Service B Kernel Drivers User-mode Drivers
  • 7. Server Core Minimal installation option Low surface area Command line interface Limited set of server roles SERVER, SERVER ROLES (for example only) TS IAS WebServer SharePoint Etc… SERVER With WinFx, Shell, Tools, etc. SERVER CORE SERVER ROLES DNS DHCP File AD WV IIS SERVER CORE Security, TCP/IP, File Systems, RPC,plus other Core Server Sub-Systems GUI, CLR, Shell, IE, Media, OE, etc.
  • 9. Cryptography Next Generation (CNG) Cryptography Next Generation Includes algorithms for encryption, digital signatures, key exchange, and hashing Supports cryptography in kernel mode Supports the current set of CryptoAPI 1.0 algorithms Support for elliptic curve cryptography (ECC) algorithms Perform basic cryptographic operations, such as creating hashes and encrypting and decrypting data
  • 10. PKI Enhancements Online Certificate Status Protocol (OSCP) Enterprise PKI (PKIView) Network Device Enrollment Service and Simple Certificate Enrollment Protocol Web Enrollment
  • 11. Windows Server Firewall More Control Combined firewall and IPsec management
  • 12. Windows Server Firewall More Control Firewall rules become more intelligent
  • 13. Windows Server Firewall More Control Firewall rules become more intelligent
  • 14. Windows Server Firewall More Control Firewall rules become more intelligent
  • 15. Windows Server Firewall More Control Policy-based networking
  • 18. Servers with Sensitive Data Server Isolation HR Workstation Managed Computer Domain Isolation Domain Isolation Managed Computer Active Directory Domain Controller Corporate Network Trusted Resource Server X Unmanaged/Rogue Computer X Untrusted Server and Domain Isolation
  • 19. POLICY SERVERS e.g. MSFT Security Center, SMS, Antigenor 3rd party Fix Up Servers e.g. MSFT WSUS, SMS & 3rd party Restricted Network CORPORATE NETWORK Network Access ProtectionWindows Server 2008 3 Not policy compliant 1 2 4 MSFT Network Policy Server Windows Vista Client Policy compliant DHCP, VPN Switch/Router 5 Enhanced Security All communications are authenticated, authorized & healthy Defense-in-depth on your terms with DHCP, VPN, IPsec, 802.1X Policy-based access that IT Pros can set and control BENEFITS Increased Business Value Preserves user productivity Extends existing investments in Microsoft and 3rd party infrastructure Broad industry partnership
  • 20. Read-Only Domain Controller Read-Only Copy of AD Database Can Hold all Directory Objects & Attributes Maintains Read-Only Copy of DNS Zones HUB  Writeable DC  Secure Location Unidirectional Replication No Local Changes – Pull from Upstream Only Controlled Replication - Limits Bandwidth Use Credential Handling Can Cache User Passwords (Explicitly Set) Admin Knowledge of Accounts if Compromised RODC May Only Issue Local Auth Tickets Branch Administrative Role Separation Management Delegated to Local User No Enterprise or Domain DC Membership  Read-Only DC  Read-Only DNS  One-way Replication  Credential Cache  Local Admin Role 
  • 21. How RODC Works AS_Req sent to RODC (request for TGT) 1 2 RODC: Looks in DB: "I don't have the users secrets" 3 Hub Branch Forwards Request to Windows Server "Longhorn" DC 3 7 Windows Server "Longhorn" DC Read Only DC Windows Server "Longhorn" DC authenticates request 4 4 2 5 Returns authentication response and TGT back to the RODC 5 1 RODC gives TGT to User and RODC will cache credentials 6 6 At this point the user will have a hub signed TGT 7
  • 22. Read-only DC Mitigates Stolen DC Attacker Perspective
  • 23. Read-only DC Mitigates Stolen DC Hub Admin Perspective
  • 24. Improved Auditing More Granularity Support for many auditing subcategories: Logon, logoff, file system access, registry access, use of administrative privilege, Active Directory Captures the Who, the What, & the When From and To Values for Objects or Attributes Logs All – Creates, Modifies, Moves, Deletes New Logging Infrastructure Easier to filter out “noise” in logs Tasks tied to events: When an event occurs tasks such as sending an Email to an auditor can run automatically
  • 26. Active Directory Federation Services Full implementation of a ‘claims-based’ architecture based on WS-Federation Fully integrated with Active Directory Supports group, role and rules-based models Partner Value Add BMC, Centrify & Quest: Multi-platform support Business Benefits Enables new models for cross-company single sign-on systems Facilitates single-sign across Windows and non-Windows environments Reduces the risk of unauthorized access by eliminating the need for cross-company synchronization of user and rights information
  • 27. Authentication Improvements Plug and Play Smart Cards Drivers and Certificate Service Provider (CSP) included Login and credential prompts for User Account Control all support Smart Cards New logon architecture GINA (the old Windows logon model) is gone Third parties can add biometrics, one-time password tokens, and other authentication methods with much less coding
  • 28. Granular Policy Control Allows to set Password Policies on Users and/or Groups (different from the domain‘s Password Policies) Big Win for Customers:Requirements for different Password Policies do not result in deploying multiple domains anymore New Object-Type in Active Directory, the Password Settings Object Password Settings are configured using those Objects in the Password Settings Container
  • 30. AD Rights Management Services AD RMS protects access to an organization’s digital files AD RMS in Windows Server "Longhorn" includes several new features Improved installation and administration experience Self-enrollment of the AD RMS cluster Integration with AD FS New AD RMS administrative roles SQL Server Active Directory RMS Server 1 3 2 Information Author The Recipient
  • 31. BitLocker™ Drive Encryption Full Volume Encryption Key (FVEK) Encryption Policy Group Policy allows central encryption policy and provides Branch Office protection Provides data protection, even when the system is in unauthorized hands or is running a different or exploiting Operating System Uses a v1.2 TPM or USB flash drive for key storage
  • 32. Information Protection Who are you protecting against? Other users or administrators on the machine? EFS Unauthorized users with physical access? BitLocker™ Some cases can result in overlap. (e.g. Multi-user roaming laptops with untrusted network admins)
  • 33. Removable Device Installation Control Benefits: Reduced Support Costs Reduced Risk of Data Theft Scenarios: Prevent installation of all devices Allow installation of only allowed devices Prevent installation of only prohibited devices
  • 34. Learning curriculum Hands on lab Sample codes Videos Slides E-Certification Online Assessment
  • 36. Indonesia Developer Portal http://geeks.netindonesia.net
  • 37. IT Professional Portal http://wss-id.org
  • 38. © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.