what s next for microsoft security l.
Skip this Video
Loading SlideShow in 5 Seconds..
What’s Next for Microsoft Security ? PowerPoint Presentation
Download Presentation
What’s Next for Microsoft Security ?

Loading in 2 Seconds...

play fullscreen
1 / 34

What’s Next for Microsoft Security ? - PowerPoint PPT Presentation

  • Uploaded on

What’s Next for Microsoft Security ?. Kai Axford, CISSP, MCSE-Security IT Pro Evangelist Microsoft Corporation kaiax@microsoft.com. Malicious Software Removal Tool. What’s Next for Security? Our Security Progress so far ….

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'What’s Next for Microsoft Security ?' - tait

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
what s next for microsoft security

What’s Next for Microsoft Security?

Kai Axford, CISSP, MCSE-SecurityIT Pro Evangelist

Microsoft Corporation



Malicious Software Removal Tool

What’s Next for Security?Our Security Progress so far…

More than 260 million copies distributed. Enterprise deployment at 61%

15 times less likely to be infected by malware

Significantly fewer important & critical vulnerabilities

Service Pack 2

Security Configuration Wizard

More secure by design; more secure by default

More than 4.7 million downloads

Service Pack 1

Most popular download in Microsoft history!!

Helps protect more than 25 million customers

Great feedback from SpyNet participants

2B total executions; 200M per month

Focus on most prevalent malware

Dramatically reduced the # of Bot infections

As of February 2006

what s next for security so what products is microsoft working on now
What’s Next for Security?So what products is Microsoft working on now?
  • Windows Vista
  • Certificate Lifecycle Manager
  • Secure Messaging with Antigen and FrontBridge
  • Network Access Protection
  • ISA Server 2006
Windows services are profiled for allowed actions to the network, file system, and registry

Services run with reduced privilege compared to Windows XP

Designed to block attempts by malicious software to make a Windows service write to an area of the network, file system, or registry that isn’t part of that service’s profile

Windows VistaWindows Service Hardening: Defense in depth

Service Hardening

File system






Windows VistaInternet Explorer 7.0

Social Engineering Protections

Phishing Filter and Colored Address Bar

Dangerous Settings Notification

Secure defaults for International Domain Names (IDN)

Protection From Exploits

Unified URL Parsing

Code quality improvements (SDL)

ActiveX Opt-in

Protected Mode to prevent malicious software


Windows VistaUser Account Control (UAC)


  • Users with elevated privileges means increased risk
  • Line of Business (LoB) applications require elevated privileges to run
  • Common Operating System Configuration tasks require elevated privilege


  • Allow businesses to move to a better-managed desktop and consumers to use parental controls
Formerly Secure Start-up

Designed specifically to prevent a thief who boots another Operating System or runs a hacking tool from breaking Windows file and system protections

Provides data protection on your Windows client systems, even when the system is in unauthorized hands or is running a different or exploiting Operating System

Uses a v1.2 TPM or USB flash drive for key storage

Windows VistaBitLocker™ Drive Encryption


bitlocker drive in linux




BitLocker™Drive In LINUX
  • Linux Bitlocker volume errors
  • Fdisk reads partition table... thinks FVE partition is ntfs
  • wrong fs type, bad option, bad superblock on /dev/sda2, missing codepage or other error
  • Primary boot sector is invalid, Not an NTFS volumn
certificate lifecycle manager functional overview
Certificate Lifecycle ManagerFunctional overview

What is Microsoft Certificate Lifecycle Manager?

  • Single administration point for digital certificates and smart cards
  • Configurable policy-based workflows for common tasks (enroll, renew, revoke, etc.)
  • Detailed auditing and reporting
  • Support for both centralized and self-service scenarios
  • Integration with existing infrastructure
certificate lifecycle manager architectural overview
Certificate Lifecycle ManagerArchitectural overview

Certificate Lifecycle ManagerArchitectural Overview

Physical Architecture

Server Side -

  • Certificate Lifecycle Manager
  • Windows Server 2003 Certificate Services Add-on
  • SQL Server 2000 SP3
  • Email/SMTP service

Client Side-

  • Certificate Lifecycle Manager Client
  • Bulk Smart Card Issuance Tool




Microsoft CAs


Lifecycle Manager

End User


Managed Services

On-Premise Software



Corporate Network

External Firewall

Internal Firewall

Authentication and Authorization

FrontBridge E-mail Filtering Services

Antigen for SMTP Gateways

Advanced Spam Manager

Antigen for Exchange

ISA Server

Microsoft Secure MessagingMulti-Layer Secure Messaging











FrontBridgeE-mail Complexity Requires Flexibility

  • Layered anti-spam
  • Multi-engine anti-virus
  • Customized content and policy enforcement
  • Real-time attack prevention

Interception-based message archiving

Customized report generation for demonstrating compliance

Fully-indexed, searchable archive

Rapid deployment to meet deadlines or immediate needs

Full e-mail encryption

No public and private key management

Gateway, policy-based e-mail encryption

Uninterrupted e-mail accessibility

Rapid recovery from unplanned disasters and network outages

30-day historical e-mail store


FrontBridgeE-Mail Filtering

  • Edge and connection-based blocking
      • Directory services, real-time attack prevention, multi-layer virus scanning and content filtering
  • Advanced spam filtering
      • Fingerprinting, SPF lookups, rules based scoring
  • E-Mail queuing
  • E-Mail quarantine
microsoft antigen what is antigen
Microsoft AntigenWhat is Antigen?

Antigen for SMTP/Exchange

  • On-premise, server-based mail scanning software
  • Provides antivirus, anti-spam, content and file filtering
    • Multiple complementary technologies used
  • Complete end user control
  • Protection against internal threats and virus propagation

Microsoft AntigenOverview

  • All Antigen products integrate multiple antivirus engines from 3rd party vendors. Four engines provided as part of base cost.
  • Kaspersky Lab
  • Norman Data Defense*
  • Sophos*
  • Virus Busters
  • AhnLabs
  • Authentium Command
  • CA InoculateIT*
  • CA VET*

*Default engines

The MS Antivirus engine will be provided in the first Microsoft-branded version of Antigen


Microsoft AntigenSignature Updates

Sober.P Virus Detection TimeMay 2, 2005 (GMT)

January 2005 Updates

Time of DayHour : Minute

Antigen Engines

AV-Test.org Feb. 2005

Note: the chart (left) represents a single virus outbreak only. It does not represent average response times for the listed antivirus labs.

AV-Test.org May 2005



ISA Server

Exchange Site 1

Exchange Front End

Exchange Site 2

Exchange Public Folder Server

Exchange Mailbox Server

Microsoft AntigenAntigen for Exchange

  • Detects and removes viruses in e-mail messages and attachments
    • Scans at SMTP stack (most processing intensive scans)
    • Scans real-time at Exchange information Store
    • Provides on-demand and scheduled scans of information store
    • Uses Microsoft-approved virus scanning API integration for Exchange 2000 and 2003
  • Provides advanced content-filtering capabilities for messages and attachments
    • Integrates file filtering, keyword filtering and anti-spam at the SMTP routing level
  • Protects Exchange Server 5.5, 2000, and 2003

Network Access Protection Why you need a NAP…

Causing loss of productivity and financial loss

Virus entering the enterprise by:

  • Employees returning from trips
  • Consultants/guests plugging in
  • Employees VPN-ing in
  • Attacking vulnerable machines in the network

Source: Virus Attack Costs are Rising –Again. Computer Economics, Inc. Sept 2003.

IT Administrators looking for tools to:


Network Access Protection IPSec-based NAP Walk-through








May I have a DHCP address?

May I have a health certificate? Here’s my SoH.

Here you go.

Client ok?


Issue health certificate.


Needs updates.

Here’s your health certificate.

You don’t get a health certificate! Get updates!






I need updates.


Accessing the network

Here you go.

Remediation Server


Extranet Web Server

External Web Site


ISA 2006 Appliance

Internal Network




ISA Server 2006Web Access Protection

External Attack Resilience

Internal Attack Resilience

Minimal Downtime

Remediation Measures

Better Management


Over 1,500 IT Pro’s visited security content on Microsoft.com

250 customers downloaded Windows Server 2003 SP1  

Over 50,000 users ran the Malicious Software Removal Tool

2 instances of the Sasser worm were removed

149 Bot infections were found and removed

Over 18,000 additional users installed Windows Defender

~7,500 pieces of spyware and other potentially unwanted software were removed

In the last 30 minutesDid you realize?

microsoft security resources
Microsoft Security Resources
  • Windows Vista Beta
    • http://www.microsoft.com/windowsvista/
  • Certificate Lifecycle Manager Beta
    • http://www.microsoft.com/windowsserversystem/clm/default.mspx
  • Antigen and FrontBridge
    • http://www.microsoft.com/securemessaging
  • Network Access Protection Beta
    • http://www.microsoft.com/technet/itsolutions/network/nap/beta.mspx
  • ISA Server 2006 Beta
    • http://www.microsoft.com/isaserver/2006/