1 / 29

• Windows Server 2008 Security and Microsoft Security

• Windows Server 2008 Security and Microsoft Security. Bruce Lynn Director of Server Business Group UK Microsoft Corporation. Top Security Challenges. Viruses, Spyware and Worms Botnets and Rootkits Phishing and Fraud. Virus & Malware Prevention. Regulatory Compliance

torin
Download Presentation

• Windows Server 2008 Security and Microsoft Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. • Windows Server 2008 Security and Microsoft Security Bruce Lynn Director of Server Business Group UK Microsoft Corporation

  2. Top Security Challenges Viruses, Spyware and Worms Botnets and Rootkits Phishing and Fraud Virus & Malware Prevention Regulatory Compliance Develop and Implement of Security Policies Reporting and Accountability Business Practices Identity Management and Access Control Managing Access in the Extended Enterprise Security Risk of Unmanaged PCs Implementing Defense in Depth Deploying Security Updates System Identification and Configuration Security Policy Enforcement Security Management

  3. Security Dimensions Trustworthy Computing SDL Secure by Default Secure Software System architectures (file systems, core services) Bitlocker, RODC, Address Space Load Randomization, PKI, Network Access Protection Reduced Attack Surface (Server Core) Secure Platform Forefront Security family Identity Lifecycle Management OneCare, Windows Live Safety Center, Security Solutions System Center family, Windows Update Service Group Policy, Active Directory Security Bulletins, ‘Patch Tuesdays’, Health Checks Security Management

  4. Secure Software

  5. ~90% are exploitable remotely ~60% are in web applications Attacks Are Moving To Application Layer 2004 2005 2006 2004 2005 2006 Operating Systems Applications Source: Microsoft Security Intelligence Report 2007 Sources: IBM X-Force, Symantec 2007 Security Reports

  6. Trustworthy Computing SQL Server 2005 Visual Studio 2005 Windows Server 2003 SP1 Malicious SW Removal Tool Windows Defender Windows Live OneCare TWC Announced SDL begins Windows XP SP2 DSI Launched Windows Vista Office 2007 Forefront Windows Server 2008 SQL Server 2008 Windows Server 2003 2002 2003 2004 2005 2006 2007 2008

  7. Secure Platform

  8. Making SDL Available To Developers Education Developer security center on MSDN Security “How to” videos on MSDN/channel 9 SDL Process • SDL website on Microsoft.com • Detailed SDL process guidance • Microsoft Privacy guidelines • SDL book published in 2006 (Lipner and Howard) Security Tools • Integrated security tools in Visual Studio • Secure compiler and linker flags • Static code analysis (FxCop,/analyze) • Removal of insecure APIs • Threat modeling tools

  9. Windows Server 2008 SecurityHardens Operating System and Increases Environment Protection Read-Only Domain Controller Security Network Access Protection Federated Rights Management

  10. Server Protection Features Compliance Security • Improved auditing • Network Access Protection • Event Forwarding • Policy Based Networking • Server and Domain Isolation • Removable Device Installation Control • Active Directory Rights Management Services • Development Process • Secure Startup and shield up at install • Code integrity • Windows service hardening • Inbound and outbound firewall • Restart Manager • Address Space Load Randomisation

  11. Windows Server 2008 Hardening Security Windows Vista/Server 2008 Windows® XP SP2/Server 2003 R2 LocalSystem Firewall Restricted LocalSystem LocalSystem Network Service Network Service Fully Restricted Local Service Network Service Network Restricted Local Service No Network Access Local Service Fully Restricted

  12. BitLocker™ Drive Encryption Security Full Volume Encryption Key (FVEK) Encryption Policy • Group Policy allows central encryption policy and provides Branch Office protection • Provides data protection, even when the system is in unauthorized hands or is running a different or exploiting Operating System • Uses a v1.2 TPM or USB flash drive for key storage

  13. Remediation Servers Example: Patch Restricted Network Corporate Network Network Access Protection Security Policy Servers such as: Patch, AV What is Network Access Protection? Health Policy Compliance Health Policy Validation Not policy compliant DHCP, VPN Switch/Router Windows Client NPS Policy compliant Ability to Provide Limited Access Enhanced Security Cisco and Microsoft Integration Story Increased Business Value

  14. Remediation Servers Example: Patch Restricted Network Corporate Network Using Network Access Protection Security Policy Servers such as: Patch, AV 3 1 2 Not policy compliant 4 DHCP, VPN Switch/Router Windows Client NPS Policy compliant 5 If not policy compliant, client is put in a restricted VLAN and given access to fix up resources to download patches, configurations, signatures (Repeat 1 - 4) Network Policy Server (NPS) validates against IT-defined health policy Client requests access to network and presents current health state DHCP, VPN or Switch/Router relays health status to Microsoft Network Policy Server (RADIUS) If policy compliant, client is granted full access to corporate network 4 3 2 5 1

  15. AD Rights Management Services Security • AD RMS protects access to an organization’s digital files • AD RMS in Windows Server 2008 includes several new features • Improved installation and administration experience • Self-enrollment of the AD RMS cluster • Integration with AD Federation Services • New AD RMS administrative roles RMS Server AD SQL Information Author The Recipient

  16. Active Directory Federation Services Security Contoso Adatum • AD FS provides an identity access solution • Deploy federation servers in multiple organizations to facilitate business-to-business (B2B) transactions • AD FS provides a Web-based, SSO solution • AD FS interoperates with other security products that support the Web Services Architecture • AD FS improved in Windows Server 2008 AD AD ResourceFederationServer Federation Trust AccountFederationServer WebServer

  17. Federated Rights Management Security Contoso Adatum • Together AD FS and AD RMS enable users from different domains to securely share documents based on federated identities • AD RMS is fully claims-aware and can interpret AD FS claims • Office SharePoint Server 2007 can be configured to accept federated identity claims AD AD ResourceFederationServer Federation Trust AccountFederationServer RMS WebSSO

  18. Read-Only Domain Controller Security RODC Main Office Branch Office • Features • Read Only Active Directory Database • Only allowed user passwords are stored on RODC • Unidirectional Replication • Role Separation • Benefits • Increases security for remote Domain Controllers where physical security cannot be guaranteed • Support • ADFS,DNS, DHCP, FRS V1, DFSR (FRS V2), Group Policy, IAS/VPN, DFS, SMS, ADSI queries, MOM

  19. How RODC Works Security Windows Server 2008 DC Read Only DC 3 4 2 RODC Branch Hub 5 6 1 6 RODC: Looks in DB: "I don't have the users secrets" RODC gives TGT to User and RODC will cache credentials Returns authentication response and TGT back to the RODC Windows Server 2008 DC authenticates request Forwards Request to Windows Server 2008 DC 6 5 4 3 2 1 User logs on and authenticates

  20. Read-only DC Mitigates “Stolen DC” Security Hub Admin Perspective Attacker Perspective

  21. Cryptography Next Generation Security Cryptography Next Generation (CNG) • Includes algorithms for encryption, digital signatures, key exchange, and hashing • Supports cryptography in kernel mode • Supports the current set of CryptoAPI 1.0 algorithms • Support for elliptic curve cryptography (ECC) algorithms • Perform basic cryptographic operations, such as creating hashes and encrypting and decrypting data

  22. Security Software

  23. Services Encrypting File System (EFS) Forefront Stirling Management BitLocker™ Information Protection Identity & AccessManagement SystemsManagement Microsoft Security: Defense In Depth Edge Edge Server Applications Server Applications Network Access Protection (NAP) Client and Server OS Client and Server OS Certificate Lifecycle Management Active Directory Federation Services (ADFS) Mobile Device Manager 2008 TWC Data Protection Manager Configuration Manager 2007 SDL Operations Manager 2007

  24. What is Microsoft Forefront? Microsoft Forefront is a comprehensive line of business security products providing greater protection and control through integration with your existing IT infrastructure and through simplified deployment, management, and analysis. Edge Client and Server OS Server Applications

  25. End-to-End Protection IM and Documents IM and Documents Live Communication Server SharePoint Server Live Communication Server (access proxy) Viruses, Worms, Attacks ISA Server 2006 Management station ISA Server 2006 E-mail E-mail Exchange Edge Gateway Exchange Hub Transport ExchangeMailbox server ISA Server Firewall on network edge blocks application layer attacks Pre-authenticate users for network access Isolate and protect network segments Secure Exchange/OWA publishing SMTP protocol scanning Forefront for Server AV helps block viruses and inappropriate content inbound AS helps keep viruses off internal servers Content and file filtering helps prevent confidential information from being sent out

  26. Current anti-malware offerings For Individual Users For Businesses Microsoft Forefront Client Security Windows Defender Windows Live Safety Center Windows Live OneCare MSRT Remove most prevalent viruses Remove all known viruses Real-time antivirus Remove all known spyware Real-time antispyware Central reporting and alerting Customization IT infrastructure integration

  27. Security Management

  28. Core Infrastructure Optimization ModelLeverage IO to understand your security infrastructure Basic Standardized Rationalized Dynamic Federated Identity Management across org. and platform boundaries Identity and Access Management No common identity management model Desktop, Device and Server Management No desktop or server standards, many images, no management standards Automated IT management, dynamic resource usage No networks and security standards Automated security and network management Security and Networking Data Protection and Recovery End to end data protection and disaster recovery Adhoc protection of key data Proactive, Optimize cost & quality, End-to-End service & policy management IT and Security Process Adhoc, reactive

  29. © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

More Related