Transcript Slide 1
Ovidiu Pismac Account Technology Specialist MCSE Security, CISSP Microsoft Corporation Microsoft Trustworthy Computing Addressing Security Threats with Microsoft Windows Vista Windows Server 2008 Forefront security family Security guidance and resources Product Inception Design Threat Modeling Standards, Security Push best practices, and tools Final Security Review RTM and Deployment Signoff Security Response Secure Platform Data Protection Security Development Lifecycle (SDL) Kernel Patch Protection Kernel-mode Driver Signing Secure Startup Windows Service Hardening Rights Management Services (RMS) SharePoint, Exchange, Windows Mobile integration Encrypting File System (EFS) Bitlocker Secure Access User Account Control Network Access Protection (NAP) IPv6 IPsec Windows CardSpace Native smart card support GINA Re-architecture Certificate Services Credential roaming Malware Protection Windows Defender Bi-directional Firewall IE Protected Mode Windows Security Center Address Space Layout Randomization (ASLR) Data Execution Prevention (DEP) Secure Platform Data Protection Network Protection Security Development Lifecycle (SDL) Windows Server Virtualization (Hypervisor) Role Management Tool OS File Integrity Rights Management Services (RMS) Full volume encryption (Bitlocker) USB Device-connection rules with Group Policy Improved Auditing Windows Server Backup Network Access Protection (NAP) Server and Domain Isolation with IPsec End-to-end Network Authentication Windows Firewall With Advanced Security On By Default Identity Access Read-only Domain Controller (RODC) Active Directory Federation Srvcs. (ADFS) Administrative Role Separation PKI Management Console Online Certificate Status Protocol Secure collaboration Easily managing multiple identities Government sponsored identities (eID) Hardware supported trust platform Disparate directories synchronization Domain/Directory Certificate Services Services ADFS Centralized ID controls and mgmt. Embedded identity into applications Policy Governance / Compliance Role Based Permissions Identity and Data Privacy ILM/MIIS Authorization Manager RMS NAP Essentials: Health policy validation and remediation Helps keep mobile devices in compliance Reduces risk from unauthorized systems on the network Policy Servers such as: Patch, AV Windows Client DHCP, VPN Switch/Router Microsoft, Juniper, CISCO, Not policy compliant NPS Remediation Servers Policy compliant Corporate Network Restricted Network Example: Patch Edge, server and client protection “Point to Point” Solutions Security of data at rest and in transit Mobile workforce Manageability Corporate Edge Protection Server Protection Client Protection Consumer/ Small Business Simple PC maintenance Anti-Virus Anti-Spyware Anti-Phishing Firewall Performance Tuning Backup and Restore RAV acquisition Forefront Server Security products integrate and ship with industry-leading antivirus scan engines from Each scan job in a Forefront Server Security product can run up to five engines simultaneously •Internal Messaging and Collaboration Servers A B C D E Forefront engine sets and other vendors •= less than 5 hours •= bet 5 and 24 hours •= more than 24 hours Signature response times in hours FF Set 1 FF Set 2 FF Set 3 FF Set 4 FF Set 5 Engine M Engine S Engine T 0406 Mytob.NQ@mm 1.53 1.00 1.00 1.00 3.07 9.93 17.35 2.10 0406 Mytob.NQ@mm 1.00 1.12 1.00 1.00 1.00 28.07 11.57 3.52 23.03 1.00 23.03 25.28 1.00 0.00 29.90 39.02 0406 Nugache.a 1.00 25.45 1.00 1.00 1.00 34.10 12.90 48.05 0506 Numuen.F 0.00 24.43 0.00 0.00 0.00 1.00 10.33 14.95 0506 Numuen.H 1.00 31.72 1.00 1.00 1.00 103.83 251.85 114.78 0506 Numuen.G 3.15 8.20 3.15 3.15 3.15 1.00 151.80 468.97 0506 Banwarum.C@mm 87.47 1.00 87.47 87.47 1.00 116.73 72.95 129.25 0506 Banwarum.B@mm 12.05 1.00 1.82 1.82 1.00 116.73 22.45 32.85 0506 Rbot!E905 0.00 0.00 0.00 0.00 0.00 1,141.78 217.57 1.00 0606 Bagle.EG 0.00 0.00 0.00 0.00 0.00 0.00 7.32 0.00 0606 Bagle.EH@mm 0.00 1.25 0.00 0.00 0.00 0.00 18.43 0.00 0606 Bagle.EG@mm 0.00 3.62 0.00 0.00 1.00 0.00 26.48 0.00 0606 Bagle.LY@mm 0.00 0.00 0.00 0.00 0.00 0.00 6.40 2.47 0706 Feebs.gen@mm 0.00 0.00 0.00 0.00 0.00 0.00 0.00 503.80 0706 Feebs.EU 0.00 1.00 0.00 0.00 0.00 52.30 173.17 38.97 0706 Virut.A 0.00 0.00 0.00 0.00 0.00 0.00 0.00 1,317.02 MM/YY VIRUS 0406 Spybot!04C2 A Engines used are not always the same.They are dynamically allocated from the available pool. B Bias Max Certainty: uses all engines (100%) Favor Certainty: uses all available engines Neutral: uses approximately 50% of available engines Favor Performance: uses 25% of available engines Max Performance: uses one engine for every scan Client Anti-Malware Unified Protection One engine for virus and spyware protection ® Used in Windows Defender, OneCare, Forefront Client Security Protection for Windows 2000 Workstation/Server, Windows XP, Windows 2003, Windows Vista and Windows Server 2008 clients Compatible with NAP / Longhorn through Windows Security Center Detection and removal capabilities include: Real-time, scheduled or on-demand detection & removal Real-time detection uses Windows Filter Manager technology Checks to ensure system is fully functional after cleaning Scanning dozens of archives and packers Using tunneling signatures that bypass user mode rootkits Code emulation for behavior analysis and polymorphic viruses Heuristic detections for new malware Client Anti-Malware Unified Protection FOR INDIVIDUAL USERS MSRT Remove most prevalent viruses Remove all known viruses Real-time antivirus Remove all known spyware Real-time antispyware Central reporting and alerting Customization IT Infrastructure Integration Windows Defender FOR BUSINESSES Windows Live Microsoft OneCare Safety Windows Live Forefront Client Scanner OneCare Security Critical Visibility & Control FCS is also a vulnerability assessment system •“Is my environment compliant with security best practices?” •“Has my level of vulnerability exposure changed over time?” •“What portion of my environment is at high risk?” Poor integration across the platform “Point to Point” Solutions Standards Adoption Compliance Reporting Manageability Management System System Center, Active Directory GPO Data BitLocker, EFS, RMS, SharePoint, SQL User Active Directory and Identity Lifecycle Mgr Application SDL process, IIS, Visual Studio, and .NET Device Forefront Client Security, Exchange IMF Internal Network Perimeter Network Access Protection, IPSec Forefront Edge and Server Security, NAP “DEFENSE IN DEPTH” End-users awareness is on base level “Policies, Procedures & Awareness” Security awareness can affect any aspect of the organization security Security awareness is an important part in security because many attacks rely on human error to be successful. Data Applications Workstations / Hosts Network Network Border Physical security Policies, Procedures & Awareness Microsoft Security Home Page: www.microsoft.com/security Microsoft Security Portal: www.microsoft.com/security/portal Microsoft Trustworthy Computing: www.microsoft.com/security/twc Microsoft Forefront: www.microsoft.com/forefront Microsoft OneCare: www.windowsonecare.com Infrastructure Optimization: www.microsoft.com/io Microsoft Security Assessment Tool: www.microsoft.com/security/msat General Information: Microsoft Live Safety Center: safety.live.com Microsoft Security Response Center: www.microsoft.com/security/msrc Security Development Lifecycle: http://msdn2.microsoft.com/enus/library/ms998404.aspx Get the Facts on Windows and Linux: www.microsoft.com/windowsserver/compare Anti-Malware: Understanding malware http://download.microsoft.com/download/a/b/e/abefdf1c96bd-40d6-a138-e320b6b25bd3/understandingantimalwaretechnologies.pdf Microsoft Defender: www.microsoft.com/athome/security/spyware/software Spyware Criteria: www.microsoft.com/athome/security/spyware/software/isv Guidance Centers: Security Guidance Centers: www.microsoft.com/security/guidance Security Guidance for IT Professionals: www.microsoft.com/technet/security The Microsoft Security Developer Center: msdn.microsoft.com/security The Security at Home Consumer Site: www.microsoft.com/athome/security Certifications and awards for Forefront&Windows OneCare: VB 100% award Forefront Client Security April 2008 on Vista SP1 Business Edition VB 100% award Forefront Client Security June 2007 On Windows XP and August 2007 on Windows Vista x64 ICSA Labs certification – Forefront is the only product certifed for Exchange 2007 West Coast Labs’ Checkmark certification Industry thought leadership “Behavioral Classification” paper delivered at 2006 European Institute for Computer Antivirus Research (EICAR) conference http://www.virusbtn.com/vb100/archive/results?vendor=VE52 • Source: Gartner, Magic Quadrant for E-Mail Security Boundary, 2006 Gartner Magic Quadrant for endpoint protection platform December2007 •Banca Transilvania •Petrom •Hidroelectrica •Toyota Romania •Romgaz •Zentiva •Ministerul Integrarii Europene • and many … many others! The following platform & application products have earned Common Criteria certification (EAL4+) – highest certification for commercial software: • Windows Server 2003 Standard Edition SP 1 • Enterprise Edition SP 1 • Datacenter Edition SP 1 • Windows Server 2003 Certificate Services • Windows XP Professional SP 2 • Windows XP Embedded SP 2 • Exchange Server 2003 • ISA Server 2004 • Rights Management Service • Windows Mobile 5/6 EAL2+ © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.