Presentation on theme: "What’s Next for Microsoft Security? Kai Axford, CISSP, MCSE-Security IT Pro Evangelist Microsoft Corporation"— Presentation transcript:
What’s Next for Microsoft Security? Kai Axford, CISSP, MCSE-Security IT Pro Evangelist Microsoft Corporation firstname.lastname@example.org
Service Pack 2 Malicious Software Removal Tool 2B total executions; 200M per month Focus on most prevalent malware Dramatically reduced the # of Bot infections Most popular download in Microsoft history!! Helps protect more than 25 million customers Great feedback from SpyNet participants As of February 2006 Security Configuration Wizard More secure by design; more secure by default More than 4.7 million downloads Service Pack 1 More than 260 million copies distributed. Enterprise deployment at 61% 15 times less likely to be infected by malware Significantly fewer important & critical vulnerabilities What’s Next for Security? Our Security Progress so far…
Windows Vista Certificate Lifecycle Manager Secure Messaging with Antigen and FrontBridge Network Access Protection ISA Server 2006 What’s Next for Security? So what products is Microsoft working on now?
Service Hardening Windows services are profiled for allowed actions to the network, file system, and registry Services run with reduced privilege compared to Windows XP Designed to block attempts by malicious software to make a Windows service write to an area of the network, file system, or registry that isn’t part of that service’s profile Activeprotection File system Registry Network Windows Vista Windows Service Hardening: Defense in depth
Social Engineering Protections Phishing Filter and Colored Address Bar Dangerous Settings Notification Secure defaults for International Domain Names (IDN) Protection From Exploits Unified URL Parsing Code quality improvements (SDL) ActiveX Opt-in Protected Mode to prevent malicious software Windows Vista Internet Explorer 7.0
Challenges Users with elevated privileges means increased risk Line of Business (LoB) applications require elevated privileges to run Common Operating System Configuration tasks require elevated privilege Goal Allow businesses to move to a better-managed desktop and consumers to use parental controls Windows Vista User Account Control (UAC)
Formerly Secure Start-up Designed specifically to prevent a thief who boots another Operating System or runs a hacking tool from breaking Windows file and system protections Provides data protection on your Windows client systems, even when the system is in unauthorized hands or is running a different or exploiting Operating System Uses a v1.2 TPM or USB flash drive for key storage BitLocker BitLocker Windows Vista BitLocker™ Drive Encryption
1 3 Linux Bitlocker volume errors 1.Fdisk reads partition table... thinks FVE partition is ntfs 2.wrong fs type, bad option, bad superblock on /dev/sda2, missing codepage or other error 3.Primary boot sector is invalid, Not an NTFS volumn 2 BitLocker™ Drive In LINUX
Certificate Lifecycle Manager Functional overview Single administration point for digital certificates and smart cards Configurable policy-based workflows for common tasks (enroll, renew, revoke, etc.) Detailed auditing and reporting Support for both centralized and self-service scenarios Integration with existing infrastructure What is Microsoft Certificate Lifecycle Manager?
Microsoft Certificate Lifecycle Manager Microsoft CAs End User Physical Architecture SQL AD E-mail Certificate Lifecycle Manager Architectural overview Certificate Lifecycle Manager Architectural Overview Server Side - Certificate Lifecycle Manager Windows Server 2003 Certificate Services Add-on SQL Server 2000 SP3 Email/SMTP service Client Side- Certificate Lifecycle Manager Client Bulk Smart Card Issuance Tool
Authentication and Authorization Managed Services Corporate Network External Firewall ISA Server Internal Firewall DMZ On-Premise Software Antigen for Exchange Antigen for SMTP Gateways Advanced Spam Manager FrontBridge E-mail Filtering Services Internet Microsoft Secure Messaging Multi-Layer Secure Messaging
E-mailFiltering MessageArchiveSecureE-mail ActiveMessageContinuity Layered anti-spam Multi-engine anti-virus Customized content and policy enforcement Real-time attack prevention Interception-based message archiving Customized report generation for demonstrating compliance Fully-indexed, searchable archive Rapid deployment to meet deadlines or immediate needs Full e-mail encryption No public and private key management Gateway, policy-based e- mail encryption Uninterrupted e-mail accessibility Rapid recovery from unplanned disasters and network outages 30-day historical e-mail store FrontBridge E-mail Complexity Requires Flexibility
Edge and connection-based blocking Directory services, real- time attack prevention, multi-layer virus scanning and content filtering Advanced spam filtering Fingerprinting, SPF lookups, rules based scoring E-Mail queuing E-Mail quarantine FrontBridge E-Mail Filtering
Microsoft Antigen What is Antigen? Antigen for SMTP/Exchange On-premise, server-based mail scanning software Provides antivirus, anti-spam, content and file filtering Multiple complementary technologies used Complete end user control Protection against internal threats and virus propagation
All Antigen products integrate multiple antivirus engines from 3 rd party vendors. Four engines provided as part of base cost. AhnLabs Authentium Command CA InoculateIT* CA VET* Kaspersky Lab Norman Data Defense* Sophos* Virus Busters *Default engines The MS Antivirus engine will be provided in the first Microsoft-branded version of Antigen Microsoft Antigen Overview
Sober.P Virus Detection Time May 2, 2005 (GMT) No. Updates/Day Kaspersky18.5 Dr. Web 10.7 Sophos2.7 BitDefender1.7 ClamAV1.5 AntiVir1.4 F-Secure1.4 Panda1.3 Ikarus1.1 Symantec1.1 Trend Micro 1.0 AV-Test.org May 2005 AV-Test.org Feb. 2005 January 2005 Updates Time of Day Hour : Minute Note: the chart (left) represents a single virus outbreak only. It does not represent average response times for the listed antivirus labs. Antigen Engines Microsoft Antigen Signature Updates
Detects and removes viruses in e-mail messages and attachments Scans at SMTP stack (most processing intensive scans) Scans real-time at Exchange information Store Provides on-demand and scheduled scans of information store Uses Microsoft-approved virus scanning API integration for Exchange 2000 and 2003 Provides advanced content-filtering capabilities for messages and attachments Integrates file filtering, keyword filtering and anti-spam at the SMTP routing level Protects Exchange Server 5.5, 2000, and 2003 ISA Server Exchange Front End Exchange Site 1 Exchange Site 2 Internet Exchange Public Folder Server Exchange Mailbox Server Microsoft Antigen Antigen for Exchange
Virus entering the enterprise by: Employees returning from trips Consultants/guests plugging in Employees VPN-ing in Attacking vulnerable machines in the network YearVirus WW Financial Impact (USD) 1999Melissa 1.10 Billion 2000 Love Bug 8.75 Billion 2001 Code Red 2.75 Billion 2002Klez 750 Million 2003Slammer 1.25 Billion Causing loss of productivity and financial loss Source: Virus Attack Costs are Rising –Again. Computer Economics, Inc. Sept 2003.Manage/MonitorNAPDescription Health Check? Yes Check machine state before allowing access Remediate Vulnerabilities? Yes In conjunction with SMS/WUS and 3 rd Parties Detect/Manage?Yes In conjunction with SMS/MOM and 3 rd parties IT Administrators looking for tools to: Network Access Protection Why you need a NAP…
Accessing the network X DHCP Remediation Server IAS May I have a DHCP address? Here you go. Health Registration Authority May I have a health certificate? Here’s my SoH. Client ok? No! Needs updates. You don’t get a health certificate! Get updates! I need updates. Here you go. Yes. Issue health certificate. Here’s your health certificate. Client Quarantine Zone Boundary Zone Protected Zone Network Access Protection IPSec-based NAP Walk-through
External Web Site Administrator Attacker ISA 2006 Appliance DMZ Internal Network Internet Extranet Web Server External Attack Resilience Internal Attack Resilience Minimal Downtime Remediation Measures Better Management ISA Server 2006 Web Access Protection
Over 1,500 IT Pro’s visited security content on Microsoft.com 250 customers downloaded Windows Server 2003 SP1 250 customers downloaded Windows Server 2003 SP1 Over 50,000 users ran the Malicious Software Removal Tool 2 instances of the Sasser worm were removed 149 Bot infections were found and removed Over 18,000 additional users installed Windows Defender ~7,500 pieces of spyware and other potentially unwanted software were removed In the last 30 minutes Did you realize?
Microsoft Security Resources Windows Vista Beta Windows Vista Betahttp://www.microsoft.com/windowsvista/ Certificate Lifecycle Manager Beta Certificate Lifecycle Manager Betahttp://www.microsoft.com/windowsserversystem/clm/default.mspx Antigen and FrontBridge Antigen and FrontBridgehttp://www.microsoft.com/securemessaging Network Access Protection Beta Network Access Protection Betahttp://www.microsoft.com/technet/itsolutions/network/nap/beta.mspx ISA Server 2006 Beta ISA Server 2006 Betahttp://www.microsoft.com/isaserver/2006/