Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ovidiu Pismac Account Technology Specialist MCSE Security, CISSP Microsoft Corporation.

Similar presentations

Presentation on theme: "Ovidiu Pismac Account Technology Specialist MCSE Security, CISSP Microsoft Corporation."— Presentation transcript:

1 Ovidiu Pismac Account Technology Specialist MCSE Security, CISSP Microsoft Corporation

2 Microsoft Trustworthy Computing Addressing Security Threats with Microsoft Windows Vista Windows Server 2008 Forefront security family Security guidance and resources


4 Design Threat Modeling Standards, best practices, and tools Security PushFinal Security Review RTM and Deployment Signoff Security Response Product Inception

5 Secure Platform Secure Access Data Protection Rights Management Services (RMS) SharePoint, Exchange, Windows Mobile integration Encrypting File System (EFS) Bitlocker Malware Protection User Account Control Network Access Protection (NAP) IPv6 IPsec Windows CardSpace Native smart card support GINA Re-architecture Certificate Services Credential roaming Security Development Lifecycle (SDL) Kernel Patch Protection Kernel-mode Driver Signing Secure Startup Windows Service Hardening Windows Defender IE Protected Mode Address Space Layout Randomization (ASLR) Data Execution Prevention (DEP) Bi-directional Firewall Windows Security Center

6 Security Development Lifecycle (SDL) Windows Server Virtualization (Hypervisor) Role Management Tool OS File Integrity Secure Platform Network Protection Identity Access Data Protection Read-only Domain Controller (RODC) Active Directory Federation Srvcs. (ADFS) Administrative Role Separation PKI Management Console Online Certificate Status Protocol Network Access Protection (NAP) Server and Domain Isolation with IPsec End-to-end Network Authentication Windows Firewall With Advanced Security On By Default Rights Management Services (RMS) Full volume encryption (Bitlocker) USB Device-connection rules with Group Policy Improved Auditing Windows Server Backup

7 Authorization Manager RMS ILM/MIIS ADFS Domain/Directory Services Certificate Services Secure collaboration Easily managing multiple identities Government sponsored identities (eID) Hardware supported trust platform Disparate directories synchronization Centralized ID controls and mgmt. Embedded identity into applications Policy Governance / Compliance Role Based Permissions Identity and Data Privacy

8 NAP Essentials: Health policy validation and remediation Helps keep mobile devices in compliance Reduces risk from unauthorized systems on the network NAP Essentials: Health policy validation and remediation Helps keep mobile devices in compliance Reduces risk from unauthorized systems on the network Remediation Servers Example: Patch Restricted Network Windows Client Policy compliant NPS DHCP, VPN Switch/Router Microsoft, Juniper, CISCO, Policy Servers such as: Patch, AV Corporate Network Not policy compliant

9 Consumer/ Small Business Corporate Client Protection Server ProtectionEdge Protection Simple PC maintenance Anti-Virus Anti-Spyware Anti-Phishing Firewall Performance Tuning Backup and Restore Edge, server and client protection “Point to Point” Solutions Security of data at rest and in transit Mobile workforce Manageability

10 RAV acquisition

11 Forefront Server Security products integrate and ship with industry-leading antivirus scan engines from Each scan job in a Forefront Server Security product can run up to five engines simultaneously Internal Messaging and Collaboration Servers A B C E D

12 Forefront engine sets and other vendors Signature response times in hours MM/YY VIRUS FF Set 1FF Set 2FF Set 3FF Set 4FF Set 5 Engine MEngine SEngine T 0406 Mytob.NQ@mm 1.531.00 3.079.9317.352.10 0406 Mytob.NQ@mm 28.0711.573.52 0406 Spybot!04C2 23.031.0023.0325.281.000.0029.9039.02 0406 Nugache.a 1.0025.451.00 34.1012.9048.05 0506 Numuen.F 0.0024.430.00 1.0010.3314.95 0506 Numuen.H 1.0031.721.00 103.83251.85114.78 0506 Numuen.G 1.00151.80468.97 0506 Banwarum.C@mm 87.471.0087.47 1.00116.7372.95129.25 0506 Banwarum.B@mm 1.00116.7322.4532.85 0506 Rbot!E905 0.00 1,141.78217.571.00 0606 Bagle.EG 0.00 7.320.00 0606 Bagle.EH@mm 18.430.00 0606 Bagle.EG@mm 0.003.620.00 1.000.0026.480.00 0606 Bagle.LY@mm 0.00 6.402.47 0706 Feebs.gen@mm 0.00 503.80 0706 Feebs.EU 52.30173.1738.97 0706 Virut.A 0.00 1,317.02 = less than 5 hours = bet 5 and 24 hours= more than 24 hours

13 Bias Engines used are not always the same.They are dynamically allocated from the available pool. A B Max Certainty: uses all engines (100%) Favor Certainty: uses all available engines Neutral: uses approximately 50% of available engines Favor Performance: uses 25% of available engines Max Performance: uses one engine for every scan

14 One engine for virus and spyware protection Used in Windows ® Defender, OneCare, Forefront Client Security Protection for Windows 2000 Workstation/Server, Windows XP, Windows 2003, Windows Vista and Windows Server 2008 clients Compatible with NAP / Longhorn through Windows Security Center Detection and removal capabilities include: Real-time, scheduled or on-demand detection & removal Real-time detection uses Windows Filter Manager technology Checks to ensure system is fully functional after cleaning Scanning dozens of archives and packers Using tunneling signatures that bypass user mode rootkits Code emulation for behavior analysis and polymorphic viruses Heuristic detections for new malware Client Anti-Malware Unified Protection

15 Remove most prevalent viruses Remove all known viruses Real-time antivirus Remove all known spyware Real-time antispyware Central reporting and alerting Customization Microsoft Forefront Client Security MSRT Windows Defender Windows Live OneCare Safety Scanner Windows Live OneCare IT Infrastructure Integration FOR INDIVIDUAL USERS FOR BUSINESSES Client Anti-Malware Unified Protection

16 “Has my level of vulnerability exposure changed over time?” Critical Visibility & Control FCS is also a vulnerability assessment system FCS is also a vulnerability assessment system

17 Management System System Center, Active Directory GPO Forefront Edge and Server Security, NAP Perimeter Network Access Protection, IPSec Internal Network Forefront Client Security, Exchange IMF Device SDL process, IIS, Visual Studio, and.NET Application BitLocker, EFS, RMS, SharePoint, SQL Data User Active Directory and Identity Lifecycle Mgr Poor integration across the platform “Point to Point” Solutions Standards Adoption Compliance Reporting Manageability

18 End-users awareness is on base level “Policies, Procedures & Awareness” Security awareness can affect any aspect of the organization security Security awareness is an important part in security because many attacks rely on human error to be successful. Policies, Procedures & Awareness Network Border Network Workstations / Hosts Applications Data Physical security “DEFENSE IN DEPTH”

19 Microsoft Security Home Page: Microsoft Security Portal: Microsoft Trustworthy Computing: Microsoft Forefront: Microsoft OneCare: Infrastructure Optimization: Microsoft Security Assessment Tool: General Information: Microsoft Live Safety Center: Microsoft Security Response Center: Security Development Lifecycle: us/library/ms998404.aspx us/library/ms998404.aspx Get the Facts on Windows and Linux: Anti-Malware: Understanding malware 96bd-40d6-a138-e320b6b25bd3/understandingantimalwaretechnologies.pdf 96bd-40d6-a138-e320b6b25bd3/understandingantimalwaretechnologies.pdf Microsoft Defender: Spyware Criteria: Guidance Centers: Security Guidance Centers: Security Guidance for IT Professionals: The Microsoft Security Developer Center: The Security at Home Consumer Site:

20 Certifications and awards for Forefront&Windows OneCare: VB 100% award Forefront Client Security April 2008 on Vista SP1 Business Edition VB 100% award Forefront Client Security June 2007 On Windows XP and August 2007 on Windows Vista x64 ICSA Labs certification – Forefront is the only product certifed for Exchange 2007 West Coast Labs’ Checkmark certification Industry thought leadership “Behavioral Classification” paper delivered at 2006 European Institute for Computer Antivirus Research (EICAR) conference


22 Source: Gartner, Magic Quadrant for E-Mail Security Boundary, 2006

23 Gartner Magic Quadrant for endpoint protection platform December2007

24 Banca Transilvania Petrom Hidroelectrica Toyota Romania Romgaz Zentiva Ministerul Integrarii Europene and many … many others!

25 The following platform & application products have earned Common Criteria certification (EAL4+) – highest certification for commercial software: Windows Server 2003 Standard Edition SP 1 Enterprise Edition SP 1 Datacenter Edition SP 1 Windows Server 2003 Certificate Services Windows XP Professional SP 2 Windows XP Embedded SP 2 Exchange Server 2003 ISA Server 2004 Rights Management Service Windows Mobile 5/6 EAL2+

26 © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Ovidiu Pismac Account Technology Specialist MCSE Security, CISSP Microsoft Corporation."

Similar presentations

Ads by Google