1. Urs P. Küderli Principal Security Architect Microsoft

3. Access to information from wherever and whenever Access to information on any device User-friendly, transparent Low TCO Security Demand for access Different access, authentication and authorization systems Different encryption technologies No interoperability ComplexExpensiveSecurity Escalating threats

7. Defense in Depth Identity & Access SDL and SD3 Threat Mitigation Threat Mitigation Security Development Lifecycle process Engineered for security Design threat modeling SD3: Secure by Design Secure by Default Secure In Deployment Automated patching and update services Windows Firewalls Protected Mode Web browsing Windows Server only installs what it needs, reduces attack surface Non-administrator users (UAC) Server & Domain Isolation (SDI) Advanced Memory Management (ASLR) Encrypted disk & file systems User controllable, authenticated identity Authenticated, authorized groups & individuals Policy-enforced access control to resources & data Federated personal & corporate identities Microsoft Security Response Center (MSRC) Microsoft Malware Protection Center (MMPC) Windows Live OneCare and Forefront Client Security, powered by the Microsoft Malware Protection Center Malicious Software Removal Tool (MSRT) (Network Access Protection (NAP/NAC)

8. Current Strategies No Strategy VisionVision Integrated Solutions Defense in Depth Integrated Identity SDL and SD3 Threat Mitigation Point Solutions Information Protection FirewallsFirewalls patchingpatching FirewallsFirewalls Anti-phishingAnti-phishing Anti-spywareAnti-spyware Anti-virusAnti-virus Identity Management phishing No Policy viruses malware denial of service data theft identity theft End-to-End Trust “I+4A” Social Economic Trusted Stack Data People Software Hardware Integrated Protection SDL & SD3 Defense in Depth Threat Mitigation Political

9. “I+4A” SDL and SD3 SD3 Defense in Depth ThreatMitigation Trusted Hardware SecureFoundation Core Trust Components Identity Claims Authentication Authorization Access Control Mechanisms Audit Trusted People TrustedStack Trusted Data Trusted Software Integrated Protection

14. How RAS worked at MS RAS Statistics: 55,000 unique users monthly 850,000 connections/month 45 seconds median time to successfully connect through quarantine 1700 Helpdesk calls per month Two Engineers 154 servers

15. Increase Agility More easily adapt to changing business needs and workforce trends, including tough new regulatory standards Boost Productivity Control IT costs by leveraging existing infrastructure investments Improve Protection Protect critical business information end-to-end and more effectively manage identities across the enterprise

16. Identity Strong two-factor authentication Role-based access to resources Federation with partners and customers Flexible, pervasive PKI infrastructure Protection Policy-based security controls and automated remediation Layered endpoint security solutions Secure platform Updates, anti-malware, firewall verified and controlled by policy Authenticated transactions via PKI and IPSec/IPv6 Endpoint encryption and data access controls

17. Networks Policy-based network access controls with auto- remediation IPSec support for flexible and secure domain isolation IPv6 for expanded address space and auto-config Gateways for older or less-capable platforms Ability to authenticate all network-level transactions Manageability Define and distribute security and group policies Asset and configuration management Patch distribution for applications and OS

19. Cost Benefits Reduced MSIT hardware compared to current VPN solution Scalability of Solution Reduced traffic/usage of the Proxies User Benefits Extends corpnet seamlessly to remote user No user initiation to connect Single Sign on Always on Easy to use; consistent experience Use Peer to Peer Technologies Security Benefits Promotes end-to-end host-based security System is always reachable (for scans, Group Policy, patching ) Proactive health (always checking for NAP, GPO, can be scanned while remote etc.)

21. Presentations TechDays: www.techdays.ch MSDN Events: http://www.microsoft.com/switzerland/msdn/de/presentationfinder.mspx MSDN Webcasts: http://www.microsoft.com/switzerland/msdn/de/finder/default.mspxwww.techdays.chhttp://www.microsoft.com/switzerland/msdn/de/presentationfinder.mspxhttp://www.microsoft.com/switzerland/msdn/de/finder/default.mspx MSDN Events MSDN Events: http://www.microsoft.com/switzerland/msdn/de/events/default.mspx Save the date: TechEd 2009 Europe, 9-13 November 2009, Berlinhttp://www.microsoft.com/switzerland/msdn/de/events/default.mspx MSDN Flash (our by weekly newsletter) Subscribe: http://www.microsoft.com/switzerland/msdn/de/flash.mspxhttp://www.microsoft.com/switzerland/msdn/de/flash.mspx MSDN Team Blog RSS: http://blogs.msdn.com/swiss_dpe_team/Default.aspxhttp://blogs.msdn.com/swiss_dpe_team/Default.aspx Developer User Groups & Communities Mobile Devices: http://www.pocketpc.ch/ Microsoft Solutions User Group Switzerland: www.msugs.ch.NET Managed User Group of Switzerland: www.dotmugs.ch FoxPro User Group Switzerland: www.fugs.chhttp://www.pocketpc.ch/www.msugs.chwww.dotmugs.chwww.fugs.ch

22. Presentations TechDays: www.techdays.chwww.techdays.ch TechNet Events TechNet Events: http://technet.microsoft.com/de-ch/bb291010.aspx Save the date: TechEd 2009 Europe, 9-13 November 2009, Berlinhttp://technet.microsoft.com/de-ch/bb291010.aspx TechNet Flash (our by weekly newsletter) Subscribe: http://technet.microsoft.com/de-ch/bb898852.aspxhttp://technet.microsoft.com/de-ch/bb898852.aspx Schweizer IT Professional und TechNet Blog RSS: http://blogs.technet.com/chitpro-de/http://blogs.technet.com/chitpro-de/ IT Professional User Groups & Communities SwissITPro User Group: www.swissitpro.ch NT Anwendergruppe Schweiz: www.nt-ag.ch PASS (Professional Association for SQL Server): www.sqlpass.chwww.swissitpro.chwww.nt-ag.chwww.sqlpass.ch

23. 7. – 8. April 2010 Congress Center Basel

24. Classic Sponsoring Partners Media Partner Premium Sponsoring Partners