Presentation is loading. Please wait.

Presentation is loading. Please wait.

TAL SARID | PRINCIPAL CONSULTANT | MCS. Agenda Today’s Security Challenges Windows Security Next Generation Windows 2012 Security.

Published byColin Fisher Modified over 8 years ago

Similar presentations

Presentation on theme: "TAL SARID | PRINCIPAL CONSULTANT | MCS. Agenda Today’s Security Challenges Windows Security Next Generation Windows 2012 Security."— Presentation transcript:

1 TAL SARID | PRINCIPAL CONSULTANT | MCS

2 Agenda Today’s Security Challenges Windows Security Next Generation Windows 2012 Security

3 Phone-call security scam targeting PC users Microsoft is warning customers about a new threat where criminals acting as computer security engineers call people at home to warn them about a security threat. In the news… Lost Devices Cost Companies Billions Last month, an oil giant announced an unencrypted laptop containing sensitive information on 13,000 individuals. The incident may cost The Stealthiest Rootkit in the Wild? Feds launched the raids against individuals who have allegedly been managing the Rustock "botnet," a vast network of computers around the globe, that have been infected with malicious software that allows the devices to distribute enormous volumes of spam... Michigan firm about to determine 200,000 account passwords in under an hour The most popular passwords among nearly 400,000 exposed by the Gawker hack was "123456“ and “password” according to an analysis done by a Michigan security firm. itself. RSA warns customers after company is hacked SecurID tokens from EMC's RSA Security division, which are used for two-factor authentication, have been compromised after a sophisticated cyber-attack… Security firm's confidential data is exposed after successful hack A web application security provider has just revealed that a cyber attack appears to have exposed sensitive data about the companies partners and employees, including there login credentials. Representatives form the company haven't respond to emails asking confirmation... Microsoft Work Exposes Magnitude of Botnet Threat Microsoft's Security Intelligence Report sheds light on the expanding threat that bots… Researchers Discover Link Between a Series of Trojans A difficult to remove rootkit behind numerous sophisticated attacks, appears to have helped spread yet another Trojan.

4 Challenges

5 2012: IT challenges What generation are you? Going hybrid… Mobile Workforce Generational Hybrid Cloud

6 BROWSERS SMART PHONES SLATESPCsLAPTOPSSERVERS Today there are as many devices as humans on the planet! In 3 years there will be a ratio of 3:1 for every human!!!

7 Security “things” to think about… Encryption Assurance Level Policy Auditing Identity Remote Access Information Protection

8 SERVERS

9 PCs

10 LAPTOPS

11 SLATES

12 SMART PHONES

13 BROWSERS

14 Work-life blur Information On the go Productive From anywhere Windows Security

15 15 Windows Security

16 DEVICES COMPUTE Centralized Management Secure Remote Access Virtual Smartcards Trusted Boot Bitlocker Direct Access Virtual Smartcards Trusted Boot Bitlocker Direct Access

17 Virtual Smartcards

18 Virtual Smart Cards Emulate the functionality of traditional smart cards Utilizes the Trusted Platform Module (TPM) Multiple smart cards can be associated with a single computer to support multiple users Provide comparable level of security assurance as traditional smart cards Non-exportability Isolated cryptography Anti-hammering

19 Trusted & Measured Boot

20 Trusted Boot: Early Load Anti-Malware Until now… Windows Malware is able to boot before OS and Anti-malware Malware able to hide and remain undetected Systems can be compromised before AM starts Secure Boot loads Anti-Malware early in the boot process Early Load Anti-Malware (ELAM) driver is specially signed by Microsoft Windows starts AM software before any 3rd party boot drivers Malware can no longer bypass AM inspection UEFI 2.3.1

21 Enhanced Measured Boot Windows Windows 7 Measurements of some boot components evaluated as part of boot Only enabled when BitLocker has been provisioned Measures all boot components Measurements are stored in a Trusted Platform Module (TPM) Remote attestation, if available, can evaluate client state Enabled when TPM is present. BitLocker not required

22 Bitlocker

23 Windows 8 Improvements  Fast encryption with Used Disk Space Only Encryption  ActiveSync to enforce BitLocker in non domain joined & BYOD Server 2012 Improvements  Storage Area Networks (SAN) Support  Windows Server Cluster Support  Network Unlock  Active Directory Users and Computers UI Enterprise Management with MBAM…

24 www.microsoft.com/en-us/download/details.aspx?id=24626&hash=wNAzyTY2nXoIrlY%2b3LjX45stIwpLzu%2fntPqr2g5CO4PpkwNm%2bmCwOP6Ta0lfDFIOlHWZVrhU%2bbePlDwrmPHw7A%3d%3d www.Microsoft.com/getmbam +

25 Direct Access

26 COMPUTE DirectAccess Client Domain member Internet Direct Access Server IPsec IPsec – Using computer certificates, domain membership, possibly smartcards and NAP health certificates Windows 8 Windows 2012 Corporate Network Applications & Data DC & DNS (Win 2003+) Management Servers Possible IPsec end-to-end IPv6 tunneling IPv6 Transition Technologies Group Policy Direct Access

27 Let’s take a look…

28 Next Generation Security Windows 2012 Server

29 Virtualization Security PKI management and Lifecycle New Windows settings, features and control Data classification Auditing Encryption Expression based access Group PolicyCertificates Dynamic Access Control Extensible switch Virtual Networks Security enhancements

30 My Top 5 Security Group Policy Settings: 1.Prevent connection to non-domain networks when connected to domain authentication network 2.Advanced Auditing Policy Configuration 3.File Servers – Central Access Policy 4.Log Certificate Expiry events 5.Kerberos Client support for claims

31 Virtualization

32 Hyper-V Network Virtualization Server Virtualization Run multiple virtual servers on a physical server Each VM has illusion it is running as a physical server Hyper-V Network Virtualization Run multiple virtual networks on a physical network Each virtual network has illusion it is running as a physical network Blue VMRed VM Virtualization Physical Server Blue NetworkRed Network Physical Network

33 Different subnets Standards-Based Encapsulation - NVGRE 10.0.0.5 10.0.0.7 192.168.2.22 192.168.5.55 192.168.2.22  192.168.5.55 10.0.0.5  10.0.0.7 GRE Key 5001 MAC 10.0.0.5  10.0.0.7 10.0.0.7 GRE Key 6001 MACMAC 192.168.2.22  192.168.5.55 10.0.0.5  10.0.0.7 10.0.0.7 10.0.0.7 10.0.0.7 10.0.0.7 10.0.0.7 10.0.0.7 10.0.0.7 http://www.ietf.org/id/draft-sridharan-virtualization-nvgre-01.txt http://tools.ietf.org/html/rfc1701

34 Extensible (Layer 2) Switch Capture Extensions WFP Extensions Filtering Extensions Forwarding Extensions Add-VMNetworkAdapterAcl -VMName VM60 -RemoteIPAddress * -Direction BOTH -Action Deny Add-VMNetworkAdapterAcl -VMName VM60 -RemoteIPAddress 192.168.1.20 -Direction BOTH -Action

35 Cisco Nexus 1000V for Hyper-V

36 Hyper-V Network Virtualization Ecosystem

37 Certificates

38 Authentication Digital Signatures Authenticode Applications S/MIME Signature Driver Signing SSL LDAP/S S/MIME Encryption EFS IPSEC Routers Digital SignatureEncryption Smartcards SSL Client Auth Non Doman joined SCOM Mobile Device Wireless Federations Azure Office 365 Certificates not a niche service anymore… Wireless Wired DHCP IPSEC Direct Access Remote Desktop Health (NAP)

39 My Top 5 new features in Certificate Services 1.Certificate /s store expiry notifications 2.Group protected PFX 3.Shared SSL storage 4.Version 4 templates 5.Non Domain Joined Issuance and renewal!

40 Dynamic Access Control ( DAC )

41 Data Classification Flexible access control lists based on document classification and multiple identities (security groups). Centralized access control lists using Central Access Policies. Targeted access auditing based on document classification and user identity. Centralized deployment of audit polices using Global Audit Policies. Automatic RMS encryption based on document classification. Expression based auditing Expression based access conditions Encryption Classify your documents using resource properties stored in Active Directory. Automatically classify documents based on document content. DAC Concepts

42 User claims User.Department = Finance User.Clearance = High ACCESS POLICY Applies to: @File.Impact = High Allow | Read, Write | if (@User.Department == @File.Department) AND (@Device.Managed == True) Device claims Device.Department = Finance Device.Managed = True Resource properties Resource.Department = Finance Resource.Impact = High AD DS 42 Central access policies File Server

43 43 Let’s take a look…

44 http://www.microsoft.com/en-us/download/details.aspx?id=30152

45 So…what did we talk about? Mobile and Windows Security Virtual Smartcards, Secure Boot, Measured Boot, Bitlocker, Direct Access… Server 2012 Security Network Virtualization, Group Policy, DAC, RMS and ADCS… Next Steps 

46 Windows 2012 Jumpstart: http://technet.microsoft.com/en-us/video/windows-server-2012-jump-start-01-core-hyper-v.aspx Windows 2012 Virtual Labs: http://technet.microsoft.com/en-us/windowsserver/hh968267.aspx Private Cloud Jumpstart: http://technet.microsoft.com/en-us/video/private-cloud-jump-start-01-introduction-to-the-microsoft-private-cloud-with-system-center-2012 Hands on Labs

47 Windows 2012 PRIVATE CLOUDs Windows Azure Hybrid DEVICES COMPUTE VIRTUALIZED SERVERS & Going Hybrid DEVICES

48 DOWNLOAD WINDOWS SERVER 2012 RTM HTTP://TECHNET.MICROSOFT.COM/HE- IL/EVALCENTER/HH670538 WHAT NEXT?

49 NEXT GEN YOUR SECURITY!

50 Tal Sarid | Principal Consultant | MCS talsa@microsoft.com

Download ppt "TAL SARID | PRINCIPAL CONSULTANT | MCS. Agenda Today’s Security Challenges Windows Security Next Generation Windows 2012 Security."

Similar presentations

Ljubomir Ivaniš CPU d.o.o.

Ljubomir Ivaniš CPU d.o.o.
2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.

2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.
Preparing for security in Windows 8

Preparing for security in Windows 8
? ? AreaPropertiesValues Information Privacy Personally Identifiable InformationHigh; Moderate; Low; Public; Not PII Protected Health InformationHigh;

? ? AreaPropertiesValues Information Privacy Personally Identifiable InformationHigh; Moderate; Low; Public; Not PII Protected Health InformationHigh;
? ? 63K confirmed security incidents for 2013 w/ 1,367 confirmed data breaches. Over 40% targeted at server assets. 73% of enterprise IT hardware decision.

? ? 63K confirmed security incidents for 2013 w/ 1,367 confirmed data breaches. Over 40% targeted at server assets. 73% of enterprise IT hardware decision.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
Network and Server Basics. 6/1/20152 Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server.

Network and Server Basics. 6/1/20152 Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server.
Script Kiddies; CybercrimeCyber-espionage; Cyber-warfare CybercriminalsState sponsored actions; Unlimited resources Attacks on fortune 500All sectors.

Script Kiddies; CybercrimeCyber-espionage; Cyber-warfare CybercriminalsState sponsored actions; Unlimited resources Attacks on fortune 500All sectors.
Understanding Active Directory

Understanding Active Directory
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
Dan Stolts IT Pro Evangelist US DPE - North East Microsoft Corporation

Dan Stolts IT Pro Evangelist US DPE - North East Microsoft Corporation
Security and Policy Enforcement Mark Gibson Dave Northey

Security and Policy Enforcement Mark Gibson Dave Northey
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Windows Server 2012 R2 Capabilities for BYOD Scenario Yuri Diogenes Senior Knowledge Engineer Data Center, Devices & Enterprise Client – CSI Team’s Page:

Windows Server 2012 R2 Capabilities for BYOD Scenario Yuri Diogenes Senior Knowledge Engineer Data Center, Devices & Enterprise Client – CSI Team’s Page:
? ? 63K confirmed security incidents for 2013 w/ 1,367 confirmed data breaches. Over 40% targeted at server assets. 73% of enterprise IT hardware.

? ? 63K confirmed security incidents for 2013 w/ 1,367 confirmed data breaches. Over 40% targeted at server assets. 73% of enterprise IT hardware.
PKI Network Authentication Dartmouth Applications Robert Brentrup Educause/Dartmouth PKI Summit July 27, 2005.

PKI Network Authentication Dartmouth Applications Robert Brentrup Educause/Dartmouth PKI Summit July 27, 2005.
Page Copyright Giritech A/S an – Excitor company.

Page Copyright Giritech A/S an – Excitor company.
Empower Enterprise Mobility Jasbir Gill Azure Mobility.

Empower Enterprise Mobility Jasbir Gill Azure Mobility.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Similar presentations

Ads by Google