Presentation is loading. Please wait.

Presentation is loading. Please wait.

Yaniv Feldman Senior Infrasec Architect Microsoft Security Regional Director

Published byDulcie McKenzie Modified over 8 years ago

Similar presentations

Presentation on theme: "Yaniv Feldman Senior Infrasec Architect Microsoft Security Regional Director"— Presentation transcript:

1 Yaniv Feldman Senior Infrasec Architect Microsoft Security Regional Director Db@net

2 SecurityWebVirtualization Reduces costs, increases hardware utilization, optimizes your infrastructure, and improves server availability Delivers rich web-based experiences efficiently and effectively Provides unprecedented levels of protection for your network, your data, and your business

3 Development Process Secure Startup and shield up at install Code integrity Windows service hardening Inbound and outbound firewall Restart Manager Improved auditing Network Access Protection Event Forwarding Policy Based Networking Server and Domain Isolation Removable Device Installation Control Active Directory Rights Management Services Security Compliance

4 DD D Reduce size of high risk layers Segment the services Increase # of layers Kernel Drivers D D User-mode Drivers D DD Service1 Service2 Service3 Service … Service… ServiceA ServiceB

5 Windows ® XP SP2/Server 2003 R2 LocalSystem Windows Vista/Server "Longhorn" Network Service Local Service LocalSystem Firewall Restricted LocalSystem Firewall Restricted Network Service Network Restricted Network Service Network Restricted Local Service No Network Access Local Service No Network Access LocalSystem Network Service Fully Restricted Network Service Fully Restricted Local Service Fully Restricted Local Service Fully Restricted

6 Combined firewall and IPsec management Firewall rules become more intelligent Policy-based networking

7 Only a subset of the executable files and DLLs installed No GUI interface installed 9 available Server Roles Can be managed with remote tools

8 Customization Troubleshooting Administration True application deployment Application and health management

9 Arsenal of Admin Tools Delegated Management Secure Remote Management Shared Config for Web Farms Better Tools Intuitive, Task Oriented GUI.NET Management API Unified WMI Provider for IIS/ASP.NET Powerful Command Line Support Rich Runtime State Information Automatic Failure Tracing & Logging Site Owner Web.config XML DelegationDelegation XCopy Deploy Administrator Internet Manage Remotely Secure HTTPS AppHost.config XML Shared Config Shared App Hosting Web Farm App

10 Group Policy allows central encryption policy and provides Branch Office protection Provides data protection, even when the system is in unauthorized hands or is running a different or exploiting Operating System Uses a v1.2 TPM or USB flash drive for key storage Full Volume Encryption Key (FVEK) Encryption Policy

11 AD RMS protects access to an organization’s digital files AD RMS in Windows Server 2008 includes several new features Improved installation and administration experience Self-enrollment of the AD RMS cluster Integration with AD Federation Services New AD RMS administrative roles Information Author The Recipient

12 AD FS provides an identity access solution Deploy federation servers in multiple organizations to facilitate business-to- business (B2B) transactions AD FS provides a Web- based, SSO solution AD FS interoperates with other security products that support the Web Services Architecture AD FS improved in Windows Server 2008 Web Server Account Federation Server Resource Federation Server Adatum Contoso Federation Trust

13 Main Office Branch Office RODC

14 Enterprise PKI (PKIView) Online Certificate Status Protocol (OSCP) Network Device Enrollment Service Web Enrollment

15 Cryptography Next Generation (CNG) Includes algorithms for encryption, digital signatures, key exchange, and hashing Supports cryptography in kernel mode Supports the current set of CryptoAPI 1.0 algorithms Support for elliptic curve cryptography (ECC) algorithms Perform basic cryptographic operations, such as creating hashes and encrypting and decrypting data

16 Internet Perimeter Network Corporate Network Remote/ Mobile User Terminal Services Gateway Network Policy Server Active Directory DC Tunnels RDP over HTTPs Strips off RDP / HTTPs Terminal Servers and other RDP Hosts RDP traffic passed to TS Internet

17 Remediation Servers Example: Patch Restricted Network Windows Client Policy compliant NPS DHCP, VPN Switch/Router Policy Servers such as: Patch, AV Corporate Network Not policy compliant What is Network Access Protection? Health Policy Validation Health Policy Compliance Ability to Provide Limited Access Enhanced Security Increased Business Value

18 11 Remediation Servers Example: Patch Restricted Network 11 Windows Client 22 22 DHCP, VPN or Switch/Router relays health status to Microsoft Network Policy Server (RADIUS) 33 33 Network Policy Server (NPS) validates against IT- defined health policy 44 If not policy compliant, client is put in a restricted VLAN and given access to fix up resources to download patches, configurations, signatures (Repeat 1 - 4) Not policy compliant 55 If policy compliant, client is granted full access to corporate network Policy compliant NPS DHCP, VPN Switch/Router 44 Policy Servers such as: Patch, AV Corporate Network 55 Client requests access to network and presents current health state

19 Policy based – was network access allowed Health based - % compliant per SHA

20

21 Windows 2008 Home http://www.microsoft.com/windowsserver2008/default.mspx Windows Server 2008 Technical Library http://technet2.microsoft.com/windowsserver2008/en/library/ba b0f1a1-54aa-4cef-9164-139e8bcc44751033.mspx?mfr=true Network Access Protection http://technet.microsoft.com/en- us/network/bb545879.aspx Terminal Services http://www.microsoft.com/windowsserver2008 /terminal-services/default.mspx

22 © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Yaniv Feldman Senior Infrasec Architect Microsoft Security Regional Director"

Similar presentations

Powerful and convenient management for Windows Mobile ® 6.1 devices in an enterprise environment. These features include: Centralized, over-the-air device.

Powerful and convenient management for Windows Mobile ® 6.1 devices in an enterprise environment. These features include: Centralized, over-the-air device.
Ljubomir Ivaniš CPU d.o.o.

Ljubomir Ivaniš CPU d.o.o.
The System Center Family Microsoft. Mobile Device Manager 2008.

The System Center Family Microsoft. Mobile Device Manager 2008.
© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.

© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
1. 2 Branch Office Network Performance Caches content downloaded from file and Web servers Users in the branch can quickly open files stored in the cache.

1. 2 Branch Office Network Performance Caches content downloaded from file and Web servers Users in the branch can quickly open files stored in the cache.
Feature: Reprint Outstanding Transactions Report © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product.

Feature: Reprint Outstanding Transactions Report © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product.
Chapter 10 Securing Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration.

Chapter 10 Securing Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration.
Feature: Purchase Requisitions - Requester © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.

Feature: Purchase Requisitions - Requester © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.
MIX 09 4/15/2017 11:14 PM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.

MIX 09 4/15/ :14 PM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
Module 3 Windows Server 2008 Branch Office Scenario.

Module 3 Windows Server 2008 Branch Office Scenario.
Providing 802.1X Enforcement For Network Access Protection Mudit Goel Development Manager Windows Enterprise Networking Microsoft Corporation.

Providing 802.1X Enforcement For Network Access Protection Mudit Goel Development Manager Windows Enterprise Networking Microsoft Corporation.
Technical Overview Nguyen An Que Technology Specialist Microsoft Vietnam

Technical Overview Nguyen An Que Technology Specialist Microsoft Vietnam
Connect with life Gopikrishna Kannan Program Manager | Microsoft Corporation

Connect with life Gopikrishna Kannan Program Manager | Microsoft Corporation
Understanding Active Directory

Understanding Active Directory
Dan Stolts IT Pro Evangelist US DPE - North East Microsoft Corporation

Dan Stolts IT Pro Evangelist US DPE - North East Microsoft Corporation
Security and Policy Enforcement Mark Gibson Dave Northey

Security and Policy Enforcement Mark Gibson Dave Northey
Michael Kleef Technology Advisor | Microsoft Australia

Michael Kleef Technology Advisor | Microsoft Australia
Next Generation Web Vitalis Konopelec Technology Solution Professional Microsoft Slovakia s.r.o.

Next Generation Web Vitalis Konopelec Technology Solution Professional Microsoft Slovakia s.r.o.
Exchange 2010 Overview Name Title Group. What You Tell Us Communication overload Globally distributed customers and partners High cost of communications.

Exchange 2010 Overview Name Title Group. What You Tell Us Communication overload Globally distributed customers and partners High cost of communications.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Similar presentations

Ads by Google