Mark Gibson Solution Specialist Microsoft

Microsoft Trustworthy Computing Addressing Security Threats with Microsoft Next Steps

Security Tools Education and Training Security Readiness

Design Threat Modeling Standards, best practices, and tools Security PushFinal Security Review RTM and Deployment Signoff Security Response Product Inception

Secure Platform Secure Access Data Protection Rights Management Services (RMS) SharePoint, Exchange, Windows Mobile integration Encrypting File System (EFS) Bitlocker Malware Protection User Account Control Network Access Protection (NAP) IPv6 IPsec Windows CardSpace Native smart card support GINA Re-architecture Certificate Services Credential roaming Security Development Lifecycle (SDL) Kernel Patch Protection Kernel-mode Driver Signing Secure Startup Windows Service Hardening Windows Defender IE Protected Mode Address Space Layout Randomization (ASLR) Data Execution Prevention (DEP) Bi-directional Firewall Windows Security Center

Security Development Lifecycle (SDL) Windows Server Virtualization (Hypervisor) Role Management Tool OS File Integrity Secure Platform Network Protection Identity Access Data Protection Read-only Domain Controller (RODC) Active Directory Federation Srvcs. (ADFS) Administrative Role Separation PKI Management Console Online Certificate Status Protocol Network Access Protection (NAP) Server and Domain Isolation with IPsec End-to-end Network Authentication Windows Firewall With Advanced Security On By Default Rights Management Services (RMS) Full volume encryption (Bitlocker) USB Device-connection rules with Group Policy Improved Auditing Windows Server Backup

Technology Process People IT is a strategic asset Users look to IT as a valued partner to enable new business initiatives IT Staff manages an efficient, controlled environment Users have the right tools, availability, and access to info IT Staff trained in best practices such as MOF, ITIL, etc. Users expect basic services from IT IT staff taxed by operational challenges Users come up with their own IT solutions Self-assessing and continuous improvement Easy, secure access to info from anywhere on Internet SLAs are linked to business objectives Clearly defined and enforced images, security, best practices Central Admin and configuration of security Standard desktop images defined, not adopted by all IT processes undefined Complexity due to localized processes and minimal central control Self provisioning and quarantine capable systems ensure compliance and high availability Automate identity and access management Automated system management Multiple directories for authentication Limited automated software distribution Patch status of desktops is unknown No unified directory for access mgmt BasicStandardizedRationalizedDynamic Improve IT Maturity while Gaining ROI $1320/PC Cost$580/PC Cost $230/PC Cost < $100/PC Cost

Isolated Trusted Remediation Server Web Server Remote Access Gateway Infrastructure Servers Unmanaged Devices Malicious Users Trusted Home New Customer Unhealthy PC Secure Anywhere Access End-to-end security with IPv6 and IPsec Access driven by policy not topology Certificate based multi-factor authentication Health checks and remediation prior to access Policy-driven network access solutions Windows Firewall with advanced filtering Server and Domain Isolation Network Access Protection (NAP) ISA Server 2006 Intelligent Application Gateway (2007) Windows Filtering Platform

Authorization Manager RMS MIIS ADFS Domain/Directory Services Certificate Services Secure collaboration Easily managing multiple identities Government sponsored identities (eID) Hardware supported trust platform Disparate directories synchronization Centralized ID controls and mgmt. Embedded identity into applications Policy Governance / Compliance Role Based Permissions Identity and Data Privacy

Consumer/ Small Business Corporate Client Protection Server ProtectionEdge Protection Simple PC maintenance Anti-Virus Anti-Spyware Anti-Phishing Firewall Performance Tuning Backup and Restore Edge, server and client protection “Point to Point” Solutions Security of data at rest and in transit Mobile workforce Manageability

Optimized access for employees, partners, and customers from virtually any device or location Secure Remote Access Enhanced connectivity and security for remote sites and applications Branch Office Security Increased resiliency for IT infrastructure from Internet-based threats Internet Access Protection

Multiple scan engines at multiple layers throughout the corporate infrastructure provide maximum protection against and collaboration threats Advanced Protection Tight integration with Microsoft Exchange, Windows-based SMTP, SharePoint and Office Communications Servers maximizes availability and management control Availability and Control Ensures organizations can eliminate inappropriate language and dangerous attachments from internal and external communications Secure Content

Unified malware protection for business desktops, laptops, and server operating systems that is easy to manage and control One spyware and virus protection solution Built on protection technology based Effective threat response Unified Protection One simplified security administration console Define one policy to manage client protection agent settings Integrates with your existing infrastructure Simplified Adminis- tration One dashboard for visibility into threats and vulnerabilities View insightful reports Stay informed with state assessment scans and security alerts Visibility and Control

Client and Server Operating System Server Applications Edge Microsoft Forefront provides greater protection and control over the security of your business’ network infrastructure

Management System System Center, Active Directory GPO Forefront Edge and Server Security, NAP Perimeter Network Access Protection, IPSec Internal Network Forefront Client Security, Exchange MSFP Device SDL process, IIS, Visual Studio, and.NET Application BitLocker, EFS, RMS, SharePoint, SQL Data User Active Directory and Identity Lifecycle Mgr Poor integration across the platform “Point to Point” Solutions Standards Adoption Compliance Reporting Manageability

Guidance Developer Tools Systems Management Active Directory Federation Services (ADFS) Identity Management Services Information Protection Encrypting File System (EFS) BitLocker™ Network Access Protection (NAP) Client and Server OS Server Applications Edge

ISA Server SP1 planned for 1 st half 2008 Forefront “Unified Access Gateway” planned for 1 st half CY2009 Forefront “Threat Management Gateway” planned for 1 st half CY2009 A subset of “Threat Management Gateway” features will ship as part of “Centro” Subset of “TMG” shipped in Windows Server Code Name “Centro”Subset of “TMG” shipped in Windows Server Code Name “Centro” Forefront “Unified Access Gateway” ISA Server 2006 SP1 Forefront “Threat Management Gateway” Forefront Code Name “Stirling”

Partner with your Microsoft Account Team to create or review your Security Action Plan Talk about Infrastructure Optimization and the value it could bring to your organization Implement a Defense-in-Depth security architecture using our advanced security technologies Leverage Microsoft prescriptive security guidance and online security training Stay informed through Microsoft Security Bulletins, Security Newsletters and Security Events

Microsoft Security Home Page: Microsoft Trustworthy Computing: Microsoft Forefront: Infrastructure Optimization: Microsoft Security Assessment Tool: General Information: Microsoft Live Safety Center: safety.live.comsafety.live.com Microsoft Security Response Center: Security Development Lifecycle: msdn.microsoft.com/security/sdlmsdn.microsoft.com/security/sdl Get the Facts on Windows and Linux: Anti-Malware: Microsoft OneCare Live: beta.windowsonecare.combeta.windowsonecare.com Microsoft Defender: Spyware Criteria: Guidance Centers: Security Guidance Centers: Security Guidance for IT Professionals: The Microsoft Security Developer Center: msdn.microsoft.com/securitymsdn.microsoft.com/security The Security at Home Consumer Site:

© 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.