Optimizing Client Security by Using Windows Vista.

Slides:

Advertisements

Similar presentations

Powerful and convenient management for Windows Mobile ® 6.1 devices in an enterprise environment. These features include: Centralized, over-the-air device.

Advertisements

The System Center Family Microsoft. Mobile Device Manager 2008.

Chapter 10 Securing Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration.

Building on the Foundation of Windows Vista: Introduction to Windows 7: Security and Management Dan Stolts IT Pro Evangelist Microsoft

Chapter 13 Securing Windows Server 2008

PETs and ID Management Privacy & Security Workshop JC Cannon Privacy Strategist Corporate Privacy Group Microsoft Corporation.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Module 3 Windows Server 2008 Branch Office Scenario.

Security Features in Windows Vista. What Will We Cover? Security fundamentals Protecting your company’s resources Anti-malware features.

Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.

WCL313 Windows Vista Security Overview Mike Chan Sr. Product Manager.

Security and Policy Enforcement Mark Gibson Dave Northey

Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.

Threat Management Gateway 2010 Questo sconosciuto? …ancora per poco! Manuela Polcaro Security Advisor.

Exchange 2010 Overview Name Title Group. What You Tell Us Communication overload Globally distributed customers and partners High cost of communications.

Windows XP Professional Deployment and Support Microsoft IT Shares Its Experiences Published: May 2002 (Revised October 2004)

Internet Explorer 7 Security Features Steve Lamb Technical Security Microsoft Ltd

Understanding Active Directory

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security and Compliance Bruce Cowper Senior Program Manager; Security Initiative Microsoft Canada Rodney Buike IT Pro Advisor Microsoft Canada.

Partnering For Profitability Growing your business with Microsoft Forefront Security Solutions Mark Hassall Director Security & Access BG Microsoft Corporation.

Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs Content may be customized.

May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

Working with Applications Lesson 7. Objectives Administer Internet Explorer Secure Internet Explorer Configure Application Compatibility Configure Application.

Clinic Security and Policy Enforcement in Windows Server 2008.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

A Holistic Approach to Malware Defense Bruce Cowper Senior Program Manager; Security Initiative Microsoft Canada.

Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.

1. Windows Vista Enterprise And Mid-Market User Scenarios 2. Customer Profiling And Segmentation Tools 3. Windows Vista Business Value And Infrastructure.

©Kwan Sai Kit, All Rights Reserved Windows Small Business Server 2003 Features.

Deploying PKI Inside Microsoft The experience of Microsoft in deploying its own corporate PKI Published: December 2003.

Hands-On Microsoft Windows Server 2008

Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.

Week #7 Objectives: Secure Windows 7 Desktop

Conditions and Terms of Use

Implementing Network Access Protection

Troubleshooting Windows Vista Security Chapter 4.

Module 14: Configuring Server Security Compliance

Section 1: Introducing Group Policy What Is Group Policy? Group Policy Scenarios New Group Policy Features Introduced with Windows Server 2008 and Windows.

Module 7: Fundamentals of Administering Windows Server 2008.

Windows Vista, 2007 Office system, and Exchange 2007 Better Together.

Windows Small Business Server 2003 Setting up and Connecting David Overton Partner Technical Specialist.

Module 2: Installing and Maintaining ISA Server. Overview Installing ISA Server 2004 Choosing ISA Server Clients Installing and Configuring Firewall Clients.

1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.

Security Fundamentals in Windows Vista Jayesh Mowjee Technical Consultant

Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.

Configuring Network Access Protection

Exchange Deployment Planning Services Exchange 2010 Complementary Products.

Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs This would be presented.

Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.

May 30 th – 31 st, 2007 Chateau Laurier Ottawa. Getting it Done: Understanding the Security Features of Windows Vista Kai Axford, CISSP, MCSE-Security.

May 25 – June 15, Technical Overview Bruce Cowper IT Pro Advisor Microsoft Canada Damir Bersinic IT Pro Advisor Microsoft.

Internet Explorer 7 Updated Advice for the NHS 04 February 2008 Version 1.3.

Securing Tomorrow’s World Microsoft Security Roadmap Ed Gibson & Steve Lamb Microsoft Ltd.

Asif Jinnah Field Desktop Services Enabling a Flexible Workforce, an insider’s view.

Boris Ulík Technology Solutions Professional Microsoft Slovakia Microsoft ® System Center 2012: System Center Endpoint Protection 2012.

Microsoft NDA Material Adwait Joshi Sr. Technical Product Manager Microsoft Corporation.

Labs. Session 1 Lab: Installing and Configuring Windows 7 Exercise 1: Migrating Settings by Using Windows Easy Transfer Exercise 2: Configuring a Reference.

SaaS Application Deep Dive

Threat Management Gateway

Cybersecurity Strategy

11/16/2018 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

{ Security Technologies}

Implementing Client Security on Windows 2000 and Windows XP Level 150

Securing Windows 7 Lesson 10.

Microsoft Virtual Academy

Microsoft Data Insights Summit

In the attack index…what number is your Company?

SBS 2008 – One year on David Overton

Presentation transcript:

Optimizing Client Security by Using Windows Vista

Agenda Introduction of Microsoft IT Common Security Attacks Windows VISTA Security Consideration for Line of Business Applications Network Access Protection Drive Down Enterprise Costs With Windows Vista, SMS And MOM Q&A

340,000+ computers 121,000 end users 98 countries 441 buildings 15,000 Windows Vista–based clients 25,000 Office 2007 clients 5,700 Exchange 12 mailboxes 31 “Longhorn”– based servers 46 million+ remote connections per month 189,000+ SharePoint sites 4 data centers 8,400 production servers messages per day: 3.3 million+ internal 10 million incoming 9 million filtered out 33 million IMs per month 120,000+ server accounts Microsoft IT Environment

Common Security Attack Windows VISTA Security Built more secure from the ground up Enhanced protection from intrusions and malware Helps guard confidential data from theft or misuse Integrated security management and improved ability to manage remotely Sophisticated auditing, tracking, and data management features to support internal compliance MaliciousSoftware Wireless Compliance Phishing Social Engineering ARP, DoS, DDoS Mobile Users

BitLocket Drive Encryption Reduce Security Risks and Threats Enhancing Information Protection and Regulatory Compliance BitLocker Drive Encryption

MS IT System Build and Process

MS IT System and Build Process

Recovery Options BitLocker™ setup will automatically escrow keys and passwords into AD Centralized storage/management keys (EA SKU) Setup may also try (based on policy) to backup keys and passwords onto a USB dongle or to a file location Default for non-domain-joined users Exploring options for web service-based key escrow Recovery password known by the user/administrator Recovery can occur “in the field” Windows operation can continue as normal

Social Engineering Protections Phishing Filter and Colored Address Bar Dangerous Settings Notification Secure defaults for IDN Protection from Exploits Protected Mode to prevent malicious software Code quality improvements (SDLC) ActiveX Opt-in Unified URL Parsing Internet Explorer 7

ActiveX Opt-in And Protected Mode Defending systems from malicious attack ActiveX Opt-in puts users in control Reduces attack surface Previously unused controls disabled Retain ActiveX benefits, increase user security Protected Mode reduces severity of threats Eliminates silent malware install IE process ‘sandboxed’ to protect OS Designed for security and compatibility ActiveX Opt-in Enabled Controls Windows Disabled Controls User Action Protected Mode User Action IE Cache My Computer (C:) Broker Process Low Rights

Windows Security Center ● Improved Detection and Removal ● Redesigned and Simplified User Interface ● Protection for all users ● Combined firewall and IPsec management ● New management tools – Windows Firewall with Advanced Security MMC snap-in ● Reduces conflicts and coordination overhead between technologies ● Firewall rules become more intelligent ● Specify security requirements such as authentication and encryption ● Specify Active Directory computer or user groups ● Outbound filtering ● Enterprise management feature ● Simplified protection policy reduces management overhead

User Account Control A Better Managed Desktop Make the system work well for standard users Allow standard users to change time zone and power management settings, add printers, and connect to secure wireless networks Allow elevation to administrator without logging off Support high application compatibility with file/registry virtualization Full privilege for administrative tasks only User provides consent before using elevated privileges Use of the shield icon Indicates tasks requiring elevation Has only one state Does not remember elevated state

Considerations for Line-of-Business Applications Require the user to be an administrator only when it is absolutely necessary File and registry virtualization ACT 5.0 UAC is enabled throughout the environment and maintained centrally through Group Policy

Group Policy User Account Control settings Behavior on elevation for administrators and users No prompt Prompt for consent Prompt for credentials Elevate on application installs Virtualized file and registry write failures New Group Policy settings Windows Defender Device installation control Wireless and wired service configuration Enhanced Internet Explorer security configuration Removable storage device Group Policy settings

Network Access Protection 1 RestrictedNetwork MSFTNetwork Policy Server 3 Policy Servers e.g. MSFT Security Center, SMS, Antigen or 3 rd party Policy compliant DHCP, VPN Switch/Router 2 Windows Vista Client Fix Up Servers e.g. MSFT WSUS, SMS & 3 rd party Corporate Network 5 Not policy compliant 4 Enhanced Security All communications are authenticated, authorized & healthy Defense-in-depth on your terms with DHCP, VPN, IPsec, 802.1X Policy-based access that IT Pros can set and control Increased Business Value Preserves user productivity Extends existing investments in Microsoft and 3rd party infrastructure Broad industry partnership Benefits

Drive Down Enterprise Costs With Windows Vista, SMS And MOM Security Management SMS client remediation for NAP scenarios Delivering software to standard users (UAC) via SMS Deployment And Updating Common image format (WIM) for Windows Vista and SMSv4 SMS support for Windows Deployment Services (WDS) Common scanning agent (SMS, WSUS) for updating Management And Monitoring Leveraging common XML schema for event data (MOM) MOM leverages enhanced Watson data

For More Information Additional content on Microsoft IT deployments and best practices can be found on Microsoft TechNet Optimizing Client Security by Using Windows Vista – Technical White Paper ty/vistasecurity_twp.mspx ty/vistasecurity_twp.mspx ty/vistasecurity_twp.mspx Network Access Protection BitLocker Drive Encryption ttech.mspx ttech.mspx ttech.mspx

This document is provided for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2006 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. Microsoft, Excel, Internet Explorer, Outlook, PowerPoint, SharePoint, Windows, Windows Server, and Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.