Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Connected Infrastructure

Published byGwendolyn Blankenship Modified over 6 years ago

Similar presentations

Presentation on theme: "Secure Connected Infrastructure"— Presentation transcript:

1 Secure Connected Infrastructure
Identity Management Allan Hvass Senior Consultant Microsoft Services

2 Identity Management Challenges
Directories everywhere Too many passwords Passwords are weak Unmanageable security Allowing some outsiders access Reduce costs through directory integration Increase productivity with single sign-on Reduce risk through strong authentication Strengthen security with centralized management Extend the trust model

3 Secure Connected Infrastructure
Secure Network Connectivity Secure Internet connectivity (MSA & ISA) Secure remote access (VPN, IAS) Secure wireless networks (PKI x) Integrated Solution for Identity Management Directory Services (AD & MMS) Authentication (PKI, Kerberos, Passport) Authorization (ACLs, Roles, Federation) Policy based management (GP, and GPMC) Comprehensive Security Management & Operations Tools (MBSA, MSUS) Guidance (MOC, PAGs, Security Best Practices) Services (MSQS, PSS, & professional services)

4 Active Directory Common store for identity management Wireless LAN VPN
Gateway Exchange SQL Server File Sharing LAN UNIX App Common store for identity management Application and NOS identities Repository for security principles Integrated policy-based management Scales to the Internet Web Services Active Directory Identity Repository

5 Flexible Authentication Mechanisms
Authenticate Internet Smart Card X.509 / SSL Password Biometrics Active Directory Windows 2000 Server Applications Computers Devices Files People Credentials Many other authentication options than passwords

6 Authentication Services
Wireless LAN VPN Gateway Exchange SQL Server File Sharing LAN UNIX App Integrated Security Services Kerberos Authentication & Authorization Integrated PKI for authentication and encryption Interoperable with UNIX via Kerberos & SFU Interoperable with mainframes via HIS Interoperable with Netware via SFN Web Services Active Directory

7 Options for Single Sign-on
Single Sign-on Experience True SSO Single Identity Multiple Identities MMS can help keeping multiple directories synchronized, easing the authorization process Central Authentication Distributed Authentication Password Synchronization Client Managed Strategy Short Lived Long Lived Server Side Client Side Examples NTLM Kerberos Passport Certificates SfN SfU (pSync, NIS) HIS Credential Manager (XP) Extend to multiple directories with trusts

8 Directory Integration and Synchronization
Wireless LAN VPN Gateway Exchange SQL Server File Sharing UNIX Application LAN Web Services Microsoft Metadirectory Server: Reduces the cost of managing ids Simplifies directory synchronization Automates user account provisioning Active Directory Non-AD Directory Active Directory

9 Windows 2000 Authorization
Owners manage resources Access control lists (ACLs) Granular permissions & scope, Inheritance Admins manage users Groups Indirection & nesting simplify ACL management Privileges System-wide operational permissions System enforces access control Impersonation & delegation

10 Integrated Management
Delegate Management Tasks to Office Admins Policy: Use Standard Security Template Company Users Machines Applications Marketing Extranet Devices Restrict Access to Color Printer Must Use Smart Card Integration with Active Directory provides a central consistent place to manage user and resource security

11 Active Directory Security Administration
Forcing security settings to all users and systems with group policies Delegation of administration Grant permissions at organizational unit (OU) level Who creates OUs, users, groups, etc. Fine-grain access control Grant or deny permissions on per-property level, or a group of properties

12 .NET Server Improvements
Directory Services Kerberos transitive trusts with constraining PKI cross-certification and qualified subordination Metadirectory Services optimized for multiple forests Authentication Passport authentication Smart Cards improvements Protocol transition Delegation improvements Authorization Authorization Manager (roles, tasks, rules, scope) Management Group Policy Management Console

13 Identity Management Challenges
Directories everywhere Too many passwords Passwords are weak Unmanageable security Allowing some outsiders access Metadirectory Services, Authorization Manager AD (Kerberos, PKI), SfU, SfN, HIS, CredMan Smart Cards, Biometrics, AD policies Group Policies, AD delegation, GPMC Certificate or Passport based web client login

14 © 2001 Microsoft Corporation. All rights reserved.
This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.

Download ppt "Secure Connected Infrastructure"

Similar presentations

Security Features in Microsoft® Windows® XP James Noyce, Senior Consultant Security Solutions Team, Business Critical Services Microsoft Security Solutions,

Security Features in Microsoft® Windows® XP James Noyce, Senior Consultant Security Solutions Team, Business Critical Services Microsoft Security Solutions,
©2006 Microsoft Corporation. All rights reserved. Windows Vista Security Tidbits Steve Riley Senior Security Strategist Microsoft Corporation

©2006 Microsoft Corporation. All rights reserved. Windows Vista Security Tidbits Steve Riley Senior Security Strategist Microsoft Corporation
Extending ForeFront beyond the limit www.AGATSolutions.com TMGUAG ISAIAG AG Security Suite.

Extending ForeFront beyond the limit TMGUAG ISAIAG AG Security Suite.
Access Control Methodologies

Access Control Methodologies
Grid Security. Typical Grid Scenario Users Resources.

Grid Security. Typical Grid Scenario Users Resources.
Active Directory: Final Solution to Enterprise System Integration

Active Directory: Final Solution to Enterprise System Integration
Understanding Active Directory

Understanding Active Directory
Security and Policy Enforcement Mark Gibson Dave Northey

Security and Policy Enforcement Mark Gibson Dave Northey
Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,

Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,
Introduction To Windows NT ® Server And Internet Information Server.

Introduction To Windows NT ® Server And Internet Information Server.
Identity and Access Management

Identity and Access Management
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Understanding Active Directory

Understanding Active Directory
Chapter 7 WORKING WITH GROUPS.

Chapter 7 WORKING WITH GROUPS.
Identity and Access Management Business Ready Security Solutions.

Identity and Access Management Business Ready Security Solutions.
May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.
Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd

Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd
Introduction to Active Directory December 10th, 2008 1-3pm Daniels 407.

Introduction to Active Directory December 10th, pm Daniels 407.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory Chapter 9: Active Directory Authentication and Security.

70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory Chapter 9: Active Directory Authentication and Security.

Similar presentations

Ads by Google