Presentation is loading. Please wait.

Presentation is loading. Please wait.

4/14/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

Published byChester Quinn Modified over 9 years ago

Similar presentations

Presentation on theme: "4/14/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks."— Presentation transcript:

1 4/14/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 TWC: Pass-the-Hash and Credential Theft Mitigation Architectures
4/14/2017 DCIM-B213 TWC: Pass-the-Hash and Credential Theft Mitigation Architectures Mark Simos, Nicholas DiCola © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

3 Agenda Microsoft Cybersecurity Team
4/14/2017 Agenda Microsoft Cybersecurity Team Determined Adversaries and Targeted Attacks Pass the Hash and Credential Theft Credential Theft Mitigation Architectures © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4 Innovative Mitigations Custom Solutions
4/14/2017 Detecting Threats Advanced tools to find new attacks Deep expertise hunting for the Determined Adversary Innovative Mitigations Make the most of your existing assets New approaches to counter threats Custom Solutions Specialized security solutions from tailored assessments to integrating the Security Development Lifecycle into your software development Cybersecurity Practice Global Reach and Delivery with World Class Architects, Consultants, and Engineers Sensors & Intelligence Response & Investigation Recovery & Mitigations Architecture & Advisory Expert SDL Developer Services Technology Experts © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5 Key Learnings Astronomical Adversary ROI for internet attacks
4/14/2017 Key Learnings Astronomical Adversary ROI for internet attacks Cheap, effective, relatively easy No alternate espionage method has comparable ROI Increased adversary maturity Many are well-resourced, mission-focused, determined Sophisticated targeting of organizations, people, data Ubiquitous use of credential theft (Pass the hash) Elevate to mission, shareholder value, existential threat Externals effectively conducting insider attacks © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

6 Targeted Attacks—Strategies and Tactics
4/14/2017 Targeted Attacks—Strategies and Tactics Establish Persistence Gain control of your identity store Public: administrator rights, interesting projects and groups Secrets: passwords and hashes Hide malware on multiple hosts Custom compiled for attack campaign Execute Mission Download terabytes of your data (~99% of cases) Initially: large exfiltration of many types Then: target specific data (new, valuable, strategic) Implement the wrecking ball (~1% of cases) © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7 4/14/2017 Defender Trends IT environments not designed for credential-theft class of attacks IT security resources trying to defend every system equally Reputation impact concerns hamper defender collaboration © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8 Pass the Hash 48 hours (or less)
4/14/2017 Pass the Hash 48 hours (or less) Attacker targets workstations en masse User running as local admin is compromised, attacker harvests credentials Attacker uses credentials for lateral movement or privilege escalation Attacker acquires domain admin credentials Attacker exercises full control of data and systems in the environment © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9 Potential Attacker Pathways
4/14/2017 Domain Administrator Access All Data All Active Directory Data (Full Control) All Credentials (NT Hashes) Domain Controllers Pass the hash (PTH) Domain Admin Server Administrator Active User Credentials Servers All Local Data Security Accounts Manager (SAM): NT Hashes PTH PTH PTH Potential Attacker Pathways User Access Access Data Domain Admin Server Admin Domain Admin Logon Workstation Administrator Pass the Hash (Local Accounts) Credential Re-use System or Administrator Active User Credentials All Local Data All Local Data Patient Zero Active User Credentials SAM: NT Hashes SAM: NT Hashes Elevation Establish Beachhead User Access All Active Directory Data (Read) User’s Data and Keystrokes User Credential All Workstations User Action Malware Install Vulnerability & Exploit Beacon, Command & Control User = Administrator © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10 Demo Pass the Hash Attack Domain.Local DomainAdmin DC Client
4/14/2017 Demo Pass the Hash Attack Domain.Local DC DomainAdmin Client Attack Operator © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11 Smartcards alone will not stop PTH
4/14/2017 Smartcards alone will not stop PTH Smartcards logon sessions have a NTLM hash: …of the user password …of a random 128 bit value (if smartcard required) Account attribute restricts interactive logon only: Smartcard remotely available to attacker when: Malware installed Smartcard inserted in reader PIN captured from a keystroke logger (most malware includes these) © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

12 Effective Mitigations
Tech Ready 15 4/14/2017 Effective Mitigations 1. Credential Theft Ensure high privileged account credentials aren’t available to be stolen No Domain Admins on workstations servers No Server Admins on 2. Credential Re-Use (Illicit) Reduce the usefulness of credentials exposed to high risks (internet) Local SAM database (NT Hash only) Machine account passwords Services passwords (if present) 2. Limit Usefulness 1. Prevent Exposure High Privilege/Value High Exposure (to Internet/Risk) © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

13 Credential Theft Mitigation Strategy
4/14/2017 Credential Theft Mitigation Strategy Tier 0 Privilege escalation Credential Theft Application Agents Service Accounts Lateral traversal Tier 1 Tier 2 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

14 Tier Model Restrictions
4/14/2017 Tier Model Restrictions Tier 0 Same Tier Logon Admin Workstation Forest/Domain Admins Domain Controllers Tier 1 Higher Tier Logon Lower Tier Logon Admin Workstation Server Admins Servers Tier 2 Blocked Admin Workstation Workstation Admins Workstations © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

15 Enhanced Security Admin Environment
US CIO Summit – Fall 2010 4/14/2017 Enhanced Security Admin Environment Admin Environment Production Production Domain Admins Power: Domain Controllers Credential Partitioning Hardened Admin Environment Known Good Media Network security Hardened Workstations Accounts and smartcards Auto-Patching Security Alerting Tamper-resistant audit Offline Administration (enforces governance) Assist with mitigating risks Services and applications Lateral traversal IPsec Management and Monitoring Data: Servers and Applications Break Glass Account(s) Red Card Admins Access: Users and Workstations © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

16 Typical Administrative Environment
Self-maintaining (to extent possible) Automatic software update application (and reboots) Small footprint Single ESAE domain/forest DCs, System Center Operations Manager (Security Alerting) One Administrative Workstation per administrator Smartcard enforcement and regular NT Hash cycling for all active accounts

17 ESAE - Managing Multiple Forests/Domains
Admin Environment

18 Privileged Account Workstation (PAW) – On Premises
US CIO Summit – Fall 2010 4/14/2017 Privileged Account Workstation (PAW) – On Premises Production Domain(s) Domain & Forest Increase Security Protections Enterprise threats Known internet threats Hardened Workstations Known Good Media 20+ security controls Network Traffic Restrictions Admin smartcards (optional) Domain Admins Server & App Admins Servers and Applications Workstations & Users © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

19 Privileged Account Workstation (PAW) – Cloud Security
US CIO Summit – Fall 2010 4/14/2017 Privileged Account Workstation (PAW) – Cloud Security SaaS PaaS IaaS Privileged Account Workstations Increase Security Protections Enterprise threats Known internet threats Security Protections include Known Good Media 20+ security controls Smartcards (Optional) Security Alerting (Optional) Social Media, Publishing, Brand Management Cloud Infrastructure & Services Administration © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

20 What are these 20+ Security Controls?
UEFI/TPM/Secure Boot enabled BitLocker Standard User Configuration AppLocker USB Media Restrictions Outbound Traffic restrictions (no Internet) Inbound Traffic restrictions (default block) Automatic patching EMET System Center Endpoint Protection Rapid rebuild process Known Good Media Build Process Logon Restrictions Microsoft Security Baselines (SCM) Unsigned code analysis Attack Surface Analysis OU and GPO ACL Lockdowns Lateral Traversal Mitigation(s) Restricted administrators membership Only authorized management tools Etc.

21 How MARS works (Auto-Approval example)
4/14/2017 How MARS works (Auto-Approval example) MARS Server 9:00 1. Request Access (10:00) 2a. Auto-Approve (10:00) 2b. Notification (10:00) 10:00 4. Privilege Expires (12:00) 11:00 12:00 3. Access Resource (10:01) 1:00 Managed Privilege (Group Membership or Custom Actions) Candidate Account 5. Attempt Access (3:15) Resource(s) Managed Servers Domain Admin Schema Admin Top Secret Project 2:00 Configure Workflows for each Role Notifications Approval Requirements Custom Actions 3:00 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

22 Platform Updates Core platform changes (Automatically On)
4/14/2017 Platform Updates Core platform changes (Automatically On) Remove LM hashes from LSASS Remove plaintext-equivalent passwords from LSASS (for domain credentials) Enforce credential removal after logoff Facilitate restriction of local admin accounts S – Local account S – Local account and member of Administrators group New Configurable Features Protected Users Restricted Admin Mode Remote Desktop Authentication Policies & Silos © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

23 Credential Theft Mitigations
US CIO Summit – Fall 2010 4/14/2017 Credential Theft Mitigations With 8.1/2012 R2 Features Enhanced Security Admin Environment (ESAE) Domain and Forest Administration Production Domain(s) Security Alerting Domain and Forest Hardened Hosts and Accounts Privileged Account Workstation (PAW) Server and System Management Application & Service Hardening App and Data Management Lateral Traversal Mitigations Helpdesk and Workstation Management Managed Access Request System (MARS) User Assistance and Support Protected Users RDP w/Restricted Admin Auth Policies and Silos © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

24 Application and Service Hardening
Microsoft Services 4/14/2017 Application and Service Hardening Upstream Risks (Controlling the Application) Downstream Control Business critical data? Unpatched Software Vulnerability, Weak OS Configuration Management agents on server and scheduled tasks Local operating system administrators Backup and storage administrators Application service accounts Baseboard Management Controllers (BMCs) Physical access and virtual machine administrators ACLs on Computer account, OU, GPO, GPO Content Host Installation Media/Process Application agents or software Application administrator roles Application Important: upstream risks also includes hosts where upstream administrator credentials are exposed. © 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

25 Importance of Known Good Media
4/14/2017 Importance of Known Good Media Media attack vectors Infecting gold master images Injecting malicious software to download bit-streams Infecting software packages Validate Media Source Verify Printed Media Verify Downloaded Media (certutil –hashfile) Compare binary to published hashes Compare from two independent downloads (different machines, internet connections) Transfer and Storage of Media Save onto read-only media such as a locked DVD (not USB drive) Label as Known Good Media or “KGM.” © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

26 Lessons Learned Credential theft is different than a normal vulnerability Attack surface is determined by operational practices It all starts from host integrity It only takes one tool to automate a new/difficult attack Prevention is cheaper than recovery! Recovery still requires preventing reinfection (similar to proactive defenses) Recovery also requires cleaning up attacker presence (never guaranteed) Residual risk is higher in recovery mode

27 Questions? Ask now or…. Mark.Simos @ Microsoft.com
Microsoft.com

28 Come Visit Us in the Microsoft Solutions Experience!
For More Information Windows Server 2012 R2 Windows Server System Center System Center 2012 R2 Azure Pack cloud/products/windows-azure-pack Microsoft Azure Come Visit Us in the Microsoft Solutions Experience! Look for Datacenter and Infrastructure Management TechExpo Level 1 Hall CD

29 Resources Learning TechNet msdn http://channel9.msdn.com/Events/TechEd
4/14/2017 Resources Sessions on Demand Learning Microsoft Certification & Training Resources TechNet Resources for IT Professionals msdn Resources for Developers © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

30 Complete an evaluation and enter to win!
4/14/2017 Complete an evaluation and enter to win! © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

31 Evaluate this session Scan this QR code to evaluate this session.
4/14/2017 Evaluate this session Scan this QR code to evaluate this session. © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

32 4/14/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "4/14/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks."

Similar presentations

DCIM-B221

DCIM-B221

FeatureGroup PolicyDSC Configuration stored inGPO fileConfiguration script / MOF file Target nodes by means ofAD links.

FeatureGroup PolicyDSC Configuration stored inGPO fileConfiguration script / MOF file Target nodes by means ofAD links.
Virtual Network Subnet 1Subnet 2Subnet 3 VPN connection On-premises network Virtual Network Subnet Virtual Network Subnet ExpressRoute.

Virtual Network Subnet 1Subnet 2Subnet 3 VPN connection On-premises network Virtual Network Subnet Virtual Network Subnet ExpressRoute.
Total digital universe 85% corporations had liability for 66% created by consumers & workers.

Total digital universe 85% corporations had liability for 66% created by consumers & workers.
{ Best Practice Why reinvent the wheel?.   Domain controllers   Member servers   Client computers   User accounts   Group accounts   OUs 

{ Best Practice Why reinvent the wheel?.   Domain controllers   Member servers   Client computers   User accounts   Group accounts   OUs 
@CFullerMVP OpsMgr 2012 Evolution OpsMgr 2012 TechEd 2014.

@CFullerMVP OpsMgr 2012 Evolution OpsMgr 2012 TechEd 2014.
Complete Scope: Lifecycle of IT- Services in Hybrid Clouds.

Complete Scope: Lifecycle of IT- Services in Hybrid Clouds.
Come Visit Us in the Microsoft Solutions Experience! Look for Datacenter and Infrastructure Management TechExpo Level 1 Hall.

Come Visit Us in the Microsoft Solutions Experience! Look for Datacenter and Infrastructure Management TechExpo Level 1 Hall.
Session Goal Be familiar with the possibilities of the operating system From the user mode and kernel mode We are NOT talking about the forensics!

Session Goal Be familiar with the possibilities of the operating system From the user mode and kernel mode We are NOT talking about the forensics!
A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.

A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.
ASSUME BREACH PREVENT BREACH + Research & Preparation First Host Compromised 24-48 Hours Domain Admin Compromised Data Exfiltration (Attacker.

ASSUME BREACH PREVENT BREACH + Research & Preparation First Host Compromised Hours Domain Admin Compromised Data Exfiltration (Attacker.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
6 Hypervisor Management OS Guest VM 1 Guest VM n Hardware User Mode Kernel Mode User Mode … Kernel Mode User Mode.

6 Hypervisor Management OS Guest VM 1 Guest VM n Hardware User Mode Kernel Mode User Mode … Kernel Mode User Mode.
DCIM-B228 No Capacity Planning Function Cannot measure, scorecard or predict future performance Budget Overruns Non fact based investment decisions.

DCIM-B228 No Capacity Planning Function Cannot measure, scorecard or predict future performance Budget Overruns Non fact based investment decisions.
Server Roles and Features.NET Framework 3.51.NET Framework 4.5 IIS Web Server IIS Default Document IIS Directory Browsing IIS HTTP Errors.

Server Roles and Features.NET Framework 3.51.NET Framework 4.5 IIS Web Server IIS Default Document IIS Directory Browsing IIS HTTP Errors.
Service Provider Next generation managed services Public Cloud (true multi- tenant) Private Cloud Hybrid Cloud Delivering the highest levels of user.

Service Provider Next generation managed services Public Cloud (true multi- tenant) Private Cloud Hybrid Cloud Delivering the highest levels of user.
4 2) Code Repository 1) Developers 3) Build4) Test5) Deploy to Cloud 6) Monitor and Improve Contoso App Azure.

4 2) Code Repository 1) Developers 3) Build4) Test5) Deploy to Cloud 6) Monitor and Improve Contoso App Azure.
Monitor Linux OS health & performance Monitor log files Monitor JEE app servers Monitor line-of-business applications Monitor databases and web.

Monitor Linux OS health & performance Monitor log files Monitor JEE app servers Monitor line-of-business applications Monitor databases and web.

Similar presentations

Ads by Google