Presentation is loading. Please wait.

Presentation is loading. Please wait.

WCL313 Windows Vista Security Overview Mike Chan Sr. Product Manager.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "WCL313 Windows Vista Security Overview Mike Chan Sr. Product Manager."— Presentation transcript:

1 WCL313 Windows Vista Security Overview Mike Chan Sr. Product Manager

2 User Account Control Plug and Play Smartcards Granular Auditing Security and Compliance BitLocker™ Drive Encryption EFS Smartcards RMS Client Security Development Lifecycle Threat Modeling and Code Reviews Windows Service Hardening Fundamentals Identity and Access Control Threat and Vulnerability Mitigation Information Protection IE Protected Mode Windows Defender Network Access Protection IPSec & Bi-Drectional FW Address Space Layout Rnd

3 Fundamentals Improved Security Development Lifecycle (SDL) process for Windows Vista Periodic mandatory security training Assignment of security advisors for all components Threat modeling a part of design phase Required security reviews and testing Security metrics for product teams Common Criteria (CC) Certification

4 Service Hardening Windows Service Hardening Defense in depth Services run with reduced privilege Windows services are profiled for allowed actions Designed to block attempts by malicious software to exploit a Windows service Active protection File system Registry Network

5 Threat And Vulnerability Mitigation Protect against malware and intrusions

6 Social Engineering Protections Phishing Filter and Colored Address Bar Dangerous Settings Notification Secure defaults for IDN Protection from Exploits Unified URL Parsing Code quality improvements (SDLC) ActiveX Opt-in Protected Mode to prevent malicious software Internet Explorer 7

7 ActiveX Opt-in And Protected Mode Defending systems from malicious attack ActiveX Opt-in puts users in control Reduces attack surface Previously unused controls disabled Retain ActiveX benefits, increase user security Protected Mode reduces severity of threats Eliminates silent malware install IE process ‘sandboxed’ to protect OS Designed for security and compatibility ActiveX Opt-in Enabled Controls Windows Disabled Controls User Action Protected Mode User Action IE Cache My Computer (C:) Broker Process Low Rights

8 Windows Defender Improved Detection and Removal Redesigned and Simplified User Interface Protection for all users

9 One solution for spyware and virus protection Built on protection technology used by millions worldwide Effective threat response Complements other Microsoft security products One console for simplified security administration Define one policy to manage protection agent settings Deploy signatures and software faster Integrates with your existing infrastructure One dashboard for visibility into threats and vulnerabilities View insightful reports Stay informed with state assessment scans and security alerts Unified malware protection for business desktops, laptops and server operating systems that is easier to manage and control

10 ActiveX Opt-in Internet Explorer Protected Mode with Windows Defender Mike Chan Sr Product Manager Windows Client Division

11 Windows Vista Firewall Combined firewall and IPsec management Firewall rules become more intelligent Outbound filtering Simplified protection policy reduces management overhead

12 Windows Firewall Mike Chan Sr Product Manager Windows Client Division

13 Network Access Protection 1 RestrictedNetwork MSFTNetwork Policy Server 3 Policy Servers e.g. MSFT Security Center, SMS, Antigen or 3 rd party Policy compliant DHCP, VPN Switch/Router 2 Windows Vista Client Fix Up Servers e.g. MSFT WSUS, SMS & 3 rd party Corporate Network 5 Not policy compliant 4 Enhanced Security All communications are authenticated, authorized & healthy Defense-in-depth on your terms with DHCP, VPN, IPsec, 802.1X Policy-based access that IT Pros can set and control Increased Business Value Preserves user productivity Extends existing investments in Microsoft and 3rd party infrastructure Broad industry partnership Customer Benefits

14 Stack Data Execution Prevention Address Space Layout Randomization Previous Frames Parameters Return Address Locals Code Application Code Library Code Windows Code LoadLibrary()

15 Identity And Access Control Enable Secure Access to Information

16 Challenges Users running as admin = unmanaged desktops Viruses and Spyware Enterprise users can compromise the corporation Users can make changes that require re-imaging Line of Business (LoB) applications System security must be relaxed to run the LoB app IT Administrators must reevaluate the LoB applications for each OS Common OS tasks require elevated privilege Balance usability with security Can’t change time zone as standard user Users can’t manage non-sensitive account info

17 Businesses can move to a better-managed desktop and parental controls for consumers Make the system work well for standard users Allow standard users to change relevant settings High application compatibility with file/registry virtualization Make it clear when elevation is required Administrators use full privilege only for admin tasks User provides explicit consent before using elevated privilege User Account Control

18 User Account Access Mike Chan Sr Product Manager Windows Client Division

19 Improved Auditing More Granularity Support for many auditing subcategories New Logging Infrastructure Filter out the “noise” Search and filtering with new XML format Tasks tied to events Send an email on an event

20 Authentication Improvements Plug and Play Smart Cards Drivers and Certificate Service Provider (CSP) included in Windows Vista Login and credential prompts for User Account Control all support Smart Cards New logon architecture GINA (the old Windows logon model) is gone. Third parties can add biometrics, one-time password tokens, and other authentication methods to Windows with much less coding

21 Information Protection Protect Corporate Intellectual Property and Customer Data

22 Group Policy Control of Devices Control whether or not device drivers can install Control what types of devices are allowed (or not) Control what specific devices are allowed (or not) Block CD/DVD Burning

23 Blocking USB Key Install Mike Chan Sr Product Manager Windows Client Division

24 Information Leakage Is Top-of-mind With Business Decision Makers “After virus infections, businesses report unintended forwarding of e-mails and loss of mobile devices more frequently than they do any other security breach” Jupiter Research Report, 2004 0%10%20%30%40%50%60%70% Loss of digital assets, restored Email piracy Password compromise Loss of mobile devices Unintended forwarding of emails 20% 22% 35% 36% 63% Virus infection

25 BitLocker ™ Drive Encryption Designed to prevent a thief from breaking OS Provides data protection on your Windows client systems, even when the system is in unauthorized hands Uses a v1.2 TPM or USB flash drive for key storage BitLocker BitLocker

26 BitLocker offers a spectrum of protection allowing customers to balance ease-of-use against the threats they are most concerned with. Spectrum Of Protection*****

27 Windows Vista Information Protection Who are you protecting against? Other users or administrators on the machine? EFS Unauthorized users with physical access? BitLocker™ ScenariosBitLockerEFSRMS Laptops Branch office server Local single-user file & folder protection Local multi-user file & folder protection Remote file & folder protection Untrusted network admin Remote document policy enforcement Some cases can result in overlap. (e.g. Multi-user roaming laptops with untrusted network admins)

28 Recovery Options BitLocker™ setup will automatically escrow keys and passwords into AD Centralized storage/management keys (EA SKU) Setup may also try (based on policy) to backup keys and passwords onto a USB dongle or to a file location Default for non-domain-joined users Exploring options for web service-based key escrow Recovery password known by the user/administrator Recovery can occur “in the field” Windows operation can continue as normal

29 User Account Control Plug and Play Smartcards Granular Auditing Security and Compliance BitLocker™ Drive Encryption EFS Smartcards RMS Client Security Development Lifecycle Threat Modeling and Code Reviews Windows Service Hardening IE Protected Mode Windows Defender Network Access Protection IPSec & Bi-Drectional FW Address Space Layout Rnd Fundamentals Identity and Access Control Threat and Vulnerability Mitigation Information Protection

30

31 Ask The Experts Get Your Questions Answered You can find me at the Microsoft Ask the Experts area, located in the Exhibition Hall: Wednesday15 NovemberLunch Friday17 November10.15 – 10.45

32

33 © 2006 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

34

35 ©2006 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.

Download ppt "WCL313 Windows Vista Security Overview Mike Chan Sr. Product Manager."

Similar presentations

Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.

Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.
The System Center Family Microsoft. Mobile Device Manager 2008.

The System Center Family Microsoft. Mobile Device Manager 2008.
Windows Vista Serious Challenges for Digital Investigators Authors: Darren Hayes Shareq Qureshi Presented By: Prerna Gupta.

Windows Vista Serious Challenges for Digital Investigators Authors: Darren Hayes Shareq Qureshi Presented By: Prerna Gupta.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Microsoft Forefront Client Security

Microsoft Forefront Client Security
Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.

Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.
Building on the Foundation of Windows Vista: Introduction to Windows 7: Security and Management Dan Stolts IT Pro Evangelist Microsoft

Building on the Foundation of Windows Vista: Introduction to Windows 7: Security and Management Dan Stolts IT Pro Evangelist Microsoft
A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.

A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.
Module 3 Windows Server 2008 Branch Office Scenario.

Module 3 Windows Server 2008 Branch Office Scenario.
Security Features in Windows Vista. What Will We Cover? Security fundamentals Protecting your company’s resources Anti-malware features.

Security Features in Windows Vista. What Will We Cover? Security fundamentals Protecting your company’s resources Anti-malware features.
4/16/2017 10:01 AM © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.

4/16/ :01 AM © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.

Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.
Security and Policy Enforcement Mark Gibson Dave Northey

Security and Policy Enforcement Mark Gibson Dave Northey
SEC316: BitLocker™ Drive Encryption

SEC316: BitLocker™ Drive Encryption
Optimizing Client Security by Using Windows Vista.

Optimizing Client Security by Using Windows Vista.
Kaspersky Open Space Security: Release 2 World-class security solution for your business.

Kaspersky Open Space Security: Release 2 World-class security solution for your business.
Smart Card Deployment David Gautrey IT Manager – Microsoft New Zealaand Microsoft Corporation.

Smart Card Deployment David Gautrey IT Manager – Microsoft New Zealaand Microsoft Corporation.
Internet Explorer 7 Security Features Steve Lamb Technical Security Microsoft Ltd

Internet Explorer 7 Security Features Steve Lamb Technical Security Microsoft Ltd
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Similar presentations

Ads by Google