Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security and Policy Enforcement Mark Gibson Dave Northey

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Security and Policy Enforcement Mark Gibson Dave Northey"— Presentation transcript:

1 Security and Policy Enforcement Mark Gibson Dave Northey
4/16/ :19 PM Security and Policy Enforcement Mark Gibson Dave Northey Title: Windows Server 2008 Overview Talking Points: Introduce yourself This presentation will provide an overview of the exciting new features in Microsoft® Windows Server® 2008, and how they may be used in your organizations.

2 Agenda 14:30 Security & Policy Overview 15:40 Coffee
16:00 NAP platform architecture 17:10 Coffee 17:30 NAP components 18:30 End

3 Hardens Operating System and Increases Environment Protection
4/16/ :19 PM Hardens Operating System and Increases Environment Protection Security Read-Only Domain Controller Network Access Protection BitLocker™ Drive Encryption

4 Server Protection Features
4/16/ :19 PM Server Protection Features Security Security Compliance Security Development Process Secure Startup and shield up at install Code integrity Windows service hardening Inbound and outbound firewall Restart Manager Improved auditing Network Access Protection Event Forwarding Policy Based Networking Server and Domain Isolation Removable Device Installation Control Active Directory Rights Management Services

5 Windows Server 2008 Hardening
4/16/ :19 PM Security Windows Server 2008 Hardening Windows® XP SP2/Server 2003 R2 Windows Vista/Server 2008 LocalSystem Firewall Restricted LocalSystem LocalSystem Network Service Network Service Fully Restricted Local Service Network Service Network Restricted Local Service No Network Access Local Service Fully Restricted

6 BitLocker™ Drive Encryption
4/16/ :19 PM Security BitLocker™ Drive Encryption Full Volume Encryption Key (FVEK) Encryption Policy Group Policy allows central encryption policy and provides Branch Office protection Provides data protection, even when the system is in unauthorized hands or is running a different or exploiting Operating System Uses a v1.2 TPM or USB flash drive for key storage

7 Windows Firewall w/ Advanced Security
4/16/ :19 PM Solid Foundation Windows Firewall w/ Advanced Security Policy-based networking Combined firewall and IPsec management Firewall rules become more intelligent

8 Network Access Protection
4/16/ :19 PM Security Network Access Protection Policy Servers such as: Patch, AV What is Network Access Protection? Health Policy Validation Health Policy Compliance Not policy compliant Restricted Network Remediation Servers Example: Patch Windows Client DHCP, VPN Switch/Router NPS Policy compliant Ability to Provide Limited Access Enhanced Security Corporate Network Increased Business Value Cisco and Microsoft Integration Story

9 Using Network Access Protection
4/16/ :19 PM Security Using Network Access Protection Policy Servers such as: Patch, AV 3 1 2 Not policy compliant Restricted Network 4 Remediation Servers Example: Patch Windows Client DHCP, VPN Switch/Router NPS Policy compliant 5 Corporate Network If not policy compliant, client is put in a restricted VLAN and given access to fix up resources to download patches, configurations, signatures (Repeat 1 - 4) Client requests access to network and presents current health state DHCP, VPN or Switch/Router relays health status to Microsoft Network Policy Server (RADIUS) If policy compliant, client is granted full access to corporate network Network Policy Server (NPS) validates against IT-defined health policy 2 5 1 3 4

10 AD Rights Management Services
4/16/ :19 PM Security AD Rights Management Services AD RMS protects access to an organization’s digital files AD RMS in Windows Server includes several new features Improved installation and administration experience Self-enrollment of the AD RMS cluster Integration with AD Federation Services New AD RMS administrative roles RMS Server SQL AD Information Author The Recipient

11 Active Directory Federation Services
4/16/ :19 PM Security Active Directory Federation Services Contoso Adatum AD AD AD FS provides an identity access solution Deploy federation servers in multiple organizations to facilitate business-to- business (B2B) transactions AD FS provides a Web- based, SSO solution AD FS interoperates with other security products that support the Web Services Architecture AD FS improved in Windows Server 2008 Federation Trust Resource Federation Server Account Federation Server Web Server

12 Federated Rights Management
4/16/ :19 PM Security Federated Rights Management Contoso Adatum AD AD Together AD FS and AD RMS enable users from different domains to securely share documents based on federated identities AD RMS is fully claims- aware and can interpret AD FS claims Office SharePoint Server can be configured to accept federated identity claims Federation Trust Resource Federation Server Account Federation Server RMS Web SSO

13 Read-Only Domain Controller
4/16/ :19 PM Security Read-Only Domain Controller RODC Main Office Branch Office Features Read Only Active Directory Database Only allowed user passwords are stored on RODC Unidirectional Replication Role Separation Benefits Increases security for remote Domain Controllers where physical security cannot be guaranteed Support ADFS,DNS, DHCP, FRS V1, DFSR (FRS V2), Group Policy, IAS/VPN, DFS, SMS, ADSI queries, MOM

14 How RODC Works Hub Branch RODC
4/16/ :19 PM Security How RODC Works Windows Server 2008 DC Read Only DC 3 4 2 Hub RODC Branch 5 6 1 6 RODC: Looks in DB: "I don't have the users secrets" Windows Server 2008 DC authenticates request RODC gives TGT to User and RODC will cache credentials Forwards Request to Windows Server 2008 DC Returns authentication response and TGT back to the RODC 2 3 1 4 5 6 User logs on and authenticates

15 Read-only DC Mitigates “Stolen DC”
4/16/ :19 PM Security Read-only DC Mitigates “Stolen DC” Hub Admin Perspective Attacker Perspective

16 PKI Enhancements Enterprise PKI (PKIView)
4/16/ :19 PM Security PKI Enhancements Enterprise PKI (PKIView) Now a Microsoft Management Console snap-in Support for Unicode characters Online Certificate Status Protocol (OSCP) Online Responders Responder Arrays Network Device Enrollment Service Microsoft's implementation of the Simple Certificate Enrollment Protocol (SCEP) Enhances security of communications by using IPsec Web Enrollment Removed previous ActiveX® enrollment control - XEnroll.dll Enhanced new COM enrollment control - CertEnroll.dll

17 © 2005 Microsoft Corporation. All rights reserved.
4/16/ :19 PM © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

18 Next Steps Install the latest eval of Windows Server 2008
4/16/ :19 PM Next Steps Install the latest eval of Windows Server 2008 Watch a webcast, try a Hands-On-Lab Learn More at TechNet online Read the whitepapers, participate in the Forums

19 4/16/ :19 PM Appendix

Download ppt "Security and Policy Enforcement Mark Gibson Dave Northey"

Similar presentations

Ljubomir Ivaniš CPU d.o.o.

Ljubomir Ivaniš CPU d.o.o.
Chapter 10 Securing Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration.

Chapter 10 Securing Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration.
Agenda Introduction Network Access Protection platform architecture

Agenda Introduction Network Access Protection platform architecture
Module 3 Windows Server 2008 Branch Office Scenario.

Module 3 Windows Server 2008 Branch Office Scenario.
Technical Overview Nguyen An Que Technology Specialist Microsoft Vietnam

Technical Overview Nguyen An Que Technology Specialist Microsoft Vietnam
Network Access Protection Platform Architecture Joseph Davies Technical writer Windows Networking and Device Technologies Microsoft Corporation.

Network Access Protection Platform Architecture Joseph Davies Technical writer Windows Networking and Device Technologies Microsoft Corporation.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
Understanding Active Directory

Understanding Active Directory
Michael Kleef Technology Advisor | Microsoft Australia

Michael Kleef Technology Advisor | Microsoft Australia
Optimizing Client Security by Using Windows Vista.

Optimizing Client Security by Using Windows Vista.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
CN2140 Server II Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+

CN2140 Server II Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Understanding Active Directory

Understanding Active Directory
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Maintaining Network Health Lesson 10. Skills Matrix Technology SkillObjective DomainObjective # Understanding the Components of NAP Configure Network.

Maintaining Network Health Lesson 10. Skills Matrix Technology SkillObjective DomainObjective # Understanding the Components of NAP Configure Network.
Chapter 6 Configuring, Monitoring & Troubleshooting IPsec

Chapter 6 Configuring, Monitoring & Troubleshooting IPsec
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.
Chapter 12: Additional Active Directory Server Roles

Chapter 12: Additional Active Directory Server Roles

Similar presentations

Ads by Google