Presentation is loading. Please wait.

Presentation is loading. Please wait.

Optimizing Client Security by Using Windows Vista.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Optimizing Client Security by Using Windows Vista."— Presentation transcript:

1 Optimizing Client Security by Using Windows Vista

2 Agenda Introduction of Microsoft IT Common Security Attacks Windows VISTA Security Consideration for Line of Business Applications Network Access Protection Drive Down Enterprise Costs With Windows Vista, SMS And MOM Q&A

3 340,000+ computers 121,000 end users 98 countries 441 buildings 15,000 Windows Vista–based clients 25,000 Office 2007 clients 5,700 Exchange 12 mailboxes 31 “Longhorn”– based servers 46 million+ remote connections per month 189,000+ SharePoint sites 4 data centers 8,400 production servers E-mail messages per day: 3.3 million+ internal 10 million incoming 9 million filtered out 33 million IMs per month 120,000+ e-mail server accounts Microsoft IT Environment

4 Common Security Attack Windows VISTA Security Built more secure from the ground up Enhanced protection from intrusions and malware Helps guard confidential data from theft or misuse Integrated security management and improved ability to manage remotely Sophisticated auditing, tracking, and data management features to support internal compliance MaliciousSoftware Wireless Compliance Phishing Social Engineering ARP, DoS, DDoS Mobile Users

5 BitLocket Drive Encryption Reduce Security Risks and Threats Enhancing Information Protection and Regulatory Compliance BitLocker Drive Encryption

6 MS IT System Build and Process

7 MS IT System and Build Process

8 Recovery Options BitLocker™ setup will automatically escrow keys and passwords into AD Centralized storage/management keys (EA SKU) Setup may also try (based on policy) to backup keys and passwords onto a USB dongle or to a file location Default for non-domain-joined users Exploring options for web service-based key escrow Recovery password known by the user/administrator Recovery can occur “in the field” Windows operation can continue as normal

9 Social Engineering Protections Phishing Filter and Colored Address Bar Dangerous Settings Notification Secure defaults for IDN Protection from Exploits Protected Mode to prevent malicious software Code quality improvements (SDLC) ActiveX Opt-in Unified URL Parsing Internet Explorer 7

10 ActiveX Opt-in And Protected Mode Defending systems from malicious attack ActiveX Opt-in puts users in control Reduces attack surface Previously unused controls disabled Retain ActiveX benefits, increase user security Protected Mode reduces severity of threats Eliminates silent malware install IE process ‘sandboxed’ to protect OS Designed for security and compatibility ActiveX Opt-in Enabled Controls Windows Disabled Controls User Action Protected Mode User Action IE Cache My Computer (C:) Broker Process Low Rights

11 Windows Security Center ● Improved Detection and Removal ● Redesigned and Simplified User Interface ● Protection for all users ● Combined firewall and IPsec management ● New management tools – Windows Firewall with Advanced Security MMC snap-in ● Reduces conflicts and coordination overhead between technologies ● Firewall rules become more intelligent ● Specify security requirements such as authentication and encryption ● Specify Active Directory computer or user groups ● Outbound filtering ● Enterprise management feature ● Simplified protection policy reduces management overhead

12 User Account Control A Better Managed Desktop Make the system work well for standard users Allow standard users to change time zone and power management settings, add printers, and connect to secure wireless networks Allow elevation to administrator without logging off Support high application compatibility with file/registry virtualization Full privilege for administrative tasks only User provides consent before using elevated privileges Use of the shield icon Indicates tasks requiring elevation Has only one state Does not remember elevated state

13 Considerations for Line-of-Business Applications Require the user to be an administrator only when it is absolutely necessary File and registry virtualization ACT 5.0 UAC is enabled throughout the environment and maintained centrally through Group Policy

14 Group Policy User Account Control settings Behavior on elevation for administrators and users No prompt Prompt for consent Prompt for credentials Elevate on application installs Virtualized file and registry write failures New Group Policy settings Windows Defender Device installation control Wireless and wired service configuration Enhanced Internet Explorer security configuration Removable storage device Group Policy settings

15 Network Access Protection 1 RestrictedNetwork MSFTNetwork Policy Server 3 Policy Servers e.g. MSFT Security Center, SMS, Antigen or 3 rd party Policy compliant DHCP, VPN Switch/Router 2 Windows Vista Client Fix Up Servers e.g. MSFT WSUS, SMS & 3 rd party Corporate Network 5 Not policy compliant 4 Enhanced Security All communications are authenticated, authorized & healthy Defense-in-depth on your terms with DHCP, VPN, IPsec, 802.1X Policy-based access that IT Pros can set and control Increased Business Value Preserves user productivity Extends existing investments in Microsoft and 3rd party infrastructure Broad industry partnership Benefits

16 Drive Down Enterprise Costs With Windows Vista, SMS And MOM Security Management SMS client remediation for NAP scenarios Delivering software to standard users (UAC) via SMS Deployment And Updating Common image format (WIM) for Windows Vista and SMSv4 SMS support for Windows Deployment Services (WDS) Common scanning agent (SMS, WSUS) for updating Management And Monitoring Leveraging common XML schema for event data (MOM) MOM leverages enhanced Watson data

17 For More Information Additional content on Microsoft IT deployments and best practices can be found on http://www.microsoft.com http://www.microsoft.com Microsoft TechNet http://www.microsoft.com/technet/itshowcase http://www.microsoft.com/technet/itshowcase Optimizing Client Security by Using Windows Vista – Technical White Paper http://www.microsoft.com/technet/itsolutions/msit/securi ty/vistasecurity_twp.mspx http://www.microsoft.com/technet/itsolutions/msit/securi ty/vistasecurity_twp.mspx http://www.microsoft.com/technet/itsolutions/msit/securi ty/vistasecurity_twp.mspx Network Access Protection http://www.microsoft.com/nap http://www.microsoft.com/nap BitLocker Drive Encryption http://www.microsoft.com/technet/windowsvista/security/bi ttech.mspx http://www.microsoft.com/technet/windowsvista/security/bi ttech.mspx http://www.microsoft.com/technet/windowsvista/security/bi ttech.mspx

18 This document is provided for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2006 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. Microsoft, Excel, Internet Explorer, Outlook, PowerPoint, SharePoint, Windows, Windows Server, and Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Download ppt "Optimizing Client Security by Using Windows Vista."

Similar presentations

Powerful and convenient management for Windows Mobile ® 6.1 devices in an enterprise environment. These features include: Centralized, over-the-air device.

Powerful and convenient management for Windows Mobile ® 6.1 devices in an enterprise environment. These features include: Centralized, over-the-air device.
The System Center Family Microsoft. Mobile Device Manager 2008.

The System Center Family Microsoft. Mobile Device Manager 2008.
Chapter 10 Securing Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration.

Chapter 10 Securing Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration.
Building on the Foundation of Windows Vista: Introduction to Windows 7: Security and Management Dan Stolts IT Pro Evangelist Microsoft

Building on the Foundation of Windows Vista: Introduction to Windows 7: Security and Management Dan Stolts IT Pro Evangelist Microsoft
Chapter 13 Securing Windows Server 2008

Chapter 13 Securing Windows Server 2008
PETs and ID Management Privacy & Security Workshop JC Cannon Privacy Strategist Corporate Privacy Group Microsoft Corporation.

PETs and ID Management Privacy & Security Workshop JC Cannon Privacy Strategist Corporate Privacy Group Microsoft Corporation.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Module 3 Windows Server 2008 Branch Office Scenario.

Module 3 Windows Server 2008 Branch Office Scenario.
Security Features in Windows Vista. What Will We Cover? Security fundamentals Protecting your company’s resources Anti-malware features.

Security Features in Windows Vista. What Will We Cover? Security fundamentals Protecting your company’s resources Anti-malware features.
Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.

Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.
WCL313 Windows Vista Security Overview Mike Chan Sr. Product Manager.

WCL313 Windows Vista Security Overview Mike Chan Sr. Product Manager.
Security and Policy Enforcement Mark Gibson Dave Northey

Security and Policy Enforcement Mark Gibson Dave Northey
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.

Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
Threat Management Gateway 2010 Questo sconosciuto? …ancora per poco! Manuela Polcaro Security Advisor.

Threat Management Gateway 2010 Questo sconosciuto? …ancora per poco! Manuela Polcaro Security Advisor.
Exchange 2010 Overview Name Title Group. What You Tell Us Communication overload Globally distributed customers and partners High cost of communications.

Exchange 2010 Overview Name Title Group. What You Tell Us Communication overload Globally distributed customers and partners High cost of communications.
Windows XP Professional Deployment and Support Microsoft IT Shares Its Experiences Published: May 2002 (Revised October 2004)

Windows XP Professional Deployment and Support Microsoft IT Shares Its Experiences Published: May 2002 (Revised October 2004)
Internet Explorer 7 Security Features Steve Lamb Technical Security Microsoft Ltd

Internet Explorer 7 Security Features Steve Lamb Technical Security Microsoft Ltd
Understanding Active Directory

Understanding Active Directory
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Security and Compliance Bruce Cowper Senior Program Manager; Security Initiative Microsoft Canada Rodney Buike IT Pro Advisor Microsoft Canada.

Security and Compliance Bruce Cowper Senior Program Manager; Security Initiative Microsoft Canada Rodney Buike IT Pro Advisor Microsoft Canada.

Similar presentations

Ads by Google