FY06Q4 Session3 WhatsNext


Presentation Description

No description available.


Presentation Transcript

What’s Next for Microsoft Security?: 

What’s Next for Microsoft Security? Kai Axford, CISSP, MCSE-Security IT Pro Evangelist Microsoft Corporation kaiax@microsoft.com


Service Pack 2 2B total executions; 200M per month Focus on most prevalent malware Dramatically reduced the # of Bot infections Most popular download in Microsoft history!! Helps protect more than 25 million customers Great feedback from SpyNet participants As of February 2006 Security Configuration Wizard More secure by design; more secure by default More than 4.7 million downloads Service Pack 1 More than 260 million copies distributed. Enterprise deployment at 61% 15 times less likely to be infected by malware Significantly fewer important andamp; critical vulnerabilities What’s Next for Security? Our Security Progress so far…

What’s Next for Security?So what products is Microsoft working on now?: 

Windows Vista Certificate Lifecycle Manager Secure Messaging with Antigen and FrontBridge Network Access Protection ISA Server 2006 What’s Next for Security? So what products is Microsoft working on now?



Service Hardening Windows services are profiled for allowed actions to the network, file system, and registry Services run with reduced privilege compared to Windows XP Designed to block attempts by malicious software to make a Windows service write to an area of the network, file system, or registry that isn’t part of that service’s profile Active protection File system Registry Network Windows Vista Windows Service Hardening: Defense in depth


Social Engineering Protections Phishing Filter and Colored Address Bar Dangerous Settings Notification Secure defaults for International Domain Names (IDN) Protection From Exploits Unified URL Parsing Code quality improvements (SDL) ActiveX Opt-in Protected Mode to prevent malicious software Windows Vista Internet Explorer 7.0


Challenges Users with elevated privileges means increased risk Line of Business (LoB) applications require elevated privileges to run Common Operating System Configuration tasks require elevated privilege Goal Allow businesses to move to a better-managed desktop and consumers to use parental controls Windows Vista User Account Control (UAC)


Formerly Secure Start-up Designed specifically to prevent a thief who boots another Operating System or runs a hacking tool from breaking Windows file and system protections Provides data protection on your Windows client systems, even when the system is in unauthorized hands or is running a different or exploiting Operating System Uses a v1.2 TPM or USB flash drive for key storage BitLocker Windows Vista BitLocker™ Drive Encryption

BitLocker™ Drive In XP: 

BitLocker™ Drive In XP

BitLocker™ Drive In LINUX: 

Linux Bitlocker volume errors Fdisk reads partition table... thinks FVE partition is ntfs wrong fs type, bad option, bad superblock on /dev/sda2, missing codepage or other error Primary boot sector is invalid, Not an NTFS volumn BitLocker™ Drive In LINUX




Certificate Lifecycle ManagerFunctional overview: 

Certificate Lifecycle Manager Functional overview Single administration point for digital certificates and smart cards Configurable policy-based workflows for common tasks (enroll, renew, revoke, etc.) Detailed auditing and reporting Support for both centralized and self-service scenarios Integration with existing infrastructure What is Microsoft Certificate Lifecycle Manager?

Certificate Lifecycle ManagerArchitectural overview: 

Microsoft Certificate Lifecycle Manager Microsoft CAs End User Physical Architecture SQL AD E-mail Certificate Lifecycle Manager Architectural overview Certificate Lifecycle Manager Architectural Overview Server Side - Certificate Lifecycle Manager Windows Server 2003 Certificate Services Add-on SQL Server 2000 SP3 Email/SMTP service Client Side- Certificate Lifecycle Manager Client Bulk Smart Card Issuance Tool


Certificate Lifecycle Manager Screenshots


Certificate Lifecycle Manager Screenshots


Certificate Lifecycle Manager Screenshots



Microsoft Secure Messaging Multi-Layer Secure Messaging


Layered anti-spam Multi-engine anti-virus Customized content and policy enforcement Real-time attack prevention Interception-based message archiving Customized report generation for demonstrating compliance Fully-indexed, searchable archive Rapid deployment to meet deadlines or immediate needs Full e-mail encryption No public and private key management Gateway, policy-based e-mail encryption Uninterrupted e-mail accessibility Rapid recovery from unplanned disasters and network outages 30-day historical e-mail store FrontBridge E-mail Complexity Requires Flexibility


Edge and connection-based blocking Directory services, real-time attack prevention, multi-layer virus scanning and content filtering Advanced spam filtering Fingerprinting, SPF lookups, rules based scoring E-Mail queuing E-Mail quarantine FrontBridge E-Mail Filtering

Microsoft Antigen What is Antigen?: 

Microsoft Antigen What is Antigen? Antigen for SMTP/Exchange On-premise, server-based mail scanning software Provides antivirus, anti-spam, content and file filtering Multiple complementary technologies used Complete end user control Protection against internal threats and virus propagation


All Antigen products integrate multiple antivirus engines from 3rd party vendors. Four engines provided as part of base cost. AhnLabs Authentium Command CA InoculateIT* CA VET* Kaspersky Lab Norman Data Defense* Sophos* Virus Busters *Default engines The MS Antivirus engine will be provided in the first Microsoft-branded version of Antigen Microsoft Antigen Overview


Sober.P Virus Detection Time May 2, 2005 (GMT) AV-Test.org May 2005 AV-Test.org Feb. 2005 January 2005 Updates Time of Day Hour : Minute Note: the chart (left) represents a single virus outbreak only. It does not represent average response times for the listed antivirus labs. Antigen Engines Microsoft Antigen Signature Updates


Detects and removes viruses in e-mail messages and attachments Scans at SMTP stack (most processing intensive scans) Scans real-time at Exchange information Store Provides on-demand and scheduled scans of information store Uses Microsoft-approved virus scanning API integration for Exchange 2000 and 2003 Provides advanced content-filtering capabilities for messages and attachments Integrates file filtering, keyword filtering and anti-spam at the SMTP routing level Protects Exchange Server 5.5, 2000, and 2003 Microsoft Antigen Antigen for Exchange

Network Access Protection: 

Network Access Protection


Virus entering the enterprise by: Employees returning from trips Consultants/guests plugging in Employees VPN-ing in Attacking vulnerable machines in the network Causing loss of productivity and financial loss Source: Virus Attack Costs are Rising –Again. Computer Economics, Inc. Sept 2003. IT Administrators looking for tools to: Network Access Protection Why you need a NAP…


Accessing the network X DHCP Remediation Server IAS May I have a DHCP address? Here you go. Health Registration Authority May I have a health certificate? Here’s my SoH. Client ok? No! Needs updates. You don’t get a health certificate! Get updates! I need updates. Here you go. Yes. Issue health certificate. Here’s your health certificate.  Client Quarantine Zone Boundary Zone Protected Zone Network Access Protection IPSec-based NAP Walk-through



External Attack Resilience Internal Attack Resilience Minimal Downtime Remediation Measures Better Management ISA Server 2006 Web Access Protection


ISA Server 2006 Flood Mitigation


In the last 30 minutes Did you realize?

Microsoft Security Resources: 

Microsoft Security Resources Windows Vista Beta http://www.microsoft.com/windowsvista/ Certificate Lifecycle Manager Beta http://www.microsoft.com/windowsserversystem/clm/default.mspx Antigen and FrontBridge http://www.microsoft.com/securemessaging Network Access Protection Beta http://www.microsoft.com/technet/itsolutions/network/nap/beta.mspx ISA Server 2006 Beta http://www.microsoft.com/isaserver/2006/


authorStream Live Help