What’s Next for Microsoft Security?: What’s Next for Microsoft Security? Kai Axford, CISSP, MCSE-Security IT Pro Evangelist
Microsoft Corporation
kaiax@microsoft.com
Slide2: Service Pack 2 2B total executions; 200M per month
Focus on most prevalent malware
Dramatically reduced the # of Bot infections Most popular download in Microsoft history!!
Helps protect more than 25 million customers
Great feedback from SpyNet participants As of February 2006 Security Configuration Wizard
More secure by design; more secure by default
More than 4.7 million downloads Service Pack 1 More than 260 million copies distributed. Enterprise deployment at 61%
15 times less likely to be infected by malware
Significantly fewer important andamp; critical vulnerabilities What’s Next for Security? Our Security Progress so far…
What’s Next for Security?So what products is Microsoft working on now?: Windows Vista
Certificate Lifecycle Manager
Secure Messaging with Antigen and FrontBridge
Network Access Protection
ISA Server 2006 What’s Next for Security? So what products is Microsoft working on now?
Slide4:
Slide5: Service Hardening Windows services are profiled for allowed actions to the network, file system, and registry
Services run with reduced privilege compared to Windows XP
Designed to block attempts by malicious software to make a Windows service write to an area of the network, file system, or registry that isn’t part of that service’s profile Active
protection File system Registry Network Windows Vista Windows Service Hardening: Defense in depth
Slide6: Social Engineering Protections
Phishing Filter and Colored Address Bar
Dangerous Settings Notification
Secure defaults for International Domain Names (IDN) Protection From Exploits
Unified URL Parsing
Code quality improvements (SDL)
ActiveX Opt-in
Protected Mode to prevent malicious software Windows Vista Internet Explorer 7.0
Slide7: Challenges
Users with elevated privileges means increased risk
Line of Business (LoB) applications require elevated privileges to run
Common Operating System Configuration tasks require elevated privilege
Goal
Allow businesses to move to a better-managed desktop and consumers to use parental controls Windows Vista User Account Control (UAC)
Slide8: Formerly Secure Start-up
Designed specifically to prevent a thief who boots another Operating System or runs a hacking tool from breaking Windows file and system protections
Provides data protection on your Windows client systems, even when the system is in unauthorized hands or is running a different or exploiting Operating System
Uses a v1.2 TPM or USB flash drive for key storage BitLocker Windows Vista BitLocker™ Drive Encryption
BitLocker™ Drive In XP: BitLocker™ Drive In XP
BitLocker™ Drive In LINUX: Linux Bitlocker volume errors
Fdisk reads partition table... thinks FVE partition is ntfs
wrong fs type, bad option, bad superblock on /dev/sda2, missing codepage or other error
Primary boot sector is invalid, Not an NTFS volumn BitLocker™ Drive In LINUX
Slide11: demo
Slide12:
Certificate Lifecycle ManagerFunctional overview: Certificate Lifecycle Manager Functional overview Single administration point for digital certificates and smart cards
Configurable policy-based workflows for common tasks (enroll, renew, revoke, etc.)
Detailed auditing and reporting
Support for both centralized and self-service scenarios
Integration with existing infrastructure What is Microsoft Certificate Lifecycle Manager?
Certificate Lifecycle ManagerArchitectural overview: Microsoft Certificate
Lifecycle Manager Microsoft CAs End User Physical Architecture SQL AD E-mail Certificate Lifecycle Manager Architectural overview Certificate Lifecycle Manager Architectural Overview Server Side -
Certificate Lifecycle Manager
Windows Server 2003 Certificate Services Add-on
SQL Server 2000 SP3
Email/SMTP service
Client Side-
Certificate Lifecycle Manager Client
Bulk Smart Card Issuance Tool
Slide15: Certificate Lifecycle Manager Screenshots
Slide16: Certificate Lifecycle Manager Screenshots
Slide17: Certificate Lifecycle Manager Screenshots
Slide18:
Slide19: Microsoft Secure Messaging Multi-Layer Secure Messaging
Slide20: Layered anti-spam
Multi-engine anti-virus
Customized content and policy enforcement
Real-time attack prevention Interception-based message archiving
Customized report generation for demonstrating compliance
Fully-indexed, searchable archive
Rapid deployment to meet deadlines or immediate needs Full e-mail encryption
No public and private key management
Gateway, policy-based e-mail encryption Uninterrupted e-mail accessibility
Rapid recovery from unplanned disasters and network outages
30-day historical e-mail store FrontBridge E-mail Complexity Requires Flexibility
Slide21: Edge and connection-based blocking
Directory services, real-time attack prevention, multi-layer virus scanning and content filtering
Advanced spam filtering
Fingerprinting, SPF lookups, rules based scoring
E-Mail queuing
E-Mail quarantine FrontBridge E-Mail Filtering
Microsoft Antigen What is Antigen?: Microsoft Antigen What is Antigen? Antigen for SMTP/Exchange
On-premise, server-based mail scanning software
Provides antivirus, anti-spam, content and file filtering
Multiple complementary technologies used
Complete end user control
Protection against internal threats and virus propagation
Slide23: All Antigen products integrate multiple antivirus engines from 3rd party vendors. Four engines provided as part of base cost. AhnLabs
Authentium Command
CA InoculateIT*
CA VET* Kaspersky Lab
Norman Data Defense*
Sophos*
Virus Busters *Default engines The MS Antivirus engine will be provided in the first Microsoft-branded version of Antigen Microsoft Antigen Overview
Slide24: Sober.P Virus Detection Time May 2, 2005 (GMT) AV-Test.org May 2005 AV-Test.org Feb. 2005 January 2005 Updates Time of Day Hour : Minute Note: the chart (left) represents a single virus outbreak only. It does not represent average response times for the listed antivirus labs. Antigen Engines Microsoft Antigen Signature Updates
Slide25: Detects and removes viruses in e-mail messages and attachments
Scans at SMTP stack (most processing intensive scans)
Scans real-time at Exchange information Store
Provides on-demand and scheduled scans of information store
Uses Microsoft-approved virus scanning API integration for Exchange 2000 and 2003
Provides advanced content-filtering capabilities for messages and attachments
Integrates file filtering, keyword filtering and anti-spam at the SMTP routing level
Protects Exchange Server 5.5, 2000, and 2003 Microsoft Antigen Antigen for Exchange
Network Access Protection: Network Access Protection
Slide27: Virus entering the enterprise by:
Employees returning from trips
Consultants/guests plugging in
Employees VPN-ing in
Attacking vulnerable machines in the network Causing loss of productivity and financial loss Source: Virus Attack Costs are Rising –Again. Computer Economics, Inc. Sept 2003. IT Administrators looking for tools to: Network Access Protection Why you need a NAP…
Slide28: Accessing the network X DHCP Remediation Server IAS May I have a DHCP address? Here you go. Health
Registration
Authority May I have a health certificate? Here’s my SoH. Client ok? No!
Needs updates. You don’t get a health certificate! Get updates! I need updates. Here you go. Yes.
Issue health certificate. Here’s your health certificate. Client Quarantine
Zone Boundary
Zone Protected
Zone Network Access Protection IPSec-based NAP Walk-through
Slide29:
Slide30: External Attack Resilience Internal Attack Resilience Minimal Downtime Remediation Measures Better Management ISA Server 2006 Web Access Protection
Slide31: ISA Server 2006 Flood Mitigation
Slide32: In the last 30 minutes Did you realize?
Microsoft Security Resources: Microsoft Security Resources Windows Vista Beta
http://www.microsoft.com/windowsvista/
Certificate Lifecycle Manager Beta
http://www.microsoft.com/windowsserversystem/clm/default.mspx
Antigen and FrontBridge
http://www.microsoft.com/securemessaging
Network Access Protection Beta
http://www.microsoft.com/technet/itsolutions/network/nap/beta.mspx
ISA Server 2006 Beta
http://www.microsoft.com/isaserver/2006/
Slide34: