Security is Part of the Value Proposition:
Security is Part of the Value Proposition Microsoft Windows Vista has higher quality code and is way ahead of XP
Vista does a much better job of reducing user privilege requirements and resisting attacks
User account control (UAC)
IE7 enhancements
Kernel patch protection
Address Space Layout Randomization
Significant authentication improvements
Better crypto and smartcard support
Card Spaces
Somewhat better at protecting and isolating resources
Full volume encryption
Service hardening
Device driver signing
Better group policy
Strategic Considerations:
Strategic Considerations Vista will tie in with Longhorn server’s security infrastructure capabilities
Network Access Protection (NAP) health certificates, quarantine and remediation
Network independent policy controls within a domain
Big bet on IPSec: Authentication plus end to end policy controls configured in Active Directory
Identity management initiatives - improved smartcard, PKI and federation support
TPM hardware root of trust building up to rights management (unfinished work)
But There Are Still Some Issues:
But There Are Still Some Issues Caveats to Vista Security
Too many UAC prompts desensitizes users in some cases
The full benefit of UAC will be realized only when more applications are written without assuming local admin
Still have to buy anti-virus from third party vendors, or from Microsoft
Existing security tools may not work with Vista until vendors have time to develop new releases
Vista will still get hacked, applications can still create vulnerabilities, and you’ll still have to patch
More Issues:
More Issues Migration challenges
Aero GUI resource demands (hardware compatibility)
Application compatibility
Security and management infrastructure compatibility
Interoperability of NAP infrastructure
Key management
Bottom Line:
Bottom Line Vista will make a difference
But security is something you do, not something you buy
How you manage Vista, XP, Mac, Linux, Unix, etc. and the applications/content on them is just as important as which one you use
Make Vista migration part of larger security policy and architecture goals
Get the user out of the sysadmin loop
Improve quality of identity management, authentication and application security
Tighten control over sensitive content and ways in which it is used and accessed
Consider migration, support early adopter communities, and prepare aggressively - the promise is there
Slide7: