logging in or signing up Windows Server 2008 Security Overview ecastrom Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT lite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 1964 Category: Product Traini.. License: All Rights Reserved Like it (3) Dislike it (0) Added: March 23, 2010 This Presentation is Public Favorites: 2 Presentation Description No description available. Comments Posting comment... By: kallol_p (8 month(s) ago) pl let me download or send this presentation to my e-mail acc kallol_p28@yahoo.co.in. Regards Kallol Paul Saving..... Post Reply Close Saving..... Edit Comment Close By: joefelix (15 month(s) ago) hi, can i get the PPT for the above topic. Regards Joe Felix Saving..... Post Reply Close Saving..... Edit Comment Close By: nichomylove (15 month(s) ago) my email address is nichomylove@yahoo.com thanks Saving..... Post Reply Close Saving..... Edit Comment Close By: ecastrom (15 month(s) ago) Give me your email address. Saving..... Post Reply Close Saving..... Edit Comment Close By: nichomylove (15 month(s) ago) I need a copy of this presentation so that i can read it and have more knowledge on how to install window server 2008 Saving..... Post Reply Close By: ecastrom (15 month(s) ago) Can you send me your email address? Saving..... Edit Comment Close Premium member Presentation Transcript Security Overview of Windows Server 2008 : Security Overview of Windows Server 2008 Ing. Eduardo Castro, PhD Comunidad Windows ecastro@mswindowscr.org http://comunidadwindows.org Slide 3: “Windows Server 2008 helps Macquarie operate… our remote offices more securely and efficiently than we could in the past.” Phillip Dundas Technical Team Lead, Windows Server Group, Information Technology Group Macquarie Group Limited “We’ll be able to used RODC to place domain controllers at sites where physical security has always been a concern and we’ll have much better control over our remote infrastructure.” Loic Calvez Senior Enterprise Infrastructure Architect Lafarge “The public key infrastructure that we created through our deployment of Windows Server 2008 has fundamentally increased the level of information security that we have at the bank.” Security Director PKO Bank Polski “We are confident that the bank is now more secure, that devices accessing our network are secure, and that those devices meet our current network policy for access.” Howard Witherby Senior Vice President of Operations National Bank & Trust Agenda : Agenda Security Development Lifecycle Installation Options Read Only Domain Controller (RODC) Network Access Protection (NAP) Others Infrastructure Optimization : Infrastructure Optimization Technology framework to help maximize the value of your IT investments Structured way to drive cost reduction, security & efficiency gains and boost agility Based on industry analyst and academic work Provides guidance and best practices for step-by-step implementation Current OS Security Technologies : Current OS Security Technologies Security Enhancements in Windows Server 2008 : Security Enhancements in Windows Server 2008 Methods of Security and Policy Enforcement Network Location Awareness Network Access Protection Windows Firewall with Advanced Security Internet Protocol Security Windows Server Hardening Server and Domain Isolation Active Directory Domain Services Auditing Read-Only Domain Controller BitLocker Drive Encryption Removable Device Installation Control Enterprise PKI Windows Firewall with Advanced Security : Windows Firewall with Advanced Security Demonstration: Windows Firewall with Advanced Security : Demonstration: Windows Firewall with Advanced Security Create inbound and outbound rules Create a firewall rule limiting a service IPSec : IPSec Integrated with WFAS IPSec improvements Simplified IPSec policy configuration Client-to-DC IPSec protection Improved load balancing and clustering server support Improved IPSec authentication Integration with NAP Multiple authentication methods New cryptographic support Integrated IPv4 and IPv6 support Extended events and performance monitor counters Network diagnostics framework support Demonstration: Creating IPSec Policies : Demonstration: Creating IPSec Policies Create an IPSec rule Specify different authentication methods Activate and deactivate rules AD Domain Services Auditing : AD Domain Services Auditing What changes have been made to AD DS auditing? Read-Only Domain Controller : Read-Only Domain Controller New Functionality AD database Unidirectional replication Credential caching Password replication policy Administrator role separation Read-Only DNS Requirements/special considerations RODC RODC Features : RODC Features A read-only Active Directory Domain Services database Unidirectional replication mitigating misinformation even if a change is made on a RODC Caching of only specific attributes based Credential caching for only specific users Separation of administrator capabilities Read-only DNS Pre-create RODC account allowing local installation without the need for admin credentials BitLocker Drive Encryption : BitLocker Drive Encryption Data protection Drive encryption Integrity checking BDE hardware and software requirements Enterprise PKI : Enterprise PKI Easier management through PKIView Certificate Web enrollment Network device enrollment service Managing certificate with group policy Certificate deployment changes Online certificate status protocol support Cryptographic next generation Implementation/Usage Scenarios : Implementation/Usage Scenarios Enforce Security Policy Improve Domain Security Improve System Security Improve Network Communications Security Network Access Protection in Windows Server 2008 : Network Access Protection in Windows Server 2008 Network Access ProtectionOverview : Network Access ProtectionOverview NAP Infrastructure : NAP Infrastructure Automatic remediation Health policy validation Health policy compliance Limited access Network Access Protection (NAP)How it works : If policy-compliant, client is granted full access to corporate network Network Access Protection (NAP)How it works Not policy-compliant 1 Client requests access to network and presents current health state 1 4 If not policy-compliant, client is put in a restricted VLAN and given access to fix up resources to download patches, configurations, signatures (Repeat 1 - 4) 2 DHCP, VPN, or Switch/Router relays health status to Microsoft Network Policy Server (NPS) via Remote Authentication Dial-In User Service (RADIUS) MicrosoftNPS 3 Policy Servers e.g. Patch, Antivirus Policy-compliant DHCP, VPN, Switch/Router 3 Network Policy Server (NPS) validates against IT-defined health policy 2 Windows Client Corporate Network 5 4 5 NAP Enforcement Client : NAP Enforcement Client 802.1X VPN IPSec DHCP NPS RADIUS Demonstration: Network Access Protection : Demonstration: Network Access Protection Create a NAP policy Use the MMC to create NAP configuration settings Create a new RADIUS client Create a new system health validator for Windows Vista and Windows XP SP2 How NAP Works : How NAP Works Logical Networks IPSec Enforcement IEEE 802.1X Remote Access VPNs DHCP IPSec Enforcement in Logical Networks : IPSec Enforcement in Logical Networks Implementation/Usage Scenarios : Implementation/Usage Scenarios Checking the health and status of roaming laptops Ensuring the health of corporate desktops Determining the health of visiting laptops Verify the compliance of home computers Recommendations : Recommendations Carefully test and plan all security policies Implement Network Access Protection Use Windows Firewall and Advanced Security to implement IPSec Deploy Read-Only Domain Controllers, where appropriate Implement BitLocker Drive Encryption Take advantage of PKI improvements Group Policy ChangesHow Group Policy works now... : Group Policy ChangesHow Group Policy works now... Templates ADM templates difficult to manage Troubleshooting Userenv log GP Result Templates and Replication Journal Wrap anyone? Bloated SYSVOL? Local GPOs Limited flexibility with a single local GPO Settings ~1,800 policy settings in XP Incomplete coverage means missing key scenarios Group Policy Process Part of Winlogon Network Limited awareness of changing network conditions Group Policy Service GP now runs in a shared service Hardened Service, more reliable Group Policy Settings Over 800 new policy changes with Windows Vista Extended GP for new Windows Vista features Network Location Awareness (NLA) NLA service provides the latest network information Applications can query or register with NLA for network change indications Group Policy Logging Administrative log Applications and Services log XML based event logs New Tools - GPOLogView Group Policy Templates ADM Templates now in ADMX files (ADMX, ADML) Multiple Local GPOs Group Policy Central Store Centralized repository for ADMX Created in the Sysvol on DC in each domain New Replicator with DFS-R Group Policy ChangesWhat is new? : Group Policy ChangesWhat is new? GP PowerShell features Adding to GP scripts extensions PowerShell cmdlets to perform GP operations Starter GPOs in-box in Windows 7 Best practices that map to the security guide ADMX enhancements GP Preferences enhancements GP Preferences, new in Windows Server 2008 New items added to support new OS functionality GP Powershell Cmdlets : GP Powershell Cmdlets Import-module GroupPolicy get-help *-gp* RecommendationsExcessive GPOs : RecommendationsExcessive GPOs Have heard up to 11,000 GPOs Not best practice GPMC has perf issues loading Management difficulties Troubleshooting difficulties Migration difficulties Recommendation: Consolidate AGPM is tested up to 2000 GPOs ADMX Improvements : ADMX Improvements New UI: More intuitive, integrated help content, no more tabs Support for: REG_MultiSZ REG_QWORD Starter GPOs & ADMX UI : Starter GPOs & ADMX UI demo GP Preferences : GP Preferences Preference Settings Not true “Policy” More control of desktop – more settings! Not limited to policy-aware applications Ease of administration through rich UI Better targeting New in Windows 7 Support for new Power Plan settings Support for new Schedule task triggers, actions, etc. What are Group Policy Preferences? : What are Group Policy Preferences? Policy vs Preferences : Policy vs Preferences User Specific Settings : User Specific Settings Drive Mappings Regional Settings Printer Mappings Shortcuts Start Menu Internet Explorer Settings Computer Specific Settings : Computer Specific Settings Local Users and Groups Services Network Shares Environment Variables Richer UI : Richer UI Familiar Experience Clearer to understand and find Easy to manage Better control of individual settings – Red/Green Powerful browsers Avoids typing errors Configure settings quicker Targeting : Targeting 29 different targeting options Boolean AND, OR, IS, IS NOT Wildcard support “WSBNE*” Target on the item, not just the GPO Better Targeting : Better Targeting Item level targeting, not GPO level Robust targeting 29 types Boolean logic (And, Or, Not) Collections Intuitive UI No need to learn query languages Flexible Actions : Flexible Actions Apply once and do not reapply Remove when no longer applicable Create – Replace - Update - Delete More than just Enable vs Disable Requirements : Requirements Active Directory: Windows 2000 Console - Group Policy Manager Console - Snap-in Part of the Remote Server Admin Tool (link and end) One Windows 7 client or Windows Server 2008 R2 Terminal Server Client - Client Side Extensions (CSE’s) What is new in ADMX : What is new in ADMX 3000 Total ADMX settings 300 new ADMX settings IE more than 90 new Bitlocker Taskbar Power Terminal Services rebranded “Remote Desktop Services” Settings Spreadsheet What about Security Settings? : What about Security Settings? 12 settings added under Security Options Restrict NTLM (multiple) Kerberos encryption types Local System null session fallback Only supported on Windows 7 & Windows Server 2008 R2 Settings Spreadsheet Anything else? : Anything else? Wireless Network (IEEE 802.11) Policies Public Key Policies Certificate Services Client - Certificate Enrollment Policy BitLocker Drive Encryption Network Access Protection Enforcement Clients: Removed RAQ EC and TS Gateway Enforcement Clients: Added RD Gateway QEC Application Control Policies – AppLocker More info Advanced Audit Policy Configuration More info Name Resolution Policy Windows 2008 R2 File Classification Services : Windows 2008 R2 File Classification Services Storage growth Storage cost Compliance Security and Information leakage Increasing data management needs / many data management products Slide 48: Need per project share Make sure business secret files do not leak out Backup files with personal information to encrypted store Expire low business impact files created three years ago and not touched for a year IT Business Some time later … : Some time later … Manage Data Based on Business Value : Manage Data Based on Business Value Slide 51: Need per project share Make sure business secret files do not leak out Backup files with personal information to encrypted store Expire low business impact files created three years ago and not touched for a year IT Business Personal Information Secrecy Ecosystem : Ecosystem Manual Line Of Business application Automatic classification Location Content Owner Other IT Scripts Backup Archive Reports Expiration Security Leakage prevention Search Inbox functionality Partner In house IT Custom commands File Classification Infrastructure : File Classification Infrastructure Extensible infrastructure-Partner ecosystem Inbox end to end scenarios Integration with SharePoint Set classification properties API for external applications Windows Server 2008 R2 File Classification Extensibility points Get classification properties API for external applications Recommendations : Recommendations When using IPSec – employ ESP with encryption Carefully test and verify all IPSec Policies Consider using Domain isolation Use quality of service to improve bandwidth Plan to prioritize traffic on the network Apply network access protection to secure client computers Other Security Features : Other Security Features IPSec Server Domain Isolation Full Volume Bitlocker on Servers New elliptic curve encryption strength Network Level Authentication for RDP Service Profiling New Levels of System Auditing … and many more Slide 56: © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
Windows Server 2008 Security Overview ecastrom Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT lite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 1964 Category: Product Traini.. License: All Rights Reserved Like it (3) Dislike it (0) Added: March 23, 2010 This Presentation is Public Favorites: 2 Presentation Description No description available. Comments Posting comment... By: kallol_p (8 month(s) ago) pl let me download or send this presentation to my e-mail acc kallol_p28@yahoo.co.in. Regards Kallol Paul Saving..... Post Reply Close Saving..... Edit Comment Close By: joefelix (15 month(s) ago) hi, can i get the PPT for the above topic. Regards Joe Felix Saving..... Post Reply Close Saving..... Edit Comment Close By: nichomylove (15 month(s) ago) my email address is nichomylove@yahoo.com thanks Saving..... Post Reply Close Saving..... Edit Comment Close By: ecastrom (15 month(s) ago) Give me your email address. Saving..... Post Reply Close Saving..... Edit Comment Close By: nichomylove (15 month(s) ago) I need a copy of this presentation so that i can read it and have more knowledge on how to install window server 2008 Saving..... Post Reply Close By: ecastrom (15 month(s) ago) Can you send me your email address? Saving..... Edit Comment Close Premium member Presentation Transcript Security Overview of Windows Server 2008 : Security Overview of Windows Server 2008 Ing. Eduardo Castro, PhD Comunidad Windows ecastro@mswindowscr.org http://comunidadwindows.org Slide 3: “Windows Server 2008 helps Macquarie operate… our remote offices more securely and efficiently than we could in the past.” Phillip Dundas Technical Team Lead, Windows Server Group, Information Technology Group Macquarie Group Limited “We’ll be able to used RODC to place domain controllers at sites where physical security has always been a concern and we’ll have much better control over our remote infrastructure.” Loic Calvez Senior Enterprise Infrastructure Architect Lafarge “The public key infrastructure that we created through our deployment of Windows Server 2008 has fundamentally increased the level of information security that we have at the bank.” Security Director PKO Bank Polski “We are confident that the bank is now more secure, that devices accessing our network are secure, and that those devices meet our current network policy for access.” Howard Witherby Senior Vice President of Operations National Bank & Trust Agenda : Agenda Security Development Lifecycle Installation Options Read Only Domain Controller (RODC) Network Access Protection (NAP) Others Infrastructure Optimization : Infrastructure Optimization Technology framework to help maximize the value of your IT investments Structured way to drive cost reduction, security & efficiency gains and boost agility Based on industry analyst and academic work Provides guidance and best practices for step-by-step implementation Current OS Security Technologies : Current OS Security Technologies Security Enhancements in Windows Server 2008 : Security Enhancements in Windows Server 2008 Methods of Security and Policy Enforcement Network Location Awareness Network Access Protection Windows Firewall with Advanced Security Internet Protocol Security Windows Server Hardening Server and Domain Isolation Active Directory Domain Services Auditing Read-Only Domain Controller BitLocker Drive Encryption Removable Device Installation Control Enterprise PKI Windows Firewall with Advanced Security : Windows Firewall with Advanced Security Demonstration: Windows Firewall with Advanced Security : Demonstration: Windows Firewall with Advanced Security Create inbound and outbound rules Create a firewall rule limiting a service IPSec : IPSec Integrated with WFAS IPSec improvements Simplified IPSec policy configuration Client-to-DC IPSec protection Improved load balancing and clustering server support Improved IPSec authentication Integration with NAP Multiple authentication methods New cryptographic support Integrated IPv4 and IPv6 support Extended events and performance monitor counters Network diagnostics framework support Demonstration: Creating IPSec Policies : Demonstration: Creating IPSec Policies Create an IPSec rule Specify different authentication methods Activate and deactivate rules AD Domain Services Auditing : AD Domain Services Auditing What changes have been made to AD DS auditing? Read-Only Domain Controller : Read-Only Domain Controller New Functionality AD database Unidirectional replication Credential caching Password replication policy Administrator role separation Read-Only DNS Requirements/special considerations RODC RODC Features : RODC Features A read-only Active Directory Domain Services database Unidirectional replication mitigating misinformation even if a change is made on a RODC Caching of only specific attributes based Credential caching for only specific users Separation of administrator capabilities Read-only DNS Pre-create RODC account allowing local installation without the need for admin credentials BitLocker Drive Encryption : BitLocker Drive Encryption Data protection Drive encryption Integrity checking BDE hardware and software requirements Enterprise PKI : Enterprise PKI Easier management through PKIView Certificate Web enrollment Network device enrollment service Managing certificate with group policy Certificate deployment changes Online certificate status protocol support Cryptographic next generation Implementation/Usage Scenarios : Implementation/Usage Scenarios Enforce Security Policy Improve Domain Security Improve System Security Improve Network Communications Security Network Access Protection in Windows Server 2008 : Network Access Protection in Windows Server 2008 Network Access ProtectionOverview : Network Access ProtectionOverview NAP Infrastructure : NAP Infrastructure Automatic remediation Health policy validation Health policy compliance Limited access Network Access Protection (NAP)How it works : If policy-compliant, client is granted full access to corporate network Network Access Protection (NAP)How it works Not policy-compliant 1 Client requests access to network and presents current health state 1 4 If not policy-compliant, client is put in a restricted VLAN and given access to fix up resources to download patches, configurations, signatures (Repeat 1 - 4) 2 DHCP, VPN, or Switch/Router relays health status to Microsoft Network Policy Server (NPS) via Remote Authentication Dial-In User Service (RADIUS) MicrosoftNPS 3 Policy Servers e.g. Patch, Antivirus Policy-compliant DHCP, VPN, Switch/Router 3 Network Policy Server (NPS) validates against IT-defined health policy 2 Windows Client Corporate Network 5 4 5 NAP Enforcement Client : NAP Enforcement Client 802.1X VPN IPSec DHCP NPS RADIUS Demonstration: Network Access Protection : Demonstration: Network Access Protection Create a NAP policy Use the MMC to create NAP configuration settings Create a new RADIUS client Create a new system health validator for Windows Vista and Windows XP SP2 How NAP Works : How NAP Works Logical Networks IPSec Enforcement IEEE 802.1X Remote Access VPNs DHCP IPSec Enforcement in Logical Networks : IPSec Enforcement in Logical Networks Implementation/Usage Scenarios : Implementation/Usage Scenarios Checking the health and status of roaming laptops Ensuring the health of corporate desktops Determining the health of visiting laptops Verify the compliance of home computers Recommendations : Recommendations Carefully test and plan all security policies Implement Network Access Protection Use Windows Firewall and Advanced Security to implement IPSec Deploy Read-Only Domain Controllers, where appropriate Implement BitLocker Drive Encryption Take advantage of PKI improvements Group Policy ChangesHow Group Policy works now... : Group Policy ChangesHow Group Policy works now... Templates ADM templates difficult to manage Troubleshooting Userenv log GP Result Templates and Replication Journal Wrap anyone? Bloated SYSVOL? Local GPOs Limited flexibility with a single local GPO Settings ~1,800 policy settings in XP Incomplete coverage means missing key scenarios Group Policy Process Part of Winlogon Network Limited awareness of changing network conditions Group Policy Service GP now runs in a shared service Hardened Service, more reliable Group Policy Settings Over 800 new policy changes with Windows Vista Extended GP for new Windows Vista features Network Location Awareness (NLA) NLA service provides the latest network information Applications can query or register with NLA for network change indications Group Policy Logging Administrative log Applications and Services log XML based event logs New Tools - GPOLogView Group Policy Templates ADM Templates now in ADMX files (ADMX, ADML) Multiple Local GPOs Group Policy Central Store Centralized repository for ADMX Created in the Sysvol on DC in each domain New Replicator with DFS-R Group Policy ChangesWhat is new? : Group Policy ChangesWhat is new? GP PowerShell features Adding to GP scripts extensions PowerShell cmdlets to perform GP operations Starter GPOs in-box in Windows 7 Best practices that map to the security guide ADMX enhancements GP Preferences enhancements GP Preferences, new in Windows Server 2008 New items added to support new OS functionality GP Powershell Cmdlets : GP Powershell Cmdlets Import-module GroupPolicy get-help *-gp* RecommendationsExcessive GPOs : RecommendationsExcessive GPOs Have heard up to 11,000 GPOs Not best practice GPMC has perf issues loading Management difficulties Troubleshooting difficulties Migration difficulties Recommendation: Consolidate AGPM is tested up to 2000 GPOs ADMX Improvements : ADMX Improvements New UI: More intuitive, integrated help content, no more tabs Support for: REG_MultiSZ REG_QWORD Starter GPOs & ADMX UI : Starter GPOs & ADMX UI demo GP Preferences : GP Preferences Preference Settings Not true “Policy” More control of desktop – more settings! Not limited to policy-aware applications Ease of administration through rich UI Better targeting New in Windows 7 Support for new Power Plan settings Support for new Schedule task triggers, actions, etc. What are Group Policy Preferences? : What are Group Policy Preferences? Policy vs Preferences : Policy vs Preferences User Specific Settings : User Specific Settings Drive Mappings Regional Settings Printer Mappings Shortcuts Start Menu Internet Explorer Settings Computer Specific Settings : Computer Specific Settings Local Users and Groups Services Network Shares Environment Variables Richer UI : Richer UI Familiar Experience Clearer to understand and find Easy to manage Better control of individual settings – Red/Green Powerful browsers Avoids typing errors Configure settings quicker Targeting : Targeting 29 different targeting options Boolean AND, OR, IS, IS NOT Wildcard support “WSBNE*” Target on the item, not just the GPO Better Targeting : Better Targeting Item level targeting, not GPO level Robust targeting 29 types Boolean logic (And, Or, Not) Collections Intuitive UI No need to learn query languages Flexible Actions : Flexible Actions Apply once and do not reapply Remove when no longer applicable Create – Replace - Update - Delete More than just Enable vs Disable Requirements : Requirements Active Directory: Windows 2000 Console - Group Policy Manager Console - Snap-in Part of the Remote Server Admin Tool (link and end) One Windows 7 client or Windows Server 2008 R2 Terminal Server Client - Client Side Extensions (CSE’s) What is new in ADMX : What is new in ADMX 3000 Total ADMX settings 300 new ADMX settings IE more than 90 new Bitlocker Taskbar Power Terminal Services rebranded “Remote Desktop Services” Settings Spreadsheet What about Security Settings? : What about Security Settings? 12 settings added under Security Options Restrict NTLM (multiple) Kerberos encryption types Local System null session fallback Only supported on Windows 7 & Windows Server 2008 R2 Settings Spreadsheet Anything else? : Anything else? Wireless Network (IEEE 802.11) Policies Public Key Policies Certificate Services Client - Certificate Enrollment Policy BitLocker Drive Encryption Network Access Protection Enforcement Clients: Removed RAQ EC and TS Gateway Enforcement Clients: Added RD Gateway QEC Application Control Policies – AppLocker More info Advanced Audit Policy Configuration More info Name Resolution Policy Windows 2008 R2 File Classification Services : Windows 2008 R2 File Classification Services Storage growth Storage cost Compliance Security and Information leakage Increasing data management needs / many data management products Slide 48: Need per project share Make sure business secret files do not leak out Backup files with personal information to encrypted store Expire low business impact files created three years ago and not touched for a year IT Business Some time later … : Some time later … Manage Data Based on Business Value : Manage Data Based on Business Value Slide 51: Need per project share Make sure business secret files do not leak out Backup files with personal information to encrypted store Expire low business impact files created three years ago and not touched for a year IT Business Personal Information Secrecy Ecosystem : Ecosystem Manual Line Of Business application Automatic classification Location Content Owner Other IT Scripts Backup Archive Reports Expiration Security Leakage prevention Search Inbox functionality Partner In house IT Custom commands File Classification Infrastructure : File Classification Infrastructure Extensible infrastructure-Partner ecosystem Inbox end to end scenarios Integration with SharePoint Set classification properties API for external applications Windows Server 2008 R2 File Classification Extensibility points Get classification properties API for external applications Recommendations : Recommendations When using IPSec – employ ESP with encryption Carefully test and verify all IPSec Policies Consider using Domain isolation Use quality of service to improve bandwidth Plan to prioritize traffic on the network Apply network access protection to secure client computers Other Security Features : Other Security Features IPSec Server Domain Isolation Full Volume Bitlocker on Servers New elliptic curve encryption strength Network Level Authentication for RDP Service Profiling New Levels of System Auditing … and many more Slide 56: © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.