Ovidiu Pismac
Account Technology Specialist
MCSE Security, CISSP
Microsoft Corporation
Microsoft Trustworthy Computing
Addressing Security Threats with Microsoft
Windows Vista
Windows Server 2008
Forefront security family
Security guidance and resources
Product
Inception
Design
Threat
Modeling
Standards,
Security Push
best practices,
and tools
Final Security
Review
RTM and
Deployment
Signoff
Security
Response
Secure
Platform
Data
Protection
Security Development Lifecycle (SDL)
Kernel Patch Protection
Kernel-mode Driver Signing
Secure Startup
Windows Service Hardening
Rights Management Services (RMS)
SharePoint, Exchange, Windows Mobile integration
Encrypting File System (EFS)
Bitlocker
Secure
Access
User Account Control
Network Access Protection (NAP)
IPv6
IPsec
Windows CardSpace
Native smart card support
GINA Re-architecture
Certificate Services
Credential roaming
Malware
Protection
Windows Defender
Bi-directional Firewall
IE Protected Mode
Windows Security Center
Address Space Layout Randomization (ASLR)
Data Execution Prevention (DEP)
Secure
Platform
Data
Protection
Network
Protection
Security Development Lifecycle (SDL)
Windows Server Virtualization (Hypervisor)
Role Management Tool
OS File Integrity
Rights Management Services (RMS)
Full volume encryption (Bitlocker)
USB Device-connection rules with Group Policy
Improved Auditing
Windows Server Backup
Network Access Protection (NAP)
Server and Domain Isolation with IPsec
End-to-end Network Authentication
Windows Firewall With Advanced Security
On By Default
Identity
Access
Read-only Domain Controller (RODC)
Active Directory Federation Srvcs. (ADFS)
Administrative Role Separation
PKI Management Console
Online Certificate
Status Protocol
Secure collaboration
Easily managing multiple identities
Government sponsored identities (eID)
Hardware supported trust platform
Disparate directories synchronization
Domain/Directory Certificate
Services
Services
ADFS
Centralized ID controls and mgmt.
Embedded identity into applications
Policy Governance / Compliance
Role Based Permissions
Identity and Data Privacy
ILM/MIIS Authorization
Manager
RMS
NAP Essentials:
Health policy validation and remediation
Helps keep mobile devices in compliance
Reduces risk from unauthorized systems on the network
Policy Servers
such as: Patch, AV
Windows
Client
DHCP, VPN
Switch/Router
Microsoft,
Juniper, CISCO,
Not policy
compliant
NPS
Remediation
Servers
Policy
compliant
Corporate Network
Restricted
Network
Example: Patch
Edge, server and client protection
“Point to Point” Solutions
Security of data at rest and in transit
Mobile workforce
Manageability
Corporate
Edge Protection
Server Protection
Client Protection
Consumer/ Small Business
Simple PC maintenance
Anti-Virus
Anti-Spyware
Anti-Phishing
Firewall
Performance Tuning
Backup and Restore
RAV
acquisition
Forefront Server Security
products integrate and ship with
industry-leading antivirus scan
engines from
Each scan job in a Forefront
Server Security product can run
up to five engines simultaneously
•Internal Messaging and
Collaboration Servers
A
B
C
D
E
Forefront engine sets and other vendors
•= less than 5 hours
•= bet 5 and 24 hours
•= more than 24 hours
Signature response times in hours
FF Set 1
FF Set 2
FF Set 3
FF Set 4
FF Set 5
Engine M
Engine S
Engine T
0406 Mytob.NQ@mm
1.53
1.00
1.00
1.00
3.07
9.93
17.35
2.10
0406 Mytob.NQ@mm
1.00
1.12
1.00
1.00
1.00
28.07
11.57
3.52
23.03
1.00
23.03
25.28
1.00
0.00
29.90
39.02
0406 Nugache.a
1.00
25.45
1.00
1.00
1.00
34.10
12.90
48.05
0506 Numuen.F
0.00
24.43
0.00
0.00
0.00
1.00
10.33
14.95
0506 Numuen.H
1.00
31.72
1.00
1.00
1.00
103.83
251.85
114.78
0506 Numuen.G
3.15
8.20
3.15
3.15
3.15
1.00
151.80
468.97
0506 Banwarum.C@mm
87.47
1.00
87.47
87.47
1.00
116.73
72.95
129.25
0506 Banwarum.B@mm
12.05
1.00
1.82
1.82
1.00
116.73
22.45
32.85
0506 Rbot!E905
0.00
0.00
0.00
0.00
0.00
1,141.78
217.57
1.00
0606 Bagle.EG
0.00
0.00
0.00
0.00
0.00
0.00
7.32
0.00
0606 Bagle.EH@mm
0.00
1.25
0.00
0.00
0.00
0.00
18.43
0.00
0606 Bagle.EG@mm
0.00
3.62
0.00
0.00
1.00
0.00
26.48
0.00
0606 Bagle.LY@mm
0.00
0.00
0.00
0.00
0.00
0.00
6.40
2.47
0706 Feebs.gen@mm
0.00
0.00
0.00
0.00
0.00
0.00
0.00
503.80
0706 Feebs.EU
0.00
1.00
0.00
0.00
0.00
52.30
173.17
38.97
0706 Virut.A
0.00
0.00
0.00
0.00
0.00
0.00
0.00
1,317.02
MM/YY VIRUS
0406 Spybot!04C2
A
Engines used are not
always the same.They are
dynamically allocated
from the available pool.
B
Bias
Max Certainty: uses all engines (100%)
Favor Certainty: uses all available engines
Neutral: uses approximately 50% of available engines
Favor Performance: uses 25% of available engines
Max Performance: uses one engine for every scan
Client Anti-Malware Unified Protection
One engine for virus and spyware protection
®
Used in Windows Defender, OneCare, Forefront Client Security
Protection for Windows 2000 Workstation/Server, Windows XP,
Windows 2003, Windows Vista and Windows Server 2008 clients
Compatible with NAP / Longhorn through Windows Security Center
Detection and removal capabilities include:
Real-time, scheduled or on-demand detection & removal
Real-time detection uses Windows Filter Manager technology
Checks to ensure system is fully functional after cleaning
Scanning dozens of archives and packers
Using tunneling signatures that bypass user mode rootkits
Code emulation for behavior analysis and polymorphic viruses
Heuristic detections for new malware
Client Anti-Malware Unified Protection
FOR INDIVIDUAL USERS
MSRT
Remove most
prevalent viruses
Remove all
known viruses
Real-time
antivirus
Remove all
known spyware
Real-time
antispyware
Central reporting
and alerting
Customization
IT Infrastructure
Integration
Windows
Defender
FOR BUSINESSES
Windows Live
Microsoft
OneCare Safety Windows Live Forefront Client
Scanner
OneCare
Security
Critical Visibility & Control
FCS is also a vulnerability assessment system
•“Is my environment
compliant with security
best practices?”
•“Has my level of
vulnerability exposure
changed over time?”
•“What portion of my
environment is at high
risk?”
Poor integration across the platform
“Point to Point” Solutions
Standards Adoption
Compliance Reporting
Manageability
Management System
System Center, Active Directory GPO
Data
BitLocker, EFS, RMS, SharePoint, SQL
User
Active Directory and Identity Lifecycle Mgr
Application
SDL process, IIS, Visual Studio, and .NET
Device
Forefront Client Security, Exchange IMF
Internal Network
Perimeter
Network Access Protection, IPSec
Forefront Edge and Server Security, NAP
“DEFENSE IN DEPTH”
End-users awareness is on base level
“Policies, Procedures & Awareness”
Security awareness can affect any
aspect of the organization security
Security awareness is an important
part in security because many
attacks rely on human error to be
successful.
Data
Applications
Workstations / Hosts
Network
Network Border
Physical security
Policies, Procedures & Awareness
Microsoft Security Home Page: www.microsoft.com/security
Microsoft Security Portal: www.microsoft.com/security/portal
Microsoft Trustworthy Computing: www.microsoft.com/security/twc
Microsoft Forefront: www.microsoft.com/forefront
Microsoft OneCare: www.windowsonecare.com
Infrastructure Optimization: www.microsoft.com/io
Microsoft Security Assessment Tool: www.microsoft.com/security/msat
General Information:
Microsoft Live Safety Center: safety.live.com
Microsoft Security Response Center: www.microsoft.com/security/msrc
Security Development Lifecycle: http://msdn2.microsoft.com/enus/library/ms998404.aspx
Get the Facts on Windows and Linux: www.microsoft.com/windowsserver/compare
Anti-Malware:
Understanding malware http://download.microsoft.com/download/a/b/e/abefdf1c96bd-40d6-a138-e320b6b25bd3/understandingantimalwaretechnologies.pdf
Microsoft Defender: www.microsoft.com/athome/security/spyware/software
Spyware Criteria: www.microsoft.com/athome/security/spyware/software/isv
Guidance Centers:
Security Guidance Centers: www.microsoft.com/security/guidance
Security Guidance for IT Professionals: www.microsoft.com/technet/security
The Microsoft Security Developer Center: msdn.microsoft.com/security
The Security at Home Consumer Site: www.microsoft.com/athome/security
Certifications and awards for Forefront&Windows
OneCare:
VB 100% award Forefront Client Security April 2008 on
Vista SP1 Business Edition
VB 100% award Forefront Client Security June 2007 On
Windows XP and August 2007 on Windows Vista x64
ICSA Labs certification – Forefront is the only product
certifed for Exchange 2007
West Coast Labs’ Checkmark certification
Industry thought leadership
“Behavioral Classification” paper delivered at 2006
European Institute for Computer Antivirus Research
(EICAR) conference
http://www.virusbtn.com/vb100/archive/results?vendor=VE52
•
Source: Gartner, Magic Quadrant for E-Mail Security Boundary, 2006
Gartner Magic Quadrant for endpoint protection platform December2007
•Banca Transilvania
•Petrom
•Hidroelectrica
•Toyota Romania
•Romgaz
•Zentiva
•Ministerul Integrarii Europene
• and many … many others!
The following platform &
application products have earned
Common Criteria certification
(EAL4+) – highest certification for
commercial software:
• Windows Server 2003
Standard Edition SP 1
•
Enterprise Edition SP 1
•
Datacenter Edition SP 1
• Windows Server 2003
Certificate Services
• Windows XP Professional SP 2
• Windows XP Embedded SP 2
• Exchange Server 2003
• ISA Server 2004
• Rights Management Service
• Windows Mobile 5/6 EAL2+
© 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market
conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.