Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science

FY06 Q1 What's Next for Microsoft Security

advertisement 
What’s Next for
Microsoft Security?
Kai Axford, CISSP, MCSE-Security
IT Pro Evangelist
Microsoft Corporation
kaiax@microsoft.com
What’s Next for Security?
Our Security Progress so far…
Service Pack 2
Service Pack 1
More than 260 million copies distributed. Enterprise
deployment at 61%
15 times less likely to be infected by malware
Significantly fewer important & critical vulnerabilities
Security Configuration Wizard
More secure by design; more secure by default
More than 4.7 million downloads
Most popular download in Microsoft history!!
Helps protect more than 25 million customers
Great feedback from SpyNet participants
Malicious Software
Removal Tool
As of February 2006
2B total executions; 200M per month
Focus on most prevalent malware
Dramatically reduced the # of Bot infections
What’s Next for Security?
So what products is Microsoft working on now?
Windows Vista
Certificate Lifecycle Manager
Secure Messaging with Antigen and
FrontBridge
Network Access Protection
ISA Server 2006
Windows Vista
Windows Service Hardening: Defense in depth
Windows services are
profiled for allowed
actions to the network,
file system, and registry
Services run with reduced
privilege compared to
Windows XP
Designed to block attempts
by malicious software to
make a Windows service
write to an area of the
network, file system, or
registry that isn’t part of
that service’s profile
Service Hardening
File system
Registry
Active
protection
Network
Windows Vista
Internet Explorer 7.0
Social Engineering Protections
Phishing Filter and Colored Address Bar
Dangerous Settings Notification
Secure defaults for International Domain Names (IDN)
Protection From Exploits
Unified URL Parsing
Code quality improvements (SDL)
ActiveX Opt-in
Protected Mode to prevent malicious software
Windows Vista
User Account Control (UAC)
Challenges
Users with elevated privileges means increased risk
Line of Business (LoB) applications require elevated
privileges to run
Common Operating System Configuration tasks require
elevated privilege
Goal
Allow businesses to move to a better-managed desktop
and consumers to use parental controls
Windows Vista
BitLocker™ Drive Encryption
Formerly Secure Start-up
Designed specifically to prevent
a thief who boots another
Operating System or runs a
hacking tool from breaking
Windows file and system
protections
Provides data protection on your
Windows client systems, even
when the system is in
unauthorized hands or is
running a different or exploiting
Operating System
Uses a v1.2 TPM or USB flash
drive for key storage
BitLocker
BitLocker™ Drive In XP
BitLocker™ Drive In LINUX
1
3
Linux Bitlocker volume errors
1.
2.
2
3.
Fdisk reads partition table... thinks FVE
partition is ntfs
wrong fs type, bad option, bad superblock
on /dev/sda2, missing codepage or other error
Primary boot sector is invalid, Not an
NTFS volumn
demo
What is Microsoft Certificate
Lifecycle Manager?
Single administration point for digital
certificates and smart cards
Configurable policy-based workflows for
common tasks (enroll, renew, revoke, etc.)
Detailed auditing and reporting
Support for both centralized and self-service
scenarios
Integration with existing infrastructure
Certificate Lifecycle Manager
Architectural Overview
Physical Architecture
E-mail
SQL
AD
Microsoft CAs
Microsoft
Certificate
Lifecycle
Manager
End User
Server Side  Certificate Lifecycle Manager
 Windows Server 2003
Certificate Services Add-on
 SQL Server 2000 SP3
 Email/SMTP service
Client Side Certificate Lifecycle Manager
Client
 Bulk Smart Card Issuance Tool
Certificate Lifecycle Manager
Screenshots
Certificate Lifecycle Manager
Screenshots
Certificate Lifecycle Manager
Screenshots
Microsoft Secure Messaging
Multi-Layer Secure Messaging
Managed Services
On-Premise Software
DMZ
FrontBridge E-mail
Filtering Services
Corporate
Network
Internal Firewall
Authentication and Authorization
External Firewall
Internet
Antigen for SMTP
Gateways
Advanced Spam Manager
ISA Server
Antigen for
Exchange
FrontBridge
E-mail Complexity Requires Flexibility
E-mail
Filtering
Layered anti-spam
Multi-engine anti-virus
Customized content and
policy enforcement
Real-time attack
prevention
Message
Archive
Interception-based
message archiving
Customized report
generation for
demonstrating
compliance
Fully-indexed, searchable
archive
Rapid deployment to
meet deadlines or
immediate needs
Secure
E-mail
Full e-mail encryption
No public and private key
management
Gateway, policy-based email encryption
Active
Message
Continuity
Uninterrupted e-mail
accessibility
Rapid recovery from
unplanned disasters and
network outages
30-day historical e-mail
store
FrontBridge
E-Mail Filtering
Edge and
connection-based
blocking
Directory
services, realtime attack
prevention,
multi-layer
virus scanning
and content
filtering
Advanced spam
filtering
Fingerprinting,
SPF lookups,
rules based
scoring
E-Mail queuing
E-Mail quarantine
Microsoft Antigen
What is Antigen?
Antigen for SMTP/Exchange
On-premise, server-based mail scanning
software
Provides antivirus, anti-spam, content and file
filtering
Multiple complementary technologies used
Complete end user control
Protection against internal threats and virus
propagation
Microsoft Antigen
Overview
All Antigen products integrate multiple antivirus engines
from 3rd party vendors. Four engines provided as part of
base cost.
AhnLabs
Authentium Command
CA InoculateIT*
CA VET*
Kaspersky Lab
Norman Data Defense*
Sophos*
Virus Busters
*Default engines
The MS Antivirus engine will be provided in the first
Microsoft-branded version of Antigen
Microsoft Antigen
Signature Updates
Sober.P Virus Detection Time
January 2005 Updates
May 2, 2005 (GMT)
Kaspersky
F-Prot
AVK
BitDefender
Sophos
Command
Ikarus
F-Secure
Fortinet
VirusBuster
Panda
eTrust- INO
AntiVir
Norman
Trend Micro
AVG
Avast
McAfee
eTrust-VET
Symantec
16:39
No. Updates/Day
Kaspersky
18.5
Dr. Web
10.7
Sophos
2.7
BitDefender
1.7
ClamAV
1.5
18:18
AntiVir
1.4
18:18
F-Secure
1.4
Panda
1.3
Ikarus
1.1
Symantec
1.1
Trend Micro
1.0
Time of Day
Hour : Minute
16:54
16:56
17:19
17:27
17:38
18:14
Antigen Engines
18:44
18:49
19:54
20:24
20:46
21:18
21:27
AV-Test.org Feb. 2005
21:33
21:38
23:15
24:38:00
AV-Test.org May 2005
Note: the chart (left) represents a single virus
outbreak only. It does not represent average
response times for the listed antivirus labs.
Microsoft Antigen
Antigen for Exchange
Detects and removes viruses in
e-mail messages and attachments
Scans at SMTP stack (most processing
intensive scans)
Scans real-time at Exchange information
Store
Provides on-demand and scheduled scans
of information store
Uses Microsoft-approved virus scanning API
integration for Exchange 2000 and 2003
Provides advanced content-filtering
capabilities for messages and attachments
Internet
ISA Server
Exchange
Site 1
Exchange
Front End
Exchange
Site 2
Integrates file filtering, keyword filtering and
anti-spam at the SMTP routing level
Protects Exchange Server 5.5, 2000, and
2003
Exchange
Exchange
Public Folder Mailbox
Server
Server
Network Access Protection
Network Access Protection
Why you need a NAP…
Causing loss of productivity and financial loss
Virus entering the enterprise by:
Employees returning from trips
Consultants/guests plugging in
Employees VPN-ing in
Attacking vulnerable machines in the
network
Year
Virus
WW Financial Impact
(USD)
1999
Melissa
1.10 Billion
2000
Love Bug
8.75 Billion
2001
Code Red
2.75 Billion
2002
Klez
750 Million
2003
Slammer
1.25 Billion
Source: Virus Attack Costs are Rising –Again. Computer Economics, Inc. Sept 2003.
IT Administrators looking for tools to:
Manage/Monitor
NAP
Description
Health Check?
Yes
Check machine state before allowing access
Remediate Vulnerabilities?
Yes
In conjunction with SMS/WUS and 3rd Parties
Detect/Manage?
Yes
In conjunction with SMS/MOM and 3rd parties
Network Access Protection
IPSec-based NAP Walk-through
Quarantine
Zone
Boundary
Zone
Protected
Zone
May I have a DHCP
address?
May I have a health
certificate? Here
Here’syou
mygo.
SoH.
Client
DHCP
Client ok?
Yes.
No!
Here’s
yourget
health
Health
You
don’t
a health
Issue health
updates.
certificate. Get updates! Registration Needs
certificate!
IAS
certificate.
I need updates. Authority
Accessing the network
Here you go.
Remediation
Server
ISA Server 2006
Web Access Protection
External Attack Resilience
Internal Attack Resilience
Minimal Downtime
Remediation Measures
Better Management
Extranet
Web
Server
External
Web Site
DMZ
ISA 2006
Appliance
Attacker
Internal
Network
Internet
Administrator
ISA Server 2006
Flood Mitigation
In the last 30 minutes
Did you realize?
Over 1,500 IT Pro’s visited security content on Microsoft.com
250 customers downloaded Windows Server 2003 SP1
Over 50,000 users ran the Malicious Software Removal Tool
2 instances of the Sasser worm were removed
149 Bot infections were found and removed
Over 18,000 additional users installed Windows Defender
~7,500 pieces of spyware and other potentially unwanted software were removed
Microsoft Security Resources
Windows Vista Beta
http://www.microsoft.com/windowsvista/
Certificate Lifecycle Manager Beta
http://www.microsoft.com/windowsserversystem/clm/default.mspx
Antigen and FrontBridge
http://www.microsoft.com/securemessaging
Network Access Protection Beta
http://www.microsoft.com/technet/itsolutions/network/nap/beta.mspx
ISA Server 2006 Beta
http://www.microsoft.com/isaserver/2006/
Related documents
Chapter 1Computer Concept
Chapter 1Computer Concept
Microsoft Dynamics AX Roadmap - The Partner Connections Event
Microsoft Dynamics AX Roadmap - The Partner Connections Event
Activities 1-5 - Classroom Websites
Activities 1-5 - Classroom Websites
FREE Computer Training - Henry Street Settlement
FREE Computer Training - Henry Street Settlement
ASP.NET MVC
ASP.NET MVC
MET 1103 Introduction to Computing
MET 1103 Introduction to Computing
Nichole Klocke de Rodriguez
Nichole Klocke de Rodriguez
Download
advertisement