ovidiu pismac account technology specialist mcse security, cissp microsoft corporation
TRANSCRIPT
Ovidiu PismacAccount Technology SpecialistMCSE Security, CISSPMicrosoft Corporation
Microsoft Trustworthy ComputingAddressing Security Threats with Microsoft
Windows VistaWindows Server 2008Forefront security family
Security guidance and resources
DesignThreat Modeling
Standards, best practices, and tools
Security Push
Final Security Review RTM and Deployment
Signoff
Security Response
Product Inception
Secure Platform
Secure Access
Data Protection
Rights Management Services (RMS) SharePoint, Exchange, Windows Mobile integration
Encrypting File System (EFS)Bitlocker
MalwareProtection
User Account ControlNetwork Access Protection (NAP)IPv6IPsec Windows CardSpace
Native smart card supportGINA Re-architectureCertificate ServicesCredential roaming
Security Development Lifecycle (SDL)Kernel Patch ProtectionKernel-mode Driver Signing
Secure StartupWindows Service Hardening
Windows DefenderIE Protected ModeAddress Space Layout Randomization (ASLR)Data Execution Prevention (DEP)
Bi-directional FirewallWindows Security Center
Security Development Lifecycle (SDL)Windows Server Virtualization (Hypervisor)Role Management ToolOS File Integrity
Secure Platform
Network Protection
IdentityAccess
Data Protection
Read-only Domain Controller (RODC)Active Directory Federation Srvcs. (ADFS)Administrative Role Separation
PKI Management ConsoleOnline CertificateStatus Protocol
Network Access Protection (NAP)Server and Domain Isolation with IPsecEnd-to-end Network AuthenticationWindows Firewall With Advanced Security
On By Default
Rights Management Services (RMS) Full volume encryption (Bitlocker)USB Device-connection rules with Group Policy
Improved AuditingWindows Server Backup
AuthorizationManager
RMSILM/MIISADFSDomain/DirectoryServices
CertificateServices
Secure collaborationEasily managing multiple identitiesGovernment sponsored identities (eID)Hardware supported trust platformDisparate directories synchronization
Centralized ID controls and mgmt.Embedded identity into applicationsPolicy Governance / ComplianceRole Based PermissionsIdentity and Data Privacy
NAP Essentials:Health policy validation and remediationHelps keep mobile devices in complianceReduces risk from unauthorized systems on the network
Remediation
ServersExample: Patch
RestrictedNetwork
WindowsClient
Policy Policy compliacomplia
ntnt
NPSDHCP, VPN
Switch/RouterMicrosoft, Juniper, CISCO,
Policy Servers
such as: Patch, AV
Corporate Network
Not Not policy policy
compliancompliantt
Consumer/ Small Business
Corporate
Client ProtectionServer Protection Edge Protection
Simple PC maintenanceAnti-Virus Anti-SpywareAnti-Phishing
FirewallPerformance TuningBackup and Restore
Edge, server and client protection“Point to Point” SolutionsSecurity of data at rest and in transitMobile workforceManageability
RAV acquisition
Forefront Server Security products integrate and ship with industry-leading antivirus scan engines from
Each scan job in a Forefront Server Security product can run up to five engines simultaneously
•Internal Messaging and
Collaboration Servers
A B C ED
Forefront engine sets and other vendors
Signature response times in hours
MM/YY VIRUS FF Set 1 FF Set 2 FF Set 3 FF Set 4 FF Set 5 Engine M Engine S Engine T
0406 Mytob.NQ@mm 1.53 1.00 1.00 1.00 3.07 9.93 17.35 2.10
0406 Mytob.NQ@mm 1.00 1.12 1.00 1.00 1.00 28.07 11.57 3.52
0406 Spybot!04C2 23.03 1.00 23.03 25.28 1.00 0.00 29.90 39.02
0406 Nugache.a 1.00 25.45 1.00 1.00 1.00 34.10 12.90 48.05
0506 Numuen.F 0.00 24.43 0.00 0.00 0.00 1.00 10.33 14.95
0506 Numuen.H 1.00 31.72 1.00 1.00 1.00 103.83 251.85 114.78
0506 Numuen.G 3.15 8.20 3.15 3.15 3.15 1.00 151.80 468.97
0506 Banwarum.C@mm 87.47 1.00 87.47 87.47 1.00 116.73 72.95 129.25
0506 Banwarum.B@mm 12.05 1.00 1.82 1.82 1.00 116.73 22.45 32.85
0506 Rbot!E905 0.00 0.00 0.00 0.00 0.00 1,141.78 217.57 1.00
0606 Bagle.EG 0.00 0.00 0.00 0.00 0.00 0.00 7.32 0.00
0606 Bagle.EH@mm 0.00 1.25 0.00 0.00 0.00 0.00 18.43 0.00
0606 Bagle.EG@mm 0.00 3.62 0.00 0.00 1.00 0.00 26.48 0.00
0606 Bagle.LY@mm 0.00 0.00 0.00 0.00 0.00 0.00 6.40 2.47
0706 Feebs.gen@mm 0.00 0.00 0.00 0.00 0.00 0.00 0.00 503.80
0706 Feebs.EU 0.00 1.00 0.00 0.00 0.00 52.30 173.17 38.97
0706 Virut.A 0.00 0.00 0.00 0.00 0.00 0.00 0.00 1,317.02
•= less than 5 hours
•= bet 5 and 24 hours
•= more than 24 hours
Bias
Engines used are not always the same.They
are dynamically allocated from the
available pool.
A
B
Max Certainty: uses all engines (100%) Favor Certainty: uses all available engines
Neutral: uses approximately 50% of available engines
Favor Performance: uses 25% of available enginesMax Performance: uses one engine for every scan
One engine for virus and spyware protection
Used in Windows® Defender, OneCare, Forefront Client
Security
Protection for Windows 2000 Workstation/Server, Windows XP, Windows 2003, Windows Vista and Windows Server 2008 clients
Compatible with NAP / Longhorn through Windows Security Center
Detection and removal capabilities include:
Real-time, scheduled or on-demand detection & removal
Real-time detection uses Windows Filter Manager technology
Checks to ensure system is fully functional after cleaning
Scanning dozens of archives and packers
Using tunneling signatures that bypass user mode rootkits
Code emulation for behavior analysis and polymorphic viruses
Heuristic detections for new malware
Client Anti-Malware Unified Client Anti-Malware Unified ProtectionProtection
Remove most Remove most prevalent viruses prevalent viruses
Remove all Remove all known known
viruses viruses Real-time Real-time antivirusantivirus
Remove all Remove all known known
spywarespywareReal-time Real-time
antispywareantispyware
Central reporting Central reporting and alertingand alerting
CustomizationCustomization
MicrosoftMicrosoft
Forefront Forefront ClientClient
SecuritySecurity
MSRTMSRT Windows Windows DefenderDefender
Windows Live Windows Live OneCare Safety OneCare Safety
Scanner Scanner Windows Windows
Live Live OneCare OneCare
IT Infrastructure IT Infrastructure IntegrationIntegration
FOR INDIVIDUAL USERSFOR INDIVIDUAL USERS FOR FOR BUSINESSESBUSINESSES
Client Anti-Malware Unified Client Anti-Malware Unified ProtectionProtection
•“Is my environment
compliant with security best practices?”
•“Has my level of vulnerability
exposure changed over time?”
•“What portion of my environment is
at high risk?”
Critical Visibility & Control Critical Visibility & Control FCS is also a vulnerability assessment FCS is also a vulnerability assessment system system
Management SystemManagement System System Center, Active Directory GPO
Forefront Edge and Server Security, NAP
Perimeter
Network Access Protection, IPSec
Internal Network
Forefront Client Security, Exchange IMFDevice
SDL process, IIS, Visual Studio, and .NET
Application
BitLocker, EFS, RMS, SharePoint, SQLData
User Active Directory and Identity Lifecycle Mgr
Poor integration across the platform“Point to Point” SolutionsStandards AdoptionCompliance ReportingManageability
End-users awareness is on base level “Policies, Procedures & Awareness”
Security awareness can affect any aspect of the organization security
Security awareness is an important part in security because many attacks rely on human error to be successful.
Policies, Procedures & Awareness
Network BorderNetwork Border
Network Network
Workstations / HostsWorkstations / Hosts
ApplicationsApplications
DataData
Physical securityPhysical securityPhysical securityPhysical security
“DEFENSE IN DEPTH”
Microsoft Security Home Page: www.microsoft.com/securityMicrosoft Security Portal: www.microsoft.com/security/portal Microsoft Trustworthy Computing: www.microsoft.com/security/twcMicrosoft Forefront: www.microsoft.com/forefrontMicrosoft OneCare: www.windowsonecare.com Infrastructure Optimization: www.microsoft.com/ioMicrosoft Security Assessment Tool: www.microsoft.com/security/msat
General Information:Microsoft Live Safety Center: safety.live.comMicrosoft Security Response Center: www.microsoft.com/security/msrcSecurity Development Lifecycle:
http://msdn2.microsoft.com/en-us/library/ms998404.aspxGet the Facts on Windows and Linux:
www.microsoft.com/windowsserver/compare
Anti-Malware:Understanding malware
http://download.microsoft.com/download/a/b/e/abefdf1c-96bd-40d6-a138-e320b6b25bd3/understandingantimalwaretechnologies.pdf
Microsoft Defender: www.microsoft.com/athome/security/spyware/softwareSpyware Criteria: www.microsoft.com/athome/security/spyware/software/isv
Guidance Centers:Security Guidance Centers: www.microsoft.com/security/guidanceSecurity Guidance for IT Professionals: www.microsoft.com/technet/securityThe Microsoft Security Developer Center: msdn.microsoft.com/securityThe Security at Home Consumer Site: www.microsoft.com/athome/security
Certifications and awards for Forefront&Windows OneCare:
VB 100% award Forefront Client Security April 2008 on Vista SP1 Business EditionVB 100% award Forefront Client Security June 2007 On Windows XP and August 2007 on Windows Vista x64ICSA Labs certification – Forefront is the only product certifed for Exchange 2007West Coast Labs’ Checkmark certification
Industry thought leadership“Behavioral Classification” paper delivered at 2006 European Institute for Computer Antivirus Research (EICAR) conference
http://www.virusbtn.com/vb100/archive/results?vendor=VE52
Source: Gartner, Magic Quadrant for E-Mail Security Boundary, 2006
•
Gartner Magic Quadrant for endpoint protection platform December2007
•Banca Transilvania•Petrom•Hidroelectrica•Toyota Romania•Romgaz•Zentiva•Ministerul Integrarii Europene• and many … many others!
The following platform & The following platform & application products have earned application products have earned
Common Criteria certification Common Criteria certification (EAL4(EAL4++) – highest certification for ) – highest certification for
commercial software:commercial software:
• Windows Server 2003Standard Edition SP 1
• Enterprise Edition SP 1
• Datacenter Edition SP 1
• Windows Server 2003 Certificate Services
• Windows XP Professional SP 2
• Windows XP Embedded SP 2
• Exchange Server 2003• ISA Server 2004
• Rights Management Service
• Windows Mobile 5/6 EAL2+
© 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the
date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.