Date post: | 29-Jan-2016 |
Category: |
Documents |
Upload: | matthew-hudson |
View: | 213 times |
Download: | 0 times |
Future of theServer Room Tour
<Name><Title><Date>
Future of Your Server Room
Three Pillars of Windows Server 2008Virtualization Today and TomorrowTake Control of Your NetworkBring Security to the Forefront
Ottawa Montreal Calgary Vancouver Toronto
Security ChallengesSecurity is still a key priority
73% of IT Pro’s fear losing their job due to security breach*65% of attacks are initiated internally**
Multiple servers, multiple different AV tools; different AV tool, different management toolOut of date AV definitions open the door to possible threatsManagement and monitoring of client security
Ottawa Montreal Calgary Vancouver Toronto
* King Research 2007** Gartner Report 2006
Defence In-Depth
Ottawa Montreal Calgary Vancouver Toronto
Policies, Procedures, & Awareness
Physical Security
Using a layered approach:Increases an attacker’s risk of detectionReduces an attacker’s chance of success
OS hardening, authentication, patch management
Firewalls, Network Access Quarantine Control
Application hardening, antivirus
ACLs, encryption, EFS
Security documents, user education
Perimeter
Internal Network
Host
Application
Data
Guards, locks, tracking devices
Network segments, IPSec, NIDS
3 Dimensions of Client Security
Ottawa Montreal Calgary Vancouver Toronto
User Account Control
IE7 with Protected Mode
Randomize Address Space Layout
Advanced Desktop Firewall
Kernel Patch Protection (64bit)
Unified Virus & Spyware Protection
Central Management
Reporting, Alerting and State Assessment
Infrastructure Software Integration
Policy Based Network Segmentation
Restrict-To-Trusted Net Communications
Server and Domain Isolation (SD&I)
Combined SolutionWindows Vista™
Forefront™ Client Security
BitLocker
Protects data when it is at restAvailable in Vista and Server 2008Provides for cost effective decommissioning
Capable of almost instant disk sanitationSignificantly reduces cost of PC asset decommissioning
Ottawa Montreal Calgary Vancouver Toronto
NetworkAccessRequests Not Compliant
Policy Compliant
How NAP Works
Corporate Network
Restricted Network
WindowsClient
NetworkAccessDevices
NPS
ActiveDirectory
RemediationServers
HealthStatements
QA
SHA
EC QS
SHV
Ottawa Montreal Calgary Vancouver Toronto
Ottawa Montreal Calgary Vancouver Toronto
Demo
DHCP Based NAP
Security Landscape
Ottawa Montreal Calgary Vancouver Toronto
ForeFront Server Security
Centralized management of all the ForeFront Security toolsContent filtering for SharePointSpam protection for Exchange 2007Rapid updating of AV enginesMultiple engines to better protect your servers and clients
Ottawa Montreal Calgary Vancouver Toronto
Multiple Engine Advantage• Rapid response to
new threats
• Fail-safe protection through redundancy
• Diversity of anti-virus engines and heuristics
• Small footprint on servers
Response Time (hours)Forefront Set 1
Forefront Set 2
Forefront Set 3
Vendor A
Vendor B
Vendor C
0406 Mytob.NQ@mm 1.5 1.0 3.1 9.9 17.4 2.1
0406 Mytob.NQ@mm 1.0 1.0 1.0 28.1 11.6 3.5
0406 Spybot!04C2 23.0 23.0 1.0 0.0 29.9 39.0
0406 Nugache.a 1.0 1.0 1.0 34.1 12.9 48.1
0506 Numuen.F 0.0 0.0 0.0 1.0 10.3 15.0
0506 Numuen.H 1.0 1.0 1.0 103.8 251.9 114.8
0506 Numuen.G 3.2 3.2 3.2 1.0 151.8 469.0
0506 Banwarum.C@mm 87.5 87.5 1.0 116.7 73.0 129.3
0506 Banwarum.B@mm 12.1 1.8 1.0 116.7 22.5 32.9
0506 Rbot!E905 0.0 0.0 0.0 1,141.8 217.6 1.0
0606 Bagle.EG 0.0 0.0 0.0 0.0 7.3 0.0
0606 Bagle.EH@mm 0.0 0.0 0.0 0.0 18.4 0.0
0606 Bagle.EG@mm 0.0 0.0 1.0 0.0 26.5 0.0
0606 Bagle.LY@mm 0.0 0.0 0.0 0.0 6.4 2.5
0706 Feebs.gen@mm 0.0 0.0 0.0 0.0 0.0 503.8
0706 Feebs.EU 0.0 0.0 0.0 52.3 173.2 39.0
0706 Virut.A 0.0 0.0 0.0 0.0 0.01,317.
0
> 24 hrs
4 to 24 hrs
< 4 hrs
1AVTest.org, 2006
Ottawa Montreal Calgary Vancouver Toronto
Unified malware protection for business
desktop computers, mobile computers, and
server operating systems that is easier to
manage and control
One solution for spyware and virus protection
Built on protection technology used by millions worldwide
Effective threat response
Complements other Microsoft security products
One console for simplified security administration
Define policy to manage client protection agent settings
Deploy signatures and software faster
Integrates with your existing infrastructure
One dashboard for visibility into threats and vulnerabilities
View insightful reports
Stay informed with state assessment scans and security alerts
Client Security
Ottawa Montreal Calgary Vancouver Toronto
FCS Architecture
Ottawa Montreal Calgary Vancouver TorontoNovember 2006
13
ForeFront Update Distribution
WSUS WSUS helper (if WSUS 2.0)
Force WSUS 2.0 to sync up with Microsoft Update hourly
Auto-approval rules for FCS definition updatesSubscribe to FCS product category and definition update classificationFailover to Microsoft Update
Ottawa Montreal Calgary Vancouver Toronto
ForeFront Client Policies
FCS policy manages the followingAntimalware and Security State Assessment scan settingsSignature override settingsAlert levels and reportingAdvanced settings
Signature check frequencyPath and file extension exclusionsClient UI options
Ottawa Montreal Calgary Vancouver Toronto
Ottawa Montreal Calgary Vancouver Toronto
Demo
FCS Administration
Deploying Policies via File
Ability to deploy and report on a policy distributed outside of Group Policy
Exports the policy to a .reg fileImport on the client using the included “FCSLocalPolicyTool.exe”
Q: Why can’t I just double-click the .reg file and import?A1: Service is listening for an update via GP, and this won’t raise the proper event – policy won’t be picked up until you stop/start the serviceA2: The tool creates the proper LGPO object, which is the prescribed method to update policy
Can be used to distribute policy to non-AD machines (via scripts or other distribution tool)
Ottawa Montreal Calgary Vancouver Toronto
Ottawa Montreal Calgary Vancouver Toronto
Demo
Deploying FCS
ForeFront Reporting
Ottawa Montreal Calgary Vancouver Toronto
Security SummaryAlert
Summary
Threat Summary
State Assessment
Deployment Summary
Ottawa Montreal Calgary Vancouver Toronto
VisibilityIs my environment compliant with outlined policies?
Have I been exposed to and potential security threats?
Are any of my clients or servers at risk?
Guidance
Developer Tools
SystemsManagement
Active Directory Federation Services
(ADFS)
Identity Management
Services
Information Protection
Encrypting File System (EFS)
BitLocker™Network Access Protection (NAP)
Client and Server OS
Server Applications
Edge
Ottawa Montreal Calgary Vancouver Toronto
Putting the Puzzle Together
Key Points So Far....
Ottawa Montreal Calgary Vancouver Toronto
Defence •Mitigate internal threats•NAP/NPS to determine health of PCs
In •Deploy policies with or without AD•Report on the state of AV
Depth •Centralize management•MOM 2005 Built in
Today’s Highlights
Ottawa Montreal Calgary Vancouver Toronto
•More Control•Greater Flexibility•Increased Security
Three Pillars
•Licensing Changes•Familiar management toolsVirtualization
•Monitor – not just Microsoft products•Report – State of network, security auditing•Act – Be proactive about maintenance
Management
•Defence In Depth•Mitigate internal threats•Leverage FCS reporting to determine state of networkSecurity
Resources
Microsoft.ca/technet/fosr/resources
Blogs.technet.com/canitpro
Blogs.technet.com/cdnitmanagers
Ottawa Montreal Calgary Vancouver Toronto
Ottawa Montreal Calgary Vancouver Toronto
Thanks! Please Submit Your Evaluations!
9 is good, 1 is bad!
Please tell us how we can do better!
Winners!
Ottawa Montreal Calgary Vancouver Toronto
Ottawa Montreal Calgary Vancouver Toronto
Questions
Ottawa Montreal Calgary Vancouver Toronto
© 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be
interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.