FDCC Shelly Bird Architect Microsoft Public Sector Services.

Slides:



Advertisements
Similar presentations
Presented by Nikita Shah 5th IT ( )
Advertisements

This course is designed for system managers/administrators to better understand the SAAZ Desktop and Server Management components Students will learn.
Configuring Windows to run Dr.Web scanner remotely.
FDCC Implementation Efforts at Idaho National Laboratory Justin Hansen NLIT 2009.
Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department of Energy’s National Nuclear.
Federal Desktop Core Configuration and the Security Content Automation Protocol Peter Mell, National Vulnerability Database National Institute of Standards.
Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department of Energy’s National Nuclear.
NETOP REMOTE CONTROL What’s new in version 9.5? DECEMBER 09 NETOP REMOTE CONTROL1.
Windows 8: Windows To Go Overview Zvezdan PavkovicTanya Koval Senior ConsultantArchitect WCL333.
Windows XP Service Pack 2 Deployment Dave Lee West Campus.
A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.
Connect with life Gopikrishna Kannan Program Manager | Microsoft Corporation
Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.
Changes in Windows XP Service Pack 2
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 14: Windows Server 2003 Security Features.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
A Tour of System Center Configuration Manager Adam Duffy Edina Public Schools.
Microsoft ® Application Virtualization 4.5 Infrastructure Planning and Design Series.
MICROSOFT ASSESSMENT AND PLANNING (MAP) TOOLKIT LAB Dev Chaudhari zevenseas India.
Windows Anti-virus and Security WNUG Meeting
Ran Oelgiesser, Sr. Product Manager Praveen Vijayaraghavan, Program Manager (Virtual PC) Yigal Edery, Group Program Manager (MED-V)
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?
Ravi Sankar Technology Evangelist | Microsoft Corporation
Module 16: Software Maintenance Using Windows Server Update Services.
Microsoft ® Application Virtualization 4.6 Infrastructure Planning and Design Published: September 2008 Updated: February 2010.
Microsoft Desktop Virtualization Migrating to Windows 7 With MED-V.
Task Scheduler Pro Managing scheduled tasks across the enterprise Joe Vachon Sales Engineer.
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.
Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.
Terminal Services in Windows Server ® 2008 Infrastructure Planning and Design.
Windows Vista: Deployment. What Will We Cover? Managed Deployment Advantages Windows Imaging Windows Preinstallation Environment Application Compatibility.
1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.
Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.
Module 4: Add Client Computers and Devices to the Network.
1. Windows Vista Enterprise And Mid-Market User Scenarios 2. Customer Profiling And Segmentation Tools 3. Windows Vista Business Value And Infrastructure.
Hands-On Microsoft Windows Server 2008
Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.
Successful Deployment and Solid Management … Close Relatives Tim Sinclair, General Manager, Windows Enterprise Management.
Conditions and Terms of Use
Module 13: Maintaining Software by Using Windows Server Update Services.
AMSI Hosting Options User Panel Discussion Presented by Brian Torney Session 107 Advantages of Self Hosting.
Module 14: Configuring Server Security Compliance
Network Management Tool Amy Auburger. 2 Product Overview Made by Ipswitch Affordable alternative to expensive & complicated Network Management Systems.
Automating Enterprise IT Management by Leveraging Security Content Automation Protocol (SCAP) John M. Gilligan May, 2009.
CN1176 Computer Support Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+
SMS 2003 Deployment and Managing Windows Security Rafal Otto Internet Services Group Department of Information Technology CERN 26 May 2016.
Mark Aslett Microsoft Introduction to Application Compatibility.
11 SUPPORTING APPLICATIONS IN WINDOWS XP PROFESSIONAL Chapter 9.
1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.
Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 1 LANL-stor and the Challenges of Evolutionary Development Managing.
Shai Tirosh Windows Server Regional Director artNET Experts.
1 © Copyright 11/5/2015 BMC Software, Inc Click-through Demonstration BMC + McAfee = Automated Policy Compliance.
Security Checklists for IT Products. Agenda Overview of Checklist Program Discussion of Operational Procedures Current Status Next Steps.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.
Module 4 Planning for Group Policy. Module Overview Planning Group Policy Application Planning Group Policy Processing Planning the Management of Group.
Microsoft Management Seminar Series SMS 2003 Change Management.
INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used? Tripwire.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Administering Group Policy Chapter Eleven. Exam Objectives in this Chapter  Plan a Group Policy strategy using Resultant Set of Policy Planning mode.
NetTech Solutions Protecting the Computer Lesson 10.
Ellis Paul Technical Solution Specialist – System Center Microsoft UK Operations Manager Overview.
Internet Explorer 7 Updated Advice for the NHS 04 February 2008 Version 1.3.
Page PearsonAccess™ Technology Training Online Test Configuration.
Planning Server Deployments Chapter 1. Server Deployment When planning a server deployment for a large enterprise network, the operating system edition.
Federal Desktop Core Configuration FDCC NLIT 2008 May 2008 Stan Hall Cyber Technology Development Technical Project Manager Sandia is a multiprogram laboratory.
Welcome.  Henrietta TurnerManager, License Administration Colorado Parks & Wildlife (CPW) IPAWS Project Sponsor  Ken ThomSenior IT Project Manager Governor’s.
Unit 27: Network Operating Systems
EDUCAUSE Security Professionals Conference 2018 Jason Pufahl, CISO
John Taylor, Deputy CISO Martin Myers, IT Architect
Presentation transcript:

FDCC Shelly Bird Architect Microsoft Public Sector Services

History Deliverables Configuration Details Testing and Troubleshooting

Federal Desktop Core Configuration (FDCC)

Services Offering for security conscious customers provided to over forty military and civilian agencies:

Standard Settings Review – introduce and solidify security and configuration decisions Image Build Session – apply those decisions in an Agency standard baseline Application Compatibility – educate on tools and methods to solve issues Typically delivered in six to eight weeks

Nov 2004 NSA, DISA, NIST, CIS, & Microsoft Consensus on XP Feb 2005 USAF Major Commands’ consensus XP, IE6, and Office 2003 settings Q USAF Major Commands’ consensus Vista, IE7, and Office 2007 settings Q DoD consensus on Vista settings Mar 2007 OMB Memo Feb 2008 Civilian Standard Desktop Standard Q Microsoft Security Guide for XP Mid NIST SCAP Std Config Work at Civilian and Military Agencies Q Microsoft Security Guide for Vista 2003 IRS

Clear target for government developers Revised on a quarterly basis Standardize security and configuration Cut costs Simplify deployments Focus audits Drive vendor development decisions Improve security

Federal Desktop Core Configuration (FDCC)

FDCC Q XP = includes IE7 Settings, XP Security Settings, Additional Settings, Additional XP-Specific Settings FDCC Q Vista = includes IE7, XP Security Settings, Additional Settings, Additional Vista-Specific Settings

Both operating systems FDCC Q Account Policy FDCC Q Additional Settings FDCC Q IE7 Settings Windows XP SP2 FDCC Q XP Firewall Settings FDCC Q XP Security Settings FDCC Q XP-Specific Additional Settings Windows Vista FDCC Q Vista Firewall Settings FDCC Q Vista Security Settings FDCC Q Vista-Specific Additional Settings

Windows XP SCAP content covers: FDCC Q Account Policy FDCC Q Additional Settings FDCC Q XP Security Settings FDCC Q XP-Specific Additional Settings Windows XP Firewall SCAP content FDCC Q XP Firewall Settings Windows Vista Firewall SCAP content FDCC Q Vista Firewall Settings Windows Vista SCAP content covers: FDCC Q Account Policy FDCC Q Additional Settings FDCC Q Vista Security Settings FDCC Q Vista-Specific Additional Settings IE7 SCAP content FDCC Q IE7 Settings (use on both XP and Vista)

Settings: a master database generates a spreadsheet: Group Policy Path Setting Name Setting for XP Setting for Vista Group Policy File Name Registry Key related to the group policy setting SCAP CCE numbers for testing Frequently Asked Questions Guidance on how to load VPCs and GPOs Address common questions about FDCC Where SCAP content gives false negatives

Federal Desktop Core Configuration (FDCC)

Typical user must run as User Not Power User, Not Administrator Firewall (inbound) On Local Admins cannot edit firewall settings File and Print Sharing Off IE7 Protected Mode On (Vista only) Password Length set to 12 characters “Challenge” Settings FIPS turned On Driver Signing turned On (XP only)

Java in IE7 settings Disabled ActiveX Controls cannot be loaded by Normal Users But Vista has ActiveX Install Service

Local Group Policy Object tool Takes FDCC GPOs provided by NIST, applies them to local group policy Allows use of a Delta file (your variances) See the latest webcast by Aaron Margosis to get full details on usage Get the tool from Microsoft FDCC Blog

Federal Desktop Core Configuration (FDCC)

Accountability: how to pass the audits Security Content Automation Protocol (SCAP) Some variances permitted, but must provide: Reason for the variance Get Healthy date Compatibility: prove applications and drivers work

Testing and Troubleshooting

Baseline Security Scanner A Security Scanner B SCAP Data Baseline Security Scanner A Security Scanner B

Final step: confirm settings haven’t changed Security auditors will use the same SCAP data to confirm compliance repeatedly Eventually: requirement for regular enterprise wide scan and reports Since this is a manufacturer independent baseline file, expect growing support Microsoft has the Desired Configuration Monitoring (DCM) which runs on top of Systems Center Configuration Manager (SCCM), and an SCAP converter tool

Testing and Troubleshooting

Originally the Windows Vista Hardware Assessment tool WMI queries, no agent required on systems

Pick machines that are representative of what applications a department likes to run Load ACT Collection Package Example: \\w70ffxkms\act5ffx\Collect.exe Run once logged in as Administrator or via package delivered by software distribution system Result: repository information on what applications and/or hardware will work well with Vista, Internet Explorer 7 and XP SP2 Good internal tool for tracking application compatibility results

Red Light, Green Light, Yellow Light Vendor Assessment

Federal Desktop Core Configuration (FDCC)

Users log on as Normal User--therefore: Management systems (examples: SMS, Tivoli, Altiris, Remote Desktop capabilities) will be critical to success Must have mature help desks/remote support Developers must code so software runs as User Log in as User now to flag problem applications Capture data about hardware and software SMS Queries, Tivoli queries, etc. Application Compatibility Toolkit (ACT) Microsoft Assessment and Planning tool (MAP) Gather information on firewall exceptions Run a Standard Settings Review

Leverage Microsoft Deployment Toolkit Dynamic injection of drivers if you work with MDT or SCCM (Windows Image or WIM) Can capture at the end with any imaging tool Use the latest drivers Adjust NIST GPOs to your SSR decisions Variances can be put into a separate GPO Get the standard out there as soon as possible, be ready to adjust

Set user expectations Raise level of confidence in new build PR value: “socialize” new standard image Work with regional and departmental support staff Basics of application compatibility fixes Group Policy basics Firewall management: exceptions Gather issues into central repository (ACT) Escalate deployment blockers to Microsoft

Governance board inside the CIO Council for final decisions Need to establish the feedback loop Program Office that will host quarterly builds (a Center of Excellence) Assist agencies with implementation Update to the FDCC settings is imminent

NIST FDCC web site: Send to Microsoft FDCC site: utions/FDCC/get_info.mspx utions/FDCC/get_info.mspx Microsoft blog: FDCC Education/Status LiveMeetings (webcasts) run on a bi-weekly basis Microsoft Program Manager: Ken Page Microsoft Account Manager: TS Mallick

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.