Secure Connected Infrastructure

Slides:

Advertisements

Similar presentations

Security Features in Microsoft® Windows® XP James Noyce, Senior Consultant Security Solutions Team, Business Critical Services Microsoft Security Solutions,

Advertisements

©2006 Microsoft Corporation. All rights reserved. Windows Vista Security Tidbits Steve Riley Senior Security Strategist Microsoft Corporation

Extending ForeFront beyond the limit TMGUAG ISAIAG AG Security Suite.

Access Control Methodologies

Grid Security. Typical Grid Scenario Users Resources.

Active Directory: Final Solution to Enterprise System Integration

Understanding Active Directory

Security and Policy Enforcement Mark Gibson Dave Northey

Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,

Introduction To Windows NT ® Server And Internet Information Server.

Identity and Access Management

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Understanding Active Directory

Chapter 7 WORKING WITH GROUPS.

Identity and Access Management Business Ready Security Solutions.

May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd

Introduction to Active Directory December 10th, pm Daniels 407.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory Chapter 9: Active Directory Authentication and Security.

Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.

CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+

Deploying PKI Inside Microsoft The experience of Microsoft in deploying its own corporate PKI Published: December 2003.

Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.

Designing Active Directory for Security

Security Planning and Administrative Delegation Lesson 6.

Module 11: Remote Access Fundamentals

8.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 8: Planning.

September 18, 2002 Windows 2000 Server Active Directory By Jerry Haggard.

Module 5 Configuring Authentication. Module Overview Lesson 1: Understanding Classic SharePoint Authentication Providers Lesson 2: Understanding Federated.

Simplify and Strengthen Security with Oracle Application Server Allan L Haensgen Senior Principal Instructor Oracle Corporation Session id:

© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.

Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.

Identity Solution in Baltic Theory and Practice Viktors Kozlovs Infrastructure Consultant Microsoft Latvia.

Planning a Microsoft Windows 2000 Administrative Structure Designing default administrative group membership Designing custom administrative groups local.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

Secure Networking Windows 2000 Distributed Security Services Sandeep Joshi Group 4.

Module 2: Introducing Windows 2000 Security. Overview Introducing Security Features in Active Directory Authenticating User Accounts Securing Access to.

Federico Guerrini IDA TSP, EMEA Incubation Team From Identity Synchronization to Identity Management.

OVERVIEW OF ACTIVE DIRECTORY

1 Active Directory Service in Windows 2000 Li Yang SID: November 2000.

Be Microsoft’s first and best customer Enabling world-class and predictable customer, client, and partner experience Protecting Microsoft’s physical and.

Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.

4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.

Secure Data Access with SQL Server 2005 Doug Rees Associate Technologist, CM Group

Secure Network Connectivity Claus Jespersen Solution Architect (the new) HP

Asif Jinnah Field Desktop Services Enabling a Flexible Workforce, an insider’s view.

Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.

Windows Active Directory – What is it? Definition - Active Directory is a centralized and standardized system that automates network management of user.

Authentication, Authorization and Accounting Lesson 2.

Identity and Access Management

Basharat Institute of Higher Education

Module 9: Configuring Network Access

Active Directory Fundamentals

Forefront Security ISA

SharePoint Online Management and Control

Unit 7 NT1330 Client-Server Networking II Date: 7/26/2016

Office 365 Identity Management

Windows Server 2008 Administration

Managing Digital Identity

NAAS 2.0 Features and Enhancements

Goals Introduce the Windows Server 2003 family of operating systems

Access and Information Protection Product Overview October 2013

Identity Infrastructure Fundamentals and Key Capabilities

Public Key Infrastructure from the Most Trusted Name in e-Security

Office 365 Identity Management

Implementing Client Security on Windows 2000 and Windows XP Level 150

Security Planning and Administrative Delegation

Microsoft Virtual Academy

Presentation transcript:

Secure Connected Infrastructure Identity Management Allan Hvass Senior Consultant Microsoft Services

Identity Management Challenges Directories everywhere Too many passwords Passwords are weak Unmanageable security Allowing some outsiders access Reduce costs through directory integration Increase productivity with single sign-on Reduce risk through strong authentication Strengthen security with centralized management Extend the trust model

Secure Connected Infrastructure Secure Network Connectivity Secure Internet connectivity (MSA & ISA) Secure remote access (VPN, IAS) Secure wireless networks (PKI + 802.1x) Integrated Solution for Identity Management Directory Services (AD & MMS) Authentication (PKI, Kerberos, Passport) Authorization (ACLs, Roles, Federation) Policy based management (GP, and GPMC) Comprehensive Security Management & Operations Tools (MBSA, MSUS) Guidance (MOC, PAGs, Security Best Practices) Services (MSQS, PSS, & professional services)

Active Directory Common store for identity management Wireless LAN VPN Gateway Exchange SQL Server File Sharing LAN UNIX App Common store for identity management Application and NOS identities Repository for security principles Integrated policy-based management Scales to the Internet Web Services Active Directory Identity Repository

Flexible Authentication Mechanisms Authenticate Internet Smart Card X.509 / SSL Password Biometrics Active Directory Windows 2000 Server Applications Computers Devices Files People Credentials Many other authentication options than passwords

Authentication Services Wireless LAN VPN Gateway Exchange SQL Server File Sharing LAN UNIX App Integrated Security Services Kerberos Authentication & Authorization Integrated PKI for authentication and encryption Interoperable with UNIX via Kerberos & SFU Interoperable with mainframes via HIS Interoperable with Netware via SFN Web Services Active Directory

Options for Single Sign-on Single Sign-on Experience True SSO Single Identity Multiple Identities MMS can help keeping multiple directories synchronized, easing the authorization process Central Authentication Distributed Authentication Password Synchronization Client Managed Strategy Short Lived Long Lived Server Side Client Side Examples NTLM Kerberos Passport Certificates SfN SfU (pSync, NIS) HIS Credential Manager (XP) Extend to multiple directories with trusts

Directory Integration and Synchronization Wireless LAN VPN Gateway Exchange SQL Server File Sharing UNIX Application LAN Web Services Microsoft Metadirectory Server: Reduces the cost of managing ids Simplifies directory synchronization Automates user account provisioning Active Directory Non-AD Directory Active Directory

Windows 2000 Authorization Owners manage resources Access control lists (ACLs) Granular permissions & scope, Inheritance Admins manage users Groups Indirection & nesting simplify ACL management Privileges System-wide operational permissions System enforces access control Impersonation & delegation

Integrated Management Delegate Management Tasks to Office Admins Policy: Use Standard Security Template Company Users Machines Applications Marketing Extranet Devices Restrict Access to Color Printer Must Use Smart Card Integration with Active Directory provides a central consistent place to manage user and resource security

Active Directory Security Administration Forcing security settings to all users and systems with group policies Delegation of administration Grant permissions at organizational unit (OU) level Who creates OUs, users, groups, etc. Fine-grain access control Grant or deny permissions on per-property level, or a group of properties

.NET Server Improvements Directory Services Kerberos transitive trusts with constraining PKI cross-certification and qualified subordination Metadirectory Services optimized for multiple forests Authentication Passport authentication Smart Cards improvements Protocol transition Delegation improvements Authorization Authorization Manager (roles, tasks, rules, scope) Management Group Policy Management Console

Identity Management Challenges Directories everywhere Too many passwords Passwords are weak Unmanageable security Allowing some outsiders access Metadirectory Services, Authorization Manager AD (Kerberos, PKI), SfU, SfN, HIS, CredMan Smart Cards, Biometrics, AD policies Group Policies, AD delegation, GPMC Certificate or Passport based web client login

© 2001 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.