Deriving more value from your Windows investment

Slides:

Advertisements

Similar presentations

Network Access Protection & Network Admission Control March 10, 2005 Teerapol Tuanpusa Network Consultant Cisco Systems Thailand Jirat Boomuang Technology.

Advertisements

5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.

Agenda Introduction Network Access Protection platform architecture

Unleashing the Power of Ubiquitous Connectivity with IPv6 Sandeep K. Singhal, Ph.D Director of Program Management Windows Networking.

Module 3 Windows Server 2008 Branch Office Scenario.

Providing 802.1X Enforcement For Network Access Protection Mudit Goel Development Manager Windows Enterprise Networking Microsoft Corporation.

Network Access Protection Platform Architecture Joseph Davies Technical writer Windows Networking and Device Technologies Microsoft Corporation.

Secure Messaging Nick Hall & James Clifford Microsoft.

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Security and Policy Enforcement Mark Gibson Dave Northey

Sreenivas Addagatla - Development Lead Lambert Green - Test Lead Microsoft Corporation.

Windows Server 2008 Network Access Protection (NAP) Technical Overview.

Smart Card Deployment David Gautrey IT Manager – Microsoft New Zealaand Microsoft Corporation.

Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.

Security of Communication & IT systems Bucharest, 21 st September 2004 Stephen McGibbon Chief Technology Officer, Eastern Europe, Russia & CIS Senior Director,

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.

Clinic Security and Policy Enforcement in Windows Server 2008.

Laptop Survival and Management Help Desk Services Pat Valiquette Mark Miller Campus tools – Fall 2006.

Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.

Damian Leibaschoff Support Escalation Engineer Microsoft Becky Ochs Program Manager Microsoft.

Using Windows Firewall and Windows Defender

Networking Security Chapter 8 powered by dj. Chapter Objectives  Explain various security threats  Monitor security in Windows Vista  Explain basic.

70-411: Administering Windows Server 2012

Asif Jinnah Microsoft IT – United Kingdom. Security Challenges in an ever changing landscape Evolution of Security Controls: Microsoft’s Secure Anywhere.

Troubleshooting Windows Vista Security Chapter 4.

Lecture 15 Page 1 Advanced Network Security Perimeter Defense in Networks: Firewalls Configuration and Management Advanced Network Security Peter Reiher.

TECHNOLOGY GUIDE THREE Protecting Your Information Assets.

Module 7 Planning Server and Network Security. Module Overview Overview of Defense-in-Depth Planning for Windows Firewall with Advanced Security Planning.

Module 9: Designing Network Access Protection. Scenarios for Implementing NAP Verifying the health of: Roaming laptops Desktop computers Visiting laptops.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

The Infrastructure Optimization Journey Kamel Abu Ayash Microsoft Corporation.

Data Security Overview. Data Security Periphery –Firewalls –Web Filtering –Intrusion Detection & Prevention Internal –Virus Protection –Anti Spy-ware.

Welcome Windows Server 2008 安全功能 -NAP. Network Access Protection in Windows Server 2008.

Small Business Security Keith Slagle April 24, 2007.

Enabling Secure Always-On Connectivity [Name] Microsoft Corporation.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

May 30 th – 31 st, 2007 Chateau Laurier Ottawa. Securing Your Network – End to End Connectivity Pat Fetty Senior Program Manager Windows Customer Advisory.

May 30 th – 31 st, 2007 Chateau Laurier Ottawa. Getting it Done: Understanding the Security Features of Windows Vista Kai Axford, CISSP, MCSE-Security.

© 2008 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED,

Module 6: Network Policies and Access Protection.

Delivering Assured Services John Weigelt National Technology Officer Microsoft Canada.

Module 5: Network Policies and Access Protection

Securing Tomorrow’s World Microsoft Security Roadmap Ed Gibson & Steve Lamb Microsoft Ltd.

Asif Jinnah Field Desktop Services Enabling a Flexible Workforce, an insider’s view.

Provided Under NDA - Secure Access to Corporate Resources.

Windows Vista Configuration MCTS : Network Security.

Network and Server Basics. Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server network.

Click to edit Master title style TechNet goes virtual ©2009 Microsoft Corporation. All Rights Reserved. TechNet goes virtual NAP and NPS in Windows Server.

Protecting Servers and Clients

D-Link Wireless AP with NAP 802.1x solution

Secure Connected Infrastructure

TECHNOLOGY GUIDE THREE

Implementing Network Access Protection

Modernizing your Remote Access

Security Insights: How Microsoft Secures IT

Forefront Security ISA

Protecting Servers and Clients

Cybersecurity Strategy

Information Security Session October 24, 2005

Check Point Connectra NGX R60

{ Security Technologies}

Implementing Client Security on Windows 2000 and Windows XP Level 150

Security and identity (Network Access Protection, Parental Controls)

NAP / PWG Discussion August 17, 2009.

In the attack index…what number is your Company?

Using Software Restriction Policies

SBS 2008 – One year on David Overton

Implementing Advanced Server and Client Security

Security Insights: Secure Messaging

Presentation transcript:

Deriving more value from your Windows investment Security for Free Deriving more value from your Windows investment Steve Lamb & Sandeep Modhvadia Microsoft

Stop Worms, Viruses, Rootkits and Spyware DEAD Use least privilege Accept that networks are transient Turn off unwanted features Authenticate users and systems Segment your networks Authenticate and Encrypt Wireless Networks Get a sensible policy Get buy-in from Senior Management Raise Security Awareness

The Story of Bob and Jim Bob is a ‘stupid’ end user Bob doesn’t care or want security as it is obtrusive Jim is an over-worked, under-budgeted IT head Jim needs to secure the network, but doesn’t have the funds to buy a lot of new software or hardware

The Needs of a Roaming User Needs a secure laptop baseline Access to internal resources Demands a good experience Risk of data theft/loss Strong proof of identity Secure web browsing

Demo VPN Quarantine Internet Explorer 7 Phishing Filter

The Technology that Delivers VPN Quarantine Encrypting File System (EFS) BitLocker Full Volume Encryption & Secure Startup Windows Defender Internet Explorer 7 Phishing Filter Smart Card Authentication

Securing the Internal Work Force Protect everyone, from everyone else Secure wireless provisioning Secure e-mail

Network Access Protection Walk-through Corporate Network Restricted Network Remediation Servers System Health Servers Here you go. Can I have updates? Ongoing policy updates to Network Policy Server May I have access? Here’s my current health status. Requesting access. Here’s my new health status. Should this client be restricted based on its health? This is a build of Network Access Protection in action (DHCP/VPN example). Health policy is set by the IT administrator. It is asynchronously plumbed by the system health servers to the Network Policy Server (NPS). The NPS server keeps a health cache at any given time. The client tries to come in and requests network access. It passes across its statement of health (SoH). The Network Access Device ships this information over to the Network Policy Server (NPS). NPS compares it to what’s in cache and makes certain determinations. If the SoH doesn’t meet health policy, the Network Policy Server (NPS) tells the Network Access Device to restrict the client. The client could be put in a VLAN or separate subnet. The Network Policy Server (NPS) also tells the Network Access Device what the client needs to be healthy. The NAP system information passed to the client by the NAP platform tells it how to access the fix up servers. The client contacts the fix-up server and requests update(s). Once updated, the client then presents a new SoH to the Network Access Device. This time, the health declarations match policy so the client gains full access to network resources. The SoH is re-used to continue to access network resources until the policy is updated. The cycle continues to go to provide ongoing assessment and protection. When the client requests network access presenting an up-to-date SoH that matches policy, the client is granted immediate access to the network. Changes to policy may dynamically trigger the scan and remediate process. According to policy, the client is up to date. Grant access. According to policy, the client is not up to date. Quarantine client, request it to update. You are given restricted access until fix-up. Client Network Access Device (DHCP, VPN) Network Policy Server Client is granted access to full intranet.

Demo Secure Email

The Technology that Delivers IPSec Server/Domain Isolation Network Access Protection (NAP) Internet Authentication Server (RADIUS) Windows Firewall

The Challenges of Management Server Lockdown Client Lockdown Roles based system Update Management

Demo Security Configuration Wizard Group Policy/SRP Lockdown

The Technology that Delivers Security Configuration Wizard Group Policy Software Restriction Policies Windows Server Update Services (WSUS)

Summary User security: Windows delivers protection from malware and provides the Windows firewall for protection of user devices Mobile security: Quarantine of infected machines, secure connectivity and authentication, data protection Security management: Security update services, system lockdown

Resources The latest news on Microsoft security: www.microsoft.com/uk/security Read and contribute to our blogs: http://blogs.technet.com/sandeep/default.aspx http://blogs.technet.com/steve_lamb/default.aspx IH

www.microsoft.com/uk/security www.microsoft.com/uk/technet/learning © 2006 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.