{ Security Technologies}

Slides:

Advertisements

Similar presentations

Service Manager for MSPs

Advertisements

Ljubomir Ivaniš CPU d.o.o.

Chapter 10 Securing Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Unleashing the Power of Ubiquitous Connectivity with IPv6 Sandeep K. Singhal, Ph.D Director of Program Management Windows Networking.

Module 3 Windows Server 2008 Branch Office Scenario.

Providing 802.1X Enforcement For Network Access Protection Mudit Goel Development Manager Windows Enterprise Networking Microsoft Corporation.

Network Access Protection Platform Architecture Joseph Davies Technical writer Windows Networking and Device Technologies Microsoft Corporation.

Windows Vista And Longhorn Server PKI Enhancements Avi Ben-Menahem Lead Program Manager Windows Security Microsoft Corporation.

Chapter 7 HARDENING SERVERS.

Security and Policy Enforcement Mark Gibson Dave Northey

Jason Leznek, Group Product Manager, Windows Client Justin Graham, Senior Product Manager, Windows Server.

Vito Konopelec Microsoft Slovakia Building The Optimized Desktop Infrastructure with Windows 7 and Windows Server 2008 R2.

Understanding Active Directory

Security of Communication & IT systems Bucharest, 21 st September 2004 Stephen McGibbon Chief Technology Officer, Eastern Europe, Russia & CIS Senior Director,

Chapter 6 Configuring, Monitoring & Troubleshooting IPsec

Clinic Security and Policy Enforcement in Windows Server 2008.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Securing Windows Servers Using Group Policy Objects

1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.

1. Windows Vista Enterprise And Mid-Market User Scenarios 2. Customer Profiling And Segmentation Tools 3. Windows Vista Business Value And Infrastructure.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.

Asif Jinnah Microsoft IT – United Kingdom. Security Challenges in an ever changing landscape Evolution of Security Controls: Microsoft’s Secure Anywhere.

20411B 8: Installing, Configuring, and Troubleshooting the Network Policy Server Role Presentation: 60 minutes Lab: 60 minutes After completing this module,

Module 9: Configuring IPsec. Module Overview Overview of IPsec Configuring Connection Security Rules Configuring IPsec NAP Enforcement.

Module 11: Remote Access Fundamentals

Module 7 Planning Server and Network Security. Module Overview Overview of Defense-in-Depth Planning for Windows Firewall with Advanced Security Planning.

OFC290 Information Rights Management in Microsoft Office 2003 Lauren Antonoff Group Program Manager.

1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.

Module 8: Planning and Troubleshooting IPSec. Overview Understanding Default Policy Rules Planning an IPSec Deployment Troubleshooting IPSec Communications.

Sudarshan Yadav Sr. Program Manager, Microsoft

Welcome Windows Server 2008 安全功能 -NAP. Network Access Protection in Windows Server 2008.

Terminal Services Technical Overview Olav Tvedt TVEDT.info Microsoft Speaker Community

ISA Server 2004 Introduction Владимир Александров MCT, MCSE, MCSD, MCDBA Корус, Управител

Module 5: Designing Security for Internal Networks.

Yaniv Feldman Senior Infrasec Architect Microsoft Security Regional Director

1 Week #5 Routing and NAT Network Overview Configuring Routing Configuring Network Address Translation Troubleshooting Routing and Remote Access.

Security fundamentals Topic 10 Securing the network perimeter.

Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.

Web Services Security Patterns Alex Mackman CM Group Ltd

© 2008 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED,

Understand Network Isolation Part 2 LESSON 3.3_B Security Fundamentals.

Securing Tomorrow’s World Microsoft Security Roadmap Ed Gibson & Steve Lamb Microsoft Ltd.

Asif Jinnah Field Desktop Services Enabling a Flexible Workforce, an insider’s view.

ASP.NET 2.0 Security Alex Mackman CM Group Ltd

Security Configuration Wizard - how to make your systems only do the things you need them to! Steve Lamb IT Pro Evangelist for Security Technologies

Windows Vista Configuration MCTS : Network Security.

Enabling the Modern Workstyle with Windows 10 & Azure Active Directory Venkatesh Gopalakrishnan 2016 Redmond Summit | Identity Without Boundaries May 25,

Click to edit Master title style TechNet goes virtual ©2009 Microsoft Corporation. All Rights Reserved. TechNet goes virtual NAP and NPS in Windows Server.

Security fundamentals

D-Link Wireless AP with NAP 802.1x solution

Stop Those Prying Eyes Getting to Your Data

Deployment Planning Services

Enabling Secure Internet Access with TMG

Module Overview Installing and Configuring a Network Policy Server

Configuring Windows Firewall with Advanced Security

Implementing Network Access Protection

Configuring and Troubleshooting Routing and Remote Access

Forefront Security ISA

Deriving more value from your Windows investment

11/15/2018 3:42 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

Server-to-Client Remote Access and DirectAccess

{ Small / Branch Offices}

Implementing Client Security on Windows 2000 and Windows XP Level 150

4/9/2019 5:05 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS.

Designing IIS Security (IIS – Internet Information Service)

Security in the Real World – Plenary Day One

Using Software Restriction Policies

SBS 2008 – One year on David Overton

Presentation transcript:

{ Security Technologies} Steve Lamb Technical Security Advisor, Microsoft UK http://blogs.technet.com/steve_lamb Stephen.lamb@microsoft.com

”Effective Security”

Agenda Overview of Windows Server 2008 Security Windows Service Hardening Network Access Protection Read-Only Domain Controllers AD Rights Management Auditing Resources

Windows Server 2008 Security Architecture Network Access Protection Read-Only Domain Controller AD Rights Management Services Auditing

Windows Services Hardening 12/10/2018 1:30 AM Windows Services Hardening U Windows Services are profiled Reduce size of high risk layers Segment the services Increase number of layers K Service … Service 1 Service … Service 2 Service A Service 3 Service B K Kernel Drivers U User-mode Drivers 6

Where is the boundary? ?

Network Access Protection Internet Boundary Zone Employees , Partners, Vendors Intranet Customers Partners Remote Employees

Network Access Protection How It Works Policy Servers e.g.., Patch, AV 1 1 Access requested Health state sent to NPS (RADIUS) NPS validates against health policy If compliant, access granted If not compliant, restricted network access and remediation Microsoft NPS 2 3 Not policy compliant 5 3 2 Remediation Servers e.g., Patch Restricted Network 4 Policy compliant DCHP, VPN Switch/Router Corporate Network 5 4

Read-Only Domain Controller 12/10/2018 1:30 AM Read-Only Domain Controller RODC Main Office Branch Office

AD Rights Management Do NOT Forward Let’s have a look @ my email

How does RMS work? Windows Server running RMS Author using Office SQL Server Active Directory Windows Server running RMS 3 1 4 2 5 3 Author using Office The Recipient

Federated Rights Management 12/10/2018 1:30 AM Federated Rights Management Contoso Adatum AD AD Federation Trust Resource Federation Server Account Federation Server RMS Web SSO

Auditing - Comparison Windows Server 2003 Windows Server 2008

Updated Event Viewer

CLI305 Is EFS Dead? ?

A Quick Review BitLocker

New Windows Firewall Inbound and Outbound Filtering New Management MMC Integrated Firewall and IPsec Policies Rule Configuration on Active Directory Groups and Users Support for IPv4 and IPv6 Advanced Rule Options On by Default (Beta 3)

Server and Domain Isolation Active Directory Domain Controller Corporate Network Server Isolation Trusted Resource Server Servers with Sensitive Data HR Workstation X Unmanaged/Rogue Computer X Managed Computer Managed Computer Untrusted Distribute policies and credentials Define the logical isolation boundaries Enable tiered-access to sensitive resources Block inbound connections from untrusted Managed computers can communicate

Crypto Next Generation (CNG) 12/10/2018 1:30 AM Crypto Next Generation (CNG) Native AES 256 in the Kernel Can plug in new algorithms FIPS 140-2 ©2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Please fill in your Evaluation Form 