Future of the Server Room Tour

Future of Your Server Room Three Pillars of Windows Server 2008 Virtualization Today and Tomorrow Take Control of Your Network Bring Security to the Forefront Ottawa Montreal Calgary Vancouver Toronto

Security Challenges Security is still a key priority 73% of IT Pro’s fear losing their job due to security breach* 65% of attacks are initiated internally** Multiple servers, multiple different AV tools; different AV tool, different management tool Out of date AV definitions open the door to possible threats Management and monitoring of client security Ottawa Montreal Calgary Vancouver Toronto * King Research 2007 ** Gartner Report 2006

Defence In-Depth Ottawa Montreal Calgary Vancouver Toronto Policies, Procedures, & Awareness Physical Security Using a layered approach: Increases an attacker’s risk of detection Reduces an attacker’s chance of success OS hardening, authentication, patch management Firewalls, Network Access Quarantine Control Application hardening, antivirus ACLs, encryption, EFS Security documents, user education Perimeter Internal Network Host Application Data Guards, locks, tracking devices Network segments, IPSec, NIDS

3 Dimensions of Client Security Ottawa Montreal Calgary Vancouver Toronto User Account Control IE7 with Protected Mode Randomize Address Space Layout Advanced Desktop Firewall Kernel Patch Protection (64bit) Unified Virus & Spyware Protection Central Management Reporting, Alerting and State Assessment Infrastructure Software Integration Policy Based Network Segmentation Restrict-To-Trusted Net Communications Server and Domain Isolation (SD&I) Combined Solution Windows Vista™ Forefront™ Client Security

BitLocker Protects data when it is at rest Available in Vista and Server 2008 Provides for cost effective decommissioning Capable of almost instant disk sanitation Significantly reduces cost of PC asset decommissioning Ottawa Montreal Calgary Vancouver Toronto

Network Access Requests Not Compliant Policy Compliant How NAP Works Corporate Network Restricted Network Windows Client Network Access Devices NPS Active Directory Remediation Servers Health Statements QA SHA EC QS SHV Ottawa Montreal Calgary Vancouver Toronto

Demo DHCP Based NAP

Security Landscape Ottawa Montreal Calgary Vancouver Toronto

ForeFront Server Security Centralized management of all the ForeFront Security tools Content filtering for SharePoint Spam protection for Exchange 2007 Rapid updating of AV engines Multiple engines to better protect your servers and clients Ottawa Montreal Calgary Vancouver Toronto

Multiple Engine Advantage Rapid response to new threats Fail-safe protection through redundancy Diversity of anti- virus engines and heuristics Small footprint on servers Response Time (hours) Forefront Set 1 Forefront Set 2 Forefront Set 3 Vendor A Vendor B Vendor C Spybot!04C Nugache.a Numuen.F Numuen.H Numuen.G Rbot!E , Bagle.EG Feebs.EU Virut.A 0.0 1,317.0 > 24 hrs 4 to 24 hrs < 4 hrs 1 AVTest.org, 2006 Ottawa Montreal Calgary Vancouver Toronto

Unified malware protection for business desktop computers, mobile computers, and server operating systems that is easier to manage and control One solution for spyware and virus protection Built on protection technology used by millions worldwide Effective threat response Complements other Microsoft security products One console for simplified security administration Define policy to manage client protection agent settings Deploy signatures and software faster Integrates with your existing infrastructure One dashboard for visibility into threats and vulnerabilities View insightful reports Stay informed with state assessment scans and security alerts Client Security Ottawa Montreal Calgary Vancouver Toronto

FCS Architecture Ottawa Montreal Calgary Vancouver Toronto November

ForeFront Update Distribution WSUS WSUS helper (if WSUS 2.0) Force WSUS 2.0 to sync up with Microsoft Update hourly Auto-approval rules for FCS definition updates Subscribe to FCS product category and definition update classification Failover to Microsoft Update Ottawa Montreal Calgary Vancouver Toronto

ForeFront Client Policies FCS policy manages the following Antimalware and Security State Assessment scan settings Signature override settings Alert levels and reporting Advanced settings Signature check frequency Path and file extension exclusions Client UI options Ottawa Montreal Calgary Vancouver Toronto

Demo FCS Administration

Deploying Policies via File Ability to deploy and report on a policy distributed outside of Group Policy Exports the policy to a.reg file Import on the client using the included “FCSLocalPolicyTool.exe” Q: Why can’t I just double-click the.reg file and import? A1: Service is listening for an update via GP, and this won’t raise the proper event – policy won’t be picked up until you stop/start the service A2: The tool creates the proper LGPO object, which is the prescribed method to update policy Can be used to distribute policy to non-AD machines (via scripts or other distribution tool) Ottawa Montreal Calgary Vancouver Toronto

Demo Deploying FCS

ForeFront Reporting Ottawa Montreal Calgary Vancouver Toronto Security Summary Alert SummaryThreat Summary State Assessment Deployment Summary

Ottawa Montreal Calgary Vancouver Toronto Visibility Is my environment compliant with outlined policies? Have I been exposed to and potential security threats? Are any of my clients or servers at risk?

Guidance Developer Tools Systems Management Active Directory Federation Services (ADFS) Identity Management Services Information Protection Encrypting File System (EFS) BitLocker™ Network Access Protection (NAP) Client and Server OS Server Applications Edge Ottawa Montreal Calgary Vancouver Toronto Putting the Puzzle Together

Key Points So Far.... Ottawa Montreal Calgary Vancouver Toronto Mitigate internal threats NAP/NPS to determine health of PCs Defence Deploy policies with or without AD Report on the state of AV In Centralize management MOM 2005 Built in Depth

Today’s Highlights Ottawa Montreal Calgary Vancouver Toronto More Control Greater Flexibility Increased Security Three Pillars Licensing Changes Familiar management tools Virtualization Monitor – not just Microsoft products Report – State of network, security auditing Act – Be proactive about maintenance Management Defence In Depth Mitigate internal threats Leverage FCS reporting to determine state of network Security

Resources Microsoft.ca/technet/fosr/resources Blogs.technet.com/canitpro Blogs.technet.com/cdnitmanagers Ottawa Montreal Calgary Vancouver Toronto

Thanks! Please Submit Your Evaluations! 9 is good, 1 is bad! Please tell us how we can do better!

Winners! Ottawa Montreal Calgary Vancouver Toronto

Questions

Ottawa Montreal Calgary Vancouver Toronto © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.