Presentation is loading. Please wait.

Presentation is loading. Please wait.

Optimizing Client Security by Using Windows Vista.

Similar presentations


Presentation on theme: "Optimizing Client Security by Using Windows Vista."— Presentation transcript:

1 Optimizing Client Security by Using Windows Vista

2 Agenda Introduction of Microsoft IT Common Security Attacks Windows VISTA Security Consideration for Line of Business Applications Network Access Protection Drive Down Enterprise Costs With Windows Vista, SMS And MOM Q&A

3 340,000+ computers 121,000 end users 98 countries 441 buildings 15,000 Windows Vista–based clients 25,000 Office 2007 clients 5,700 Exchange 12 mailboxes 31 “Longhorn”– based servers 46 million+ remote connections per month 189,000+ SharePoint sites 4 data centers 8,400 production servers E-mail messages per day: 3.3 million+ internal 10 million incoming 9 million filtered out 33 million IMs per month 120,000+ e-mail server accounts Microsoft IT Environment

4 Common Security Attack Windows VISTA Security Built more secure from the ground up Enhanced protection from intrusions and malware Helps guard confidential data from theft or misuse Integrated security management and improved ability to manage remotely Sophisticated auditing, tracking, and data management features to support internal compliance MaliciousSoftware Wireless Compliance Phishing Social Engineering ARP, DoS, DDoS Mobile Users

5 BitLocket Drive Encryption Reduce Security Risks and Threats Enhancing Information Protection and Regulatory Compliance BitLocker Drive Encryption

6 MS IT System Build and Process

7 MS IT System and Build Process

8 Recovery Options BitLocker™ setup will automatically escrow keys and passwords into AD Centralized storage/management keys (EA SKU) Setup may also try (based on policy) to backup keys and passwords onto a USB dongle or to a file location Default for non-domain-joined users Exploring options for web service-based key escrow Recovery password known by the user/administrator Recovery can occur “in the field” Windows operation can continue as normal

9 Social Engineering Protections Phishing Filter and Colored Address Bar Dangerous Settings Notification Secure defaults for IDN Protection from Exploits Protected Mode to prevent malicious software Code quality improvements (SDLC) ActiveX Opt-in Unified URL Parsing Internet Explorer 7

10 ActiveX Opt-in And Protected Mode Defending systems from malicious attack ActiveX Opt-in puts users in control Reduces attack surface Previously unused controls disabled Retain ActiveX benefits, increase user security Protected Mode reduces severity of threats Eliminates silent malware install IE process ‘sandboxed’ to protect OS Designed for security and compatibility ActiveX Opt-in Enabled Controls Windows Disabled Controls User Action Protected Mode User Action IE Cache My Computer (C:) Broker Process Low Rights

11 Windows Security Center ● Improved Detection and Removal ● Redesigned and Simplified User Interface ● Protection for all users ● Combined firewall and IPsec management ● New management tools – Windows Firewall with Advanced Security MMC snap-in ● Reduces conflicts and coordination overhead between technologies ● Firewall rules become more intelligent ● Specify security requirements such as authentication and encryption ● Specify Active Directory computer or user groups ● Outbound filtering ● Enterprise management feature ● Simplified protection policy reduces management overhead

12 User Account Control A Better Managed Desktop Make the system work well for standard users Allow standard users to change time zone and power management settings, add printers, and connect to secure wireless networks Allow elevation to administrator without logging off Support high application compatibility with file/registry virtualization Full privilege for administrative tasks only User provides consent before using elevated privileges Use of the shield icon Indicates tasks requiring elevation Has only one state Does not remember elevated state

13 Considerations for Line-of-Business Applications Require the user to be an administrator only when it is absolutely necessary File and registry virtualization ACT 5.0 UAC is enabled throughout the environment and maintained centrally through Group Policy

14 Group Policy User Account Control settings Behavior on elevation for administrators and users No prompt Prompt for consent Prompt for credentials Elevate on application installs Virtualized file and registry write failures New Group Policy settings Windows Defender Device installation control Wireless and wired service configuration Enhanced Internet Explorer security configuration Removable storage device Group Policy settings

15 Network Access Protection 1 RestrictedNetwork MSFTNetwork Policy Server 3 Policy Servers e.g. MSFT Security Center, SMS, Antigen or 3 rd party Policy compliant DHCP, VPN Switch/Router 2 Windows Vista Client Fix Up Servers e.g. MSFT WSUS, SMS & 3 rd party Corporate Network 5 Not policy compliant 4 Enhanced Security All communications are authenticated, authorized & healthy Defense-in-depth on your terms with DHCP, VPN, IPsec, 802.1X Policy-based access that IT Pros can set and control Increased Business Value Preserves user productivity Extends existing investments in Microsoft and 3rd party infrastructure Broad industry partnership Benefits

16 Drive Down Enterprise Costs With Windows Vista, SMS And MOM Security Management SMS client remediation for NAP scenarios Delivering software to standard users (UAC) via SMS Deployment And Updating Common image format (WIM) for Windows Vista and SMSv4 SMS support for Windows Deployment Services (WDS) Common scanning agent (SMS, WSUS) for updating Management And Monitoring Leveraging common XML schema for event data (MOM) MOM leverages enhanced Watson data

17 For More Information Additional content on Microsoft IT deployments and best practices can be found on http://www.microsoft.com http://www.microsoft.com Microsoft TechNet http://www.microsoft.com/technet/itshowcase http://www.microsoft.com/technet/itshowcase Optimizing Client Security by Using Windows Vista – Technical White Paper http://www.microsoft.com/technet/itsolutions/msit/securi ty/vistasecurity_twp.mspx http://www.microsoft.com/technet/itsolutions/msit/securi ty/vistasecurity_twp.mspx http://www.microsoft.com/technet/itsolutions/msit/securi ty/vistasecurity_twp.mspx Network Access Protection http://www.microsoft.com/nap http://www.microsoft.com/nap BitLocker Drive Encryption http://www.microsoft.com/technet/windowsvista/security/bi ttech.mspx http://www.microsoft.com/technet/windowsvista/security/bi ttech.mspx http://www.microsoft.com/technet/windowsvista/security/bi ttech.mspx

18 This document is provided for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2006 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. Microsoft, Excel, Internet Explorer, Outlook, PowerPoint, SharePoint, Windows, Windows Server, and Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.


Download ppt "Optimizing Client Security by Using Windows Vista."

Similar presentations


Ads by Google