400 likes | 544 Views
What you can expect Today. Our current thinking on Scenarios
E N D
1. Securing Your Data with Microsoft Technologies Mike Smith-Lonergan
Sr. Technical Program Manager
Microsoft Corporation
MIKESL@microsoft.com TechEd 2006 - Securing your Data with Microsoft Technologies
EFS, RMS, Full Volume Encryption, SQL 2005 - lots of encryption for overlapping sets of data. Which do you use, when and why? This talk will help you understand the common security basis for all these technologies, and then discuss the different threats for which each is and isn't suitable. Next we'll examine the best configuration settings to get the maximum security benefit for your organization, and finally look at current security attack scenarios and which security technologies will actually help protect your data against such attacks.TechEd 2006 - Securing your Data with Microsoft Technologies
EFS, RMS, Full Volume Encryption, SQL 2005 - lots of encryption for overlapping sets of data. Which do you use, when and why? This talk will help you understand the common security basis for all these technologies, and then discuss the different threats for which each is and isn't suitable. Next we'll examine the best configuration settings to get the maximum security benefit for your organization, and finally look at current security attack scenarios and which security technologies will actually help protect your data against such attacks.
2. What you can expect Today Our current thinking on Scenarios & Solutions
What technologies to use where and why
60 minutes for discussion & quick demo
15 minutes for questions at the end
3. Why Am I Talking To You About This? When should I use X?
EFS, RMS, S/MIME, BDE, XPS, CAPI, CAPICOM, CAPI-NG, WS-Sec, Smart Cards
What is the right encryption to use?
Give me a strategic direction Plus all the supporting technologies:
CSPs, password hashing (LM, NTLM), cached password verifiers, SYSKEY, DPAPI, managed DPAPI classesPlus all the supporting technologies:
CSPs, password hashing (LM, NTLM), cached password verifiers, SYSKEY, DPAPI, managed DPAPI classes
4. Where is your Data Stored? Q: Where is your biggest security exposure?
Trick question! Statistics on where the most data is stored in the least-well-protected systems
Clients (notebooks, desktops)
Servers (branch office, data center)
removable storage (flash, USB, DVD-RW)
Mobile devices (phone, PDA, UMPC)
Managing risk = focus attention on greatest exposures first dont try to solve problem all at once
Server roles: F&P, email, docman/collab, RDBMS, SAN, HSM
Statistics on where the most data is stored in the least-well-protected systems
Clients (notebooks, desktops)
Servers (branch office, data center)
removable storage (flash, USB, DVD-RW)
Mobile devices (phone, PDA, UMPC)
Managing risk = focus attention on greatest exposures first dont try to solve problem all at once
Server roles: F&P, email, docman/collab, RDBMS, SAN, HSM
5. Clients Documents
Where do your users keep their documents?
User Profile
Outlook, Sharepoint, Desktop, Temp
per-machine data
Search index, file cache Documents - it may sound simple but in reality, many orgs have different standard locations for users docs
-root folder, redirect to server , Separate partition,
-plus all the app-specific data locations (e.g. desktop search, MSDE/Access)Documents - it may sound simple but in reality, many orgs have different standard locations for users docs
-root folder, redirect to server , Separate partition,
-plus all the app-specific data locations (e.g. desktop search, MSDE/Access)
6. Servers File Shares
Collaboration store (e.g. Sharepoint)
RDBMS (e.g. SQL)
Mail (e.g. Exchange)
SAN
HSM
Enterprise backup
Where ISNT Data stored?
7. Big Picture
8. What Technologies Can Be Used? ACLs
Rights Management (eek!)
Role-based Access
System encryption
Application encryption
9. ACLs Classic approach
Configuring:
Windows Explorer, cacls.exe
Group Policy/Secedit
NEW! .NET Framework 2.0 (SDDL)
Good: protect against online/remote attackers
Bad: protecting against local Admins
Ugly: protecting against offline attacks
10. ACLs example: File server Uses AD, Group Policy, Windows client
Goal: users cannot see each others files
Server shares folder \\Server\Home
Share permissions = Users: Change
Folder root permissions allow:
Users: Traverse folder, List folder, Create folders, Read (This folder only)
Creator/owner: Change (Subfolders and files only)
Result:
User creates new folder
Can do anything they want with that folder
No other user can see inside that folder
11. Rights Management The ACL goes wherever the document goes
Combines encryption with policy enforcement
Good: protecting against offline, online attacks
Bad: protecting against Super Users
Ugly: protecting against Active Directory admins
12. Roles-based access (RBAC) Idealized approach
Must combine with other tech
ACLs
Encryption
Rights Management
App-specific authorization (e.g. SQL, Exchange)
Issues:
Every Windows app has a different approach
Still no better against offline attacks
13. RBAC scenario: rights management Leverage Active Directory, RMS, Office
Assign users to groups (roles) in AD
RMS Templates assign rights to groups
Use RMS-enabled app (e.g. Office) to assign rights via templates
RMS server and client grant limited access to documents
15. System encryption Encrypt each file = Encrypting File System (EFS)
Encrypt each sector = BitLocker Drive Encryption (BDE)
Good: protect against offline attack
Bad: doesnt protect against user error
Ugly: doesnt protect between systems
16. (BitLocker Data Encryption)
(Encrypting File System)
(Rights Management Services) BDE, EFS & RMS
17. Application Encryption Leverage each apps data protection approach
Every app has its own approach, e.g. Outlook S/MIME, SQL Server, Office, Winzip
Good: theres encryption
Bad: hard to manage
Ugly: brutal to manage across the enterprise
18. App example: SQL 2005 SQL 2005 uses DPAPI
Comparable to EFS
Multiple layers of keys
Partition access
Encrypt instances, databases, tables with separate keys
Leverage HSM @ server level
Advantages: keys managed with data, max perf, uses system libraries
Disadvantages: Server & DB Ops can get keys
19. Scenarios Loss or Theft of PC
aka notebook in taxi
Reduced data leaks
aka whoopsie
Server-side encryption
aka untrustworthy Admins
End-to-end encryption
aka regulatory compliance These are the most common These are the most common
20. (1) Loss or Theft of PC Threat: Attackers with infinite time, many tools, well-documented attack techniques
Goal: mitigate the risk of Data exposure
Reduce the risk, NOT eliminate
Good
Application Encryption
Better
Minimize the stored data
System Encryption
Don't bother with ACLs, RBAC, DRM
21. (1) Loss or Theft of PC EFS
Mitigates offline attacks except against user account
Prevents online attacks (on encrypted files)
Threats focus on users password
BitLocker with TPM or USB (Vista)
Prevents offline attacks (replace passwords, copy hashes, change system files)
Threats focus on user logons
Ideal: BitLocker with TPM + EFS with Smart Card (Vista)
Attacker with notebook + Smart Card needs PIN (not password)
After x bad tries, Smart Card locked FOREVER
22. (1) Loss or Theft of PC Reality check: Windows XP today
Attack focus: user passwords, cleartext data
Tactics:
Better passwords/phrases
Encrypt significant sets of data
EFS for Documents, email, desktop, TIF, server caches
Smartcard logon per-PC
Residual risk: pagefile fragments, hiberfile, cached logon verifiers Hey Mike, are you dreaming? We arent running Vista in our organizations.
Better passwords = longer passphrases then ditch the complexity
Per-PC smartcard logon XPSP2 Group Policy aka Interactive logon: require smart card
If you believe every person that finds a lost laptop from your org is an uber-hacker just waiting to find some secrets company documents, well then maybe you work for Microsoft. ?
Hiberfile encrypted in XPSP2Hey Mike, are you dreaming? We arent running Vista in our organizations.
Better passwords = longer passphrases then ditch the complexity
Per-PC smartcard logon XPSP2 Group Policy aka Interactive logon: require smart card
If you believe every person that finds a lost laptop from your org is an uber-hacker just waiting to find some secrets company documents, well then maybe you work for Microsoft. ?
Hiberfile encrypted in XPSP2
23. (2) Reduced data leaks Threat: Authorized users with legit access giving data to others
Goal: mitigate the risk of spread of data
Reduce, NOT eliminate
Good
ACLs, Role-based Access
Better
DRM, Application encryption
Don't bother with System encryption
24. (2) Reduced data leaks ACL shared files on servers with RBAC groups
Prevents users from granting each other permissions
Leverage a rights management technology
Reduces the amount of unprotected files
Ideal: RM automatically assigned (RMS partners)
Enforces RM protection according to pre-defined business rules
Bonus: encryption on physical media
Bonus: removable media policy (Vista) Bonus: encryption on physical media reduces the risk of accidentally left-behind CDs, USB drives, etc. allowing malicious people to find sensitive data on devices that become separated from the computer.Bonus: encryption on physical media reduces the risk of accidentally left-behind CDs, USB drives, etc. allowing malicious people to find sensitive data on devices that become separated from the computer.
25. (2) Reduced data leaks Reality check: user-initiated RMS is unreliable
Risk focus: leaks to outsiders
Tactics:
do not forward emails from execs, legal, R&D
RMS automation on servers (future)
Converting AD roles to security-enabled Distribution Groups
Experiment with WinFX, Print-to-XPS
26. (3) Server-Side Encryption Threat: some Admins have or grant themselves access with no oversight or detection
Goal: mitigate the risk of widespread leaks
Reduce, NOT eliminate
Good
Role-based Access
Better
System encryption, Application encryption, ERM
Don't Bother with ACLs
27. (3) Server-Side Encryption Roles-based access on all servers (and clients)
Prevents Admins from unaudited access to data
EFS, BitLocker, RMS with central keys managed elsewhere
Reduces opportunity for quick access to protected data
Threats switch to impersonating users
Bonus: audit for Object Access (Take Ownership, Change Permissions), Policy Change, System Events
Bonus: role-separated audit collection
28. (4) End-to-end encryption Challenges
Approaches
Futures
29. (4) End to End: Challenges Lack of product integration
Key management
Keep keys close to data (performance, portability)?
Keep keys far from data (security, administration)?
Cross-platform issues
Managing transitions between systems, applications and organizations
30. (4) End to End: Approaches Standard algorithms
Third-party products
Best-fit solutions
Mitigate greatest exposures first Best-fit solutions are also known as point solutions or as good as you can get for now.Best-fit solutions are also known as point solutions or as good as you can get for now.
31. (4) End to End: Futures information protection platform
Possibly integrate EFS, RMS, NGSCB
WS-Sec (and other standards)
.NET Framework 3.0 (WinFX)
IPv6
32. Beyond Microsoft technologies Pervasive hardware-integrated crypto
ISV encryption
ISV rights management
Smart cards
other multi-factor access control
33. Calls to Action Fill out the Survey Please!
Give me specific feedback:
Guidance you need for Protecting Data with Microsoft technologies
What bugs you about the current product stack
Send me email: MIKESL@microsoft.com
When you get home
IT: Plan your AD schema upgrade!
Dev: Download WinFX
34. Want More of Us? Breakout Session: Regulatory Compliance
SEC211 with Bill Canning
WED 8:30am
CIS or Security Booth in TLC Red
TechEd Connect
AND
Focus Group: Data Protection (drop me a business card)
35. Resources
38. Sample IRM UI if needed or if demos not possibleSample IRM UI if needed or if demos not possible
39. Sample IRM UI if needed or if demos not possibleSample IRM UI if needed or if demos not possible
40. Safeguarding Confidential Data
41. RMS at MicrosoftExample of RMS Templates Corporate RMS templates available from the Permission menu of Outlook, Word, PowerPoint, and Excel