340 likes | 473 Views
What’s Next for Microsoft Security ?. Kai Axford, CISSP, MCSE-Security IT Pro Evangelist Microsoft Corporation kaiax@microsoft.com. Malicious Software Removal Tool. What’s Next for Security? Our Security Progress so far ….
E N D
What’s Next for Microsoft Security? Kai Axford, CISSP, MCSE-SecurityIT Pro Evangelist Microsoft Corporation kaiax@microsoft.com
Malicious Software Removal Tool What’s Next for Security?Our Security Progress so far… More than 260 million copies distributed. Enterprise deployment at 61% 15 times less likely to be infected by malware Significantly fewer important & critical vulnerabilities Service Pack 2 Security Configuration Wizard More secure by design; more secure by default More than 4.7 million downloads Service Pack 1 Most popular download in Microsoft history!! Helps protect more than 25 million customers Great feedback from SpyNet participants 2B total executions; 200M per month Focus on most prevalent malware Dramatically reduced the # of Bot infections As of February 2006
What’s Next for Security?So what products is Microsoft working on now? • Windows Vista • Certificate Lifecycle Manager • Secure Messaging with Antigen and FrontBridge • Network Access Protection • ISA Server 2006
Windows services are profiled for allowed actions to the network, file system, and registry Services run with reduced privilege compared to Windows XP Designed to block attempts by malicious software to make a Windows service write to an area of the network, file system, or registry that isn’t part of that service’s profile Windows VistaWindows Service Hardening: Defense in depth Service Hardening File system Registry Active protection Network
Windows VistaInternet Explorer 7.0 Social Engineering Protections Phishing Filter and Colored Address Bar Dangerous Settings Notification Secure defaults for International Domain Names (IDN) Protection From Exploits Unified URL Parsing Code quality improvements (SDL) ActiveX Opt-in Protected Mode to prevent malicious software
Windows VistaUser Account Control (UAC) Challenges • Users with elevated privileges means increased risk • Line of Business (LoB) applications require elevated privileges to run • Common Operating System Configuration tasks require elevated privilege Goal • Allow businesses to move to a better-managed desktop and consumers to use parental controls
Formerly Secure Start-up Designed specifically to prevent a thief who boots another Operating System or runs a hacking tool from breaking Windows file and system protections Provides data protection on your Windows client systems, even when the system is in unauthorized hands or is running a different or exploiting Operating System Uses a v1.2 TPM or USB flash drive for key storage Windows VistaBitLocker™ Drive Encryption BitLocker
1 3 2 BitLocker™Drive In LINUX • Linux Bitlocker volume errors • Fdisk reads partition table... thinks FVE partition is ntfs • wrong fs type, bad option, bad superblock on /dev/sda2, missing codepage or other error • Primary boot sector is invalid, Not an NTFS volumn
Certificate Lifecycle ManagerFunctional overview What is Microsoft Certificate Lifecycle Manager? • Single administration point for digital certificates and smart cards • Configurable policy-based workflows for common tasks (enroll, renew, revoke, etc.) • Detailed auditing and reporting • Support for both centralized and self-service scenarios • Integration with existing infrastructure
Certificate Lifecycle ManagerArchitectural overview Certificate Lifecycle ManagerArchitectural Overview Physical Architecture Server Side - • Certificate Lifecycle Manager • Windows Server 2003 Certificate Services Add-on • SQL Server 2000 SP3 • Email/SMTP service Client Side- • Certificate Lifecycle Manager Client • Bulk Smart Card Issuance Tool E-mail SQL AD Microsoft CAs MicrosoftCertificate Lifecycle Manager End User
Managed Services On-Premise Software DMZ Internet Corporate Network External Firewall Internal Firewall Authentication and Authorization FrontBridge E-mail Filtering Services Antigen for SMTP Gateways Advanced Spam Manager Antigen for Exchange ISA Server Microsoft Secure MessagingMulti-Layer Secure Messaging
Active Message Continuity E-mail Filtering Message Archive Secure E-mail FrontBridgeE-mail Complexity Requires Flexibility • Layered anti-spam • Multi-engine anti-virus • Customized content and policy enforcement • Real-time attack prevention Interception-based message archiving Customized report generation for demonstrating compliance Fully-indexed, searchable archive Rapid deployment to meet deadlines or immediate needs Full e-mail encryption No public and private key management Gateway, policy-based e-mail encryption Uninterrupted e-mail accessibility Rapid recovery from unplanned disasters and network outages 30-day historical e-mail store
FrontBridgeE-Mail Filtering • Edge and connection-based blocking • Directory services, real-time attack prevention, multi-layer virus scanning and content filtering • Advanced spam filtering • Fingerprinting, SPF lookups, rules based scoring • E-Mail queuing • E-Mail quarantine
Microsoft AntigenWhat is Antigen? Antigen for SMTP/Exchange • On-premise, server-based mail scanning software • Provides antivirus, anti-spam, content and file filtering • Multiple complementary technologies used • Complete end user control • Protection against internal threats and virus propagation
Microsoft AntigenOverview • All Antigen products integrate multiple antivirus engines from 3rd party vendors. Four engines provided as part of base cost. • Kaspersky Lab • Norman Data Defense* • Sophos* • Virus Busters • AhnLabs • Authentium Command • CA InoculateIT* • CA VET* *Default engines The MS Antivirus engine will be provided in the first Microsoft-branded version of Antigen
Microsoft AntigenSignature Updates Sober.P Virus Detection TimeMay 2, 2005 (GMT) January 2005 Updates Time of DayHour : Minute Antigen Engines AV-Test.org Feb. 2005 Note: the chart (left) represents a single virus outbreak only. It does not represent average response times for the listed antivirus labs. AV-Test.org May 2005
Internet ISA Server Exchange Site 1 Exchange Front End Exchange Site 2 Exchange Public Folder Server Exchange Mailbox Server Microsoft AntigenAntigen for Exchange • Detects and removes viruses in e-mail messages and attachments • Scans at SMTP stack (most processing intensive scans) • Scans real-time at Exchange information Store • Provides on-demand and scheduled scans of information store • Uses Microsoft-approved virus scanning API integration for Exchange 2000 and 2003 • Provides advanced content-filtering capabilities for messages and attachments • Integrates file filtering, keyword filtering and anti-spam at the SMTP routing level • Protects Exchange Server 5.5, 2000, and 2003
Network Access Protection Why you need a NAP… Causing loss of productivity and financial loss Virus entering the enterprise by: • Employees returning from trips • Consultants/guests plugging in • Employees VPN-ing in • Attacking vulnerable machines in the network Source: Virus Attack Costs are Rising –Again. Computer Economics, Inc. Sept 2003. IT Administrators looking for tools to:
Network Access Protection IPSec-based NAP Walk-through Quarantine Zone Boundary Zone Protected Zone DHCP May I have a DHCP address? May I have a health certificate? Here’s my SoH. Here you go. Client ok? Yes. Issue health certificate. No! Needs updates. Here’s your health certificate. You don’t get a health certificate! Get updates! Health Registration Authority IAS Client I need updates. X Accessing the network Here you go. Remediation Server
Extranet Web Server External Web Site DMZ ISA 2006 Appliance Internal Network Attacker Internet Administrator ISA Server 2006Web Access Protection External Attack Resilience Internal Attack Resilience Minimal Downtime Remediation Measures Better Management
Over 1,500 IT Pro’s visited security content on Microsoft.com 250 customers downloaded Windows Server 2003 SP1 Over 50,000 users ran the Malicious Software Removal Tool 2 instances of the Sasser worm were removed 149 Bot infections were found and removed Over 18,000 additional users installed Windows Defender ~7,500 pieces of spyware and other potentially unwanted software were removed In the last 30 minutesDid you realize?
Microsoft Security Resources • Windows Vista Beta • http://www.microsoft.com/windowsvista/ • Certificate Lifecycle Manager Beta • http://www.microsoft.com/windowsserversystem/clm/default.mspx • Antigen and FrontBridge • http://www.microsoft.com/securemessaging • Network Access Protection Beta • http://www.microsoft.com/technet/itsolutions/network/nap/beta.mspx • ISA Server 2006 Beta • http://www.microsoft.com/isaserver/2006/