{ Security Technologies }
description
Transcript of { Security Technologies }
![Page 1: { Security Technologies }](https://reader035.fdocuments.us/reader035/viewer/2022062323/568161a3550346895dd15d51/html5/thumbnails/1.jpg)
{ Security Technologies}
Steve LambTechnical Security Advisor, Microsoft UKhttp://blogs.technet.com/[email protected]
![Page 2: { Security Technologies }](https://reader035.fdocuments.us/reader035/viewer/2022062323/568161a3550346895dd15d51/html5/thumbnails/2.jpg)
![Page 3: { Security Technologies }](https://reader035.fdocuments.us/reader035/viewer/2022062323/568161a3550346895dd15d51/html5/thumbnails/3.jpg)
”Effective Security”
![Page 4: { Security Technologies }](https://reader035.fdocuments.us/reader035/viewer/2022062323/568161a3550346895dd15d51/html5/thumbnails/4.jpg)
Agenda• Overview of Windows Server 2008 Security• Windows Service Hardening• Network Access Protection• Read-Only Domain Controllers• AD Rights Management• Auditing• Resources
![Page 5: { Security Technologies }](https://reader035.fdocuments.us/reader035/viewer/2022062323/568161a3550346895dd15d51/html5/thumbnails/5.jpg)
Windows Server 2008 SecurityArchitecture
Network Access Protection
Read-Only Domain Controller
AD Rights Management Services
Auditing
![Page 6: { Security Technologies }](https://reader035.fdocuments.us/reader035/viewer/2022062323/568161a3550346895dd15d51/html5/thumbnails/6.jpg)
U UU
Windows Services are profiledReduce size of high risk layersSegment the servicesIncrease number of layers
Kernel DriversK
U User-mode Drivers
KK K
Service 1
Service 2
Service 3
Service…
Service …
Service A
Service B
Windows Services Hardening
![Page 7: { Security Technologies }](https://reader035.fdocuments.us/reader035/viewer/2022062323/568161a3550346895dd15d51/html5/thumbnails/7.jpg)
Where is the boundary?
?
![Page 8: { Security Technologies }](https://reader035.fdocuments.us/reader035/viewer/2022062323/568161a3550346895dd15d51/html5/thumbnails/8.jpg)
Network Access Protection
Customers
Partners
Remote Employees
Intranet
Internet
![Page 9: { Security Technologies }](https://reader035.fdocuments.us/reader035/viewer/2022062323/568161a3550346895dd15d51/html5/thumbnails/9.jpg)
Network Access ProtectionHow It Works
Access requested
Health state sent to NPS (RADIUS)
NPS validates against health policy
If compliant, access granted
If not compliant, restricted network access and remediation
Microsoft NPS
Corporate Network
Policy Serverse.g.., Patch, AV
DCHP, VPNSwitch/Router
RestrictedNetwork
Remediation Serverse.g., Patch
Not policy compliant
Policy compliant
1
35
4
1
3
45
2
2
![Page 10: { Security Technologies }](https://reader035.fdocuments.us/reader035/viewer/2022062323/568161a3550346895dd15d51/html5/thumbnails/10.jpg)
Read-Only Domain Controller
Main Office Branch Office
RODC
![Page 11: { Security Technologies }](https://reader035.fdocuments.us/reader035/viewer/2022062323/568161a3550346895dd15d51/html5/thumbnails/11.jpg)
AD Rights Management
• Do NOT Forward–Let’s have a look @ my email
![Page 12: { Security Technologies }](https://reader035.fdocuments.us/reader035/viewer/2022062323/568161a3550346895dd15d51/html5/thumbnails/12.jpg)
How does RMS work?
Author using Office The Recipient
Windows Server running RMS
SQL Server
Active Directory
2
3
4
5
13
![Page 13: { Security Technologies }](https://reader035.fdocuments.us/reader035/viewer/2022062323/568161a3550346895dd15d51/html5/thumbnails/13.jpg)
Federated Rights Management
AD AD
AccountFederationServer
ResourceFederationServer
AdatumContoso
Federation Trust
RMS
WebSSO
![Page 14: { Security Technologies }](https://reader035.fdocuments.us/reader035/viewer/2022062323/568161a3550346895dd15d51/html5/thumbnails/14.jpg)
Auditing - ComparisonWindows Server 2008Windows Server 2003
![Page 15: { Security Technologies }](https://reader035.fdocuments.us/reader035/viewer/2022062323/568161a3550346895dd15d51/html5/thumbnails/15.jpg)
Updated Event Viewer
![Page 16: { Security Technologies }](https://reader035.fdocuments.us/reader035/viewer/2022062323/568161a3550346895dd15d51/html5/thumbnails/16.jpg)
Is EFS Dead?
?
![Page 17: { Security Technologies }](https://reader035.fdocuments.us/reader035/viewer/2022062323/568161a3550346895dd15d51/html5/thumbnails/17.jpg)
A Quick Review
BitLocker
![Page 18: { Security Technologies }](https://reader035.fdocuments.us/reader035/viewer/2022062323/568161a3550346895dd15d51/html5/thumbnails/18.jpg)
New Windows Firewall• Inbound and Outbound
Filtering• New Management MMC• Integrated Firewall and
IPsec Policies• Rule Configuration on Active
Directory Groups and Users• Support for IPv4 and IPv6• Advanced Rule Options• On by Default (Beta 3)
![Page 19: { Security Technologies }](https://reader035.fdocuments.us/reader035/viewer/2022062323/568161a3550346895dd15d51/html5/thumbnails/19.jpg)
Untrusted
Unmanaged/Rogue Computer
Domain Isolation
Active Directory Domain Controller
X
Server Isolation
Servers with Sensitive DataHR Workstation
Managed Computer
X
Managed Computer
Trusted Resource Server
Corporate Network
Define the logical isolation boundariesDistribute policies and credentialsManaged computers can communicateBlock inbound connections from untrustedEnable tiered-access to sensitive resources
Server and Domain Isolation
![Page 20: { Security Technologies }](https://reader035.fdocuments.us/reader035/viewer/2022062323/568161a3550346895dd15d51/html5/thumbnails/20.jpg)
Crypto Next Generation (CNG)
• Native AES 256 in the Kernel• Can plug in new algorithms• FIPS 140-2
![Page 21: { Security Technologies }](https://reader035.fdocuments.us/reader035/viewer/2022062323/568161a3550346895dd15d51/html5/thumbnails/21.jpg)
Please fill in your Evaluation Form