Embed Size (px)
Citation preview
Securing Your Data with Microsoft Technologies
Securing Your Data with Microsoft Technologies
Mike Smith-LonerganMike Smith-LonerganSr. Technical Program ManagerSr. Technical Program ManagerMicrosoft CorporationMicrosoft [email protected]@microsoft.com
What you can expect TodayWhat you can expect Today
Our current thinking on Scenarios & Our current thinking on Scenarios & SolutionsSolutions
What technologies to use where and whyWhat technologies to use where and why
60 minutes for discussion & quick demo60 minutes for discussion & quick demo
15 minutes for questions at the end15 minutes for questions at the end
Why Am I Talking To You About Why Am I Talking To You About This?This?
““When should I use X?”When should I use X?”EFS, RMS, S/MIME, BDE, XPS, CAPI, CAPICOM, EFS, RMS, S/MIME, BDE, XPS, CAPI, CAPICOM, CAPI-NG, WS-Sec, Smart Cards…CAPI-NG, WS-Sec, Smart Cards…
““What is the What is the right right encryption to use?”encryption to use?”
““Give me a strategic direction”Give me a strategic direction”
Where is your Data Stored?Where is your Data Stored?
Q: Where is your biggest Q: Where is your biggest security exposure?security exposure?
Trick question!Trick question!
SQL
ClientsClients
DocumentsDocumentsWhere do Where do your your users keep their documents?users keep their documents?
User ProfileUser ProfileOutlook, Sharepoint, Desktop, TempOutlook, Sharepoint, Desktop, Temp
per-machine dataper-machine dataSearch index, file cacheSearch index, file cache
ServersServers
File SharesFile Shares
Collaboration store (e.g. Sharepoint)Collaboration store (e.g. Sharepoint)
RDBMS (e.g. SQL)RDBMS (e.g. SQL)
Mail (e.g. Exchange)Mail (e.g. Exchange)
SANSAN
HSMHSM
Enterprise backupEnterprise backup
Where ISN’T Data stored?Where ISN’T Data stored?
SQL
Big Picture…Big Picture…
What Technologies Can Be What Technologies Can Be Used?Used?
ACLsACLs
Rights Management (eek!)Rights Management (eek!)
Role-based AccessRole-based Access
System encryptionSystem encryption
Application encryptionApplication encryption
ACLsACLs
Classic approachClassic approach
Configuring:Configuring:Windows Explorer, cacls.exeWindows Explorer, cacls.exe
Group Policy/SeceditGroup Policy/Secedit
NEW!NEW! .NET Framework 2.0 (SDDL) .NET Framework 2.0 (SDDL)
Good: protect against online/remote Good: protect against online/remote attackersattackers
Bad: protecting against local AdminsBad: protecting against local Admins
Ugly: protecting against offline attacksUgly: protecting against offline attacks
ACLs example: File serverACLs example: File server
Uses AD, Group Policy, Windows clientUses AD, Group Policy, Windows client
Goal: users cannot see each others’ filesGoal: users cannot see each others’ files
Server shares folder Server shares folder \\Server\Home\\Server\HomeShare permissions = Users: ChangeShare permissions = Users: Change
Folder root permissions allow:Folder root permissions allow:Users: Traverse folder, List folder, Create Users: Traverse folder, List folder, Create folders, Read (This folder only)folders, Read (This folder only)
Creator/owner: Change (Subfolders and files Creator/owner: Change (Subfolders and files only)only)
Result:Result:User creates new folderUser creates new folder
Can do anything they want with that folderCan do anything they want with that folder
No other user can see inside that folderNo other user can see inside that folder
Rights ManagementRights Management
The “ACL” goes wherever the document The “ACL” goes wherever the document goesgoes
Combines encryption with policy Combines encryption with policy enforcementenforcement
Good: protecting against offline, online Good: protecting against offline, online attacksattacks
Bad: protecting against Super UsersBad: protecting against Super Users
Ugly: protecting against Active Directory Ugly: protecting against Active Directory adminsadmins
Roles-based access (RBAC)Roles-based access (RBAC)
Idealized approachIdealized approach
Must combine with other techMust combine with other techACLsACLs
EncryptionEncryption
Rights ManagementRights Management
App-specific authorization (e.g. SQL, Exchange)App-specific authorization (e.g. SQL, Exchange)
Issues: Issues: Every Windows app has a different approachEvery Windows app has a different approach
Still no better against offline attacksStill no better against offline attacks
ADAD
RBAC scenario: rights RBAC scenario: rights managementmanagementLeverage Active Directory, RMS, OfficeLeverage Active Directory, RMS, Office
1.1. Assign users to groups (roles) in ADAssign users to groups (roles) in AD
2.2. RMS Templates assign rights to groupsRMS Templates assign rights to groups
3.3. Use RMS-enabled app (e.g. Office) to Use RMS-enabled app (e.g. Office) to assign rights via templatesassign rights via templates
4.4. RMS server and client grant limited access RMS server and client grant limited access to documentsto documents
22
Corporate IntranetCorporate Intranet 1.1. Assume author is already bootstrapped Assume author is already bootstrapped with a RAC and CLCwith a RAC and CLC
2.2. Author creates mailAuthor creates mail
3.3. Author protects mail using RAC and CLCAuthor protects mail using RAC and CLC
4.4. Author sends mail to recipientAuthor sends mail to recipient
5.5. Recipient contacts AD for service Recipient contacts AD for service discoverydiscovery
6.6. Recipient gets bootstrapped from RMSRecipient gets bootstrapped from RMS
7.7. Recipient gets use license from RMSRecipient gets use license from RMS
8.8. Recipient can access contentRecipient can access content
Intranet / VPN scenarioIntranet / VPN scenarioPublishing and consumptionPublishing and consumption
RACRAC CLCCLC
11
RACRAC CLCCLC
66
88
ULUL
77
44
55
RMS SCP:http://...
InternetInternetPLPL
33
RMSRMSADAD
System encryptionSystem encryption
Encrypt each file = Encrypting File System Encrypt each file = Encrypting File System (EFS)(EFS)
Encrypt each sector = BitLocker Drive Encrypt each sector = BitLocker Drive Encryption (BDE)Encryption (BDE)
Good: protect against offline attackGood: protect against offline attack
Bad: doesn’t protect against user errorBad: doesn’t protect against user error
Ugly: doesn’t protect between systemsUgly: doesn’t protect between systems
(BitLocker Data Encryption)(BitLocker Data Encryption)(Encrypting File System)(Encrypting File System)(Rights Management Services)(Rights Management Services)
BDE, EFS & RMSBDE, EFS & RMS
Application EncryptionApplication Encryption
Leverage each app’s data protection Leverage each app’s data protection approachapproach
““Every” app has its own approach, e.g. Every” app has its own approach, e.g. Outlook S/MIME, SQL Server, Office, WinzipOutlook S/MIME, SQL Server, Office, Winzip
Good: there’s encryptionGood: there’s encryption
Bad: hard to manageBad: hard to manage
Ugly: brutal to manage across the Ugly: brutal to manage across the enterpriseenterprise
SQL
App example: SQL 2005App example: SQL 2005
SQL 2005 uses DPAPISQL 2005 uses DPAPIComparable to EFSComparable to EFS
Multiple layers of keysMultiple layers of keysPartition accessPartition access
Encrypt instances, databases, tables with Encrypt instances, databases, tables with separate keysseparate keys
Leverage HSM @ server levelLeverage HSM @ server level
Advantages: keys managed with data, max Advantages: keys managed with data, max perf, uses system librariesperf, uses system libraries
Disadvantages: Server & DB Ops can get Disadvantages: Server & DB Ops can get keyskeys
SQL
ScenariosScenarios
1.1. Loss or Theft of PCLoss or Theft of PCaka “notebook in taxi”aka “notebook in taxi”
2.2. Reduced data leaksReduced data leaksaka “whoopsie”aka “whoopsie”
3.3. Server-side encryptionServer-side encryptionaka “untrustworthy Admins”aka “untrustworthy Admins”
4.4. End-to-end encryptionEnd-to-end encryptionaka “regulatory compliance”aka “regulatory compliance”
(1) Loss or Theft of PC(1) Loss or Theft of PC
Threat: Attackers with infinite time, many Threat: Attackers with infinite time, many tools, well-documented attack techniquestools, well-documented attack techniques
Goal: mitigate the risk of Data exposureGoal: mitigate the risk of Data exposureReduce the risk, NOT eliminateReduce the risk, NOT eliminate
GoodGood
Application EncryptionApplication Encryption
BetterBetter
Minimize the stored dataMinimize the stored data
System EncryptionSystem Encryption
Don't bother with ACLs, RBAC, DRMDon't bother with ACLs, RBAC, DRM
(1) Loss or Theft of PC(1) Loss or Theft of PC1.1. EFSEFS
Mitigates offline attacks except against user Mitigates offline attacks except against user accountaccount
Prevents online attacks (on encrypted files)Prevents online attacks (on encrypted files)
Threats focus on user’s passwordThreats focus on user’s password
2.2. BitLocker with TPM or USB (Vista)BitLocker with TPM or USB (Vista)Prevents offline attacks (replace passwords, Prevents offline attacks (replace passwords, copy hashes, change system files)copy hashes, change system files)
Threats focus on user logonsThreats focus on user logons
3.3. Ideal: BitLocker with TPM + EFS with Ideal: BitLocker with TPM + EFS with Smart Card (Vista)Smart Card (Vista)
Attacker with notebook + Smart Card needs Attacker with notebook + Smart Card needs PIN (not password)PIN (not password)
After “x” bad tries, Smart Card locked After “x” bad tries, Smart Card locked FOREVERFOREVER
(1) Loss or Theft of PC(1) Loss or Theft of PC
Reality check: Windows XP todayReality check: Windows XP today
Attack focus: user passwords, cleartext Attack focus: user passwords, cleartext datadata
Tactics:Tactics:BetterBetter passwords/phrases passwords/phrases
Encrypt significant sets of dataEncrypt significant sets of dataEFS for Documents, email, desktop, TIF, server cachesEFS for Documents, email, desktop, TIF, server caches
Smartcard logon per-PCSmartcard logon per-PC
Residual risk: pagefile fragments, hiberfile, Residual risk: pagefile fragments, hiberfile, cached logon verifierscached logon verifiers
(2) Reduced data leaks(2) Reduced data leaks
Threat: Authorized users with legit access Threat: Authorized users with legit access giving data to othersgiving data to others
Goal: mitigate the risk of spread of dataGoal: mitigate the risk of spread of dataReduce, NOT eliminateReduce, NOT eliminate
GoodGood
ACLs, Role-based AccessACLs, Role-based Access
BetterBetter
DRM, Application encryptionDRM, Application encryption
Don't bother with Don't bother with System encryptionSystem encryption
(2) Reduced data leaks(2) Reduced data leaks
1.1. ACL shared files on servers with RBAC ACL shared files on servers with RBAC groupsgroups
Prevents users from granting each other Prevents users from granting each other permissionspermissions
2.2. Leverage a rights management technologyLeverage a rights management technologyReduces the amount of unprotected filesReduces the amount of unprotected files
3.3. Ideal: RM automatically assigned (RMS Ideal: RM automatically assigned (RMS partners)partners)
Enforces RM protection according to pre-Enforces RM protection according to pre-defined business rulesdefined business rules
Bonus: encryption on physical mediaBonus: encryption on physical media
Bonus: removable media policy (Vista)Bonus: removable media policy (Vista)
(2) Reduced data leaks(2) Reduced data leaks
Reality check: user-initiated RMS is Reality check: user-initiated RMS is unreliableunreliable
Risk focus: leaks to outsidersRisk focus: leaks to outsiders
Tactics:Tactics:““do not forward” emails from execs, legal, R&Ddo not forward” emails from execs, legal, R&D
RMS automation on servers (future)RMS automation on servers (future)
Converting AD roles to security-enabled Converting AD roles to security-enabled Distribution GroupsDistribution Groups
Experiment with WinFX, Print-to-XPSExperiment with WinFX, Print-to-XPS
(3) Server-Side Encryption(3) Server-Side Encryption
Threat: some Admins have or grant Threat: some Admins have or grant themselves access with no oversight or themselves access with no oversight or detectiondetection
Goal: mitigate the risk of widespread leaksGoal: mitigate the risk of widespread leaksReduce, NOT eliminateReduce, NOT eliminate
GoodGood
Role-based AccessRole-based Access
BetterBetter
System encryption, Application System encryption, Application encryption, ERMencryption, ERM
Don't Bother with Don't Bother with ACLsACLs
(3) Server-Side Encryption(3) Server-Side Encryption
Roles-based access on all servers (and Roles-based access on all servers (and clients)clients)
Prevents Admins from unaudited access to dataPrevents Admins from unaudited access to data
EFS, BitLocker, RMS with central keys EFS, BitLocker, RMS with central keys managed elsewheremanaged elsewhere
Reduces opportunity for quick access to Reduces opportunity for quick access to protected dataprotected data
Threats switch to impersonating usersThreats switch to impersonating users
Bonus: audit for Object Access (Take Bonus: audit for Object Access (Take Ownership, Change Permissions), Policy Ownership, Change Permissions), Policy Change, System EventsChange, System Events
Bonus: role-separated audit collectionBonus: role-separated audit collection
(4) End-to-end encryption(4) End-to-end encryption
ChallengesChallenges
ApproachesApproaches
FuturesFutures
(4) End to End: Challenges(4) End to End: Challenges
Lack of product integrationLack of product integration
Key managementKey managementKeep keys close to data (performance, portability)?Keep keys close to data (performance, portability)?
Keep keys far from data (security, administration)?Keep keys far from data (security, administration)?
Cross-platform issuesCross-platform issues
Managing transitions between systems, Managing transitions between systems, applications and organizationsapplications and organizations
(4) End to End: Approaches(4) End to End: Approaches
Standard algorithmsStandard algorithms
Third-party productsThird-party products
Best-fit solutionsBest-fit solutions
Mitigate greatest exposures firstMitigate greatest exposures first
(4) End to End: Futures(4) End to End: Futures
““information protection platform”information protection platform”Possibly integrate EFS, RMS, NGSCBPossibly integrate EFS, RMS, NGSCB
WS-Sec (and other standards)WS-Sec (and other standards)
.NET Framework 3.0 (WinFX).NET Framework 3.0 (WinFX)
IPv6IPv6
Beyond Microsoft technologiesBeyond Microsoft technologies
Pervasive hardware-integrated cryptoPervasive hardware-integrated crypto
ISV encryptionISV encryption
ISV rights managementISV rights management
Smart cardsSmart cards
other multi-factor access controlother multi-factor access control
Calls to ActionCalls to Action
Fill out the Survey – Please!Fill out the Survey – Please!
Give me specific feedback:Give me specific feedback:Guidance you need for Protecting Data with Guidance you need for Protecting Data with Microsoft technologiesMicrosoft technologies
What bugs you about the current product What bugs you about the current product “stack”“stack”
Send me email: [email protected] me email: [email protected]
When you get home…When you get home…
IT: Plan your AD schema upgrade!IT: Plan your AD schema upgrade!
Dev: Download WinFXDev: Download WinFX
Want More of Us?Want More of Us?
Breakout Session: Regulatory ComplianceBreakout Session: Regulatory ComplianceSEC211 with Bill CanningSEC211 with Bill Canning
WED 8:30amWED 8:30am
CIS or Security Booth in TLC “Red”CIS or Security Booth in TLC “Red”
TechEd ConnectTechEd Connect
AND…AND…
Focus Group: Data Protection (drop me a Focus Group: Data Protection (drop me a business card)business card)
ResourcesResourcesTechnical Chats and Webcastshttp://www.microsoft.com/communities/chats/default.mspx http://www.microsoft.com/usa/webcasts/default.asp
Microsoft Learning and Certificationhttp://www.microsoft.com/learning/default.mspx
MSDN & TechNet http://microsoft.com/msdnhttp://microsoft.com/technet
Virtual Labshttp://www.microsoft.com/technet/traincert/virtuallab/rms.mspx
Newsgroupshttp://communities2.microsoft.com/communities/newsgroups/en-us/default.aspx
Technical Community Siteshttp://www.microsoft.com/communities/default.mspx
User Groupshttp://www.microsoft.com/communities/usergroups/default.mspx
Fill out a session Fill out a session evaluation on evaluation on
CommNet andCommNet and Win an XBOX Win an XBOX
360!360!
© 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
