Embed Size (px)
Citation preview
IN THE REAL WORLD Cryptography
Enhance Security and Control
Narenda Wicaksono
IT Pro Advisor, Microsoft Indonesia
Building upon the security foundations of Windows Vista, Windows 7 provides IT Professionals security features that are simple to use, manageable, and valuable.
Windows 7 Enterprise Security
Windows Vista Foundation
Streamlined User Account Control
Enhanced Auditing
A. Fundamentally Secure Platform
Network Security
Network Access Protection
Direct AccessTM
B. Securing Anywhere Access
AppLockerTM
Internet Explorer
Data Recovery
C. Protect Users & Infrastructure
RMS
EFS
BitLocker & BitLocker To GoTM
D. Protect Data from Unauthorized Viewing
A. Fundamentally Secure Platform
Windows Vista Foundation
Enhanced Auditing Streamlined User Account Control
Make the system work well for standard users
Administrators use full privilege only for administrative tasks
File and registry virtualization helps applications that are not UAC compliant
Streamlined User Account Control
User Account Control – Windows 7
Users can do even more as a standard user
Administrators will see fewer UAC Elevation Prompts
Reduce the number of OS applications and tasks that require elevation
Refactor applications into elevated/non-elevated pieces
Flexible prompt behavior for administrators
B. Securing Anywhere Access
Network Security DirectAccess Network Access Protection
Policy based network segmentation for more secure and isolated logical networks
Multi-Home Firewall Profiles
DNSSec Support
Network Security
Ensure that only “healthy” machines can access corporate data
Enable “unhealthy” machines to get clean before they gain access
Network Access Protection
Security protected, seamless, always on connection to corporate network
Improved management of remote users
Consistent security for all access scenarios
DirectAccess
Network Access Protection
Health policy validation and remediation
Helps keep mobile, desktop and server devices in compliance
Reduces risk from unauthorized systems on the network
Remediation Servers
Example: Patch Restricted Network
Windows Client
Policy Compliant
NPS DHCP, VPN
Switch/Router
POLICY SERVERS
such as: Patch, AV
CORPORATE NETWORK
Not Policy Compliant
Remote Access for Mobile Workers Access Information Anywhere
Difficult for users to access corporate resources from outside the office
Challenging for IT to manage, update, patch mobile PCs while disconnected from company network
Remote Access for Mobile Workers Access Information Anywhere
Same experience accessing corporate resources inside and outside the office
Seamless connection increases productivity of mobile users
Easy to service mobile PCs and distribute updates and polices
C. Protect Users & Infrastructure
AppLockerTM Data Recovery Internet Explorer 8
Enables application standardization within an organization without increasing TCO
Increase security to safeguard against data and privacy loss
Support compliance enforcement
AppLockerTM
Protect users against social engineering and privacy exploits
Protect users against browser based exploits
Protect users against web server exploits
Internet Explorer 8
File back up and restore
CompletePC™ image-based backup
System Restore
Volume Shadow Copies
Volume Revert
Data Recovery
Application Control
Users can install and run non-standard applications
Even standard users can install some types of software
Unauthorized applications may:
Introduce malware, Increase helpdesk calls, Reduce user productivity, Undermine compliance efforts
Application Control
Eliminate unwanted/unknown applications in your network
Enforce application standardization within your organization
Easily create and manage flexible rules using Group Policy
AppLocker
Simple Rule Structure: Allow, Exception & Deny
Publisher Rules
Product Publisher, Name, Filename & Version
Multiple Policies
Executables, installers, scripts & DLLs
Rule creation tools & wizard
Audit only mode
SKU Availability
AppLocker – Enterprise
Legacy SRP – Business & Enterprise
D. Protect Data from Unauthorized Viewing
RMS BitLocker EFS
Policy definition and enforcement
Protects information wherever it travels
Integrated RMS Client
Policy-based protection of document libraries in SharePoint
RMS
User-based file and folder encryption
Ability to store EFS keys on a smart card
EFS
Easier to configure and deploy
Roam protected data between work and home
Share protected data with co-workers, clients, partners, etc.
Improve compliance and data security
BitLocker
BitLocker
• Gartner “Forecast: USB Flash Drives, Worldwide, 2001-2011” 24 September 2007, Joseph Unsworth • Gartner “Dataquest Insight: PC Forecast Analysis, Worldwide, 1H08” 18 April 2008, Mikako Kitagawa,
George Shiffler III
0
200
400
600
800
1000
1200
2007 2008 2009 2010 2011
Removable Solid-State Storage Shipments
PC Shipments
Worldwide Shipments (000s)
BitLocker
Extend BitLocker drive encryption to removable devices
Create group policies to mandate the use of encryption and block unencrypted drives
Simplify BitLocker setup and configuration of primary hard drive
+
BitLocker
BitLocker Enhancements
Automatic 200 Mb hidden boot partition
New Key Protectors
Domain Recovery Agent (DRA)
Smart card – data volumes only
BitLocker To Go
Support for FAT*
Protectors: DRA, passphrase, smart card and/or auto-unlock
Management: protector configuration, encryption enforcement
Read-only access on Vista & XP
SKU Availability
Encrypting – Enterprise
Unlocking – All
Building upon the security foundations of Windows Vista, Windows 7 provides IT Professionals security features that are simple to use, manageable, and valuable.
Windows 7 Enterprise Security
Windows Vista Foundation
Streamlined UAC
Enhanced Auditing
Network Security
Network Access Protection
DirectAccess
AppLocker
Internet Explorer 8
Data Recovery
RMS
EFS
BitLocker
Learning curriculum
eBooks in Bahasa
Indonesia Developer Portal http://netindonesia.net
IT Professional Portal http://wss-id.org
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market
conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
