Microsoft TechNet Seminar 2006

Microsoft TechNet Seminar 2006
Identity & Access Control Threat & Vulnerability Mitigation Fundamentals Effiziente IT-Sicherheit – das Sicherheitsportfolio von Microsoft im Überblick Sven Thimm Senior Presales Consultant Microsoft Deutschland GmbH Seminar Name

A secure platform strengthened by security products, services and guidance to help keep customers safe Advocate that baseline security should be low cost or free. Spell out rationale: basic/critical protection is essential because of the need to protect the ecosystem. Offer examples of MSFT “baseline” security services available for free: SP2, scanning & removal tools, critical updates, etc. Reference free solutions from other vendors too. Segue to the business case by reinforcing MSFT main security objective based on feedback from customers: People need easier and more effective way to protect themselves, their computers and their networks. Reference Gartner report that the industry is not meeting critical needs. Pull appropriate quotes from Gartner report. (e.g., “Despite the maturity of the enterprise AV market, customer needs for protection against new forms of attacks are not being met by the AV vendors.”) Technology Investments Microsoft is making investments to achieve the highest level of quality in Microsoft® software, and to deliver security technology innovations in the platform, security products and hosted security services. Prescriptive Guidance Microsoft is investing in providing educational resources, training, supportive tools and global outreach to help customers secure their environments and comply with regulations. Industry Leadership Microsoft is working with governments, industry partners, law enforcement agencies and others to address the key societal challenges of security, including spam, security, privacy and children’s online safety. +++ Additional Bullet Points Datapoint re: WS2003 SP1: Windows Server 2003 SP1 has had 1.4 million successful downloads since availability end of March. This unique service pack provides customers with significant security enhancements as well as reliability and performance improvements. Datapoints re: XPSP2 for technology innovations We’ve had 149.7M downloads of SP2 At least ~112M XPSP2 machines serviced by Windows Update Install rate of SP2 is a bit disappointing at about 66%... Some regions are doing better - e.g. Japan, Germany, France all around 75%, while some regions like Korea, Spain are in low-mid 50s. Hervorragende Leistungen in den Grundlagen Innovationen in der IT-Sicherheit Szenarien-basierte Inhalte und Tools Verlässliche Unterstützung bei Störfällen Bewusstsein und Ausbildung Zusammenarbeit und Partner-schaften Seminar Name

Identity & Access Management Threat & Vulnerability Mitigation Engineering Excellence System Integrity [These are the four key pillars where you spend most of your speech] Engineering excellence - System Integrity Threat & Vulnerability Mitigation Identity & Access management – helping manage the identity lifecycle (establishing trustworthy identies, providing and managing secure access to resuo) Let's look at the elements of technology innovation. We can divide the challenge and the needs for advances into four different buckets. The first is getting software up to date; that is, using the ability of the Internet to deliver updates and making sure that operates faster than the ability of the Internet to propagate problems. Isolation - This is a very profound technique that exists at many levels; isolation within a machine so bad code can't do much, isolation within a network and isolation at the perimeter. Isolation is fundamental. The Internet connects everyone together, but we have to be able to look at those connections and make sure there's there is appropriate controls between the connections. This is a fundamental technique for making sure you don't spread malicious code. A third area that is getting more attention is authorization and access control. As we strengthen other elements of the system, the weak link often becomes the ability to guess at people's passwords because they use the same password in many places. So we have to strengthen passwords, access techniques and strengthen the administrative tools around them so that you know all your resources have the appropriate access controls applied to them, whether that access is internal or external. And then finally, something that has really been probably the fastest growing challenge is what's going on is social engineering -- the that encourages you to supply private information; phishing, code that encourages you to download it because it seems benign and yet it's actually spying on your machine or doing something inappropriate to your machine. These are cases where from a technical point of view there's no exploit or anything, they've simply taken the privilege of the user and fooled them into running code that they don't want to run or divulging sensitive data. So, we need significant advances to make sure that this category of threat doesn't keep expanding the way it did over the last year. Microsoft is making important investments in all four of these areas. Lets look at some of the details and progress with our Technology Investments. Seminar Name

Identity & Access Control Threat & Vulnerability Mitigation Fundamentals To help realize this vision Microsoft has and will continue to make technology investments: in the platform and in security products and services. There is no single technology silver bullet, but the combination of technology will help raise the bar for security. There are three areas of Microsoft’s technology investment strategy for security: Fundamentals. Improve security of software code This forms the foundation tying all Microsoft products together. The goal is to create software code that is secure by design and secure by default, resulting in fewer vulnerabilities, and to keep systems updated by improving the updating experience. Threat and Vulnerability Mitigation. Provide layered defenses against ever-evolving malware threats and intrusions The goal is to provide customers defense-in-depth with platform tools and technologies, security products, and security services. The approach focuses on prevention (blocking attacks), isolation (limiting damage potential from attacks by isolating malicious code), and recovery (getting systems back to a known good state). Identity and Access Control. Provide technologies that allow only legitimate users access to devices, applications and data The goal is to have platform technologies with layered product and service offerings that provide a central identity store, a central way of managing credentials and technologies to allow access control. Today, we are going to talk about some of the products that fall under the Threat & Vulnerability Mitigation and Identity & Access Control areas of technology investment. Seminar Name

Identity & Access Control Threat & Vulnerability Mitigation Fundamentals Customers face several challenges with current threat & vulnerability mitigation solutions. First off, traditional solutions do not provide adequate protection in today’s evolving threat environment. The annual survey of businesses by the Federal Bureau of Investigation and Computer Security Institute that reported widespread security breaches also noted that 99% of these same businesses had antivirus software, and 98% had have edge firewalls. There are several drivers for this. The time between public disclosure of a security vulnerability and when the vulnerability is first exploited is decreasing, which means IT managers no longer have weeks or months to deploy necessary updates. Attacks are also evolving and getting more sophisticated. Spyware was not very prevalent only a few years ago, but is now widespread. Rootkits are an emerging threat. Blended attacks are also on the rise. For example, the lines between spam and malicious messages are blurring—Trojans and viruses are increasingly spread through spam. Also, at the center of this convergence are phishing attacks, which use spam techniques to spread and virus techniques to compromise recipient systems. Lack of integration across point solutions is another major problem for customers. Customers are forced to manage multiple agents for desktops, multiple solutions for server protection, multiple appliances for the network edge, and multiple management consoles. Although the industry is consolidating and there is much talk of integration, customers have yet to experience these benefits. For example, in a recent report, Gartner concludes that “PC tools for fighting malicious code and network traffic remain fragmented into separate disciplines…this is difficult for companies that struggle with the challenge of buying three classes of desktop personal protection products, all of which are aimed at malicious code and its side effects”. Consider this simple example—if a Trojan delivers some spyware to your computer, the antivirus software on your computer might detect the Trojan but not the spyware. Your anti-spyware software might detect the spyware but not the Trojan. If something goes wrong, it’s hard to solve the problem. Businesses also have inadequate visibility and control over their security infrastructure. For example, according to Gartner, “the lack of management functionality within antivirus products remains a key complaint among businesses. Enterprises rely on the inherent distribution capabilities of vendors to get updates out to the desktops. However, the distribution functionality is often insufficient, and large companies end up writing their own scripts to supplement it. Support of remote workers and access continues to be a challenge.” Seminar Name

Vorbeugung Isolierung Wiederherstellung Bekannte und unbekannte Angriffe abwehren Auswirkung durch Isolierung eingrenzen Ordnungsgemäßen Status wieder herstellen The security technologies in our platform and products will provide seamless integration at multiple levels to provide an enhanced level of protection. Integration within the security portfolio will not only provide improved protection and management, but also enable a more comprehensive view of risk by sharing data between multiple systems. Integration with existing IT systems will help maximize existing investments made in IT infrastructure and reduce training costs. Microsoft’s approach will also reduce an organization’s exposure to attacks through best-of-breed threat protection, detection, and removal. Data collected from various feedback mechanisms including MSN® Hotmail®, Windows Online Crash Analysis, and the SpyNet AntiSpyware Community, combined with a global multi-vendor research effort, will enable fast discovery of protection against new threats. The goal is to provide customers with defense-in-depth with platform tools and technologies, security products, and security services. Microsoft’s approach is to provide unified defense against all types of malware, with protection on clients, servers and network “edge,” with central visibility and control. Microsoft’s approach focuses on three areas: Prevention. This refers to blocking malicious code and other unwanted software, at the network edge and on clients, using a combination of “signature-based” and non-signature-based approaches. “Malware” covers a full spectrum, ranging from clearly malicious software such as viruses, worms and Trojans to software that may be unwanted, such as adware and spyware. Microsoft is making investments in technologies to block all malware that is clearly malicious or unwanted by the users based on their choices. Technologies that Microsoft is investing in include those for antivirus, anti-spyware, anti-spam and anti-phishing, as described in the next section. Isolation. The goal is to isolate malicious code from systems and networks, limiting the damage potential from attacks. This complements signature-based approaches that can block known attacks, and creates a stronger line of defense for each computer and each network to protect against evolving threats. A core tenet within isolation is the principle of least connectivity, i.e., limiting network services to making connections needed to perform their task. For example, in a case where a service only needs to accept inbound connections from its clients, the connectivity policy is configured to disallow outbound connections. If the service becomes infected, it cannot connect to other machines to infect them. Technology investments based on this principle of isolation include several enhancements in Windows Vista™ such as Windows® Services Hardening, system firewall and IPsec; enhancements in Windows Server such as Network Access Protection; and products such as Microsoft Internet Security & Acceleration (ISA) Server These are described in greater detail in the following section. Recovery. In the event that a system or the data it contains is compromised, customers need a way to quickly and easily restore it to a known good state. Microsoft provides technologies to help customers better manage recovery efforts such as System Restore and IntelliMirror®. For consumers, system backup and restore will be included as part of the Windows OneCare™ service offering. Microsoft is building a technology portfolio to protect against malware and intrusion based on these core principles. As the threat landscape evolves, so will the specific protection technologies, but the goal is to provide customers with unified protection against current and future threats, and do away with the fragmented approach to security that is common in the industry today. AntiVirus-Software AntiSpyware-Software Schutz vor Spam und Phishing Aktualisierung mit WSUS oder Systems Management Server User Account Control IE Optimierungen Härtung der Windows Dienste Network Access Protection Systemwiederherstellung Microsoft Windows-Tool zum Entfernen bösartiger Software Intellimirror® System Center Data Protection Manager Seminar Name

User Account Control Admin User

Clients Servers Edge Services Platform Products To address this challenge Microsoft will provide security technology innovations in the platform and in security products and services. The security technologies in our platform and products will provide seamless integration at multiple levels to provide an enhanced level of protection. [click] Integration within the security portfolio will not only provide improved protection and management, but also enable a more comprehensive view of risk by sharing data between multiple systems. Integration with existing IT systems will help maximize existing investments made in IT infrastructure and reduce training costs. Microsoft’s approach will also reduce an organization’s exposure to attacks through best-of-breed threat protection, detection, and removal. Data collected from various feedback mechanisms including MSN® Hotmail®, Windows Online Crash Analysis, and the SpyNet AntiSpyware Community, combined with a global multi-vendor research effort, will enable fast discovery of protection against new threats. Best-of-breed threat protection in the platform and security products, combined with a defense-in-depth strategy across the entire IT infrastructure are key aspects of our overall solution. We are taking this defense-in-depth concept to heart and building a portfolio that will include technologies and products that will help protect against the evolving malware threat on the client [click], on servers [click] and at the network “edge” [click]. Current security solutions are extremely fragmented and give very little power to the IT administrators. Our solution will allow customers to have a single place to view the security state of their enterprise and to take necessary remediation actions Additionally, the security products at each of these points will integrate to provide a unified system for collaborative defense. Beyond the network edge we will be providing security services [click] for business customers like those providing by Frontbridge and Windows OneCare for consumers. These services will also be based on the Windows platform and Microsoft security technologies. These technologies are focused on three areas: Prevention, Isolation and Recovery: Prevention. This refers to blocking malicious code and other unwanted software, at the network edge and on clients, using a combination of “signature-based” and non-signature-based approaches. “Malware” covers a full spectrum, ranging from clearly malicious software such as viruses, worms and Trojans to software that may be unwanted, such as adware and spyware. Microsoft is making investments in technologies to block all malware that is clearly malicious or unwanted by the users based on their choices. Technologies that Microsoft is investing in include those for antivirus, anti-spyware, anti-spam and anti-phishing, as described in the next section. Isolation. The goal is to isolate malicious code from systems and networks, limiting the damage potential from attacks. This complements signature-based approaches that can block known attacks, and creates a stronger line of defense for each computer and each network to protect against evolving threats. A core tenet within isolation is the principle of least connectivity, i.e., limiting network services to making connections needed to perform their task. For example, in a case where a service only needs to accept inbound connections from its clients, the connectivity policy is configured to disallow outbound connections. If the service becomes infected, it cannot connect to other machines to infect them. Technology investments based on this principle of isolation include several enhancements in Windows Vista™ such as Windows® Services Hardening, system firewall and IPsec; enhancements in Windows Server such as Network Access Protection; and products such as Microsoft Internet Security & Acceleration (ISA) Server These are described in greater detail in the following section. Recovery. In the event that a system or the data it contains is compromised, customers need a way to quickly and easily restore it to a known good state. Microsoft provides technologies to help customers better manage recovery efforts such as System Restore and IntelliMirror®. For consumers, system backup and restore will be included as part of the Windows OneCare™ service offering. Microsoft is building a technology portfolio to protect against malware and intrusion based on these core principles. As the threat landscape evolves, so will the specific protection technologies, but the goal is to provide customers with unified protection against current and future threats, and do away with the fragmented approach to security that is common in the industry today. Seminar Name

Microsoft Antigen Produktlinie Highlights Einzigartiger Ansatz zur Verwendung mehrerer Scan-Engines für schnellere Erkennung und zuverlässigeren Schutz Integrierter Schutz vor Viren und Spam Integrierte Microsoft AV-Engine The Sybari line of Antigen products will be re-branded as Microsoft Antigen and will be available in the second quarter of 2006. Sybari security products help businesses protect their messaging and collaboration servers from viruses, worms, and spam. These products provide a key layer of defense, helping to stop threats before they reach end users. Antigen antivirus products improve virus detection rates by integrating multiple scan engines. The antivirus, anti-spam, and enterprise management products are tightly integrated with the servers they protect to maintain infrastructure reliability and performance. The protection capabilities are kept up to date by the collective efforts of multiple virus and spam research teams, helping to protect businesses from the latest threats. +++ Additional Bullet Points is the primary vector of attack for viruses today. As part of a defense-in-depth approach, it is critical to reinforce edge security with a second layer of protection on all internal servers. Server-based protection stops viruses from propagating internally, and provides a second line of defense against any viruses that might escape detection on inbound/outbound traffic at the edge. Microsoft strongly recommends that companies use a combination of edge antivirus and server antivirus technology. In addition to , the adoption of instant messaging and portals for collaboration and communication is growing, and these vectors of attack are likely to be used more frequently. Protecting content communicated through these messaging and collaboration servers is a critical component of an overall security solution. Antigen for Exchange, SharePoint and Instant Messaging. To protect critical servers, Microsoft offers a range of server protection solutions. These products include Antigen for Exchange, Advanced Spam Manager, Antigen for SharePoint, and Antigen for Instant Messaging. With a layered, multiple-scan engine approach, Microsoft Antigen solutions help stop the latest threats before they impact business and users. Tight integration with Microsoft Exchange, Microsoft SharePoint® Services and Microsoft Live Communications Server ensures strong protection and centralized control without taxing server or network infrastructure performance. There are two key elements that differentiate our vision and approach for server protection. The first is strong integration between the security products and the server applications they protect, helping to increase both availability and productivity of these systems to keep the business running. The second is Microsoft’s use and management of multiple antivirus scanning engines to eliminate single points of failure and reduce the window of exposure that may exist during new outbreaks. Each of the Antigen antivirus products lets customers deploy up to eight leading scan engine technologies from industry-leading antivirus vendors. The upcoming Microsoft release of these products will also include Microsoft’s antivirus engine. Such layered defense is significantly more effective than single-engine technologies in identifying malicious content. The diversity of using different signatures and heuristics technologies helps improve overall virus detection. Secondly, this approach reduces single points of failure. If an organization relies on a single virus scanning solution deployed throughout its environment, and that scanning engine is compromised by a virus or is offline during an update, it can expose the organization to risk. Antigen’s antivirus engines are developed in various labs around the world, each releasing signatures at different intervals. With updates coming from multiple sources, customers are protected with the latest signatures against the latest threats. Utilizing multiple scan engines from multiple companies will, on average, provide the quickest updates against the latest threats. Seminar Name

Quarantine Scan Engine 1 Scan Engine 4 Scan Engine 2 Scan Engine 3 Designed to eliminate single points of failure Manages and updates up to 8 different scan engines for continuous protection Multiple scanning of all messages and documents Minimizes window of time required for signature files and engine updates during virus outbreaks Provides rollback and scan engine “crash” protection Bis zu 8 Scan-Engines Eliminiert den Single-point-of-failure Verkürzt die Phase der Verwund- barkeit bei einem Virenausbruch Seminar Name

Centralized Management
Sybari Enterprise Manager Provides central management and reporting Eases migration and deployment Provides central deployment of updates to reduce the window of vulnerability Sybari Antigen Management Pack for MOM Monitors events, performance counters, and services Allows you to remotely update scan engines or run manual scan jobs Provides alerts on outbreaks and scan engine update failures

Antigen for Exchange ISA Server Exchange Front End Exchange Site 1 Exchange Site 2 Internet Exchange Public Folder Server Exchange Mailbox Server Detects and removes viruses in messages and attachments Scans at SMTP stack (most processing intensive scans) Scans real-time at Exchange information Store Provides on-demand and scheduled scans of information store Uses Microsoft-approved virus scanning API integration for Exchange 2000 and 2003 Provides advanced content-filtering capabilities for messages and attachments Integrates file filtering, keyword filtering and anti-spam at the SMTP routing level Protects Exchange Server 5.5, 2000, and 2003

Antigen for SMTP Gateways
Detects and removes viruses at the network edge Scans SMTP stack to disable threats within a message during the routing process Provides advanced content filtering capabilities for messages and attachments Integrates file filtering, keyword filtering, anti-spam, and content filtering during the routing process Protects Windows Server 2003 and Windows 2000 Server SMTP gateways Proactively notifies administrators of virus incidents and scan events by or event log Internet Firewall SMTP Gateway Server/Routing Server Exchange Servers Users

Antigen, Advanced Spam Manager and IMF
Exchange Server with IMF Available filters Spam filter File filtering Content/Keyword filtering Subject line filtering RBLs Domain/sender filters and whitelists Antigen Advanced Spam Manager and IMF use same Spam Confidence Level rating system Spam Site Quarantine Outlook Junk Mail folder Inbox

Antigen for SharePoint
Microsoft TechNet Seminar 2006 Antigen for SharePoint Virus Protection for Document Libraries Scanning of all files uploaded and downloaded from document library Manual and scheduled scanning of all SPS files (supports both WSS and SPS) Content Policy Enforcement File filtering to block documents from being posted based on name match, file type or file extension Content scanning by keywords within documents for inappropriate words and phrases SQL Document Library Document SharePoint Server or WSS Antigen for SharePoint is based on Sybari’s market leading Antigen for Exchange technology. As SharePoint uses the same “document store” technology, it was very easy for us to use the same approach. In fact the Antigen for SharePoint product is built from the same code set as Antigen for Exchange. Because of this, while in it’s initial release, Antigen for SharePoint is a highly reliable and tested product. Customers will get enhanced protection with Sybari’s unique Multiple Scan Engine manager, speedy performance with our in-memory scanning approach and comprehensive document filtering options. One thing to keep in mind is that Antigen for SharePoint will only protect the “document management” component of Microsoft SharePoint Portal Server, it will not protect the indexing component of SharePoint Portal Server, that is Antigen cannot go out and scan or filter items that are indexed from a remote web site, file share or other type of remote content source. Document Users Seminar Name

Caching caching Content filtering application publishing Application Publishing Web Filtering ISA Server can help provide value in 4 main areas: Application publishing – securely publish OWA for Exchange, SharePoint extranets, etc. Caching – speeding up network by caches pages and updates locally Web Filtering – filtering the information that flows through your network Advanced Application Layer Firewall/VPN - advanced application layer firewall Advanced Application Layer Firewall / VPN Seminar Name

IM und Dokumente IM und Dokumente Antigen Antigen Antigen Live Communication Server SharePoint Server Live Communication Server Viren Würmer Here is where ISA fits in with the Antigen line of products and the value each provides… Antigen Antigen Antigen SMTP Server Exchange IMC server Exchange Mailbox server Microsoft ISA Server 2004 Firewall am Netzwerkübergang filtert Angriffe auf Anwendungsebene Pre-authentifiziert Anwender für den Netzwerkzugang Microsoft Antigen Produktfamilie Schützt vor einkommen Viren und unerwünschten Inhalten Schützt interne Server Richtlinien für den Versand von Informationen Seminar Name

Aktuell 2006 2007 Frontbridge hosted Services für Antivirus- und Spam-Filterung (Geschäftskunden) Windows OneCare (Beta) Nächste Generation der Security Services Services ISA Server 2004 Sybari Antigen Antivirus und Antispam für , IM und SharePoint Systems Management Server Microsoft Client Protection Microsoft Antigen Antivirus und Anti-Spam für Messaging Nächste Generation der Security Produkte Produkte Here is how Client Protection, the Antigen line of products, and ISA fit into our overall Threat & Vulnerability Mitigation roadmap… Windows XP SP2 Windows Server 2003 SP1 Anti-Malware Tools Microsoft Update Update Services (WSUS) Windows Defender (Windows AntiSpyware) Windows Vista Firewall und IPSec Härtung der Dienste User Account Control Network Access Protection IPSec Optimierungen Audit Collection Services Plattform Seminar Name

Identity & Access Control Threat & Vulnerability Mitigation Fundamentals Customers face several challenges with current threat & vulnerability mitigation solutions. First off, traditional solutions do not provide adequate protection in today’s evolving threat environment. The annual survey of businesses by the Federal Bureau of Investigation and Computer Security Institute that reported widespread security breaches also noted that 99% of these same businesses had antivirus software, and 98% had have edge firewalls. There are several drivers for this. The time between public disclosure of a security vulnerability and when the vulnerability is first exploited is decreasing, which means IT managers no longer have weeks or months to deploy necessary updates. Attacks are also evolving and getting more sophisticated. Spyware was not very prevalent only a few years ago, but is now widespread. Rootkits are an emerging threat. Blended attacks are also on the rise. For example, the lines between spam and malicious messages are blurring—Trojans and viruses are increasingly spread through spam. Also, at the center of this convergence are phishing attacks, which use spam techniques to spread and virus techniques to compromise recipient systems. Lack of integration across point solutions is another major problem for customers. Customers are forced to manage multiple agents for desktops, multiple solutions for server protection, multiple appliances for the network edge, and multiple management consoles. Although the industry is consolidating and there is much talk of integration, customers have yet to experience these benefits. For example, in a recent report, Gartner concludes that “PC tools for fighting malicious code and network traffic remain fragmented into separate disciplines…this is difficult for companies that struggle with the challenge of buying three classes of desktop personal protection products, all of which are aimed at malicious code and its side effects”. Consider this simple example—if a Trojan delivers some spyware to your computer, the antivirus software on your computer might detect the Trojan but not the spyware. Your anti-spyware software might detect the spyware but not the Trojan. If something goes wrong, it’s hard to solve the problem. Businesses also have inadequate visibility and control over their security infrastructure. For example, according to Gartner, “the lack of management functionality within antivirus products remains a key complaint among businesses. Enterprises rely on the inherent distribution capabilities of vendors to get updates out to the desktops. However, the distribution functionality is often insufficient, and large companies end up writing their own scripts to supplement it. Support of remote workers and access continues to be a challenge.” Seminar Name

Vertrauenswürdige Identitäten Zugangs- kontrolle Schutz von Informationen Sicherstellen, dass Anwender die sind, die sie vorgeben zu sein Zugang auf Basis von Richtlinien ermöglichen Schutz von Daten über den gesamten Lifecycle Organizations need to provide employees, business partners, and customers with secure and appropriate access to corporate networks, applications, documents, and data from a growing array of devices—desktop PCs, laptops, PDAs, Smartphones, kiosks, and more. Although the benefits of increased mobility and productivity are clear, broad access also exposes data to much greater security threats unless access to computers, applications, and data is appropriately secured. Trustworthy Identity Services and support for rich set of security principals Simple, consistent and secure user experience Facilitate federation for effective partnership Access Control Unified authorization policy model Easily create and manage role-based access control settings Visibility into policy changes, access & use of resources Information Protection Persistently protect and control access to sensitive information Enable compliance to regulatory requirements Directory Services Lifecycle Management Starke Authentifizierung Federated Identity Zertifikatsdienste Aufgaben-basierte Zugangskontrolle Audit Collections Services Group Policy Management Console Rights Management Services Verschlüsselung Sichere Protokolle und Übertragung Back-up und Recovery Seminar Name

Autorisierte Anwender Ja Informations-Leck Nein Access Control List Nicht autorisierte Anwender Nicht autorisierte Anwender Netzwerkperimeter Seminar Name

Der Autor erhhält ein Zertifikat (CLC) bei der ersten Verwendung der RMS. SQL Server Active Directory Der Autor definiert Nutzungs-richtlinien für die Datei. Die Anwendung erstellt eine “Veröffentlichungslizenz” und verschlüsselt die Datei. RMS Server Der Autor verteilt die Datei. 1 4 Der Empfänger öffnet die Datei. Die Anwendung kontaktiert den RMS Server der den User validiert und eine Benutzungslizenz ausstellt. Here’s a view of what goes on behind the scenes. <Click & read> Note that the Client Licensor Certificate (CLC) is a critical component that enables the author to publish rights-protected content from their machine. This is a one-time set-up where RMS sends the CLC to the author’s machine. If an author uses several machines, then RMS will issue a CLC to each of their machines the first time they try to publish a rights-protected document. Once they have the CLC, they are able to publish rights-protected content. Note that there are other certificates required for initial setup for the server, users and machines involved. For more information see <Click and steps read 2-5> <After clicks are completed, continue …> Note on the upper left that SQL Server is an important component of the solution. Every time a recipient of a file requests a “use license”, an entry is made into the SQL log that indicates the date, time, file name, user name and the outcome of the request: accepted or denied. This serves as the RMS audit log. Examples of the reports IT could run on this data include: 1. Who has accessed specific files and when they accessed them? 2. Are any employees continually being denied access to files? If so, are they files they were mistakenly denied rights to or is this a sign of a problem employee? If confidential information leaks to the public, IT can run a report to see which employees had already accessed the file before the leak was discovered. This would narrow the scope of the search for the person who leaked the information. You also see Active Directory in the upper right. RMS requires each user to have an address in the Active Directory. RMS also works with Active directory to enable Distribution Group expansion in cases where an author has assigned rights to an Active Directory Distribution Group. Use licenses are only granted to named individuals or those whose membership in a named group can be validated. 2 5 3 Die Anwendung stellt die Datei unter Berücksichtigung der Berechtigungen dar. Autor der Information Empfänger Seminar Name

External / Traveling User Information Protection Policy
DMZ / Extranet ISA Business Partner Intranet Partner Identities Active Directory External / Traveling User RMS Information Protection Policy Internal User

Aktuell 2006 2007 Windows Server 2003 Zertifikatsdienste Smart Card Support Microsoft Identity Integration Server 2003 Federation Services Windows Longhorn Server Microsoft Identity Integration Services Identität Windows Server 2003 Authorization Manager Active Directory mit Gruppenrichtlinien VPN Zugang mit Quarantäne Windows Vista Verbesserte Smart Card-Unterstützung User Account Control Windows Longhorn Server Nächste Generation der Lösungen für Zugangsrichtlinien Zugang Here is our roadmap for identity and access control technologies… Encrypted File System Windows Rights Management Services Data Protection Manager 2006 Windows Vista Secure startup BitLocker (Full Volume Encryption) RMS Client EFS Optimierungen Nächste Generation der Rights Management Services Schutz von Informationen Seminar Name

Seminar Name

Microsoft TechNet Seminar 2006

Ähnliche Präsentationen

Präsentation zum Thema: "Microsoft TechNet Seminar 2006"— Präsentation transkript:

Ähnliche Präsentationen

Über Projekt

Feedback

Anmelden

Anmeldung über soziales Netzwerk:

Microsoft TechNet Seminar 2006

Ähnliche Präsentationen

Präsentation zum Thema: "Microsoft TechNet Seminar 2006"— Präsentation transkript:

Ähnliche Präsentationen

Über Projekt

Feedback