microsoft windows 7 enhanced security and control
DESCRIPTION
This session will explore Windows 7 core platform security improvements, securing anywhere access, data protection, and protecting desktop users. We will explain how Windows 7 features in each of these areas provide the foundation for secure and reliable platform. We will discuss User Account Control improvements, enhanced auditing, Network Access Protection (NAP), Firewall improvements, Applocker, Bitlocker and Bitlocker to go enhancements, Direct Access, Internet Explorer 8 security improvements, and EFS enhancements.TRANSCRIPT
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
19th June 2009
TechNet goes virtual
Virtual ConferenceExperiencePresentation
CLI-309
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
TechNet goes virtual
Microsoft Windows 7 Enhanced Security and Control
Level 300
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
What Will We cover?
• Fundamentally Secure Platform• Helping Secure Anywhere Access• Protecting Data• Protecting Users and Infrastructure
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Agenda
• Reviewing Windows 7 Security Goals• Protecting Desktop Users• Examining Data Protection• Exploring Secure Anywhere Access
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Windows 7 Enterprise Security
Fundamentally Secure Platform
Secure Anywhere Access
Protect Data from Unauthorized Viewing
Protect Users and Infrastructure
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Fundamentally Secure Platform
Windows Vista Foundation
Simplified User Account Control (UAC)
Enhanced Auditing
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Agenda
• Reviewing Windows 7 Security Goals• Protecting Desktop Users• Examining Data Protection• Exploring Secure Anywhere Access
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
User Account Control
Challenges• User provides explicit consent• Disabling UAC removes protections
Simplified UAC• Reduce number of applications that
require elevation• Re-factor applications into elevated and
non-elevated pieces• Flexible prompt behavior
Customer Value• Standard users can do more• Administrators will see fewer UAC
elevation prompts
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
AppLocker
Challenges• Users can install and run non-standard
applications• Even standard users can install some types
of software
AppLocker™• Eliminate unwanted/unknown
applications in your network• Enforce application standardization
within your organization• Easily create and manage flexible
rules using Group Policy
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
AppLocker
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Demonstration Environment
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
• Add AppLocker Default Rules
• Create AppLocker Executable Rule Using Group Policy
• Create an AppLocker Windows Installer Rule
Demonstration: Configuring AppLocker
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Internet Explorer 8 Security
• Social engineering and exploits• Reduce unwanted communications
Freedom from Intrusion
• Browser and Web server exploits• Protection from deceptive Web sites,
malicious code, online fraud, identity theft
Protection from Harm
• Choice and control• Clear notice of information use• Provide only what is needed
Control of Information
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Agenda
• Reviewing Windows 7 Security Goals• Protecting Desktop Users• Examining Data Protection• Exploring Secure Anywhere Access
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Protect Data from Unauthorized Viewing
Active Directory® Rights Management Services (RMS)• Policy definition and enforcement• Protects information wherever it travels• Integrated RMS client
Encrypting File System (EFS)• User-based file and folder encryption • Ability to store EFS keys on a smart card
BitLocker™• Easier to configure and deploy• Share protected data with co-workers, clients, partners, and others• Improve compliance and data security
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Bitlocker
+
Extend BitLocker drive encryption to removable devices
Create group policies to mandate the use of encryption and block unencrypted drives
Simplify BitLocker setup and configuration of primary hard drive
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Desktop Auditing
Challenges• Granular auditing complex to configure• Auditing access and privilege use for a
group of users
Enhanced Auditing• Simplified configuration results in
lower total cost of ownership (TCO)• Demonstrate why a person has
access to specific information• Understand why a person has been
denied access to specific information• Track all changes made by specific
people or groups
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
• Use Group Policy to Configure Auditing
• Configure the Files System Audit Policy
• Enable Auditing for a File or Folder
Demonstration: Enabling Auditing
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Agenda
• Reviewing Windows 7 Security Goals• Protecting Desktop Users• Examining Data Protection• Exploring Secure Anywhere Access
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Secure Anywhere Access
Network Security• Policy-based network segmentation• Multi-home firewall profiles• Domain Name System Security Extensions (DNSSEC) support
Network Access Protection (NAP)• Ensure that only “healthy” machines can access corporate data• Enable “unhealthy” machines to get clean before they gain access
DirectAccess• Security-protected, seamless, always-on connection• Improved management of remote users • Consistent security for all access scenarios
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
DirectAccess
Challenges• Difficult for users to access corporate resources
from outside the office• Challenging for IT to manage, update, and
patch mobile computers while disconnected from company network
DirectAccess• Same experience accessing
corporate resources inside and outside the office
• Seamless connection increases productivity of mobile users
• Easy to service mobile computers and distribute updates and polices
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
1
RemediationServersExample: Patch
Network Access Protection
RestrictedNetwork
1
WindowsClient
2
2DHCP, VPN or Switch/Router relays health status to Microsoft Network Policy Server (RADIUS)
3
3Network Policy Server (NPS) validates against IT-defined health policy
4
If not policy-compliant, client is put in a restricted VLAN and given access to fix up resources to download patches, configurations, signatures (Repeat 1-4)
Not Policy- Compliant
5If policy compliant, client is granted full access to corporate network
Policy-Compliant
NPSDHCP, VPN,Switch/Router
4
Policy Serverssuch as: Patch, AV
Corporate Network5
Client requests access to network and presents current health state
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
• Configure Windows Security Health Validator
• Configure Exception Group
• Configure Certificate Settings
Demonstration: Using Network Access Protection
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Session Summary
• Fundamentally Secure Platform• Helping Secure Anywhere Access• Protecting Data• Protecting Users and Infrastructure
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Where to Find More Information?
Visit TechNet at technet.microsoft.com
Also check out TechNet Edge
edge.technet.com
Or just visit http://go.microsoft.com/?
linkid=9662641
for additional information on this
session.
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
For more titles, visithttp://go.microsoft.com/?linkid=9662641
Supporting Publications
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Course ID Title
6289A First Look: Windows 7 Beta for IT
Professionals
6290A First Look: Windows 7 Beta for IT
Professionals Hands-on Lab
For more training information http://go.microsoft.com/?linkid=9662641
Training Resources
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Become a Microsoft Certified Professional
• What are MCP certifications?– Validation in performing critical IT
functions.
• Why Certify?– WW recognition of skills gained via
experience.– More effective deployments with reduced
costs
• What Certifications are there for IT Pros?– MCTS, MCITP.
www.microsoft.com/certification
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.
Microsoft TechNet Plus
TechNet Plus is an essential premium web-enabled and live support resource that provides IT Professionals with fast and easy access to Microsoft experts, software and technical information, enhancing IT productivity, control and planning.
Evaluate & Learn Plan & Deploy Support & Maintain
Use the TechNet Library to plan for deployment using the Knowledge Base, resource kits, and technical training
Use exclusive tools like System Center Capacity Planner to accurately plan for and deploy Exchange Server and System Center Operations Manager
2 complimentary Professional Support incidents for use 24/7 (20% discount on additional incidents)
Access over 100 managed newsgroups and get next business day response--guaranteed
Use the TechNet Library to maintain your IT environment with security updates, service packs and utilities
Get all these resources and more with a TechNet Plus subscription.For more information visit: technet.microsoft.com/subscriptions
Evaluate full versions of all Microsoft commercial software for evaluation—without time limits. This includes all client, server and Office applications.
Try out all the latest betas before public release
Keep your skills current with quarterly training resources including select Microsoft E-Learning courses
Click to edit Master title style
TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.