urs p. küderli principal security architect microsoft
Post on 21-Dec-2015
230 views
TRANSCRIPT
![Page 1: Urs P. Küderli Principal Security Architect Microsoft](https://reader038.vdocuments.site/reader038/viewer/2022102713/56649d585503460f94a37c57/html5/thumbnails/1.jpg)
Anywhere AccessEstablishing End to End Trust
Urs P. KüderliPrincipal Security ArchitectMicrosoft
![Page 2: Urs P. Küderli Principal Security Architect Microsoft](https://reader038.vdocuments.site/reader038/viewer/2022102713/56649d585503460f94a37c57/html5/thumbnails/2.jpg)
Flexibility…
![Page 3: Urs P. Küderli Principal Security Architect Microsoft](https://reader038.vdocuments.site/reader038/viewer/2022102713/56649d585503460f94a37c57/html5/thumbnails/3.jpg)
Access to information from wherever and wheneverAccess to information on any deviceUser-friendly, transparentLow TCOSecurity
Demand for access
Different access, authentication and authorization systemsDifferent encryption technologiesNo interoperabilityComplexExpensiveSecurity
Escalating threats
Security versus Access
![Page 4: Urs P. Küderli Principal Security Architect Microsoft](https://reader038.vdocuments.site/reader038/viewer/2022102713/56649d585503460f94a37c57/html5/thumbnails/4.jpg)
Establish trust…
![Page 5: Urs P. Küderli Principal Security Architect Microsoft](https://reader038.vdocuments.site/reader038/viewer/2022102713/56649d585503460f94a37c57/html5/thumbnails/5.jpg)
Trustworthy Computing
![Page 6: Urs P. Küderli Principal Security Architect Microsoft](https://reader038.vdocuments.site/reader038/viewer/2022102713/56649d585503460f94a37c57/html5/thumbnails/6.jpg)
Your Processes
![Page 7: Urs P. Küderli Principal Security Architect Microsoft](https://reader038.vdocuments.site/reader038/viewer/2022102713/56649d585503460f94a37c57/html5/thumbnails/7.jpg)
Current StrategiesNo Strategy Vision
Integrated Solutions
Defense in Depth
Integrated Identity
SDL and SD3
Threat Mitigation
Point Solutions
Info
rmati
on
Pro
tect
ion
Fire
walls
patc
hin
g
Fire
walls
Anti
-phis
hin
g
Anti
-spyw
are
Anti
-vir
us
Identi
tyM
anagem
ent
Managing Risk, building Trust
phishing
No Policy
viruses
malware
denial of service
data theft
identity theft
End-to-End Trust
“I+4A”
Socia
l
Econom
icTru
ste
d
Sta
ck
Data
People
Software
HardwareIntegrated Protection
SDL &SD3
Defense in
Depth
Threat Mitigatio
n
Polit
ical
![Page 8: Urs P. Küderli Principal Security Architect Microsoft](https://reader038.vdocuments.site/reader038/viewer/2022102713/56649d585503460f94a37c57/html5/thumbnails/8.jpg)
Building a trusted Stack
“I+4A”
SDL and SD3
Defensein Depth
ThreatMitigation
Trusted Hardware
SecureFoundation
Core Trust Components
Identity ClaimsAuthentication
AuthorizationAccess Control
MechanismsAudit
Trusted PeopleTrustedStack
Trusted Data
Trusted Software
Integrated Protection
![Page 9: Urs P. Küderli Principal Security Architect Microsoft](https://reader038.vdocuments.site/reader038/viewer/2022102713/56649d585503460f94a37c57/html5/thumbnails/9.jpg)
Perimeters and Holes
![Page 10: Urs P. Küderli Principal Security Architect Microsoft](https://reader038.vdocuments.site/reader038/viewer/2022102713/56649d585503460f94a37c57/html5/thumbnails/10.jpg)
The hole Picture
![Page 11: Urs P. Küderli Principal Security Architect Microsoft](https://reader038.vdocuments.site/reader038/viewer/2022102713/56649d585503460f94a37c57/html5/thumbnails/11.jpg)
The new Picture?
![Page 12: Urs P. Küderli Principal Security Architect Microsoft](https://reader038.vdocuments.site/reader038/viewer/2022102713/56649d585503460f94a37c57/html5/thumbnails/12.jpg)
The business case…
![Page 13: Urs P. Küderli Principal Security Architect Microsoft](https://reader038.vdocuments.site/reader038/viewer/2022102713/56649d585503460f94a37c57/html5/thumbnails/13.jpg)
The problem…How RAS worked at MSRAS Statistics:
55,000 unique users monthly 850,000 connections/month 45 seconds median time to successfully connect through quarantine1700 Helpdesk calls per month Two Engineers 154 servers
![Page 14: Urs P. Küderli Principal Security Architect Microsoft](https://reader038.vdocuments.site/reader038/viewer/2022102713/56649d585503460f94a37c57/html5/thumbnails/14.jpg)
Anywhere Access benefits
Increase AgilityMore easily adapt to changing business needs and workforce trends, including tough new regulatory standards
Boost ProductivityControl IT costs by leveraging existing infrastructure investments
Improve ProtectionProtect critical business information end-to-end and more effectively manage identities across the enterprise
![Page 15: Urs P. Küderli Principal Security Architect Microsoft](https://reader038.vdocuments.site/reader038/viewer/2022102713/56649d585503460f94a37c57/html5/thumbnails/15.jpg)
Anywhere Access components (1)
Identity Strong two-factor authenticationRole-based access to resourcesFederation with partners and customersFlexible, pervasive PKI infrastructure
Protection Policy-based security controls and automated remediationLayered endpoint security solutions Secure platformUpdates, anti-malware, firewall verified and controlled by policyAuthenticated transactions via PKI and IPSec/IPv6Endpoint encryption and data access controls
![Page 16: Urs P. Küderli Principal Security Architect Microsoft](https://reader038.vdocuments.site/reader038/viewer/2022102713/56649d585503460f94a37c57/html5/thumbnails/16.jpg)
Anywhere Access components (2)
Networks Policy-based network access controls with auto-remediationIPSec support for flexible and secure domain isolationIPv6 for expanded address space and auto-configGateways for older or less-capable platformsAbility to authenticate all network-level transactions
Manageability Define and distribute security and group policiesAsset and configuration managementPatch distribution for applications and OS
![Page 17: Urs P. Küderli Principal Security Architect Microsoft](https://reader038.vdocuments.site/reader038/viewer/2022102713/56649d585503460f94a37c57/html5/thumbnails/17.jpg)
Direct Connect Pilot
------------------------------------------------------------------------
------------------------------------------------------------------------
Customer Site
IPv4 Internet
Corporate NetworkIPv6 Network(Dual Stack)
------------------------------------------------------------------
------
IPv4 Packet Clear Text or IPsec Auth
Health Registration(NAP HRA)
DNS& RODC
IPv6Apps
IPv4Apps
Compliant IPv6 Client
Blocks IPsec
VPNServer
Compliant Vista+ Client
Non-CompliantClient
Down-level
VPN
SSL VPN
TeredoRelay
IPv6 Packet – IPsec Encrypted
------------------------------------------------------------------
------
IPv4 Packet Clear or IPsec Auth/Encypt
Dynamic IPsec Tunnel
IPv4 Outer Packet – Clear
Teredo Relay removes outer
packet
NAT-PT
![Page 18: Urs P. Küderli Principal Security Architect Microsoft](https://reader038.vdocuments.site/reader038/viewer/2022102713/56649d585503460f94a37c57/html5/thumbnails/18.jpg)
AA brings IT ValueCost Benefits
Reduced MSIT hardware compared to current VPN solutionScalability of Solution Reduced traffic/usage of the Proxies
User Benefits Extends corpnet seamlessly to remote user
No user initiation to connectSingle Sign on Always on
Easy to use; consistent experienceUse Peer to Peer Technologies Security Benefits
Promotes end-to-end host-based securitySystem is always reachable (for scans, Group Policy, patching )Proactive health (always checking for NAP, GPO, can be scanned while remote etc.)
![Page 19: Urs P. Küderli Principal Security Architect Microsoft](https://reader038.vdocuments.site/reader038/viewer/2022102713/56649d585503460f94a37c57/html5/thumbnails/19.jpg)
An Integrated Platform
![Page 20: Urs P. Küderli Principal Security Architect Microsoft](https://reader038.vdocuments.site/reader038/viewer/2022102713/56649d585503460f94a37c57/html5/thumbnails/20.jpg)
Your MSDN resourcescheck out these websites, blogs & more!
PresentationsTechDays: www.techdays.chMSDN Events: http://www.microsoft.com/switzerland/msdn/de/presentationfinder.mspxMSDN Webcasts: http://www.microsoft.com/switzerland/msdn/de/finder/default.mspx
MSDN EventsMSDN Events: http://www.microsoft.com/switzerland/msdn/de/events/default.mspxSave the date: Tech•Ed 2009 Europe, 9-13 November 2009, Berlin
MSDN Flash (our by weekly newsletter)Subscribe: http://www.microsoft.com/switzerland/msdn/de/flash.mspx
MSDN Team BlogRSS: http://blogs.msdn.com/swiss_dpe_team/Default.aspx
Developer User Groups & CommunitiesMobile Devices: http://www.pocketpc.ch/Microsoft Solutions User Group Switzerland: www.msugs.ch.NET Managed User Group of Switzerland: www.dotmugs.chFoxPro User Group Switzerland: www.fugs.ch
![Page 21: Urs P. Küderli Principal Security Architect Microsoft](https://reader038.vdocuments.site/reader038/viewer/2022102713/56649d585503460f94a37c57/html5/thumbnails/21.jpg)
Your TechNet resourcescheck out these websites, blogs & more!
PresentationsTechDays: www.techdays.ch
TechNet EventsTechNet Events: http://technet.microsoft.com/de-ch/bb291010.aspx Save the date: Tech•Ed 2009 Europe, 9-13 November 2009, Berlin
TechNet Flash (our by weekly newsletter)Subscribe: http://technet.microsoft.com/de-ch/bb898852.aspx
Schweizer IT Professional und TechNet BlogRSS: http://blogs.technet.com/chitpro-de/
IT Professional User Groups & CommunitiesSwissITPro User Group: www.swissitpro.ch NT Anwendergruppe Schweiz: www.nt-ag.ch PASS (Professional Association for SQL Server): www.sqlpass.ch
![Page 22: Urs P. Küderli Principal Security Architect Microsoft](https://reader038.vdocuments.site/reader038/viewer/2022102713/56649d585503460f94a37c57/html5/thumbnails/22.jpg)
Save the date for tech·days next year!
7. – 8. April 2010Congress Center Basel
![Page 23: Urs P. Küderli Principal Security Architect Microsoft](https://reader038.vdocuments.site/reader038/viewer/2022102713/56649d585503460f94a37c57/html5/thumbnails/23.jpg)
Classic Sponsoring Partners
Media Partner
Premium Sponsoring Partners
![Page 24: Urs P. Küderli Principal Security Architect Microsoft](https://reader038.vdocuments.site/reader038/viewer/2022102713/56649d585503460f94a37c57/html5/thumbnails/24.jpg)