Slide 1: The Best Of TechEd Eilat 2006 Tal Sarid Chief Security Architect and Microsoft Security Regional Director Multilayer Security Ltd. (Msecurity) Talsa@Msecurity.Net or v-talsa@Microsoft.com
Slide 2: A Journey…Not a Destination… Emerging Threats Microsoft Security Progress The Vision and Dream The Strategy Tech Breakdown and 3 Year Roadmap
Slide 3: Securing Distributed Systems Malware Application Level Security
Slide 4: Are Our Systems Secure? Are Our Systems Secure?
Slide 5: Estimated 47 Million infected So…As The World Continues To Come Online…
Slide 6: Application Security !!! Application Security !!!
Slide 8: Security Engineering Application Security Development Lifecycle Integrated Security Analysis tools in Visual Studio Designed For Operations (DSI) Security Response Plan Guidance and Tools
Slide 9: Security Engineering http://www.msdn.microsoft.com/security/acetm
Slide 10: Worm:Win32/Zotob.A Published: September 13, 2005 A network worm that exploits the Plugand-Play vulnerability fixed in Microsoft Security Bulletin MS05-039. A dozen variants in a month! 13% of 700 Surveyed by Cybertrust 100k to recover / 80 hours of work Computer Economics estimates $500 million in worldwide damages
Slide 11: SDL Case Study: Zotob Worm Remote unauthenticated code execution possible (No SDL prior to ship) Attacker requires authentication to exploit (ACL restricted) No remote security threat (Security RPC Callback added) No remote security threat (Reviewed and implemented Windows Server 2003 changes) Blocked by firewall that is on by default SP1 SP2 Even if we had missed it in Windows XP SP2
Slide 12: Defense In Depth… Defense In Depth…
Slide 13: Service Pack 2 More than 275 million copies distributed 15 times less likely to be infected by malware Significantly fewer critical vulnerabilities 2.4B total executions; 230M per month Focus on most prevalent malware Dramatically reduced the # of Bot infections Security configuration wizard More secure by design; more secure by default More than 4.7 million downloads Malicious Software Removal Tool Service Pack 1 As of February 2006
Slide 17: A secure platform strengthened by security products, services and guidance to help keep customers safe Excellence in fundamentals Security innovations Scenario-based content and tools Authoritative incident response Awareness and education Collaboration and partnership
Slide 19: Products Services Platform Information Protection Access Identity
Slide 20: Wave I Services Frontbridge hosted services for anti-virus and anti-spam filtering (for businesses) Windows Live OneCare (for consumers) Wave II Products ISA Server 2004 Microsoft Client Protection ISA Server 2006  Microsoft Antigen Platform Windows XPSP2 Windows Server 2003 SP1 Anti-malware tools Microsoft Update
Slide 21: MSRT Remove most prevalent viruses Remove all known viruses Real-time antivirus Remove all known spyware Real-time antispyware Central reporting and alerting Customization IT Infrastructure Integration Windows Defender Windows Live Safety Center Windows OneCare Live Microsoft Client Protection FOR INDIVIDUAL USERS FOR BUSINESSES
Slide 22: ISA 2006 Secure Application Publishing Branch Office Gateway Web Access Protection
Slide 23: Wave I Services Frontbridge hosted services for anti-virus and anti-spam filtering (for businesses) Windows Live OneCare (for consumers) Wave II Products ISA Server 2004 Microsoft Antigen Microsoft Client Protection ISA Server 2006 Platform Windows Vista Windows XPSP2 Firewall Windows Server 2003 SP1 Services Hardening Anti-malware tools Defender Microsoft Update
Slide 24: Windows Services Hardening Windows Firewall with IPSEC integration User Account Protection Integrated Defender Advanced Crypto Support (CNG)
Slide 25: Advanced Crypto Support Open Cryptographic Interface for Windows (CNG) provides the ability to plug in kernel or user mode implementations of proprietary cryptographic algorithms. Certificate Server (PKI) supports: Issuing ECC Certificates (ECDSA, ECDH), support P256, P-384 and P-512 curves. Hashes: SHA-2 (256, 384, 512) Suite B Enables cryptography configuration at enterprise and machine levels
Slide 26: Social Engineering Protections Phishing Filter and Colored Address Bar Dangerous Settings Notification Secure defaults for International Domain Name Protection from Exploits Unified URL Parsing Code quality improvements (SDLC) ActiveX Opt-in Protected Mode to prevent malicious software
Slide 27: Wave I Services Frontbridge hosted services for anti-virus and anti-spam filtering (for businesses) Windows Live OneCare (for consumers) Wave II Next generation of services – Stay Tuned! Products ISA Server 2004 Microsoft Client Protection ISA Server 2006 Microsoft Antigen Content filtering services Platform Windows Vista Windows XPSP2 Firewall Windows Server 2003 SP1 Services Hardening Anti-malware tools Defender Microsoft Update Network Access Protection Security Audit Collection Services with Operations Manager
Slide 28: Products Services Platform Information Protection Access Identity
Slide 29: Wave I Windows Server 2003 Federation Services Certificate Services Smart Card Support Microsoft Identity Integration Server 2003 Active Directory with Group Policy Authorization Manager VPN Access Encrypted File System Windows Rights Management Services Wave II Information Protection Access Identity Smart Card Everywhere “InfoCard” Microsoft Certificate Lifecycle Manager
Slide 30: Wave I Windows Server 2003 Federation Services Certificate Services Smart Card Support Microsoft Identity Integration Server 2003 Active Directory with Group Policy Authorization Manager VPN Access Encrypted File System Windows Rights Management Services Wave II Identity Smart Card Everywhere “InfoCard” Microsoft Certificate Lifecycle Manager Information Protection Access Windows Communication Foundation Windows Vista RMS Client EFS Improvements BitLocker
Slide 31: At The Core: The Trusted Platform Module (TPM) Smartcard-like module on motherboard: Helps protect secrets Performs cryptographic functions RSA, SHA-1, RNG Meets encryption export requirements Performs digital signature operations Holds Platform Measurements (hashes) Anchors chain of trust for keys and credentials Protects itself against attacks TPM 1.2 spec: www.trustedcomputinggroup.org
Slide 32: Bitlocker Volume Encryption Windows Partition Contains: • Encrypted OS • Encrypted Page File • Encrypted Temp Files • Encrypted Data • Encrypted Hibernation File Where’s the Encryption Key? • • • SRK (Storage Root Key) contained in TPM SRK encrypts VEK (Volume Encryption Key) protected by TPM/PIN/Dongle VEK stored (encrypted by SRK) on hard drive in Boot Partition VEK 2 1 S R K Windows 3 Boot Boot Partition Contains: MBR, Loader, Boot Utilities (Unencrypted, small)
Slide 33: Wave I Windows Server 2003 Federation Services Certificate Services Smart Card Support Microsoft Identity Integration Server 2003 Active Directory with Group Policy Authorization Manager VPN Access Encrypted File System Windows Rights Management Services Wave II Microsoft Identity Integration Services “Gemini” Identity Smart Card Everywhere “InfoCard” Microsoft Certificate Lifecycle Manager Information Protection Access Windows Communication Foundation Windows “Longhorn” Server  NextGen Access Policy Mgmt Solutions Windows Vista BitLocker RMS Client EFS Improvements NextGen Rights Management Services MultiLevel Systems
Slide 34: We (the DoD) need to pay a great deal more attention to supporting peerto-peer relationships and information exchanges that transcend individual systems and organizations. Doing these things will empower the edge of the organization and enable us to change the way we approach everything we do. John Stenbit – Power to the Edge (Forward)
Slide 36: LeSikoom… A Very Compelling Future! “It’s a journey not a destination” –Craig Mundie Measurable Progress A Strong Vision A Clear Roadmap Strong Industry Partnerships Start Ramping Up! Enjoy The Best Of Teched! Any questions? talsa@Msecurity.net OR v-talsa@Microsoft.com
Slide 37: Thank You For Your Time! Thank You For Your Time!