Rodrigo Immaginario CISSP MVP Security http://rodrigoi.org.br

2. Know University of Vila Velha
Phases of the Project
Demos
How to Start
Q&A

3. University of Vila Velha
The first private university of ES with more than 32 years of expertise in higher education

4. University of Vila Velha
The largest private library of Espírito Santo

5. University of Vila Velha
Laboratories of biomedical and agricultural courses

6. University of Vila Velha
Computing Labs

7. ~ 18.000 Students
~ 1.200 Teachers
1.500 Computers
14 Buildings
Hospital
Laboratories of Biomedical
Agricultural course
4 Campi
+ 40 services for students and Teachers (WEB)
Radio
University TV

8. IT Team - DTI
4 Systems Analysts
5 Technical Support
2 Trainees
3 Shifts (from 07:00 to 23:00)

9. ~ 60 attacks daily (only from our Labs !)
Hundreds of notebooks ( Teachers and Students)
in the network
Physical network grow to fast
Students became more dangerous

10. Improve security for our Network
Restrict access for some Servers
Deploy more services to Students and Teachers
Improve the agility to changes in the Campus
Find the best solution - Security X Cost
Reduce TCO

11. Learn the flow of data in our environment
Documentation and classification of our services,
data and network

12. Deploy Server and Domain Isolation (IPSec) with
Kerberos
Merge Administrative and Student Network in the
same physical network

16. Deploy PKI project
Deploy Wireless network for Students and
Teachers
Change IPSec authentication from Kerberos for
Certificates
- Secundary Benefits -
2-factor authentication (token for Admin access)
Improve security for VPN Access

18. Deploy NAP (Reporting Mode )

20. Deploy Forefront Client
Deploy NAP - Enforcement mode
Deploy NAP for Linux Clients

21. 1. Understand how your data flow in your enviroment
2. Create a Documentation of groups, services, servers and
exemption lists
3. If possible use PKI
4. Create a Project LAB for testing
5. Deploy IPSec with FallBack enable
6. Deploy NAP (reporting mode)

23. Microsoft Developer Network (MSDN)
(Webcasts, Blogs, Chats,
http://microsoft.com/msdn
Microsoft Technet
(Webcasts, Blogs, Chats)
http://microsoft.com/technet
Trial Software e Virtual Labs
http://www.microsoft.com/technet/downloads/trials/default.mspx
http://www.microsoft.com/nap
http://blogs.technet.com/nap/
Case IPSec - http://www.microsoft.com/casestudies/casestudy.aspx?casestudyid=49593
Case NAP - http://www.microsoft.com/brasil/technet/ithero/abril07/default.mspx
Article IPSec - http://www.microsoft.com/technet/community/columns/secmvp/sv0906.mspx

24. © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market
conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.