SlideShare uma empresa Scribd logo

A Critical Analysis of Microsoft Data Protection Solutions

Transferir como PPT, PDF
John Rhoton
John Rhoton

HP Technology Forum, Las Vegas, 2008

Tecnologia
1 de 40
A Critical Analysis of Microsoft Data Protection Solutions John RHOTON Distinguished Technologist HP Services: Office of CTO
Agenda ,[object Object],[object Object],[object Object],[object Object],[object Object]
Agenda ,[object Object],[object Object],[object Object],[object Object],[object Object]
[object Object],Windows Server 2008 Service Hardening Windows Advanced Firewall BitLocker Drive Encryption Server Core Dynamic Partitioning Next Generation TCP/IP 64x64-bit Cores Investment in the Fundamentals Operations Infrastructure Centralized Role Management Failover Clustering Windows Virtualization Network Access Protection Terminal Services AD Read Only Domain Controllers Windows PowerShell Security Reliability Performance Application Platform IIS 7 .NET Framework 3.0 Resource Management Federated Identity
Agenda ,[object Object],[object Object],[object Object],[object Object],[object Object]
BitLocker™ Drive Encryption ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],BitLocker
BDE is an option
Bitlocker™ features overview ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
What is a Trusted Platform Module (TPM)? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],TPM 1.2 spec: www.trustedcomputinggroup.org
BDE Disk layout and key storage System ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],System Volume Contains: MBR, Loader, Boot Utilities (Unencrypted, small) ,[object Object],[object Object],[object Object],[object Object],SRK 1 2 3 OS Volume PIN USB-hosted key FVEK
BDE: Available Authenticators ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],TPM TPM+USB TPM+PIN USB Key (Recovery or Non-TPM) 123456-789012-345678- Recovery Password (48 Digits) TPM+USB+Pin
BDE architecture Static root of trust measurement of early boot components
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
BDE passwords and PINs... ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
BDE Recovery options ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
How about Embedded Security for HP ProtectTools? Supported applications: ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
But...there’s more than Technology... “ 54321 TO SILENCE ALARM” “ REPEAT CODE TO RESET”
Agenda ,[object Object],[object Object],[object Object],[object Object],[object Object]
EFS investments ,[object Object],[object Object],[object Object],[object Object],[object Object]
EFS with Smartcards ,[object Object],[object Object],[object Object],[object Object],[object Object],Smartcard Private Key Derive a symmetric key AES-256 key Use as Software Private Key (Accelerated) Cache in LSA Use to encrypt FEK RSA mode Accelerated mode
EFS with remote files Client side encryption Local EFS encryption [Keys and certificates live on the client] Client connects to remote server share SMB protocol No need to enable Trust For Delegation Encrypted file sent to server File Share
EFS Group policy enhancements
EFS Re-Key Wizard ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
EFS key backup improvements ,[object Object],[object Object],[object Object],[object Object]
Agenda ,[object Object],[object Object],[object Object],[object Object],[object Object]
Information Author The Recipient RMS Server SQL Server Active Directory 2 3 4 5 ,[object Object],[object Object],[object Object],[object Object],[object Object],1 How does RMS work?
AD RMS in Windows Server 2008 ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Challenges in External Collaboration ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Challenges in External Collaboration ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Solution: AD Federation Service ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
External RMS collaboration via ADFS Contoso Fabrikam RMS WebSSO ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],AD AD FS-A FS-R 1 RAC CLC PL 2 4 3 5 6 7 8 9 RAC CLC 10 UL 11 12
Exchange 2007 and RMS Author using Office 2003 / 2007 The Recipient SQL Server Active Directory 4 5 6 ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],1 4 2 3
But...there’s more than Technology... All must enter through electronic mantrap Fence ends here Sign says, “road is for cars only”
Agenda ,[object Object],[object Object],[object Object],[object Object],[object Object]
Technology comparison BDE EFS RMS Encryption AES 128 (RSA32.LIB) AES 128 (Crypt32.DLL) AES 128 (Crypt32.DLL) Data Awareness Blocks Files App defined; docs/email Master Key TPM + SW Identity, Dongle, File SW, Smart-card Obfuscated SW (lockbox) Content Key Same as root key Same as root key Server Protects What? Windows and Data Directories and Files Documents (including use) Protects Who? Machine Owner, User Users Document Owners Protection Local, removable media Local, removable media, remote Remote, removable media Who is god? Local admin, net admin Local admin, net admin Document owner, RMS admin Supports other security systems? Yes Yes (ISV’s only) No (RMS is a security platform for applications) Data Recovery Mechanism Dongle, File, Network; Manual Key Entry Local or AD based policy RMS server policy Killer Client Scenario Lost or Stolen laptop Multi-user PC Protected Document Sharing Killer Server Scenario Branch-Office Server Protect Documents on File Shares from Admin RMS support in Sharepoint and Exchange Killer Admin Scenario Just switch it on. (also Force Recovery) My Documents encrypted by default Establish corporate information policy
What feature should I use? ,[object Object],[object Object],[object Object],Some cases can result in overlap. (e.g. Multi-user roaming laptops with untrusted network admins) Scenarios BDE EFS RMS Laptops X Branch office server X Local single-user file & folder protection X Local multi-user file & folder protection X Remote file & folder protection X Untrusted network admin X Remote document policy enforcement X
Overview ,[object Object],[object Object],[object Object],[object Object],[object Object]
Questions?
Download the HP Security Handbook! ,[object Object],[object Object]
More information ,[object Object],[object Object],[object Object]

Recomendados

Microsoft (Data Protection Solutions)
Microsoft (Data Protection Solutions)Microsoft (Data Protection Solutions)
Microsoft (Data Protection Solutions)Vinayak Hegde
 
Security @ Windows 10 Partner Technical Bootcamp Microsoft Norway October 2015
Security @ Windows 10 Partner Technical Bootcamp Microsoft Norway October 2015Security @ Windows 10 Partner Technical Bootcamp Microsoft Norway October 2015
Security @ Windows 10 Partner Technical Bootcamp Microsoft Norway October 2015Jan Ketil Skanke
 
Deploying Microsoft BitLocker
Deploying Microsoft BitLockerDeploying Microsoft BitLocker
Deploying Microsoft BitLockerutahmisfit
 
Windows Server 2008 Security Enhancements
Windows Server 2008 Security EnhancementsWindows Server 2008 Security Enhancements
Windows Server 2008 Security EnhancementsPresentologics
 
Operating system security (a brief)
Operating system security (a brief)Operating system security (a brief)
Operating system security (a brief)cnokia
 
Bit locker Drive Encryption: How it Works and How it Compares
Bit locker Drive Encryption: How it Works and How it ComparesBit locker Drive Encryption: How it Works and How it Compares
Bit locker Drive Encryption: How it Works and How it ComparesLumension
 
SERVICE AGGREMENT IT
SERVICE AGGREMENT ITSERVICE AGGREMENT IT
SERVICE AGGREMENT ITHiram Medero , PE
 
System protection in Operating System
System protection in Operating SystemSystem protection in Operating System
System protection in Operating Systemsohaildanish
 

Recomendados

Microsoft (Data Protection Solutions)
Microsoft (Data Protection Solutions)Microsoft (Data Protection Solutions)
Microsoft (Data Protection Solutions)Vinayak Hegde
 
Security @ Windows 10 Partner Technical Bootcamp Microsoft Norway October 2015
Security @ Windows 10 Partner Technical Bootcamp Microsoft Norway October 2015Security @ Windows 10 Partner Technical Bootcamp Microsoft Norway October 2015
Security @ Windows 10 Partner Technical Bootcamp Microsoft Norway October 2015Jan Ketil Skanke
 
Deploying Microsoft BitLocker
Deploying Microsoft BitLockerDeploying Microsoft BitLocker
Deploying Microsoft BitLockerutahmisfit
 
Windows Server 2008 Security Enhancements
Windows Server 2008 Security EnhancementsWindows Server 2008 Security Enhancements
Windows Server 2008 Security EnhancementsPresentologics
 
Operating system security (a brief)
Operating system security (a brief)Operating system security (a brief)
Operating system security (a brief)cnokia
 
Bit locker Drive Encryption: How it Works and How it Compares
Bit locker Drive Encryption: How it Works and How it ComparesBit locker Drive Encryption: How it Works and How it Compares
Bit locker Drive Encryption: How it Works and How it ComparesLumension
 
SERVICE AGGREMENT IT
SERVICE AGGREMENT ITSERVICE AGGREMENT IT
SERVICE AGGREMENT ITHiram Medero , PE
 
System protection in Operating System
System protection in Operating SystemSystem protection in Operating System
System protection in Operating Systemsohaildanish
 
Security
SecuritySecurity
SecurityPooja Talreja
 
Windows 7 Seminar - Acend Corporate Learning
Windows 7 Seminar - Acend Corporate LearningWindows 7 Seminar - Acend Corporate Learning
Windows 7 Seminar - Acend Corporate LearningAcend Corporate Learning
 
How Endpoint Encryption Works
How Endpoint Encryption WorksHow Endpoint Encryption Works
How Endpoint Encryption WorksSymantec
 
Symantec Endpoint Encryption - Proof Of Concept Document
Symantec Endpoint Encryption - Proof Of Concept DocumentSymantec Endpoint Encryption - Proof Of Concept Document
Symantec Endpoint Encryption - Proof Of Concept DocumentIftikhar Ali Iqbal
 
Windows 7 Security
Windows 7 SecurityWindows 7 Security
Windows 7 SecurityJorge Orchilles
 
SP1_Battlecard
SP1_BattlecardSP1_Battlecard
SP1_BattlecardLarry Yurdin
 
0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討Timothy Chen
 
Managing bitlocker with mbam
Managing bitlocker with mbamManaging bitlocker with mbam
Managing bitlocker with mbamOlav Tvedt
 
Dell Quest TPAM Privileged Access Control
Dell Quest TPAM Privileged Access ControlDell Quest TPAM Privileged Access Control
Dell Quest TPAM Privileged Access ControlAidy Tificate
 
Guide to Windows 7 - Managing Disks
Guide to Windows 7 - Managing DisksGuide to Windows 7 - Managing Disks
Guide to Windows 7 - Managing DisksGene Carboni
 
Operating System Security
Operating System SecurityOperating System Security
Operating System SecurityRamesh Upadhaya
 
OSCh19
OSCh19OSCh19
OSCh19Joe Christensen
 
Operating system vulnerability and control
Operating system vulnerability and control Operating system vulnerability and control
Operating system vulnerability and control أحلام انصارى
 
Windows 7 in 60 minutes - New Horizons Bulgaria
Windows 7 in 60 minutes - New Horizons BulgariaWindows 7 in 60 minutes - New Horizons Bulgaria
Windows 7 in 60 minutes - New Horizons BulgariaNew Horizons Bulgaria
 
569 492-500
569 492-500569 492-500
569 492-500idescitation
 
Ch1 2
Ch1 2Ch1 2
Ch1 2Sumit Tambe
 
Windows 7 Security Enhancements
Windows 7 Security EnhancementsWindows 7 Security Enhancements
Windows 7 Security EnhancementsPresentologics
 
Chapter 14 - Protection
Chapter 14 - ProtectionChapter 14 - Protection
Chapter 14 - ProtectionWayne Jones Jnr
 
Windows 7 professional Vs Windows 7 enterprise
Windows 7 professional Vs Windows 7 enterpriseWindows 7 professional Vs Windows 7 enterprise
Windows 7 professional Vs Windows 7 enterprise247infotech
 
Guide to Windows 7 - Using the System Utilities
Guide to Windows 7 - Using the System UtilitiesGuide to Windows 7 - Using the System Utilities
Guide to Windows 7 - Using the System UtilitiesGene Carboni
 
Module 8 System Hacking
Module 8 System HackingModule 8 System Hacking
Module 8 System Hackingleminhvuong
 
Microsoft Platform Security Briefing
Microsoft Platform Security BriefingMicrosoft Platform Security Briefing
Microsoft Platform Security Briefingtechnext1
 

Mais conteúdo relacionado

Mais procurados

Windows 7 Seminar - Acend Corporate Learning
Windows 7 Seminar - Acend Corporate LearningWindows 7 Seminar - Acend Corporate Learning
Windows 7 Seminar - Acend Corporate LearningAcend Corporate Learning
 
How Endpoint Encryption Works
How Endpoint Encryption WorksHow Endpoint Encryption Works
How Endpoint Encryption WorksSymantec
 
Symantec Endpoint Encryption - Proof Of Concept Document
Symantec Endpoint Encryption - Proof Of Concept DocumentSymantec Endpoint Encryption - Proof Of Concept Document
Symantec Endpoint Encryption - Proof Of Concept DocumentIftikhar Ali Iqbal
 
0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討Timothy Chen
 
Managing bitlocker with mbam
Managing bitlocker with mbamManaging bitlocker with mbam
Managing bitlocker with mbamOlav Tvedt
 
Dell Quest TPAM Privileged Access Control
Dell Quest TPAM Privileged Access ControlDell Quest TPAM Privileged Access Control
Dell Quest TPAM Privileged Access ControlAidy Tificate
 
Guide to Windows 7 - Managing Disks
Guide to Windows 7 - Managing DisksGuide to Windows 7 - Managing Disks
Guide to Windows 7 - Managing DisksGene Carboni
 
Operating System Security
Operating System SecurityOperating System Security
Operating System SecurityRamesh Upadhaya
 
Operating system vulnerability and control
Operating system vulnerability and control Operating system vulnerability and control
Operating system vulnerability and control أحلام انصارى
 
Windows 7 in 60 minutes - New Horizons Bulgaria
Windows 7 in 60 minutes - New Horizons BulgariaWindows 7 in 60 minutes - New Horizons Bulgaria
Windows 7 in 60 minutes - New Horizons BulgariaNew Horizons Bulgaria
 
Windows 7 Security Enhancements
Windows 7 Security EnhancementsWindows 7 Security Enhancements
Windows 7 Security EnhancementsPresentologics
 
Windows 7 professional Vs Windows 7 enterprise
Windows 7 professional Vs Windows 7 enterpriseWindows 7 professional Vs Windows 7 enterprise
Windows 7 professional Vs Windows 7 enterprise247infotech
 
Guide to Windows 7 - Using the System Utilities
Guide to Windows 7 - Using the System UtilitiesGuide to Windows 7 - Using the System Utilities
Guide to Windows 7 - Using the System UtilitiesGene Carboni
 

Mais procurados (20)

Security
SecuritySecurity
Security
 
Windows 7 Seminar - Acend Corporate Learning
Windows 7 Seminar - Acend Corporate LearningWindows 7 Seminar - Acend Corporate Learning
Windows 7 Seminar - Acend Corporate Learning
 
How Endpoint Encryption Works
How Endpoint Encryption WorksHow Endpoint Encryption Works
How Endpoint Encryption Works
 
Symantec Endpoint Encryption - Proof Of Concept Document
Symantec Endpoint Encryption - Proof Of Concept DocumentSymantec Endpoint Encryption - Proof Of Concept Document
Symantec Endpoint Encryption - Proof Of Concept Document
 
Windows 7 Security
Windows 7 SecurityWindows 7 Security
Windows 7 Security
 
SP1_Battlecard
SP1_BattlecardSP1_Battlecard
SP1_Battlecard
 
0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討
 
Managing bitlocker with mbam
Managing bitlocker with mbamManaging bitlocker with mbam
Managing bitlocker with mbam
 
Dell Quest TPAM Privileged Access Control
Dell Quest TPAM Privileged Access ControlDell Quest TPAM Privileged Access Control
Dell Quest TPAM Privileged Access Control
 
Guide to Windows 7 - Managing Disks
Guide to Windows 7 - Managing DisksGuide to Windows 7 - Managing Disks
Guide to Windows 7 - Managing Disks
 
Operating System Security
Operating System SecurityOperating System Security
Operating System Security
 
OSCh19
OSCh19OSCh19
OSCh19
 
Operating system vulnerability and control
Operating system vulnerability and control Operating system vulnerability and control
Operating system vulnerability and control
 
Windows 7 in 60 minutes - New Horizons Bulgaria
Windows 7 in 60 minutes - New Horizons BulgariaWindows 7 in 60 minutes - New Horizons Bulgaria
Windows 7 in 60 minutes - New Horizons Bulgaria
 
569 492-500
569 492-500569 492-500
569 492-500
 
Ch1 2
Ch1 2Ch1 2
Ch1 2
 
Windows 7 Security Enhancements
Windows 7 Security EnhancementsWindows 7 Security Enhancements
Windows 7 Security Enhancements
 
Chapter 14 - Protection
Chapter 14 - ProtectionChapter 14 - Protection
Chapter 14 - Protection
 
Windows 7 professional Vs Windows 7 enterprise
Windows 7 professional Vs Windows 7 enterpriseWindows 7 professional Vs Windows 7 enterprise
Windows 7 professional Vs Windows 7 enterprise
 
Guide to Windows 7 - Using the System Utilities
Guide to Windows 7 - Using the System UtilitiesGuide to Windows 7 - Using the System Utilities
Guide to Windows 7 - Using the System Utilities
 

Semelhante a A Critical Analysis of Microsoft Data Protection Solutions

Module 8 System Hacking
Module 8 System HackingModule 8 System Hacking
Module 8 System Hackingleminhvuong
 
Microsoft Platform Security Briefing
Microsoft Platform Security BriefingMicrosoft Platform Security Briefing
Microsoft Platform Security Briefingtechnext1
 
Wave 14 - Winodws 7 Security Story Core by MVP Azra Rizal
Wave 14 - Winodws 7 Security Story Core by MVP Azra RizalWave 14 - Winodws 7 Security Story Core by MVP Azra Rizal
Wave 14 - Winodws 7 Security Story Core by MVP Azra RizalQuek Lilian
 
Understanding the Windows Server Administration Fundamentals (Part-1)
Understanding the Windows Server Administration Fundamentals (Part-1)Understanding the Windows Server Administration Fundamentals (Part-1)
Understanding the Windows Server Administration Fundamentals (Part-1)Tuan Yang
 
Tips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management ProgramTips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management ProgramBeyondTrust
 
Securing Your Enterprise Web Apps with MongoDB Enterprise
Securing Your Enterprise Web Apps with MongoDB Enterprise Securing Your Enterprise Web Apps with MongoDB Enterprise
Securing Your Enterprise Web Apps with MongoDB Enterprise MongoDB
 
Protecting Your Key Asset – Data Protection Best Practices V2.0 Final
Protecting Your Key Asset – Data Protection Best Practices V2.0 FinalProtecting Your Key Asset – Data Protection Best Practices V2.0 Final
Protecting Your Key Asset – Data Protection Best Practices V2.0 FinalVinod Kumar
 
Gartner Security & Risk Management Summit 2018
Gartner Security & Risk Management Summit 2018Gartner Security & Risk Management Summit 2018
Gartner Security & Risk Management Summit 2018Paula Januszkiewicz
 
Storage Server & Brach Cache
Storage Server & Brach CacheStorage Server & Brach Cache
Storage Server & Brach CacheAmit Gatenyo
 
Seurity In Vista
Seurity In VistaSeurity In Vista
Seurity In VistaNetworking
 
Chapter 1,2,3 & 4_Win Server AD Basics.pptx
Chapter 1,2,3 & 4_Win Server AD Basics.pptxChapter 1,2,3 & 4_Win Server AD Basics.pptx
Chapter 1,2,3 & 4_Win Server AD Basics.pptxPoornimaGhodke3
 
The new rocket science stuff in microsoft pki
The new rocket science stuff in microsoft pkiThe new rocket science stuff in microsoft pki
The new rocket science stuff in microsoft pkiNathan Winters
 
Praktiline pilvekonverents - IT haldust hõlbustavad uuendused
Praktiline pilvekonverents - IT haldust hõlbustavad uuendusedPraktiline pilvekonverents - IT haldust hõlbustavad uuendused
Praktiline pilvekonverents - IT haldust hõlbustavad uuendusedPrimend
 
Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?
Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?
Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?BeyondTrust
 
Creating Secure Applications
Creating Secure Applications Creating Secure Applications
Creating Secure Applications guest879f38
 
Operations: Security Crash Course — Best Practices for Securing your Company
Operations: Security Crash Course — Best Practices for Securing your CompanyOperations: Security Crash Course — Best Practices for Securing your Company
Operations: Security Crash Course — Best Practices for Securing your CompanyAmazon Web Services
 

Semelhante a A Critical Analysis of Microsoft Data Protection Solutions (20)

Module 8 System Hacking
Module 8 System HackingModule 8 System Hacking
Module 8 System Hacking
 
Microsoft Platform Security Briefing
Microsoft Platform Security BriefingMicrosoft Platform Security Briefing
Microsoft Platform Security Briefing
 
Wave 14 - Winodws 7 Security Story Core by MVP Azra Rizal
Wave 14 - Winodws 7 Security Story Core by MVP Azra RizalWave 14 - Winodws 7 Security Story Core by MVP Azra Rizal
Wave 14 - Winodws 7 Security Story Core by MVP Azra Rizal
 
Understanding the Windows Server Administration Fundamentals (Part-1)
Understanding the Windows Server Administration Fundamentals (Part-1)Understanding the Windows Server Administration Fundamentals (Part-1)
Understanding the Windows Server Administration Fundamentals (Part-1)
 
Tips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management ProgramTips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management Program
 
Securing Your Enterprise Web Apps with MongoDB Enterprise
Securing Your Enterprise Web Apps with MongoDB Enterprise Securing Your Enterprise Web Apps with MongoDB Enterprise
Securing Your Enterprise Web Apps with MongoDB Enterprise
 
Protecting Your Key Asset – Data Protection Best Practices V2.0 Final
Protecting Your Key Asset – Data Protection Best Practices V2.0 FinalProtecting Your Key Asset – Data Protection Best Practices V2.0 Final
Protecting Your Key Asset – Data Protection Best Practices V2.0 Final
 
Gartner Security & Risk Management Summit 2018
Gartner Security & Risk Management Summit 2018Gartner Security & Risk Management Summit 2018
Gartner Security & Risk Management Summit 2018
 
Storage Server & Brach Cache
Storage Server & Brach CacheStorage Server & Brach Cache
Storage Server & Brach Cache
 
What's New in Windows 7
What's New in Windows 7What's New in Windows 7
What's New in Windows 7
 
Ch11
Ch11Ch11
Ch11
 
Ch11 system administration
Ch11 system administration Ch11 system administration
Ch11 system administration
 
Class Presentation
Class PresentationClass Presentation
Class Presentation
 
Seurity In Vista
Seurity In VistaSeurity In Vista
Seurity In Vista
 
Chapter 1,2,3 & 4_Win Server AD Basics.pptx
Chapter 1,2,3 & 4_Win Server AD Basics.pptxChapter 1,2,3 & 4_Win Server AD Basics.pptx
Chapter 1,2,3 & 4_Win Server AD Basics.pptx
 
The new rocket science stuff in microsoft pki
The new rocket science stuff in microsoft pkiThe new rocket science stuff in microsoft pki
The new rocket science stuff in microsoft pki
 
Praktiline pilvekonverents - IT haldust hõlbustavad uuendused
Praktiline pilvekonverents - IT haldust hõlbustavad uuendusedPraktiline pilvekonverents - IT haldust hõlbustavad uuendused
Praktiline pilvekonverents - IT haldust hõlbustavad uuendused
 
Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?
Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?
Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?
 
Creating Secure Applications
Creating Secure Applications Creating Secure Applications
Creating Secure Applications
 
Operations: Security Crash Course — Best Practices for Securing your Company
Operations: Security Crash Course — Best Practices for Securing your CompanyOperations: Security Crash Course — Best Practices for Securing your Company
Operations: Security Crash Course — Best Practices for Securing your Company
 

Mais de John Rhoton

Cloud Computing: New Approaches for Security
Cloud Computing: New Approaches for SecurityCloud Computing: New Approaches for Security
Cloud Computing: New Approaches for SecurityJohn Rhoton
 
Cloud Computing 2013: Status and Trends
Cloud Computing 2013: Status and TrendsCloud Computing 2013: Status and Trends
Cloud Computing 2013: Status and TrendsJohn Rhoton
 
Cloud Deployment Strategy: Challenges to consider
Cloud Deployment Strategy: Challenges to considerCloud Deployment Strategy: Challenges to consider
Cloud Deployment Strategy: Challenges to considerJohn Rhoton
 
Cloud Computing Challenges - Beamap
Cloud Computing Challenges - BeamapCloud Computing Challenges - Beamap
Cloud Computing Challenges - BeamapJohn Rhoton
 
Business Perspectives on Cloud Computing
Business Perspectives on Cloud ComputingBusiness Perspectives on Cloud Computing
Business Perspectives on Cloud ComputingJohn Rhoton
 
Cloud Computing Explained: Guide to Enterprise Implementation
Cloud Computing Explained: Guide to Enterprise ImplementationCloud Computing Explained: Guide to Enterprise Implementation
Cloud Computing Explained: Guide to Enterprise ImplementationJohn Rhoton
 
Optimizing Cloud Computing with IPv6
Optimizing Cloud Computing with IPv6Optimizing Cloud Computing with IPv6
Optimizing Cloud Computing with IPv6John Rhoton
 
Securing Cloud Services
Securing Cloud ServicesSecuring Cloud Services
Securing Cloud ServicesJohn Rhoton
 
Clouds in the Enterprise
Clouds in the EnterpriseClouds in the Enterprise
Clouds in the EnterpriseJohn Rhoton
 
Enterprise Preparation for IPv6
Enterprise Preparation for IPv6Enterprise Preparation for IPv6
Enterprise Preparation for IPv6John Rhoton
 
Unauthorized Wireless Network Connections
Unauthorized Wireless Network ConnectionsUnauthorized Wireless Network Connections
Unauthorized Wireless Network ConnectionsJohn Rhoton
 
ISSE Mobile Device Policy Enforcement
ISSE Mobile Device Policy EnforcementISSE Mobile Device Policy Enforcement
ISSE Mobile Device Policy EnforcementJohn Rhoton
 
RSA - WLAN Hacking
RSA - WLAN HackingRSA - WLAN Hacking
RSA - WLAN HackingJohn Rhoton
 
Cloud Computing: Hindernisse und Chancen für Großunternehmen
Cloud Computing: Hindernisse und Chancen für GroßunternehmenCloud Computing: Hindernisse und Chancen für Großunternehmen
Cloud Computing: Hindernisse und Chancen für GroßunternehmenJohn Rhoton
 
Peer-based Enterprise Document Workflow
Peer-based Enterprise Document WorkflowPeer-based Enterprise Document Workflow
Peer-based Enterprise Document WorkflowJohn Rhoton
 
IPv6 for the Enterprise
IPv6 for the EnterpriseIPv6 for the Enterprise
IPv6 for the EnterpriseJohn Rhoton
 
Windows Mobile Enterprise Security Best Practices
Windows Mobile Enterprise Security Best PracticesWindows Mobile Enterprise Security Best Practices
Windows Mobile Enterprise Security Best PracticesJohn Rhoton
 
System Center Mobile Device Manager
System Center Mobile Device ManagerSystem Center Mobile Device Manager
System Center Mobile Device ManagerJohn Rhoton
 
Mobile Device Management
Mobile Device ManagementMobile Device Management
Mobile Device ManagementJohn Rhoton
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device SecurityJohn Rhoton
 

Mais de John Rhoton (20)

Cloud Computing: New Approaches for Security
Cloud Computing: New Approaches for SecurityCloud Computing: New Approaches for Security
Cloud Computing: New Approaches for Security
 
Cloud Computing 2013: Status and Trends
Cloud Computing 2013: Status and TrendsCloud Computing 2013: Status and Trends
Cloud Computing 2013: Status and Trends
 
Cloud Deployment Strategy: Challenges to consider
Cloud Deployment Strategy: Challenges to considerCloud Deployment Strategy: Challenges to consider
Cloud Deployment Strategy: Challenges to consider
 
Cloud Computing Challenges - Beamap
Cloud Computing Challenges - BeamapCloud Computing Challenges - Beamap
Cloud Computing Challenges - Beamap
 
Business Perspectives on Cloud Computing
Business Perspectives on Cloud ComputingBusiness Perspectives on Cloud Computing
Business Perspectives on Cloud Computing
 
Cloud Computing Explained: Guide to Enterprise Implementation
Cloud Computing Explained: Guide to Enterprise ImplementationCloud Computing Explained: Guide to Enterprise Implementation
Cloud Computing Explained: Guide to Enterprise Implementation
 
Optimizing Cloud Computing with IPv6
Optimizing Cloud Computing with IPv6Optimizing Cloud Computing with IPv6
Optimizing Cloud Computing with IPv6
 
Securing Cloud Services
Securing Cloud ServicesSecuring Cloud Services
Securing Cloud Services
 
Clouds in the Enterprise
Clouds in the EnterpriseClouds in the Enterprise
Clouds in the Enterprise
 
Enterprise Preparation for IPv6
Enterprise Preparation for IPv6Enterprise Preparation for IPv6
Enterprise Preparation for IPv6
 
Unauthorized Wireless Network Connections
Unauthorized Wireless Network ConnectionsUnauthorized Wireless Network Connections
Unauthorized Wireless Network Connections
 
ISSE Mobile Device Policy Enforcement
ISSE Mobile Device Policy EnforcementISSE Mobile Device Policy Enforcement
ISSE Mobile Device Policy Enforcement
 
RSA - WLAN Hacking
RSA - WLAN HackingRSA - WLAN Hacking
RSA - WLAN Hacking
 
Cloud Computing: Hindernisse und Chancen für Großunternehmen
Cloud Computing: Hindernisse und Chancen für GroßunternehmenCloud Computing: Hindernisse und Chancen für Großunternehmen
Cloud Computing: Hindernisse und Chancen für Großunternehmen
 
Peer-based Enterprise Document Workflow
Peer-based Enterprise Document WorkflowPeer-based Enterprise Document Workflow
Peer-based Enterprise Document Workflow
 
IPv6 for the Enterprise
IPv6 for the EnterpriseIPv6 for the Enterprise
IPv6 for the Enterprise
 
Windows Mobile Enterprise Security Best Practices
Windows Mobile Enterprise Security Best PracticesWindows Mobile Enterprise Security Best Practices
Windows Mobile Enterprise Security Best Practices
 
System Center Mobile Device Manager
System Center Mobile Device ManagerSystem Center Mobile Device Manager
System Center Mobile Device Manager
 
Mobile Device Management
Mobile Device ManagementMobile Device Management
Mobile Device Management
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device Security
 

Último

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 

Último (20)

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 

A Critical Analysis of Microsoft Data Protection Solutions

  • 1. A Critical Analysis of Microsoft Data Protection Solutions John RHOTON Distinguished Technologist HP Services: Office of CTO
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7. BDE is an option
  • 8.
  • 9.
  • 10.
  • 11.
  • 12. BDE architecture Static root of trust measurement of early boot components
  • 13.
  • 14.
  • 15.
  • 16.
  • 17. But...there’s more than Technology... “ 54321 TO SILENCE ALARM” “ REPEAT CODE TO RESET”
  • 18.
  • 19.
  • 20.
  • 21. EFS with remote files Client side encryption Local EFS encryption [Keys and certificates live on the client] Client connects to remote server share SMB protocol No need to enable Trust For Delegation Encrypted file sent to server File Share
  • 22. EFS Group policy enhancements
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 32.
  • 33. But...there’s more than Technology... All must enter through electronic mantrap Fence ends here Sign says, “road is for cars only”
  • 34.
  • 35. Technology comparison BDE EFS RMS Encryption AES 128 (RSA32.LIB) AES 128 (Crypt32.DLL) AES 128 (Crypt32.DLL) Data Awareness Blocks Files App defined; docs/email Master Key TPM + SW Identity, Dongle, File SW, Smart-card Obfuscated SW (lockbox) Content Key Same as root key Same as root key Server Protects What? Windows and Data Directories and Files Documents (including use) Protects Who? Machine Owner, User Users Document Owners Protection Local, removable media Local, removable media, remote Remote, removable media Who is god? Local admin, net admin Local admin, net admin Document owner, RMS admin Supports other security systems? Yes Yes (ISV’s only) No (RMS is a security platform for applications) Data Recovery Mechanism Dongle, File, Network; Manual Key Entry Local or AD based policy RMS server policy Killer Client Scenario Lost or Stolen laptop Multi-user PC Protected Document Sharing Killer Server Scenario Branch-Office Server Protect Documents on File Shares from Admin RMS support in Sharepoint and Exchange Killer Admin Scenario Just switch it on. (also Force Recovery) My Documents encrypted by default Establish corporate information policy
  • 36.
  • 37.
  • 39.
  • 40.