Enterprise Architecture in Higher Education

Session 11 Patrick Hevesi, Enterprise Technology Architect, WW CATM Security Lead

Microsoft Forefront – Business Ready Security Solutions

Evolving Threats

• 2 axes – threat and person
• Threats = Curiosity, Personal Fame, Personal Gain, National Interest
• Person = Script-Kiddy, Undergraduate, Expert, Specialist
• Results: Vandal (largest area by volume), Author, Trespasser, Thief (largest area by $ lost and fastest growing segment), Spy(largest amount of gov’t IT security $ spent)

Evolving Threat Landscape

• huge improvements in bandwidth of networks
• botnets leveraging peer to peer
• 88% of attacks are on applications – top 3 applications attacked: #1 Adobe Reader, #2 iTunes, #3 Quicktime
• the explosion of social networks introduce hugely naive users to places where they voluntarily give up their personal data
• Malware sites #1 Game Cheats #2 Pornography #3 Music Lyric #4 Gossip sites
• http://www.microsoft.com/sir – security intelligence report (free report – updated every 6 months)

Core Infrastructure Optimization Solutions (optimized desktop, optimized datacenter, business ready security)

• best protection is to run Windows NOT as administrator especially when surfing the web
• Microsoft worked with Intel and Dell to build security into hardware and software (OS working with the hardware – 64 bit)
• Network Access Protection – 2 certificates (IPSEC) issued – one for the machine and one for the user enforces machine health
• http://microsoft.com/optimization – self service questions to see where your organization is on a maturity scale – Dynamic IT
• Dynamic IT scale – basic (cost centre), standardized (cost efficiency), rationalized (business enabler), dymanic (strategic asset)

Business Ready Security – help securely enable business by managing risk and empowering people

• Identity Protection, Identity Access, Identity Management

Forefront – Endpoint Protection, Protection for Exchange, Identity Manager, ISA Server Edge Security (client, server, mobile, cloud)

• Defense in Depth – 64 bit hardware, 64 bit Windows 7 and Mobile, Windows Server Core, Network Access Protection (NAP)
• Services – Forefront Online Protection for Exchange
• Edge – Intelligent Gateway Application, Internet Security & Accleration Server
• Server – Forefront Security for SharePoint, Security for Exchange Server, Security for OCS
• Client and Server OS – Forefront Client Security
• Forefront has 5 built in virus scan engines working together
• Microsoft Security Essentials – free tool, next generation of Forefront Client Security
• Windows Rights Management Services – BitLocker, Encryption File System (EFS), information protection
• Identity and Access Management – Forefront Identity Manager, Windows AD, ADFS, Certificate Lifecycle Mgmt
• Systems Management – System Center – Configuration Mgr, Operations Mgr, Data Protection Mgr, Windows Server Update Services, SQL Server 2008
• New Products – Forefront Protection Management – see security on SharePoint, Exchange, OCS and the cloud services

This was an excellent presentation and it is great to see Microsoft taking security very seriously.

Related posts:

1. Canadian Colleges Update – Dec 2009 Session 5 Microsoft’s Virtualization Strategy and Futures
2. Canadian Colleges Update – Dec 2009 Session 10 Live@edu Overview
3. Canadian Colleges Update – Dec 2009 Session 7 Unified Communications Overview
4. Canadian Colleges Update – Dec 2009 Session 2 Exchange 2010
5. Canadian Colleges Update – Dec 2009 Session 9 Windows Server 2008 R2 Futures and Directions