Embed Size (px)
Citation preview
Implementing Security Mobile Device Solutions
SPEAKER’S NAME
DATE
Focused on Security. Committed to SuccessPage 2, December 07
Laptops, mobile and smart phones, PDA’s
Source: IDC
1998 1999 2000 2001 2002 2003 2004 2005 2006 2008
4,000
3,000
2,000
1,000
0
De
vic
e P
op
ula
tio
n,
in
millio
ns
• 502 million Smart Phones by 2006
• 50 million telecommuters via wireless 3G
Focused on Security. Committed to SuccessPage 3, December 07
Technology AdoptionTime to reach 50 million users
Radio 38 years
Television 13 years
Personal Computer 16 years
Internet 4 years
mInternet 1 year?
Focused on Security. Committed to Success
Perimeter Security
Network Security
Secure Device Management
Application Execution Control
Standards-based security architecture for perimeter, data, network and application security
Platform enables partners to extend capabilities to meet evolving enterprise needs
Rich set of partner offerings ensure the long term value of investment
Seamless Integration with existing PC, Windows server applications and data including SQL Server 2000
Broad choice of peripherals, connectivity options and devices
Certificate Authentication to Exchange (via tunneling)
Focused on Security. Committed to Success
Windows Mobile 5.0
Goal: Broad Mobile Operator distribution
• Meet Mobile Operator and OEM requirements
– Code Execution Control on Pocket PC & Smartphone
– Software Patching (ROM updates with digital signature)
– Operator Device Management (OMA standard)
– Operator Digital Rights Management (OMA standard)
– Persistent Storage for Pocket PC
• Build foundation to secure the Enterprise
– Security Hardening (SDL integrated into product cycle)
– Groundwork for n-tier security model (a la Java MIDP)
– Custom Local Authentication Subsystem/Plug-in (LASS/LAP)
– PIN and strong password in default LAPs
– FIPS 140-2 Crypto Certification for Base Crypto Service Providers
Focused on Security. Committed to Success
Messaging & Security Feature PackDevices available now
Goal: Address immediate Enterprise blockers
• Essential Security and Device Management
– Password policy enforcement
– Device wipe (local and remote)
– Secure Messaging (S/MIME and FIPS Certification)
– Certificate authentication to Exchange (tunneling only)
• End-user
– Instant email (Direct Push Email)
– Improved Outlook Mobile experience including on-line GAL
• Requires Exchange 2003 SP2
Benefit: More complete, secure and predictable mobile synchronization solution
Focused on Security. Committed to Success
Windows Mobile 6.0Available Now
Faster, easier application development and distributionSQL Mobile 2005 Database (Everywhere Edition)
.NET Compact Framework v2
Updated Terminal Services Client
Advance the business and enterprise propositionsSecure and simple corporate access
Protect valuable corporate data
Device and policy management
Strengthen the phone integrationFaster connections to my contacts
Consistency of services
Platform enhancements
Great mobile messaging and time management solution
Messaging and calendaring enhancements
Search and document access
Microsoft® Office™ program enhancements
Focused on Security. Committed to Success
8
Windows Mobile 6.0 SecurityFeature Overview
• Storage Card Security:
– Encryption (AES128 default) and Wipe (erasure of data)
• Generating a Personal Certificate
– Certificate Enrollment – Desktop and Device-side clients
.PFX/.P12 import
• Crypto/Certificate Services
– Root Certificate Add – User Cert Installer to add .CER and .P7B
– AES128 support for DPAPI
– SSL support of AES128 and/or AES256 EAS
– Wildcard Certificate Support
• New Device Lock Policies
– password expiration, strong PIN, password history
– User PIN/password Reset
– Key guard / device lock enhancement
• Email & Documents: IRM Read support
Focused on Security. Committed to Success
Access Control
Firewall
Unmanaged PC
(Home PC, Kiosk, etc)
Managed PC
Mobile & Traditional
Devices
Team Workspaces
Web & Video Conferencing
Documents & Files
Calendaring
Instant Messaging
Identity & Presence
LOB Applications
Intranet Web Applications
Enterprise Mobility Vision
Focused on Security. Committed to Success
Summary- Windows Mobile Value Prop
4 Key planks:1. Push Mail Messaging: vs Blackberry
– Cheaper, More convenient, Lowest TCO solution better than Blackberry
– Exchange server 2003 (free SP2) + Win Mobile handsets with MSFP
2. Windows Office: „Round-tripping‟
– Word, Excel, Power point on the move
– Familiar interface; No learning curve
3. Multimedia functionality & Cool form factor
– Camera, Mp3 (WMA), Video etc
– i-Mate, HTC/Dopod, O2, HP etc
4. Line of Business Apps: Windows Mobile BEST platform with widest apps
“All-in-One” best of breed solution
ONLY WINDOWS MOBILE HANDSETS GIVE CUSTOMERS ALL 4 BENEFITS TOGETHER!!
Focused on Security. Committed to Success
• Integrated in Exchange Server 2003/2007
• Great experience with Windows Mobile
– No client software to load reduces set-up time
– Familiar Outlook experience
• Scalable solution for enterprises
– E-mail backend scalability
– Scalable cost per user
ISA or
IAG
Perimeter Network
(DMZ)
Windows Server Active
Directory
Ex
Front-End
Server
Ex
Mailbox
Servers
ISA or
IAG
SSLSSL
SSL
Focused on Security. Committed to Success
Perimeter Security
Network Security
Secure Device Management
Application Execution Control
Standards-based security architecture for perimeter, data, network and application security
Platform enables partners to extend capabilities to meet evolving enterprise needs
Rich set of partner offerings ensure the long term value of investment
Seamless Integration with existing PC, Windows server applications and data including SQL Server 2000
Broad choice of peripherals, connectivity options and devices
Certificate Authentication to Exchange (via tunneling)
Focused on Security. Committed to Success
Security- Remote Device Wipe• Helps protect device data if device is lost
– Exchange Server Web Console can erase all on-device data over the air and reset device back to clean state
• Applies when lost device syncs with network
– Admin sends remote erase order to specific device
– Server sends erase order next time device connects to Exchange
– Device acknowledges that the command was received
– Device wipes its data upon receiving command
• Easy to manage
– Administered through a Web site
– Exchange Admin can “delegate” access to Help desk
– Provides a transaction log for recording history
Focused on Security. Committed to Success
Device Policy Configuration
Focused on Security. Committed to Success
Device policy in action
Focused on Security. Committed to Success
Help Protect Unauthorized Entry to Device: Screenshots
Focused on Security. Committed to Success
Remote Device Wipe
Focused on Security. Committed to Success
Certificate-Based Authentication: Screenshots
Using Certificate
Authentication
Using Basic Authentication
Focused on Security. Committed to Success
You Compare
Firewall/DMZ
Handheld Devices
Exchange(a.k.a. Back-End)
Exchange(a.k.a. Front-End)
Direct, Secure Connection from Device-to-Server
Data Transferred Outside of Firewall, Stored on 3rd Party Servers
Exchange(a.k.a. Back-End)
Blackberry Enterprise Server
Firewall/DMZ
Handheld Devices
RIM NOC
NO Direct, Secure Connection from Device-to-Server
RIMWindows Mobile
Focused on Security. Committed to Success
For Business & ITWindows Mobile Security
SSL (Secure Socket Layer) basedThe standard for on-line banking and e-commerceEstablishes secure, authenticated connection between server & device
FIPS-140-2-certified Meets U.S. government security requirements for IT products
Data remains stored and secured behind your firewallWindows Mobile Manageability
Policy push from Administrator to DeviceDevice Wipe with Confirmation of Successful Completion
Focused on Security. Committed to Success
Resources
Visit the MED Content Publishing Team Wiki site:http://msdn.microsoft.com/mobility/wiki
Need resources on Windows Mobile Security?
Windows Mobile 5.0 Developer Resource Kit
Windows Mobile Enterprise White Papers
Third Party Software Solutions for Windows Mobile Enterprise Deployment
Windows Mobile 5.0 on MSDN
Windows CE 5.0 on MSDN
Focused on Security. Committed to Success
© 2006 Microsoft Corporation. All rights reserved.
This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.
