Implementing Security Mobile Device Solutions

SPEAKER’S NAME DATE Laptops, mobile and smart phones, PDA’s

• 502 million Smart Phones by 2006 4,000 • 50 million telecommuters via wireless 3G 3,000

2,000

1,000

0

1998 1999 2000 2001 2002 2003 2004 2005 2006 2008

Device Device Population, in millions Source: IDC

Focused on SecurityPage. 2Committed, December to Success 07 Technology Adoption Time to reach 50 million users Radio 38 years

Television 13 years

Personal Computer 16 years

Internet 4 years

mInternet 1 year?

Focused on Security. Committed to Success Page 3, December 07 Perimeter Security Standards-based security architecture for perimeter, Network Security data, network and application security Secure Device Platform enables partners to extend capabilities Management to meet evolving enterprise needs Application Rich set of partner offerings ensure the Execution Control long term value of investment Seamless Integration with existing PC, Windows server applications and data including SQL Server 2000 Broad choice of peripherals, connectivity options and devices Certificate Authentication to Exchange (via tunneling)

Focused on Security. Committed to Success 5.0

Goal: Broad Mobile Operator distribution • Meet Mobile Operator and OEM requirements – Code Execution Control on Pocket PC & Smartphone – Software Patching (ROM updates with digital signature) – Operator Device Management (OMA standard) – Operator Digital Rights Management (OMA standard) – Persistent Storage for Pocket PC • Build foundation to secure the Enterprise – Security Hardening (SDL integrated into product cycle) – Groundwork for n-tier security model (a la Java MIDP) – Custom Local Authentication Subsystem/Plug-in (LASS/LAP) – PIN and strong password in default LAPs – FIPS 140-2 Crypto Certification for Base Crypto Service Providers

Focused on Security. Committed to Success Messaging & Security Feature Pack Devices available now

Goal: Address immediate Enterprise blockers • Essential Security and Device Management – Password policy enforcement – Device wipe (local and remote) – Secure Messaging (S/MIME and FIPS Certification) – Certificate authentication to Exchange (tunneling only) • End-user – Instant email (Direct ) – Improved Outlook Mobile experience including on-line GAL • Requires Exchange 2003 SP2

Benefit: More complete, secure and predictable mobile synchronization solution Focused on Security. Committed to Success Windows Mobile 6.0 Available Now

Great mobile messaging and time management solution Messaging and calendaring enhancements Search and document access ® Office™ program enhancements

Advance the business and enterprise propositions Secure and simple corporate access Protect valuable corporate data Device and policy management

Strengthen the phone integration Faster connections to my contacts Consistency of services Platform enhancements

Faster, easier application development and distribution SQL Mobile 2005 Database (Everywhere Edition) .NET Compact Framework v2 Updated Terminal Services Client Focused on Security. Committed to Success Windows Mobile 6.0 Security Feature Overview

• Storage Card Security: – Encryption (AES128 default) and Wipe (erasure of data) • Generating a Personal Certificate – Certificate Enrollment – Desktop and Device-side clients .PFX/.P12 import • Crypto/Certificate Services – Root Certificate Add – User Cert Installer to add .CER and .P7B – AES128 support for DPAPI – SSL support of AES128 and/or AES256 EAS – Wildcard Certificate Support • New Device Lock Policies – password expiration, strong PIN, password history – User PIN/password Reset – Key guard / device lock enhancement • Email & Documents: IRM Read support

Focused on Security. Committed to Success 8 Enterprise Mobility Vision

E-Mail LOB Applications

Managed Access Team Intranet Web PC Control Workspaces Applications

Unmanaged PC Identity & (Home PC, Kiosk, etc) Presence Documents Instant & Files Messaging Mobile & Firewall Traditional Web & Video Calendaring Devices Conferencing

Focused on Security. Committed to Success Summary- Windows Mobile Value Prop 4 Key planks: 1. Push Mail Messaging: vs Blackberry “All-in-One” best of – Cheaper, More convenient, Lowest TCO breed solution solution better than Blackberry – Exchange server 2003 (free SP2) + Win Mobile handsets with MSFP 2. Windows Office: „Round-tripping‟ – Word, Excel, Power point on the move – Familiar interface; No learning curve ONLY WINDOWS MOBILE 3. Multimedia functionality & Cool form factor HANDSETS GIVE – Camera, Mp3 (WMA), Video etc CUSTOMERS ALL 4 – i-Mate, HTC/Dopod, O2, HP etc BENEFITS TOGETHER!! 4. Line of Business Apps: Windows Mobile BEST platform with widest apps

Focused on Security. Committed to Success Ex Mailbox • Integrated in Exchange Server 2003/2007 Servers Ex Perimeter Network Front-End • Great experience with Windows(DMZ) MobileServer – SSLNo client softwareSSL to load reduces set-up time – Familiar Outlook experience

• ScalableSSL solution for enterprises ISA or ISA or – E-mail backend scalabilityIAG IAG – Scalable cost per user

Windows Server Active Directory

Focused on Security. Committed to Success Perimeter Security Standards-based security architecture for perimeter, Network Security data, network and application security Secure Device Platform enables partners to extend capabilities Management to meet evolving enterprise needs Application Rich set of partner offerings ensure the Execution Control long term value of investment Seamless Integration with existing PC, Windows server applications and data including SQL Server 2000 Broad choice of peripherals, connectivity options and devices Certificate Authentication to Exchange (via tunneling)

Focused on Security. Committed to Success Security- Remote Device Wipe • Helps protect device data if device is lost – Exchange Server Web Console can erase all on-device data over the air and reset device back to clean state • Applies when lost device syncs with network – Admin sends remote erase order to specific device – Server sends erase order next time device connects to Exchange – Device acknowledges that the command was received – Device wipes its data upon receiving command • Easy to manage – Administered through a Web site – Exchange Admin can “delegate” access to Help desk – Provides a transaction log for recording history

Focused on Security. Committed to Success Device Policy Configuration

Focused on Security. Committed to Success Device policy in action

Focused on Security. Committed to Success Help Protect Unauthorized Entry to Device: Screenshots

Focused on Security. Committed to Success Remote Device Wipe

Focused on Security. Committed to Success Certificate-Based Authentication: Screenshots

Using Using Basic Certificate Authentication Authentication

Focused on Security. Committed to Success You Compare

Windows Mobile RIM

NO Direct, Secure Connection Direct, Secure Connection from Device-to-Server from Device-to-Server

Exchange Exchange (a.k.a. Back-End) (a.k.a. Back-End)

Blackberry Exchange Enterprise (a.k.a. Front-End) Server Data Transferred Outside of Firewall, Stored on 3rd Party Firewall/DMZ Firewall/DMZ Servers

RIM NOC

Handheld Devices Handheld Devices Focused on Security. Committed to Success For Business & IT

Windows Mobile Security SSL (Secure Socket Layer) based The standard for on-line banking and e-commerce Establishes secure, authenticated connection between server & device FIPS-140-2-certified Meets U.S. government security requirements for IT products Data remains stored and secured behind your firewall Windows Mobile Manageability Policy push from Administrator to Device Device Wipe with Confirmation of Successful Completion

Focused on Security. Committed to Success Resources

Need resources on Windows Mobile Security?

Visit the MED Content Publishing Team Wiki site: http://msdn.microsoft.com/mobility/wiki

Windows Mobile 5.0 Developer Resource Kit

Windows Mobile Enterprise White Papers

Windows CE 5.0 on MSDN

Windows Mobile 5.0 on MSDN

Third Party Software Solutions for Windows Mobile Enterprise Deployment

Focused on Security. Committed to Success © 2006 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.

Focused on Security. Committed to Success