Title Information Goes Here
Total Page:16
File Type:pdf, Size:1020Kb
Implementing Security Mobile Device Solutions SPEAKER’S NAME DATE Laptops, mobile and smart phones, PDA’s • 502 million Smart Phones by 2006 4,000 • 50 million telecommuters via wireless 3G 3,000 2,000 1,000 0 1998 1999 2000 2001 2002 2003 2004 2005 2006 2008 Device Device Population, in millions Source: IDC Focused on SecurityPage. 2Committed, December to Success 07 Technology Adoption Time to reach 50 million users Radio 38 years Television 13 years Personal Computer 16 years Internet 4 years mInternet 1 year? Focused on Security. Committed to Success Page 3, December 07 Perimeter Security Standards-based security architecture for perimeter, Network Security data, network and application security Secure Device Platform enables partners to extend capabilities Management to meet evolving enterprise needs Application Rich set of partner offerings ensure the Execution Control long term value of investment Seamless Integration with existing PC, Windows server applications and data including SQL Server 2000 Broad choice of peripherals, connectivity options and devices Certificate Authentication to Exchange (via tunneling) Focused on Security. Committed to Success Windows Mobile 5.0 Goal: Broad Mobile Operator distribution • Meet Mobile Operator and OEM requirements – Code Execution Control on Pocket PC & Smartphone – Software Patching (ROM updates with digital signature) – Operator Device Management (OMA standard) – Operator Digital Rights Management (OMA standard) – Persistent Storage for Pocket PC • Build foundation to secure the Enterprise – Security Hardening (SDL integrated into product cycle) – Groundwork for n-tier security model (a la Java MIDP) – Custom Local Authentication Subsystem/Plug-in (LASS/LAP) – PIN and strong password in default LAPs – FIPS 140-2 Crypto Certification for Base Crypto Service Providers Focused on Security. Committed to Success Messaging & Security Feature Pack Devices available now Goal: Address immediate Enterprise blockers • Essential Security and Device Management – Password policy enforcement – Device wipe (local and remote) – Secure Messaging (S/MIME and FIPS Certification) – Certificate authentication to Exchange (tunneling only) • End-user – Instant email (Direct Push Email) – Improved Outlook Mobile experience including on-line GAL • Requires Exchange 2003 SP2 Benefit: More complete, secure and predictable mobile synchronization solution Focused on Security. Committed to Success Windows Mobile 6.0 Available Now Great mobile messaging and time management solution Messaging and calendaring enhancements Search and document access Microsoft® Office™ program enhancements Advance the business and enterprise propositions Secure and simple corporate access Protect valuable corporate data Device and policy management Strengthen the phone integration Faster connections to my contacts Consistency of services Platform enhancements Faster, easier application development and distribution SQL Mobile 2005 Database (Everywhere Edition) .NET Compact Framework v2 Updated Terminal Services Client Focused on Security. Committed to Success Windows Mobile 6.0 Security Feature Overview • Storage Card Security: – Encryption (AES128 default) and Wipe (erasure of data) • Generating a Personal Certificate – Certificate Enrollment – Desktop and Device-side clients .PFX/.P12 import • Crypto/Certificate Services – Root Certificate Add – User Cert Installer to add .CER and .P7B – AES128 support for DPAPI – SSL support of AES128 and/or AES256 EAS – Wildcard Certificate Support • New Device Lock Policies – password expiration, strong PIN, password history – User PIN/password Reset – Key guard / device lock enhancement • Email & Documents: IRM Read support Focused on Security. Committed to Success 8 Enterprise Mobility Vision E-Mail LOB Applications Managed Access Team Intranet Web PC Control Workspaces Applications Unmanaged PC Identity & (Home PC, Kiosk, etc) Presence Documents Instant & Files Messaging Mobile & Firewall Traditional Web & Video Calendaring Devices Conferencing Focused on Security. Committed to Success Summary- Windows Mobile Value Prop 4 Key planks: 1. Push Mail Messaging: vs Blackberry “All-in-One” best of – Cheaper, More convenient, Lowest TCO breed solution solution better than Blackberry – Exchange server 2003 (free SP2) + Win Mobile handsets with MSFP 2. Windows Office: „Round-tripping‟ – Word, Excel, Power point on the move – Familiar interface; No learning curve ONLY WINDOWS MOBILE 3. Multimedia functionality & Cool form factor HANDSETS GIVE – Camera, Mp3 (WMA), Video etc CUSTOMERS ALL 4 – i-Mate, HTC/Dopod, O2, HP etc BENEFITS TOGETHER!! 4. Line of Business Apps: Windows Mobile BEST platform with widest apps Focused on Security. Committed to Success Ex Mailbox • Integrated in Exchange Server 2003/2007 Servers Ex Perimeter Network Front-End • Great experience with Windows(DMZ) MobileServer – SSLNo client softwareSSL to load reduces set-up time – Familiar Outlook experience • ScalableSSL solution for enterprises ISA or ISA or – E-mail backend scalabilityIAG IAG – Scalable cost per user Windows Server Active Directory Focused on Security. Committed to Success Perimeter Security Standards-based security architecture for perimeter, Network Security data, network and application security Secure Device Platform enables partners to extend capabilities Management to meet evolving enterprise needs Application Rich set of partner offerings ensure the Execution Control long term value of investment Seamless Integration with existing PC, Windows server applications and data including SQL Server 2000 Broad choice of peripherals, connectivity options and devices Certificate Authentication to Exchange (via tunneling) Focused on Security. Committed to Success Security- Remote Device Wipe • Helps protect device data if device is lost – Exchange Server Web Console can erase all on-device data over the air and reset device back to clean state • Applies when lost device syncs with network – Admin sends remote erase order to specific device – Server sends erase order next time device connects to Exchange – Device acknowledges that the command was received – Device wipes its data upon receiving command • Easy to manage – Administered through a Web site – Exchange Admin can “delegate” access to Help desk – Provides a transaction log for recording history Focused on Security. Committed to Success Device Policy Configuration Focused on Security. Committed to Success Device policy in action Focused on Security. Committed to Success Help Protect Unauthorized Entry to Device: Screenshots Focused on Security. Committed to Success Remote Device Wipe Focused on Security. Committed to Success Certificate-Based Authentication: Screenshots Using Using Basic Certificate Authentication Authentication Focused on Security. Committed to Success You Compare Windows Mobile RIM NO Direct, Secure Connection Direct, Secure Connection from Device-to-Server from Device-to-Server Exchange Exchange (a.k.a. Back-End) (a.k.a. Back-End) Blackberry Exchange Enterprise (a.k.a. Front-End) Server Data Transferred Outside of Firewall, Stored on 3rd Party Firewall/DMZ Firewall/DMZ Servers RIM NOC Handheld Devices Handheld Devices Focused on Security. Committed to Success For Business & IT Windows Mobile Security SSL (Secure Socket Layer) based The standard for on-line banking and e-commerce Establishes secure, authenticated connection between server & device FIPS-140-2-certified Meets U.S. government security requirements for IT products Data remains stored and secured behind your firewall Windows Mobile Manageability Policy push from Administrator to Device Device Wipe with Confirmation of Successful Completion Focused on Security. Committed to Success Resources Need resources on Windows Mobile Security? Visit the MED Content Publishing Team Wiki site: http://msdn.microsoft.com/mobility/wiki Windows Mobile 5.0 Developer Resource Kit Windows Mobile Enterprise White Papers Windows CE 5.0 on MSDN Windows Mobile 5.0 on MSDN Third Party Software Solutions for Windows Mobile Enterprise Deployment Focused on Security. Committed to Success © 2006 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. Focused on Security. Committed to Success.