dynamic access control overview matthias wollnik program manager, file server microsoft corporation
If you can't read please download the document
TRANSCRIPT
- Slide 1
- Dynamic Access Control Overview Matthias Wollnik Program Manager, File Server Microsoft Corporation
- Slide 2
- Slide 3
- Slide 4
- Slide 5
- Slide 6
- Slide 7
- demo Location based classification Automatic content based classification Data Classification demo
- Slide 8
- x 50 Country 50 Groups Department x 20 1000 Groups Sensitive 2000 Groups!
- Slide 9
- demo Country based central access rule Expression based ACL demo
- Slide 10
- User claims User.Department = Finance User.Clearance = High ACCESS POLICY Applies to: @File.Impact = High Allow | Read, Write | if (@User.Department == @File.Department) AND (@Device.Managed == True) Device claims Device.Department = Finance Device.Managed = True Resource properties Resource.Department = Finance Resource.Impact = High AD DS 10 File Server
- Slide 11
- demo Country based central access rule Central Access Policy with user claims
- Slide 12
- Windows Server 2012 Active Directory Windows Server 2012 File Server End User Access Policy ? Resource Property Definitions User Claims
- Slide 13
- No conditional expressions Using groups with conditional expressions Using user claims
- Slide 14
- Slide 15
- Slide 16
- Slide 17
- demo Automatic Rights Management Protection
- Slide 18
- Slide 19
- DCT Database 4. Report 1. Import 2. Export 3. Deploy OOB Knowledge Scale (#File Servers) Hybrid Environment Staging File Server Production File Servers Windows 2008 R2 Windows 2012 Collect Domain Controller (Active Directory) Management Client
- Slide 20
- Slide 21
- Slide 22
- Slide 23
- An attempt was made to access an object. Subject: Security ID:CONTOSODOM\alice Account Name:alice Account Domain: CONTOSODOM Logon ID:0x3e7 Object: Object Server:Security Object Type:File Handle ID:0x8e4 Resource Attributes: S:AI(RA;;;;;WD;( Personally Identifiable Information",TS,0x0,"High"))(RA;;;;;WD;(Department_23AFE",TS,0x0,Finance")) Object Name:C:\Finance Document Share\FinancialStatements\MarchEmployeeStmt.xls
- Slide 24
- demo Expression Based Auditing
- Slide 25
- Event collected to central repository for analysis and reporting Windows Server 2012 Active Directory Windows Server 2012 File Server End User Access Policy ? Resource Property Definitions User Claims
- Slide 26
- Slide 27
- DAC Partners
- Slide 28
- Slide 29
- Department x 50 x 20 Country Sensitive ACCESS POLICY Applies to: @File.Impact = High Allow | Read, Write | if (@User.Department == @File.Department) AND (@Device.Managed == True) StealthAUDIT for Windows Server 2012 Dynamic Access Control http://www.stealthbits.com/
- Slide 30
- Identify where groups are being used and who owns them Clean Up, Consolidate & Secure Conditional Permissions Central Access Policies & Claims Impact Analysis & Group Reduction Apply, Lock Down & Maintain Discover your environment Design new security model Implement
- Slide 31
- http://www.jijitechnologies.com/dynamic-access-control-effective-permission-report.aspx
- Slide 32
- Slide 33
- Data Loss Prevention http://www.ca.com/us/data-security-solutions.aspx http://www.dynamicaccesscontrol.com http://www.websense.com/content/ data-security-overview.aspx CA DataMinder dg classification
- Slide 34
- Data Loss Prevention Dynamic Access Control Dynamic Content Classification and Control 1: Create2: Analyze3: Classify4: Tag5: Enforce
- Slide 35
- CA Technologies Content-Aware Identity & Access Management Control identity, control access and control information CA DataMinder discovers, classifies and controls information Controls Collaboration & File Sharing Environments SharePoint 2010 March 2012 Windows Server 2012 Dynamic Access Control July 2012 Delivers precise & fine-grained access control Copyright 2012 CA. All rights reserved. No unauthorized copying or distribution permitted.
- Slide 36
- Supercharge DAC with automated file classification Enables accurate automated file classification enterprise-wide with both attribute-based and content-based classification Deeply integrated with Windows Server 2012. dg classification can also be used to fuel powerful Governance, Compliance and Archiving solutions For more information visit us at Booth 230 (Orlando) / PP17 (Amsterdam) or at www.dynamic-access-control.com A leader in automatic file classification
- Slide 37
- http://www.gigatrust.com Dynamic Policy Enforcer
- Slide 38
- FCI CLASSIFY PROTECT D YNAMIC P OLICY P ROTECTOR Windows 8 Server D YNAMIC P OLICY M ODULE Desktop 4 4 1 1 2 2 2 2 3 3 4 4 1 1 AD Admin Center Access Policies Claims Properties Dynamic Access Control USE LICENSE 3 3 Legend: User Claims Resource Properties Access Policy GigaTrust Product Component GigaTrust Contact: [email protected] AD RMS Windows 8 Server static
- Slide 39
- http://www.nextlabs.com/html/?q=microsoft_solutions http://www.titus.com/ http://www.axiomatics.com/dynamic-access- sddl-xacml-windows-server-2012 Titus Metadata Security for SharePoint Control Center for Windows Server 2012 Dynamic Access Control Axiomatics Policy Server
- Slide 40
- Slide 41
- Windows Server 2012 Active Directory Windows Server 2012 File Server End User Microsoft SharePoint 2010 Access Policy ? ?
- Slide 42
- Policy AuthorFile Server Active Directory User 1. Author policy & export to AD 2. Convert XACML to SDDL & import 3. Push out imported rules based on group policy 4. Access files 5. Check access based on rules previously defined in APS Axiomatics Policy Server (APS)
- Slide 43
- http://www.emc.com/security/rsa-netwitness.htm RSA NetWitness
- Slide 44
- Slide 45
- Enterprise-wide visibility into server and application health
- Slide 46
- Slide 47
- Slide 48
- Slide 49
- In Summary..
- Slide 50
- Reduce group complexity
- Slide 51
- Simplify access control
- Slide 52
- Implement effective access control
- Slide 53
- SIA 207 Windows Server 2012 Dynamic Access Control Overview SIA 341 Windows Server 2012 Dynamic Access Control Deep Dive for Active Directory and Central Authorization Policies SIA 316 Windows Server 2012 Dynamic Access Control Best Practices and Case Study Deployments in Microsoft IT SIA21-HOL Using Dynamic Access Conrol to Automatically and Centrally Secure Data in Windows Server 2012 SIA02-TLC Windows Server 2012 Active Directory and Dynamic Access Control Find Me Later At the Windows Server booth
- Slide 54
- Connect. Share. Discuss. http://europe.msteched.com Learning Microsoft Certification & Training Resources www.microsoft.com/learning TechNet Resources for IT Professionals http://microsoft.com/technet Resources for Developers http://microsoft.com/msdn
- Slide 55
- Evaluations http://europe.msteched.com/sessions Submit your evals online
- Slide 56
- Slide 57
- Resource 1 Resource 2 Resource 3 Resource 4 Required Slide *delete this box when your slide is finalized Track PMs will supply the content for this slide, which will be inserted during the final scrub.