Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cybersecurity
    • Networking

    Vista Stakes Its Future on Security

    By
    Paul F. Roberts
    -
    December 11, 2005
    Share
    Facebook
    Twitter
    Linkedin

      Microsoft Corp. is banking on enhancements to what it has dubbed the fundamentals to entice enterprises to upgrade to the next version of Windows, known as Vista.

      The company will use upcoming industry shows to sing the praises of improvements to the Windows networking stack and secure networking techniques such as server and domain isolation to sell both Vista and “Longhorn,” the planned update to Windows Server.

      However, Microsoft may be swimming upstream against current technology trends and advocating changes that could roil enterprise networks, according to one analyst.

      Microsoft will use the RSA Conference in San Jose, Calif., in February and the companys TechEd conference in Boston in June to demonstrate and evangelize the security enhancements in Vista and its upcoming “Longhorn” version of Windows, said Mike Schutz, group product manager for Microsofts Windows Server Division, in Redmond, Wash.

      One focus of those presentations will be IPSec, a venerable protocol used for securing message data at the network layer as well as for authenticating the source of data packets sent over networks.

      Enterprises have historically used IPSec for VPN sessions that connect remote users to corporate resources. But Microsoft has rebuilt its TCP/IP stack “brick by brick” in Vista and Longhorn and hopes to “paint IPSec with a different brush,” said Ian Hameroff, product manager for Windows server core networking at Microsoft.

      “The knee-jerk reaction is that IPSec is used for VPN. We want to unlock the other value [in IPSec],” Hameroff said.

      The “other value” includes server and domain isolation technologies that use IPSec and Active Directory policies to restrict access, said Michael Nash, corporate vice president in Microsofts Security Business & Technology Unit.

      In Vista and Longhorn, IPSec is used to do both domain isolation—which blocks untrusted connections to domain members—and server isolation—which restricts traffic to trusted domain members and user groups—according to Microsoft.

      Windows 2000 Service Pack 4, Windows Server 2003 and Windows XP SP 2 currently support server and domain isolation, but it will be much easier to deploy the technology with Vista and Longhorn, Hameroff said.

      /zimages/4/28571.gifVisit the ghosts of Windows past with former and present eWEEK Labs analysts. Click here to read more.

      Microsoft already uses server and domain isolation extensively on its own 275,000-device network, using Kerberos certificates to authenticate users, Hameroff said. “Were looking at scenarios that we can lead with, and server and domain isolation, which uses IPSec for enforcement, is one area where were seeing [customer] uptake,” Hameroff said.

      The company sees benefits for its customers in doing the same, including reduced risk of viruses, worms and DoS (denial of service) attacks, Nash said.

      “If you can allow connections for machines that should be happening without also enabling connections from machines that shouldnt be happening, you reduce the threat of malware,” he said.

      IPSec has been difficult to deploy on enterprise networks, but Vista and Longhorn will make it easier, with new management features built into the operating systems, as well as logic to allow firewalls to handle IPSec traffic, Nash said.

      Microsoft wants enterprises to begin planning changes to their networks now that will lay the groundwork for server and domain isolation. Preparing networks to do server and domain isolation will also be an excellent preparation for Microsofts other big security play in Vista and Longhorn: NAP, Schutz said.

      /zimages/4/28571.gifWhat do developers think about the network access protection framework? Click here to read more.

      “The things you need to do to get ready for NAP are relevant to deploying IPSec for server and domain isolation,” he said.

      The IT staff for Fulton County in Georgia agrees with that assessment. The county is a beta test site for both Vista and Longhorn, and the network staff there is sold on the idea of using IPSec to secure its network, said Robert Taylor, CIO and director of IT for Fulton County.

      Using IPSec with Vista will be cheaper than the governments current network configuration, a typical network design that uses subnets to segregate users, firewalls to block attacks from outside and within the network, and terminal emulation software from Citrix Systems Inc. to connect users at branch government offices, said Keith Dickie, assistant director of networks for the county.

      IPSec will also make it easier for the county to demonstrate compliance with federal and state regulations such as HIPAA (Health Insurance Portability and Accountability Act) by encrypting traffic from workers at the countys health department, Taylor said.

      But widespread deployment of IPSec can also cause problems on enterprise networks, said John Pescatore, an analyst at Gartner Inc., in Stamford, Conn. “We dont think its going to work,” Pescatore said. “Once you try to encrypt internal communications, your network architecture breaks.

      “I hate to bet against Microsoft, but I give this a low probability,” said Pescatore.

      /zimages/4/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

      Paul F. Roberts

      MOST POPULAR ARTICLES

      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×