Microsoft's Paul Cooke talks about the security features in the upcoming Windows 7 OS, covering subjects such as Multiple Active Firewall Policies, DirectAccess, and more.
Recently Microsoft's Paul Cooke, Program Manager for Windows Live, updated The Windows Security Blog with a lengthy insight to the new Windows 7 operating system, specifically the security features that will benefit the mobile worker. His update stems from hands-on experience at this week's RSA Conference, addressing five security features: Multiple Active Firewall Policies, DirectAccess, BranchCache, BitLocker To Go, and AppLocker. Cooke also hinted in the blog that the update was just the "tip of the iceberg," and for readers to stay tuned for more info on the new security technologies.
"We’re really excited about Windows 7’s new security features," he said. "This next OS is built upon the proven security technologies in Windows Vista and provides a fundamentally secure computing platform. We not only utilized enhanced Security Development Lifecycle (SDL) process during planning, development and testing but we also have worked to make the security features more discoverable, usable and manageable. These enhancements give Windows 7 the expanded security offerings to provide the necessary security controls to help mobile workers access the information they need to be productive, wherever and whenever they need it."
The first segment of his blog, Multiple Active Firewall Policies, describes how mobile users can create security problems when connecting to multiple networks on the road (while also connecting to the company network). Windows 7 eliminates the problem by enabling the PC to obtain and apply domain firewall profile information regardless of other networks that may be active on the PC. IT Pros can maintain a single set of rules for both remote clients and physically connected clients.
The next feature, DirectAccess, automatically establishes a bi-directional connection from mobile client computers to a corporate network. This means that the end-user is not required to connect via a VPN tunnel, but rather through a secured access through the Internet. DirectAccess also uses IPsec to authenticate the computer and user, encrypt the data crossing over the Internet, and can even be used to require employees to authenticate with a smart card. And since DirectAccess is always on, IT pros can distribute software updates and policies at any time.
Cooke also talked about BranchCache, a feature that will speed up network access for the employee working out of the branch office, performing as if they're working straight off the in-office corporate LAN. "BranchCache also helps reduce the utilization of the wide area network, he wrote. "When BranchCache is enabled, a copy of any data accessed from Intranet Web sites and/or file servers is cached locally within the branch office. When another client on the same network requests the file, the client downloads it from the local cache without downloading the same content across the WAN."
Cooke goes on to talk about BitLocker To Go, an extension to BitLocker in Vista that allows users to encrypt the disk volume of removable storage devices with a password and/or a digital certificate stored on a smart card. The program will also share data with Vista and XP users via a read-on program called BitLocker To Go Reader. Additionally, Cooke said that Windows 7 will give control back to IT pros with AppLocker, a feature that helps them eliminate unknown and unwanted software from their network environment (such as user-installed P2P programs, unnecessary games, unlicensed software, etc). However, AppLocker also allows end-users to install and run approved applications and software updates based upon their business needs.
"AppLocker just might be my favorite security feature in Windows 7, for it not only provides security protections but as an ex-IT Pro I really appreciate the operational and compliance benefits as well," he said.
Look for more Windows 7 updates as the week unfolds. For more details on each feature listed here, check out his official blog.