Security Security Securing Your IT Infrastructure Kim Mikkelsen Senior Technology Specialist Enterprise & Partner Group Microsoft Denmark

SecuritySecuritySecuring Your IT InfrastructureSecuring Your IT Infrastructure

Kim MikkelsenKim MikkelsenSenior Technology Specialist Senior Technology Specialist Enterprise & Partner GroupEnterprise & Partner GroupMicrosoft DenmarkMicrosoft Denmark

AgendaAgenda

The challenge of securityThe challenge of security People, process and technologyPeople, process and technology Organizational security riskOrganizational security risk Strategic Technology Protection Program Strategic Technology Protection Program

(STPP)(STPP) The Secure InfrastructureThe Secure Infrastructure Trustworthy ComputingTrustworthy Computing Next stepsNext steps

The Challenge of SecurityThe Challenge of Security

Internet-enabled businesses face challenges ensuring their Internet-enabled businesses face challenges ensuring their technologies for computing and information assets are secure, technologies for computing and information assets are secure, fast and easy to interact with.fast and easy to interact with.

The right accessThe right access

to the right contentto the right content

by the right peopleby the right people

Microsoft’s Commitment Microsoft’s Commitment toto CustomersCustomers::

To do everything possible to To do everything possible to enable every customer to work, enable every customer to work,

communicate, and transact communicate, and transact securely over the Internetsecurely over the Internet

People, Process, TechnologyPeople, Process, TechnologyWhat are the industry challenges?

Products lack Products lack security featuressecurity features

Products have bugsProducts have bugs Many issues are not Many issues are not

addressed by addressed by technical standardstechnical standards

Too hard to stay Too hard to stay up-to-dateup-to-date

Design for securityDesign for security Roles and Roles and

responsibilitiesresponsibilities Audit, track, follow-upAudit, track, follow-up Calamity plansCalamity plans Stay up-to-date with Stay up-to-date with

security developmentsecurity development

Lack of knowledgeLack of knowledge Lack of commitmentLack of commitment Human errorHuman error

PeoplePeople

Technology

TechnologyProc

ess

Proc

ess

Organizational Security RiskOrganizational Security RiskEstimating the cost of securityEstimating the cost of security

LowLow

Organizational Organizational Security ProfileSecurity Profile

Less Less SecureSecure

Observed Security Observed Security ProfileProfile

More More SecureSecure

Cos

t of F

ailu

reC

ost o

f Fai

lure

IT IT Security Security BudgetBudget

TimeTimeCost of Maintaining SecurityCost of Maintaining Security

Each layer of the organization:Each layer of the organization: Has its own security requirementsHas its own security requirements Sets its own security profileSets its own security profile

The perceived cost of failure is an The perceived cost of failure is an estimate of losses from inability to estimate of losses from inability to operateoperate Security spending is driven by the Security spending is driven by the

perceived cost of failureperceived cost of failure Components of the organizational Components of the organizational

security profile:security profile: PeoplePeople

Security teamSecurity team Security awarenessSecurity awareness

ProcessProcess Security policySecurity policy Reducing the attack surfaceReducing the attack surface Incident responseIncident response Change managementChange management Patch managementPatch management

TechnologyTechnology Defense In DepthDefense In Depth Intrusion detectionIntrusion detection

HighHigh

Organizational Security RiskOrganizational Security RiskThe impact of failure with a reactive approachThe impact of failure with a reactive approach

Reactive approach:Reactive approach: Increases overall Increases overall

security cost as a security cost as a result of: result of: Lost productivityLost productivity Loss of investor Loss of investor

confidenceconfidence User apathyUser apathy Loss of management Loss of management

supportsupport

LowLow





Cos

t of F

ailu

reC

ost o

f Fai

lure

Temporary Temporary change in change in

security profilesecurity profile



Nimda VirusNimda VirusResponse CostResponse Cost

HighHigh

Organizational Security RiskOrganizational Security RiskThe impact of failure with a proactive approachThe impact of failure with a proactive approach

Proactive approach:Proactive approach: Organizational security Organizational security

profile better suited for profile better suited for future incidentsfuture incidents Lower cost over timeLower cost over time Reduced attack surfaceReduced attack surface Detection and early Detection and early

identificationidentification Reaction and effective Reaction and effective

incident responseincident response

LowLow





Cos

t of F

ailu

reC

ost o

f Fai

lure

Incident Incident Response with Response with

Proactive Proactive approachapproach



Future VirusFuture VirusResponse CostResponse Cost

HighHigh

Business ImpactBusiness Impact According to the Computer Crime and Security Survey 2002, According to the Computer Crime and Security Survey 2002,

by the Computer Security Institute (CSI) and the FBI:by the Computer Security Institute (CSI) and the FBI: 90% detected computer security breaches90% detected computer security breaches 80% acknowledged financial losses due to computer breaches80% acknowledged financial losses due to computer breaches 40% of respondents quantified financial losses at $456 million, or $2 40% of respondents quantified financial losses at $456 million, or $2

million per respondent million per respondent 40% detected system penetration from the outside; 40% detected system penetration from the outside;

up from 25% in 2000up from 25% in 2000 85% detected computer viruses85% detected computer viruses

InformationWeek estimates:InformationWeek estimates: Security breaches cost businesses $1.4 trillion worldwide this yearSecurity breaches cost businesses $1.4 trillion worldwide this year 2/3 of companies have experienced viruses, worms, or Trojan Horses2/3 of companies have experienced viruses, worms, or Trojan Horses 15% have experienced Denial of Service attacks15% have experienced Denial of Service attacks

Security Breaches Have Real CostsSecurity Breaches Have Real CostsSource: Computer Security Institute (CSI) Computer Crime and Source: Computer Security Institute (CSI) Computer Crime and Security Survey 2002Security Survey 2002Source: InformationWeek.com, 10/15/01Source: InformationWeek.com, 10/15/01

Security AreasSecurity Areas

Physical SecurityPhysical Security Logical SecurityLogical Security Telecommunication SecurityTelecommunication Security Operating System SecurityOperating System Security Application SecurityApplication Security Organizational SecurityOrganizational Security

Microsoft Operational Framework (MOF):Microsoft Operational Framework (MOF): Risk Modeling and Mitigation Risk Modeling and Mitigation Understanding RisksUnderstanding Risks

Risk Risk StatementStatement

Retire Retire RisksRisks

Identify and manage risks throughout Identify and manage risks throughout all phases of the projectall phases of the project

IdentifyIdentify

Corporate Corporate Learning Learning

About About RisksRisks TrackTrack

PlanPlan

AnalyzeAnalyze

ControlControl

Risk Risk Assessment Assessment DocumentDocument

Top RisksTop Risks

1.1. 2.2.

4.4.

5.5. 3.3.

Defense In DepthDefense In Depth

Industry-wide security design methodology Industry-wide security design methodology of layering defenses:of layering defenses: Perimeter defensesPerimeter defenses Network defensesNetwork defenses Host defensesHost defenses Application defensesApplication defenses Data and resourcesData and resources

Provides a method and framework for designing Provides a method and framework for designing security into infrastructuresecurity into infrastructure

Prescriptive guidance and detail included in Microsoft Prescriptive guidance and detail included in Microsoft Internet Data Center design guideInternet Data Center design guide

Microsoft Internet Data Microsoft Internet Data Center Guide: SecurityCenter Guide: Security Examples of topics included in Internet Examples of topics included in Internet

Data Center guide:Data Center guide: Defense In Depth strategyDefense In Depth strategy Common hacker methods and preventionCommon hacker methods and prevention Best practices for security IISBest practices for security IIS Windows 2000 Active Directory design and Windows 2000 Active Directory design and

security policiessecurity policies Best practices for application securityBest practices for application security AuthenticationAuthentication

Microsoft Security Microsoft Security Process GuidanceProcess Guidance

Based on British Standard 7799, included in Internet Based on British Standard 7799, included in Internet Data Center guide, a 4-phase process:Data Center guide, a 4-phase process:

AssessAssess Define security requirementsDefine security requirements Perform analysis of current and desired statesPerform analysis of current and desired states

DesignDesign Develop security solutionDevelop security solution Utilize Defense In Depth frameworkUtilize Defense In Depth framework

DeployDeploy Test and implementTest and implement Define and document policies, standards, proceduresDefine and document policies, standards, procedures

ManageManage Operational managementOperational management Review and reassess on a regular basisReview and reassess on a regular basis

Strategic TechnologyStrategic TechnologyProtection ProgramProtection Program

Get Secure! Stay Secure!Get Secure! Stay Secure!

PeoplePeople ProcessProcess TechnologyTechnology

Security Management and OperationsSecurity Management and OperationsSecurity through people, process and technologySecurity through people, process and technology

MCS Security assessment service offering MCS Security assessment service offering Prescriptive guidance for building and Prescriptive guidance for building and managing securitymanaging securityPre-tested and certified configurationsPre-tested and certified configurationsMicrosoft Operations FrameworkMicrosoft Operations Framework

Industry leading security response and supportIndustry leading security response and support

Free PSS virus related support at +45 Free PSS virus related support at +45 4489 01114489 0111 World-class security trainingWorld-class security trainingGold certified security partner programGold certified security partner program

Security roll-up packagesSecurity roll-up packagesMicrosoft Baseline Security AnalyzerMicrosoft Baseline Security AnalyzerWindows Update Windows Update Microsoft Software Update ServiceMicrosoft Software Update Service

PeoplePeople

ProcessProcess

TechnologyTechnology

STPP: “Get Secure”STPP: “Get Secure”

Enterprise SecurityEnterprise Security Server security configuration scannerServer security configuration scanner SMS security patch rollout toolSMS security patch rollout tool Windows Update Auto-update clientWindows Update Auto-update client

(Group Policy-enabled)(Group Policy-enabled)

Microsoft.com/securityMicrosoft.com/security Server oriented security resources for server adminsServer oriented security resources for server admins New security tools and updates, New security tools and updates, Security Notification ServiceSecurity Notification Service

Microsoft Consulting ServicesMicrosoft Consulting Services Security AssessmentSecurity Assessment Security Quick Start ProgramsSecurity Quick Start Programs ISA Quick Start ProgramISA Quick Start Program

Product Support Services (PSS)Product Support Services (PSS) 1-866-PCSAFETY – Free virus related support1-866-PCSAFETY – Free virus related support Security News Groups – Microsoft.com/security Security News Groups – Microsoft.com/security PeoplePeople

PeoplePeople ProcessProcess

TechnologyTechnologyProcessProcess


STPP: “Stay Secure”STPP: “Stay Secure”

Enhanced Product SecurityEnhanced Product Security Provide greater security enhancements in the Provide greater security enhancements in the

releases of all new products, including thereleases of all new products, including theWindows .NET Server family Windows .NET Server family

Microsoft Software Update Service (SUS)Microsoft Software Update Service (SUS) Allows enterprise to host and selectAllows enterprise to host and select

Windows Update contentWindows Update content

Windows 2000 Service Pack (SP3)Windows 2000 Service Pack (SP3) Provide ability to install SP3 + security rollupProvide ability to install SP3 + security rollup

with a single rebootwith a single reboot

Windows 2000 Security Rollup PatchesWindows 2000 Security Rollup Patches Bundle all security fixes in single patchesBundle all security fixes in single patches Reduces reboots and administrator burdenReduces reboots and administrator burdenTechnologyTechnologyProcessProcess


PeoplePeopleTechnologyTechnology

ProcessProcess

PeoplePeopleTechnologyTechnology

ProcessProcess

The Secure InfrastructureThe Secure Infrastructure

Comprehensive Comprehensive Security Security

Management and Management and OperationsOperations

Secure Secure Network Network

ConnectivityConnectivity

Integrated Integrated Solution for Solution for

Identity Identity ManagementManagement

Directory Services (AD & MMS)Directory Services (AD & MMS) Authentication (PKI, Kerberos, Passport)Authentication (PKI, Kerberos, Passport) Authorization (ACLs, Roles, Federation)Authorization (ACLs, Roles, Federation) Policy-based management (GP, and GPMC)Policy-based management (GP, and GPMC)

Secure Internet connectivity (MSA & ISA)Secure Internet connectivity (MSA & ISA) Secure remote access (VPN, IAS)Secure remote access (VPN, IAS) Secure wireless networks (PKI + 802.1x)Secure wireless networks (PKI + 802.1x)

Tools (MBSA, MSUS)Tools (MBSA, MSUS) Guidance (MOC, PAGs, Security Best Practices)Guidance (MOC, PAGs, Security Best Practices) Services (MSQS, PSS, & professional services) Services (MSQS, PSS, & professional services) Products (SMS, MOM)Products (SMS, MOM)

Products to Help Manage Products to Help Manage Your IT SecurityYour IT Security Use Systems Management Server (SMS) 2.0 Use Systems Management Server (SMS) 2.0

Collect software/hardware inventory informationCollect software/hardware inventory information Deploy the HFNetChk tool, collect results and Deploy the HFNetChk tool, collect results and

report on findingsreport on findings Distribute Microsoft Security Tool Kit fixes to Distribute Microsoft Security Tool Kit fixes to

Windows desktops and serversWindows desktops and servers Receive status reports on the success of distributionReceive status reports on the success of distribution

Use Microsoft Operations Manager (MOM) 2000Use Microsoft Operations Manager (MOM) 2000 Proactively manage the OS and applications Proactively manage the OS and applications

through built-in security-related alerts and scripts through built-in security-related alerts and scripts Continuously monitor Windows servers for Continuously monitor Windows servers for

possible attackspossible attacks Receive immediate alerts of possible Receive immediate alerts of possible

security breachessecurity breaches Produce reports that can showcase service levels are being metProduce reports that can showcase service levels are being met

Microsoft BaselineMicrosoft BaselineSecurity AnalyzerSecurity Analyzer Part of STPPPart of STPP Uses a version of HFNetChk to scan for missing Uses a version of HFNetChk to scan for missing

hotfixes and service packs for Windows, IIS, and hotfixes and service packs for Windows, IIS, and SQL. SQL.

Includes a graphical and command line interface Includes a graphical and command line interface that can perform local or remote scans of that can perform local or remote scans of Windows systemsWindows systems

Scan for missing hotfixes and vulnerabilities in Scan for missing hotfixes and vulnerabilities in the following products: Windows NT 4.0, the following products: Windows NT 4.0, Windows 2000, Windows XP, Internet Information Windows 2000, Windows XP, Internet Information Server (IIS) 4.0 and 5.0, SQL Server 7.0 and 2000, Server (IIS) 4.0 and 5.0, SQL Server 7.0 and 2000, Internet Explorer (IE) 5.01 and later, and Office Internet Explorer (IE) 5.01 and later, and Office 2000 and 2002 2000 and 2002

Software Update Services SolutionSoftware Update Services Solution

Automatic Update (AU) clientAutomatic Update (AU) client Automatically download and install critical updatesAutomatically download and install critical updates

Security patches, high impact bug fixes and new drivers when Security patches, high impact bug fixes and new drivers when no driver is installed for a deviceno driver is installed for a device

Checks Windows Update service or Corporate Update server Checks Windows Update service or Corporate Update server once a dayonce a day

New!New! Install at scheduled time after automatic downloads Install at scheduled time after automatic downloads Administrator control of configuration via registry-based policyAdministrator control of configuration via registry-based policy Support for Windows .NET Server, Windows XP and Support for Windows .NET Server, Windows XP and

Windows 2000Windows 2000 Software Update ServicesSoftware Update Services

Corporate hosted server supports download and install of critical Corporate hosted server supports download and install of critical updates through Automatic Update clientupdates through Automatic Update client

Server synchronizes with the public Windows Update serviceServer synchronizes with the public Windows Update service Simple administrative model via IE Simple administrative model via IE Updates are not made available to clients until the administrator Updates are not made available to clients until the administrator

approves themapproves them Runs on Windows .NET Server and Windows 2000 ServerRuns on Windows .NET Server and Windows 2000 Server

Trustworthy ComputingTrustworthy ComputingThe Big PictureThe Big Picture

AvailabilityAvailabilityFunctionality there Functionality there when neededwhen needed

SuitabilitySuitabilityFeatures fit functionFeatures fit function

PrivacyPrivacyUser in control of their User in control of their datadata

IntegrityIntegrityAgainst data loss or Against data loss or alterationalteration

ReputationReputationSystem and provider System and provider brandbrand

PolicyPolicyGuidelines, standards, Guidelines, standards, normsnorms

Dev PracticesDev PracticesMethods, philosophyMethods, philosophy

Ops PracticesOps PracticesGuidelines and Guidelines and benchmarksbenchmarks

Business PracticesBusiness PracticesBusiness modelBusiness model

SecuritySecurityResists unauthorized Resists unauthorized accessaccess

QualityQualityUsability, reliability, Usability, reliability, performanceperformance

IntentIntentManagement Management assertionsassertions

RisksRisksWhat undermines What undermines intent, causes liabilityintent, causes liability

ImplementationImplementationSteps to deliver intentSteps to deliver intent

EvidenceEvidenceAudit mechanismsAudit mechanisms

GoalsGoals MeansMeans ExecutionExecution

Bringing It All Together…Bringing It All Together…

UNIXUNIXApplicationApplication

ExchangeExchange

Web Web ApplicationsApplications

File SharingFile Sharing SQL ServerSQL Server

ActiveActiveDirectoryDirectory

Active DirectoryActive Directory

Non-ADNon-ADDirectoryDirectory

Lower Cost of SecurityLower Cost of Security Integrated infrastructure solution Centralized management of network resources Fewer identities and directories to manage Interoperability with other platforms

Reduced Security RiskReduced Security Risk Prescriptive guidance Internet protection via firewall and content filtering Security tools and services Security patch management infrastructure

LANLAN

Wireless Wireless LANLAN

VPNVPNGatewayGateway

All-Time Favorite Security GoalsAll-Time Favorite Security Goals

Defense in depth The defense in depth rule states that not just one security solution should be implemented but that different solutions should be combined into one solution framework. In other words, information security is not a question of this OR that but rather of this AND that. This approach has the additional advantage that the different solutions can supplement each other.

Ease of use Ease of use assures that a security system is used when appropriate and that its use doesn’t depend on the complexity of its implementation. If a user encounters too many difficulties while working with a security system, he or she could prefer to do the same job without the security system. A way to provide ease of use is to centralize all security administration tasks and to make the application of security measures transparent to the user. This principle is used in Windows 2000 Group Policy Objects (GPO’s).

Performance As with ease of use, performance also assures that a security system is used when appropriate. It guarantees that a security system’s use doesn’t depend on its execution speed. If it takes you several minutes to send one secured mail, you might consider sending the mail without security (or upgrading the machine).

Availability Availability protects against interruption. It guarantees that the security system and the information protected by the security system are available at all time. Excellent examples of security solutions providing availability are backup software and fault-tolerant solutions, such as hardware clustering or RAID.

Cost This is a key factor that is often forgotten. In many organizations it’s the decisive parameter when choosing the final security solution.

Next StepsNext Steps Microsoft Security Quick Start (MSQS)Microsoft Security Quick Start (MSQS)

Short, fixed cost programs designed to help you get secure Short, fixed cost programs designed to help you get secure and stay secureand stay secure

MSQS for Planning Secure Systems MSQS for Planning Secure Systems MSQS for Operating Secure Systems MSQS for Operating Secure Systems

Build security into the development processBuild security into the development process SMI – engineering for securitySMI – engineering for security New processes and tools for development and testing New processes and tools for development and testing Mobilization of resources to make it happenMobilization of resources to make it happen

Deploy a secure infrastructure Deploy a secure infrastructure Windows 2000 Servers and ISA todayWindows 2000 Servers and ISA today Windows .NET build on Windows 2000 security Windows .NET build on Windows 2000 security

infrastructureinfrastructure Best path to federationBest path to federation

Utilize security training available from MicrosoftUtilize security training available from Microsoft Certified Partner ProgramCertified Partner Program

Security Resources (1/3)Security Resources (1/3)To locate a partner who can help To locate a partner who can help with Microsoft security solutions:with Microsoft security solutions:Microsoft Certified Providers DirectoryMicrosoft Certified Providers Directoryhttp://mcspreferral.microsoft.com/

Microsoft Consulting ServicesMicrosoft Consulting Serviceswww.microsoft.com/BUSINESS/services/mcs.asp

For technical information:For technical information:White Paper: White Paper: Microsoft Security Response Microsoft Security Response Center Security Bulletin Severity Rating SystemCenter Security Bulletin Severity Rating System www.microsoft.com/technet/security/topics/rating.asp

CSI/FBI Computer Crimes and Security Survey CSI/FBI Computer Crimes and Security Survey 20022002, Computer Security Institute: , Computer Security Institute: www.gocsi.com/

ISA Server information: ISA Server information: www.microsoft.com/isa

Hacking Exposed – Network Security Secrets & Hacking Exposed – Network Security Secrets & Solutions, 3Solutions, 3rdrd Edition; Edition; Joel Scambray, Stuart Joel Scambray, Stuart McClure, George KurtzMcClure, George Kurtz

For training and For training and certification questions:certification questions:Microsoft Training and CertificationMicrosoft Training and Certificationwww.microsoft.com/training

For information about Microsoft security For information about Microsoft security strategies and solutions:strategies and solutions:Primary resource: Primary resource: www.microsoft.com/security

White Papers: White Papers: Best Practices for Enterprise Security Best Practices for Enterprise Security www.microsoft.com/technet/security/bpentsec.asp

It’s Time to End Information AnarchyIt’s Time to End Information Anarchy www.microsoft.com/technet/columns/security/noarch.asp

The 10 Immutable Laws of SecurityThe 10 Immutable Laws of Security www.microsoft.com/TechNet/security/10imlaws.asp

Security Resources (2/3)Security Resources (2/3)Security Services:Security Services:Microsoft Security Services DirectoryMicrosoft Security Services Directoryhttp://www.microsoft.com/security/overview/services.asp

Microsoft TechNet SecurityMicrosoft TechNet Securityhttp://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/default.asp

For technical information:For technical information:White Papers:White Papers:Security Operations Guide forSecurity Operations Guide forWindows 2000 ServerWindows 2000 Serverhttp://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/prodtech/windows/windows2000/staysecure/default.asp

Security Operations Guide forSecurity Operations Guide forExchange 2000 ServerExchange 2000 Serverhttp://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/prodtech/mailexch/opsguide/default.asp

Internet Data Center Guide Documentation: Internet Data Center Guide Documentation: http://www.microsoft.com/downloads/release.asp?releaseID=35479

Security Tools:Security Tools:Microsoft Security ToolsMicrosoft Security Toolshttp://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/default.asp

Microsoft Baseline Security AnalyzerMicrosoft Baseline Security Analyzerhttp://www.microsoft.com/technet/treeview/default.asp?url=/technet/http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/Tools/MBSAhome.aspsecurity/tools/Tools/MBSAhome.asp

For information about Microsoft security For information about Microsoft security strategies and solutions:strategies and solutions:Primary resource: Primary resource: www.microsoft.com/securityTrustworthy ComputingTrustworthy Computing http://www.microsoft.com/enterprise/articles/security.asp

Strategic Technology Protection ProgramStrategic Technology Protection Program http://www.microsoft.com/security/mstpp.asp

Product Security Notification Product Security Notification http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/notify.asp

Security Best Practices:Security Best Practices: http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/notify.asp

Security Resources (3/3)Security Resources (3/3) Other useful resources:Other useful resources:MBSA Whitepaper:MBSA Whitepaper:http://www.microsoft.com/technet/security/tools/tools/mbsawp.asp MBSA Download:MBSA Download:http://download.microsoft.com/download/win2000platform/Install/1.0/NT5XP/EN-US/mbsasetup.msi SUS Info and Download:SUS Info and Download:http://www.microsoft.com/windows2000/windowsupdate/sus/SMS Valuepack online presentation: SMS Valuepack online presentation: http://support.microsoft.com/default.aspx?scid=/servicedesks/webcasts/wc081402/http://support.microsoft.com/default.aspx?scid=/servicedesks/webcasts/wc081402/wcblurb081402.asp wcblurb081402.asp MMS Information:MMS Information: http://www.microsoft.com/windows2000/technologies/directory/MMS/default.asphttp://www.microsoft.com/windows2000/technologies/directory/MMS/default.aspSfU Information:SfU Information:http://www.microsoft.com/windows/sfu/default.asphttp://www.microsoft.com/windows/sfu/default.aspSfN Information:SfN Information:http://www.microsoft.com/windows2000/sfn/default.asphttp://www.microsoft.com/windows2000/sfn/default.aspHIS Information:HIS Information:http://www.microsoft.com/hiserver/default.asphttp://www.microsoft.com/hiserver/default.aspActive Directory Information: Active Directory Information: http://www.microsoft.com/windows2000/technologies/directory/AD/default.asphttp://www.microsoft.com/windows2000/technologies/directory/AD/default.asp

Documents

Security Security Securing Your IT Infrastructure Kim Mikkelsen Senior Technology Specialist Enterprise & Partner Group Microsoft Denmark