Embed Size (px)
Citation preview
Strategy Briefing, 12. maj 2005Strategy Briefing, 12. maj 2005Strategy Briefing, 12. maj 2005Strategy Briefing, 12. maj 2005
Trustworthy ComputingTrustworthy Computing Windows AntispywareWindows Antispyware Rights Management ServicesRights Management Services Identity Integration Server 2003Identity Integration Server 2003 ISA Server 2004ISA Server 2004 Audit Collection ServicesAudit Collection Services Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 1 and
Windows XP Service Pack 2Windows XP Service Pack 2 Network Access ProctectionNetwork Access Proctection Patch ManagementPatch Management Business ValueBusiness Value
* Disclaimer* DisclaimerThis presentation contains preliminary information that may be changed substantially This presentation contains preliminary information that may be changed substantially prior to final commercial release of the software described herein.prior to final commercial release of the software described herein.
The information contained in this presentation represents the current view of The information contained in this presentation represents the current view of Microsoft Corporation on the issues discussed as of the date of the presentation. Microsoft Corporation on the issues discussed as of the date of the presentation. Because Microsoft must respond to changing market conditions, it should not be Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of the guarantee the accuracy of any information presented after the date of the presentation.presentation.
This presentation is for informational purposes only. MICROSOFT MAKES NO This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.THIS PRESENTATION.
Microsoft may have patents, patent applications, trademarks, copyrights, or other Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this presentation. Except as intellectual property rights covering subject matter in this presentation. Except as expressly provided in any written license agreement from Microsoft, the furnishing of expressly provided in any written license agreement from Microsoft, the furnishing of this information does not give you any license to these patents, trademarks, this information does not give you any license to these patents, trademarks, copyrights, or other intellectual property.copyrights, or other intellectual property.
© 2004 Microsoft Corporation. All rights reserved.© 2004 Microsoft Corporation. All rights reserved.
Material explicitly covered by Non Disclosure Agreement, will be marked by *NDAMaterial explicitly covered by Non Disclosure Agreement, will be marked by *NDA
At RiskAt Risk
14B devices on the Internet by 2010 35M remote users by 2005 65% increase in dynamic Web sites From 2000 to 2002 reported incidents rose from
21,756 to 82,094 Nearly 80 percent of 445 respondents surveyed said
the Internet has been a frequent point of attack, up from 57 percent just four years ago
90% detected security breaches 85% detected computer viruses 95% of all breaches avoidable with
an alternative configuration Approximately 70 percent of all Web attacks occur at
the application layer
The SoftThe SoftUnderbellyUnderbelly
1 Source: Forrester Research2 Source: Information Week, 26 November 2001
3 Source: Netcraft summary4 Source: CERT, 2003
5 Source: CSI/FBI Computer Crime and Security Survey6 Source: Computer Security Institute (CSI) Computer Crime and Security Survey 2002
7 Source: CERT, 20028 Source: Gartner Group
11
22
33
44
55
66
66
77
88
Security Framework (SDSecurity Framework (SD33+C)+C)
Threat modelingThreat modelingCode inspectionCode inspectionPenetration testingPenetration testing
Unused features off by defaultUnused features off by defaultReduce attack surface areaReduce attack surface areaLeast PrivilegeLeast Privilege
Prescriptive GuidancePrescriptive GuidanceSecurity Tools Security Tools Training and EducationTraining and Education
Community EngagementCommunity EngagementTransparencyTransparencyClear policyClear policy
Windows Server 2003 UnaffectedWindows Server 2003 UnaffectedThe underlying The underlying DLL (NTDLL.DLL) DLL (NTDLL.DLL) not vulnerablenot vulnerable
The underlying The underlying DLL (NTDLL.DLL) DLL (NTDLL.DLL) not vulnerablenot vulnerable
Fixed during secure code reviewFixed during secure code reviewFixed during secure code reviewFixed during secure code review
EvenEven if it was running if it was runningEvenEven if it was running if it was running IIS 6.0 doesn’t have DAV enabled by defaultIIS 6.0 doesn’t have DAV enabled by defaultIIS 6.0 doesn’t have DAV enabled by defaultIIS 6.0 doesn’t have DAV enabled by default
EvenEven if it did have if it did have DAV enabledDAV enabledEvenEven if it did have if it did have DAV enabledDAV enabled
Maximum URL length in IIS 6.0 is 16kb Maximum URL length in IIS 6.0 is 16kb by default (>64kb needed) by default (>64kb needed) Maximum URL length in IIS 6.0 is 16kb Maximum URL length in IIS 6.0 is 16kb by default (>64kb needed) by default (>64kb needed)
EvenEven if it was if it was vulnerablevulnerableEvenEven if it was if it was vulnerablevulnerable
IIS 6.0 not running by default on IIS 6.0 not running by default on Windows Server 2003Windows Server 2003IIS 6.0 not running by default on IIS 6.0 not running by default on Windows Server 2003Windows Server 2003
EvenEven if it DID get this if it DID get this far and there WAS an far and there WAS an actual Buffer Overrunactual Buffer Overrun
EvenEven if it DID get this if it DID get this far and there WAS an far and there WAS an actual Buffer Overrunactual Buffer Overrun
Would have occurred in Would have occurred in w3wp.exew3wp.exe which is now running as ‘network which is now running as ‘network service’service’
Would have occurred in Would have occurred in w3wp.exew3wp.exe which is now running as ‘network which is now running as ‘network service’service’
Source: Microsoft Security Bulletin Search
Protect against malicious software – e.g. Protect against malicious software – e.g. malware, network sniffers, keyloggers etc.malware, network sniffers, keyloggers etc.
Basic version provided to all licensed Basic version provided to all licensed Windows users free of chargeWindows users free of charge ProtectProtect Detect and removeDetect and remove UpdateUpdate
Enterprise EditionEnterprise Edition Sold separatelySold separately Provide Enterprise capabilitiesProvide Enterprise capabilities
Central loggingCentral logging Central control and managementCentral control and management Central updateCentral update
A way of expressing permissionsA way of expressing permissions Only authorized users can access protected Only authorized users can access protected
informationinformation
Project usage policy onto the information you Project usage policy onto the information you ownown
Policy persists with information Policy persists with information Examples: view, read-only, copy, print, save, Examples: view, read-only, copy, print, save,
forward, modify, time-basedforward, modify, time-based Rights live within the file wherever the file goesRights live within the file wherever the file goes Does not rely on external system to impose Does not rely on external system to impose
access controlaccess control
Augments existing perimeter-based security Augments existing perimeter-based security technologiestechnologies
Identity DataIdentity Data
LDAPLDAP SQLSQL
Directory SynchronizationDirectory SynchronizationActive Directory & ADAMActive Directory & ADAMSun/iPlanet DirectorySun/iPlanet DirectoryNovell eDirectoryNovell eDirectoryMicrosoft SQL 2000 & SQL 7Microsoft SQL 2000 & SQL 7Oracle 9i/8iOracle 9i/8iLotus Notes 5.x/6.xLotus Notes 5.x/6.xMicrosoft Exchange 5.5, 2K, 2K3Microsoft Exchange 5.5, 2K, 2K3Microsoft NT 4.xMicrosoft NT 4.xDSML, LDIF, CSV, fixed widthDSML, LDIF, CSV, fixed width……others to followothers to follow
Password ManagementPassword ManagementSelf-service password resetSelf-service password resetHelpdesk password resetHelpdesk password resetTrue password synch (PCNS)True password synch (PCNS)
Provisioning and WorkflowProvisioning and WorkflowAutomate account create/deleteAutomate account create/deleteSample workflow applicationSample workflow application
NOSNOS
LOB AppsLOB Apps
Limitations Of Traditional FirewallsLimitations Of Traditional Firewalls
Limited capacity for growth
Growth requires new hardware, old hardware can’t be repurposed
Growth requires purchase of new license
Performance versus security
tradeoff
Bandwidth is limited and expensive Traffic inspection reduces performance
Hard to manage Security is complex IT already overloaded
Wide open to advanced attacks
Application-layer attacks: Code-Red, Nimda Encryption to bypass detection: SSL
“The advanced application layer firewall, VPN and Web cache solution that enables customers to maximize IT investments by improving network
security and performance”
Advanced ProtectionApplication layer security designed to protect
Microsoft applications
Ease of UseEfficiently deploy, manage, and enable new usage scenarios
Fast, Secure AccessEmpowers you to connect users to relevant information on your network in a
cost efficient manner
Security Event Log collection and Security Event Log collection and analysisanalysis
Real-time and forensic analysis across Real-time and forensic analysis across multiple machinesmultiple machines
Auditor-Administrator role separationAuditor-Administrator role separation End-to-end securityEnd-to-end securityWMI
Management System
Management and Alerting
Monitored Workstations
SQL
Collector
Real-Time Intrusion Detection Applications
Events Events subject to subject to tamperingtampering
Events under Events under control of Auditorscontrol of Auditors
Forensic Analysis
ACS architectureACS architecture
Security driven/focusedSecurity driven/focused Enhanced firewallEnhanced firewall Enhanced browsing and e-mail experience (e.g. Enhanced browsing and e-mail experience (e.g.
Information Bar, Add-on Manager, Popup Information Bar, Add-on Manager, Popup Blocker)Blocker)
RPC/DCOM lockdownRPC/DCOM lockdown Install and boot time network protectionInstall and boot time network protection
Functionality enhancementsFunctionality enhancements Network Access Quarantine (VPN) – WS2003Network Access Quarantine (VPN) – WS2003
Client isolationClient isolation Client inspectionClient inspection Client fix-upClient fix-up
Security Configuration Wizard (SCW) – WS2003Security Configuration Wizard (SCW) – WS2003 Wireless Provisioning Services – WS2003Wireless Provisioning Services – WS2003 Wireless Provisioning Client - WinXPWireless Provisioning Client - WinXP Security Center – WinXPSecurity Center – WinXP
The Network Access Protection system provides three The Network Access Protection system provides three distinct functionalities: distinct functionalities:
1.1. Network Policy ValidationNetwork Policy ValidationNetwork policy validation functionality provides a mechanism to Network policy validation functionality provides a mechanism to determine whether or not a networked client machine is in determine whether or not a networked client machine is in compliance with IT-defined network access policies at the point of compliance with IT-defined network access policies at the point of network entry. network entry.
2.2. Network IsolationNetwork IsolationNetwork isolation functionality automatically restricts non-Network isolation functionality automatically restricts non-compliant client machines to a separate virtual network segment compliant client machines to a separate virtual network segment when the system is configured for enforcement mode. An IT when the system is configured for enforcement mode. An IT professional may choose to allow access to specific resources, professional may choose to allow access to specific resources, such as update services or Internet access, to clients in the such as update services or Internet access, to clients in the isolation network.isolation network.
3.3. Network Policy Compliance Network Policy Compliance Network policy compliance functionality provides a mechanism to Network policy compliance functionality provides a mechanism to automatically update non-compliant client machines while the automatically update non-compliant client machines while the client is restricted to the isolation network. Once the client client is restricted to the isolation network. Once the client machine has been updated the client is automatically re-validated machine has been updated the client is automatically re-validated for network access.for network access.
Windows Server Update ServicesWindows Server Update Services Software Update Services successor with Software Update Services successor with
much improved functionality for patch much improved functionality for patch managementmanagement
Microsoft UpdateMicrosoft Update Central web site for updating all Microsoft Central web site for updating all Microsoft
products automatically or by using SMS or products automatically or by using SMS or WSUS for distributionWSUS for distribution
SecuritySecurity
Reduce Security RiskReduce Security RiskAssess the environmentAssess the environment
Improve isolation and resiliencyImprove isolation and resiliency
Develop and implement controlsDevelop and implement controlsRisk Risk LevelLevel
Impact toImpact toBusinessBusiness
ProbabilityProbabilityof Attackof Attack
ROIROI
ConnectedConnected
ProductiveProductive
Increase Business ValueIncrease Business ValueConnect with customersConnect with customers
Integrate with partnersIntegrate with partners
Empower employeesEmpower employees
Identity Integration Server 2003Identity Integration Server 2003 Directory SynchronizationDirectory Synchronization
““Improved updating of user data: $185 per user/year”Improved updating of user data: $185 per user/year”
““Improved list management: $800 per list”Improved list management: $800 per list”
- Giga Information Group- Giga Information Group
Password ManagementPassword Management““Password reset costs range from $51 (best case) to Password reset costs range from $51 (best case) to $147 (worst case) for labor alone.” – $147 (worst case) for labor alone.” – GartnerGartner
User ProvisioningUser Provisioning““Improved IT efficiency: $70,000 per year per 1,000 Improved IT efficiency: $70,000 per year per 1,000 managed users”managed users”
““Reduced help desk costs: $75 per user per year”Reduced help desk costs: $75 per user per year”
- Giga Information Group- Giga Information Group
ISA Server 2004ISA Server 2004
Enables Diverse Customer ScenariosEnables Diverse Customer Scenarios Provides the protection needed todayProvides the protection needed today
Advanced ProtectionApplication layer security designed to protect
Microsoft applications
Ease of UseEfficiently deploy, manage, and enable new usage scenarios
Fast, Secure AccessEmpowers you to connect users to relevant information on your network in a
cost efficient manner
Microsoft Baseline Security Analyzer (MBSA) v1.2Microsoft Baseline Security Analyzer (MBSA) v1.2Virus Cleaner ToolsVirus Cleaner ToolsSystems Management Server (SMS) 2003Systems Management Server (SMS) 2003Software Update Services (SUS) SP1Software Update Services (SUS) SP1Internet Security and Acceleration (ISA) Server 2004 Internet Security and Acceleration (ISA) Server 2004 Standard EditionStandard EditionWindows XP Service Pack 2Windows XP Service Pack 2
Patching Technology Improvements (MSI Patching Technology Improvements (MSI 3.0)3.0)Systems Management Server 2003 SP1Systems Management Server 2003 SP1Microsoft Operations Manager 2005Microsoft Operations Manager 2005Windows malicious software removal toolWindows malicious software removal tool
Windows Server 2003 Service Pack 1Windows Server 2003 Service Pack 1Windows Server Update Services Windows Server Update Services Microsoft UpdateMicrosoft UpdateISA Server 2004 Enterprise EditionISA Server 2004 Enterprise EditionWindows Rights Management Services SP1Windows Rights Management Services SP1Windows AntiSpywareWindows AntiSpywareWindows Server 2003 “R2”Windows Server 2003 “R2”Visual Studio 2005Visual Studio 2005
Vulnerability Assessment and Vulnerability Assessment and RemediationRemediationActive Protection Technologies Active Protection Technologies Antivirus (aka A1)Antivirus (aka A1)
PriorPrior
H2 04H2 04
FutureFuture
20052005
©2004 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
Server sponseret af Server sponseret af
