Beyond Patching: Security on the Microsoft Platform - PowerPoint PPT Presentation

Loading...

PPT – Beyond Patching: Security on the Microsoft Platform PowerPoint presentation | free to download - id: 216c1-N2RhM



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Beyond Patching: Security on the Microsoft Platform

Description:

Spyware removal reduces PC slow down, pop-up ads, and more ... Consumer version will be free ... Virus Cleaner Tools. Systems Management Server (SMS) 2003 ... – PowerPoint PPT presentation

Number of Views:78
Avg rating:3.0/5.0
Slides: 35
Provided by: ianham
Learn more at: http://www.issa-nova.org
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Beyond Patching: Security on the Microsoft Platform


1
Beyond PatchingSecurity on the Microsoft
Platform
  • Dean Iacovelli
  • Security Systems Architect
  • Microsoft Mid Atlantic
  • deaniac_at_microsoft.com

2
Agenda
  • The patching problem - good news/bad news
  • Beyond patching
  • Isolation and resiliency
  • Network segmentation
  • Rights management
  • Smartcards
  • The road ahead
  • Network access control
  • Vulnerability assessment
  • Active Protection

3
Caveats, Etc
  • Lets keep it interactive
  • Lots of topics and technologies - if I dont know
    the answer, Ill find out !
  • Some of the slide content towards the end of the
    talk cannot be left with attendees unfortunately

4
Framework for a Security-Enabled Business
  • Management commitment to proactive risk
    management
  • Security defined in terms of value to the
    business
  • Clearly defined vision, mission, and scope
  • Well-defined roles and accountability

Security Leadership Culture
  • Consistent and repeatable process to assess and
    prioritize risk
  • Formal decision support process to identify the
    most effective solution based on a cost/benefit
    analysis

Risk Management Decision Support
  • View of security solutions across enterprise IT
    assets
  • Common approach and understanding of current
    investments and future needs
  • Measurement of results

Security Solutions Blueprint
5
Patch Management
6
Patch Management InitiativeThe Good News
Informed Prepared Customers
Consistent Superior Update Experience
Superior Patch Quality
Best Patch Update Management Solutions
7
Windows Update Services
  • Broader product and patch type support
  • Windows XP Pro, Windows 2000 Pro, Windows 2000
    Server, Windows Server 2003, Office XP, Office
    2003, SQL Server 2000, MSDE 2000, Exchange 2003,
    additional products over time
  • Security, critical and non-critical updates,
    update rollups, service packs, feature packs, and
    critical driver updates
  • Consolidated update management infrastructure
  • Data Model - supersedence, update dependency
    bundle relationships
  • Built-in update scanning engine to detect missing
    updates
  • Other features
  • Binary delta compression technologies
    dramatically reduce data transfer needs
  • Patch uninstall capability
  • Better targeting group policy or server-side
    lists
  • Better scheduling set polling frequency
  • Better reporting (logs to SQL or MSDE)

8
Beyond PatchingThe Bad News
  • Patching is becoming a 2nd or 3rd line defense,
    like backups
  • You do it regularly but hope you never need it
  • Automated attacks require automated response
  • Investments made before the next worm will make
    all the difference
  • All about layers that protect you even when
    youre not patched

Dont delete me
9
The Defense-in-Depth Model
  • Using a layered approach
  • Increases an attackers risk of detection
  • Reduces an attackers chance of success

Policies, Procedures, Awareness
Physical Security
Data
ACLs, encryption, EFS
Application
Application hardening, antivirus
OS hardening, authentication, patch management,
HIDS
Host
Internal Network
Network segments, IPSec, NIDS
Firewalls, Network Access Quarantine Control
Perimeter
Guards, locks, tracking devices
Security documents, user education
10
Isolation and Resiliency
11
Helps protect the system from attacks from the
network
Enables more secure Email and Instant Messaging
experience
Enables more secure Internet experience for most
common Internet tasks
Provides system-level protection for the base
operating system
12
How SP2 Would Have Helped
  • MSBlaster worm
  • Windows Firewall, by default, blocks the ports
    required to exploit this vulnerability
  • By denying unauthenticated requests to DCOM, this
    exploit would have been mitigated
  • The /GS Switch and/or NX would have prevented
    this exploit by preventing the unchecked buffer
    from being exploited
  • W32.Sasser.worm
  • Windows Firewall, by default, blocks the ports
    required to exploit this vulnerability
  • The /GS Switch and/or NX would have prevented
    this exploit by preventing the unchecked buffer
    from being exploited
  • Mydoom and W32/Nimda.A_at_mm
  • Attachment Manager would have blocked Mydoom had
    an infected e-mail been opened in Outlook Express
  • Various spoofing and phishing attacks on the
    Internet
  • The new IE Popup Blocker and new limitations on
    script-initiated windows would have eliminated
    many of these attacks

13
Application Compatibility ?
  • 5 of 5
  • 95 of apps not impacted because outbound traffic
    not blocked by Windows Firewall
  • 95 of affected applications fixed with config
    change on firewall
  • Group policy
  • Scripts
  • Remaining 5 mostly have RPC/DCOM issues or
    hardware compatibility/driver issues

14
Application Compatibility Analyzer 4.0
  • Built on of ACT 3.0 with enhancements for SP2
  • Improved Evaluation Tools
  • Robust app inventory tool - automated issue
    detection agents
  • Updates from Microsoft online Web service
  • Mitigation tools - Compatibility Administrator
  • Registry and layer fixes for DCOM and Windows
    Firewall
  • Deployment via Group Policy, Login Scripts or SMS
  • Available Beta Oct. 04, RTM Feb. 05

15
Announced At RSA
  • New version of IE for XP SP2
  • Additional security enhancements to combat
    phishing, malware, etc
  • No announced plans to backport
  • Beta by summer
  • More feature details as we get closer to beta

16
Windows Server 2003 SP1 Security
  • Stronger Defaults and privilege reduction on
    services
  • Relevant XP SP2 enhancements (RPC / DCOM)
  • Windows Firewall enabled by default
  • New install scenario
  • Security Configuration Wizard
  • Role-based configuration and lockdown
  • VPN Quarantine
  • Client inspection
  • Fix-up
  • Isolation

17
Security Configuration Wizard Windows Server
2003 SP1
  • Security policy authoring tool for Windows Server
    2003
  • Roles-based paradigm.
  • Focused on Attack Surface Reduction
  • Disables unnecessary services.
  • Disables unnecessary web extensions.
  • Blocks unnecessary ports.
  • Configures audit SACLs.
  • Operational infrastructure
  • Client-Server deployment infrastructure.
  • Support for Group Policy-based deployment.
  • Compliance Analysis.
  • Rollback support.
  • Ships in Windows Server 2003 SP1 (Q1 CY05)

18
Policy DeploymentSingle Server
  • Apply to a local or remote server directly from
    the UI.
  • SCW must be installed on target server.

SecPolicy.xml
Local or Remote
19
Policy DeploymentMultiple Servers via Group
Policy
SCE.Inf
Scwcmd.exe
Firewall.pol
SecPol.xml
Filters.ipsec
  • SCW command-line transforms SCW policies into
    Group Policy-compatible policy files.
  • Admin can target deploy policies via Active
    Directory.
  • SCW not required on target servers.

20
(No Transcript)
21
Microsoft Windows AntiSpyware
22
Announced At RSA
  • Windows Anti-Spyware to be released later this
    year
  • Consumer version will be free
  • Enterprise version with centralized mgmt, etc
    will be licensed separately
  • No details on price, enterprise features, etc at
    this time

23
Authentication, Authorization and Access Control
24
Integrated Platform Security
25
(No Transcript)
26
IPSec at Microsoft
Microsoft Corporate Network

SecureNet
Labs (75,000)
PocketPC/Xbox (18,000)
MAC (2,000)
Clients, Servers, Home LAN, Trustworthy Labs
(203,000)
Untrustworthy
Boundary Machines (5,000)
Infrastructure (500)
ACL Controlled
Internal Exclusions
Internet ServersBusiness Partners
DTaps
(no connectivity to CorpNet)
Extranet
(1,800)
External Exclusions
27
Windows Rights Management Services (RMS)
  • Windows platform information protection
    technology
  • Better safeguard sensitive information
  • Keeps Internal Information Internal
  • Establishes an audit trail to track usage of
    protected files
  • Augments existing perimeter-based security
    technologies
  • Persistent protection
  • AES 128 encryption travels with documents
  • Can enforce policy via RMS templates
  • Sample rights include view, read-only, copy,
    print, save, forward, edit, and time-based
  • Flexible and customizable technology
  • Utilizes familiar e-mail names groups
    (distribution lists in AD)
  • Enables custom solutions through SDKs

28
Rights Management Services
  • Author receives a client licensor certificate the
    first time they rights-protect information.

SQL Server
Active Directory
  • Author defines a set of usage rights and rules
    for their file Application creates a publishing
    license and encrypts the file.

RMS Server
  • Author distributes file.

4
1
  • Recipient clicks file to open, the application
    calls to the RMS server which validates the user
    and issues a use license.

2
5
3
  • Application renders file and enforces rights.

Information Author
The Recipient
29
Smartcard Deployment at MS
  • Situation
  • Remote access to network assets are becoming
    increasingly vulnerable to hackers and malicious
    intruders
  • Solution
  • Using existing Microsoft Windows 2000 Server or
    Windows Server 2003 infrastructure, you can
    employ Smart Cards to substantially increase the
    strength of your network security
  • Benefits
  • Stronger security through two-factor
    authentication
  • Flexible solution thats easy to use
  • Leverage existing PKI infrastructure

30
Solution Components
  • Smart Card
  • RFID badge with 32k chip
  • Client Hardware
  • USB and/or PCMCIA reader
  • Client Software
  • XP
  • CSP
  • SC reader device drivers
  • Connection Manager VPN client
  • SC management tools
  • Server Software
  • Windows 2000 or Windows Server 2003
  • AD, PKI, SC admin tools

31
Deployment
  • Card creation process
  • Cardman already had OS on card so blank
    non-flashed cards were purchased
  • Already contained RFID functionality for physical
    access
  • Pilots
  • Two pilots 75 IT staff, then 800 users across a
    building
  • Initial card distribution process
  • Trusted Smart Card Security Officers
  • User install and setup
  • Either at enrollment station or on our corpnet
    via web-launched script

32
  • Microsoft Baseline Security Analyzer (MBSA) v1.2
  • Virus Cleaner Tools
  • Systems Management Server (SMS) 2003
  • Software Update Services (SUS) SP1
  • Internet Security and Acceleration (ISA) Server
    2004 Standard Edition

Prior
  • Windows XP Service Pack 2
  • Patching Technology Improvements (MSI 3.0)
  • Systems Management Server 2003 SP1
  • Microsoft Operations Manager 2005

H2 04
  • Windows malicious software removal tool
  • Windows Server 2003 Service Pack 1
  • Windows Update Services
  • ISA Server 2004 Enterprise Edition
  • Windows Rights Management Services SP1
  • Windows AntiSpyware
  • System Center 2005
  • Windows Server 2003 R2
  • Visual Studio 2005

2005
  • Vulnerability Assessment and Remediation
  • Active Protection Technologies

Future
33
Tools
  • Microsoft Baseline Security Analyzer (MBSA)
  • http//www.microsoft.com/mbsa
  • Software Update Services (SUS) / Windows Update
    Services (WUS)
  • http//www.microsoft.com/wus
  • Windows Update
  • http//windowsupdate.microsoft.com/
  • Microsoft Office Product Updates
  • http//office.microsoft.com/productupdates/
  • IIS Web Server Lockdown Wizard
  • http//www.microsoft.com/technet/security/tools/lo
    cktool.mspx
  • UrlScan Security Tool
  • http//www.microsoft.com/technet/security/tools/ur
    lscan.mspx
  • Removal Tools
  • Mydoom, Zindos and Doomjuice worms
    http//support.microsoft.com/?kbid836528
  • Blaster Removal Tool for Windows XP and 2000
  • http//www.microsoft.com/downloads/details.aspx?fa
    milyide70a0d8b-fe98-493f-ad76-bf673a38b4cfdispla
    ylangen
  • Sasser (A-F) Worm Removal Tool
    http//support.microsoft.com/?kbid841720
  • MS04-028 Enterprise Scanning Tool
    http//support.microsoft.com/?kbid886988
  • Other Tools http//www.microsoft.com/technet/secu
    rity/tools/default.mspx

34
Guidance and Training
  • Security Guidance Centers on Microsoft.com
  • Worldwide http//www.microsoft.com/security/guida
    nce/worldwide/default.mspx
  • US http//www.microsoft.com/security/guidance
  • E-Learning Security Training https//www.microsoft
    elearning.com/security/
  • XP SP2 https//www.microsoftelearning.com/xpsp2
  • Security Guidance Kit CD (now shipping in US and
    Canada) http//www.microsoft.com/security/guidance
    /order/default.mspx
  • Microsoft IT Security Showcase http//www.microsof
    t.com/technet/itsolutions/msit/default.mspxEDBAAA
  • Security Newsletter http//www.microsoft.com/techn
    et/security/secnews/default.mspx
  • Register for our free monthly e-mail newsletter
    that's packed with security news, guidance,
    updates, and community resources to help you
    protect your network.
  • Security Program Guide Events and Training
    Information http//www.microsoft.com/seminar/event
    s/security.mspx
  • Events, webcasts and training ivailable for both
    IT Professionals and Developers.
  • US Security Summit Keynote and Training Content
    http//www.microsoft.com/seminar/securitysummit/pr
    esentations/default.mspx
  • Security Notifications via e-mail
    http//www.microsoft.com/technet/security/bulletin
    /notify.mspx
  • Sign up today to get e-mail alerts when an
    important security bulletin or virus alert has
    been released.
  • Security Update RSS Feed http//www.microsoft.com/
    technet/security/bulletin/secrss.aspx
  • Security Bulletin Search Page http//www.microsoft
    .com/technet/security/current.aspx
  • Security Bulletin Webcast http//www.microsoft.com
    /technet/security/bulletin/summary.mspx
  • How to Tell If a Microsoft Security-Related
    Message Is Genuine http//www.microsoft.com/securi
    ty/antivirus/authenticate_mail.asp
  • Writing Secure Code, 2nd edition
    http//www.microsoft.com/mspress/books/5957.asp
About PowerShow.com