1 / 19

Security Overview for Microsoft Infrastructures

Security Overview for Microsoft Infrastructures. Fred Baumhardt and James Noyce Infrastructure Solutions and Security Solutions Teams Microsoft Security Solutions, Feb 4 th , 2003. Agenda. Threats – How you are attacked and from where

flora
Télécharger la présentation

Security Overview for Microsoft Infrastructures

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Overview for Microsoft Infrastructures Fred Baumhardt and James Noyce Infrastructure Solutions and Security Solutions Teams Microsoft Security Solutions, Feb 4th, 2003

  2. Agenda • Threats – How you are attacked and from where • Application Level Attacks – the new Security Battleground • Overview of Microsoft Server Security Technologies and Tools • Management and Operations as a Defensive Mechanism

  3. The Three Phases of Hacking • Information Gathering and Intelligence • Analysis of Collected Information • Probing and Compromise

  4. Management as a Security Tool • Detect unauthorised activity on your infrastructure • Prevent misconfiguration of systems • Ensure system vulnerabilities are captured and addressed

  5. Analysis Microsoft Baseline Security Analyser (MBSA) Systems Management Server (SMS) Software Update Services Feature Pack Microsoft Software Update Services (MSUS) Security Configuration and Analysis snap-in RSoP Management Group Policy Management Console (GPMC) Microsoft Operations Manager (MOM) Microsoft Audit Collection System (MACS) Systems Management Server (SMS) Software Update Services Feature Pack Microsoft Software Update Services (MSUS) Security Management Tools

  6. Infrastructure Tools • Snort – Free to Download – even on Windows – www.snort.org • MBSA – Scans most MS Server products and windows clients • SUS – Patch management solution • MOM-MACS-SMS • IPSEC – within Windows • IISLockdown – URLScan • ISA Server with Feature Pack1

  7. MBSA Version 1.1 The following new features are included with MBSA V1.1: • Exchange and Windows Media Player security update detection • Full HFNetChk integration into MBSACLI.exe • Incorporation of the latest HFNetChk engine code • Support for Software Update Services (SUS) during security update scanning • Detection for multiple SQL Server instances

  8. Software Update Services • Address Patch Management concerns • Windows keeps itself up-to-date with the latest critical & security updates • IT administrators can automatically deploy Windows Update content • IT administrator gains control over what patches are applied to a system • Leverage Windows Update web-based infrastructure

  9. System Management Server Software Update Services Feature Pack • Security patch inventory • Office patch inventory • Patch distribution • Web reporting

  10. Recommendations for Customers • Microsoft’s “A” recommendation for which tool to use: • **Small Business that work with a VAP should also consider SUS • Official external positioning is available at: http://www.microsoft.com/windows2000/windowsupdate/sus/suschoosing.asp

  11. GPMC Overview • What is the GPMC? • New admin tool for managing Group Policy: • Set of scriptable objects for managing GP • MMC Snap-in, built on these objects • Standalone web release shortly after Windows .NET Server RTM • GPMC Design goals • Unify management of Group Policy • Address key deployment issues • Provide better UI for visualization • Enable programmatic access to GP

  12. Microsoft Operations Manager • Operations Management – event and performance management • Built on Microsoft management services • Microsoft solution manages Windows 2000, Exchange, SQL Server, and other Microsoft apps • Base Management Pack • Application Management Pack • Heterogeneous and value-add solutions from third parties extend this offering

  13. Security Management Pack:A set of Security XMP’s for MOM • Centralizes Windows security management in MOM • Out-of-the-box security rules, knowledge, response actions, reports • Includes: • XMP for Anti-Virus Applications • XMP for Microsoft Windows Security • XMP for NetIQ Security Analyzer

  14. Microsoft Audit Collection Services • Client-Server application to collect security events in real time and store them in a SQL database • MACS is NOT a security management application (No user interface)

  15. MACS & MOM • MACS is a security event collection tool- no management capability • MOM complements MACS- MOM adds management, alerting, support for other logs • MACS v2 will likely be integrated with MOM v2 • MACS v1 will ship with MOM management pack

  16. Services • Security is not just about technology • Crucial to bring in expertise and knowledge transfer into your organisation • SMB can use service templates and learn from them – such as MSA -

  17. Service Offerings • Microsoft Solution for Management • Allows customers to prioritize, test and deploy Patches to their environment. • Delivers proven best practices and infrastructure for managing high volumes of patch deployments into a Microsoft tools and technology environment. • Enables customers to improve their quality of service while reducing total cost of ownership

  18. Next Steps • Review your systems • Web resources http://www.microsoft.com/technet/security/prodtech/windows/secwin2k/default.asp http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=F937A913-F26E-49B5-A21E-20BA5930238D http://www.microsoft.com/technet/itsolutions/msm/default.asp http://www.microsoft.com/technet/security/issues/w2kccscg/default.asp http://www.microsoft.com/windows2000/technologies/security/default.asp

More Related