1 / 50

Sécurité du système d'information Microsoft

Sécurité du système d'information Microsoft. GRAS Philippe Operation Manager - MSIT Microsoft France. Sommaire. Cette session présente une partie de la mise en œuvre de la sécurité au sein du système de Microsoft Corp. En particulier les cas du patch management et de la segmentation réseau.

jamal-stevens
Télécharger la présentation

Sécurité du système d'information Microsoft

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Sécurité du système d'information Microsoft GRAS Philippe Operation Manager - MSIT Microsoft France

  2. Sommaire • Cette session présente une partie de la mise en œuvre de la sécurité au sein du système de Microsoft Corp. En particulier les cas du patch management et de la segmentation réseau.

  3. Agenda • Contexte Microsoft • Stratégies de sécurité • Etudes de cas • Patch Management (Serveurs et poste clients) • Segmentation réseau via IPSec

  4. Microsoft IT Data 101,000+ e-mail server accounts 300,000+ PCs and devices Single Instance SAP (1.5Tb Db) Dublin Munich Redmond Tukwila Reading London Silicon Valley Tokyo Charlotte 403 buildings Singapore 89,000 end users 83 countries Sao Paulo Sydney Johannesburg 3M+ e-mail messages per day internally 99.99% availability 9.5M+ remote connections/month

  5. Microsoft Security Environment • Environment • More than 300,000 network-joined devices • 30,000 business partners with connectivity needs • Frequent target of attack • 100,000+ intrusion attempts/probes/scans per month • 5M filtered emails/day (spam and anti-virus) • Challenges • Culture based on autonomy and agility • Large population of mobile clients • Unique business requirements to support software development • Running the business on N+1 platform as "first and best" customer

  6. Consolidation • Infrastructure server consolidation • 51% reduction in Exchange servers • Reduced from 74 to 7 sites with Exchange servers • 30% reduction in global infrastructure servers • 2 print servers in Redmond (650 public print queues) • 32% reduction in domain controllers • Key enabler – Windows Server 2003, Exchange Server 2003, Office System 2003 • Data center consolidation • Eliminated 5 data centers • Remote management – Windows Terminal Services • Event monitoring and dispatch – Microsoft Operations Manager 2005

  7. Regional IT Account Management Windows & Storage Windows Server AD Virtual Server Client Mgmt Windows Client SMS Windows CE Office System Comm & Collab SharePoint Office System LCS Messaging Exchange Office System Network Windows Networking ISA Proxy Ops Center (Monitoring, Tier 1 and Tier 2) MOM and MOF Security and Infrastructure Architecture Where We Are Today (2004) • IT Scorecard • Enforced standards and policies • Centralized IT operations • Account Managers are the “Face” of IT in regions • Service Catalog • Service Managers • Higher builder spend, lower sustainer spend • Client Satisfaction from 106 to 134

  8. Security Strategy Security Operating Principles Corporate Security Mission and Vision Risk-Based Decision Model Tactical Prioritization

  9. Mission and Vision Mission Operating Principles Risk Based Decision Model Tactical Prioritization Prevent malicious or unauthorized use that results in the loss of Microsoft intellectual property or productivity by systematically assessing, communicating, and mitigating risks to digital assets Assess Risk Define Policy Audit Monitor

  10. Mission and Vision Vision Operating Principles Risk Based Decision Model • Five Trustworthy Assurances • My identity is not compromised • Resources are secure and available • Data and communications are private • Roles and accountability are clearly defined • There is a timely response to risks and threats Tactical Prioritization An IT environment comprised of services, applications, and infrastructure that implicitly provides availability, privacy, and security to any client

  11. Mission and Vision Operating Principles Operating Principles Risk Based Decision Model • Management commitment • Manage risk according to business objectives • Define organizational roles and responsibilities • Users and data • Manage to practice of least privilege • Strictly enforce privacy and privacy rules • Application and system development • Build security into development life cycle • Create layered defense and reduce attack surface • Operations and maintenance • Integrate security into operations framework • Align monitor, audit, and response functions to operational functions Tactical Prioritization

  12. Mission and Vision Enterprise Risk Model Operating Principles Risk Based Decision Model Tactical Prioritization High Unacceptable Risk Risk assessment drives to acceptable risk Impact to Business (Defined by Business Owner) Acceptable Risk Low Low Probability of Exploit (Defined by Corporate Security) High

  13. Mission and Vision Risk Analysis by Asset Class Operating Principles Risk Based Decision Model Tactical Prioritization Exploit of misconfiguration, buffer overflows, open shares, NetBIOS attacks Host Application Unauthenticated access to applications, unchecked memory allocations Assets Network Data sniffing on the wire, network fingerprinting Account Compromise of integrity or privacy of accounts Trust Unmanaged trusts enable movement among environments

  14. Mission and Vision Operating Principles Components of Risk Assessment Risk Based Decision Model Tactical Prioritization Asset Threat Vulnerability Mitigation What are you trying toassess? What are you afraid of happening? How could the threat occur? What is currently reducing the risk? Impact Probability What is the impact to the business? How likely is the threat giventhe controls? + = Current Level of Risk What is the probability that the threat will overcome controls to successfully exploit the vulnerability and affect the asset?

  15. 4 3 5 2 Mission and Vision Operating Principles Risk Management Process and Roles Risk Based Decision Model Tactical Prioritization Corporate Security Security Policy Compliance PrioritizeRisks 1 Cross-IT Teams SecuritySolutions &Initiatives Sustained Operations Tactical Prioritization

  16. Mission and Vision Operating Principles Tactical Prioritizationby Environment Risk Based Decision Model Tactical Prioritization Data Center Policies and mitigation tactics appropriate for each environment Client Prioritized Risks Unmanaged Client Remote Access Mobile

  17. Representative Risks and Tactics Tactical Solutions Enterprise Risks Secure Environmental Remediation Unpatched Devices Network Segmentation Through IPSec Unmanaged Devices Embody Trustworthy Computing Remote and Mobile Users Secure Remote User Two-Factor for Remote Access and Administrators Single-Factor Authentication Focus Controls Across Key Assets Managed Source Initiatives

  18. Mitigate risk to the infrastructure through implementation of four key strategies Security Strategy 1. Securethe Network Perimeter 3. SecureKey Assets 4. Enhance Monitoring and Auditing 2. Securethe NetworkInterior Secure Wireless Smart Cards for RAS Network Access Protection Patch Management IPsec Segmentation Smart Cards for Admin Access IPSec for key assets Strong enforcement

  19. Etudes de cas Le patch management partie intégrante de la sécurité

  20. Microsoft Manageability Services Group • Ensures continuous operation of global IT infrastructure • Provides manageability services to four data centers worldwide • Additional 49 remote server locations • Manages 10,000 servers and 220,000 client systems worldwide • Uses and continuously improves the Microsoft Operations Framework

  21. Microsoft Operations Framework • Structured approach to achieving operational excellence • Collection of best practices, principles, and models • Guidance on achieving high availability, reliability, and security • 21 service management functions MOF • Today’s focus • Server life cycle • Client life cycle • Enterprise Configuration Management • Service Monitoring and Control

  22. 3. Inventory 2. Baseline 4. Update 1. Deploy Automated Deployment Services builds the server and joins it to the domain SMS delivers post-build updates and provisions the server SMS inven- tories and reports security compliance and configuration SMS deploys security updates and other software updates Server Lifecycle Server Lifecycle ModelDeploy > Baseline > Inventory > Update

  23. Server Lifecycle Server Update Architecture • Dedicated management infrastructure • Centralized management • Automated, fast, efficient updates • Ability to meet customer SLAs • Primary tool for enforcing security update compliance SMS Infrastructure for Servers 1 central site server 14 primary site servers

  24. Server Lifecycle Server Platform Updates • Key benefits: • Fully MOF-compliant implementation • Consistent baseline reduces patching complexity and cost • Time built in for Business Unit IT tests • Well-known delivery dates • Latest platforms always available for early adopters Beta (N+1) Platform Changing Optimizing 6 months N–1 model allows for extended testing during Beta and N phases 6 months Current (N) Platform Supporting Operating Previous (N–1) Platform

  25. Ongoing Assess Ongoing Assess 1 Hour Identify/Evaluate ½ Day Identify/Evaluate 2 Hours Deploy-Grace 7 Days Deploy-Grace 14 Days Deploy-Force 21 Hours Deploy-Force Server Lifecycle Server Patch Management Process 1. Assess environment to be patched 2. Identify new updates Identify Assess Patch Management 4. Deploy the update 3. Evaluate and plan update deployment Evaluate and Plan Deploy Standard update cycle (21 days) Emergency update cycle (24 hours)

  26. Client Lifecycle Client Environment Users are administrators on their own computers Compliance through SMS Diverse mix of approved software versions Multiple desktop computers per user Computers are frequently rebuilt IPsec runs in required mode to create "Secure Net"

  27. All Devices 300,000 Secure Net Devices 220,000 Devices managed through SMS 180,000 Labs Workgroups Remote access clients/dial-up 10,000 servers Client Lifecycle Degrees of Client Management IPsec boundary IPsec creates Secure Net environment Unique management challenges

  28. Separate client and data center (server) infrastructures SLA’s for Security updates on servers more restrictive Server platform is uniform; clients are allowed more flexibility 20–30 critical updates and 70 software packages a year Client Lifecycle Client Update Infrastructure SMS Infrastructure for clients 1 central site server 5 primary site servers • 139 secondary site servers • Consolidated services

  29. Identify Assess Patch Management Evaluate and Plan Deploy Client Lifecycle Client Patch Management Process 1. Assess environment to be patched 2. Identify new updates 4. Deploy the update 3. Evaluate and plan update deployment

  30. Client Lifecycle Multi-Phased Approach HighClient Impact LowClient Impact 70% Windows Update; E-Mail and intranet Notification(Optional) SMS Software Distribution - Patch Management (Voluntary for a period, then forced) Method Internal Scanning and Scripts (Forced) Port Shutdowns

  31. Etudes de cas Segmentation réseau avec IPSec

  32. Solution Overview Situation • Managed computers had to be isolated from unmanaged computers to improve security Solution • Deployment of IPsec Benefits • Allows creation of logical secure network segments • Works independently of other infrastructure for end-to-end security • Can be deployed and managed centrally

  33. Products and Technologies • IPsec protocols (ESP, IKE) • Windows Server 2003 • Windows XP Professional SP1 • Windows 2000 SP3 • Group Policy • Active Directory • PKI and CA

  34. DNS U1 U2 U2 X X B DHCP DC WINS Levels of Trusted Assets Microsoft Corporate Network SecureNet Labs (75,000) PocketPC/Xbox (18,000) MAC (2,000) Clients, Servers, Home LAN, Trustworthy Labs (203,000) Untrustworthy Boundary Machines (5,000) Infrastructure (500) ACL Controlled Internal Exclusions Internet ServersBusiness Partners DTaps (no connectivity to CorpNet) Extranet (1,800) External Exclusions

  35. All Devices 300,000 Secure Net Devices 220,000 Devices managed through SMS 180,000 Labs Workgroups Remote access clients/dial-up 10,000 servers Client Lifecycle Situation IPSec sur le réseau IPsec boundary IPsec creates Secure Net environment Unique management challenges

  36. Business Benefits • Decreased network risks • Improved asset management information • Protection of intellectual property • Increased policy compliance • Improved malware detection

  37. Domain Isolation at Microsoft • IPsec allows creation of logical, secure networks within a larger network • Group policy provides a framework for easily deploying IPsec to hosts • Active Directory infrastructure and Group Policy enable deployment and administration of IPsec enterprise wide

  38. Domain Isolation at Microsoft • Microsoft IT considered two segmentation technologies: • IPsec provides end-to-end authentication and encryption between hosts on a network • 802.1x provides only authentication • Microsoft IT chose IPsec because it is a complete solution

  39. Domain Isolation at Microsoft • Active and challenging security environment at Microsoft • Unique aspects of Microsoft environment include: • Multiple computers per user • Diverse desktop implementations • Frequently rebuilt computers • Diverse mix of approved software versions

  40. Deployment IPsec policies are applied to a GPO, contain a set of rules, and specify how to perform IKE. IPsec Policy Key Exchange Methods (IKE) Authentication Methods (Kerberos, Certificates, Static Keys) Each rule associates a Filter List with an Action, and specifies authentication methods. Rules Security Methods (Encryption, Hashing, Key Lifetimes) A Filter List specifies a set of individual filters, and is used to group filters together in a rule. Filter List Action An Action designates what to do with traffic that matches a filter: Permit, Block, or Negotiate Security. Filters A Filter describes a pattern of traffic to match, by IP address, subnet, port, and protocol for both ends of a connection.

  41. Deployment • Managing boundary computers • Extra management and security • Creation of security groups • Deploying boundary computers • Request process • Case-by-case basis for granting insecure network traffic

  42. Known Issues and Problem Applications • LAN performance • Added bandwidth consumption • CPU performance • Negligible overhead on most clients • IPsec and Windows VPN servers • Special IPsec policies for deployments that use Kerberos • RFC 1918 private IP ranges • Connecting to the corporate network through a VPN requires use of specific private IP ranges • Two private subnets are excluded from the list of secure subnets • Network device issues • IPsec changes TCP/IP offsets for destination ports and protocols • IPsec generally defeats network-based prioritization and port or protocol-based traffic management • IPsec adds to use of system resources

  43. Known Issues and Problem Applications • Filter processing issues • IPsec driver caches filters that match a particular connection • IPsec and NLB clusters • Clients connected an offline server must renegotiate the connection • If a node in the cluster fails, IPsec connections cannot rebuild the security association until the preset time-out period • NAT-T • NAT-T addresses problems between NAT and IPsec • Troubleshooting issues • IPSec depends on correct configuration of supporting technologies • Microsoft IT enables auditing using domain-based group policies • Diagnostics may require Oakley logging

  44. Best Practices • Group Policy design • Set up group policies for all behavior types to support IPsec testing • Filter the “Apply Group Policy” ACE for each policy to only the limited security user groups • Use a naming convention that covers the policy and group function for easier management and troubleshooting • IPsec design • Minimize the overall number of filters • Use “Any” instead of “Me” as the base approach to filter design • Create “Any <-> Corporate subnet” rules instead of “Me <-> Any” for secure subnets • Manage permitted subnets • Use “Any” rules for virtual IP addresses used by clusters

  45. Best Practices • IPsec design • Permit unsecured traffic to infrastructure servers • Use Kerberos as the default authentication mechanism • Set NoDefaultExempt = 1 via group policy ADM template • Permit the ICMP protocol • IPsec design • Minimize securing by port or protocol • Avoid “Any <-> Any” filters • Don’t use IPsec Default Response rule with custom policy • Deployment options • Deploy by subnet • Deploy by security group • Deploy by domain

  46. Best Practices • Recommended deployment steps • Pilot Request Mode IPsec • Deploy Request Mode IPsec • Pilot Secure Request IPsec policy • Deploy Secure Request IPsec policy • Non-domain joined clients • Use Kerberos exclusively for an IPSec deployment • Carefully evaluate the need to create exceptions to global IPsec policies • IPsec and NLB • Consider exempting business-critical services that require high availability

  47. Conclusion • Phase 1: deployment if IPsec to >160,000 computers • Phase 2: deployment of Secure Request mode across the enterprise (220,000 computers) • Minimal impact on Helpdesk • Less exposure to worms and attackers • Project is now in review/maintenance

  48. IT Showcase:How Microsoft Does ITCustomer-ready resources from Microsoft IT • External access • IT Showcase on TechNethttp://www.microsoft.com/technet/itshowcase/ • IT Showcase on Microsoft Serviceshttp://www.microsoft.com/itshowcase/ • IT Showcase on CD http://itshowcase/ordercd • IT Showcase CD—2005 1st Edition(Just launched!) • Order for customer events and meetings!

  49. Pour plus d’informations • MSDN Web Services Developer Center • http://msdn.microsoft.com/webservices • « Web Services Enhancements (WSE) » • http://msdn.microsoft.com/webservices/building/wse/default.aspx • « WS-Security Drilldown in WSE 2.0 » • http://msdn.microsoft.com/library/en-us/dnwse/html/wssecdrill.asp • « Securing the Username Token with Web Services Enhancements 2.0 » • http://msdn.microsoft.com/library/en-us/dnwse/html/securusernametoken.asp • « Managing Security Context Tokens in a Web Farm» • http://msdn.microsoft.com/library/en-us/dnwebsrv/html/sctinfarm.asp • « Using Role-Based Security with Web Services Enhancements 2.0 » • http://msdn.microsoft.com/library/en-us/dnwse/html/wserolebasedsec.asp • « Web Service Enhancements 2.0 Support for WS-Policy » • http://msdn.microsoft.com/library/en-us/dnwse/html/wse2wspolicy.asp • Newsgroups • microsoft.public.framework.webservices • microsoft.public.framework.webservices.enhancements

  50. Microsoft France 18, avenue du Québec 91 957 Courtaboeuf Cedex www.microsoft.com/france 0 825 827 829 msfrance@microsoft.com

More Related