微软的IT安全规划

Slide Title,Body Text,Second Level,Third Level,微软内部的安全管理,- IT,实践,IT Manager,Operation Technology Group,Microsoft Corporation,概述：,微软,IT,的使命和工作的优先级,我们所面临的问题,采取的几项措施,事例分析,IT,目标和优先级,优先级,Microsoft,的首位用户和最佳用户,提供领先的思维,建立并列的,IT,战略,运行一个世界级的公用设施,“,预见性地交付超出我们客户、用户和合作伙伴预期,的,IT,基础结构和应用程序,使随时随地的工作更方便更有效率,.”,Rick Devenuti Microsoft CIO,Redmond,Sydney,Chofu &,Les Ulis,Telehous,TVP,Dublin,Benelux,Silicon Valley,Madrid,Dubai,Singapore,Johannesburg,Sao Paulo,72,000,个,邮箱,Microsoft IT,数据,Milan,Stockholm,Munich,Canyon Park,Los Colinas,Charlotte,Chicago,Milan,Stockholm,Munich,Oemachi,7000,多台服务器,遍布世界的4,00,多个,IT,支持位置,每天,450,多万封,email,每月,260,万个语音电话,400,多种应用程序,1,50,000,多台,PC,110,台,Exchange,服务器,我们所面对的：,来自外界的：,100k+ intrusion attempts/probes/scans per month,125k+ quarantined emails/month,225k networked devices,挑战,微软的文化,独特的开发要求,应用程序的内部测试,技术的领先,生态系统,InfoSec must understand and manage vulnerabilities across,all 5 vectors,.,Threats in any of these vectors almost always lead to compromise of other vectors.,Exploit of misconfiguration, buffer overflows, open shares, NetBIOS attacks,托管,对应用程序的未授权访问,未经检查的内存驻留,应用程序,账户的一致性和私有性,账户,信任关系,Data sniffing on the wire, network fingerprinting,网络,External Influences,(people, bugs, etc.),SystemSecurity,External Influences,(people, bugs, etc.),理想的信息安全是：,在一个包含的服务、应用程序和网络架构的,IT,环境中，提供高可靠性、私有性和安全,几点重要保证：,验证身份,所需资源的安全可靠,数据和通讯的私有性,角色和职能的划分,快速的危险和威胁的反应,安全的策略,目标,确保网络周边的安全,确保网络内部的安全,确保重要资产的安全,加强监控和审计,服务,策略,Investigations & Forensics,Threat & Risk Analysis,Manage Policy,Vulnerability Scanning,Security Audits,Access Management,Smart Cards for RAS,Secure Remote User,Managed Source,Network Segmentation,Securing the Extranet,Untrustworthy Devices,Secure Environmental Remediation,危险的分类,技术不是解决问题的唯一,危险的预防级别,事例分析,安全小组,Information Security Team,Threat, RiskAnalysis & Policy,AssessmentCompliance,Monitoring, Intrusion Detection, Incident Response,Shared ServicesOperations,Threat & RiskAnalysis,PolicyDevelopment,ProductEvaluation,DesignReview,StructureStandards,SecurityManagement,SecurityAssessment,Compliance &Remediation,Monitoring &Intrusion Detection,Rapid Response& Resolution,Forensics,ITInvestigations,Physical &Remote Access,CertificateAdministration,SecurityTools,InitiativeManagement,确保网络周边的安全,ISA Server as Perimeter Firewall,远程访问的架构,Corpnet,DomainController,IAS,RRAS,IASProxy,RRASVPN,UUNet POP,Internet,VPN tunnel over broadband connection,VPN tunnel over analog connection,Analog connection over direct dial connection,CHAP authentication,EAP/TLS authentication,Employeecomputer,Corpnet,MS CHAP EAP authentication,确保网络周边的安全,RAS Deployment,使用智能卡,实施,VPN/RADIUS,利用,Windows 2000 Servers PKI,集中式卡的管理,确保网络周边的安全,C,onnection Manager,用户拨号所必需的,检查系统设置,:,是否安装放病毒软件,ICF,ICS,(,关闭,),利用,Auto-Update,功能,Push,所需的软件,确保网络内部的安全,用户账户的管理,密码是严格控制的信息,所有用户，系统，网络和应用程序的密码必须,70,天更新,密码在网络传输的过程中加密,密码的标准,确保内部网络的安全,确保无线网络的安全,升级,fireware,到,802.1x,禁用,shared WEP key,禁止使用非,IT,管理的,AP,采用,PKI,分发和验证用户和机器的证书,确保网络内部的安全,Network Threats, Risks, and Attacks,Network Level Threats,Un-patched vulnerabilities/,mis,-configuration,Compromise of data integrity “over-the-wire”,Unauthorized access to a computer,Attacks,Buffer overflow attacks,SQL Slammer,Code Red,Nimda,Risks,Untrusted,computers,Malware & malicious users gaining access,Networked machines can be a conduit to valuable data,确保网络内部的安全,网络的隔离,降低危险,确认微软,IT,管理的机器,区分微软,IT,管理，非,IT,管理的机器,限制访问,Network Segmentation Approach,限制非,IT,管理的机器（不在,domain,中的）,访问,IT,管理的机器,利用,IPsec,确保网络内部的安全补丁管理,Windows Update,Windows Update,Microsoft Baseline Security Advisor (MBSA),Microsoft Baseline Security Advisor (MBSA),Advertised Program Monitor(Deployed by SMS),Advertised Program Monitor,在设定的时间段，程序可以自动运行,ASAP,实施,application software assurance program,危险评估,设计审核,产品发布之前的评估,产品发布之后的跟踪,增强监督机制,设立专门的监督部门,利用自动工具进行扫描,微软对外发布的工具有：,Microsoft Baseline Security Analyzer (MBSA) and HFNetChk,Scan for missing hotfixes and other vulnerabilities,Scanning is geographically distributed and uses a variety of network sweep methodologies,An internally developed toolkit helps to identify and correct vulnerabilities,防病毒的策略,安装防病毒软件,Audit employee desktops via a logon script,Quarantine remote computers without eTrust from connecting,利用在,Outlook,中的安全设置,Email attachment security,Heightened Outlook default security settings,Object Model Guard,在,Exchange IMC,上做设置,Currently block 38 at the IMC,Content scanning and filtering at Internet facing servers,Block rogue Web sites at the Proxy servers,更多的信息可以在：,Additional content on OTG deployments and best practices can be found on .,TechNet:,Case Study Resources:, 2003 Microsoft Corporation. All rights reserved.,This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.,