微软蓝灰风格PPT模板模板.ppt

《微软蓝灰风格PPT模板模板.ppt》由会员分享，可在线阅读，更多相关《微软蓝灰风格PPT模板模板.ppt（26页珍藏版）》请在得力文库 - 分享文档赚钱的网站上搜索。

1、Microsoft Security Strategy站长站素材 Session AgendaFocus on Customer ChallengesMicrosoft Security StrategySecure Windows InitiativeStrategic Technology Protection ProgramTrustworthy ComputingBuilding the secure platform.NET FrameworkWindows .NETSummaryQuestionsTechnology, Process, PeopleWhat are the cha

2、llenges? Products lack security features Products have bugs Insufficient technical standards Difficult to stay up-to-date Design for security Roles & responsibilities Vigilance Business continuity plans Stay up-to-date with security development Problem recognition Skills shortage Human errorProcessP

3、eopleTechnologyMicrosoft Security StrategySecure Windows Initiative“Engineering For SecurityGoal: Eliminate Every Security Vulnerability Before The Product ShipsIndustry YardstickSource: Security Focus :/ securityfocus /vulns/stats.shtmlSecure Windows InitiativePeoplePeopleTrain, and keep current, e

4、very developer, tester, and program Train, and keep current, every developer, tester, and program manager in the specific techniques of building secure manager in the specific techniques of building secure productsproductsProcessProcessMake security a critical factor in design, coding and testing of

5、 Make security a critical factor in design, coding and testing of every product Microsoft buildsevery product Microsoft buildsCross-group design & code reviewsCross-group design & code reviewsSecurity Threat Analysis part of every design specSecurity Threat Analysis part of every design specRed Team

6、 testing and code reviewsRed Team testing and code reviewsFocus not confined to buffer overrunsFocus not confined to buffer overrunsSecurity bug feedback loop & code sign-off requirements Security bug feedback loop & code sign-off requirements External reviews and testing by consultants and publicEx

7、ternal reviews and testing by consultants and publicTechnologyTechnologyBuild tools to automate everything possible in the quest to Build tools to automate everything possible in the quest to code the most secure productscode the most secure productsPrefix and Prefast for buffer overrun detectionPre

8、fix and Prefast for buffer overrun detectionUpdated as new vulnerabilities foundUpdated as new vulnerabilities foundVisual C+ 7.0 compiler improvementsVisual C+ 7.0 compiler improvementsDomain-specific tools (i.e. RPC security stress)Domain-specific tools (i.e. RPC security stress)Secure Windows Ini

9、tiativeExternal Security ReviewFIPS 140-1 evaluation of Cryptographic Service Provider (CSP) CompletedGovernment validation of base crypto algorithms in WindowsCommon Criteria evaluation In PreparationEvaluation of Windows source code against International security criteria for evaluating Third part

10、y expert review of key componentsSource code licensed to over 80 universities, labs, and government agenciesGoal: Help customers secure their Windows SystemsStrategic TechnologyProtection ProgramStrategic Technology Protection Program - Customers Need Our HelpI didnt know which patches I neededI did

11、nt know where to find the updatesI didnt know which machines to updateWe updated our production servers, but the rogue servers got infectedMore than 50% of the customers affected by Code Red were not patched in time for NimdaSTPP: “Get SecureComing - Enterprise Security ToolsMicrosoft Baseline Secur

12、ity AnalyzerSMS security patch rollout toolWindows Update Auto-update clientNow - Microsoft Security ToolkitServer oriented security resources.New server security tools and updates, Windows Update bootstrap client for Windows 2000Now - Security Assessment Program OfferingAvailable immediately throug

13、h MCS/PSSNow - Free Virus Support HotlineContact your local PSS officeGet SecureMicrosoft Security ToolkitGets Windows NT and 2000 systems to secure baseline, even disconnected netAutomates server updatesOne-button wizard and SMS ScriptsUpdates and Patches Includes all Service Packs and critical OS

14、and IIS patches through 10/15HFNetchk: patch level verifierIIS Lockdown & URLScanSTPP: “Stay SecureOngoing - Enhanced Product SecurityProvide greater security enhancements in the releases of all new products, including theWindows .NET Server family Spring 2002 - Federated Corporate Windows Update Pr

15、ogramAllows enterprise to host and selectWindows Update contentSpring 2002 - Windows 2000 Service Pack (SP3)Provide ability to install SP3 + security rollupwith a single rebootJan. 2002 - Windows 2000 Security Rollup PatchesBundle all security fixes in single patchesReduces reboots and administrator

16、 burdenCorporate Update Server SolutionAutomatic Update (AU) clientAutomatically download and install critical updatesSecurity patches, high impact bug fixes and new drivers when no driver is installed for a deviceChecks Windows Update service or Corporate Update server once a dayNew! Install at sch

17、edule time after automatic downloads Administrator control of configuration via registry-based policySupport for Windows .NET Server, Windows XP and Windows 2000Update serverCorporate hosted WU server to support download and install of critical updates through AU clientServer synchronizes with the p

18、ublic Windows Update serviceSimple administrative model via IE Updates are not made available to clients until the administrator approves themRuns on Windows .NET Server and Windows 2000 ServerTrustworthy ComputingGoal: Make devices powered by computers and software as trustworthy as devices powered

19、 by electricity. A Trust TaxonomyBuilding the secure platformGoal: Provide IT with a secure, integrated foundation for managing how users, business, and technologies connect.Security in depth Typical Application ArchitectureSecure Network AccessFlexible AuthenticationRich Access ControlsSystem Wide

20、AuditingAlert InfrastructureWindows Brings it TogetherActive DirectoryIntegrated network authenticationPolicy based managementPKIIntegrated PKI services and auto-enrollmentUsed by IPSEC, Smartcard, Code Signing etc.NetworkingSecure network access via 802.1x supportAuthenticated firewall access via Microsoft ISA serverProtected DevicesEncrypting File SystemSoftware Restriction Policies