Presentation is loading. Please wait.

Presentation is loading. Please wait.

Top 5 things for security What every Microsoft Partner should know Nattorn Jayanama Product Manager Microsoft Thailand.

Published byApril Buffin Modified over 9 years ago

Similar presentations

Presentation on theme: "Top 5 things for security What every Microsoft Partner should know Nattorn Jayanama Product Manager Microsoft Thailand."— Presentation transcript:

1 Top 5 things for security What every Microsoft Partner should know Nattorn Jayanama Product Manager Microsoft Thailand

2 Top 5 Things for Security Know the Threats & Solutions 1. Top 5 Cyber Threats for Thailand 2. Microsoft Solutions Know the Strategy 3. Security Quality 4. Security Management 5. Security Innovation

3 Top 5 Cyber-Threats 2005 1 st : SPAM Email 2 nd : Spyware 3 rd : Malware 4 th : Phishing 5 th : SPAM IM

4 SPAM Email Problem SPAM or Junk mail refers to unrequested emails or advertisements. Email information gotten from customer databases or war dialing

5 SPAM Email Solution Using Anti-SPAM at internet gateway or DMZ Using Anti-SPAM software on client Control usage of corporate email and enforce email policy

6 Spyware Threat Advertising companies use spyware to extract personal information Stats on your computer (OS, browser, etc.) Stats on your surfing habits (websites, etc.) Violates Privacy but is completely LEGAL

7 Spyware Solution Install Anti-Spyware Solution Major ones free of charge (Ad Aware, Spybot, MS Anti-spyware or MS Defender)

8 Malware Threat Malware is a generic term used to describe any form of malicious software such as virus, zombies, trojans, or any combinations

9 Example of Malware

10 Malware Solution Use combination of anti-spyware, anti- virus to scan machine (+ update signatures) If directed to website, check certificate

11 Malware Solution Run Windows Malicious Software Removal Tool Online for your protection

12 Phishing Social Engineering

13 Phishing Email Example Trust Model – Sender claims to be from respected source Very professional look But notice URL link – usually unknown IP address But even URLs can be faked!

14 Phishing/Pharming Solution Security policy training and enforcement Use anti-phishing tools for browsers (MSN Anti-phishing tool, IE 7)

15 SPAM IM (SPIM) Threat Estimated 5% to 8% of all IM today is SPIM Potentially more dangerous that SPAM Email: Pop-up link for Phishing Download/Upload malware via File Transfer

16 Top 5 Things for Security Know the Threats & Solutions 1. Top 5 Cyber Threats for Thailand 2. Microsoft Solutions Know the Strategy 3. Security Quality 4. Security Management 5. Security Innovation

17 ISA + Antigen Solution Live Communication Server SharePoint Server Exchange mailbox server Exchange IMC server ISA Server - Firewall SMTP Server Live Communication Server E-mail IM and Documents E-mail VirusesWorms Antigen Helps block viruses and inappropriate content inbound Helps keep viruses off internal servers Helps prevent confidential information from being sent out ISA Server Firewall on network edge block application layer attacks Pre-authenticate users for network access Antigen AntigenAntigen Antigen AntigenAntigen ISA Server 2004

18 Top 5 Things for Security Know the Threats & Solutions 1. Top 5 Cyber Threats for Thailand 2. Microsoft Solutions Know the Strategy 3. Security Quality 4. Security Management 5. Security Innovation Microsoft compared to Open Source

19 Customer *Capabilities that were not backported Value of community patches Use Community Patch ? Manually roll out patch For each new patch: Manually roll out ? Undo with up2date? CAN-2004-1234 Wait on Red Hat Patch ? Use Red Hat up2date Official Red Hat patch available 8 months later. (259 days of risk) Vuln disclosed (4/8/2004) + community patch Red Hat Patch (12/23/2004) 28 kernel vulns patched by Red Hat up2date None of them address CAN-2004-1234 RHEL3

20 Customer Linux Distributions Customer Projects Internally Supported Example: Customer wants latest version of Openssl Improvements Post-RHEL3 Cutoff* RHEL3 Snapshot 2.0. 27 2.1. 12 2.1. 16 2.1. 17 2.1. 25 2.1. 29 2.1. 30 2.2. 13 2.2. 17 0.9. 7a 0.9. 7b 0.9. 7c 0.9. 7d 0.9. 7e 8.12.10 8.13.1 2.0. 46 2.0. 48 2.0. 49 2.0. 50 2.0. 52 Apache Bind Sendmail Openssl Openldap Entire codebase relicensed n/a LDAP recursion, URI Support for MacOSX Support for linux-ia64 S/MIME compat fixes LDAPv3 extensions LDAP C++ API LDAP Sync SASL Enhancements 8.12.11 RHEL3 Cutoff Time 9.2. 4 Disparity between commercial distribution packages and OSS packages (RHEL errata and OSS stable projects as of 9/28/04) Customer wants new functionality in the latest version of Openssl (0.9.7e)Customer wants new functionality in the latest version of Openssl (0.9.7e) Learns distro does not supportLearns distro does not support Decision: Install latest version with fixed S/MIME compat support or continue using distro supported versionDecision: Install latest version with fixed S/MIME compat support or continue using distro supported version Continue to use distro supported version, forgo new functionality Install new functionality & assume support internally *Capabilities that were not backported 2.0. 44 1.3. 27 9.2. 2.2 9.2. 3 0.9. 7 0.9. 6h 8.12.7 8.12.8 8.12.9 Linux Distribution Model

21 Kernel Apache MySQL Mozilla Glibc 2.4.9 Linux Distributions & Security Support 1.3.23 2.2.4 3.23.54e 1.0.1 1.3.33 1.7.8 2.3.5 4.1 vendor none Component team does not support or distribution has customized Component team recommends against using 1.7.8 2.6.12 1.7.8 RHEL 2.1 AS Component team actively supports 1.3.27 2.4.21 2.0.46 2.3.2 3.23.58 1.4.2 RHEL 3.0 AS GA: May 17, 2002Oct 23, 2003 RHEL 4.0 AS Feb 15, 2005 2.6.9 2.0.52 2.3.4 4.1.10a 1.0 2.0.54 1.7.8 Firefox 1.0.4 Hundreds of other packages What happens when a component team “moves on” ? What causes a forced upgrade ? How will this affect “time to patch” (aka days of risk) ? How much difference does this make ?

22 Linux Kernel Example 2.6 Kernel Patches Number of Patches 2.6.1 2.6.2 2.6.3 2.6.4 2.6.6 2.6.7 2.6.8 2.6.10 2.6.11 REF: bk -R prs -rv2.6.x..v2.6.x -h -d'$unless(:MERGE:){:P:\n}' | sort | wc -l 2.6.5 2.6.9 2.4 Patches per Hour

23 Linux Distribution Lag SLES 9 dev pulls from 2.6.5 2.6 Kernel Patches SLES 9 Product RTM Number of Patches 2.6.1 2.6.2 2.6.3 2.6.4 2.6.6 2.6.7 2.6.8 2.6.10 2.6.11 RHEL 4 dev pulls from 2.6.9 RHEL 4 Product RTM bk -R prs -cYYMMDD..YYMMDD -h -d '$unless(:MERGE:){:P:\n}' | wc -l

24 Linux Enterprise Support Commitment Aug 3, 2004 2009 2008 200720062005200420032002 RHEL 2.1RHEL 3.0 Oct 23, 2003 May 17, 2002 RHEL 4.0 Feb 15, 2005 RHEL 5.0 Q3-2006 ? RHEL 6.0 Q1-2008 ? RHEL 7.0 Q3-2009 ? Feb 2006 ? Mar 26, 2003 SLES 8 SLES 10 SLES 9 Aug 2007 ? SLES 11 Feb 2009 ? SLES 11 CurrentFuture Red Hat in 2009 5 Enterprise versions in support (times) Hundreds of packages (that have) No support by component teams What are the implications?

25 Security Training Security Kickoff & Register with SWI Security Design Best Practices Security Arch & Attack Surface Review Use Security Development Tools & Security Best Dev & Test Practices Create Security Docs and Tools For Product Prepare Security Response Plan Security Push Pen Testing Final Security Review Security Servicing & Response Execution Feature Lists Quality Guidelines Arch Docs Schedules Design Specifications Testing and Verification Development of New Code Bug Fixes Code Signing A Checkpoint Express Signoff RTM Product Support Service Packs/ QFEs Security Updates RequirementsDesignImplementationVerificationRelease Support & Servicing Microsoft SDL Security Deployment Lifecycle Threat Modeling Functional Specifications Traditional Microsoft Software Product Development Lifecycle Tasks and Processes

26 Security Focus Yielding Results Security Development Lifecycle working 200M Windows XP SP2 downloads Windows Server 2003 SP1 1.4M downloads Red Hat adopting our security response ratings Source: Microsoft Security Bulletin Search

27 Source: Secunia.com as of September 2005 An Industry View Totals: Microsoft = 38 Red Hat = 234 (21 Kernel) Totals: IE 10, FireFox 40 List of vulnerabilities between browsers

28 Source: Vendor’s Public Security Bulletins as of July 2005 An Industry View Totals: Microsoft = 38 Red Hat = 234 (21 Kernel)

29 Source: “Security Innovation (March 2005): "Role Comparison Report: Web Server Role" Security InnovationSecurity Innovation Source: “Security Innovation (June 2005): "Role Comparison Security Report: Database Server Role" Security InnovationSecurity Innovation

30 350 300 250 200 150 100 50 0 MicrosoftRedHatDebianMandrakeSoftSUSE High: June 2002 – May 2003* MediumLow 10 31 86 128 86 14 166 99 22 120 68 8 111 53 9 Source: “Is Windows More Secure than Linux?”, Forrester, March 2004. NIST: US National Institutes of Standards and Technology Microsoft has lowest total 42 less high- severity vulnerabilities than Red Hat All Days of Risk MicrosoftRedHatDebianMandrakeSoftSUSE 25 57 82 74 0100806040 20 57 Microsoft has fastest security response Microsoft SDL is producing results Less total & high severity vulnerabilities Faster fixes for publicly disclosed issues Microsoft SDL is producing results Less total & high severity vulnerabilities Faster fixes for publicly disclosed issues

31 ICAT Severity Wind ows Serve r 2003 RHEL 3ES Web Minim al RHEL 3ES Web Defau lt High334877 Medium176069 Low078 Net Yet Rated 21720 Total52132174 Security Quality 1 Source: Security advisories & bulletins from vendor web sites 2 Source: “Security Innovation (June 2005): "Role Comparison Security Report: Database Server Role"Security Innovation 2 38 219 234 Server Vulnerabilities Jan-Jun, 2005 1

32 Database vulnerabilities only: SQL 2000 (Zero), Oracle 10g (30) “Fully Loaded” Windows Server 2003 and SQL Server 2000 Oracle recommended configuration on Red Hat Minimal MySQL on Red Hat configuration Public, repeatable methodology Database vulnerabilities only: SQL 2000 (Zero), Oracle 10g (30) “Fully Loaded” Windows Server 2003 and SQL Server 2000 Oracle recommended configuration on Red Hat Minimal MySQL on Red Hat configuration Public, repeatable methodology 41 75 MySQL Red Hat Enterpris e 3 73 13 4 27 36 Oracle 10g Red Hat Enterprise 3 SQL Server 2000 Windows Server 2003 Oracle makes Linux Unbreakable ? ? ?

33 “Microsoft has significantly improved the security of its shipping products since the adoption of its security development life cycle. The first OS product to ship since Microsoft adopted its SDL was Windows Server 2003 (with IIS 6). Windows 2003 has had sufficient operational testing to be suitable for security-critical applications” Neil McDonald Group Vice President and Research Director Gartner, Inc (From Gartner Symposium May 2005)

34 Windows or Linux for Security? Security Quality Microsoft Linux SDL-driven progress Ongoing process improvement No SDL-like program IN DENIAL

35 Top 5 Things for Security Know the Threats & Solutions 1. Top 5 Cyber Threats for Thailand 2. Microsoft Solutions Know the Strategy 3. Security Quality 4. Security Management 5. Security Innovation

36 Directory Usage Anchoring in Active Directory Most widely used Directory Single sign-on Group policy Smartcard and 2-factor authentication Secure wireless and remote access Vast ecosystem with >1,000 AD enabled apps ADFS and WS-* extend to other systems Managing Security

37 3 rd -Party Evidence “Total Cost of Security Patch Management” The average time required to successfully deploy critical patches to Microsoft PCs is 56% lower than the equivalent OSS PCs The average cost to successfully deploy a patch to a single Microsoft system is lower than deployment to an equivalent OSS system: The average annual cost to patch a single Microsoft system is 14% lower than patching the equivalent OSS system There is also evidence to support the hypothesis that the patching of many OSS systems is being neglected. Security Management

38 Microsoft Baseline Security Analyzer 2.0 Microsoft Update Automatic Updates

39 Windows or Linux for Security? Security Quality Security Management Microsoft Linux SDL-driven progress Ongoing process improvement No SDL-like program IN DENIAL AD/Group Policy Cert Services Advanced Updating Which directory? Certs ? CATCH UP MODE

40 Top 5 Things for Security Know the Threats & Solutions 1. Top 5 Cyber Threats for Thailand 2. Microsoft Solutions Know the Strategy 3. Security Quality 4. Security Management 5. Security Innovation

41 Direct customer connection to Microsoft support Unique value for technical beta feedback Drives up reliability and security of products Unique capability not available on Linux/OSS Direct customer connection to Microsoft support Unique value for technical beta feedback Drives up reliability and security of products Unique capability not available on Linux/OSS Direct feedback from users to benefit all Helps distinguish spyware from software Unique capability not available on Linux/OSS Direct feedback from users to benefit all Helps distinguish spyware from software Unique capability not available on Linux/OSS Prefast and FxCop source code security analysis Safe C-Runtime Libraries, Stack overflow protection Source code Annotation Language (SAL) Security capabilities not available on Linux/OSS Prefast and FxCop source code security analysis Safe C-Runtime Libraries, Stack overflow protection Source code Annotation Language (SAL) Security capabilities not available on Linux/OSS Customer Focused Innovation – Only on Microsoft Spynet

42 Powerful X.509 CA integrated into Windows Server Active Directory & Group Policy integration OpenLDAP lacks key management capabilities Powerful X.509 CA integrated into Windows Server Active Directory & Group Policy integration OpenLDAP lacks key management capabilities Policy driven CERT deployment capability Automatic, silent user experience Capability unique to Microsoft customers Policy driven CERT deployment capability Automatic, silent user experience Capability unique to Microsoft customers Single provisioning of multiple credentials Single sign-on, roaming profiles, smartcard support Unique integration advantage over Linux/OSS Single provisioning of multiple credentials Single sign-on, roaming profiles, smartcard support Unique integration advantage over Linux/OSS Manageable PKI – Only on Microsoft Dual-use AD for ID credentials and security policy Enables auto-enrollment and easy CERT renewal DeFacto standard even supported by OSS/Samba Dual-use AD for ID credentials and security policy Enables auto-enrollment and easy CERT renewal DeFacto standard even supported by OSS/Samba Autoenrollment Integrated Cert Server

43 Full 802.1x+WPA support in client and server Secure, transparent roaming between access points Manageability, ease-of-use not available on Linux Full 802.1x+WPA support in client and server Secure, transparent roaming between access points Manageability, ease-of-use not available on Linux Smartcard-enabled secure, private remote RAS/VPN Network Access Protection capabilities Unique options leveraging RPC over HTTPS Smartcard-enabled secure, private remote RAS/VPN Network Access Protection capabilities Unique options leveraging RPC over HTTPS User mobility within the network Single sign-on Unique capability in Microsoft clients User mobility within the network Single sign-on Unique capability in Microsoft clients Active Directory & Group Policy integration Silent, transparent user experience Linux/OSS options lack policy & PKI manageability Active Directory & Group Policy integration Silent, transparent user experience Linux/OSS options lack policy & PKI manageability Secure, Private Networking – Only on Microsoft SecureWireless Encryption RoamingProfiles Secure Remote Access

44 Keep Executive e-mail off the Internet Reduce forwarding of confidential information Templates to centrally manage policies Keep Executive e-mail off the Internet Reduce forwarding of confidential information Templates to centrally manage policies Safeguard financial, legal, HR content Set level of access: view, print, export View Office 2003 rights protected info Safeguard financial, legal, HR content Set level of access: view, print, export View Office 2003 rights protected info Control access to sensitive plans Set level of access: view, change, print, etc. Determine length of access Control access to sensitive plans Set level of access: view, change, print, etc. Determine length of access Rights Management Services – Only on Microsoft Do Not Forward ProtectSensitiveFiles SafeguardIntranetContent

45 Windows or Linux for Security? Security Quality Security Management Security Innovation Microsoft Linux SDL-driven progress Ongoing process improvement No SDL-like program IN DENIAL AD/Group Policy Cert Services WUS / MU Which director? Certs ? CATCH UP MODE Secure Wireless RMS Feasible PKI SELinux Roles What else?

46 © 2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Download ppt "Top 5 things for security What every Microsoft Partner should know Nattorn Jayanama Product Manager Microsoft Thailand."

Similar presentations

Patch Management Patch Management in a Windows based environment

Patch Management Patch Management in a Windows based environment
Powerful and convenient management for Windows Mobile ® 6.1 devices in an enterprise environment. These features include: Centralized, over-the-air device.

Powerful and convenient management for Windows Mobile ® 6.1 devices in an enterprise environment. These features include: Centralized, over-the-air device.
Ljubomir Ivaniš CPU d.o.o.

Ljubomir Ivaniš CPU d.o.o.
Network Access Protection & Network Admission Control March 10, 2005 Teerapol Tuanpusa Network Consultant Cisco Systems Thailand Jirat Boomuang Technology.

Network Access Protection & Network Admission Control March 10, 2005 Teerapol Tuanpusa Network Consultant Cisco Systems Thailand Jirat Boomuang Technology.
The System Center Family Microsoft. Mobile Device Manager 2008.

The System Center Family Microsoft. Mobile Device Manager 2008.
Rights Management Services (RMS) Paul Cullimore Graham Calladine Security Solutions Team, MCS, UK.

Rights Management Services (RMS) Paul Cullimore Graham Calladine Security Solutions Team, MCS, UK.
Introduction to Systems Management Server 2003 Tyler S. Farmer Sr. Technology Specialist II Education Solutions Group Microsoft Corporation.

Introduction to Systems Management Server 2003 Tyler S. Farmer Sr. Technology Specialist II Education Solutions Group Microsoft Corporation.
WSUS Presented by: Nada Abdullah Ahmed.

WSUS Presented by: Nada Abdullah Ahmed.
Secure Messaging Nick Hall & James Clifford Microsoft.

Secure Messaging Nick Hall & James Clifford Microsoft.
Security and Policy Enforcement Mark Gibson Dave Northey

Security and Policy Enforcement Mark Gibson Dave Northey
Damian Leibaschoff Support Escalation Engineer Microsoft Becky Ochs Program Manager Microsoft.

Damian Leibaschoff Support Escalation Engineer Microsoft Becky Ochs Program Manager Microsoft.
Windows XP Professional Deployment and Support Microsoft IT Shares Its Experiences Published: May 2002 (Revised October 2004)

Windows XP Professional Deployment and Support Microsoft IT Shares Its Experiences Published: May 2002 (Revised October 2004)
Kaspersky Open Space Security: Release 2 World-class security solution for your business.

Kaspersky Open Space Security: Release 2 World-class security solution for your business.
Customized solutions. Keep It Secure Contents  Protection objectives  Endpoint and server software  Protection.

Customized solutions. Keep It Secure Contents  Protection objectives  Endpoint and server software  Protection.
What’s New in Exchange Online. Disclaimer This presentation contains preliminary information that may be changed substantially prior to final commercial.

What’s New in Exchange Online. Disclaimer This presentation contains preliminary information that may be changed substantially prior to final commercial.
Norman Endpoint Protection Advanced security made easy.

Norman Endpoint Protection Advanced security made easy.
Cliff Evans Security and Privacy Lead Trustworthy Computing Group Microsoft UK.

Cliff Evans Security and Privacy Lead Trustworthy Computing Group Microsoft UK.
Winter 2005-2006 Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.

Winter Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.
Module 16: Software Maintenance Using Windows Server Update Services.

Module 16: Software Maintenance Using Windows Server Update Services.
Barracuda Networks Steve Scheidegger Commercial Account Manager 734-887-2422

Barracuda Networks Steve Scheidegger Commercial Account Manager

Similar presentations

Ads by Google