Presentation is loading. Please wait.

Presentation is loading. Please wait.

Enhancing Customer Security: Ongoing Efforts to Help Customers Dave Sayers Technical Specialist Microsoft UK.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Enhancing Customer Security: Ongoing Efforts to Help Customers Dave Sayers Technical Specialist Microsoft UK."— Presentation transcript:

1 Enhancing Customer Security: Ongoing Efforts to Help Customers Dave Sayers Technical Specialist Microsoft UK

2 Agenda Impact of Security on Business Security as an Enabler Trustworthy Computing Improving Security Improving the Patching Experience Security Technologies for Clients Security Technologies for Servers Commitment to Customers

3 Impact to Business Industry 90% detected security breaches 4 75% have financial loss from breaches 4 85% detected computer viruses 4 80% insider abuse of network access 4 95% of all breaches avoidable 5 Security 1 Source: Forrester Research 2 Source: Information Week, 26 November 2001 3 Source: Netcraft summary 4 Source: Computer Security Institute (CSI) Computer Crime and Security Survey 2002 5 Source: CERT, 2002 14B devices on the Internet by 2010 1 35M remote users by 2005 2 65% increase in dynamic Web sites 3

4 Impact to Microsoft Customers Source: Forrester (Mar 03), Can Microsoft Be Secure?

5 Security As An Enabler Lower Total Cost of Ownership Fewer vulnerabilities Simplify patch management Downtime is expensive Increase Business Value Connect with customers Integrate with partners Empower employees ROI Connected Productive Total Costs Dependable Best Economics

6 What is Trustworthy Computing? “Trustworthy Computing” means that users can trust computers and networks to be reliable, secure, and private. They can also trust those who provide products and services.

7 Trustworthy Computing

8 Patches proliferating Time to exploit decreasing Exploits are more sophisticated Current approach is not sufficient Security is our #1 Priority There is no silver bullet Change requires innovation 151 180 331 Blaster Welchia/ Nachi Nimda 25 SQL Slammer Days between patch and exploit Improving Security Responding to the Crisis

9 Security Researchers Discover vulnerabilities Collaborating to fix vulnerabilities Disclosing responsibly Fewer researchers disclosing irresponsibly; continuing to improve Exploit Coders Reverse-engineer patches & post exploit code to the Web Building community consensus that disclosure is not good Reaching out More industry experts are speaking out against exploit code Worm Builders Hack together worms with posted exploit code & worm toolkits Anti-Virus Reward Program Assisting with technical forensics work Two arrests around the Blaster worm What Microsoft is doing Results: The Exploit Process

10 You’ve Told Us Our Action Items “I can’t keep up…new patches are released every week” “The quality of the patching process is low and inconsistent” “I need to know the right way to run a Microsoft enterprise” “There are still too many vulnerabilities in your products” Provide Guidance and Training Mitigate Vulnerabilities Without Patches Continue Improving Quality Improve the Patching Experience

11 Progress To Date TAMs call Premier Customers proactively TAMs call Premier Customers proactively MSRC severity rating system MSRC severity rating system Free virus hotline Free virus hotline MSDN security guidance for developers MSDN security guidance for developers www.microsoft.com/technet/security www.microsoft.com/technet/security Office XP: Macros off by default Office XP: Macros off by default No sample code installed by default No sample code installed by default IIS and SQL Server off by default in Visual Studio.NET IIS and SQL Server off by default in Visual Studio.NET Deployment tools: MBSA, IIS Lockdown, SUS, WU, SMS Value Pack Deployment tools: MBSA, IIS Lockdown, SUS, WU, SMS Value Pack Created STPP to respond to customers Created STPP to respond to customers PAG for Windows 2000 Security Ops PAG for Windows 2000 Security Ops SD 3 + Communications Secure by Design Secure by Default Secure in Deployment Communications Security training for 11,000 engineers Security training for 11,000 engineers Security code reviews of old source Security code reviews of old source Threat modeling Threat modeling “Blackhat” test coverage “Blackhat” test coverage Buffer overrun detection in compile process Buffer overrun detection in compile process

12 Improve the Patching Experience New Patch Policies Extended security support to December 2004 Windows NT4 Server Security patches on a monthly predictable release cycle Allows for planning a predictable monthly test and deployment cycle Packaged as individual patches that can be deployed together NOTE: Exceptions will be made if customers are at immediate risk from viruses, worms, attacks or other malicious activities

13 Customer Pain Patch and update management is the #1 driver of dissatisfaction* among IT operations staff #1 activity that requires work after hours and on weekends #1 activity that’s a ‘waste of time’ *Based on results from survey of 462 IT Pros conducted in September 2003. Data shows % of total # of times the activity was listed as one of the top two drivers of 1) wasted time and 2) after hours or weekend work Activity SIT (1-3 SRVs) MIT/LIT (4-49 SRVs) EIT (50+ SRVs) 1. Updates, Patches, Hotfixes, Service Packs 16.9%22.7%22.6% 2. Application and SW Install / Upgrade 9.1%7.3%11.4% 3. Server – Management & Troubleshooting 3.9%8.3%6.3% ActivitySITMIT/LITEIT1. Updates, Patches, Hotfixes, Service Packs 20.7%22.9%25.6% 2. End User Support 11.7%15.3%8.8% 3. Communication / Meetings / Dealing with Corporate Issues 2.7%2.1%8.4%

14 By late 2004: Consolidation to 2 patch installers for W2k and later, SQL 2000, Office & Exchange 2003; all patches will behave the same way (update.exe, MSI 3.0) Improved tools consistency By mid-2004: Consistent results from MBSA, SUS, SMS, Windows Update (will all use SUS 2.0 engine for detection) Reduce patch complexity Reduce risk of patch deployment Now: Increased internal testing; customer testing of patches before release By mid-2004: Rollback capability for W2k generation products and later (MSI 3.0 patches) Reduce downtime Now: Continued focus on reducing reboots By late 2004: 30% of critical updates on Windows Server 2003 SP1 installed w/o rebooting (“hot patching”) Your Need Our Response Improve the Patching Experience Patch Enhancements Reduce patch size By late 2004: Substantially smaller patches for W2k generation and later OS & applications (Delta patching technology, next generation patching installers) Improved tools capabilities May 2004: Microsoft Update (MU) hosts patches for W2k server, and over time SQL 2000, Office & Exchange 2003 By mid-2004: SUS 2.0 receives content from MU & adds capabilities for targeting, basic reporting and rollback

15 Patching Technologies – SUS 1.0 Internal Windows Update Windows 2000 Professional, Windows 2000 Server, Windows XP, Windows Server 2003 For critical updates, security updates and service packs Administrators maintain control over which items are published

16 Windows Update Services Top Features Requested Software Update Services 1.0 SP1 Windows Update Services Support for service packs Install on SBS and domain controller Support for Office and other MS products Support additional update content types Update uninstall Update targeting Improve support for low bandwidth networks Reduce amount of data that needs to be downloaded Set polling frequency for downloading new updates Minimize need for end user interruption Emergency patch deployment (‘big red button’) * Deploy update for ISV and custom apps NT4 support

17 Global Education Program TechNet Security Seminars Monthly Security Webcasts www.microsoft.com/events New Prescriptive Guidance Patterns and practices How-to configure for security How Microsoft Secures Microsoft Online Community Security Zone for IT Professionals Authoritative Enterprise Security Guidance http://www.microsoft.com/technet/security/bestprac.asp Providing Guidance and Training IT Professionals

18 Make customer more resilient to attack, even when patches are not installed Help stop known & unknown vulnerabilities Goal: Make 7 out of every 10 patches installable on your schedule Beyond Patching

19 Windows XP SP2 Improved network protection Safer email and Web browsing Enhanced memory protection RTM based on customer feedback Windows Server 2003 SP1 Role-based security configuration Inspected remote computers Inspected internal environment RTM H2 CY04 Delivering Security Technologies

20 Security technologies for clients Security enhancements that protect computers, even without patches…included in Windows XP SP2; more to follow Helps stop network-based attacks, malicious attachments and Web content, and buffer overruns Network protection: Improved ICF, DCOM, RPC protection turned on by default Safer browsing: Pop-up blocking, protection from accidental installation of potentially malicious Web content Memory protection: Improved compiler checks to reduce stack overruns, hardware NX support Safer email: Improved attachment blocking for Outlook Express and IM What it is What it does Key Features

21 Securing the Server Platform Windows Server 2003 – Secure by Default IIS 6.0 Reduced Automatic Services Smart card requirements for administrative operations Limited use of blank passwords Encrypting the offline files database Software Restriction Policies Internet Connection Firewall IE Lockdown

22 Securing Active Directory Delegation of administration Security Policies Software Restriction Policies GPMC What-If Scenarios Import GPOs Cross-Forest Kerberos Trust Authentication Firewall SID Filtering Quotas Security Guides

23 Security technologies for Enterprises Only clients that meet corporate security standards can connect…included in Windows Server 2003 SP1; more to follow Protects enterprise assets from infected computers Role-based security configuration: Locks down servers for their specific task Inspected remote computers and internal environment: Enforce specific corporate security requirements such as patch level, AV signature level & firewall state Ensure these standards are met when VPN and local wired or wireless connections are made What it is What it does Key Features

24 Continue Improving Quality Trustworthy Computing Release Process M1 M2 Mn Beta Design Development Release Support Security Review Each component team develops threat models, ensuring that design blocks applicable threats Develop & Test Apply security design & coding standards Tools to eliminate code flaws (PREfix & PREfast) Monitor & block new attack techniques Security Push Team-wide stand down Threat model updates, code review, test & documentation scrub Security Audit Analysis against current threats Internal & 3 rd party penetration testing Security Response Fix newly discovered issues Root cause analysis to proactively find and fix related vulnerabilities Design docs & specifications Development, testing & documentation Product Service Packs, QFEs

25 Critical or important vulnerabilities in the first… 36 …90 days …180 days 821 TwC release? Yes No For some widely-deployed, existing products: Mandatory for all new products: Continue Improving Quality Bulletins since TwC release Shipped July 2002, 16 months ago (as of Nov. 2003) 1 Bulletins in 16 month period prior to TwC release 6 Service Pack 3 Bulletins since TwC release Shipped Jan. 2003, 10 months ago (as of Nov. 2003) 2 Service Pack 3 11 Bulletins in 10 month period prior to TwC release

26 Patch Investments Extended Support for NT4 Server Improved Patching Experience – Windows Update Services Global Education Effort 500,000 customers trained by June 2004 New Security “Expert Zone” PDC Security Symposium Security Innovations Security technologies for Windows client Security technologies for Windows server Commitment to Customers

27 H1 04 H2 04 FutureToday Extended support Monthly patch releases Baseline guidance Community Investments Windows XP SP2 Patching enhancements SMS 2003 Windows Update Services Microsoft Update Broad training Windows Server 2003 SP1 Security technologies Next generation inspection NGSCB Windows hardening Continued OS-level security technologies

28 Lockdown servers, workstations and network infrastructure Design and deploy a proactive patch management strategy Centralize policy and access management

29 Resources General http://www.microsoft.com/security Technical Resources for IT Professionals http://www.microsoft.com/technet/security Best Practices for Defense in Depth http://www.microsoft.com/technet/security/bestprac.asp How Microsoft Secures Microsoft http://www.microsoft.com/technet/itsolutions/msit/ security/mssecbp.asp http://www.microsoft.com/technet/itsolutions/msit/ security/mssecbp.asp MSDN Security Development Tools http://msdn.microsoft.com/security/downloads/tools/ default.aspx http://msdn.microsoft.com/security/downloads/tools/ default.aspx

30 © 2003 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.

31 Resources Enterprise Security Guidance Design and Deploy a Proactive Patch Management Strategy Microsoft Guide to Security Patch Management: http://www.microsoft.com/technet/security/topics/patch http://www.microsoft.com/technet/security/topics/patch Lockdown Servers, Workstations and Network Infrastructure Microsoft Windows XP Security Guide Overview - http://www.microsoft.com/technet/security/prodtech/winclnt/secwinxp/default.asp http://www.microsoft.com/technet/security/prodtech/winclnt/secwinxp/default.asp Threats and Countermeasures Guides for Windows Server 2003 and Windows XP: http://www.microsoft.com/technet/security/topics/hardsys/TCG/TCGCH00.asp http://www.microsoft.com/technet/security/topics/hardsys/TCG/TCGCH00.asp Windows Server 2003 Security: http://www.microsoft.com/technet/security/prodtech/win2003/w2003hg/sgch00.asp http://www.microsoft.com/technet/security/prodtech/win2003/w2003hg/sgch00.asp Securing your Network: http://msdn.microsoft.com/en ‑ us/dnnetsec/html/THCMCh15.asp http://msdn.microsoft.com/en ‑ us/dnnetsec/html/THCMCh15.asp http://msdn.microsoft.com/en ‑ us/dnnetsec/html/THCMCh15.asp Perimeter Firewall Service Design: http://www.microsoft.com/technet/itsolutions/msa/msa20ik/VMHTMLPages/VMHtm5 7.asp http://www.microsoft.com/technet/itsolutions/msa/msa20ik/VMHTMLPages/VMHtm5 7.asp http://www.microsoft.com/technet/itsolutions/msa/msa20ik/VMHTMLPages/VMHtm5 7.asp Network Access Quarantine for Windows Server 2003: http://www.microsoft.com/windowsserver2003/techinfo/overview/quarantine.mspx http://www.microsoft.com/windowsserver2003/techinfo/overview/quarantine.mspx Centralize Policy and Access Management Microsoft Identity and Access Management Solution: http://www.microsoft.com/technet/security/topics/identity/idmanage http://www.microsoft.com/technet/security/topics/identity/idmanage Architecture, Deployment, and Management: http://www.microsoft.com/technet/security/topics/architec http://www.microsoft.com/technet/security/topics/architec

32 Continue Improving Quality Making Progress.NET Framework (for 2002 & 2003) ASP.NET (for 2002 & 2003) Biztalk Server 2002 SP1 Commerce Server 2000 SP4 Commerce Server 2002 SP1 Content Management Server 2002 Exchange Server 2003 Host Integration Server 2002 Identity Integration Server 2003 Live Communications Server 2003 MapPoint.NET Office 2003 Rights Mgmt Client & Server 1.0 Services For Unix 3.0 SQL Server 2000 SP3 Visual Studio.NET 2002 Visual Studio.NET 2003 Virtual PC Virtual Server Windows CE (Magneto) Windows Server 2003 Windows Server 2003 ADAM 23 Products In the TwC Release Process

33 RatingDefinition Customer Action Critical Exploitation could allow the propagation of an Internet worm such as Code Red or Nimda without user action Apply the patch or workaround immediately Important Exploitation could result in compromise of the confidentiality, integrity, or availability of users’ data, or of the integrity or availability of processing resources Apply patch or workaround as soon as is feasible Moderate Exploitability is mitigated to a significant degree by factors such as default configuration, auditing, need for user action, or difficulty of exploitation Evaluate bulletin, determine applicability, proceed as appropriate Low Exploitation is extremely difficult, or impact is minimal Consider applying the patch at the next scheduled update interval Revised November 2002 More information at http://www.microsoft.com/technet/security/policy/rating.asp Improving Patching Experience Security Bulletin Severity Rating System Free Security Bulletin Subscription Service http://www.microsoft.com/technet/security/bulletin/notify.asp

34 The Forensics of a Virus Vulnerability reported to us / Patch in progress Bulletin & patch available No exploit Exploit code in public Worm in the world July 1July 16July 25Aug 11 Report Vulnerability in RPC/DDOM reported Vulnerability in RPC/DDOM reported MS activated highest level emergency response process MS activated highest level emergency response processBulletin MS03-026 delivered to customers (7/16/03) MS03-026 delivered to customers (7/16/03) Continued outreach to analysts, press, community, partners, government agencies Continued outreach to analysts, press, community, partners, government agenciesExploit X-focus (Chinese group) published exploit tool X-focus (Chinese group) published exploit tool MS heightened efforts to get information to customers MS heightened efforts to get information to customersWorm Blaster worm discovered –; variants and other viruses hit simultaneously (i.e. “SoBig”) Blaster worm discovered –; variants and other viruses hit simultaneously (i.e. “SoBig”) Blaster shows the complex interplay between security researchers, software companies, and hackers

35 Malicious Web content Buffer overrun attacks Port-based attacks Malicious e-mail attachments Malicious e-mail attachments Client Attack Vectors

36 Potentially infected remote client Potentially infected local client Enterprise Attack Vectors

37 Available Now 17 prescriptive books How Microsoft secures Microsoft Later this year and throughout 2004 More prescriptive & how-to guides Tools & scripts to automate common tasks Focused on operating a secure environment Patterns & practices for defense in depth Enterprise security checklist – the single place for authoritative security guidance Security Guidance for IT Pros

Download ppt "Enhancing Customer Security: Ongoing Efforts to Help Customers Dave Sayers Technical Specialist Microsoft UK."

Similar presentations

Patch Management Patch Management in a Windows based environment

Patch Management Patch Management in a Windows based environment
Incident Response Managing Security at Microsoft Published: April 2004.

Incident Response Managing Security at Microsoft Published: April 2004.
Desktop Value - Introducing Windows XP Service Pack 2 with Advanced Security Technologies Presenter: James K. Murray Title: Information Technologies Consultant.

Desktop Value - Introducing Windows XP Service Pack 2 with Advanced Security Technologies Presenter: James K. Murray Title: Information Technologies Consultant.
Introduction to Systems Management Server 2003 Tyler S. Farmer Sr. Technology Specialist II Education Solutions Group Microsoft Corporation.

Introduction to Systems Management Server 2003 Tyler S. Farmer Sr. Technology Specialist II Education Solutions Group Microsoft Corporation.
Microsoft Windows XP SP2 Urs P. Küderli Strategic Security Advisor Microsoft Schweiz GmbH.

Microsoft Windows XP SP2 Urs P. Küderli Strategic Security Advisor Microsoft Schweiz GmbH.
Enhancing Customer Security: Commitment and Progress Tyler S. Farmer Sr. Technology Specialist II Education Solutions Microsoft Corporation.

Enhancing Customer Security: Commitment and Progress Tyler S. Farmer Sr. Technology Specialist II Education Solutions Microsoft Corporation.
Microsoft Solutions for Security Security Patch Management Brodie Desimone, CISSP Senior Technology Specialist Michael Nowacki, CISSP.

Microsoft Solutions for Security Security Patch Management Brodie Desimone, CISSP Senior Technology Specialist Michael Nowacki, CISSP.
SAGE-AU Adelaide Windows Update Services Michael Kleef IT Pro Evangelist Microsoft Corporation Level 200.

SAGE-AU Adelaide Windows Update Services Michael Kleef IT Pro Evangelist Microsoft Corporation Level 200.
Securing your data Security with Microsoft Infrastructure and Internet Explorer Matt Kestian Strategic Security Advisor | National Security Team | Microsoft.

Securing your data Security with Microsoft Infrastructure and Internet Explorer Matt Kestian Strategic Security Advisor | National Security Team | Microsoft.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
Information for Developers Windows XP Service Pack 2 Information for Developers.

Information for Developers Windows XP Service Pack 2 Information for Developers.
1 Secure Your Business PATCH MANAGEMENT STRATEGY.

1 Secure Your Business PATCH MANAGEMENT STRATEGY.
Patching MIT SUS Services IS&T Network Infrastructure Services Team.

Patching MIT SUS Services IS&T Network Infrastructure Services Team.
Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.

Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.
Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.

Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.
Windows XP Professional Deployment and Support Microsoft IT Shares Its Experiences Published: May 2002 (Revised October 2004)

Windows XP Professional Deployment and Support Microsoft IT Shares Its Experiences Published: May 2002 (Revised October 2004)
Smart Card Deployment David Gautrey IT Manager – Microsoft New Zealaand Microsoft Corporation.

Smart Card Deployment David Gautrey IT Manager – Microsoft New Zealaand Microsoft Corporation.
Windows XP Service Pack 2 and the Microsoft Virtual Machine: Developer Implications Rudi Larno Developer & Platform Group Microsoft BeLux.

Windows XP Service Pack 2 and the Microsoft Virtual Machine: Developer Implications Rudi Larno Developer & Platform Group Microsoft BeLux.
Cliff Evans Security and Privacy Lead Trustworthy Computing Group Microsoft UK.

Cliff Evans Security and Privacy Lead Trustworthy Computing Group Microsoft UK.

Similar presentations

Ads by Google