Server Security Technologies

Slides:



Advertisements
Similar presentations
Securing Network – Wireless – and Connected Infrastructures
Advertisements

Unified. Simplified. Unified Communications Launch 2007.
Enabling IPv6 in Corporate Intranet Networks
Microsoft Security Solutions A Great New Way of Making $$$ !!! Jimmy Tan Platform Strategy Manager Microsoft Singapore.
Network Security In Education A Balancing Act Doug Klein CTO Vernier Networks, Inc.
Unleashing the Power of Ubiquitous Connectivity with IPv6 Sandeep K. Singhal, Ph.D Director of Program Management Windows Networking.
Securing Exchange, IIS, and SQL Infrastructures
Module 3 Windows Server 2008 Branch Office Scenario.
Ronald Beekelaar Beekelaar Consultancy Forefront Overview.
Secure Messaging Nick Hall & James Clifford Microsoft.
Ronald Beekelaar Beekelaar Consultancy Forefront Overview.
Security and Policy Enforcement Mark Gibson Dave Northey
Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.
Morris Bennett Altman Director of Network Services Internet Security Officer Queens College, CUNY Are You Exposed? Network Security.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Chapter 6 Configuring, Monitoring & Troubleshooting IPsec
Windows Azure Networking & Active Directory Nasir (Muhammad Nasiruddin) Developer Evangelist - Azure Microsoft Corporation
Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326.
Chapter 2 Information Security Overview The Executive Guide to Information Security manual.
Network LANscape Servers & Equipment Found In a Typical Local Area Network (LAN) By George Squillace New Horizons of MichiganGeorge Squillace MCT, MCSE,
How STERIS is using Cloud Technology to Protect Web Access Presented By: Ed Pollock, CISSP-ISSMP, CISM CISO STERIS Corporation “Enabling Business”
Module 9: Configuring IPsec. Module Overview Overview of IPsec Configuring Connection Security Rules Configuring IPsec NAP Enforcement.
11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
CPT 123 Internet Skills Class Notes Internet Security Session A.
Module 6: Integrating ISA Server 2004 and Microsoft Exchange Server.
Customers Security in Context Microsoft & Office 365 / Azure Cloud Security Engagement Framework & References Real World application Frameworks.
Forefront – Security in Education Stephen Cakebread Security Solutions Sales Professional Microsoft Corporation.
SharePoint in the Education Space Presented by: Daniel Petersen Director of Business Solutions Applied Tech.
Security fundamentals Topic 10 Securing the network perimeter.
Securing the Branch Office Fred Baumhardt & Sandeep Modhvadia Security Technology Architects Microsoft.
Securing Against Malware Nick Hall and Fred Baumhardt Security Technology Architects Microsoft EMEA.
Be Microsoft’s first and best customer Enabling world-class and predictable customer, client, and partner experience Protecting Microsoft’s physical and.
Asif Jinnah Field Desktop Services Enabling a Flexible Workforce, an insider’s view.
Barracuda Networks. Safe Public Cloud Transitions Why Barracuda? The Challenge When organizations move workloads to the public cloud, data protection.
Security fundamentals
Barracuda SSL VPN Remote, Authenticated Access to Applications and Data.
Barracuda SSL VPN Remote, Authenticated Access to Applications and Data Version 2.6 | July 2014.
Secure Single Sign-On Across Security Domains
Chapter 7. Identifying Assets and Activities to Be Protected
Stop Those Prying Eyes Getting to Your Data
Virtual Private Networks
Critical Security Controls
Module Overview Installing and Configuring a Network Policy Server
Configuring Windows Firewall with Advanced Security
Securing the Network Perimeter with ISA 2004
ExpressRoute for Office 365 Training
Living in a Network Centric World
Living in a Network Centric World
Forefront Security ISA
To Join the Teleconference
IS4550 Security Policies and Implementation
Managing Exchange Online using PowerShell
Check Point Connectra NGX R60
Living in a Network Centric World
SharePoint Online Hybrid – Configure Outbound Search
Contact Center Security Strategies
Living in a Network Centric World
Lecture 3: Secure Network Architecture
Implementing Client Security on Windows 2000 and Windows XP Level 150
Living in a Network Centric World
Living in a Network Centric World
Living in a Network Centric World
Living in a Network Centric World
Designing IIS Security (IIS – Internet Information Service)
Living in a Network Centric World
Session 20 INST 346 Technologies, Infrastructure and Architecture
In the attack index…what number is your Company?
Security Insights: Secure Messaging
Living in a Network Centric World
Presentation transcript:

Server Security Technologies Microsoft TechNet Seminar 2006 Server Security Technologies (not Dr.) Fred Baumhardt Security Technology Architect Microsoft Incubation fred@microsoft.com Seminar Name

Microsoft TechNet Seminar 2006 Server Security Microsoft TechNet Seminar 2006 How not to do it This is not the way to protect your front perimeter or edge Seminar Name

Infrastructure Security Architecture Security

Root Causes Enterprise organically grown under “Project” context Infrastructure Architecture Enterprise organically grown under “Project” context Security was Secondary – vendors no best practice Internal Network wide open – everything to everything 0 day undefended – patch is the solution Classic Security Perimeter Unmanaged Unpatched Internet Some Core Systems Extranets Internet Systems Project 1…n System Branch Offices Departments This will Save Me !

Microsoft TechNet Seminar 2006 Security Rules The Biology of Security Worms are Anonymous – they don’t carry your password database…. Pathogens Break protocol rules – you wrote a buffer for 72 characters – attacker sent you 182 Worms send clients something they didn’t ask for Authenticate Traffic – Stops foreign Infection Enforce Protocol Rules at the Network Device – things that break are dropped Don’t process traffic that you didn’t ask for, understand protocols and know what to expect Seminar Name

Server Auth Auth at all levels

Plan + Execute Wipe Out Attack Classes example Outbound Proxy Zone Internet Redundant Routers Redundant Firewalls NIC teams/switches Control Zone Control Zone Control Zone Control Zone Outbound Proxy Zone ExtranetData Network – SQL Presentation Inbound Proxy Control Zone Control Zone Control Zone Control Zone Application Servers Control Zone Control Zone Control Zone Control Zone Data Network – SQL Server Clusters Infrastructure Network – Internal Active Directory Messaging Network – Exchange FE Messaging Network – Exchange BE Control Zone Control Zone Control Zone Control Zone Client Networks 1…n RADIUS Network Intranet Network - Web Servers Management Network – MOM, deployment

Microsoft TechNet Seminar 2006 Plan + Execute Wipe Out Attack Classes NAP and Domain I NAP (will) and Domain Isolation (has) become the standard which new systems roll out to X NAP – can I get onto the network – are you healthy ? Network pre-auth, must be managed to get on. Domain Isolation – Assuming you are healthy where can you go, and what can you do ?   X Seminar Name

Infrastructure Security ForeFront Security

Capabilities Outsource the Risk Resolve the Risk Ignore the Risk Understand The Risks Define the Strategy How Much Risk can we tolerate ? Does it aggregate ? Outsource the Risk Resolve the Risk Ignore the Risk Outsource the risk to others Buy managed services Hire Consultants (outsource blame) Transformation required To prevent re-occurence Should Wipe out Class of risk Quantify Risk and impact Decommission/Transition Allow long term “project” to fix it Low enough risk/cost ratio to allow .

Forefront Naming Transition Previous Current H2 2006 2007+ Client Server Edge TBD TBD

Its about securing the workload Microsoft TechNet Seminar 2006 Its about securing the workload Simple malware at client or server base insufficient Multiple malware vendors scanning traffic inside data repository, need engines per repository For mail, do it at edge and cloud, but other protocols are attacked internally, so protection should be internal Seminar Name

Workload Malware Approach Microsoft TechNet Seminar 2006 Workload Malware Approach Antigen IM and Documents Live Communications Server Antigen EHS SharePoint Server E-mail ISA Server Antigen Exchange Hosted Services Antigen Exchange Front End Servers Exchange & BES Servers Seminar Name

Malware Engines across Products Microsoft TechNet Seminar 2006 Malware Engines across Products Seminar Name

Plan + Execute Admin Training is Key – Users can be useful to IT The Training and Feelings of IT Admin Training is Key – Users can be useful to IT Admins– (like pets ) can Help You – If you train them Work with your new IT to let them understand your architecture and why Security Policy should be open to be evolved, and should be enforced and challenged to application paradigms Application and Infrastructure admins should treat security and FW admins as peers Be Sensitive to Jobs and Roles, re-skilling is pain

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.