Security in the Real World – Plenary Day One

Slides:

Advertisements

Similar presentations

Network Access Protection & Network Admission Control March 10, 2005 Teerapol Tuanpusa Network Consultant Cisco Systems Thailand Jirat Boomuang Technology.

Advertisements

Microsoft ® System Center Configuration Manager 2007 R3 and Forefront ® Endpoint Protection Infrastructure Planning and Design Published: October 2008.

Unified. Simplified. Unified Communications Launch 2007.

Unleashing the Power of Ubiquitous Connectivity with IPv6 Sandeep K. Singhal, Ph.D Director of Program Management Windows Networking.

SAGE-AU Adelaide Windows Update Services Michael Kleef IT Pro Evangelist Microsoft Corporation Level 200.

Implementing Server Security on Windows 2000 and Windows Server 2003 Steve Lamb Technical Security Advisor

Patching MIT SUS Services IS&T Network Infrastructure Services Team.

Windows XP Professional Deployment and Support Microsoft IT Shares Its Experiences Published: May 2002 (Revised October 2004)

Cliff Evans Security and Privacy Lead Trustworthy Computing Group Microsoft UK.

Patch Management Strategy

IT:Network:Microsoft Applications

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security of Communication & IT systems Bucharest, 21 st September 2004 Stephen McGibbon Chief Technology Officer, Eastern Europe, Russia & CIS Senior Director,

1 © 2006 Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Using the Cisco Technical Support & Documentation Website for Security.

Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

1. Windows Vista Enterprise And Mid-Market User Scenarios 2. Customer Profiling And Segmentation Tools 3. Windows Vista Business Value And Infrastructure.

Deploying PKI Inside Microsoft The experience of Microsoft in deploying its own corporate PKI Published: December 2003.

 Protect customers with more secure software  Reduce the number of vulnerabilities  Reduce the severity of vulnerabilities  Address compliance requirements.

The Trustworthy Computing Security Development Lifecycle Steve Lipner Director of Security Engineering Strategy Security Business and Technology Unit.

Virtual techdays INDIA │ 9-11 February 2011 Security Discussion: Ask the Experts M.S.Anand │ MTC Technology Specialist │ Microsoft Corporation Anirudh.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Module 14: Configuring Server Security Compliance

Security Development Lifecycle: Changing the Software Development Process to build in Security from the start Eric Bidstrup Ellen Cram Kowalczyk Security.

K E M A, I N C. Ten Steps To Secure Control Systems APPA 2005 Conference Session: Securing SCADA Networks from Cyber Attacks Memphis, TN April 18, 2005.

DEV 303 Visual Studio "Whidbey" Enterprise Tools: Source Control and Work Item Tracking Brian Harry Product Unit Manager Microsoft Visual Studio.

The Infrastructure Optimization Journey Kamel Abu Ayash Microsoft Corporation.

Raj Natarajan National Technology Specialist Microsoft Australia.

Security Assessment Tools Paula Kiernan Senior Consultant Ward Solutions.

Paul Butterworth Management Technology Architect

Module 6: Designing Security for Network Hosts

Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.

Microsoft Belgium Security Summit Georges Ataya S olvay B usiness S chool, ISACA Belux Detlef Eckert Microsoft EMEA.

Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.

Managed Support CSM Event – 1 st June Steven Grier Premier Support Manager Premier Support.

© 2008 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED,

Implementing Server Security on Windows 2000 and Windows Server 2003 Fabrizio Grossi.

Advancing Security Progress and Commitment Stuart Okin Chief Security Advisor – Microsoft UK Delivering on security (an update on progress)

Advancing Security Progress and Commitment. Individual control of personal data Products, online services adhere to fair information principles Protects.

Importance of Physical Security Common Security Mistakes 1.Security Awareness 2.Incident Response 3.Poor Password Management 4.Bad administrative.

Arend-Jan Speksnijder Solutions Architect Microsoft Dynamics Lighthouse team Dynamics AX2009 Technical Overview and Demo (DYN301)

Security for Mere Mortals Steve Lamb Technical Security Advisor Microsoft Ltd.

IS3220 Information Technology Infrastructure Security

Infrastructure for the People-Ready Business. Presentation Outline POINT B: Pro-actively work with your Account manager to go thru the discovery process.

Securing Tomorrow’s World Microsoft Security Roadmap Ed Gibson & Steve Lamb Microsoft Ltd.

Asif Jinnah Field Desktop Services Enabling a Flexible Workforce, an insider’s view.

David B. Cross Product Unit Manager Microsoft Corporation Session Code: SIA303 Donny Rose Senior Program Manager.

CS457 Introduction to Information Security Systems

Deployment Planning Services

Configuring Windows Firewall with Advanced Security

Security Insights: How Microsoft Secures IT

BRK2264 Move 13,000+ global Dynamics CRM users from on-premises to Online at Caterpillar Inc. Todd Byrne & John Finney 1 Business Unit Name Here.

Threat Management Gateway

Hyper-V Cloud Proof of Concept Kickoff Meeting <Customer Name>

Microsoft’s Security Strategy

9/19/2018 5:55 AM How Microsoft does IT: Modern Cloud management with Operations Management Suite Seth Malcolm IT Showcase © Microsoft Corporation. All.

Performance Management Microsoft Office PerformancePoint Server 2007

11/23/2018 3:03 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

Applied Security Strategies

{ Security Technologies}

DAT381 Team Development with SQL Server 2005

Implementing Client Security on Windows 2000 and Windows XP Level 150

Delivering great hardware solutions for Windows

5/12/2019 2:57 PM © Microsoft Corporation. All rights reserved.

Agenda The current Windows XP and Windows XP Desktop situation

Microsoft Virtual Academy

Implementing Security Patch Management

In the attack index…what number is your Company?

Using Software Restriction Policies

Earning to be Trusted Advisor

Presentation transcript:

Security in the Real World – Plenary Day One Steve Lamb Technical Security Advisor http://blogs.msdn.com/steve_lamb stephlam@microsoft.com

Event Information Agenda Four tracks simultaneously over two days Developer IT Professional Security Developer Chalk & Talks - optional

Agenda Announcements Introduction to the in depth sessions Practical Advice for Real-world problems IT Showcase Prescriptive Guidance An update on Trustworthy Computing

Announcements http://www.gatekeepertest.com Industry Insiders Q & A @ 5:30 – 6:30 in the Chalk ‘n’ Talk area Gatekeeper Test http://www.gatekeepertest.com Two questions per day Over two weeks UK Champ, EMEA Champ Tablet PC, VIP Ticket to TechEd

Situation - Security Population is increasingly computer literate Literacy is actually less important for some attacks Internet is a great medium for committing crime Global Connectivity Anonymity Lack of Traceability Time to exploit decreasing

Security Enabled Business ROI Connected Productive Increase Business Value Connect with customers Integrate with partners Empower employees Risk Level Impact to Business Probability of Attack Reduce Security Risk Assess the environment Improve isolation and resiliency Develop and implement controls

Essentials of Security The art of enabling your business to share information with your customers and partners AND NO ONE ELSE – do more with less risk  increase profits A holistic view of security is required Process and Procedures are as important as technical measures Apply Best Practises

Implementing Security Patch Management Take control of Anarchy Reduce the impact of patching Automation of patching SUS / WUS SMS MBSA Compliance & Bulletins

Implementing Server Security Active Directory can be your best friend! Apply security policy via OU Get benefit from Security Templates Role based security

Implementing Client Security Apply Group Policy & Administrative templates Software Restriction Policies Anti-Virus Distributed firewalls Configuring Office & IE for high security

Implementing Network and Perimeter Security Take control of your Wireless Infrastructure! Introductory Session Network segmentation via IPSEC Hardware & Software firewalls Application Layer Firewalling

TwC Commitments Security Privacy Reliability Business Integrity Security Development Lifecycle Patch Management Tools Better guidance Privacy Short form notices Enable and respect user choice Work w/Gov./Industry on Privacy best practices (e.g., spam) Provide thought leadership Reliability Publish Engineering Excellence guides Continuous improvement tools Better ways to measure and manage servers Business Integrity Manage expectations w/honest commitments Be Transparent Listen – and close the loop When changes occur, proactively communicate these changes Trustworthy Computing www.microsoft.com/TwC

Security D3 + C Secure by Design Secure by Default Mandatory training Build threat models Conduct code reviews and penetration testing Use automated code review tools Architect for security (doctrine of least privilege) Secure by Design Features off by default (20+ in Windows Server 2003) Windows Server 2003: 60% less attack surface area by default than Windows NT 4.0 SP3 Secure by Default Better prescriptive guidance (configuration guides) Better management tools Better patches and patch management tools Secure in Deployment Writing Secure Code 2.0; Threat Modeling, SDL Patch Management White Papers Better education: MCSE/MCSA Monthly Bulletin Communication/Webcasts Communications

Security Progress Bulletins since TwC release Shipped July 2002 Bulletins in prior period 7 Service Pack 3 1 Bulletins since TwC release Shipped Jan. 2003 3 Service Pack 3 Bulletins in prior period 14 Critical or important vulnerabilities in the first… …365 days …455 days TwC release? 13 16 42 55 Yes No

Guidance and Tools Delivering Support, Creating Community Security tools Microsoft Baseline Security Analyzer http://www.microsoft.com/technet/Security/tools/default.mspx Security Bulletin Search Tool http://www.microsoft.com/technet/security/current.aspx Guidance and training Security Guidance Center http://www.microsoft.com/security/guidance/default.mspx E-Learning Clinics https://www.microsoftelearning.com/security/ Community engagement Newsletters http://www.microsoft.com/technet/security/secnews/newsletter.htm Webcasts and chats http://www.microsoft.com/seminar/events/security.mspx

Event Information What’s Next? Technical Roadshow Post Event Website www.microsoft.com/uk/techroadshow/postevents Available from Monday 18th April Please complete your Evaluation Form!

© 2004 Microsoft Corporation. All rights reserved. http://www.microsoft.com/TwC © 2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.