按一下以編輯母片文字樣式 第二層 第三層 第四層 第五層 Microsoft Security Response Center Presented by Fan Chiang, Chun-Wei( 范姜竣韋 ) 2016/2/16 1 OPLab, NTUIM.

Slides:



Advertisements
Similar presentations
Windows XP Tutorial Securing Windows. Introduction This presentation will guide you through basic security principles for Windows XP.
Advertisements

© Leaf Solutions, LLC. All Rights Reserved What’s New in Everett Microsoft.Net V1.1.
Windows 7 Project and Heartbleed Update Sian Shumway Director, IT Customer Service.
Upgrading Software CIT 1100 Chapter4.
Chapter 5: Common Support Problems
Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
Requirements Structure 2.0 Clark Elliott Instructor With debt to Chris Thomopolous and Ali Merchant Original Authors.
按一下以編輯母片標題樣式 按一下以編輯母片 第二層 第三層 第四層 第五層 1 按一下以編輯母片標題樣式 按一下以編輯母片 第二層 第三層 第四層 第五層 1 Problem E: Jolly Jumpers A sequence of n > 0 integers is called a jolly.
Best Practices – Overview
按一下以編輯母片標題樣式 按一下以編輯母片 第二層 第三層 第四層 第五層 1 Analog IC Scenarios 1 Chung Yuan.
Computer Security and Penetration Testing
1 Secure Your Business PATCH MANAGEMENT STRATEGY.
Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.
© 2010 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. David Lenoe | Wendy Poland Bullseye on Your Back Life on the Adobe Product.
What Causes Software Vulnerabilities? _____________________ ___________ ____________ _______________   flaws in developers own code   flaws resulting.
Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.
Chapter 17 Acquiring and Implementing Accounting Information Systems
IT:Network:Microsoft Applications
Desktop Security: Worms and Viruses Brian Arkills, C&C NDC-Sysmgt.
Norman SecureSurf Protect your users when surfing the Internet.
Microsoft October 2004 Security Bulletins Briefing for Senior IT Managers updated October 20, 2004 Marcus H. Sachs, P.E. The SANS Institute October 12,
Vulnerabilities. flaws in systems that allow them to be exploited provide means for attackers to compromise hosts, servers and networks.
Cyber Patriot Training
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
UNIT 4 ASSIGNMENT VIRUSES & DESTRUCTIVE PROGRAMS.
1 Software Testing (Part-II) Lecture Software Testing Software Testing is the process of finding the bugs in a software. It helps in Verifying and.
Information Systems Security Computer System Life Cycle Security.
Software Engineering Modern Approaches
Software Assurance Session 15 INFM 603. Bug hunting vs. vulnerability spotting Bugs are your code not behaving as you designed it. Many can be found by.
Viruses & Destructive Programs
Copyright © Microsoft Corp 2006 Pragmatic Secure Design: Attack Surface Reduction Shawn Hernan Security Program Manager Security Engineering and Communication.
1 ISA&D7‏/8‏/ ISA&D7‏/8‏/2013 Systems Development Life Cycle Phases and Activities in the SDLC Variations of the SDLC models.
Introduction to Computer Ethics
Building an Agile Datacenter with Deployment Standards Jonathan Richey | Director of Development | Altiris Sam Rosenbalm | Director of Microsoft Alliance.
1 Anti Hacker Poetry in the Mac OS X Your karma check for today: There once was a user that whined/ his existing OS was so blind/ he'd do better to pirate/
1 Precise Enforcement of Policies After we have a policy, is there always a mechanism to enforce it? If so, can we devise a generic procedure for developing.
1 © 2004, Cisco Systems, Inc. All rights reserved. CISCO CONFIDENTIAL Using Internet Explorer 7.0 to Access Cisco Unity 5.0(1) Web Interfaces Unity 5.0(1)
IT Essentials 1 Chapter 9 JEOPADY RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.
Dropbox security glitch CASE STUDY Lewis Scaife SYSM 6309 Advanced Requirements Engineering Summer 2013 Professor – Dr. Lawrence Chung.
Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.
Microsoft Security Response Center Presented by Fan Chiang, Chun-Wei( 范姜竣韋 ) 2015/11/14 1 NTUIM.
©Ian Sommerville 2004Software Engineering Case Studies Slide 1 The Internet Worm Compromising the availability and reliability of systems through security.
Juan Ortega 12/15/09 NTS355. Microsoft Security Advisory (977544) Vulnerability in SMB Could Allow Denial of Service Flaw on SMBv2 supposedly opened two.
Security Vulnerabilities in A Virtual Environment
The Digital Crime Scene: A Software Perspective Written By: David Aucsmith Presented By: Maria Baron.
Writing Security Alerts tbird Last modified 2/25/2016 8:55 PM.
Security Threats Caela Harris. What is a Virus A computer virus or a computer worm is a malicious software program that can self replicate on computer.
Full Disclosure: Is It Beneficial? Project Based Information Systems Tim Schultz 12/02/02.
Vulnerabilities in Operating Systems Michael Gaydeski COSC December 2008.
John Samuels October, Why Now?  Vista Problems  New Features  >4GB Memory Support  Experience.
Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.
PCs ENVIRONMENT and PERIPHERALS Lecture 10. Computer Threats: - Computer threats: - It means anything that has the potential to cause serious harm to.
By the end of this lesson you will be able to: 1. Determine the preventive support measures that are in place at your school.
Zero Day Attacks Jason Kephart. Purpose The purpose of this presentation is to describe Zero-Day attacks, stress the danger they pose for computer security.
NETWORK SECURITY LAB 1170 REHAB ALFALLAJ CT1406. Introduction There are a number of technologies that exist for the sole purpose of ensuring that the.
Chapter 9 Testing the System 9.1 Principles of System Testing Focus A: The objective of unit and integration ensure the code implemented the design.
Founded by Big Five Consulting ex-employees Oracle Gold Partner Focus on PeopleSoft 15 years of PeopleSoft experience Worked in both technical and functional.
Lesson 19: Configuring and Managing Updates
Three steps to prevent Malware infection
How to Fix Microsoft Office Error 2932 at Support Number
How to Install BitDefender Antivirus?
Mcafee updates Mcafee antivirus uses a database of known virus definitions to identify malware and other threats on your computer system. So it is important.
ILMT/BigFix Inventory Demo
Figure 6-4: Installation and Patching
David J. Carter, CISO Commonwealth Office of Technology
Test 3 review FTP & Cybersecurity
Presentation transcript:

按一下以編輯母片文字樣式 第二層 第三層 第四層 第五層 Microsoft Security Response Center Presented by Fan Chiang, Chun-Wei( 范姜竣韋 ) 2016/2/16 1 OPLab, NTUIM

Microsoft Security Response Center 按一下以編輯母片文字樣式 第二層 第三層 第四層 第五層 Agenda Background Case Current Problem MSRC Security Vulnerability Problem Solving Process ▫Workarounds ▫Service Packs ▫Patches  4 phases of patch developing Follow-up Question 2016/2/16 2 OPLab, NTUIM

Microsoft Security Response Center 按一下以編輯母片文字樣式 第二層 第三層 第四層 第五層 Background According to a 2000 study of IDC : Data security budget in 2003 had risen to 14.8 billion from 6.2 billion in 1999 Of all the technologies, the Internet has proven to be the greatest threat to data security. Because of three reasons : ▫Scope ▫Anonymity ▫Reproducibility 2016/2/16 3 OPLab, NTUIM

Microsoft Security Response Center 按一下以編輯母片文字樣式 第二層 第三層 第四層 第五層 2016/2/16 4 OPLab, NTUIM

Microsoft Security Response Center 按一下以編輯母片文字樣式 第二層 第三層 第四層 第五層 2016/2/16OPLab, NTUIM 5

Microsoft Security Response Center 按一下以編輯母片文字樣式 第二層 第三層 第四層 第五層 Case Security program manager of MSRC Scott Culp v.s. CyBER Paladin(CyP) Security Vulnerability of MS IIS(version4.0 、 5.0) “Canonicalization Error” CyP planned to post his findings publicly “within few days.” 2016/2/16 6 OPLab, NTUIM

Microsoft Security Response Center 按一下以編輯母片文字樣式 第二層 第三層 第四層 第五層 Current Problem Contact the IIS development team and get them on their situation. Legitimize the security vulnerability. 2016/2/16 7 OPLab, NTUIM

Microsoft Security Response Center 按一下以編輯母片文字樣式 第二層 第三層 第四層 第五層 MSRC MSRC has eliminated over 150 security vulnerabilities through roughly 40 MS products. The goal of MSRC : Protect users by eliminating security vulnerabilities. The majority support activity of MSRC : Once the vulnerability was identified, MSRC worked with the relevant product development team to find a solution. 2016/2/16 8 OPLab, NTUIM

Microsoft Security Response Center 按一下以編輯母片文字樣式 第二層 第三層 第四層 第五層 MSRC (con’t) Forms and types of vulnerabilities : ▫Virus 、 worms 、 incorrectly-configured systems, password written on sticky pads. Security vulnerability definition of MS : ▫As a flaw in a product that makes it infeasible - even when using the product properly - to prevent attackers from usurping privileges on the user’s system, regulating its operation, compromising data on it or assuming ungranted trust. 2016/2/16 9 OPLab, NTUIM

Microsoft Security Response Center 按一下以編輯母片文字樣式 第二層 第三層 第四層 第五層 Security Vulnerability Problem Solving Process Step 1 : Obtain information about possible security problems. Step 2 : Perform Initial Triage. ▫- Working with customer to gather more information on the problem ▫- Testing reported configuration ▫- Informing the user about patches or workarounds already release Step 3 : Involve Product Team. 2016/2/16 10 OPLab, NTUIM

Microsoft Security Response Center 按一下以編輯母片文字樣式 第二層 第三層 第四層 第五層 Security Vulnerability Problem Solving Process (con’t) Step 4 : Devise Solution Alternatives. ▫- Server-side fixes ▫- Workarounds ▫- Service Packs ▫- Patches Step 5 : Implement Solutions. Step 6 : Press Response 2016/2/16 11 OPLab, NTUIM

Microsoft Security Response Center 按一下以編輯母片文字樣式 第二層 第三層 第四層 第五層 Security Vulnerability Problem Solving Process - Step 4 Workarounds : Provide the user with a alternative method of using the product that prevents a vulnerability from being exploited. Service Packs : A scheduled, periodic software update that corrected a large number of bugs, including security vulnerabilities. Patches : Used when the vulnerability needs to be fixed immediately. 2016/2/16 12 OPLab, NTUIM

Microsoft Security Response Center 按一下以編輯母片文字樣式 第二層 第三層 第四層 第五層 4 phases of patch developing Phase 1 : Create a “Private build,” and Undergo initial testing. Phase 2 : Proceed to “War Team”. They challenge the developer to show that the “Private build” is necessary and the engineering solution is correct. 2016/2/16 13 OPLab, NTUIM

Microsoft Security Response Center 按一下以編輯母片文字樣式 第二層 第三層 第四層 第五層 4 phases of patch developing (con’t) Phase 3 : Formal testing and Conduct full compatibility testing. Phase 4 : Develop installer package of each version of the affected product. And then the packages are signed (by MS) and retested. 2016/2/16 14 OPLab, NTUIM

Microsoft Security Response Center 按一下以編輯母片文字樣式 第二層 第三層 第四層 第五層 Security Vulnerability Problem Solving Process (con’t) Step 4 : Devise Solution Alternatives. ▫- Workarounds ▫- Service Packs ▫- Patches Step 5 : Implement Solutions. ▫Build bulletin and knowledge base, then Release the patches or workarounds. Step 6 : Press Response 2016/2/16 15 OPLab, NTUIM

Microsoft Security Response Center 按一下以編輯母片文字樣式 第二層 第三層 第四層 第五層 Follow-Up (B) Good news : The IIS development team knew that this security problem was solved by a already released patch months ago. Bad news : Due to the issue was complex, affected few users and some mitigating factors, few customers had installed the corresponding patch. 2016/2/16 16 OPLab, NTUIM

Microsoft Security Response Center 按一下以編輯母片文字樣式 第二層 第三層 第四層 第五層 Canonicalization Error Security Vulnerability of MS IIS(version4.0 、 5.0) “Canonicalization Error” ▫c:\dir\test.dat, test.dat, and..\..\test.dat might all refer to the same file like c:\dir\test.dat. ▫c:\inetpub\wwwroot\test1\test2\test.asp ▫ asp (VIRTUAL) ▫ (PHYSICAL) 2016/2/16OPLab, NTUIM 17

Microsoft Security Response Center 按一下以編輯母片文字樣式 第二層 第三層 第四層 第五層 Follow-Up (B) (con’t) First, release the information as quickly as possible, in case malicious users were already compromising web sites. Second, and equally important, once the bulletin was released, the whole world needed to be informed as quickly as possible. Otherwise hackers would start attacking the stragglers. 2016/2/16 18 OPLab, NTUIM

Microsoft Security Response Center 按一下以編輯母片文字樣式 第二層 第三層 第四層 第五層 Follow-Up (C) MSRC decided to keep the security vulnerability problem under wraps over the weekend. MSRC asked TAMs to support the patch installation on customers’ machines. 2016/2/16 19 OPLab, NTUIM

Microsoft Security Response Center 按一下以編輯母片文字樣式 第二層 第三層 第四層 第五層 Question How could Culp solve this security problem before the attacker compromising Web sites running MS IIS ? Whether take a calculated risk and wait an extra day in order to prepare the patch in multiple languages? 2016/2/16OPLab, NTUIM 20