Presentation is loading. Please wait.

Presentation is loading. Please wait.

Microsoft’s Security Strategy

Published byDorothy Burke Modified over 6 years ago

Similar presentations

Presentation on theme: "Microsoft’s Security Strategy"— Presentation transcript:

1 Microsoft’s Security Strategy
Detlef Eckert Chief Security Advisor Microsoft Europe, Middle East, Africa

2 Understanding the Attacker Landscape
National Interest Personal Gain Personal Fame Curiosity Spy Fastest growing segment Thief Tools created by experts now used by less skilled attackers and criminals Trespasser Vandal Author Script-Kiddy Hobbyist Hacker Expert Specialist

3 Microsoft’s security strategy in five steps
Step One: Secure the platform Designing a more resilient architecture Writing code with fewer vulnerabilities Reducing the attack surface

4 Software Vulnerabilties in Context
Intended Behavior Actual Behavior Most Security Bugs Traditional Bugs Threat-based design and Development Investment in tools and research

5 Security Development Lifecycle (SDL)
Requirements Design Response Security has become an integrated part of the software development process Implementation Release Verification

6 SDL At Work – MS03-007 The underlying DLL (NTDLL.DLL) not vulnerable
Code made more conservative during Security Push Even if it were vulnerable IIS 6.0 not running by default on Windows Server 2003 Even if it were running IIS 6.0 doesn’t have WebDAV enabled by default Even if it did have WebDAV enabled Maximum URL length in IIS 6.0 is 16kb by default (>64kb needed) Even if the buffer were large enough Process halts rather than executes malicious code, due to buffer-overrun detection code (-GS) Even if there were an exploitable buffer overrun Would have occurred in w3wp.exe which is now running as ‘network service’

7 SDL At Work – Number of Security Bulletins
64 27 628

8 Microsoft’s security strategy in five steps
Step Two: Improve Update Management Improve Patch Quality Unique Update Experience Rollback Facility Monthly Update Cycle Advanced Update Notification Security Advisory Tools and Management Software

9 “Microsoft Update” (Windows Update)
Download Center Office Update VS Update Future Today AutoUpdate Windows, SQL, Exchange, Office… Windows only Windows Update Services SUS SMS Windows, SQL, Exchange, Office… Windows only Windows, SQL, Exchange, Office…

10 Microsoft’s security strategy in five steps
Step Three: Active Protection Technology Windows Firewall ISA Server Anti-Virus (GeCAD, Sybari) Anti-Spyware More in planning (e.g. vulnerability assessment)

11 Complements traditional Antivirus technologies by providing one tool that removes prevalent viruses and worms from a PC Updated monthly to remove prevalent malware Targeted at consumers without antivirus Enterprise deployable as part of a defense-in-depth strategy Available through: Windows Update Auto Update Online interface MS Download Center Distributed to over 125M PCs

12 Cleaner Statistics (as of 11 March 2005)
Release Days Live Executions Disinfections Value % January 28 124,613,632 239,197 0.1920% February 118,209,670 351,135 0.2970% March 5 84,013,460 149,981 0.1785% Total 61 326,836,762 740,313 0.2265% Source: Microsoft

13 Spyware removal reduces PC slow down, pop-up ads, and more
Scheduled scans help maintain PC security and privacy Continuous protection guards 50+ ways spyware gets on a PC Intelligent alerts handle spyware based on your preferences Global SpyNet™ community helps identify new spyware Automatic signature downloads keep you up-to-date

14 Microsoft’s security strategy in five steps
Step Four: Enabling Secure Business Scenarios Designing Secure Applications (.NET, Visual Studio 2005, Guidelines & Training) Secure Network Architectures Security Features of the Platform (e.g. Windows 2003 PKI, Windows Rights Management)

15 Microsoft’s security strategy in five steps
Step Five: Security Eco System Training and Education Support for Industry Standards (e.g. WS Security) Partnerships (AntiVirus Alliance) Research (Microsoft Research, Sponsorship)

16 The Longhorn Road IE7 Least-Privilege User Administration
New levels of security building on XP SP2 Stronger defenses against phishing, malware and spyware Least-Privilege User Administration Hardware based security: Secure start-up and Volume Encryption Network Access Protection Improved Management of Security Tokens Federated Identity: Infocards And much more ….

17 © 2004 Microsoft Corporation. All rights reserved.
This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Download ppt "Microsoft’s Security Strategy"

Similar presentations

Patch Management Patch Management in a Windows based environment

Patch Management Patch Management in a Windows based environment
Network Access Protection & Network Admission Control March 10, 2005 Teerapol Tuanpusa Network Consultant Cisco Systems Thailand Jirat Boomuang Technology.

Network Access Protection & Network Admission Control March 10, 2005 Teerapol Tuanpusa Network Consultant Cisco Systems Thailand Jirat Boomuang Technology.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Introducing Kaspersky OpenSpace TM Security Introducing Kaspersky ® OpenSpace TM Security Available February 15, 2007.

Introducing Kaspersky OpenSpace TM Security Introducing Kaspersky ® OpenSpace TM Security Available February 15, 2007.
A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.

A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.
SAGE-AU Adelaide Windows Update Services Michael Kleef IT Pro Evangelist Microsoft Corporation Level 200.

SAGE-AU Adelaide Windows Update Services Michael Kleef IT Pro Evangelist Microsoft Corporation Level 200.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Gabriel Fedorko Microsoft Slovakia. Evolving Security Threat Landscape Methods to Addressing Security Threats Microsoft Trustworthy Computing Addressing.

Gabriel Fedorko Microsoft Slovakia. Evolving Security Threat Landscape Methods to Addressing Security Threats Microsoft Trustworthy Computing Addressing.
Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.

Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.
Kaspersky Open Space Security: Release 2 World-class security solution for your business.

Kaspersky Open Space Security: Release 2 World-class security solution for your business.
Cliff Evans Security and Privacy Lead Trustworthy Computing Group Microsoft UK.

Cliff Evans Security and Privacy Lead Trustworthy Computing Group Microsoft UK.
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
Security of Communication & IT systems Bucharest, 21 st September 2004 Stephen McGibbon Chief Technology Officer, Eastern Europe, Russia & CIS Senior Director,

Security of Communication & IT systems Bucharest, 21 st September 2004 Stephen McGibbon Chief Technology Officer, Eastern Europe, Russia & CIS Senior Director,
2851A_C01. Microsoft Windows XP Service Pack 2 Security Technologies Bruce Cowper IT Pro Advisor Microsoft Canada.

2851A_C01. Microsoft Windows XP Service Pack 2 Security Technologies Bruce Cowper IT Pro Advisor Microsoft Canada.
Partnering For Profitability Growing your business with Microsoft Forefront Security Solutions Mark Hassall Director Security & Access BG Microsoft Corporation.

Partnering For Profitability Growing your business with Microsoft Forefront Security Solutions Mark Hassall Director Security & Access BG Microsoft Corporation.
Networks worms Denial of Service Phishing / Social Engineering BotnetsRootkits Technically-oriented social engineering attacks Cross-device attacks.

Networks worms Denial of Service Phishing / Social Engineering BotnetsRootkits Technically-oriented social engineering attacks Cross-device attacks.
1. Windows Vista Enterprise And Mid-Market User Scenarios 2. Customer Profiling And Segmentation Tools 3. Windows Vista Business Value And Infrastructure.

1. Windows Vista Enterprise And Mid-Market User Scenarios 2. Customer Profiling And Segmentation Tools 3. Windows Vista Business Value And Infrastructure.
 Protect customers with more secure software  Reduce the number of vulnerabilities  Reduce the severity of vulnerabilities  Address compliance requirements.

 Protect customers with more secure software  Reduce the number of vulnerabilities  Reduce the severity of vulnerabilities  Address compliance requirements.
Windows Vista Security Center Chapter 5(WV): Protecting Your Computer 9/17/20151Instructor: Shilpa Phanse.

Windows Vista Security Center Chapter 5(WV): Protecting Your Computer 9/17/20151Instructor: Shilpa Phanse.
Virtual techdays INDIA │ 9-11 February 2011 Security Discussion: Ask the Experts M.S.Anand │ MTC Technology Specialist │ Microsoft Corporation Anirudh.

Virtual techdays INDIA │ 9-11 February 2011 Security Discussion: Ask the Experts M.S.Anand │ MTC Technology Specialist │ Microsoft Corporation Anirudh.

Similar presentations

Ads by Google