Presentation is loading. Please wait.

Presentation is loading. Please wait.

Server Security Technologies

Published byNelson Casey Modified over 5 years ago

Similar presentations

Presentation on theme: "Server Security Technologies"— Presentation transcript:

1 Server Security Technologies
Microsoft TechNet Seminar 2006 Server Security Technologies (not Dr.) Fred Baumhardt Security Technology Architect Microsoft Incubation Seminar Name

2 Microsoft TechNet Seminar 2006
Server Security Microsoft TechNet Seminar 2006 How not to do it This is not the way to protect your front perimeter or edge Seminar Name

3 Infrastructure Security
Architecture Security

4 Root Causes Enterprise organically grown under “Project” context
Infrastructure Architecture Enterprise organically grown under “Project” context Security was Secondary – vendors no best practice Internal Network wide open – everything to everything 0 day undefended – patch is the solution Classic Security Perimeter Unmanaged Unpatched Internet Some Core Systems Extranets Internet Systems Project 1…n System Branch Offices Departments This will Save Me !

5 Microsoft TechNet Seminar 2006
Security Rules The Biology of Security Worms are Anonymous – they don’t carry your password database…. Pathogens Break protocol rules – you wrote a buffer for 72 characters – attacker sent you 182 Worms send clients something they didn’t ask for Authenticate Traffic – Stops foreign Infection Enforce Protocol Rules at the Network Device – things that break are dropped Don’t process traffic that you didn’t ask for, understand protocols and know what to expect Seminar Name

6 Server Auth Auth at all levels

7 Plan + Execute Wipe Out Attack Classes example Outbound Proxy Zone
Internet Redundant Routers Redundant Firewalls NIC teams/switches Control Zone Control Zone Control Zone Control Zone Outbound Proxy Zone ExtranetData Network – SQL Presentation Inbound Proxy Control Zone Control Zone Control Zone Control Zone Application Servers Control Zone Control Zone Control Zone Control Zone Data Network – SQL Server Clusters Infrastructure Network – Internal Active Directory Messaging Network – Exchange FE Messaging Network – Exchange BE Control Zone Control Zone Control Zone Control Zone Client Networks 1…n RADIUS Network Intranet Network - Web Servers Management Network – MOM, deployment

8 Microsoft TechNet Seminar 2006
Plan + Execute Wipe Out Attack Classes NAP and Domain I NAP (will) and Domain Isolation (has) become the standard which new systems roll out to X NAP – can I get onto the network – are you healthy ? Network pre-auth, must be managed to get on. Domain Isolation – Assuming you are healthy where can you go, and what can you do ? X Seminar Name

9 Infrastructure Security
ForeFront Security

10 Capabilities Outsource the Risk Resolve the Risk Ignore the Risk
Understand The Risks Define the Strategy How Much Risk can we tolerate ? Does it aggregate ? Outsource the Risk Resolve the Risk Ignore the Risk Outsource the risk to others Buy managed services Hire Consultants (outsource blame) Transformation required To prevent re-occurence Should Wipe out Class of risk Quantify Risk and impact Decommission/Transition Allow long term “project” to fix it Low enough risk/cost ratio to allow .

11 Forefront Naming Transition
Previous Current H2 2006 2007+ Client Server Edge TBD TBD

12 Its about securing the workload
Microsoft TechNet Seminar 2006 Its about securing the workload Simple malware at client or server base insufficient Multiple malware vendors scanning traffic inside data repository, need engines per repository For mail, do it at edge and cloud, but other protocols are attacked internally, so protection should be internal Seminar Name

13 Workload Malware Approach
Microsoft TechNet Seminar 2006 Workload Malware Approach Antigen IM and Documents Live Communications Server Antigen EHS SharePoint Server ISA Server Antigen Exchange Hosted Services Antigen Exchange Front End Servers Exchange & BES Servers Seminar Name

14 Malware Engines across Products
Microsoft TechNet Seminar 2006 Malware Engines across Products Seminar Name

15 Plan + Execute Admin Training is Key – Users can be useful to IT
The Training and Feelings of IT Admin Training is Key – Users can be useful to IT Admins– (like pets ) can Help You – If you train them Work with your new IT to let them understand your architecture and why Security Policy should be open to be evolved, and should be enforced and challenged to application paradigms Application and Infrastructure admins should treat security and FW admins as peers Be Sensitive to Jobs and Roles, re-skilling is pain

Download ppt "Server Security Technologies"

Similar presentations

Securing Network – Wireless – and Connected Infrastructures

Securing Network – Wireless – and Connected Infrastructures
Unified. Simplified. Unified Communications Launch 2007.

Unified. Simplified. Unified Communications Launch 2007.
Enabling IPv6 in Corporate Intranet Networks

Enabling IPv6 in Corporate Intranet Networks
Microsoft Security Solutions A Great New Way of Making $$$ !!! Jimmy Tan Platform Strategy Manager Microsoft Singapore.

Microsoft Security Solutions A Great New Way of Making $$$ !!! Jimmy Tan Platform Strategy Manager Microsoft Singapore.
Network Security In Education A Balancing Act Doug Klein CTO Vernier Networks, Inc.

Network Security In Education A Balancing Act Doug Klein CTO Vernier Networks, Inc.
Unleashing the Power of Ubiquitous Connectivity with IPv6 Sandeep K. Singhal, Ph.D Director of Program Management Windows Networking.

Unleashing the Power of Ubiquitous Connectivity with IPv6 Sandeep K. Singhal, Ph.D Director of Program Management Windows Networking.
Securing Exchange, IIS, and SQL Infrastructures

Securing Exchange, IIS, and SQL Infrastructures
Module 3 Windows Server 2008 Branch Office Scenario.

Module 3 Windows Server 2008 Branch Office Scenario.
Ronald Beekelaar Beekelaar Consultancy Forefront Overview.

Ronald Beekelaar Beekelaar Consultancy Forefront Overview.
Secure Messaging Nick Hall & James Clifford Microsoft.

Secure Messaging Nick Hall & James Clifford Microsoft.
Ronald Beekelaar Beekelaar Consultancy Forefront Overview.

Ronald Beekelaar Beekelaar Consultancy Forefront Overview.
Security and Policy Enforcement Mark Gibson Dave Northey

Security and Policy Enforcement Mark Gibson Dave Northey
Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.

Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.
Morris Bennett Altman Director of Network Services Internet Security Officer Queens College, CUNY Are You Exposed? Network Security.

Morris Bennett Altman Director of Network Services Internet Security Officer Queens College, CUNY Are You Exposed? Network Security.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Chapter 6 Configuring, Monitoring & Troubleshooting IPsec

Chapter 6 Configuring, Monitoring & Troubleshooting IPsec
Windows Azure Networking & Active Directory Nasir (Muhammad Nasiruddin) Developer Evangelist - Azure Microsoft Corporation

Windows Azure Networking & Active Directory Nasir (Muhammad Nasiruddin) Developer Evangelist - Azure Microsoft Corporation
Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326.

Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326.
Chapter 2 Information Security Overview The Executive Guide to Information Security manual.

Chapter 2 Information Security Overview The Executive Guide to Information Security manual.
Network LANscape Servers & Equipment Found In a Typical Local Area Network (LAN) By George Squillace New Horizons of MichiganGeorge Squillace MCT, MCSE,

Network LANscape Servers & Equipment Found In a Typical Local Area Network (LAN) By George Squillace New Horizons of MichiganGeorge Squillace MCT, MCSE,

Similar presentations

Ads by Google