Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security in the Real World – Plenary Day One

Similar presentations


Presentation on theme: "Security in the Real World – Plenary Day One"— Presentation transcript:

1 Security in the Real World – Plenary Day One
Steve Lamb Technical Security Advisor

2 Event Information Agenda
Four tracks simultaneously over two days Developer IT Professional Security Developer Chalk & Talks - optional

3 Agenda Announcements Introduction to the in depth sessions
Practical Advice for Real-world problems IT Showcase Prescriptive Guidance An update on Trustworthy Computing

4 Announcements http://www.gatekeepertest.com Industry Insiders
Q & 5:30 – 6:30 in the Chalk ‘n’ Talk area Gatekeeper Test Two questions per day Over two weeks UK Champ, EMEA Champ Tablet PC, VIP Ticket to TechEd

5 Situation - Security Population is increasingly computer literate
Literacy is actually less important for some attacks Internet is a great medium for committing crime Global Connectivity Anonymity Lack of Traceability Time to exploit decreasing

6 Security Enabled Business
ROI Connected Productive Increase Business Value Connect with customers Integrate with partners Empower employees Risk Level Impact to Business Probability of Attack Reduce Security Risk Assess the environment Improve isolation and resiliency Develop and implement controls

7 Essentials of Security
The art of enabling your business to share information with your customers and partners AND NO ONE ELSE – do more with less risk  increase profits A holistic view of security is required Process and Procedures are as important as technical measures Apply Best Practises

8 Implementing Security Patch Management
Take control of Anarchy Reduce the impact of patching Automation of patching SUS / WUS SMS MBSA Compliance & Bulletins

9 Implementing Server Security
Active Directory can be your best friend! Apply security policy via OU Get benefit from Security Templates Role based security

10 Implementing Client Security
Apply Group Policy & Administrative templates Software Restriction Policies Anti-Virus Distributed firewalls Configuring Office & IE for high security

11 Implementing Network and Perimeter Security
Take control of your Wireless Infrastructure! Introductory Session Network segmentation via IPSEC Hardware & Software firewalls Application Layer Firewalling

12 TwC Commitments Security Privacy Reliability Business Integrity
Security Development Lifecycle Patch Management Tools Better guidance Privacy Short form notices Enable and respect user choice Work w/Gov./Industry on Privacy best practices (e.g., spam) Provide thought leadership Reliability Publish Engineering Excellence guides Continuous improvement tools Better ways to measure and manage servers Business Integrity Manage expectations w/honest commitments Be Transparent Listen – and close the loop When changes occur, proactively communicate these changes Trustworthy Computing

13 Security D3 + C Secure by Design Secure by Default
Mandatory training Build threat models Conduct code reviews and penetration testing Use automated code review tools Architect for security (doctrine of least privilege) Secure by Design Features off by default (20+ in Windows Server 2003) Windows Server 2003: 60% less attack surface area by default than Windows NT 4.0 SP3 Secure by Default Better prescriptive guidance (configuration guides) Better management tools Better patches and patch management tools Secure in Deployment Writing Secure Code 2.0; Threat Modeling, SDL Patch Management White Papers Better education: MCSE/MCSA Monthly Bulletin Communication/Webcasts Communications

14 Security Progress Bulletins since TwC release Shipped July 2002 Bulletins in prior period 7 Service Pack 3 1 Bulletins since TwC release Shipped Jan. 2003 3 Service Pack 3 Bulletins in prior period 14 Critical or important vulnerabilities in the first… …365 days …455 days TwC release? 13 16 42 55 Yes No

15 Guidance and Tools Delivering Support, Creating Community
Security tools Microsoft Baseline Security Analyzer Security Bulletin Search Tool Guidance and training Security Guidance Center E-Learning Clinics Community engagement Newsletters Webcasts and chats

16 Event Information What’s Next?
Technical Roadshow Post Event Website Available from Monday 18th April Please complete your Evaluation Form!

17 © 2004 Microsoft Corporation. All rights reserved.
© 2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.


Download ppt "Security in the Real World – Plenary Day One"

Similar presentations


Ads by Google