Presentation is loading. Please wait.

Presentation is loading. Please wait.

Essentials of Security Steve Lamb Technical Security Advisor

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Essentials of Security Steve Lamb Technical Security Advisor"— Presentation transcript:

1 Essentials of Security Steve Lamb Technical Security Advisor http://blogs.msdn.com/steve_lamb stephlam@microsoft.com

2 Session Prerequisites Hands-on experience installing, configuring, administering, and planning the deployment of Windows 2000 Server or Windows Server 2003 Knowledge of Active Directory and Group Policy concepts Level 200

3 Business Case Security Risk Management Discipline Defense in Depth Security Incident Response Best Practices 10 Immutable Laws of Security

4 Impact of Security Breaches Loss of Revenue Damage to Reputation Loss or Compromise of Data Damage to Investor Confidence Legal Consequences Interruption of Business Processes Damage to Customer Confidence

5 The cost of implementing security measures is not trivial; however, it is a fraction of the cost of mitigating security compromises The cost of implementing security measures is not trivial; however, it is a fraction of the cost of mitigating security compromises

6 Benefits of Investing in Security Reduced downtime and costs associated with non-availability of systems and applications Reduced labor costs associated with inefficient security update deployment Reduced data loss due to viruses or information security breaches Increased protection of intellectual property

7 Security Risk Management Discipline Business Case Security Risk Management Discipline Defense in Depth Security Incident Response Best Practices 10 Immutable Laws of Security

8 Security Risk Management Discipline (SRMD) Processes Assessment Assess and valuate assets Identify security risks and threats Analyze and prioritize security risks Security risk tracking, planning, and scheduling Development and Implementation Develop security remediation Test security remediation Capture security knowledge Operation Reassess assets and security risks Stabilize and deploy new or changed countermeasures

9 Assessment: Assess and Valuate Assets Asset Priorities (Scale of 1 to 10) – Example * * For example purposes only – not prescriptive guidance

10 Types of threats Examples S Spoofing Forge e-mail messages Replay authentication packets T Tampering Alter data during transmission Change data in files R Repudiation Delete a critical file and deny it Purchase a product and later deny it I Information disclosure Expose information in error messages Expose code on Web sites D Denial of service Flood a network with SYN packets Flood a network with forged ICMP packets E Elevation of privilege Exploit buffer overruns to gain system privileges Obtain administrator privileges illegitimately Assessment: Identify Security Risks and Threats – STRIDE

11 Assessment: Analyze and Prioritize Security Risks – DREAD DREAD Damage Reproducibility Exploitability Affected Users Discoverability Risk Exposure = Asset Priority x Threat Rank Example Worksheet

12 Assessment: Security Risk Tracking, Planning, and Scheduling Types of threats Examples Spoofing Forge e-mail messages Replay authentication packets Tampering Alter data during transmission Change data in files Repudiation Delete a critical file and deny it Purchase a product and later deny it Information disclosure Expose information in error messages Expose code on Web sites Denial of service Flood a network with SYN packets Flood a network with forged ICMP packets Elevation of privilege Exploit buffer overruns to gain system privileges Obtain administrator privileges illegitimately Detailed Security Action Plans Example Worksheets

13 Development and Implementation Configuration management Patch management System monitoring System auditing Operational policies Operational procedures Detailed Security Action Plans Testing Lab Knowledge Documented for Future Use Security Remediation Strategy Production Environment Production Environment

14 Operation: Reassess Assets and Security Risks New Web Site Internet Services Reassess risks when there is a significant change in assets, operation, or structure Assess risks continually Testing Lab Documented Knowledge Production Environment

15 Operation: Stabilize and Deploy New or Changed Countermeasures System Administration Team System Administration Team New or Changed Countermeasures New or Changed Countermeasures Network Administration Team Network Administration Team Security Administration Team Security Administration Team Production Environment Production Environment

16 Defense in Depth Business Case Security Risk Management Discipline Defense in Depth Security Incident Response Best Practices 10 Immutable Laws of Security

17 The Defense-in-Depth Model Using a layered approach: Using a layered approach: Increases an attacker’s risk of detection Reduces an attacker’s chance of success OS hardening, authentication, patch management, HIDS Firewalls, Network Access Quarantine Control Guards, locks, tracking devices Network segments, IPSec, NIDS Application hardening, antivirus ACLs, encryption, EFS Security documents, user education Policies, Procedures, & Awareness Physical Security Perimeter Internal Network Host Application Data

18 Description of the Policies, Procedures, and Awareness Layer I think I will use my first name as a password. Hey, I need to configure a firewall. Which ports should I block? I think I will wedge the computer room door open. Much easier. They have blocked my favorite Web site. Lucky I have a modem.

19 Policies, Procedures, and Awareness Layer Compromise Say, I run a network too. How do you configure your firewalls? I can never think of a good password. What do you use? Hi, do you know where the computer room is? Hey, nice modem. What's the number of that line?

20 Policies, Procedures, and Awareness Layer Protection Firewall Configuration Procedure Physical Access Security Policy User Information Secrecy Policy Device Request Procedure Employee security training helps users support the security policy Employee security training helps users support the security policy

21 Description of the Physical Security Layer All of the assets within an organization’s IT infrastructure must be physically secured All of the assets within an organization’s IT infrastructure must be physically secured

22 Physical Security Layer Compromise Install Malicious Code Damage Hardware View, Change, or Remove Files Remove Hardware

23 Physical Security Layer Protection Lock doors and install alarms Employ security personnel Enforce access procedures Monitor access Limit data input devices Use remote access tools to enhance security

24 Description of the Perimeter Layer Business Partner Internet Services LAN Main Office LAN Internet Services Branch Office Wireless Network LAN Network perimeters can include connections to: The Internet Branch offices Business partners Remote users Wireless networks Internet applications The Internet Branch offices Business partners Remote users Wireless networks Internet applications Remote User Internet

25 Perimeter Layer Compromise Business Partner Internet Services LAN Main Office LAN Internet Services Remote User Internet Branch Office Wireless Network LAN Network perimeter compromise may result in a successful: Attack on corporate network Attack on remote users Attack from business partners Attack from a branch office Attack on Internet services Attack from the Internet Attack on corporate network Attack on remote users Attack from business partners Attack from a branch office Attack on Internet services Attack from the Internet

26 Perimeter Layer Protection Business Partner Internet Services LAN Main Office LAN Internet Services Branch Office Wireless Network LAN Remote User Internet Network perimeter protection includes: Firewalls Blocking communication ports Port and IP address translation Virtual private networks (VPNs) Tunneling protocols VPN quarantine Firewalls Blocking communication ports Port and IP address translation Virtual private networks (VPNs) Tunneling protocols VPN quarantine

27 Description of the Internal Network Layer Sales Wireless Network Marketing Finance Human Resources

28 Internal Network Layer Compromise Unauthorized Access to Systems Access All Network Traffic Unauthorized Access to Wireless Networks Unexpected Communication Ports Sniff Packets from the Network

29 Internal Network Layer Protection Require mutual authentication Segment the network Encrypt network communications Restrict traffic even when it is segmented Sign network packets Implement IPSec port filters to restrict traffic to servers

30 Description of the Host Layer Contains individual computer systems on the network Often have specific roles or functions The term “host” is used to refer to both clients and servers

31 Host Layer Compromise Exploit Unsecured Operating System Configuration Exploit Operating System Weakness Unmonitored Access Distribute Viruses

32 Host Layer Protection Harden client and server operating systems Disable unnecessary services Keep security patches and service packs up to date Monitor and audit access and attempted access Install and maintain antivirus software Use firewalls

33 Windows XP SP2 Advanced Security Technologies Network protection Memory protection Safer e-mail handling More secure browsing Improved computer maintenance Get more information on Windows XP Service Pack 2 at http://www.microsoft.com/sp2preview Network protection Memory protection Safer e-mail handling More secure browsing Improved computer maintenance Get more information on Windows XP Service Pack 2 at http://www.microsoft.com/sp2preview

34 Description of the Application Layer Layer includes both client and server network applications Functionality must be maintained Client Applications Examples: Microsoft Outlook, Microsoft Office Suite Server Applications Examples: Web Servers, Exchange Server, SQL Server

35 Application Layer Compromise Loss of application functionality Execution of malicious code Extreme use of application – DoS attack Undesirable use of application

36 Application Layer Protection Enable only required services and functionality Secure internally developed applications Install security updates for all applications Install and update antivirus software Run applications with least privilege necessary Use latest security practices when developing new applications

37 Description of the Data Layer Documents Directory Files Application Files

38 Data Layer Compromise Documents Directory Files Application Files View, Change, or Remove Information Interrogate Directory Files Replace or Modify Application Files

39 Data Layer Protection Encrypt files with EFS Use a combination of access control lists and encryption Move files from the default location Perform regular backups of data Protect documents and e-mail with Windows Rights Management Services Use NTFS for file and folder-level security

40 Security Incident Response Business Case Security Risk Management Discipline Defense in Depth Security Incident Response Best Practices 10 Immutable Laws of Security

41 Incident-Response Checklist Identify the attack Communicate the attack Contain the attack Implement preventive measures Document the attack Recognize that an attack is under way

42 Containing the Effects of the Attack Shut down affected servers Remove affected computers from the network Block inbound and outbound network traffic Take precautionary measures to protect computers not yet compromised Preserve the evidence

43 Best Practices Business Case Security Risk Management Discipline Defense in Depth Security Incident Response Best Practices 10 Immutable Laws of Security

44 Security Best Practices Follow the defense-in-depth model Strive for systems that are secure by design Apply the principle of least privilege Learn from experience Use monitoring and auditing Train users to be aware of security issues Develop and test incident-response plans and procedures

45 Security Checklist Create security policy and procedure documents Subscribe to security alert e-mails Keep up to date with patch management Maintain regular backup and restore procedures Think like an attacker

46 10 Immutable Laws of Security Business Case Security Risk Management Discipline Defense in Depth Security Incident Response Best Practices 10 Immutable Laws of Security

47 The 10 Immutable Laws of Security, Part 1 1 If an attacker can persuade you to run his program on your computer, it is not your computer anymore 2 If an attacker can alter the operating system on your computer, it is not your computer anymore 3 If an attacker has unrestricted physical access to your computer, it is not your computer anymore 4 If you allow an attacker to upload programs to your Web site, it is not your Web site any more 5Weak passwords prevail over strong security

48 The 10 Immutable Laws of Security, Part 2 http://www.microsoft.com/technet/columns/security/essays/10imlaws.asp 6 A computer is only as secure as the administrator is trustworthy 7 Encrypted data is only as secure as the decryption key 8 Out-of-date antivirus software is only marginally better than no antivirus software at all 9 Absolute anonymity is not practical in real life nor on the Web 10Technology is not a panacea

49 Session Summary Business Case Security Risk Management Discipline Defense in Depth Security Incident Response Best Practices 10 Immutable Laws of Security

50 Next Steps Find additional security training events: http://www.microsoft.com/seminar/events/security.mspx http://www.microsoft.com/seminar/events/security.mspx Sign up for security communications: http://www.microsoft.com/technet/security/signup/ default.mspx http://www.microsoft.com/technet/security/signup/ default.mspx Get additional security tools and content: http://www.microsoft.com/security/guidance http://www.microsoft.com/security/guidance

51 Event Information What’s Next? Technical Roadshow Post Event Website www.microsoft.com/uk/techroadshow/postevents Available from Monday 18 th April Please complete your Evaluation Form!

52 © 2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary. http://www.microsoft.com/TwC

Download ppt "Essentials of Security Steve Lamb Technical Security Advisor"

Similar presentations

Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Security Risk Management Eduardo Rivadeneira IT pro Microsoft Mexico.

Security Risk Management Eduardo Rivadeneira IT pro Microsoft Mexico.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
Paula Kiernan Senior Consultant Ward Solutions

Paula Kiernan Senior Consultant Ward Solutions
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Securing your data Security with Microsoft Infrastructure and Internet Explorer Matt Kestian Strategic Security Advisor | National Security Team | Microsoft.

Securing your data Security with Microsoft Infrastructure and Internet Explorer Matt Kestian Strategic Security Advisor | National Security Team | Microsoft.
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.

Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.
Implementing Server Security on Windows 2000 and Windows Server 2003 Steve Lamb Technical Security Advisor

Implementing Server Security on Windows 2000 and Windows Server 2003 Steve Lamb Technical Security Advisor
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Security Policies and Implementation Issues.

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Policies and Implementation Issues.
Secure SQL Server configuration Pat Larkin Ward Solutions

Secure SQL Server configuration Pat Larkin Ward Solutions
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Security of Communication & IT systems Bucharest, 21 st September 2004 Stephen McGibbon Chief Technology Officer, Eastern Europe, Russia & CIS Senior Director,

Security of Communication & IT systems Bucharest, 21 st September 2004 Stephen McGibbon Chief Technology Officer, Eastern Europe, Russia & CIS Senior Director,
Chapter 6 Configuring, Monitoring & Troubleshooting IPsec

Chapter 6 Configuring, Monitoring & Troubleshooting IPsec

Similar presentations

Ads by Google