Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Overview for Microsoft Infrastructures Fred Baumhardt and James Noyce Infrastructure Solutions and Security Solutions Teams Microsoft Security.

Similar presentations


Presentation on theme: "Security Overview for Microsoft Infrastructures Fred Baumhardt and James Noyce Infrastructure Solutions and Security Solutions Teams Microsoft Security."— Presentation transcript:

1 Security Overview for Microsoft Infrastructures Fred Baumhardt and James Noyce Infrastructure Solutions and Security Solutions Teams Microsoft Security Solutions, Feb 4 th, 2003

2 Agenda Threats – How you are attacked and from where Threats – How you are attacked and from where Application Level Attacks – the new Security Battleground Application Level Attacks – the new Security Battleground Overview of Microsoft Server Security Technologies and Tools Overview of Microsoft Server Security Technologies and Tools Management and Operations as a Defensive Mechanism Management and Operations as a Defensive Mechanism

3 The Three Phases of Hacking Information Gathering and Intelligence Information Gathering and Intelligence Analysis of Collected Information Analysis of Collected Information Probing and Compromise Probing and Compromise

4 Management as a Security Tool Detect unauthorised activity on your infrastructure Detect unauthorised activity on your infrastructure Prevent misconfiguration of systems Prevent misconfiguration of systems Ensure system vulnerabilities are captured and addressed Ensure system vulnerabilities are captured and addressed

5 Security Management Tools Analysis Analysis  Microsoft Baseline Security Analyser (MBSA)  Systems Management Server (SMS)  Software Update Services Feature Pack  Microsoft Software Update Services (MSUS)  Security Configuration and Analysis snap-in  RSoP Management Management  Group Policy Management Console (GPMC)  Microsoft Operations Manager (MOM)  Microsoft Audit Collection System (MACS)  Systems Management Server (SMS)  Software Update Services Feature Pack  Microsoft Software Update Services (MSUS)

6 Infrastructure Tools Snort – Free to Download – even on Windows – www.snort.org Snort – Free to Download – even on Windows – www.snort.org MBSA – Scans most MS Server products and windows clients MBSA – Scans most MS Server products and windows clients SUS – Patch management solution SUS – Patch management solution MOM-MACS-SMS MOM-MACS-SMS IPSEC – within Windows IPSEC – within Windows IISLockdown – URLScan IISLockdown – URLScan ISA Server with Feature Pack1 ISA Server with Feature Pack1

7 MBSA Version 1.1 The following new features are included with MBSA V1.1:  Exchange and Windows Media Player security update detection  Full HFNetChk integration into MBSACLI.exe  Incorporation of the latest HFNetChk engine code  Support for Software Update Services (SUS) during security update scanning  Detection for multiple SQL Server instances

8 Software Update Services Address Patch Management concerns Address Patch Management concerns  Windows keeps itself up-to-date with the latest critical & security updates  IT administrators can automatically deploy Windows Update content  IT administrator gains control over what patches are applied to a system  Leverage Windows Update web- based infrastructure

9 System Management Server Software Update Services Feature Pack Security patch inventory Security patch inventory Office patch inventory Office patch inventory Patch distribution Patch distribution Web reporting Web reporting

10 Recommendations for Customers Microsoft’s “A” recommendation for which tool to use: Microsoft’s “A” recommendation for which tool to use: **Small Business that work with a VAP should also consider SUS **Small Business that work with a VAP should also consider SUS Official external positioning is available at: Official external positioning is available at: http://www.microsoft.com/windows2000/windowsupdate/sus/suschoosing.as p Recommended Technology to deploy critical updates Home User Windows Update Small Business Windows Update** Medium Enterprise Software Update Services Large Enterprise SMS (with the Feature Pack)

11 GPMC Overview What is the GPMC? What is the GPMC?  New admin tool for managing Group Policy:  Set of scriptable objects for managing GP  MMC Snap-in, built on these objects  Standalone web release shortly after Windows.NET Server RTM GPMC Design goals GPMC Design goals  Unify management of Group Policy  Address key deployment issues  Provide better UI for visualization  Enable programmatic access to GP

12 Microsoft Operations Manager Operations Management – event and performance management Operations Management – event and performance management  Built on Microsoft management services Microsoft solution manages Windows 2000, Exchange, SQL Server, and other Microsoft apps Microsoft solution manages Windows 2000, Exchange, SQL Server, and other Microsoft apps  Base Management Pack  Application Management Pack Heterogeneous and value-add solutions from third parties extend this offering Heterogeneous and value-add solutions from third parties extend this offering

13 Centralizes Windows security management in MOM Centralizes Windows security management in MOM Out-of-the-box security rules, knowledge, response actions, reports Out-of-the-box security rules, knowledge, response actions, reports Includes: Includes:  XMP for Anti-Virus Applications  XMP for Microsoft Windows Security  XMP for NetIQ Security Analyzer Security Management Pack: A set of Security XMP’s for MOM

14 Microsoft Audit Collection Services Client-Server application to collect security events in real time and store them in a SQL database Client-Server application to collect security events in real time and store them in a SQL database MACS is NOT a security management application (No user interface) MACS is NOT a security management application (No user interface)

15 MACS & MOM MACS is a security event collection tool- no management capability MACS is a security event collection tool- no management capability MOM complements MACS- MOM adds management, alerting, support for other logs MOM complements MACS- MOM adds management, alerting, support for other logs MACS v2 will likely be integrated with MOM v2 MACS v2 will likely be integrated with MOM v2 MACS v1 will ship with MOM management pack MACS v1 will ship with MOM management pack

16 Services Security is not just about technology Security is not just about technology Crucial to bring in expertise and knowledge transfer into your organisation Crucial to bring in expertise and knowledge transfer into your organisation SMB can use service templates and learn from them – such as MSA - SMB can use service templates and learn from them – such as MSA -

17 Service Offerings Microsoft Solution for Management Microsoft Solution for Management  Allows customers to prioritize, test and deploy Patches to their environment.  Delivers proven best practices and infrastructure for managing high volumes of patch deployments into a Microsoft tools and technology environment.  Enables customers to improve their quality of service while reducing total cost of ownership

18 Next Steps Review your systems Review your systems Web resources Web resources http://www.microsoft.com/technet/security/prodtech/windows/ secwin2k/default.asp http://www.microsoft.com/technet/security/prodtech/windows/ secwin2k/default.asp http://www.microsoft.com/downloads/details.aspx?displaylang=en&F amilyID=F937A913-F26E-49B5-A21E-20BA5930238D http://www.microsoft.com/downloads/details.aspx?displaylang=en&F amilyID=F937A913-F26E-49B5-A21E-20BA5930238D http://www.microsoft.com/technet/itsolutions/msm/default.asp http://www.microsoft.com/technet/security/issues/w2kccscg/default.a sp http://www.microsoft.com/technet/security/issues/w2kccscg/default.a sp http://www.microsoft.com/windows2000/technologies/security/ default.asp http://www.microsoft.com/windows2000/technologies/security/ default.asp

19


Download ppt "Security Overview for Microsoft Infrastructures Fred Baumhardt and James Noyce Infrastructure Solutions and Security Solutions Teams Microsoft Security."

Similar presentations


Ads by Google