Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright © Microsoft Corp 2006 Pragmatic Secure Design: Attack Surface Reduction Shawn Hernan Security Program Manager Security Engineering and Communication.

Published byLeon Lloyd Modified over 9 years ago

Similar presentations

Presentation on theme: "Copyright © Microsoft Corp 2006 Pragmatic Secure Design: Attack Surface Reduction Shawn Hernan Security Program Manager Security Engineering and Communication."— Presentation transcript:

1 Copyright © Microsoft Corp 2006 Pragmatic Secure Design: Attack Surface Reduction Shawn Hernan Security Program Manager Security Engineering and Communication

2 2 Copyright © Microsoft Corp 2006 VULNERABILITY IDENTIFIERS IMPACT OF VULNERABILITY WINDOWS 2000 WINDOWS XP WINDOWS SERVER 2003 LSASS Vulnerability - CAN-2003-0533 Remote Code Execution CriticalCriticalLow LDAP Vulnerability – CAN-2003-0663 Denial Of Service ImportantNoneNone PCT Vulnerability - CAN-2003-0719 Remote Code Execution CriticalImportantLow Winlogon Vulnerability - CAN-2003-0806 Remote Code Execution ModerateModerateNone Metafile Vulnerability - CAN-2003-0906 Remote Code Execution CriticalCriticalNone Help and Support Center Vulnerability - CAN-2003-0907 Remote Code Execution NoneCriticalCritical Utility Manager Vulnerability - CAN-2003-0908 Privilege Elevation ImportantNoneNone Windows Management Vulnerability - CAN-2003-0909 Privilege Elevation NoneImportantNone Local Descriptor Table Vulnerability - CAN-2003-0910 Privilege Elevation ImportantNoneNone H.323 Vulnerability* - CAN-2004-0117 Remote Code Execution ImportantImportantImportant Virtual DOS Machine Vulnerability - CAN-2004-0118 Privilege Elevation ImportantNoneNone Negotiate SSP Vulnerability - CAN-2004-0119 Remote Code Execution CriticalCriticalCritical SSL Vulnerability - CAN-2004-0120 Denial Of Service ImportantImportantImportant ASN.1 “Double Free” Vulnerability - CAN-2004-0123 Remote Code Execution CriticalCriticalCritical Aggregate Severity of All Vulnerabilities CriticalCriticalCritical A Case Study: MS04-011 Code fixed in Windows Server 2003 (50%) Code not fixed in Windows Server 2003 (50%) Extra Defense in Windows Server 2003 (29% of )

3 3 Copyright © Microsoft Corp 2006 The Horrible Truth (1 of 4) No matter how much effort we expend, we will never get code 100% correct Asymmetric problem We must be 100% correct, 100% of the time, on a schedule, with limited resources, only knowing what we know today Oh, and the product has to be reliable, supportable, compatible, manageable, affordable, accessible, usable, global, doable, deployable, … They can spend as long as they like to find one bug, with the benefit of future research We’re human and our tools are far from perfect

4 4 Copyright © Microsoft Corp 2006 The Horrible Truth (2 of 4) The “Patch Window” is a joke Once we issue a patch, the clock starts “Zotob Proves Patching "Window" Non-Existent” http://informationweek.com/story/showArticle.jhtml?articleID=168 602115 “Defense in depth is your only chance to survive the early release of malware.” “Hackers Beating Efforts to Patch Software Flaws” http://www.computerworld.com/securitytopics/security/holes/story /0,10801,104092,00.html “Instead of going out and looking for vulnerabilities on their [hackers] own, they are waiting for patches to be released to see what holes are being fixed." Then they go after those holes as quickly as they can. The trend could leave many companies dangerously exposed.”

5 5 Copyright © Microsoft Corp 2006 The Horrible Truth (3 of 4) Tools make it easy to build exploit code Reverse engineering tools Structural Comparison of Executable Objects, Halvar Flake http://www.sabre-security.com/files/dimva_paper2.pdf PCT Bug: “Detecting and understanding the vulnerability took less than 30 minutes.” H.323 ASN.1 Bug: “The total analysis took less than 3 hours time.” Exploit Payloads www.metasploit.com

6 6 Copyright © Microsoft Corp 2006 Choose your ‘sploit Enter some detailsHere’s the ‘sploit code!

7 7 Copyright © Microsoft Corp 2006 The Horrible Truth (4 of 4) Cost for attacker to build attack is very low Cost to our customers is very high

8 8 Copyright © Microsoft Corp 2006 The Attack Surface Reduction Process (1 of 2) Look at all your entry points (the threat model helps) Primarily network I/O and File I/O Can any of the entry points’ attack surface be driven lower?

9 9 Copyright © Microsoft Corp 2006 The Attack Surface Reduction Process (2 of 2) Higher Attack Surface Lower Attack Surface Executing by default Off by default Open socket Closed socket UDPTCP Anonymous Access User Access Admin Access Internet Access Local Subnet Access SYSTEM Not SYSTEM! Weak ACLs Strong ACLs

10 10 Copyright © Microsoft Corp 2006 Watch Out for Fanout! File formats JPG, MSH, GIF, etc Sub-protocols SSL2, SSL3, TLS, PCT VerbsHTTPClassic GET, POST, HEAD WebDAV PROPPATCH, PROPFIND, DELETE, MOVE, LOCK SMTP HELO, EHLO, MAIL, RCPT Queries Extended sprocs, sprocs

11 11 Copyright © Microsoft Corp 2006 ASR Examples Windows XP SP2 Authenticated RPC Firewall on by default IIS6 Off by default Network service by default Static files by default SQL Server 2005 xp_cmdshell off by default CLR and COM off by default Network service Visual Studio 2005 Web server localhost only SQL Server Express localhost only

12 12 Copyright © Microsoft Corp 2006 How ASR Helped Microsoft Customers Sasser Affected Win2000 and WinXP Did not affect Win2003 RCP endpoint was marked local admin only Zotob Affected Win2000 Did not affect WinXP Firewall & authenticated RPC

13 13 Copyright © Microsoft Corp 2006 Attack Surface Reduction is as important as trying to get the code right

14 14 Copyright © Microsoft Corp 2006  Understand the SDL – it applies to you!  Reduce attack surface  Reduce attack surface EARLY! Design Checklist

Download ppt "Copyright © Microsoft Corp 2006 Pragmatic Secure Design: Attack Surface Reduction Shawn Hernan Security Program Manager Security Engineering and Communication."

Similar presentations

Patch Management Patch Management in a Windows based environment

Patch Management Patch Management in a Windows based environment
Application Security Best Practices At Microsoft Ensuring the lowest possible exposure and vulnerability to attacks Published: January 2003.

Application Security Best Practices At Microsoft Ensuring the lowest possible exposure and vulnerability to attacks Published: January 2003.
Internet Information Server 6.0. IIS 6.0 Enhancements  Fundamental changes, aimed at: Reliability & Availability Reliability & Availability Performance.

Internet Information Server 6.0. IIS 6.0 Enhancements  Fundamental changes, aimed at: Reliability & Availability Reliability & Availability Performance.
USING EMET TO DEFEND AGAINST TARGETED ATTACKS PRESENTED BY ROBERT HENSING – SENIOR CONSULTANT – MICROSOFT CORPORATION MICHAEL MATTES – SENIOR CONSULTANT.

USING EMET TO DEFEND AGAINST TARGETED ATTACKS PRESENTED BY ROBERT HENSING – SENIOR CONSULTANT – MICROSOFT CORPORATION MICHAEL MATTES – SENIOR CONSULTANT.
Microsoft Windows XP SP2 Urs P. Küderli Strategic Security Advisor Microsoft Schweiz GmbH.

Microsoft Windows XP SP2 Urs P. Küderli Strategic Security Advisor Microsoft Schweiz GmbH.
Windows Server 2003 SP1. Windows Server™ 2003 Service Pack 1 Technical Overview Jill Steinberg: Added TM Jill Steinberg: Added TM.

Windows Server 2003 SP1. Windows Server™ 2003 Service Pack 1 Technical Overview Jill Steinberg: Added TM Jill Steinberg: Added TM.
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.

CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
Copyright © Microsoft Corp 2006 Introduction to Security Testing Shawn Hernan Security Program Manager Security Engineering and Communication.

Copyright © Microsoft Corp 2006 Introduction to Security Testing Shawn Hernan Security Program Manager Security Engineering and Communication.
Securing your data Security with Microsoft Infrastructure and Internet Explorer Matt Kestian Strategic Security Advisor | National Security Team | Microsoft.

Securing your data Security with Microsoft Infrastructure and Internet Explorer Matt Kestian Strategic Security Advisor | National Security Team | Microsoft.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
1 Pertemuan 6 Points of Exposure Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.

1 Pertemuan 6 Points of Exposure Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.
Alert Management System By:  Christopher Galinski  Uri Soloveychik Mentor:  Zeev Schneider For: Software Systems Lab in the faculty of Electrical Engineering,

Alert Management System By:  Christopher Galinski  Uri Soloveychik Mentor:  Zeev Schneider For: Software Systems Lab in the faculty of Electrical Engineering,
Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.

Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.
Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.

Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.
Information for Developers Windows XP Service Pack 2 Information for Developers.

Information for Developers Windows XP Service Pack 2 Information for Developers.
Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.

Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.
Windows XP Service Pack 2 and the Microsoft Virtual Machine: Developer Implications Rudi Larno Developer & Platform Group Microsoft BeLux.

Windows XP Service Pack 2 and the Microsoft Virtual Machine: Developer Implications Rudi Larno Developer & Platform Group Microsoft BeLux.
Cracking Windows Access Control Andrey Kolishchak www.gentlesecurity.com Hack.lu 2007.

Cracking Windows Access Control Andrey Kolishchak Hack.lu 2007.
Security of Communication & IT systems Bucharest, 21 st September 2004 Stephen McGibbon Chief Technology Officer, Eastern Europe, Russia & CIS Senior Director,

Security of Communication & IT systems Bucharest, 21 st September 2004 Stephen McGibbon Chief Technology Officer, Eastern Europe, Russia & CIS Senior Director,

Similar presentations

Ads by Google