《微软PPT演示稿经典剪辑模板全套上》.ppt

《《微软PPT演示稿经典剪辑模板全套上》.ppt》由会员分享，可在线阅读，更多相关《《微软PPT演示稿经典剪辑模板全套上》.ppt（99页珍藏版）》请在装配图网上搜索。

1、第一篇 区块篇 At Risk The Soft Underbelly Security Issues Today 1 Source: Forrester Research 2 Source: Information Week, 26 November 2001 3 Source: Netcraft summary 4 Source: CERT, 2003 5 Source: CSI/FBI Computer Crime and Security Survey 6 Source: Computer Security Institute (CSI) Computer Crime and Secu

2、rity Survey 2002 7 Source: CERT, 2002 8 Source: Gartner Group 14B devices on the Internet by 20101 35M remote users by 20052 65% increase in dynamic Web sites3 From 2000 to 2002 reported incidents rose from 21, 756 to 82,0944 Nearly 80 percent of 445 respondents surveyed said the Internet has become

3、 a frequent point of attack, up from 57 percent just four years ago5 90% detected security breaches6 85% detected computer viruses6 95% of all breaches avoidable with an alternative configuration7 Approximately 70 percent of all Web attacks occur at the application layer8 Application Layer Attacks I

4、dentity Theft Web Site Defacement Unauthorized Access Modification of Data, Logs and Records Theft of Proprietary Information Service Disruption Implications Compliance: Sarbanes Oxley Gramm Leach Blilely US Patriot Act HIPAA The Privacy Act (CA) Basel 2 (EU) Data Protection Act (EU) Litigation File

5、 Sharing Piracy HR Issues Shareholder Suits Customer Impact Types Of SRP Rules Path Rule Compares path of file being run to an allowed path list Use when you have a folder with many files for the same application Essential in when SRPs are strict Hash Rule Compares the MD5 or SHA1 hash of a file to

6、the one attempted to be run Use when you want to allow/prohibit a certain version of a file from being run Certificate Rule Checks for digital signature on application (i.e. Authenticode) Use when you want to restrict both win32 applications and ActiveX content Internet Zone Rule Controls how Intern

7、et Zones can be accessed Use when in high security environments to control access to web applications SQL Server 2005 Themes Supportability updating must be initiated manually Office Update Web site: http:/ How To Use Office Update Go to http:/ 1 Click Check for Updates 2 Install the Office Update I

8、nstallation Engine (if not already installed) 3 Select the updates you want to install 4 Click Start Installation 5 How To Use SUS On the SUS server Configure the SUS server at http:/SUSAdmin On each SUS client Configure Automatic Updates on the client to use the SUS server Use Group Policy, manuall

9、y configure each client, or use scripts Set the SUS server synchronization schedule Review, test, and approve updates 1 2 3 How To Use MBSA Download and install MBSA (once only) 1 Launch MBSA 2 Select the computer(s) to scan 3 Select relevant options 4 Click Start scan 5 View the Security Report 6 S

10、oftware Update Service Deployment Best Practices (1) Review each security patch Download and install the patch Test each security patch before deployment Configure a test lab Use a test SUS server Consider using Virtual PCs in the test lab Use a standard acceptance testing procedure Software Update

11、Service Deployment Best Practices (2) Complete the deployment Pilot the deployment Configure a child SUS server to approve updates Configure a GPO so that the patch is downloaded from the pilot SUS server only by specified workstations If the pilot fails, remove approval from the SUS server and manu

12、ally uninstall the patch How To Use SMS To Deploy Patches Open the SMS Administrator Console 1 Right-click All Windows XP Computers, and then select All Tasks Distribute Software Updates 3 Use the wizard to create a new package and program 4 Browse to the patch to be deployed 5 Configure options for

13、 how and when the patch will be deployed to clients 6 Expand the Site Database node 2 SMS MBSA Integration MBSA integration included with SMS 2003 and the SUS Feature Pack for SMS 2.0 Scans SMS clients for missing security updates using mbsacli.exe /hf SMS directs client to run local MBSA scan 1 SMS

14、 server parses data to determine which computers need which security updates 3 Administrator pushes missing updates only to clients that require them 4 Client performs scan, returns data to SMS server 2 MBSA Benefits Scans systems for Missing security patches Potential configuration issues Works wit

15、h a broad range of Microsoft software Allows an administrator to centrally scan multiple computers simultaneously MBSA is a free tool, and can be downloaded from http:/ MBSA Considerations MBSA reports important vulnerabilities Password weaknesses Guest account not disabled Auditing not configured U

16、nnecessary services installed IIS vulnerabilities IE zone settings Automatic Updates configuration Internet Connection Firewall configuration MBSA Scan Options MBSA has three scan options MBSA graphical user interface (GUI) MBSA standard command-line interface (mbsacli.exe) HFNetChk scan (mbsacli.ex

17、e /hf) Business Case For Patch Management When determining the potential financial impact of poor patch management, consider Downtime Remediation time Questionable data integrity Lost credibility Negative public relations Legal defenses Stolen intellectual property “ We commend Microsoft for providi

18、ng enhanced security guidance to its customers as well as for soliciting user input as part of the process of producing that guidance“ Clint Kreitner President/CEO “ NIST reviewed and provided technical comments device independent. Integration into a broad range of different applications and devices

19、. 第二篇 表格篇 Example Goals Project Goal In the vulnerability scanning project, all computers running Windows 2000 Server and Windows Server 2003 on the subnets 192.168.0.0/24 and 192.168.1.0/24 will be scanned for the following vulnerabilities be remediated as stated. Vulnerability Remediation RPC over

20、 DCOM vulnerability (MS 03-026) Install Microsoft security patches 03-026 and 03-39. Anonymous SAM enumeration Configure RestrictAnonymous to: 2 on Windows 2000 Server 1 on Windows Server 2003 Guest account enabled Disable Guest account. Greater than 10 accounts in the local Administrator group Mini

21、mize the number of accounts on the administrators group. Example Scope Statement Components Example Target All servers running: * Windows 2000 Server * Windows Server 2003 Target area All servers on the subnets: * 192.168.0.0/24 * 192.168.1.0/24 Timeline Scanning will take place from June 3rd to Jun

22、e 10th during non-critical business hours Vulnerabilities to scan for * RPC over DCOM vulnerability (MS 03-026) * Anonymous SAM enumeration * Guest account enabled * Greater than 10 accounts in the local Administrator group What to plan for Project Phase Planning Elements Pre- assessment Scope Goals

23、 Timelines Ground rules Assessment Choosing technologies Perform assessment Organize results Preparing results Estimate risk presented by discovered weaknesses Create a plan for remediation Identify vulnerabilities that have not been remediated Determine improvement in network security over time Rep

24、orting your findings Create final report Present your findings Arrange for next assessment Patch Management Solution For Small And Medium-sized Organizations Size of organization Scenario Patch management solution Small Has one to three Windows 2000 or later servers and one IT administrator MBSA and

25、 SUS Medium or large Wants a patch management solution with basic level of control that updates: Windows 2000, Windows XP, and Windows Server 2003 computers MBSA and SUS Area Key Questions Policy What changes in the organizations security policy will be required, either directly or indirectly? Proce

26、ss What processes and procedures will need to be created or modified to meet the recommendations? Technology What technology will be used in the solution? Implementation How should the recommendations, technical or non-technical, be implemented, and how can users or administrators comply with the re

27、commendations? Documentation What should be added, modified, or removed from network diagrams or documentation as a result of the changes? Operations How will the daily maintenance and management of the IT systems change? Is training required? The Importance Of Proactive Patch Management Attack Patc

28、h release date Attack date Number of days patch was available before the attack Trojan.Kaht Mar 17, 2003 May, 5 2003 49 SQL Slammer Jul 24, 2002 Jan 24, 2003 184 Klez-E Mar 29, 2001 Jan 17, 2002 294 Nimda Oct 17, 2000 Sept 18, 2001 336 Code Red Jun 18, 2001 Jul 16, 2001 28 Default Exempt Rules In IP

29、Sec Stored in the registry value: HKLMSYSTEMCurrentControlSetServicesIPSECNoDefaultExempt NoDefaultExempt values 0 1 2 3 RSVP IKE Kerberos Multicast Broadcast IKE Multicast Broadcast RSVP IKE Kerberos IKE RSVP IKE Kerberos Multicast Broadcast IKE Multicast Broadcast X X Performance Enhanced Architec

30、ture Optimized for real life usage scenarios Improvements since ISA Server 2000 Kernel-mode data pump User-mode optimizations Up to +150% (2.5X faster) for firewall (SecureNAT) traffic Up to +250% (3.5X faster) for Web (transparent) proxy traffic 1,000,000+ concurrent connections Scale up with addit

31、ional CPUs Network Computing Magazine app. layer firewall review (3/03): Full inspection performance Mbps Symantec FW 7.0 67 122 127 170 Sidewinder Checkpoint NG FP3 ISA 2000 FP1 Raw throughput performance How? Design improvements IP Stack improvements Hardware improvements (raw thru-put measured us

32、ing HTTP+NAT benchmark) Test Results Details KM tput, 1500 MTU 1.65 Gbps 2-proc, 4 NICs KM tput, 9000 MTU 4.6 Gbps 4-proc, 6 NICs HTTP Filtering 250 Mbps 600 cps 2-proc, 4 NICs Microsoft Patch Severity Ratings Security Bulletin List: http:/www.M Rating Definition Critical Exploitation could allow th

33、e propagation of an Internet worm Important Exploitation could result in compromise of user data or the availability of processing resources Moderate Exploitation is serious, but is mitigated to a significant degree by default configuration, auditing, need for user action, or difficulty of exploitat

34、ion Low Exploitation is extremely difficult or impact is minimal Patching Time Frames Severity rating Recommended patching time frame Recommended maximum patching time frame Critical Within 24 hours Within two weeks Important Within one month Within two months Moderate Depending on expected availabi

35、lity, wait for next service pack or patch rollup that includes the patch, or deploy the patch within four months Deploy the patch within six months Low Depending on expected availability, wait for next service pack or patch rollup that includes the patch, or deploy the patch within one year Deploy t

36、he patch within one year, or choose not to deploy at all Improving The Patching Experience Your need Microsofts response Reduce patch frequency Reduced frequency of non-emergency patch releases from once per week to once per month Reduce patching complexity Reduced number of patch installer technolo

37、gies Reduce risk of patch deployment Improved patch quality and introduced patch rollback capability Reduce patch size Developed “delta patching” technology to reduce patch size Reduce downtime Reduced patch-related reboots Improve tool consistency Developing consistent tools Improve tool capabiliti

38、es Developing more capable tools Choosing A Patch Management Solution Customer type Scenario Solution Consumer All scenarios Windows Update Small organization Has no Windows servers Windows Update Has one to three Windows 2000 or newer servers and one IT administrator MBSA and SUS Medium-sized or la

39、rge enterprise Wants a patch management solution with basic level of control that updates Windows 2000 and newer versions of Windows MBSA and SUS Wants a single flexible patch management solution with extended level of control to patch, update, and distribute all software SMS Patch Management Soluti

40、on For Medium- Sized And Large Organizations Capability SUS 1.0 SMS 2003 Supported Platforms for Content Windows 2000 Windows XP Windows Server 2003 Windows NT 4.0 Windows 98 Windows 2000 Windows XP Windows Server 2003 Supported Content Types Security and security rollup patches, critical updates, a

41、nd service packs for the above operating systems All patches, service packs, and updates for the above operating systems; supports patch, update, and application installations for Microsoft and other applications Patch Distribution Control Basic Advanced Policy Passwords Process Password creation, r

42、eset, change, use Technology System enforcement, protocols, limitations, threat countermeasures Implementation How it works on the network, settings enabled/disabled Documentation Record of what was implemented and how to do it again Operations End use, administration, problem management IT Policy C

43、ompleteness Policy Process Techn ology Impleme ntation Docume ntation Operat ions Passwo rd 3 2 3 3 1 1 13 Wireles s Network 3 3 3 3 2 3 17 Server Patch Manage ment 3 2 2 2 1 2 10 Guest access 2 0 0 1 0 1 4 11 7 8 9 4 7 IT Audit Score Card Example Password Policy Compliance Procedure Process 2 Proce

44、sses appear out of synch with policy Users are unware of what they should do. Operations 1 Score 2 Wireless network security Procedure Process 3 100% compliance Operations 3 Score 9 Elements of Your Final Report Element Description Cover sheet Title of your report, names of the principle authors, da

45、ta, and a brief abstract of the project Table of Contents Executive summary Overall summary of the results of the project in no more than one page Summary of work Scope of the project, its goals, and the methodology and technology you used to meet the goals. Detailed findings Detailed findings based

46、 on goals Reference citations Bibliographic references Upgrading And Migrating SharePoint products and technologies Tool Delivery Vehicle Source Target Availability Scenarios Spsimex.exe Resource Kit SPS 2001 SPS 2001 Now Migrating document content from Portal site to Portal site Smigrate.exe WSS RT

47、M STS does not require a timing window Timing-dependent; works only within a time window Rarely works Exploitability Bart Simpson could do it Attacker must be somewhat knowledgeable and skilled Attacker must be VERY knowledgeable and skilled Affected users Most or all users Some users Few if any use

48、rs Discoverabilty Attacker can easily discover the vulnerability Attacker might discover the vulnerability Attacker will have to dig to discover the vulnerability Micro Issues are 88% Simple to fix. Create “Noise” Five issues represent 88% of all upgrade issues Default properties 52% Property/method

49、 not upgraded 13% Property/method different behavior 12% Module methods of COM objects 7% Null/IsNull 4% 第三篇 图例篇 Corpnet Internet RADIUS Authentication Federation through RADIUS proxies Can be used for centralized authentication services Domain membership not required Great for DMZ placement 1 HTTP/

50、SSL basic auth. 2 RADIUS request RADIUS Server (IAS) Firewall Server 3 HTTP/SSL request, sent to server Back-end Server Web Client (Browser, HTTP client) ISA Server 2000 (Old) Networking Model Fixed zones “IN” = LAT “OUT” = DMZ, Internet Packet filter only on external interfaces Single outbound poli

51、cy NAT always Static filtering from DMZ to Internet Internal Network Internet DMZ 1 Static PF ISA 2000 ISA Server 2004 Networking Model Any number of networks VPN as network Localhost as network Assigned relationships (NAT/Route) Per-Network policy Packet filtering on all interfaces Support for DoD

52、Any topology, any policy CorpNet_1 CorpNet_n Net A Internet VPN ISA 2004 DMZ_n DMZ_1 Local Host Network Rule Structure infects unprotected or unpatched systems No Exploit Exploit MBSA How It Works MSSecure.xml contains Security bulletin names Product-specific updates Version and checksum info Regist

53、ry keys changed KB article numbers Etc. Run MBSA on Admin system, specify targets 1 Downloads CAB file with MSSecure.xml and verifies digital signature 2 Scans target systems for OS, OS components, and applications 3 Parses MSSecure to see if updates are available 4 Checks if required updates are mi

54、ssing 5 Generates time-stamped report of missing updates 6 Windows Download Center MSSecure.xml MBSA Computer Policies, Procedures, run inventory tool installer 1 Scan components replicate to SMS clients 2 Clients scanned; scan results merged into SMS hardware inventory data 3 Administrator uses Dis

55、tribute Software Updates Wizard to authorize updates 4 Update files downloaded; packages, programs, and advertisements created/updated; packages replicated and programs advertised to SMS clients 5 Software Update Installation Agent on clients deploy updates 6 Periodically: Sync component checks for new updates, scans clients, and deploys necessary updates 7