微软经典剪辑图例-素材.ppt

1、,第三篇 图例篇,Corpnet,Internet,RADIUS Authentication,Federation through RADIUS proxies Can be used for centralized authentication services Domain membership not required Great for DMZ placement,RADIUS Server (IAS),Back-end Server,Web Client (Browser, HTTP client),ISA Server 2000 (Old)Networking Model,Fix

2、ed zones “IN” = LAT “OUT” = DMZ, Internet Packet filter only on external interfaces Single outbound policy NAT always Static filtering from DMZ to Internet,InternalNetwork,Internet,DMZ 1,ISA 2000,ISA Server 2004 Networking Model,Any number of networks VPN as network Localhost as network Assigned rel

3、ationships (NAT/Route) Per-Network policy Packet filtering onall interfaces Support for DoD Any topology, any policy,ISA 2004,Rule Structure infects unprotected or unpatched systems,No Exploit,Exploit,MBSA How It Works,MSSecure.xml contains Security bulletin names Product-specific updates Version an

4、d checksum info Registry keys changed KB article numbers Etc.,Windows Download Center,MSSecure.xml,MBSAComputer,Policies, Procedures, & Awareness,Physical Security,Perimeter,Internal Network,Host,Application,Data,Defense In Depth,Using a layered approach Increases attackers risk of detection Reduces

5、 attackers chance of success,OS hardening, authentication, patch management, HIDS,Firewalls, Network Access Quarantine Control,Guards, locks, tracking devices,Network segments, IPSec, NIDS,Application hardening, antivirus,ACLs, encryption, EFS,Security documents, user education,Requirements For Succ

6、essful Patch Management,Products, tools automation,Project management, Patch management process,People who understand their roles and responsibilities,Effective Processes,Effective Operations,Tools and Technologies,Patch Management Process,SUS How It Works,ParentSUS Server,Windows Update,ChildSUS Se

7、rver,Firewall,Client Computers,Client Computers,SUS Sample Deployment Scenario,Main OfficeSUS Server,Windows Update,PilotSUS Server,Firewall,Pilot Client Computers,Main Office ClientComputers,Regional Client Computers,RegionalSUS Server,SUS Server,Windows Update Service,Firewall,Software Update Serv

8、ice SUS Deployment Scenario 1,Software Update Service SUS Deployment Scenario 2,SUS Server,Windows Update Service,Firewall,Software Update Service SUS Deployment Scenario 3,ParentSUS Server,Windows Update Service,ChildSUS Server,Firewall,ChildSUS Server,Managing A ComplexSUS Environment,Centrally ma

9、nage downloading and approving updates Use OU structure and GPOs to manage SUS update distribution Use the WUAU.ADM template file to configure AU client settings Assign GPOs to OUs,Ages of Security,Stone Age,Bronze Age,Information Age,No decent tools No mythology, no guidance Very little information

10、 shared Global lack of awareness,Primitive Tools Primitive methodology Little sense of the big picture Information spreads slowly Awareness widespread, but expertise rare Survival mentality,Advanced, automated tools Comprehensive methodology Widespread expertise Universal awareness Think integrated!

11、,SMS What It Does,Security Policy Model,Operations,Process,Implementation,Documentation,Policy,Technology,System = Programs + Servers + Solutions + Services,Compare to standards and best practices,Measuring Security Policy,Security Policy,Documented Procedures,Operations,“What you must do”,“What you

12、 say you do”,“What you really do”,Security Operating Principles,Corporate Security Mission and Vision,Security Strategy,Risk-Based Decision Model,Tactical Prioritization,Mission,Prevent malicious or unauthorized use that results in the loss of Microsoft intellectual property or productivity by syste

13、matically assessing, communicating, and mitigating risks to digital assets,Enterprise Risk Model,High,Low,High,Impact to Business (Defined by Business Owner),Low,Acceptable Risk,Unacceptable Risk,Probability of Exploit (Defined by Corporate Security),Risk assessment drives to acceptable risk,Task &

14、Status Tracking,Formal Workflow,Expense Management Benefits Administration Account Planning Procurement Government Forms .,Enterprise Applications,Department Applications,Team Collaboration,Dept. & Vertical Workflow,5-10 users,Solutions Landscape,Department users,Cross-enterprise users,Formal,Ad-hoc

15、,Team,Department IT,Enterprise IT,Team Survey Status Report Issue Tracking .,Asset Mgmt Sales Reports Customer Service Healthcare Forms Project Mgmt ,Case studies at ,Risk Analysis By Asset Class,Exploit of misconfiguration, buffer overflows, open shares, NetBIOS attacks,Host,Unauthenticated access

16、to applications, unchecked memory allocations,Application,Compromise of integrity or privacy of accounts,Account,Unmanaged trusts enable movement among environments,Trust,Data sniffing on the wire, network fingerprinting,Network,Assets,Components Of Risk Assessment,Asset,Threat,Impact,Vulnerability,

17、Mitigation,Probability,+,=,What are you trying toassess?,What are you afraid of happening?,What is the impact to the business?,How could the threat occur?,What is currently reducing the risk?,How likely is the threat giventhe controls?,Current Level of Risk,What is the probability that the threat wi

18、ll overcome controls to successfully exploit the vulnerability and affect the asset?,Risk Management Process And Roles,3,4,SecuritySolutions &Initiatives,Sustained Operations,Cross-IT Teams,Corporate Security,Tactical Prioritization,1,PrioritizeRisks,2,Security Policy,5,Compliance,Tactical PrioritizationBy Environment,Policies and mitigation tactics appropriate for each environment,Prioritized Risks,Data Center,Client,Unmanaged Client,Remote Access,Mobile,WMI,Monitored Clients,Monitored Servers,SQL,Collector,Events subject to tampering,Events under control of auditors,Security logs