Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Security Overview for Microsoft Infrastructures

advertisement 
Security Overview for
Microsoft Infrastructures
Fred Baumhardt and James Noyce
Infrastructure Solutions and Security Solutions Teams
Microsoft Security Solutions, Feb 4th, 2003
Agenda




Threats – How you are attacked and
from where
Application Level Attacks – the new
Security Battleground
Overview of Microsoft Server
Security Technologies and Tools
Management and Operations as a
Defensive Mechanism
The Three Phases of
Hacking

Information Gathering and
Intelligence

Analysis of Collected Information

Probing and Compromise
Management as a Security
Tool
 Detect
unauthorised activity on
your infrastructure
 Prevent misconfiguration of
systems
 Ensure system vulnerabilities
are captured and addressed
Security Management Tools

Analysis
Microsoft Baseline
Security Analyser
(MBSA)
 Systems
Management Server
(SMS)


Software Update
Services Feature Pack
Microsoft Software
Update Services
(MSUS)
 Security
Configuration and
Analysis snap-in
 RSoP

Management





Group Policy
Management Console
(GPMC)
Microsoft Operations
Manager (MOM)
Microsoft Audit
Collection System
(MACS)
Systems Management
Server (SMS)


Software Update
Services Feature Pack
Microsoft Software
Update Services (MSUS)
Infrastructure Tools







Snort – Free to Download – even on
Windows – www.snort.org
MBSA – Scans most MS Server
products and windows clients
SUS – Patch management solution
MOM-MACS-SMS
IPSEC – within Windows
IISLockdown – URLScan
ISA Server with Feature Pack1
MBSA Version 1.1
The following new features are included
with MBSA V1.1:





Exchange and Windows Media Player
security update detection
Full HFNetChk integration into
MBSACLI.exe
Incorporation of the latest HFNetChk
engine code
Support for Software Update Services
(SUS) during security update scanning
Detection for multiple SQL Server
instances
Software Update Services
 Address
Patch Management
concerns
 Windows
keeps itself up-to-date
with the latest critical & security
updates
 IT administrators can
automatically deploy Windows
Update content
 IT administrator gains control over
what patches are applied to a
system
 Leverage Windows Update webbased infrastructure
System Management Server
Software Update Services
Feature Pack
 Security
patch inventory
 Office patch inventory
 Patch distribution
 Web reporting
Recommendations for Customers

Microsoft’s “A” recommendation for which
tool to use:
Home User
Small Business
Medium Enterprise
Large Enterprise


Recommended Technology
to deploy critical updates
Windows Update
Windows Update**
Software Update Services
SMS (with the Feature Pack)
**Small Business that work with a VAP
should also consider SUS
Official external positioning is available at:
http://www.microsoft.com/windows2000/windowsupdate/sus/suschoosing.as
p
GPMC Overview

What is the GPMC?

New admin tool for managing Group
Policy:




Set of scriptable objects for managing GP
MMC Snap-in, built on these objects
Standalone web release shortly after
Windows .NET Server RTM
GPMC Design goals




Unify management of Group Policy
Address key deployment issues
Provide better UI for visualization
Enable programmatic access to GP
Microsoft Operations Manager

Operations Management – event and
performance management


Microsoft solution manages Windows
2000, Exchange, SQL Server, and other
Microsoft apps



Built on Microsoft management services
Base Management Pack
Application Management Pack
Heterogeneous and value-add
solutions from third parties extend this
offering
Security Management Pack:
A set of Security XMP’s for MOM
 Centralizes
Windows security
management in MOM
 Out-of-the-box security rules,
knowledge, response actions,
reports
 Includes:
 XMP
for Anti-Virus Applications
 XMP for Microsoft Windows
Security
 XMP for NetIQ Security Analyzer
Microsoft Audit Collection Services


Client-Server application to collect
security events in real time and
store them in a SQL database
MACS is NOT a security
management application (No user
interface)
MACS & MOM




MACS is a security event collection
tool- no management capability
MOM complements MACS- MOM
adds management, alerting, support
for other logs
MACS v2 will likely be integrated
with MOM v2
MACS v1 will ship with MOM
management pack
Services



Security is not just about technology
Crucial to bring in expertise and
knowledge transfer into your
organisation
SMB can use service templates and learn
from them – such as MSA -
Service Offerings
 Microsoft
Solution for
Management
 Allows
customers to prioritize, test and
deploy Patches to their environment.
 Delivers proven best practices and
infrastructure for managing high
volumes of patch deployments into a
Microsoft tools and technology
environment.
 Enables customers to improve their
quality of service while reducing total
cost of ownership
Next Steps


Review your systems
Web resources
http://www.microsoft.com/technet/security/prodtech/windows/
secwin2k/default.asp
http://www.microsoft.com/downloads/details.aspx?displaylang=en&F
amilyID=F937A913-F26E-49B5-A21E-20BA5930238D
http://www.microsoft.com/technet/itsolutions/msm/default.asp
http://www.microsoft.com/technet/security/issues/w2kccscg/default.a
sp
http://www.microsoft.com/windows2000/technologies/security/
default.asp
Related documents
Application software assignment
Application software assignment
Chapter 1Computer Concept
Chapter 1Computer Concept
Activities 1-5 - Classroom Websites
Activities 1-5 - Classroom Websites
MET 1103 Introduction to Computing
MET 1103 Introduction to Computing
Nichole Klocke de Rodriguez
Nichole Klocke de Rodriguez
Download
advertisement