Security Overview for Security Overview for Microsoft InfrastructuresMicrosoft Infrastructures
Fred Baumhardt and James Noyce Fred Baumhardt and James Noyce Infrastructure Solutions and Security Solutions TeamsInfrastructure Solutions and Security Solutions Teams
Microsoft Security Solutions, Feb 4Microsoft Security Solutions, Feb 4thth, 2003, 2003
AgendaAgenda Threats – How you are attacked and Threats – How you are attacked and
from wherefrom where Application Level Attacks – the new Application Level Attacks – the new
Security BattlegroundSecurity Battleground Overview of Microsoft Server Overview of Microsoft Server
Security Technologies and ToolsSecurity Technologies and Tools Management and Operations as a Management and Operations as a
Defensive MechanismDefensive Mechanism
The Three Phases of The Three Phases of Hacking Hacking Information Gathering and Information Gathering and
IntelligenceIntelligence
Analysis of Collected InformationAnalysis of Collected Information
Probing and CompromiseProbing and Compromise
Management as a Security Management as a Security ToolTool
Detect unauthorised activity on Detect unauthorised activity on your infrastructureyour infrastructure
Prevent misconfiguration of Prevent misconfiguration of systemssystems
Ensure system vulnerabilities Ensure system vulnerabilities are captured and addressedare captured and addressed
Security Management ToolsSecurity Management Tools
AnalysisAnalysis Microsoft Baseline Microsoft Baseline
Security Analyser Security Analyser (MBSA)(MBSA)
Systems Systems Management Server Management Server (SMS)(SMS) Software Update Software Update
Services Feature PackServices Feature Pack Microsoft Software Microsoft Software
Update Services Update Services (MSUS)(MSUS)
Security Security Configuration and Configuration and Analysis snap-inAnalysis snap-in
RSoPRSoP
ManagementManagement Group Policy Group Policy
Management Console Management Console (GPMC)(GPMC)
Microsoft Operations Microsoft Operations Manager (MOM)Manager (MOM)
Microsoft Audit Microsoft Audit Collection System Collection System (MACS)(MACS)
Systems Management Systems Management Server (SMS)Server (SMS) Software Update Software Update
Services Feature PackServices Feature Pack Microsoft Software Microsoft Software
Update Services (MSUS)Update Services (MSUS)
Infrastructure ToolsInfrastructure Tools
Snort – Free to Download – even on Snort – Free to Download – even on Windows – www.snort.orgWindows – www.snort.org
MBSA – Scans most MS Server MBSA – Scans most MS Server products and windows clientsproducts and windows clients
SUS – Patch management solutionSUS – Patch management solution MOM-MACS-SMSMOM-MACS-SMS IPSEC – within WindowsIPSEC – within Windows IISLockdown – URLScanIISLockdown – URLScan ISA Server with Feature Pack1ISA Server with Feature Pack1
MBSA Version 1.1MBSA Version 1.1The following new features are included The following new features are included
with MBSA V1.1:with MBSA V1.1: Exchange and Windows Media Player Exchange and Windows Media Player
security update detection security update detection Full HFNetChk integration into Full HFNetChk integration into
MBSACLI.exeMBSACLI.exe Incorporation of the latest HFNetChk Incorporation of the latest HFNetChk
engine code engine code Support for Software Update Services Support for Software Update Services
(SUS) during security update scanning (SUS) during security update scanning Detection for multiple SQL Server Detection for multiple SQL Server
instances instances
Software Update ServicesSoftware Update Services
Address Patch Management Address Patch Management concernsconcernsWindows keeps itself up-to-date Windows keeps itself up-to-date
with the latest critical & security with the latest critical & security updates updates
IT administrators can IT administrators can automatically deploy Windows automatically deploy Windows Update contentUpdate content
IT administrator gains control over IT administrator gains control over what patches are applied to a what patches are applied to a systemsystem
Leverage Windows Update web-Leverage Windows Update web-based infrastructurebased infrastructure
System Management Server System Management Server Software Update Services Software Update Services Feature PackFeature Pack
Security patch inventorySecurity patch inventoryOffice patch inventoryOffice patch inventoryPatch distributionPatch distributionWeb reportingWeb reporting
Recommendations for CustomersRecommendations for Customers
Microsoft’s “A” recommendation for which Microsoft’s “A” recommendation for which tool to use:tool to use:
**Small Business that work with a VAP **Small Business that work with a VAP should also consider SUSshould also consider SUS
Official external positioning is available at:Official external positioning is available at:http://www.microsoft.com/windows2000/windowsupdate/sus/suschoosing.asphttp://www.microsoft.com/windows2000/windowsupdate/sus/suschoosing.asp
Recommended Technology Recommended Technology to deploy critical updatesto deploy critical updates
Home UserHome User Windows UpdateWindows Update
Small BusinessSmall Business Windows Update**Windows Update**
Medium EnterpriseMedium Enterprise Software Update ServicesSoftware Update Services
Large EnterpriseLarge Enterprise SMS (with the Feature Pack)SMS (with the Feature Pack)
GPMC OverviewGPMC Overview What is the GPMC? What is the GPMC?
New admin tool for managing Group New admin tool for managing Group Policy:Policy: Set of scriptable objects for managing GPSet of scriptable objects for managing GP MMC Snap-in, built on these objectsMMC Snap-in, built on these objects
Standalone web release shortly after Standalone web release shortly after Windows .NET Server RTMWindows .NET Server RTM
GPMC Design goalsGPMC Design goals Unify management of Group PolicyUnify management of Group Policy Address key deployment issuesAddress key deployment issues Provide better UI for visualizationProvide better UI for visualization Enable programmatic access to GPEnable programmatic access to GP
Microsoft Operations ManagerMicrosoft Operations Manager Operations Management – event and Operations Management – event and
performance managementperformance management Built on Microsoft management servicesBuilt on Microsoft management services
Microsoft solution manages Windows Microsoft solution manages Windows 2000, Exchange, SQL Server, and other 2000, Exchange, SQL Server, and other Microsoft appsMicrosoft apps Base Management PackBase Management Pack Application Management PackApplication Management Pack
Heterogeneous and value-add Heterogeneous and value-add solutions from third parties extend this solutions from third parties extend this offeringoffering
Centralizes Windows security Centralizes Windows security management in MOMmanagement in MOM
Out-of-the-box security rules, Out-of-the-box security rules, knowledge, response actions, knowledge, response actions, reportsreports
Includes:Includes:XMP for Anti-Virus ApplicationsXMP for Anti-Virus ApplicationsXMP for Microsoft Windows XMP for Microsoft Windows
SecuritySecurityXMP for NetIQ Security AnalyzerXMP for NetIQ Security Analyzer
Security Management Pack:Security Management Pack:A set of Security XMP’s for MOMA set of Security XMP’s for MOM
Microsoft Audit Collection ServicesMicrosoft Audit Collection Services
Client-Server application to collect Client-Server application to collect security events in real time and security events in real time and store them in a SQL databasestore them in a SQL database
MACS is NOT a security MACS is NOT a security management application (No user management application (No user interface)interface)
MACS & MOMMACS & MOM MACS is a security event collection MACS is a security event collection
tool- no management capabilitytool- no management capability MOM complements MACS- MOM MOM complements MACS- MOM
adds management, alerting, support adds management, alerting, support for other logsfor other logs
MACS v2 will likely be integrated MACS v2 will likely be integrated with MOM v2with MOM v2
MACS v1 will ship with MOM MACS v1 will ship with MOM management packmanagement pack
ServicesServices
Security is not just about technologySecurity is not just about technology Crucial to bring in expertise and Crucial to bring in expertise and
knowledge transfer into your knowledge transfer into your organisationorganisation
SMB can use service templates and learn SMB can use service templates and learn from them – such as MSA - from them – such as MSA -
Service OfferingsService OfferingsMicrosoft Solution for Microsoft Solution for
ManagementManagement Allows customers to prioritize, test and Allows customers to prioritize, test and
deploy Patches to their environment.deploy Patches to their environment. Delivers proven best practices and Delivers proven best practices and
infrastructure for managing high infrastructure for managing high volumes of patch deployments into a volumes of patch deployments into a Microsoft tools and technology Microsoft tools and technology environment.environment.
Enables customers to improve their Enables customers to improve their quality of service while reducing total quality of service while reducing total cost of ownershipcost of ownership
Next StepsNext Steps
Review your systemsReview your systems Web resourcesWeb resourceshttp://www.microsoft.com/technet/security/prodtech/windows/http://www.microsoft.com/technet/security/prodtech/windows/secwin2k/default.aspsecwin2k/default.asphttp://www.microsoft.com/downloads/details.aspx?http://www.microsoft.com/downloads/details.aspx?
displaylang=en&FamilyID=F937A913-F26E-49B5-A21E-displaylang=en&FamilyID=F937A913-F26E-49B5-A21E-20BA5930238D20BA5930238D
http://www.microsoft.com/technet/itsolutions/msm/default.asphttp://www.microsoft.com/technet/itsolutions/msm/default.asphttp://www.microsoft.com/technet/security/issues/w2kccscg/http://www.microsoft.com/technet/security/issues/w2kccscg/
default.aspdefault.asp
http://www.microsoft.com/windows2000/technologies/http://www.microsoft.com/windows2000/technologies/security/default.asp security/default.asp