Securing your data Drill down into Data Security with
Download
Report
Transcript Securing your data Drill down into Data Security with
Securing your data
Security with Microsoft Infrastructure and Internet Explorer
Matt Kestian
Strategic Security Advisor | National Security Team | Microsoft Corporation | March 11,2005
Version 1.0
Agenda
Some true stories…..
Phishing/Malware Demonstration
Strategy for securely browsing with internet
explorer
Defense in Depth
Securing the perimeter
Securing the network
Securing the hosts
Securing applications
Securing the data
Microsoft Confidential – NDA Material
True stories from the field
Phishing gone high tech
Bank in Latin America
E-mail between two companies
(actually this one is personal)
Microsoft Confidential – NDA Material
IE Security Improvements in XP SP2
Post XP SP2 Observations
Strengths
Big security investments were worthwhile
Balance of app compat and security seems good
Opportunities to Improve
Needed to consider cleanup, not just protection
Info disclosure just as important as code execution
Servicing IE with the OS is difficult for some customers
Configuration management – are we doing all we can?
Everyone wants new features – even security pros
IE 7 will beta this summer with even more phishing and
malware protection
Microsoft Confidential – NDA Material
Threat Modeling
Spoofing
An unauthorized user impersonating a valid user
Tampering
An attacker illegally modifying or destroying data
Repudiation
Ability of a user to deny performing an action
Information Disclosure
Releasing information to unauthorised users
Denial of Service
Causing the system to be unavailable to valid users
Elevation of Privilege
An attacker illegally gains a higher level of access
Microsoft Confidential – NDA Material
Attack Methodologies
Take
ownership
– Elevate
Privileges
Perform
Steal
Exploit
the
the
unauthorized
Data
vulnerabilities
activities
Search
for
known
Reconnaissance
-vulnerabilities
Port
Scanning
Cover
your
tracks
Download
hacker
tools, backdoors,
rootkits, etc
Determine
other
and attack them
Clear
Audit
Trailstargets
network
mapping
[VLAN]
SMS/MOM
X
Directory
[VLAN]
4
5
6
3
2
1
7
SQL cluster
X
X
Web servers
Web apps
DNS
X
X
[VLAN]
Exchange
front end
IDS
LOB apps
Directory
IDS
Disk array
DNS
Exchange
Desktops
Microsoft Confidential – NDA Material
Defense in Depth
An organizing framework for Security
Layered Portfolio of Countermeasures
Reduce the chance of a single point of vulnerability
Perimeter
Network
Host
Application
Data
Physical Security
Policies, Procedures, &
Awareness
Microsoft Confidential – NDA Material
Perimeter Layer
Business Partner
Main Office
LAN
LAN
Internet Services
Internet
Internet
Network perimeters
include connections
to:
The Internet
Branch offices
Business partners
Remote users
Wireless networks
Internet applications
Services
Branch Office
Remote
User
Wireless
Network
LAN
Microsoft Confidential – NDA Material
Perimeter Layer Compromise
Business Partner
Main Office
LAN
LAN
Internet Services
Internet
Internet
Network perimeter
compromise may result in:
Attack on corporate
network
Attack on remote users
Attack from business
partners
Attack from a branch office
Attack on Internet services
Attack from the Internet
Services
Branch Office
Remote User
Wireless
Network
LAN
Microsoft Confidential – NDA Material
Perimeter Layer Protection
Business Partner
Main Office
LAN
LAN
Internet Services
Internet Services
Internet
Network perimeter
protection
includes:
Firewalls
Blocking communication
Remote User
ports
Port and IP address
translation
Virtual Private Networks
Tunneling protocols
Filter traffic- SMTP, Spam
blocking, proxy technologies
Branch Office
Wireless
Network
LAN
Microsoft Confidential – NDA Material
Lab
Unmanaged
guest
ISA Server 2004
Application level FW
VPN Quarantine
Sybari Antigen – Anti-Virus, Anti-Spam
Microsoft Confidential – NDA Material
Network Layer
Sales
Marketing
Wireless
Network
Finance
Human
Resources
Microsoft Confidential – NDA Material
Network Layer Compromise
Unauthorized
access to systems
Unexpected
communication
ports
Unauthorized
access to wireless
networks
Sniff packets from
the network
Access all
network traffic
Microsoft Confidential – NDA Material
Security Zones
`
`
Public
`
Tier Restrictions
Intra-zone Tier
Communication
Restrictions
Inter-zone
Communication
Restrictions
Public DNS
Perimeter DNS
Perimeter Web
Perimeter Web
Perimeter DNS
Perimeter
Core Database
Core AD
Core Database
Core DNS
Core Infrastructure
Core
`
`
`
`
Client
Internal
Private
Microsoft Confidential – NDA Material
Network Layer Protection
Implement mutual authentication
Segment the network (Vlan, internal FW)
Encrypt network communications
Block communication ports
Control access to network devices
Sign network packets
Multi home some servers
Microsoft Confidential – NDA Material
Implementing IPSec Policy
Host Layer
Specific network role
Operating system configuration
The term “host” is used to refer to both
workstations and servers
Microsoft Confidential – NDA Material
Host Layer Compromise
Unsecured
Operating
System
Configuration
Distribute
Viruses
Unmonitore
d Access
Exploit
Operating
System
Weakness
Microsoft Confidential – NDA Material
Attack Vectors
Malicious e-mail
attachments
Malicious Web
content
Days to exploit and complexities around
patching makes patching a less effective
defense strategy
Port-based
attacks
Buffer overrun
attacks
Microsoft Confidential – NDA Material
Windows XP Service Pack 2
Windows Server 2003 Service Pack 1
Microsoft Windows AntiSpyware
Software Restriction Policies
Future: Network Access Protection
Microsoft Confidential – NDA Material
Host Layer Protection
Use Group Policy – implement
templates XP and Server
Use Windows Firewall
Manage configuration changes
Run AV and keep up to date
Harden operating system
Implement IPSec for mutual
authentication
Install security updates
Restrict anonymous access where
able
Implement auditing
Rename the admin account
disable guest
Disable or remove unnecessary
services
Install and maintain antivirus
software
Microsoft Confidential – NDA Material
Application Layer
Security issues specific to applications
Functionality must be maintained
Server Applications
(for example, Exchange Server
or SQL Server)
Applications That
Create and Access
Data
Microsoft Confidential – NDA Material
Application Layer Compromise
Loss of application
Execution of malicious code
Extreme use of application
Unwanted use of applications
Microsoft Confidential – NDA Material
Application Layer Protection
Enable only required services and
functionality
Configure application security settings
Install security updates for applications
Install and update antivirus software
Run applications with least privilege
Microsoft Confidential – NDA Material
Data Layer
Documents
Directory
Applications
Microsoft Confidential – NDA Material
Data Layer Compromise
Interrogate
Directory Files
View, Change,
or Modify
Information
Documents
Directory
Applications
Replace or
Modify
Application Files
Microsoft Confidential – NDA Material
Technology
Investments
Persistent information protection
New “lockbox” business scenarios
Deployment, usability enhancements
Offline support
FIPS compliance
Smartcard integration
Microsoft Confidential – NDA Material
Data Layer Protection
Utilize NTFS Access control lists
Encrypt files with EFS
Secure SQL server according to SQL server
security guidelines
Move files from the default location
Create data backup and recovery plans
Protect documents and e-mail with Windows
Rights Management Services
Microsoft Confidential – NDA Material
Prior
H2 04
2005
Microsoft Baseline Security Analyzer (MBSA) v1.2
Virus Cleaner Tools
Systems Management Server (SMS) 2003
Software Update Services (SUS) SP1
Internet Security and Acceleration (ISA) Server 2004 Standard Edition
Windows XP Service Pack 2
Patching Technology Improvements (MSI 3.0)
Systems Management Server 2003 SP1
Microsoft Operations Manager 2005
Windows malicious software removal tool
Windows Server 2003 Service Pack 1
Windows Update Services
ISA Server 2004 Enterprise Edition
Windows Rights Management Services SP1
Windows AntiSpyware
System Center 2005
Windows Server 2003 “R2”
Visual Studio 2005
Future
Vulnerability Assessment and Remediation
Active Protection Technologies
Antivirus
Microsoft Confidential – NDA Material
© 2005 Microsoft Corporation. All rights reserved.
This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.