Following the Code Red and Nimda attacks, Microsoft heard back from users that they were just sick o...
Download
1 / 39

We will not rest until all our customers have what they need to get secure and stay secure. - PowerPoint PPT Presentation


  • 64 Views
  • Uploaded on

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' We will not rest until all our customers have what they need to get secure and stay secure.' - bambi


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

Following the Code Red and Nimda attacks, Microsoft heard back from users that they were just sick of this. More than anything, it was the huge impact Code Red had on IIS users. It was horrendous…The problem is these patches are so frequent, Microsoft is adding to its resources to make sure you keep up with them. But my major issue is making the product better." John Pescatore, Gartner

We will not rest until all our customers have what they need to get secure and stay secure.

Brian Valentine, Microsoft

What we discovered a few months ago is that, while we are doing a pretty good job providing [security tools and patches], it wasn't easy enough for our customers to roll them out. Because of our position in the industry, we felt it was our responsibility to make it as easy as possible for the customer to do what it takes to stay secure.

Dave Thompson, Microsoft

It's not that IIS is poorly written, but it's pretty clear that IIS and Microsoft are huge targets for viruses and other malicious code, putting the firm at risk.

Matt Kesner, Fenwick & West


Microsoft: back from users that they were just sick of this. More than anything, it was the huge impact Code Red had on IIS users. It was horrendous…The problem is these patches are so frequent, Microsoft is adding to its resources to make sure you keep up with them. But my major issue is making the product better."Get Secure, Stay Secure

Securing Your IT Infrastructure

Šarūnas KončiusSolutions Marketing SpecialistMicrosoft Latvia


Agenda
Agenda back from users that they were just sick of this. More than anything, it was the huge impact Code Red had on IIS users. It was horrendous…The problem is these patches are so frequent, Microsoft is adding to its resources to make sure you keep up with them. But my major issue is making the product better."

  • The challenge of security

  • People, process and technology

  • Strategic Technology Protection Program (STPP)

  • The Secure Infrastructure

  • Case study

  • Tools demo

  • Trustworthy Computing

  • Next steps


The challenge of security
The Challenge of Security back from users that they were just sick of this. More than anything, it was the huge impact Code Red had on IIS users. It was horrendous…The problem is these patches are so frequent, Microsoft is adding to its resources to make sure you keep up with them. But my major issue is making the product better."

Internet-enabled businesses face challenges ensuring their technologies for computing and information assets are secure, fast and easy to interact with.

The right access

to the right content

by the right people


Microsoft s commitment to customers
Microsoft’s Commitment to back from users that they were just sick of this. More than anything, it was the huge impact Code Red had on IIS users. It was horrendous…The problem is these patches are so frequent, Microsoft is adding to its resources to make sure you keep up with them. But my major issue is making the product better."Customers:

To do everything possible to enable every customer to work, communicate, and transact securely over the Internet


People, Process, Technology back from users that they were just sick of this. More than anything, it was the huge impact Code Red had on IIS users. It was horrendous…The problem is these patches are so frequent, Microsoft is adding to its resources to make sure you keep up with them. But my major issue is making the product better."What are the industry challenges?

  • Products lack security features

  • Products have bugs

  • Many issues are not addressed by technical standards

  • Too hard to stay

    up-to-date

  • Design for security

  • Roles and responsibilities

  • Audit, track, follow-up

  • Calamity plans

  • Stay up-to-date with security development

Process

Technology

People

  • Lack of knowledge

  • Lack of commitment

  • Human error


Life was much simpler back then
Life Was Much Simpler back from users that they were just sick of this. More than anything, it was the huge impact Code Red had on IIS users. It was horrendous…The problem is these patches are so frequent, Microsoft is adding to its resources to make sure you keep up with them. But my major issue is making the product better."Back Then…

Mainframe

  • Terminal access

  • “Glass house”

  • Physical security, limited connectivity


Life was much simpler back then1
Life Was Much Simpler back from users that they were just sick of this. More than anything, it was the huge impact Code Red had on IIS users. It was horrendous…The problem is these patches are so frequent, Microsoft is adding to its resources to make sure you keep up with them. But my major issue is making the product better."Back Then…

Client-Server

  • LAN connectivity

  • File/print services

  • Limited external access


Life was much simpler back then2

Internet back from users that they were just sick of this. More than anything, it was the huge impact Code Red had on IIS users. It was horrendous…The problem is these patches are so frequent, Microsoft is adding to its resources to make sure you keep up with them. But my major issue is making the product better."

Life Was Much Simpler Back Then…

The Internet

  • “Always On”

  • E-mail, Instant Messaging

  • The Web

Then the world became complex and difficult…


Business impact

Security Breaches Have Real Costs back from users that they were just sick of this. More than anything, it was the huge impact Code Red had on IIS users. It was horrendous…The problem is these patches are so frequent, Microsoft is adding to its resources to make sure you keep up with them. But my major issue is making the product better."

Business Impact

  • According to the Computer Crime and Security Survey 2002, by the Computer Security Institute (CSI) and the FBI:

    • 90% detected computer security breaches

    • 80% acknowledged financial losses due to computer breaches

    • 40% of respondents quantified financial losses at $456 million, or $2 million per respondent

    • 40% detected system penetration from the outside; up from 25% in 2000

    • 85% detected computer viruses

  • InformationWeek estimates:

    • Security breaches cost businesses $1.4 trillion worldwide this year

    • 2/3 of companies have experienced viruses, worms, or Trojan Horses

    • 15% have experienced Denial of Service attacks

Source: Computer Security Institute (CSI) Computer Crime and Security Survey 2002

Source: InformationWeek.com, 10/15/01


Defense in depth
Defense In Depth back from users that they were just sick of this. More than anything, it was the huge impact Code Red had on IIS users. It was horrendous…The problem is these patches are so frequent, Microsoft is adding to its resources to make sure you keep up with them. But my major issue is making the product better."

  • Industry-wide security design methodology of layering defenses:

    • Perimeter defenses

    • Network defenses

    • Host defenses

    • Application defenses

    • Data and resources

  • Provides a method and framework for designing security into infrastructure

  • Prescriptive guidance and detail included in Microsoft Internet Data Center design guide


Microsoft internet data center guide security
Microsoft Internet Data Center Guide: Security back from users that they were just sick of this. More than anything, it was the huge impact Code Red had on IIS users. It was horrendous…The problem is these patches are so frequent, Microsoft is adding to its resources to make sure you keep up with them. But my major issue is making the product better."

  • Examples of topics included in Internet Data Center guide:

    • Defense In Depth strategy

    • Common hacker methods and prevention

    • Best practices for security IIS

    • Windows 2000 Active Directory design and security policies

    • Best practices for application security

    • Authentication


Microsoft security process guidance
Microsoft Security Process Guidance back from users that they were just sick of this. More than anything, it was the huge impact Code Red had on IIS users. It was horrendous…The problem is these patches are so frequent, Microsoft is adding to its resources to make sure you keep up with them. But my major issue is making the product better."

  • Based on British Standard 7799, included in Internet Data Center guide, a 4-phase process:

  • Assess

    • Define security requirements

    • Perform analysis of current and desired states

  • Design

    • Develop security solution

    • Utilize Defense In Depth framework

  • Deploy

    • Test and implement

    • Define and document policies, standards, procedures

  • Manage

    • Operational management

    • Review and reassess on a regular basis


Strategic Technology back from users that they were just sick of this. More than anything, it was the huge impact Code Red had on IIS users. It was horrendous…The problem is these patches are so frequent, Microsoft is adding to its resources to make sure you keep up with them. But my major issue is making the product better."Protection Program

Get Secure! Stay Secure!

People

Process

Technology


Security management and operations security through people process and technology

People back from users that they were just sick of this. More than anything, it was the huge impact Code Red had on IIS users. It was horrendous…The problem is these patches are so frequent, Microsoft is adding to its resources to make sure you keep up with them. But my major issue is making the product better."

Technology

Security Management and OperationsSecurity through people, process and technology

Industry leading security response and support

Free PSS virus related support at 1-866-PCSafety

World-class security training

Gold certified security partner program

MCS Security assessment service offering

Prescriptive guidance for building and managing security

Pre-tested and certified configurations

Microsoft Operations Framework

Process

Security roll-up packages

Microsoft Baseline Security Analyzer

Windows Update

Microsoft Software Update Service


Stpp get secure

People back from users that they were just sick of this. More than anything, it was the huge impact Code Red had on IIS users. It was horrendous…The problem is these patches are so frequent, Microsoft is adding to its resources to make sure you keep up with them. But my major issue is making the product better."

Process

Technology

STPP: “Get Secure”

Product Support Services (PSS)

  • 1-866-PCSAFETY – Free virus related support

  • Security News Groups – Microsoft.com/security

Microsoft Consulting Services

  • Security Assessment

  • Security Quick Start Programs

  • ISA Quick Start Program

People

Process

Microsoft.com/security

  • Server oriented security resources for server admins

  • New security tools and updates,

  • Security Notification Service

Enterprise Security

  • Server security configuration scanner

  • SMS security patch rollout tool

  • Windows Update Auto-update client(Group Policy-enabled)

Process

Technology


Stpp stay secure

People back from users that they were just sick of this. More than anything, it was the huge impact Code Red had on IIS users. It was horrendous…The problem is these patches are so frequent, Microsoft is adding to its resources to make sure you keep up with them. But my major issue is making the product better."

People

Process

Process

Process

Technology

Technology

Technology

STPP: “Stay Secure”

Windows 2000 Security Rollup Patches

  • Bundle all security fixes in single patches

  • Reduces reboots and administrator burden

Windows 2000 Service Pack (SP3)

  • Provide ability to install SP3 + security rollupwith a single reboot

Process

Technology

Microsoft Software Update Service (SUS)

  • Allows enterprise to host and selectWindows Update content

Enhanced Product Security

  • Provide greater security enhancements in the releases of all new products, including theWindows .NET Server family


The secure infrastructure
The Secure Infrastructure back from users that they were just sick of this. More than anything, it was the huge impact Code Red had on IIS users. It was horrendous…The problem is these patches are so frequent, Microsoft is adding to its resources to make sure you keep up with them. But my major issue is making the product better."

Secure Network Connectivity

  • Secure Internet connectivity (MSA & ISA)

  • Secure remote access (VPN, IAS)

  • Secure wireless networks (PKI + 802.1x)

  • Directory Services (AD & MMS)

  • Authentication (PKI, Kerberos, Passport)

  • Authorization (ACLs, Roles, Federation)

  • Policy-based management (GP, and GPMC)

Integrated Solution for Identity Management

  • Tools (MBSA, MSUS)

  • Guidance (MOC, PAGs, Security Best Practices)

  • Services (MSQS, PSS, & professional services)

  • Products (SMS, MOM)

Comprehensive Security Management and Operations


Network access challenges
Network Access Challenges back from users that they were just sick of this. More than anything, it was the huge impact Code Red had on IIS users. It was horrendous…The problem is these patches are so frequent, Microsoft is adding to its resources to make sure you keep up with them. But my major issue is making the product better."

Wireless LAN

VPN

Gateway

High management overhead

  • Multiple points of network access

  • Disparate access models

  • Multiple user databases and identities

    Vulnerable to unauthorized access

  • Data encryption over open networks

  • Weak wireless security via WEP

  • Weak credentials on VPN

Firewall

LAN

Identity Repository


The secure infrastructure secure network connectivity

Secure VPN Gateway back from users that they were just sick of this. More than anything, it was the huge impact Code Red had on IIS users. It was horrendous…The problem is these patches are so frequent, Microsoft is adding to its resources to make sure you keep up with them. But my major issue is making the product better."

Standards-based VPN Gateway

Password and smartcard authentication

Secure wireless access (Windows)

802.1x Certificate-based authentication

ICSA certified firewall (ISA server)

Standards-based TCP/IP infrastructure

DNS, DHCP, NAT

IPv6 (Windows .NET)

The Secure InfrastructureSecure Network Connectivity

Wireless LAN

VPN

Gateway

LAN

Identity Repository


The secure infrastructure1
The Secure Infrastructure back from users that they were just sick of this. More than anything, it was the huge impact Code Red had on IIS users. It was horrendous…The problem is these patches are so frequent, Microsoft is adding to its resources to make sure you keep up with them. But my major issue is making the product better."

Secure Network Connectivity

  • Secure Internet connectivity (MSA & ISA)

  • Secure remote access (VPN, IAS)

  • Secure wireless networks (PKI + 802.1x)

  • Directory Services (AD & MMS)

  • Authentication (PKI, Kerberos, Passport)

  • Authorization (ACLs, Roles, Federation)

  • Policy-based management (GP, and GPMC)

Integrated Solution for Identity Management

  • Tools (MBSA, MSUS)

  • Guidance (MOC, PAGs, Security Best Practices)

  • Services (MSQS, PSS, & professional services)

  • Products (SMS, MOM)

Comprehensive Security Management and Operations


Identity management challenges
Identity Management Challenges back from users that they were just sick of this. More than anything, it was the huge impact Code Red had on IIS users. It was horrendous…The problem is these patches are so frequent, Microsoft is adding to its resources to make sure you keep up with them. But my major issue is making the product better."

Wireless LAN

VPN

Gateway

email

File

Server

Web

Portal

High management overhead

  • Different security access models

  • Multiple user identities to manage

  • Interoperability

  • Extends to the Internet (B2C, B2B, B2E)

    Vulnerable to unauthorized access

  • Security policy enforcement

  • Protection of sensitive data on the network

  • Flexible authentication methods

LAN

Unix

App

Web

Services

Identity Repository


The secure infrastructure active directory

UNIX back from users that they were just sick of this. More than anything, it was the huge impact Code Red had on IIS users. It was horrendous…The problem is these patches are so frequent, Microsoft is adding to its resources to make sure you keep up with them. But my major issue is making the product better."

App

Active Directory

The Secure InfrastructureActive Directory

Wireless LAN

VPN

Gateway

Common store for identity management

  • Application and NOS identities

  • Repository for security principles

  • Integrated policy-based management

  • Scales to the Internet

Exchange

SQL

Server

File Sharing

LAN

Web

Services

Identity Repository


The secure infrastructure integrated security

UNIX back from users that they were just sick of this. More than anything, it was the huge impact Code Red had on IIS users. It was horrendous…The problem is these patches are so frequent, Microsoft is adding to its resources to make sure you keep up with them. But my major issue is making the product better."

Application

Active Directory

The Secure InfrastructureIntegrated Security

Wireless LAN

VPN

Gateway

Integrated Security Services

  • Kerberos authentication and authorization

  • Integrated PKI for authentication and encryption

  • Interoperable with UNIX via Kerberos and SFU

  • Interoperable with mainframes via HIS

  • Interoperable with Netware via SFN

Exchange

SQL

Server

File Sharing

LAN

Web

Services


The secure infrastructure directory integration and synchronization

UNIX back from users that they were just sick of this. More than anything, it was the huge impact Code Red had on IIS users. It was horrendous…The problem is these patches are so frequent, Microsoft is adding to its resources to make sure you keep up with them. But my major issue is making the product better."

Application

ActiveDirectory

Non-AD

Directory

Active Directory

Active Directory

The Secure InfrastructureDirectory integration and synchronization

Wireless LAN

VPN

Gateway

Microsoft MetaDirectory Server

  • Directory integration (Active Directory and non-Active Directory)

  • Directory synchronization

Exchange

SQL

Server

File Sharing

LAN

Web

Services


The secure infrastructure2
The Secure Infrastructure back from users that they were just sick of this. More than anything, it was the huge impact Code Red had on IIS users. It was horrendous…The problem is these patches are so frequent, Microsoft is adding to its resources to make sure you keep up with them. But my major issue is making the product better."

Secure Network Connectivity

  • Secure Internet connectivity (MSA & ISA)

  • Secure remote access (VPN, IAS)

  • Secure wireless networks (PKI + 802.1x)

  • Directory Services (AD & MMS)

  • Authentication (PKI, Kerberos, Passport)

  • Authorization (ACLs, Roles, Federation)

  • Policy-based management (GP, and GPMC)

Integrated Solution for Identity Management

  • Tools (MBSA, MSUS)

  • Guidance (MOC, PAGs, Security Best Practices)

  • Services (MSQS, PSS, & professional services)

  • Products (SMS, MOM)

Comprehensive Security Management and Operations


Products to help manage your it security
Products to Help Manage Your IT Security back from users that they were just sick of this. More than anything, it was the huge impact Code Red had on IIS users. It was horrendous…The problem is these patches are so frequent, Microsoft is adding to its resources to make sure you keep up with them. But my major issue is making the product better."

  • Use Systems Management Server (SMS) 2.0

    • Collect software/hardware inventory information

    • Deploy the HFNetChk tool, collect results and report on findings

    • Distribute Microsoft Security Tool Kit fixes to Windows desktops and servers

    • Receive status reports on the success of distribution

  • Use Microsoft Operations Manager (MOM) 2000

    • Proactively manage the OS and applications through built-in security-related alerts and scripts

    • Continuously monitor Windows servers for possible attacks

    • Receive immediate alerts of possible security breaches

    • Produce reports that can showcase service levels are being met


Case Study back from users that they were just sick of this. More than anything, it was the huge impact Code Red had on IIS users. It was horrendous…The problem is these patches are so frequent, Microsoft is adding to its resources to make sure you keep up with them. But my major issue is making the product better."

Organization

  • Prominent global banking group with total assets of 614.6 billion euros

  • 110,000 employees worldwide with more than 700 branch offices

    Business challenges

  • Reducing administrative costs

  • Accelerating time-to-market for new applications

  • Upgrading intranet infrastructure meet increasing Web traffic


Results
Results back from users that they were just sick of this. More than anything, it was the huge impact Code Red had on IIS users. It was horrendous…The problem is these patches are so frequent, Microsoft is adding to its resources to make sure you keep up with them. But my major issue is making the product better."

ABN-AMRO’s decision to deploy ISA Server:

  • Reduced bandwidth use between company’s branch offices and data center in the Netherlands

  • Allowed company to seamlessly integrate with the Windows 2000 Active Directory service

  • Enabled company to build a secure intranet infrastructure that provides single sign-on for users and minimizes the administrative burdens placed on information technology (IT) staff

Components of solution:

  • Windows 2000 Server with Active Directory service

  • Microsoft Internet Security and Acceleration (ISA) Server 2000 Enterprise Edition


Customer feedback
Customer Feedback back from users that they were just sick of this. More than anything, it was the huge impact Code Red had on IIS users. It was horrendous…The problem is these patches are so frequent, Microsoft is adding to its resources to make sure you keep up with them. But my major issue is making the product better."

"With ISA Server, we'll be able to deploy a reliable and scalable solution that will integrate seamlessly with the rest of our branch office intranet environment. We’ll be well-positioned to accommodate the new browser-based applications being developed to better meet the needs of our clients. ISA Server will enable us to do this in a manner that minimizes both our bandwidth requirements and administrative costs.”

- Bert van Puffelen

Vice President


Baseline security analyzer
Baseline Security Analyzer back from users that they were just sick of this. More than anything, it was the huge impact Code Red had on IIS users. It was horrendous…The problem is these patches are so frequent, Microsoft is adding to its resources to make sure you keep up with them. But my major issue is making the product better."

  • Helps users and administrators

    • Scan Windows systems for missing patches andconfiguration problems

    • Can examine a single computer or multiple computers on a network

    • Runs on Windows 2000 and Windows XP

    • Will scan for missing patches and vulnerabilities in recent versions of:

      • Windows

      • Internet Information Server

      • SQL Server

      • Internet Explorer

      • Office

    • Creates and stores security reports for each computer scanned


Demo baseline security analyzer
Demo: back from users that they were just sick of this. More than anything, it was the huge impact Code Red had on IIS users. It was horrendous…The problem is these patches are so frequent, Microsoft is adding to its resources to make sure you keep up with them. But my major issue is making the product better."Baseline Security Analyzer


Software update services solution
Software Update Services Solution back from users that they were just sick of this. More than anything, it was the huge impact Code Red had on IIS users. It was horrendous…The problem is these patches are so frequent, Microsoft is adding to its resources to make sure you keep up with them. But my major issue is making the product better."

  • Automatic Update (AU) client

    • Automatically download and install critical updates

      • Security patches, high impact bug fixes and new drivers when no driver is installed for a device

      • Checks Windows Update service or Corporate Update server once a day

    • New! Install at scheduled time after automatic downloads

    • Administrator control of configuration via registry-based policy

    • Support for Windows .NET Server, Windows XP and Windows 2000

  • Software Update Services

    • Corporate hosted server supports download and install of critical updates through Automatic Update client

    • Server synchronizes with the public Windows Update service

    • Simple administrative model via IE

    • Updates are not made available to clients until the administrator approves them

    • Runs on Windows .NET Server and Windows 2000 Server


Demo software update services
Demo: back from users that they were just sick of this. More than anything, it was the huge impact Code Red had on IIS users. It was horrendous…The problem is these patches are so frequent, Microsoft is adding to its resources to make sure you keep up with them. But my major issue is making the product better."Software Update Services


Trustworthy computing the big picture
Trustworthy Computing back from users that they were just sick of this. More than anything, it was the huge impact Code Red had on IIS users. It was horrendous…The problem is these patches are so frequent, Microsoft is adding to its resources to make sure you keep up with them. But my major issue is making the product better."The Big Picture

Goals

Means

Execution

AvailabilityFunctionality there when needed

SuitabilityFeatures fit function

PrivacyUser in control of their data

IntegrityAgainst data loss or alteration

ReputationSystem and provider brand

PolicyGuidelines, standards, norms

Dev PracticesMethods, philosophy

Ops PracticesGuidelines and benchmarks

Business PracticesBusiness model

SecurityResists unauthorized access

QualityUsability, reliability, performance

IntentManagement assertions

RisksWhat undermines intent, causes liability

ImplementationSteps to deliver intent

EvidenceAudit mechanisms


Bringing it all together

Lower Cost of Security back from users that they were just sick of this. More than anything, it was the huge impact Code Red had on IIS users. It was horrendous…The problem is these patches are so frequent, Microsoft is adding to its resources to make sure you keep up with them. But my major issue is making the product better."

Integrated infrastructure solution

Centralized management of network resources

Fewer identities and directories to manage

Interoperability with other platforms

ActiveDirectory

Non-AD

Directory

Active Directory

Bringing It All Together…

VPN

Gateway

Wireless LAN

Exchange

File Sharing

SQL Server

LAN

Web Applications

UNIX

Application

Reduced Security Risk

  • Prescriptive guidance

  • Internet protection via firewall and content filtering

  • Security tools and services

  • Security patch management infrastructure


Next steps
Next Steps back from users that they were just sick of this. More than anything, it was the huge impact Code Red had on IIS users. It was horrendous…The problem is these patches are so frequent, Microsoft is adding to its resources to make sure you keep up with them. But my major issue is making the product better."

  • Microsoft Quick Start Security (MSQS)

    • Short, fixed cost programs designed to help you get secure and stay secure

    • MSQS for Planning Secure Systems

    • MSQS for Operating Secure Systems

  • Build security into the development process

    • SMI – engineering for security

    • New processes and tools for development and testing

    • Mobilization of resources to make it happen

  • Deploy a secure infrastructure

    • Windows 2000 Servers and ISA today

    • Windows .NET build on Windows 2000 security infrastructure

    • Best path to federation

  • Utilize security training available from Microsoft

  • Certified Partner Program


Security resources
Security Resources back from users that they were just sick of this. More than anything, it was the huge impact Code Red had on IIS users. It was horrendous…The problem is these patches are so frequent, Microsoft is adding to its resources to make sure you keep up with them. But my major issue is making the product better."

To locate a partner who can help with Microsoft security solutions:

Microsoft Certified Providers Directoryhttp://mcspreferral.microsoft.com/

Microsoft Consulting Serviceswww.microsoft.com/BUSINESS/services/mcs.asp

For training and certification questions:

Microsoft Training and Certificationwww.microsoft.com/training

For technical information:

White Paper: Microsoft Security Response Center Security Bulletin Severity Rating Systemwww.microsoft.com/technet/security/

topics/rating.asp

CSI/FBI Computer Crimes and Security Survey 2002, Computer Security Institute: www.gocsi.com/

ISA Server information:

www.microsoft.com/isa

Hacking Exposed – Network Security Secrets & Solutions, 3rd Edition; Joel Scambray, Stuart McClure, George Kurtz

For information about Microsoft security strategies and solutions:

Primary resource: www.microsoft.com/security

White Papers:

Best Practices for Enterprise Security www.microsoft.com/technet/security/bpentsec.asp

It’s Time to End Information Anarchywww.microsoft.com/technet/columns/security/noarch.asp

The 10 Immutable Laws of Securitywww.microsoft.com/TechNet/security/10imlaws.asp


ad