S curit du syst me d information microsoft
This presentation is the property of its rightful owner.
Sponsored Links
1 / 50

Sécurité du système d'information Microsoft PowerPoint PPT Presentation


  • 69 Views
  • Uploaded on
  • Presentation posted in: General

Sécurité du système d'information Microsoft. GRAS Philippe Operation Manager - MSIT Microsoft France. Sommaire. Cette session présente une partie de la mise en œuvre de la sécurité au sein du système de Microsoft Corp. En particulier les cas du patch management et de la segmentation réseau.

Download Presentation

Sécurité du système d'information Microsoft

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


S curit du syst me d information microsoft

Sécurité du système d'information Microsoft

GRAS Philippe

Operation Manager - MSIT

Microsoft France


Sommaire

Sommaire

  • Cette session présente une partie de la mise en œuvre de la sécurité au sein du système de Microsoft Corp. En particulier les cas du patch management et de la segmentation réseau.


Agenda

Agenda

  • Contexte Microsoft

  • Stratégies de sécurité

  • Etudes de cas

    • Patch Management (Serveurs et poste clients)

    • Segmentation réseau via IPSec


Microsoft it data

Microsoft IT Data

101,000+ e-mail server accounts

300,000+ PCs and devices

Single Instance SAP (1.5Tb Db)

Dublin

Munich

Redmond

Tukwila

Reading

London

Silicon Valley

Tokyo

Charlotte

403 buildings

Singapore

89,000 end users

83 countries

Sao Paulo

Sydney

Johannesburg

3M+ e-mail messages per day internally

99.99% availability

9.5M+ remote connections/month


Microsoft security environment

Microsoft Security Environment

  • Environment

    • More than 300,000 network-joined devices

    • 30,000 business partners with connectivity needs

    • Frequent target of attack

      • 100,000+ intrusion attempts/probes/scans per month

      • 5M filtered emails/day (spam and anti-virus)

  • Challenges

    • Culture based on autonomy and agility

    • Large population of mobile clients

    • Unique business requirements to support software development

    • Running the business on N+1 platform as "first and best" customer


Consolidation

Consolidation

  • Infrastructure server consolidation

    • 51% reduction in Exchange servers

    • Reduced from 74 to 7 sites with Exchange servers

    • 30% reduction in global infrastructure servers

    • 2 print servers in Redmond (650 public print queues)

    • 32% reduction in domain controllers

    • Key enabler – Windows Server 2003, Exchange Server 2003, Office System 2003

  • Data center consolidation

    • Eliminated 5 data centers

    • Remote management – Windows Terminal Services

    • Event monitoring and dispatch – Microsoft Operations Manager 2005


Where we are today 2004

Regional IT Account Management

Windows &

Storage

Windows Server

AD Virtual Server

Client Mgmt

Windows Client

SMS

Windows CE

Office System

Comm &

Collab

SharePoint

Office System

LCS

Messaging

Exchange

Office System

Network

Windows

Networking

ISA Proxy

Ops Center (Monitoring, Tier 1 and Tier 2) MOM and MOF

Security and Infrastructure Architecture

Where We Are Today (2004)

  • IT Scorecard

  • Enforced standards and policies

  • Centralized IT operations

  • Account Managers are the “Face” of IT in regions

  • Service Catalog

  • Service Managers

  • Higher builder spend, lower sustainer spend

  • Client Satisfaction from 106 to 134


Security strategy

Security Strategy

Security Operating Principles

Corporate Security Mission and Vision

Risk-Based Decision Model

Tactical Prioritization


Mission

Mission and Vision

Mission

Operating Principles

Risk Based Decision Model

Tactical Prioritization

Prevent malicious or unauthorized use that results in the loss of Microsoft intellectual property or productivity by systematically assessing, communicating, and mitigating risks to digital assets

Assess Risk

Define Policy

Audit

Monitor


Vision

Mission and Vision

Vision

Operating Principles

Risk Based Decision Model

  • Five Trustworthy Assurances

    • My identity is not compromised

    • Resources are secure and available

    • Data and communications are private

    • Roles and accountability are clearly defined

    • There is a timely response to risks and threats

Tactical Prioritization

An IT environment comprised of services, applications, and infrastructure that implicitly provides availability, privacy, and security to any client


Operating principles

Mission and Vision

Operating Principles

Operating Principles

Risk Based Decision Model

  • Management commitment

    • Manage risk according to business objectives

    • Define organizational roles and responsibilities

  • Users and data

    • Manage to practice of least privilege

    • Strictly enforce privacy and privacy rules

  • Application and system development

    • Build security into development life cycle

    • Create layered defense and reduce attack surface

  • Operations and maintenance

    • Integrate security into operations framework

    • Align monitor, audit, and response functions to operational functions

Tactical Prioritization


Enterprise risk model

Mission and Vision

Enterprise Risk Model

Operating Principles

Risk Based Decision Model

Tactical Prioritization

High

Unacceptable Risk

Risk assessment drives

to acceptable risk

Impact to Business

(Defined by Business Owner)

Acceptable Risk

Low

Low

Probability of Exploit

(Defined by Corporate Security)

High


Risk analysis by asset class

Mission and Vision

Risk Analysis by Asset Class

Operating Principles

Risk Based Decision Model

Tactical Prioritization

Exploit of misconfiguration, buffer overflows, open shares, NetBIOS attacks

Host

Application

Unauthenticated access to applications,

unchecked memory allocations

Assets

Network

Data sniffing on the wire, network fingerprinting

Account

Compromise of integrity or privacy of accounts

Trust

Unmanaged trusts enable movement among environments


Components of risk assessment

Mission and Vision

Operating Principles

Components of Risk Assessment

Risk Based Decision Model

Tactical Prioritization

Asset

Threat

Vulnerability

Mitigation

What are you trying toassess?

What are you afraid of happening?

How could the threat occur?

What is currently reducing the risk?

Impact

Probability

What is the impact to the business?

How likely is the threat giventhe controls?

+

=

Current Level of Risk

What is the probability that the threat will overcome controls to successfully exploit the vulnerability and affect the asset?


Risk management process and roles

4

3

5

2

Mission and Vision

Operating Principles

Risk Management Process and Roles

Risk Based Decision Model

Tactical Prioritization

Corporate Security

Security Policy

Compliance

PrioritizeRisks

1

Cross-IT Teams

SecuritySolutions &Initiatives

Sustained Operations

Tactical

Prioritization


Tactical prioritization by environment

Mission and Vision

Operating Principles

Tactical Prioritizationby Environment

Risk Based Decision Model

Tactical Prioritization

Data Center

Policies and mitigation tactics appropriate for each environment

Client

Prioritized

Risks

Unmanaged Client

Remote Access

Mobile


Representative risks and tactics

Representative Risks and Tactics

Tactical Solutions

Enterprise Risks

Secure Environmental Remediation

Unpatched Devices

Network Segmentation Through IPSec

Unmanaged Devices

Embody

Trustworthy

Computing

Remote and Mobile Users

Secure Remote User

Two-Factor for Remote Access and Administrators

Single-Factor Authentication

Focus Controls Across Key Assets

Managed Source Initiatives


Security strategy1

Mitigate risk to the infrastructure through implementation of four key strategies

Security Strategy

1. Securethe Network Perimeter

3. SecureKey Assets

4. Enhance Monitoring and Auditing

2. Securethe NetworkInterior

Secure Wireless

Smart Cards for RAS

Network Access Protection

Patch Management

IPsec Segmentation

Smart Cards for Admin Access

IPSec for key assets

Strong enforcement


Etudes de cas

Etudes de cas

Le patch management partie intégrante de la sécurité


Microsoft manageability services group

Microsoft Manageability Services Group

  • Ensures continuous operation of global IT infrastructure

  • Provides manageability services to four data centers worldwide

    • Additional 49 remote server locations

  • Manages 10,000 servers and 220,000 client systems worldwide

  • Uses and continuously improves the Microsoft Operations Framework


Microsoft operations framework

Microsoft Operations Framework

  • Structured approach to achieving operational excellence

  • Collection of best practices, principles, and models

  • Guidance on achieving high availability, reliability, and security

  • 21 service management functions

MOF

  • Today’s focus

    • Server life cycle

    • Client life cycle

    • Enterprise Configuration Management

    • Service Monitoring and Control


Server lifecycle model deploy baseline inventory update

3. Inventory

2. Baseline

4. Update

1. Deploy

Automated Deployment Services builds the server and joins it to the domain

SMS delivers post-build updates and provisions the server

SMS inven- tories and reports security compliance and configuration

SMS deploys security updates and other software updates

Server Lifecycle

Server Lifecycle ModelDeploy > Baseline > Inventory > Update


Server update architecture

Server Lifecycle

Server Update Architecture

  • Dedicated management infrastructure

  • Centralized management

  • Automated, fast, efficient updates

  • Ability to meet customer SLAs

  • Primary tool for enforcing security update compliance

SMS Infrastructure for Servers

1 central site server

14 primary site servers


Server platform updates

Server Lifecycle

Server Platform Updates

  • Key benefits:

  • Fully MOF-compliant implementation

  • Consistent baseline reduces patching complexity and cost

  • Time built in for Business Unit IT tests

  • Well-known delivery dates

  • Latest platforms always available for early adopters

Beta (N+1) Platform

Changing

Optimizing

6 months

N–1 model allows

for extended testing

during Beta and N phases

6 months

Current (N) Platform

Supporting

Operating

Previous (N–1) Platform


Server patch management process

Ongoing

Assess

Ongoing

Assess

1 Hour

Identify/Evaluate

½ Day

Identify/Evaluate

2 Hours

Deploy-Grace

7 Days

Deploy-Grace

14 Days

Deploy-Force

21 Hours

Deploy-Force

Server Lifecycle

Server Patch Management Process

1. Assess environment to be patched

2. Identify new updates

Identify

Assess

Patch Management

4. Deploy the update

3. Evaluate and plan update deployment

Evaluate and Plan

Deploy

Standard update cycle (21 days)

Emergency update cycle (24 hours)


Client environment

Client Lifecycle

Client Environment

Users are administrators on their own computers

Compliance through SMS

Diverse mix of approved software versions

Multiple desktop computers per user

Computers are frequently rebuilt

IPsec runs in required mode to create "Secure Net"


Degrees of client management

All Devices

300,000

Secure Net

Devices

220,000

Devices managed through SMS

180,000

Labs

Workgroups

Remote access clients/dial-up

10,000 servers

Client Lifecycle

Degrees of Client Management

IPsec boundary

IPsec creates Secure Net environment

Unique management challenges


Client update infrastructure

Separate client and data center (server) infrastructures

SLA’s for Security updates on servers more restrictive

Server platform is uniform; clients are allowed more flexibility

20–30 critical updates and 70 software packages a year

Client Lifecycle

Client Update Infrastructure

SMS Infrastructure for clients

1 central site server

5 primary site servers

  • 139 secondary site servers

  • Consolidated services


Client patch management process

Identify

Assess

Patch Management

Evaluate and Plan

Deploy

Client Lifecycle

Client Patch Management Process

1. Assess environment to be patched

2. Identify new updates

4. Deploy the update

3. Evaluate and plan update deployment


S curit du syst me d information microsoft

Client Lifecycle

Multi-Phased Approach

HighClient Impact

LowClient Impact

70%

Windows Update; E-Mail and intranet Notification(Optional)

SMS Software Distribution - Patch Management (Voluntary for a period, then forced)

Method

Internal Scanning and Scripts (Forced)

Port Shutdowns


Etudes de cas1

Etudes de cas

Segmentation réseau avec IPSec


Solution overview

Solution Overview

Situation

  • Managed computers had to be isolated from unmanaged computers to improve security

    Solution

  • Deployment of IPsec

    Benefits

  • Allows creation of logical secure network segments

  • Works independently of other infrastructure for end-to-end security

  • Can be deployed and managed centrally


Products and technologies

Products and Technologies

  • IPsec protocols (ESP, IKE)

  • Windows Server 2003

  • Windows XP Professional SP1

  • Windows 2000 SP3

  • Group Policy

  • Active Directory

  • PKI and CA


Levels of trusted assets

DNS

U1

U2

U2

X

X

B

DHCP

DC

WINS

Levels of Trusted Assets

Microsoft Corporate Network

SecureNet

Labs (75,000)

PocketPC/Xbox (18,000)

MAC (2,000)

Clients, Servers, Home LAN, Trustworthy Labs (203,000)

Untrustworthy

Boundary Machines (5,000)

Infrastructure (500)

ACL Controlled

Internal Exclusions

Internet ServersBusiness Partners

DTaps

(no connectivity to CorpNet)

Extranet

(1,800)

External Exclusions


Situation ipsec sur le r seau

All Devices

300,000

Secure Net

Devices

220,000

Devices managed through SMS

180,000

Labs

Workgroups

Remote access clients/dial-up

10,000 servers

Client Lifecycle

Situation IPSec sur le réseau

IPsec boundary

IPsec creates Secure Net environment

Unique management challenges


Business benefits

Business Benefits

  • Decreased network risks

  • Improved asset management information

  • Protection of intellectual property

  • Increased policy compliance

  • Improved malware detection


Domain isolation at microsoft

Domain Isolation at Microsoft

  • IPsec allows creation of logical, secure networks within a larger network

  • Group policy provides a framework for easily deploying IPsec to hosts

  • Active Directory infrastructure and Group Policy enable deployment and administration of IPsec enterprise wide


Domain isolation at microsoft1

Domain Isolation at Microsoft

  • Microsoft IT considered two segmentation technologies:

    • IPsec provides end-to-end authentication and encryption between hosts on a network

    • 802.1x provides only authentication

  • Microsoft IT chose IPsec because it is a complete solution


Domain isolation at microsoft2

Domain Isolation at Microsoft

  • Active and challenging security environment at Microsoft

  • Unique aspects of Microsoft environment include:

    • Multiple computers per user

    • Diverse desktop implementations

    • Frequently rebuilt computers

    • Diverse mix of approved software versions


Deployment

Deployment

IPsec policies are applied to a GPO, contain a set of rules, and specify how to perform IKE.

IPsec Policy

Key Exchange Methods (IKE)

Authentication Methods (Kerberos, Certificates, Static Keys)

Each rule associates a Filter List with an Action, and specifies authentication methods.

Rules

Security Methods (Encryption, Hashing, Key Lifetimes)

A Filter List specifies a set of individual filters, and is used to group filters together in a rule.

Filter List

Action

An Action designates what to do with traffic that matches a filter: Permit, Block, or Negotiate Security.

Filters

A Filter describes a pattern of traffic to match, by IP address, subnet, port, and protocol for both ends of a connection.


Deployment1

Deployment

  • Managing boundary computers

    • Extra management and security

    • Creation of security groups

  • Deploying boundary computers

    • Request process

    • Case-by-case basis for granting insecure network traffic


Known issues and problem applications

Known Issues and Problem Applications

  • LAN performance

    • Added bandwidth consumption

  • CPU performance

    • Negligible overhead on most clients

  • IPsec and Windows VPN servers

    • Special IPsec policies for deployments that use Kerberos

  • RFC 1918 private IP ranges

    • Connecting to the corporate network through a VPN requires use of specific private IP ranges

    • Two private subnets are excluded from the list of secure subnets

  • Network device issues

    • IPsec changes TCP/IP offsets for destination ports and protocols

    • IPsec generally defeats network-based prioritization and port or protocol-based traffic management

  • IPsec adds to use of system resources


Known issues and problem applications1

Known Issues and Problem Applications

  • Filter processing issues

    • IPsec driver caches filters that match a particular connection

  • IPsec and NLB clusters

    • Clients connected an offline server must renegotiate the connection

    • If a node in the cluster fails, IPsec connections cannot rebuild the security association until the preset time-out period

  • NAT-T

    • NAT-T addresses problems between NAT and IPsec

  • Troubleshooting issues

    • IPSec depends on correct configuration of supporting technologies

    • Microsoft IT enables auditing using domain-based group policies

    • Diagnostics may require Oakley logging


Best practices

Best Practices

  • Group Policy design

    • Set up group policies for all behavior types to support IPsec testing

    • Filter the “Apply Group Policy” ACE for each policy to only the limited security user groups

    • Use a naming convention that covers the policy and group function for easier management and troubleshooting

  • IPsec design

    • Minimize the overall number of filters

    • Use “Any” instead of “Me” as the base approach to filter design

    • Create “Any <-> Corporate subnet” rules instead of “Me <-> Any” for secure subnets

    • Manage permitted subnets

    • Use “Any” rules for virtual IP addresses used by clusters


Best practices1

Best Practices

  • IPsec design

    • Permit unsecured traffic to infrastructure servers

    • Use Kerberos as the default authentication mechanism

    • Set NoDefaultExempt = 1 via group policy ADM template

    • Permit the ICMP protocol

  • IPsec design

    • Minimize securing by port or protocol

    • Avoid “Any <-> Any” filters

    • Don’t use IPsec Default Response rule with custom policy

  • Deployment options

    • Deploy by subnet

    • Deploy by security group

    • Deploy by domain


Best practices2

Best Practices

  • Recommended deployment steps

    • Pilot Request Mode IPsec

    • Deploy Request Mode IPsec

    • Pilot Secure Request IPsec policy

    • Deploy Secure Request IPsec policy

  • Non-domain joined clients

    • Use Kerberos exclusively for an IPSec deployment

    • Carefully evaluate the need to create exceptions to global IPsec policies

  • IPsec and NLB

    • Consider exempting business-critical services that require high availability


Conclusion

Conclusion

  • Phase 1: deployment if IPsec to >160,000 computers

  • Phase 2: deployment of Secure Request mode across the enterprise (220,000 computers)

  • Minimal impact on Helpdesk

  • Less exposure to worms and attackers

  • Project is now in review/maintenance


It showcase how microsoft does it customer ready resources from microsoft it

IT Showcase:How Microsoft Does ITCustomer-ready resources from Microsoft IT

  • External access

    • IT Showcase on TechNethttp://www.microsoft.com/technet/itshowcase/

    • IT Showcase on Microsoft Serviceshttp://www.microsoft.com/itshowcase/

    • IT Showcase on CD http://itshowcase/ordercd

      • IT Showcase CD—2005 1st Edition(Just launched!)

      • Order for customer events and meetings!


Pour plus d informations

Pour plus d’informations

  • MSDN Web Services Developer Center

    • http://msdn.microsoft.com/webservices

  • « Web Services Enhancements (WSE) »

    • http://msdn.microsoft.com/webservices/building/wse/default.aspx

  • « WS-Security Drilldown in WSE 2.0 »

    • http://msdn.microsoft.com/library/en-us/dnwse/html/wssecdrill.asp

  • « Securing the Username Token with Web Services Enhancements 2.0 »

    • http://msdn.microsoft.com/library/en-us/dnwse/html/securusernametoken.asp

  • « Managing Security Context Tokens in a Web Farm»

    • http://msdn.microsoft.com/library/en-us/dnwebsrv/html/sctinfarm.asp

  • « Using Role-Based Security with Web Services Enhancements 2.0 »

    • http://msdn.microsoft.com/library/en-us/dnwse/html/wserolebasedsec.asp

  • « Web Service Enhancements 2.0 Support for WS-Policy »

    • http://msdn.microsoft.com/library/en-us/dnwse/html/wse2wspolicy.asp

  • Newsgroups

    • microsoft.public.framework.webservices

    • microsoft.public.framework.webservices.enhancements


S curit du syst me d information microsoft

Microsoft France

18, avenue du Québec

91 957 Courtaboeuf Cedex

www.microsoft.com/france

0 825 827 829

[email protected]


  • Login