S curit du syst me d information microsoft
This presentation is the property of its rightful owner.
Sponsored Links
1 / 50

Sécurité du système d'information Microsoft PowerPoint PPT Presentation

  • Uploaded on
  • Presentation posted in: General

Sécurité du système d'information Microsoft. GRAS Philippe Operation Manager - MSIT Microsoft France. Sommaire. Cette session présente une partie de la mise en œuvre de la sécurité au sein du système de Microsoft Corp. En particulier les cas du patch management et de la segmentation réseau.

Download Presentation

Sécurité du système d'information Microsoft

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

S curit du syst me d information microsoft

Sécurité du système d'information Microsoft

GRAS Philippe

Operation Manager - MSIT

Microsoft France



  • Cette session présente une partie de la mise en œuvre de la sécurité au sein du système de Microsoft Corp. En particulier les cas du patch management et de la segmentation réseau.



  • Contexte Microsoft

  • Stratégies de sécurité

  • Etudes de cas

    • Patch Management (Serveurs et poste clients)

    • Segmentation réseau via IPSec

Microsoft it data

Microsoft IT Data

101,000+ e-mail server accounts

300,000+ PCs and devices

Single Instance SAP (1.5Tb Db)







Silicon Valley



403 buildings


89,000 end users

83 countries

Sao Paulo



3M+ e-mail messages per day internally

99.99% availability

9.5M+ remote connections/month

Microsoft security environment

Microsoft Security Environment

  • Environment

    • More than 300,000 network-joined devices

    • 30,000 business partners with connectivity needs

    • Frequent target of attack

      • 100,000+ intrusion attempts/probes/scans per month

      • 5M filtered emails/day (spam and anti-virus)

  • Challenges

    • Culture based on autonomy and agility

    • Large population of mobile clients

    • Unique business requirements to support software development

    • Running the business on N+1 platform as "first and best" customer



  • Infrastructure server consolidation

    • 51% reduction in Exchange servers

    • Reduced from 74 to 7 sites with Exchange servers

    • 30% reduction in global infrastructure servers

    • 2 print servers in Redmond (650 public print queues)

    • 32% reduction in domain controllers

    • Key enabler – Windows Server 2003, Exchange Server 2003, Office System 2003

  • Data center consolidation

    • Eliminated 5 data centers

    • Remote management – Windows Terminal Services

    • Event monitoring and dispatch – Microsoft Operations Manager 2005

Where we are today 2004

Regional IT Account Management

Windows &


Windows Server

AD Virtual Server

Client Mgmt

Windows Client


Windows CE

Office System

Comm &



Office System




Office System




ISA Proxy

Ops Center (Monitoring, Tier 1 and Tier 2) MOM and MOF

Security and Infrastructure Architecture

Where We Are Today (2004)

  • IT Scorecard

  • Enforced standards and policies

  • Centralized IT operations

  • Account Managers are the “Face” of IT in regions

  • Service Catalog

  • Service Managers

  • Higher builder spend, lower sustainer spend

  • Client Satisfaction from 106 to 134

Security strategy

Security Strategy

Security Operating Principles

Corporate Security Mission and Vision

Risk-Based Decision Model

Tactical Prioritization


Mission and Vision


Operating Principles

Risk Based Decision Model

Tactical Prioritization

Prevent malicious or unauthorized use that results in the loss of Microsoft intellectual property or productivity by systematically assessing, communicating, and mitigating risks to digital assets

Assess Risk

Define Policy




Mission and Vision


Operating Principles

Risk Based Decision Model

  • Five Trustworthy Assurances

    • My identity is not compromised

    • Resources are secure and available

    • Data and communications are private

    • Roles and accountability are clearly defined

    • There is a timely response to risks and threats

Tactical Prioritization

An IT environment comprised of services, applications, and infrastructure that implicitly provides availability, privacy, and security to any client

Operating principles

Mission and Vision

Operating Principles

Operating Principles

Risk Based Decision Model

  • Management commitment

    • Manage risk according to business objectives

    • Define organizational roles and responsibilities

  • Users and data

    • Manage to practice of least privilege

    • Strictly enforce privacy and privacy rules

  • Application and system development

    • Build security into development life cycle

    • Create layered defense and reduce attack surface

  • Operations and maintenance

    • Integrate security into operations framework

    • Align monitor, audit, and response functions to operational functions

Tactical Prioritization

Enterprise risk model

Mission and Vision

Enterprise Risk Model

Operating Principles

Risk Based Decision Model

Tactical Prioritization


Unacceptable Risk

Risk assessment drives

to acceptable risk

Impact to Business

(Defined by Business Owner)

Acceptable Risk



Probability of Exploit

(Defined by Corporate Security)


Risk analysis by asset class

Mission and Vision

Risk Analysis by Asset Class

Operating Principles

Risk Based Decision Model

Tactical Prioritization

Exploit of misconfiguration, buffer overflows, open shares, NetBIOS attacks



Unauthenticated access to applications,

unchecked memory allocations



Data sniffing on the wire, network fingerprinting


Compromise of integrity or privacy of accounts


Unmanaged trusts enable movement among environments

Components of risk assessment

Mission and Vision

Operating Principles

Components of Risk Assessment

Risk Based Decision Model

Tactical Prioritization





What are you trying toassess?

What are you afraid of happening?

How could the threat occur?

What is currently reducing the risk?



What is the impact to the business?

How likely is the threat giventhe controls?



Current Level of Risk

What is the probability that the threat will overcome controls to successfully exploit the vulnerability and affect the asset?

Risk management process and roles





Mission and Vision

Operating Principles

Risk Management Process and Roles

Risk Based Decision Model

Tactical Prioritization

Corporate Security

Security Policy




Cross-IT Teams

SecuritySolutions &Initiatives

Sustained Operations



Tactical prioritization by environment

Mission and Vision

Operating Principles

Tactical Prioritizationby Environment

Risk Based Decision Model

Tactical Prioritization

Data Center

Policies and mitigation tactics appropriate for each environment




Unmanaged Client

Remote Access


Representative risks and tactics

Representative Risks and Tactics

Tactical Solutions

Enterprise Risks

Secure Environmental Remediation

Unpatched Devices

Network Segmentation Through IPSec

Unmanaged Devices




Remote and Mobile Users

Secure Remote User

Two-Factor for Remote Access and Administrators

Single-Factor Authentication

Focus Controls Across Key Assets

Managed Source Initiatives

Security strategy1

Mitigate risk to the infrastructure through implementation of four key strategies

Security Strategy

1. Securethe Network Perimeter

3. SecureKey Assets

4. Enhance Monitoring and Auditing

2. Securethe NetworkInterior

Secure Wireless

Smart Cards for RAS

Network Access Protection

Patch Management

IPsec Segmentation

Smart Cards for Admin Access

IPSec for key assets

Strong enforcement

Etudes de cas

Etudes de cas

Le patch management partie intégrante de la sécurité

Microsoft manageability services group

Microsoft Manageability Services Group

  • Ensures continuous operation of global IT infrastructure

  • Provides manageability services to four data centers worldwide

    • Additional 49 remote server locations

  • Manages 10,000 servers and 220,000 client systems worldwide

  • Uses and continuously improves the Microsoft Operations Framework

Microsoft operations framework

Microsoft Operations Framework

  • Structured approach to achieving operational excellence

  • Collection of best practices, principles, and models

  • Guidance on achieving high availability, reliability, and security

  • 21 service management functions


  • Today’s focus

    • Server life cycle

    • Client life cycle

    • Enterprise Configuration Management

    • Service Monitoring and Control

Server lifecycle model deploy baseline inventory update

3. Inventory

2. Baseline

4. Update

1. Deploy

Automated Deployment Services builds the server and joins it to the domain

SMS delivers post-build updates and provisions the server

SMS inven- tories and reports security compliance and configuration

SMS deploys security updates and other software updates

Server Lifecycle

Server Lifecycle ModelDeploy > Baseline > Inventory > Update

Server update architecture

Server Lifecycle

Server Update Architecture

  • Dedicated management infrastructure

  • Centralized management

  • Automated, fast, efficient updates

  • Ability to meet customer SLAs

  • Primary tool for enforcing security update compliance

SMS Infrastructure for Servers

1 central site server

14 primary site servers

Server platform updates

Server Lifecycle

Server Platform Updates

  • Key benefits:

  • Fully MOF-compliant implementation

  • Consistent baseline reduces patching complexity and cost

  • Time built in for Business Unit IT tests

  • Well-known delivery dates

  • Latest platforms always available for early adopters

Beta (N+1) Platform



6 months

N–1 model allows

for extended testing

during Beta and N phases

6 months

Current (N) Platform



Previous (N–1) Platform

Server patch management process





1 Hour


½ Day


2 Hours


7 Days


14 Days


21 Hours


Server Lifecycle

Server Patch Management Process

1. Assess environment to be patched

2. Identify new updates



Patch Management

4. Deploy the update

3. Evaluate and plan update deployment

Evaluate and Plan


Standard update cycle (21 days)

Emergency update cycle (24 hours)

Client environment

Client Lifecycle

Client Environment

Users are administrators on their own computers

Compliance through SMS

Diverse mix of approved software versions

Multiple desktop computers per user

Computers are frequently rebuilt

IPsec runs in required mode to create "Secure Net"

Degrees of client management

All Devices


Secure Net



Devices managed through SMS




Remote access clients/dial-up

10,000 servers

Client Lifecycle

Degrees of Client Management

IPsec boundary

IPsec creates Secure Net environment

Unique management challenges

Client update infrastructure

Separate client and data center (server) infrastructures

SLA’s for Security updates on servers more restrictive

Server platform is uniform; clients are allowed more flexibility

20–30 critical updates and 70 software packages a year

Client Lifecycle

Client Update Infrastructure

SMS Infrastructure for clients

1 central site server

5 primary site servers

  • 139 secondary site servers

  • Consolidated services

Client patch management process



Patch Management

Evaluate and Plan


Client Lifecycle

Client Patch Management Process

1. Assess environment to be patched

2. Identify new updates

4. Deploy the update

3. Evaluate and plan update deployment

S curit du syst me d information microsoft

Client Lifecycle

Multi-Phased Approach

HighClient Impact

LowClient Impact


Windows Update; E-Mail and intranet Notification(Optional)

SMS Software Distribution - Patch Management (Voluntary for a period, then forced)


Internal Scanning and Scripts (Forced)

Port Shutdowns

Etudes de cas1

Etudes de cas

Segmentation réseau avec IPSec

Solution overview

Solution Overview


  • Managed computers had to be isolated from unmanaged computers to improve security


  • Deployment of IPsec


  • Allows creation of logical secure network segments

  • Works independently of other infrastructure for end-to-end security

  • Can be deployed and managed centrally

Products and technologies

Products and Technologies

  • IPsec protocols (ESP, IKE)

  • Windows Server 2003

  • Windows XP Professional SP1

  • Windows 2000 SP3

  • Group Policy

  • Active Directory

  • PKI and CA

Levels of trusted assets











Levels of Trusted Assets

Microsoft Corporate Network


Labs (75,000)

PocketPC/Xbox (18,000)

MAC (2,000)

Clients, Servers, Home LAN, Trustworthy Labs (203,000)


Boundary Machines (5,000)

Infrastructure (500)

ACL Controlled

Internal Exclusions

Internet ServersBusiness Partners


(no connectivity to CorpNet)



External Exclusions

Situation ipsec sur le r seau

All Devices


Secure Net



Devices managed through SMS




Remote access clients/dial-up

10,000 servers

Client Lifecycle

Situation IPSec sur le réseau

IPsec boundary

IPsec creates Secure Net environment

Unique management challenges

Business benefits

Business Benefits

  • Decreased network risks

  • Improved asset management information

  • Protection of intellectual property

  • Increased policy compliance

  • Improved malware detection

Domain isolation at microsoft

Domain Isolation at Microsoft

  • IPsec allows creation of logical, secure networks within a larger network

  • Group policy provides a framework for easily deploying IPsec to hosts

  • Active Directory infrastructure and Group Policy enable deployment and administration of IPsec enterprise wide

Domain isolation at microsoft1

Domain Isolation at Microsoft

  • Microsoft IT considered two segmentation technologies:

    • IPsec provides end-to-end authentication and encryption between hosts on a network

    • 802.1x provides only authentication

  • Microsoft IT chose IPsec because it is a complete solution

Domain isolation at microsoft2

Domain Isolation at Microsoft

  • Active and challenging security environment at Microsoft

  • Unique aspects of Microsoft environment include:

    • Multiple computers per user

    • Diverse desktop implementations

    • Frequently rebuilt computers

    • Diverse mix of approved software versions



IPsec policies are applied to a GPO, contain a set of rules, and specify how to perform IKE.

IPsec Policy

Key Exchange Methods (IKE)

Authentication Methods (Kerberos, Certificates, Static Keys)

Each rule associates a Filter List with an Action, and specifies authentication methods.


Security Methods (Encryption, Hashing, Key Lifetimes)

A Filter List specifies a set of individual filters, and is used to group filters together in a rule.

Filter List


An Action designates what to do with traffic that matches a filter: Permit, Block, or Negotiate Security.


A Filter describes a pattern of traffic to match, by IP address, subnet, port, and protocol for both ends of a connection.



  • Managing boundary computers

    • Extra management and security

    • Creation of security groups

  • Deploying boundary computers

    • Request process

    • Case-by-case basis for granting insecure network traffic

Known issues and problem applications

Known Issues and Problem Applications

  • LAN performance

    • Added bandwidth consumption

  • CPU performance

    • Negligible overhead on most clients

  • IPsec and Windows VPN servers

    • Special IPsec policies for deployments that use Kerberos

  • RFC 1918 private IP ranges

    • Connecting to the corporate network through a VPN requires use of specific private IP ranges

    • Two private subnets are excluded from the list of secure subnets

  • Network device issues

    • IPsec changes TCP/IP offsets for destination ports and protocols

    • IPsec generally defeats network-based prioritization and port or protocol-based traffic management

  • IPsec adds to use of system resources

Known issues and problem applications1

Known Issues and Problem Applications

  • Filter processing issues

    • IPsec driver caches filters that match a particular connection

  • IPsec and NLB clusters

    • Clients connected an offline server must renegotiate the connection

    • If a node in the cluster fails, IPsec connections cannot rebuild the security association until the preset time-out period

  • NAT-T

    • NAT-T addresses problems between NAT and IPsec

  • Troubleshooting issues

    • IPSec depends on correct configuration of supporting technologies

    • Microsoft IT enables auditing using domain-based group policies

    • Diagnostics may require Oakley logging

Best practices

Best Practices

  • Group Policy design

    • Set up group policies for all behavior types to support IPsec testing

    • Filter the “Apply Group Policy” ACE for each policy to only the limited security user groups

    • Use a naming convention that covers the policy and group function for easier management and troubleshooting

  • IPsec design

    • Minimize the overall number of filters

    • Use “Any” instead of “Me” as the base approach to filter design

    • Create “Any <-> Corporate subnet” rules instead of “Me <-> Any” for secure subnets

    • Manage permitted subnets

    • Use “Any” rules for virtual IP addresses used by clusters

Best practices1

Best Practices

  • IPsec design

    • Permit unsecured traffic to infrastructure servers

    • Use Kerberos as the default authentication mechanism

    • Set NoDefaultExempt = 1 via group policy ADM template

    • Permit the ICMP protocol

  • IPsec design

    • Minimize securing by port or protocol

    • Avoid “Any <-> Any” filters

    • Don’t use IPsec Default Response rule with custom policy

  • Deployment options

    • Deploy by subnet

    • Deploy by security group

    • Deploy by domain

Best practices2

Best Practices

  • Recommended deployment steps

    • Pilot Request Mode IPsec

    • Deploy Request Mode IPsec

    • Pilot Secure Request IPsec policy

    • Deploy Secure Request IPsec policy

  • Non-domain joined clients

    • Use Kerberos exclusively for an IPSec deployment

    • Carefully evaluate the need to create exceptions to global IPsec policies

  • IPsec and NLB

    • Consider exempting business-critical services that require high availability



  • Phase 1: deployment if IPsec to >160,000 computers

  • Phase 2: deployment of Secure Request mode across the enterprise (220,000 computers)

  • Minimal impact on Helpdesk

  • Less exposure to worms and attackers

  • Project is now in review/maintenance

It showcase how microsoft does it customer ready resources from microsoft it

IT Showcase:How Microsoft Does ITCustomer-ready resources from Microsoft IT

  • External access

    • IT Showcase on TechNethttp://www.microsoft.com/technet/itshowcase/

    • IT Showcase on Microsoft Serviceshttp://www.microsoft.com/itshowcase/

    • IT Showcase on CD http://itshowcase/ordercd

      • IT Showcase CD—2005 1st Edition(Just launched!)

      • Order for customer events and meetings!

Pour plus d informations

Pour plus d’informations

  • MSDN Web Services Developer Center

    • http://msdn.microsoft.com/webservices

  • « Web Services Enhancements (WSE) »

    • http://msdn.microsoft.com/webservices/building/wse/default.aspx

  • « WS-Security Drilldown in WSE 2.0 »

    • http://msdn.microsoft.com/library/en-us/dnwse/html/wssecdrill.asp

  • « Securing the Username Token with Web Services Enhancements 2.0 »

    • http://msdn.microsoft.com/library/en-us/dnwse/html/securusernametoken.asp

  • « Managing Security Context Tokens in a Web Farm»

    • http://msdn.microsoft.com/library/en-us/dnwebsrv/html/sctinfarm.asp

  • « Using Role-Based Security with Web Services Enhancements 2.0 »

    • http://msdn.microsoft.com/library/en-us/dnwse/html/wserolebasedsec.asp

  • « Web Service Enhancements 2.0 Support for WS-Policy »

    • http://msdn.microsoft.com/library/en-us/dnwse/html/wse2wspolicy.asp

  • Newsgroups

    • microsoft.public.framework.webservices

    • microsoft.public.framework.webservices.enhancements

S curit du syst me d information microsoft

Microsoft France

18, avenue du Québec

91 957 Courtaboeuf Cedex


0 825 827 829

[email protected]

  • Login