essentials of security
Download
Skip this Video
Download Presentation
Essentials of Security

Loading in 2 Seconds...

play fullscreen
1 / 52

Essentials of Security - PowerPoint PPT Presentation


  • 125 Views
  • Uploaded on

Essentials of Security. Steve Lamb Technical Security Advisor http://blogs.msdn.com/steve\_lamb [email protected] Session Prerequisites. Hands-on experience installing, configuring, administering, and planning the deployment of Windows 2000 Server or Windows Server 2003

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Essentials of Security' - elon


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
essentials of security

Essentials of Security

Steve Lamb

Technical Security Advisor

http://blogs.msdn.com/steve_lamb

[email protected]

session prerequisites
Session Prerequisites
  • Hands-on experience installing, configuring, administering, and planning the deployment of Windows 2000 Server or Windows Server 2003
  • Knowledge of Active Directory and Group Policy concepts

Level 200

business case
Business Case
  • Business Case
  • Security Risk Management Discipline
  • Defense in Depth
  • Security Incident Response
  • Best Practices
  • 10 Immutable Laws of Security
impact of security breaches
Loss of Revenue

Damage to Reputation

Damage to Investor Confidence

Loss or Compromise of Data

Damage to Customer Confidence

Interruption of Business Processes

Legal Consequences

Impact of Security Breaches
slide5
The cost of implementing security measures is not trivial; however, it is a fraction of the cost of mitigating security compromises
benefits of investing in security
Benefits of Investing in Security

Reduced downtime and costs associated with non-availability of systems and applications

Reduced labor costs associated with inefficient security update deployment

Reduced data loss due to viruses or information security breaches

Increased protection of intellectual property

security risk management discipline
Security Risk Management Discipline
  • Business Case
  • Security Risk Management Discipline
  • Defense in Depth
  • Security Incident Response
  • Best Practices
  • 10 Immutable Laws of Security
security risk management discipline srmd processes
Security Risk Management Discipline (SRMD) Processes
  • Assessment
    • Assess and valuate assets
    • Identify security risks and threats
    • Analyze and prioritize security risks
    • Security risk tracking, planning, and scheduling
  • Development and Implementation
    • Develop security remediation
    • Test security remediation
    • Capture security knowledge
  • Operation
    • Reassess assets and security risks
    • Stabilize and deploy new or changed countermeasures
assessment assess and valuate assets
Assessment: Assess and Valuate Assets

Asset Priorities (Scale of 1 to 10) – Example

*

* For example purposes only – not prescriptive guidance

assessment analyze and prioritize security risks dread
Assessment: Analyze and Prioritize Security Risks – DREAD

Example Worksheet

  • DREAD
    • Damage
    • Reproducibility
    • Exploitability
    • Affected Users
    • Discoverability
  • Risk Exposure = Asset Priority x Threat Rank
assessment security risk tracking planning and scheduling
Assessment: Security Risk Tracking, Planning, and Scheduling

Detailed Security Action Plans

Example Worksheets

development and implementation
Configuration management

Detailed Security Action Plans

Patch management

System monitoring

System auditing

Operational policies

Operational procedures

Development and Implementation

Security Remediation Strategy

Testing Lab

Production

Environment

Knowledge Documented for Future Use

operation reassess assets and security risks
Operation: Reassess Assets and Security Risks
  • Reassess risks when there is a significant change in assets, operation, or structure
  • Assess risks continually

Production Environment

Documented Knowledge

Internet Services

New Web Site

Testing Lab

operation stabilize and deploy new or changed countermeasures
Production

Environment

Operation: Stabilize and Deploy New or Changed Countermeasures

System

Administration

Team

New or

Changed

Countermeasures

Security

Administration

Team

Network

Administration

Team

defense in depth
Defense in Depth
  • Business Case
  • Security Risk Management Discipline
  • Defense in Depth
  • Security Incident Response
  • Best Practices
  • 10 Immutable Laws of Security
the defense in depth model
The Defense-in-Depth Model

Using a layered approach:

  • Increases an attacker’s risk of detection
  • Reduces an attacker’s chance of success

Policies, Procedures, & Awareness

Physical Security

Data

ACLs, encryption, EFS

Application

Application hardening, antivirus

OS hardening, authentication,

patch management, HIDS

Host

Internal Network

Network segments, IPSec, NIDS

Firewalls, Network Access Quarantine Control

Perimeter

Guards, locks, tracking devices

Security documents, user education

description of the policies procedures and awareness layer
I think I will wedge the computer room door open. Much easier.

Hey, I need to configure a firewall. Which ports should I block?

They have blocked my favorite Web site. Lucky I have a modem.

I think I will use my first name as a password.

Description of the Policies, Procedures, and Awareness Layer
policies procedures and awareness layer compromise
Say, I run a network too. How do you configure your firewalls?

Hi, do you know where the computer room is?

I can never think of a good password. What do you use?

Hey, nice modem. What's the number of that line?

Policies, Procedures, and Awareness Layer Compromise
policies procedures and awareness layer protection
Policies, Procedures, and Awareness Layer Protection

Employee security training helps users support thesecurity policy

Firewall ConfigurationProcedure

Physical Access Security Policy

Device Request Procedure

User Information Secrecy Policy

description of the physical security layer
Description of the Physical Security Layer

All of the assets within an organization’s IT infrastructure must be physically secured

physical security layer compromise
View, Change, or Remove Files

Damage Hardware

Remove Hardware

Install Malicious Code

Physical Security Layer Compromise
physical security layer protection
Lock doors and install alarms

Employ security personnel

Enforce access procedures

Monitor access

Limit data input devices

Use remote access tools to enhance security

Physical Security Layer Protection
description of the perimeter layer
Business Partner

Main Office

LAN

LAN

Internet

Internet Services

Internet Services

Network perimeters can include connections to:

Branch Office

  • The Internet
  • Branch offices
  • Business partners
  • Remote users
  • Wireless networks
  • Internet applications

Remote User

Wireless Network

LAN

Description of the Perimeter Layer
perimeter layer compromise
Business Partner

Main Office

LAN

LAN

Internet

Internet Services

Internet Services

Network perimeter compromise may result in a successful:

Branch Office

  • Attack on corporate network
  • Attack on remote users
  • Attack from business partners
  • Attack from a branch office
  • Attack on Internet services
  • Attack from the Internet

Remote User

Wireless Network

LAN

Perimeter Layer Compromise
perimeter layer protection
Business Partner

Main Office

LAN

LAN

Internet

Internet Services

Internet Services

Network perimeter protection includes:

Branch Office

  • Firewalls
  • Blocking communication ports
  • Port and IP address translation
  • Virtual private networks (VPNs)
  • Tunneling protocols
  • VPN quarantine

Remote User

Wireless Network

LAN

Perimeter Layer Protection
description of the internal network layer
Sales

Wireless Network

Marketing

Human Resources

Finance

Description of the Internal Network Layer
internal network layer compromise
Unexpected Communication Ports

Unauthorized Access to Systems

Unauthorized Access to Wireless Networks

Sniff Packets from the Network

Access All Network Traffic

Internal Network Layer Compromise
internal network layer protection
Internal Network Layer Protection

Require mutual authentication

Segment the network

Encrypt network communications

Restrict traffic even when it is segmented

Sign network packets

Implement IPSec port filters to restrict traffic to servers

description of the host layer
Description of the Host Layer
  • Contains individual computer systems on the network
  • Often have specific roles or functions
  • The term “host” is used to refer to both clients and servers
host layer compromise
Exploit Unsecured Operating System Configuration

Unmonitored Access

Host Layer Compromise

Exploit Operating System Weakness

Distribute Viruses

host layer protection
Host Layer Protection

Harden client and server operating systems

Disable unnecessary services

Monitor and audit access and attempted access

Install and maintain antivirus software

Use firewalls

Keep security patches and service packs up to date

windows xp sp2 advanced security technologies
Windows XP SP2 Advanced Security Technologies
  • Network protection
  • Memory protection
  • Safer e-mail handling
  • More secure browsing
  • Improved computer maintenance
  • Get more information on Windows XP Service Pack 2athttp://www.microsoft.com/sp2preview
description of the application layer
Description of the Application Layer
  • Layer includes both client and server network applications
  • Functionality must be maintained

Server Applications Examples: Web Servers, Exchange Server, SQL Server

Client Applications

Examples: Microsoft Outlook, Microsoft Office Suite

application layer compromise
Application Layer Compromise
  • Loss of application functionality
  • Execution of malicious code
  • Extreme use of application – DoS attack
  • Undesirable use of application
application layer protection
Enable only required services and functionality

Secure internally developed applications

Install security updates for all applications

Install and update antivirus software

Run applications with least privilege necessary

Application Layer Protection

Use latest security practices when developing new applications

description of the data layer
Documents

Directory Files

Application Files

Description of the Data Layer
data layer compromise
Data Layer Compromise

Interrogate Directory Files

View, Change, or Remove Information

Replace or Modify Application Files

Documents

Directory Files

Application Files

data layer protection
Data Layer Protection

Encrypt files with EFS

Use NTFS for file and folder-level security

Use a combination of access control lists and encryption

Move files from the default location

Perform regular backups of data

Protect documents and e-mail with Windows Rights Management Services

security incident response
Security Incident Response
  • Business Case
  • Security Risk Management Discipline
  • Defense in Depth
  • Security Incident Response
  • Best Practices
  • 10 Immutable Laws of Security
incident response checklist
Incident-Response Checklist

Recognize that an attack is under way

Identify the attack

Communicate the attack

Contain the attack

Implement preventive measures

Document the attack

containing the effects of the attack
Shut down affected servers

Remove affected computers from the network

Block inbound and outbound network traffic

Preserve the evidence

Containing the Effects of the Attack

Take precautionary measures to protect computers not yet compromised

best practices
Best Practices
  • Business Case
  • Security Risk Management Discipline
  • Defense in Depth
  • Security Incident Response
  • Best Practices
  • 10 Immutable Laws of Security
security best practices
Security Best Practices

Follow the defense-in-depth model

Strive for systems that are secure by design

Apply the principle of least privilege

Learn from experience

Use monitoring and auditing

Train users to be aware of security issues

Develop and test incident-response plans and procedures

security checklist
Security Checklist

Create security policy and procedure documents

Subscribe to security alert e-mails

Keep up to date with patch management

Maintain regular backup and restore procedures

Think like an attacker

10 immutable laws of security
10 Immutable Laws of Security
  • Business Case
  • Security Risk Management Discipline
  • Defense in Depth
  • Security Incident Response
  • Best Practices
  • 10 Immutable Laws of Security
the 10 immutable laws of security part 2
The 10 Immutable Laws of Security, Part 2

http://www.microsoft.com/technet/columns/security/essays/10imlaws.asp

session summary
Session Summary
  • Business Case
  • Security Risk Management Discipline
  • Defense in Depth
  • Security Incident Response
  • Best Practices
  • 10 Immutable Laws of Security
next steps
Next Steps
  • Find additional security training events:

http://www.microsoft.com/seminar/events/security.mspx

  • Sign up for security communications:

http://www.microsoft.com/technet/security/signup/default.mspx

  • Get additional security tools and content:

http://www.microsoft.com/security/guidance

event information what s next
Event InformationWhat’s Next?

Technical Roadshow Post Event Website

www.microsoft.com/uk/techroadshow/postevents

Available from Monday 18th April

Please complete your Evaluation Form!

slide52
http://www.microsoft.com/TwC

© 2004 Microsoft Corporation. All rights reserved.

This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

ad