trustworthy computing n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Trustworthy Computing PowerPoint Presentation
Download Presentation
Trustworthy Computing

Loading in 2 Seconds...

play fullscreen
1 / 19

Trustworthy Computing - PowerPoint PPT Presentation


  • 135 Views
  • Uploaded on

Trustworthy Computing. m. Peter Birch Senior Architectural Engineer Microsoft Ltd (UK). Agenda. Why is Security important? What is Trustworthy Computing? What are we doing today? Microsoft Security Response Centre Secure Windows Initiative The Strategic Technology Protection Program

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Trustworthy Computing' - sean-morrow


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
trustworthy computing
Trustworthy Computing

m

Peter Birch

Senior Architectural Engineer

Microsoft Ltd (UK)

agenda
Agenda
  • Why is Security important?
  • What is Trustworthy Computing?
  • What are we doing today?
    • Microsoft Security Response Centre
    • Secure Windows Initiative
    • The Strategic Technology Protection Program
  • The future challenges – Questions?
leaving messages
Leaving Messages
  • Microsoft is as committed to developing the trusted computing model, as it was in moving into the internet and adoption of .Net
  • Security is part of Trustworthy computing and can only be achieved through partnership & teamwork
  • Security is ‘the journey’ there is no end point
an industry wide problem

Reported Vulnerabilities by OS in 2001

35

30

25

Number of incidents

MandrakeS off Linux 7.2

SCO Open Server 5.0.6

20

Redhat Linux 7.0

15

Sun Solaris 8.0

Windows 2000

10

5

0

Platform

An Industry-Wide Problem
  • Security breaches common
    • Windows UPnP
    • Oracle 9i Buffer Overrun
    • AOL AIM
    • CDE/Solaris
  • Viruses
    • Nimda, Code Red show tangible and cyber-worlds inextricably linked

John McCormick, TechRepublic, Inc., September 24, 2001, based on data provided by Security Focus Bugtraq

uk survey pwc dti report
UK Survey (PWC / DTI report)
  • 44% of UK business have suffered at least one malicious security breach
  • Average Cost of a serious incident £30,000
  • Virus was the single largest cause of security breaches (33% of incidents)
  • Yet 1% investment, 27% has security policy, 49% have procedures for DPA, 11% have incident response, 44% have any type of insurance
  • http://www.dti.gov.uk/cii/docs/sbsreport_2002.pdf
microsoft is committed
Microsoft is committed
  • “Over the last year it has become clear that ensuring .NET is a platform for Trustworthy Computing is more important than any other part of our work” – Bill Gates
  • “In the past, we’ve made our software and services more compelling for users by adding new features and functionality, and by making our platform richly extensible. We’ve done a terrific job at that, but all those great features won’t matter unless customers trust our software. So now, when we face a choice between adding features and resolving security issues, we need to choose security” – Bill Gates
what is trustworthy computing
What is Trustworthy Computing?

The Trustworthy Computing initiative at Microsoft is a long-term, company-wide initiative to deliver Trustworthy Computing experiences based on security, privacy, reliability and business integrity to our customers and the industry --via the .NET platform and other Microsoft products and services.

why trust
Why Trust?
  • Computers generally do not engender trust
  • Early stage of adoption
  • Trust is not just security, as it involves perception and environment
    • Telephones - almost always there when we need them, do what we need them to do, work as advertised, and are reliably available.
    • A combination of engineering, business practice, and regulation
trustworthy computing1
Resilient to attack

Protects confidentiality, integrity, availability and data

Trustworthy Computing

Security

  • Individuals control personal data
  • Products and Online Services adhere to fair information principles

Privacy

  • Dependable
  • Available when needed
  • Performs at expected levels

Reliability

  • Help customers find appropriate solutions
  • Address issues with products and services
  • Open interaction with customers

Business Integrity

microsoft security response centre
Microsoft Security Response Centre
  • Dedicated team in the Microsoft Security Response Centre
    • Policy Commitment
    • investigates all threats (Secure@microsoft.com)
    • Weekly Exec status
    • Customer bulletins - plain language
    • www.microsoft.com/security
  • Education
    • Brings back experience into the Product group
  • Non-disclosure of threats in the investigation phase
    • Trusted Computing Conf in Nov. - Developing new procedure standard with @stake, BindView, Foundstone, Guardent, Internet Security Systems,
secure windows initiative
Secure Windows Initiative
  • “To improve the security of all our software and products, so that our customers will get the level of security they require”
    • Training - dedicated security courses
    • Testing – internal / external experts (inc Universities). Penetration group. Systems up on the web
    • Tools – Automated analysis tools, eg Prefix / Prefast, RPC stress testing
    • Process – RAID, Security bug bash, Automated & Managed sign off
    • Product – Security over Feature – turn off services
strategic technology protection program

Offering

No-charge support for virus-related incidents

Premier Support and Security workshops & services – Get Secure & Stay Secure

  • Security resource site: www.microsoft.com/security
  • Microsoft Security Notification Service Windows Security Newsletter

Online

Product

Microsoft Security Tool Kit, Security Configuration Checklists, and PAG

Security maintenance tools and resources

Reboot only where necessary

MSBA, MSUS

Strategic Technology Protection Program
future directions

Devices

Services

Apps

Future Directions
  • Machine-machine processes
    • Self-management by policy
      • Loosely coupled, self-configuring, self-organizing, adaptive
    • Edge of the network
      • Peer-to-peer applications; distributed processing, storage
  • New development, testing, operations, auditing tools
  • Hardware and networking improvements
    • Failover, redundancy; impervious to physical modifications; theft or loss;
    • Rigorous authentication, key management
slide17
News
  • Windows 2000 achieves Common Criteria at EAL4
  • Professional, Server, and Advanced Server
  • Systematic Flaw Remediation
  • Includes Active Directory, Kerberos, IPsec, EFS, Single Sign-on, etc
  • Wide range of real-life deployment scenarios tested
  • Windows XP and Windows .net Server 2003 will enter evaluation
leaving messages1
Leaving Messages
  • Microsoft is as committed to developing the trusted computing model, as it was in moving into the internet and adoption of .Net
  • Security is part of Trustworthy computing and can only be achieved through partnership & teamwork
  • Security is ‘the journey’ there is no end point
slide19

Questions?Visit http://www.microsoft.com/security for current information on securityBuilding a Secure Platform for Trustworthy Computing Whitepaperhttp://www.microsoft.com/enterprise/articles/security.asp