1 / 52

Essentials of Security

Essentials of Security. Steve Lamb Technical Security Advisor http://blogs.msdn.com/steve_lamb stephlam@microsoft.com. Session Prerequisites. Hands-on experience installing, configuring, administering, and planning the deployment of Windows 2000 Server or Windows Server 2003

elon
Download Presentation

Essentials of Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Essentials of Security Steve Lamb Technical Security Advisor http://blogs.msdn.com/steve_lamb stephlam@microsoft.com

  2. Session Prerequisites • Hands-on experience installing, configuring, administering, and planning the deployment of Windows 2000 Server or Windows Server 2003 • Knowledge of Active Directory and Group Policy concepts Level 200

  3. Business Case • Business Case • Security Risk Management Discipline • Defense in Depth • Security Incident Response • Best Practices • 10 Immutable Laws of Security

  4. Loss of Revenue Damage to Reputation Damage to Investor Confidence Loss or Compromise of Data Damage to Customer Confidence Interruption of Business Processes Legal Consequences Impact of Security Breaches

  5. The cost of implementing security measures is not trivial; however, it is a fraction of the cost of mitigating security compromises

  6. Benefits of Investing in Security Reduced downtime and costs associated with non-availability of systems and applications Reduced labor costs associated with inefficient security update deployment Reduced data loss due to viruses or information security breaches Increased protection of intellectual property

  7. Security Risk Management Discipline • Business Case • Security Risk Management Discipline • Defense in Depth • Security Incident Response • Best Practices • 10 Immutable Laws of Security

  8. Security Risk Management Discipline (SRMD) Processes • Assessment • Assess and valuate assets • Identify security risks and threats • Analyze and prioritize security risks • Security risk tracking, planning, and scheduling • Development and Implementation • Develop security remediation • Test security remediation • Capture security knowledge • Operation • Reassess assets and security risks • Stabilize and deploy new or changed countermeasures

  9. Assessment: Assess and Valuate Assets Asset Priorities (Scale of 1 to 10) – Example * * For example purposes only – not prescriptive guidance

  10. Assessment: Identify Security Risks and Threats – STRIDE

  11. Assessment: Analyze and Prioritize Security Risks – DREAD Example Worksheet • DREAD • Damage • Reproducibility • Exploitability • Affected Users • Discoverability • Risk Exposure = Asset Priority x Threat Rank

  12. Assessment: Security Risk Tracking, Planning, and Scheduling Detailed Security Action Plans Example Worksheets

  13. Configuration management Detailed Security Action Plans Patch management System monitoring System auditing Operational policies Operational procedures Development and Implementation Security Remediation Strategy Testing Lab Production Environment Knowledge Documented for Future Use

  14. Operation: Reassess Assets and Security Risks • Reassess risks when there is a significant change in assets, operation, or structure • Assess risks continually Production Environment Documented Knowledge Internet Services New Web Site Testing Lab

  15. Production Environment Operation: Stabilize and Deploy New or Changed Countermeasures System Administration Team New or Changed Countermeasures Security Administration Team Network Administration Team

  16. Defense in Depth • Business Case • Security Risk Management Discipline • Defense in Depth • Security Incident Response • Best Practices • 10 Immutable Laws of Security

  17. The Defense-in-Depth Model Using a layered approach: • Increases an attacker’s risk of detection • Reduces an attacker’s chance of success Policies, Procedures, & Awareness Physical Security Data ACLs, encryption, EFS Application Application hardening, antivirus OS hardening, authentication, patch management, HIDS Host Internal Network Network segments, IPSec, NIDS Firewalls, Network Access Quarantine Control Perimeter Guards, locks, tracking devices Security documents, user education

  18. I think I will wedge the computer room door open. Much easier. Hey, I need to configure a firewall. Which ports should I block? They have blocked my favorite Web site. Lucky I have a modem. I think I will use my first name as a password. Description of the Policies, Procedures, and Awareness Layer

  19. Say, I run a network too. How do you configure your firewalls? Hi, do you know where the computer room is? I can never think of a good password. What do you use? Hey, nice modem. What's the number of that line? Policies, Procedures, and Awareness Layer Compromise

  20. Policies, Procedures, and Awareness Layer Protection Employee security training helps users support thesecurity policy Firewall ConfigurationProcedure Physical Access Security Policy Device Request Procedure User Information Secrecy Policy

  21. Description of the Physical Security Layer All of the assets within an organization’s IT infrastructure must be physically secured

  22. View, Change, or Remove Files Damage Hardware Remove Hardware Install Malicious Code Physical Security Layer Compromise

  23. Lock doors and install alarms Employ security personnel Enforce access procedures Monitor access Limit data input devices Use remote access tools to enhance security Physical Security Layer Protection

  24. Business Partner Main Office LAN LAN Internet Internet Services Internet Services Network perimeters can include connections to: Branch Office • The Internet • Branch offices • Business partners • Remote users • Wireless networks • Internet applications Remote User Wireless Network LAN Description of the Perimeter Layer

  25. Business Partner Main Office LAN LAN Internet Internet Services Internet Services Network perimeter compromise may result in a successful: Branch Office • Attack on corporate network • Attack on remote users • Attack from business partners • Attack from a branch office • Attack on Internet services • Attack from the Internet Remote User Wireless Network LAN Perimeter Layer Compromise

  26. Business Partner Main Office LAN LAN Internet Internet Services Internet Services Network perimeter protection includes: Branch Office • Firewalls • Blocking communication ports • Port and IP address translation • Virtual private networks (VPNs) • Tunneling protocols • VPN quarantine Remote User Wireless Network LAN Perimeter Layer Protection

  27. Sales Wireless Network Marketing Human Resources Finance Description of the Internal Network Layer

  28. Unexpected Communication Ports Unauthorized Access to Systems Unauthorized Access to Wireless Networks Sniff Packets from the Network Access All Network Traffic Internal Network Layer Compromise

  29. Internal Network Layer Protection Require mutual authentication Segment the network Encrypt network communications Restrict traffic even when it is segmented Sign network packets Implement IPSec port filters to restrict traffic to servers

  30. Description of the Host Layer • Contains individual computer systems on the network • Often have specific roles or functions • The term “host” is used to refer to both clients and servers

  31. Exploit Unsecured Operating System Configuration Unmonitored Access Host Layer Compromise Exploit Operating System Weakness Distribute Viruses

  32. Host Layer Protection Harden client and server operating systems Disable unnecessary services Monitor and audit access and attempted access Install and maintain antivirus software Use firewalls Keep security patches and service packs up to date

  33. Windows XP SP2 Advanced Security Technologies • Network protection • Memory protection • Safer e-mail handling • More secure browsing • Improved computer maintenance • Get more information on Windows XP Service Pack 2athttp://www.microsoft.com/sp2preview

  34. Description of the Application Layer • Layer includes both client and server network applications • Functionality must be maintained Server Applications Examples: Web Servers, Exchange Server, SQL Server Client Applications Examples: Microsoft Outlook, Microsoft Office Suite

  35. Application Layer Compromise • Loss of application functionality • Execution of malicious code • Extreme use of application – DoS attack • Undesirable use of application

  36. Enable only required services and functionality Secure internally developed applications Install security updates for all applications Install and update antivirus software Run applications with least privilege necessary Application Layer Protection Use latest security practices when developing new applications

  37. Documents Directory Files Application Files Description of the Data Layer

  38. Data Layer Compromise Interrogate Directory Files View, Change, or Remove Information Replace or Modify Application Files Documents Directory Files Application Files

  39. Data Layer Protection Encrypt files with EFS Use NTFS for file and folder-level security Use a combination of access control lists and encryption Move files from the default location Perform regular backups of data Protect documents and e-mail with Windows Rights Management Services

  40. Security Incident Response • Business Case • Security Risk Management Discipline • Defense in Depth • Security Incident Response • Best Practices • 10 Immutable Laws of Security

  41. Incident-Response Checklist Recognize that an attack is under way Identify the attack Communicate the attack Contain the attack Implement preventive measures Document the attack

  42. Shut down affected servers Remove affected computers from the network Block inbound and outbound network traffic Preserve the evidence Containing the Effects of the Attack Take precautionary measures to protect computers not yet compromised

  43. Best Practices • Business Case • Security Risk Management Discipline • Defense in Depth • Security Incident Response • Best Practices • 10 Immutable Laws of Security

  44. Security Best Practices Follow the defense-in-depth model Strive for systems that are secure by design Apply the principle of least privilege Learn from experience Use monitoring and auditing Train users to be aware of security issues Develop and test incident-response plans and procedures

  45. Security Checklist Create security policy and procedure documents Subscribe to security alert e-mails Keep up to date with patch management Maintain regular backup and restore procedures Think like an attacker

  46. 10 Immutable Laws of Security • Business Case • Security Risk Management Discipline • Defense in Depth • Security Incident Response • Best Practices • 10 Immutable Laws of Security

  47. The 10 Immutable Laws of Security, Part 1

  48. The 10 Immutable Laws of Security, Part 2 http://www.microsoft.com/technet/columns/security/essays/10imlaws.asp

  49. Session Summary • Business Case • Security Risk Management Discipline • Defense in Depth • Security Incident Response • Best Practices • 10 Immutable Laws of Security

  50. Next Steps • Find additional security training events: http://www.microsoft.com/seminar/events/security.mspx • Sign up for security communications: http://www.microsoft.com/technet/security/signup/default.mspx • Get additional security tools and content: http://www.microsoft.com/security/guidance

More Related