微软演示稿经典剪辑图例课件

第三篇第三篇 图例篇图例篇 CorpnetCorpnet InternetInternet RADIUS Authentication Federation through RADIUS proxiesFederation through RADIUS proxies Can be used for centralized authentication servicesCan be used for centralized authentication services Domain membership not requiredDomain membership not required Great for DMZ placementGreat for DMZ placement 1 HTTP/SSL basic auth. 2 RADIUS request RADIUS Server (IAS) Firewall Server 3 HTTP/SSL request, sent to server Back-end Server Web Client (Browser, HTTP client) ISA Server 2000 (Old) Networking Model Fixed zonesFixed zones “IN” = LAT“IN” = LAT “OUT” = DMZ, Internet“OUT” = DMZ, Internet Packet filter only on Packet filter only on external interfacesexternal interfaces Single outbound policySingle outbound policy NAT alwaysNAT always Static filtering from DMZ Static filtering from DMZ to Internetto Internet InternalInternal NetworkNetwork InternetInternet DMZ 1DMZ 1 Static PFStatic PF ISA 2000ISA 2000 ISA Server 2004 Networking Model Any number of networksAny number of networks VPN as networkVPN as network Localhost as networkLocalhost as network Assigned Assigned relationships relationships (NAT/Route)(NAT/Route) Per-Network policyPer-Network policy Packet filtering onPacket filtering on all interfacesall interfaces Support for DoDSupport for DoD Any topology, any policyAny topology, any policy CorpNet_1CorpNet_1 CorpNet_nCorpNet_n Net ANet A Internet VPN ISA 2004 DMZ_nDMZ_n DMZ_1DMZ_1 Local HostLocal Host NetworkNetwork Rule Structure launched; infects infects unprotected or unprotected or unpatched unpatched systemssystems No ExploitNo ExploitExploitExploit MBSA How It Works MSSecure.xml containsMSSecure.xml contains Security bulletin namesSecurity bulletin names Product-specific updatesProduct-specific updates Version and checksum infoVersion and checksum info Registry keys changedRegistry keys changed KB article numbersKB article numbers Etc.Etc. Run MBSA on Admin system, Run MBSA on Admin system, specify targetsspecify targets 1 1 Downloads CAB file with Downloads CAB file with MSSecure.xml and verifies digital MSSecure.xml and verifies digital signaturesignature 2 2 Scans target systems for OS, OS Scans target systems for OS, OS components, and applicationscomponents, and applications 3 3 Parses MSSecure to see Parses MSSecure to see if updates are availableif updates are available 4 4 Checks if required Checks if required updates are missingupdates are missing 5 5 Generates time-stamped Generates time-stamped report of missing updatesreport of missing updates 6 6 Windows Windows Download CenterDownload Center MSSecure.xmlMSSecure.xml MBSAMBSA ComputerComputer Policies, Procedures, run inventory Inventory Tools; run inventory tool installertool installer 1 1 Scan components replicate Scan components replicate to SMS clientsto SMS clients 2 2 Clients scanned; scan Clients scanned; scan results merged into SMS results merged into SMS hardware inventory datahardware inventory data 3 3 Administrator uses Administrator uses Distribute Software Updates Distribute Software Updates Wizard to authorize updatesWizard to authorize updates 4 4 Update files downloaded; Update files downloaded; packages, programs, and packages, programs, and advertisements advertisements created/updated; packages created/updated; packages replicated and programs replicated and programs advertised to SMS clientsadvertised to SMS clients 5 5 Software Update Installation Software Update Installation Agent on clients deploy Agent on clients deploy updatesupdates 6 6 Periodically: Sync component checks for new Periodically: Sync component checks for new updates, scans clients, and deploys necessary updates, scans clients, and deploys necessary updatesupdates 7 7 EnumerationEnumeration “ “OK”OK” ? ? ? ? ? ? ? ? ? ? Record of StateRecord of State “ “Better”Better” ? ? ? ? ? ? ? ? ? ? Well-defined Standard ConfigurationsWell-defined Standard Configurations “ “Best”Best” Security Policy Model OperationsOperations ProcessProcess ImplementationImplementation DocumentationDocumentation PolicyPolicy TechnologyTechnology Start with policyStart with policy Build process Build process Apply technology Apply technology System = Programs + Servers + Solutions + Services Compare to standards and best practicesCompare to standards and best practices Measuring Security Policy Security PolicySecurity Policy Documented Documented ProceduresProcedures OperationsOperations “ “What you What you must do”must do” “ “What you What you say you do”say you do” “ “What you What you reallyreally do” do” Security Operating Security Operating PrinciplesPrinciples Corporate Security Corporate Security Mission and VisionMission and Vision Security Strategy Risk-Based Decision ModelRisk-Based Decision Model Tactical PrioritizationTactical Prioritization Mission Assess RiskAssess Risk Define Define PolicyPolicy MonitorMonitor AuditAudit Operating Principles Mission Mission and Visionand Vision Risk Based Decision Model Tactical Prioritization Prevent malicious or Prevent malicious or unauthorized use that unauthorized use that results in the loss of results in the loss of Microsoft intellectual Microsoft intellectual property or productivity property or productivity by systematically by systematically assessing, assessing, communicating, and communicating, and mitigating risks to mitigating risks to digital assetsdigital assets Enterprise Risk Model HighHigh LowLow HighHigh Impact to BusinessImpact to Business (Defined by Business Owner)(Defined by Business Owner) LowLow Acceptable Risk Unacceptable Risk Operating Principles Mission and Vision Risk Based Decision Risk Based Decision ModelModel Tactical Prioritization Probability of ExploitProbability of Exploit (Defined by Corporate Security)(Defined by Corporate Security) Risk assessment drives to acceptable risk Task begin integrating PM tools and business/IT requirements Improve risk response & managing a “portfolio” of projects 4 4 RiskRisk PM MaturityPM Maturity Project ComplexityProject Complexity PM CapabilityPM Capability EPM ExpectationEPM Expectation Project Management Maturity Model (PMMM) Technology Microsoft Office EPM Architecture Easily Create EnterpriseEasily Create Enterprise Project PlansProject PlansTeam ParticipationTeam Participation Centrally Store Project, Centrally Store Project, Resources, and ReportingResources, and Reporting Project Documents, Issues, Project Documents, Issues, Risks, and TasksRisks, and Tasks LOB SystemsLOB Systems Get More from Your Get More from Your IT InvestmentsIT Investments More More Productive Productive UsersUsers Taking a Staged ApproachTaking a Staged Approach Proof of Concept Limited Production Pilot Multi-department Rollout Enterprise Rollout Deployment Planning Legacy Legacy AppApp Workflow Workflow EngineEngine SiebelSiebelSAPSAPMS-CRMMS-CRM Architecture Overview Information BridgeInformation Bridge Back-end ServicesBack-end Services ClientClient Office Office ApplicationApplication Smart TagSmart Tag Smart DocSmart Doc Task Pane Task Pane ManagerManager Host Host RendererRenderer IBF - UIIBF - UI IBF IBF EngineEngine Metadata Metadata CacheCache Metadata Metadata Design