素材库合集讲解课件

第一篇第一篇 区块篇区块篇 Integrated Integrated phone and PDAphone and PDA Primarily data Primarily data viewingviewing Interoperability Interoperability with Outlook with Outlook and Exchangeand Exchange .NET Compact .NET Compact FrameworkFramework ASP.NET ASP.NET mobile controlsmobile controls Mobile Device Solutions Complex document Complex document authoring, editing authoring, editing and readingand reading Keyboard centric at Keyboard centric at the deskthe desk Keyboard and Keyboard and mouse input mouse input methodsmethods Full .NET Full .NET framework framework availableavailable Centrino SolutionsCentrino Solutions Windows MobileWindows MobileWindows XPWindows XP Complex document Complex document authoring, editing authoring, editing and active readingand active reading Note taking and ink Note taking and ink annotating annotating Keyboard centric at Keyboard centric at the desk, pen and the desk, pen and keyboard away from keyboard away from the deskthe desk Keyboard, mouse Keyboard, mouse plus pen, ink, and plus pen, ink, and speech input methodsspeech input methods Full .NET framework Full .NET framework preinstalledpreinstalled Pen, ink, handwriting Pen, ink, handwriting and speech and speech recognition APIsrecognition APIs Centrino SolutionsCentrino Solutions View and some data View and some data entryentry Integrated PDA with Integrated PDA with phonephone Interoperability with Interoperability with Office, Exchange Office, Exchange and SQL Serverand SQL Server .NET Compact .NET Compact FrameworkFramework ASP.NET mobile ASP.NET mobile controlscontrols Intel Xscale Intel Xscale SolutionsSolutions WindowsWindows CE CE One-way One-way networknetwork Information Information consumptionconsumption Smart Smart Personal Personal ObjectsObjects SmartphoneSmartphone Pocket PC and Pocket PC and Pocket PC PhonePocket PC Phone Notebook PCNotebook PC Tablet PCTablet PC Network Defense Health checkupHealth checkup IT checks “health” of clientIT checks “health” of client Network Access ControlNetwork Access Control Clients who pass get Clients who pass get network accessnetwork access Clients who do not pass Clients who do not pass are fixed or blocked (aka are fixed or blocked (aka “quarantined”)“quarantined”) Health maintenanceHealth maintenance Quarantined clients can be Quarantined clients can be given access to resources given access to resources to get healthyto get healthy From HomeFrom Home (VPN, Dial up)(VPN, Dial up) Returning Returning LaptopsLaptops ConsultantsConsultants GuestsGuests UnhealthyUnhealthy DesktopsDesktops Microsoft Business Solutions ERP Positioning Project Management and Accounting ERP Project Management and Accounting ERP Primarily in US and Latin America Primarily in US and Latin America Mid-market ERP Mid-market ERP Typically customized for unique business Typically customized for unique business processesprocesses Global ERPGlobal ERP MultinationalsMultinationals Advanced manufacturersAdvanced manufacturers Mid-market ERPMid-market ERP Rich out-of-the-box functionalityRich out-of-the-box functionality Guiding Principles ProductiveProductive IntegratedIntegrated ExtensibleExtensible CapableCapable Short learning curveShort learning curve Minimal administrative overheadMinimal administrative overhead Tools integrated tightlyTools integrated tightly Automates common tasksAutomates common tasks Customizable for your processCustomizable for your process Integrates with 3rd party toolsIntegrates with 3rd party tools Remotely accessibleRemotely accessible Robust, secure, scalableRobust, secure, scalable Staging Architecture Data entryData entry TestTest Application CenterApplication Center Commerce WebCommerce Web CommerceCommerce Commerce DataCommerce Data Commerce WebCommerce Web CommerceCommerce Commerce DataCommerce Data Application Application CenterCenter Application Application CenterCenter Data ACS ClusterACS ClusterACS ClusterACS Cluster Cluster controllerCluster controller Cluster controllerCluster controller Data Live Communications Live Communications Client RoadmapClient Roadmap LC 1.2 Client PlatformLC 1.2 Client Platform Multiparty IMMultiparty IM P2P Voice P2P Voice and Videoand Video MPOP MPOP GroupsGroups RoamingRoaming SIP supportSIP support GPO policy GPO policy managementmanagement LC 1.5 Client PlatformLC 1.5 Client Platform Roll up of QFEsRoll up of QFEs MPOP AdditionsMPOP Additions Federation/Archiving Federation/Archiving NotificationNotification HA AdditionsHA Additions LC 2.0 Client PlatformLC 2.0 Client Platform Next generation of Next generation of RTC experiencesRTC experiences More coming!More coming! 200320032H042H04LonghornLonghorn Enterprise Deployment Update Internet FirewallFirewall FirewallFirewall FirewallFirewall Runtime ServersRuntime Servers Corporate LAN Internal ServersCorporate LAN Internal Servers Crawl/SearchCrawl/SearchLoad Balanced WebLoad Balanced Web Infrastructure ServersInfrastructure Servers Development ServersDevelopment ServersTest ServersTest ServersBusiness Data ServersBusiness Data Servers Business UsersBusiness Users Database and Staging ServersDatabase and Staging Servers Staging ServersStaging Servers Database ServersDatabase ServersOffline ServersOffline Servers Indicates Staged Data FlowIndicates Staged Data Flow Communicate and collaborate in a more secure mannerCommunicate and collaborate in a more secure manner without sacrificing information worker productivitywithout sacrificing information worker productivity Windows XP SP2 Block virus or malicious code at the “point of entry”Block virus or malicious code at the “point of entry” At RiskAt Risk The SoftThe Soft UnderbellyUnderbelly Security Issues Today 1 Source: Forrester Research1 Source: Forrester Research 2 Source: Information Week, 26 November 20012 Source: Information Week, 26 November 2001 3 Source: Netcraft summary3 Source: Netcraft summary 4 Source: CERT, 20034 Source: CERT, 2003 5 Source: CSI/FBI Computer Crime and Security Survey5 Source: CSI/FBI Computer Crime and Security Survey 6 Source: Computer Security Institute (CSI) Computer Crime and Security Survey 20026 Source: Computer Security Institute (CSI) Computer Crime and Security Survey 2002 7 Source: CERT, 20027 Source: CERT, 2002 8 Source: Gartner Group8 Source: Gartner Group 14B devices on the Internet by 201014B devices on the Internet by 2010 1 1 35M remote users by 200535M remote users by 2005 2 2 65% increase in dynamic Web sites65% increase in dynamic Web sites 3 3 From 2000 to 2002 reported incidents rose from From 2000 to 2002 reported incidents rose from 21, 756 to 82,09421, 756 to 82,094 4 4 Nearly 80 percent of 445 respondents surveyed Nearly 80 percent of 445 respondents surveyed said the Internet has become a frequent point of said the Internet has become a frequent point of attack, up from 57 percent just four years agoattack, up from 57 percent just four years ago 5 5 90% detected security breaches90% detected security breaches 6 6 85% detected computer viruses85% detected computer viruses 6 6 95% of all breaches avoidable with an alternative 95% of all breaches avoidable with an alternative configurationconfiguration 7 7 Approximately 70 percent of all Web attacks Approximately 70 percent of all Web attacks occur at the application layeroccur at the application layer 8 8 Application Layer AttacksApplication Layer Attacks Identity TheftIdentity Theft Web Site Web Site DefacementDefacement Unauthorized Unauthorized AccessAccess Modification of Data, Modification of Data, Logs and RecordsLogs and Records Theft of Proprietary Theft of Proprietary InformationInformation Service DisruptionService Disruption ImplicationsImplications Compliance:Compliance: Sarbanes OxleySarbanes Oxley Gramm Leach BlilelyGramm Leach Blilely US Patriot ActUS Patriot Act HIPAAHIPAA The Privacy Act (CA)The Privacy Act (CA) Basel 2 (EU)Basel 2 (EU) Data Protection Act (EU)Data Protection Act (EU) LitigationLitigation File Sharing File Sharing Piracy Piracy HR Issues HR Issues Shareholder Suits Shareholder Suits Customer Impact Types Of SRP Rules Path RulePath Rule n n Compares path of file being Compares path of file being run to an allowed path listrun to an allowed path list n n Use when you have a folder Use when you have a folder with many files for the same with many files for the same applicationapplication n n Essential in when SRPs are Essential in when SRPs are strictstrict Hash RuleHash Rule n n Compares the MD5 or SHA1 Compares the MD5 or SHA1 hash of a file to the one hash of a file to the one attempted to be runattempted to be run n n Use when you want to Use when you want to allow/prohibit a certain version allow/prohibit a certain version of a file from being runof a file from being run Certificate RuleCertificate Rule n n Checks for digital signature on Checks for digital signature on application (i.e. Authenticode)application (i.e. Authenticode) n n Use when you want to restrict Use when you want to restrict both win32 applications and both win32 applications and ActiveX contentActiveX content Internet Zone RuleInternet Zone Rule n n Controls how Internet Zones Controls how Internet Zones can be accessedcan be accessed n n Use when in high security Use when in high security environments to control environments to control access to web applicationsaccess to web applications SQL Server 2005 Themes Supportability updating must Does not support Automatic Updates; updating must be initiated manuallybe initiated manually Office Update Web site:Office Update Web site: /officeupdate/officeupdate How To Use Office Update Go to Go to /officeupdate/officeupdate 1 1 Click Check for UpdatesClick Check for Updates 2 2 Install the Office Update Installation Engine Install the Office Update Installation Engine (if not already installed)(if not already installed) 3 3 Select the updates you want to installSelect the updates you want to install 4 4 Click Start InstallationClick Start Installation 5 5 How To Use SUS On the SUS serverOn the SUS server Configure the SUS server at Configure the SUS server at http:/SUSAdminhttp:/SUSAdmin On each SUS clientOn each SUS client Configure Automatic Updates on the client Configure Automatic Updates on the client to use the SUS server Use Group Policy, to use the SUS server Use Group Policy, manually configure each client, ormanually configure each client, or use scriptsuse scripts Set the SUS server synchronization Set the SUS server synchronization scheduleschedule Review, test, and approve updatesReview, test, and approve updates 1 1 2 2 3 3 How To Use MBSA Download and install MBSA (once only)Download and install MBSA (once only) 1 1 Launch MBSALaunch MBSA 2 2 Select the computer(s) to scanSelect the computer(s) to scan 3 3 Select relevant optionsSelect relevant options 4 4 Click Start scanClick Start scan 5 5 View the Security ReportView the Security Report 6 6 Software Update Service Deployment Best Practices (1) Review each security patch Review each security patch Download and install the patchDownload and install the patch Test each security patch before deploymentTest each security patch before deployment Configure a test labConfigure a test lab Use a test SUS serverUse a test SUS server Consider using Virtual PCs in the test labConsider using Virtual PCs in the test lab Use a standard acceptance testing Use a standard acceptance testing procedureprocedure Software Update Service Deployment Best Practices (2) Complete the deploymentComplete the deployment Pilot the deploymentPilot the deployment Configure a child SUS server to approve Configure a child SUS server to approve updatesupdates Configure a GPO so that the patch is Configure a GPO so that the patch is downloaded from the pilot SUS server downloaded from the pilot SUS server only by specified workstationsonly by specified workstations If the pilot fails, remove approval from If the pilot fails, remove approval from the SUS server and manually uninstall the SUS server and manually uninstall the patchthe patch How To Use SMS To Deploy Patches Open the SMS Administrator ConsoleOpen the SMS Administrator Console 1 1 Right-click All Windows XP Computers, and then Right-click All Windows XP Computers, and then select All Tasks Distribute Software Updatesselect All Tasks Distribute Software Updates 3 3 Use the wizard to create a new package and Use the wizard to create a new package and programprogram 4 4 Browse to the patch to be deployedBrowse to the patch to be deployed 5 5 Configure options for how and when the patch will Configure options for how and when the patch will be deployed to clientsbe deployed to clients 6 6 Expand the Site Database nodeExpand the Site Database node 2 2 SMS MBSA Integration MBSA integration included with SMS 2003 and the MBSA integration included with SMS 2003 and the SUS Feature Pack for SMS 2.0SUS Feature Pack for SMS 2.0 Scans SMS clients for missing security updates using Scans SMS clients for missing security updates using mbsacli.exe /hfmbsacli.exe /hf SMS directs client to run local MBSA scanSMS directs client to run local MBSA scan 1 1 SMS server parses data to determine which SMS server parses data to determine which computers need which security updatescomputers need which security updates 3 3 Administrator pushes missing updates only Administrator pushes missing updates only to clients that require themto clients that require them 4 4 Client performs scan, returns data to SMS Client performs scan, returns data to SMS serverserver 2 2 MBSA Benefits Scans systems forScans systems for Missing security patchesMissing security patches Potential configuration issuesPotential configuration issues Works with a broad range ofWorks with a broad range of Microsoft softwareMicrosoft software Allows an administrator to centrally scan Allows an administrator to centrally scan multiple computers simultaneouslymultiple computers simultaneously MBSA is a free tool, and can beMBSA is a free tool, and can be downloaded fromdownloaded from /mbsa/mbsa MBSA Considerations MBSA reports important vulnerabilitiesMBSA reports important vulnerabilities Password weaknessesPassword weaknesses Guest account not disabledGuest account not disabled Auditing not configuredAuditing not configured Unnecessary services installedUnnecessary services installed IIS vulnerabilitiesIIS vulnerabilities IE zone settingsIE zone settings Automatic Updates configurationAutomatic Updates configuration Internet Connection Firewall Internet Connection Firewall configurationconfiguration MBSA Scan Options MBSA has three scan optionsMBSA has three scan options MBSA graphical user interface (GUI)MBSA graphical user interface (GUI) MBSA standard command-lineMBSA standard command-line interface (mbsacli.exe)interface (mbsacli.exe) HFNetChk scan (mbsacli.exe /hf)HFNetChk scan (mbsacli.exe /hf) Business Case For Patch Management When determining the potential financial When determining the potential financial impact of poor patch management, considerimpact of poor patch management, consider DowntimeDowntime Remediation timeRemediation time Questionable data integrityQuestionable data integrity Lost credibilityLost credibility Negative public relationsNegative public relations Legal defensesLegal defenses Stolen intellectual propertyStolen intellectual property “ “We commend Microsoft for We commend Microsoft for providing enhanced security providing enhanced security guidance to its customers as guidance to its customers as well as for soliciting user input well as for soliciting user input as part of the process of as part of the process of producing that guidance“producing that guidance“ Clint KreitnerClint Kreitner President/CEOPresident/CEO “ “NIST reviewed and provided NIST reviewed and provided technical comments device No UI constraints; device independent. Integration independent. Integration into a broad range of into a broad range of different applications different applications and devices.and devices. 20042004 20052005 Windows Small Business Server 2003 SP1 Windows Small Business Server 2003 SP1 Windows Server 2003 for 64-Bit Extended Systems Windows Server 2003 for 64-Bit Extended Systems Windows Server 2003 Service Pack 1 (SP1)Windows Server 2003 Service Pack 1 (SP1) Windows XP Tablet Edition 2005Windows XP Tablet Edition 2005 Windows XP Media Center Edition 2005Windows XP Media Center Edition 2005 Windows XP Service Pack 2 (SP2)Windows XP Service Pack 2 (SP2) Virtual Server 2005Virtual Server 2005 Additional Feature Packs (e.g. Windows Update Services)Additional Feature Packs (e.g. Windows Update Services) Windows Server: Codename “Longhorn” Windows Server: Codename “Longhorn” Beta 1Beta 1 Windows Client: Codename “Longhorn” Windows Client: Codename “Longhorn” Beta 1Beta 1 Windows Server 2003 Update: Codename “R2”Windows Server 2003 Update: Codename “R2” Release Roadmap 第二篇第二篇 表格篇表格篇 Microsoft Patch Severity Ratings Security Bulletin List:Security Bulletin List: http:/www.M/TechNet/Security/Current.asphttp:/www.M/TechNet/Security/Current.asp RatingRatingDefinitionDefinition CriticalCritical Exploitation could allow the propagation of an Exploitation could allow the propagation of an Internet wormInternet worm ImportantImportant Exploitation could result in compromise of user Exploitation could result in compromise of user data or the availability of processing resourcesdata or the availability of processing resources ModerateModerate Exploitation is serious, but is mitigated to a Exploitation is serious, but is mitigated to a significant degree by default configuration, significant degree by defau