经典PPT素材库合集.ppt

,第一篇 区块篇,Integrated phone and PDA Primarily data viewing Interoperability with Outlook and Exchange .NET Compact Framework ASP.NET mobile controls,Mobile Device Solutions,Complex document authoring, editing and reading Keyboard centric at the desk Keyboard and mouse input methods Full .NET framework available Centrino Solutions,Windows Mobile,Windows XP,Complex document authoring, editing and active reading Note taking and ink annotating Keyboard centric at the desk, pen and keyboard away from the desk Keyboard, mouse plus pen, ink, and speech input methods Full .NET framework preinstalled Pen, ink, handwriting and speech recognition APIs Centrino Solutions,View and some data entry Integrated PDA with phone Interoperability with Office, Exchange and SQL Server .NET Compact Framework ASP.NET mobile controls Intel Xscale Solutions,Windows CE,One-way network Information consumption,Smart Personal Objects,Smartphone,Pocket PC and Pocket PC Phone,Notebook PC,Tablet PC,Network Defense,Health checkup IT checks “health” of client Network Access Control Clients who pass get network access Clients who do not pass are fixed or blocked (aka “quarantined”) Health maintenance Quarantined clients can be given access to resources to get healthy,From Home (VPN, Dial up),Returning Laptops,Consultants Guests,Unhealthy Desktops,Microsoft Business Solutions ERP Positioning,Guiding Principles,Productive,Integrated,Extensible,Capable,Short learning curve Minimal administrative overhead,Tools integrated tightly Automates common tasks,Customizable for your process Integrates with 3rd party tools,Remotely accessible Robust, secure, scalable,Staging Architecture,Data entry,Test,Application Center,Commerce Web,Commerce,Commerce Data,Commerce Web,Commerce,Commerce Data,Application,Center,Application,Center,Data,ACS Cluster,ACS Cluster,Cluster controller,Cluster controller,Data,Live Communications Client Roadmap,LC 1.2 Client Platform Multiparty IM P2P Voice and Video MPOP Groups Roaming SIP support GPO policy management,LC 1.5 Client Platform Roll up of QFEs MPOP Additions Federation/Archiving Notification HA Additions,LC 2.0 Client Platform Next generation of RTC experiences More coming!,2003,2H04,Longhorn,Enterprise Deployment Update,Internet,Firewall,Firewall,Firewall,Runtime Servers,Corporate LAN Internal Servers,Crawl/Search,Load Balanced Web,Infrastructure Servers,Development Servers,Test Servers,Business Data Servers,Business Users,Database and Staging Servers,Staging Servers,Database Servers,Offline Servers,Indicates Staged Data Flow,Communicate and collaborate in a more secure manner without sacrificing information worker productivity,Windows XP SP2 Block virus or malicious code at the “point of entry”,At Risk,The Soft Underbelly,Security Issues Today,1 Source: Forrester Research 2 Source: Information Week, 26 November 2001 3 Source: Netcraft summary 4 Source: CERT, 2003 5 Source: CSI/FBI Computer Crime and Security Survey 6 Source: Computer Security Institute (CSI) Computer Crime and Security Survey 2002 7 Source: CERT, 2002 8 Source: Gartner Group,14B devices on the Internet by 20101 35M remote users by 20052 65% increase in dynamic Web sites3 From 2000 to 2002 reported incidents rose from 21, 756 to 82,0944 Nearly 80 percent of 445 respondents surveyed said the Internet has become a frequent point of attack, up from 57 percent just four years ago5,90% detected security breaches6 85% detected computer viruses6 95% of all breaches avoidable with an alternative configuration7 Approximately 70 percent of all Web attacks occur at the application layer8,Application Layer Attacks,Identity Theft Web Site Defacement Unauthorized Access Modification of Data, Logs and Records Theft of Proprietary Information Service Disruption,Implications,Compliance: Sarbanes Oxley Gramm Leach Blilely US Patriot Act HIPAA The Privacy Act (CA) Basel 2 (EU) Data Protection Act (EU) Litigation File Sharing Piracy HR Issues Shareholder Suits,Customer Impact,Types Of SRP Rules,Path Rule Compares path of file being run to an allowed path list Use when you have a folder with many files for the same application Essential in when SRPs are strict,Hash Rule Compares the MD5 or SHA1 hash of a file to the one attempted to be run Use when you want to allow/prohibit a certain version of a file from being run,Certificate Rule Checks for digital signature on application (i.e. Authenticode) Use when you want to restrict both win32 applications and ActiveX content,Internet Zone Rule Controls how Internet Zones can be accessed Use when in high security environments to control access to web applications,SQL Server 2005 Themes,Supportability & Quality,Enterprise Enhancements,Unified & Flexible Administration,Patch Solutions,Prevention, Readiness, Recovery Ease of use,Patch Installs Patch in integrated step,Integrated Database Services and Business Intelligence Flexible install management,Add value to one-step Failover Clustering Expanded scripting support,Traditional Firewalls,Wide open to advanced attacks,Performance versus security tradeoff,Limited capacity for growth,Hard to manage,Code Red, Nimda SSL-based attacks,Security is complex IT is already overloaded,Bandwidth too expensive Too many moving parts,Not easily upgradeable Dont scale with business,Choosing the Right Type of Assessment,Vulnerability Scanning Focuses on known weaknesses Of the three, requires the least expertise Generally easy to automate,Penetration Testing Focuses on known and unknown weaknesses Requires advanced technical expertise Carries tremendous legal burden in certain countries/organizations,IT Security Audits Focuses on security policies and procedures Of the three, requires the most expertise When done right is the most effective type of assessment,Perimeter Security Evolution,Wide open to advanced attacks,Application-level protection,Performance versus security tradeoff,Security and performance,Limited capacity for growth,Extensibility and scalability,Hard to manage,Easier to use,The advanced application layer firewall, VPN and Web cache solution that enables customers to maximize IT investments by improving network security and performance,Advanced protection Application layer security designed to protect Microsoft applications,Fast, secure access Empowers you to connect users to relevant information on your network in a cost efficient manner,Ease of use Efficiently deploy, manage, and enable new usage scenarios,Introducing: ISA Server 2004,Fast, secure access Empowers you to connect users to relevant info. on your network,ISA Server 2004 New Features Continued commitment to integration,Enhanced architecture,High speed data transport Utilizes latest Windows and PC hardware SSL bridging unloads downstream servers,Web cache,Updated policy rules Serve content locally Pre-fetch content during low activity periods,Internet access control,User- and group-based Web usage policy Extensible by third parties,Comprehensive authentication,New support for RADIUS and RSA SecurID User- & group-based access policy Third party extensibility,System Service Accounts,Local Service and Network Service No password to manage Runs with only slightly more permissions than Authenticated User Local Service cannot authenticate across the network, Network Service authenticates as the computer account,Local System No password to manage Bypasses security checks User Accounts Run with less privilege than Local System Stores password as an LSA secret Can be complex to configure,Whats New With IPSec?,Management IP Security Monitor Command-line management with Netsh Logical addresses for local IP configuration,Security Stronger cryptographic master key (Diffie-Hellman) Computer startup security Persistent policy for enhanced security Ability to exclude the name of the CA from certificate requests Better default exemption handling,Interoperability IPSec functionality over network address translation (NAT) Improved IPSec integration with Network Load Balancing,ISA Server 2004 New Features New management tools and user interface,Multi-network architecture,Unlimited network definitions and types Firewall policy applied to all traffic Per network routing relationships,Network templates and wizards,Wizard automates nwk routing relationships Supports 5 common network topologies Easily customized for sophisticated scenarios,Visual policy editor,Unified firewall/VPN policy w/one rule-base Drag/drop editing w/scenario-driven wizards XML-based configuration import-export,Enhanced trouble-shooting,All new monitoring dashboard Real-time log viewer Content sensitive task panes,Ease of Use Efficiently deploy, manage, and enable new usage scenarios,How To Use Windows Update,To configure Automatic Updates:,Select Keep my computer up to date,Open the System application in Control Panel,1,On the Automatic Updates tab, select the option you want,3,2,Office Update,Benefits Limitation,Single location for office patches and updates Easy to use Can be configured to update consumer or enterprise systems,Does not support Automatic Updates; updating must be initiated manually,Office Update Web site: /officeupdate,How To Use Office Update,Go to /officeupdate,1,Click Check for Updates,2,Install the Office Update Installation Engine (if not already installed),3,Select the updates you want to install,4,Click Start Installation,5,How To Use SUS,On the SUS server,Configure the SUS server at http:/SUSAdmin,On each SUS client,Configure Automatic Updates on the client to use the SUS server Use Group Policy, manually configure each client, or use scripts,Set the SUS server synchronization schedule,Review, test, and approve updates,1,2,3,How To Use MBSA,Download and install MBSA (once only),1,Launch MBSA,2,Select the computer(s) to scan,3,Select relevant options,4,Click Start scan,5,View the Security Report,6,Software Update Service Deployment Best Practices (1),Software Update Service Deployment Best Practices (2),How To Use SMS To Deploy Patches,SMS MBSA Integration,MBSA integration included with SMS 2003 and the SUS Feature Pack for SMS 2.0 Scans SMS clients for missing security updates using mbsacli.exe /hf,MBSA Benefits,Scans systems for Missing security patches Potential configuration issues Works with a broad range of Microsoft software Allows an administrator to centrally scan multiple computers simultaneously MBSA is a free tool, and can be downloaded from /mbsa,MBSA Considerations,MBSA reports important vulnerabilities,Password weaknesses Guest account not disabled Auditing not configured Unnecessary services installed IIS vulnerabilities IE zone settings Automatic Updates configuration Internet Connection Firewall configuration,MBSA Scan Options,MBSA has three scan options MBSA graphical user interface (GUI) MBSA standard command-line interface (mbsacli.exe) HFNetChk scan (mbsacli.exe /hf),Business Case For Patch Management,When determining the potential financial impact of poor patch management, consider,Downtime Remediation time Questionable data integrity Lost credibility Negative public relations Legal defenses Stolen intellectual property,“We commend Microsoft for providing enhanced security guidance to its customers as well as for soliciting user input as part of the process of producing that guidance“ Clint Kreitner President/CEO,“NIST reviewed and provided technical comments & advice, that was incorporated in this guidance” Timothy Grance Manager Systems and Network Security Group,Comments,You Need To,ISA Delivers,Relational Reporting Multiple fact tables Full richness the dimensions attributes Transaction level access Star, snowflake, 3NF Complex relationships: Multi-grains, many-to-many, role playing, indirect Recursive self joins Slowly changing dimensions,The Unified Dimensional Model The Best Of Relational And OLAP,OLAP Cubes Multidimensional navigation Hierarchical presentation Friendly entity names Powerful MDX calculations Central KPI framework “Actions” Language translations Multiple perspectives Partitions Aggregations Distributed sources,Visual Studio Team System,Change Management,Work Item Tracking,Reporting,Project Site,Visual Studio Team Foundation,Integration Services,Project Management,Process and Architecture Guidance,Visual Studio Industry Partners,Dynamic Code Analyzer,Visual Studio Team Architect,Static Code Analyzer,Code Profiler,Unit Testing,Code Coverage,Visio and UML Modeling,Team Foundation Client,VS Pro,Class Modeling,Load Testing,Manual Testing,Test Case Management,Application Modeling,Logical Infra. Modeling,Deployment Modeling,Visual Studio Team Developer,Visual Studio Team Test,Application Modeling,Logical Infra. Modeling,Deployment Modeling,Class Modeling,SQL Server Catalog,Report Server,XML Web Service Interface,Report Processing,Delivery,Delivery Targets (E-mail, SharePoint, Custom),Rendering,Output Formats (HTML, Excel, PDF, Custom),Data Processing,Data Sources (SQL, OLE DB, XML/A, ODBC, Oracle, Custom),Security,Security Services (NT, Passport, Custom),Office,Custom Application,Browser,SQL Server 2000 Reporting Services Architecture,Internet,RAS Client,RRAS Server,IAS Server,Quarantine,RQC.exe and RQS.exe are in the Windows Server 2003 Resource Kit,Quarantine Architecture,What is VS Team Foundation?,Source Code Control,Work Item Tracking,Build Automation,Project Site,Reporting,Microsoft BI Product Suite,Analysis Services OLAP & Data Mining,Data Transformation Services,SQL Server Relational Engine,Reporting Services,Management Tools,Dev Tools Visual Studio .Net,Excel OWC Visio Map Point Data Analyzer,SharePoint Portal Server Project Server,Windows Server,MBS BI Applications,Current Architecture,TCP/IP,RTC Client API,User App,Server Architecture,Winsock,Storage,AD,Server,Application Interaction,Application 1 CRM,Application 2 Billing,Application 3 Logging,Request,Modified Request,TITLE,Available,Today,Microsoft Windows Security Resource Kit,Assessing Network Security,June 23, 2004,EAP architecture,TLS,GSS_API Kerberos,PEAP,IKE,MD5,EAP,PPP,802.3,802.5,802.11,Anything,method layer,EAP layer,media layer,MS-CHAPv2,TLS,SecurID,Partner Solutions Offerings,VALUE Proposition: Get more business value from your investment in Office,Finance Sarbanes-Oxley Business Scorecard Excel Add-in for SQL Server Analysis Services,Operations Six Sigma,HR Recruiting,Sales Proposals,Solution Accelerators,Microsoft Products,Office Solution Accelerators,VALUE Proposition: Get more business value from your investment in Office,Your People,EPM Involves.,Your Business Processes,Your Organization,Your Software Technology & Tools,An orchestration of your people, processes, organization with technology,Your Business Processes,Governance,Prioritization,Budgeting,Human Resources, etc ,Initiatives,Implement Microsoft Office Project 2003 for the Enterprise,Decisions,- Corporate Goals and Objectives,Executives,Your Organization,Strategic Initiatives,Development Projects,Operational Improvements,On Average 45-50% of all Projects are linked to Strategic Objectives.,Representative Risks And Tactics,Tactical Solutions,Enterprise Risks,Embody Trustworthy Computing,Secure Environmental Remediation,Unpatched Devices,Network Segmentation Through IPSec,Unmanaged Devices,Secure Remote User,Remote and Mobile Users,Two-Factor for Remote Access and Administrators,Single-Factor Authentication,Managed Source Initiatives,Focus Controls Across Key Assets,Remote Access Security,Threat,Requirement,Solution,Malicious users,Two factor authentication,Smart Cards for RAS,Malicious software,Enforce remote system security configuration,Connection Manager, custom scripts and tools provided in the Windows 2003 resource kit,Corporate Security Group Organization,Corporate Security Group,Threat, Risk Analysis, and Policy,Assessment and Compliance,Monitoring, Intrusion Detection, and Incident Response,Shared Services Operations,Threat and Risk Analysis,Policy Development,Product Evaluation,Design Review,Structure Standards,Security Management,Security Assessment,Compliance and Remediation,Monitoring and Intrusion Detection,Rapid Response and Resolution,Forensics,IT Investigations,Physical and Remote Access,Certificate Administration,Security Tools,Initiative Management,Server Functions,Operational Infrastructure,Server Workloads Focus,Application/Web Server Unix integration services,Workloads,Solutions,Application Platform,Information Worker Infrastructure,Database High Performance Computing,Soft