版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领
文档简介
教学第一篇区块篇第1页/共52页AtRiskTheSoftUnderbellySecurityIssuesToday1Source:ForresterResearch2Source:InformationWeek,26November20013Source:Netcraftsummary4Source:CERT,20035Source:CSI/FBIComputerCrimeandSecuritySurvey6Source:ComputerSecurityInstitute(CSI)ComputerCrimeandSecuritySurvey20027Source:CERT,20028Source:GartnerGroup14BdevicesontheInternetby2010135Mremoteusersby2005265%increaseindynamicWebsites3From2000to2002reportedincidentsrosefrom21,756to82,0944Nearly80percentof445respondentssurveyedsaidtheInternethasbecomeafrequentpointofattack,upfrom57percentjustfouryearsago5
90%detectedsecuritybreaches685%detectedcomputerviruses695%ofallbreachesavoidablewithanalternativeconfiguration7Approximately70percentofallWebattacksoccurattheapplicationlayer8第2页/共52页ApplicationLayerAttacksIdentityTheftWebSiteDefacementUnauthorizedAccessModificationofData,LogsandRecordsTheftofProprietaryInformationServiceDisruptionImplicationsCompliance:SarbanesOxleyGrammLeachBlilelyUSPatriotActHIPAA ThePrivacyAct(CA)Basel2(EU)DataProtectionAct(EU)LitigationFileSharingPiracyHRIssuesShareholderSuitsCustomerImpact第3页/共52页TypesOfSRPRulesPathRuleComparespathoffilebeingruntoanallowedpathlistUsewhenyouhaveafolderwithmanyfilesforthesameapplicationEssentialinwhenSRPsarestrictHashRuleComparestheMD5orSHA1hashofafiletotheoneattemptedtoberunUsewhenyouwanttoallow/prohibitacertainversionofafilefrombeingrunCertificateRuleChecksfordigitalsignatureonapplication(i.e.Authenticode)Usewhenyouwanttorestrictbothwin32applicationsandActiveXcontentInternetZoneRuleControlshowInternetZonescanbeaccessedUsewheninhighsecurityenvironmentstocontrolaccesstowebapplications第4页/共52页SQLServer2005ThemesSupportability&QualityEnterpriseEnhancementsUnified&FlexibleAdministrationPatchSolutionsPrevention,Readiness,RecoveryEaseofusePatchInstallsPatchinintegratedstepIntegratedDatabaseServicesandBusinessIntelligenceFlexibleinstallmanagementAddvaluetoone-stepFailoverClusteringExpandedscriptingsupport第5页/共52页LiveCommunicationsClientRoadmapLC1.2ClientPlatformMultipartyIMP2PVoice
andVideoMPOPGroupsRoamingSIPsupportGPOpolicymanagementLC1.5ClientPlatformRollupofQFEsMPOPAdditionsFederation/ArchivingNotificationHAAdditionsLC2.0ClientPlatformNextgenerationofRTCexperiencesMorecoming!20032H04Longhorn第6页/共52页IntegratedphoneandPDAPrimarilydataviewingInteroperabilitywithOutlookandExchange.NETCompactFrameworkASP.NETmobilecontrolsMobileDeviceSolutionsComplexdocumentauthoring,editingandreadingKeyboardcentricatthedeskKeyboardandmouseinputmethodsFull.NETframeworkavailableCentrinoSolutionsWindowsMobileWindowsXPComplexdocumentauthoring,editingandactivereadingNotetakingandinkannotatingKeyboardcentricatthedesk,penandkeyboardawayfromthedeskKeyboard,mousepluspen,ink,andspeechinputmethodsFull.NETframeworkpreinstalledPen,ink,handwritingandspeechrecognitionAPI’sCentrinoSolutionsViewandsomedataentryIntegratedPDAwithphoneInteroperabilitywithOffice,ExchangeandSQLServer.NETCompactFrameworkASP.NETmobilecontrolsIntelXscaleSolutionsWindows®CEOne-waynetworkInformationconsumptionSmartPersonalObjectsSmartphonePocketPCandPocketPCPhoneNotebookPCTabletPC第7页/共52页TraditionalFirewallsWideopentoadvancedattacksPerformanceversus
securitytradeoffLimitedcapacityforgrowthHardtomanageCodeRed,NimdaSSL-basedattacksSecurityiscomplexITisalreadyoverloadedBandwidthtooexpensiveToomanymovingpartsNoteasilyupgradeableDon’tscalewithbusiness第8页/共52页ChoosingtheRightTypeofAssessment
VulnerabilityScanningFocusesonknownweaknessesOfthethree,requirestheleastexpertiseGenerallyeasytoautomatePenetrationTestingFocusesonknownandunknownweaknessesRequiresadvancedtechnicalexpertiseCarriestremendouslegalburdenincertaincountries/organizationsITSecurityAuditsFocusesonsecuritypoliciesandproceduresOfthethree,requiresthemostexpertiseWhendonerightisthemosteffectivetypeofassessment第9页/共52页PerimeterSecurityEvolutionWideopentoadvancedattacksApplication-levelprotectionPerformanceversus
securitytradeoffSecurityandperformanceLimitedcapacityforgrowthExtensibilityandscalabilityHardtomanageEasiertouse第10页/共52页The
advancedapplicationlayerfirewall,VPNandWebcache
solutionthatenablescustomerstomaximizeITinvestmentsbyimprovingnetworksecurityandperformanceAdvancedprotectionApplicationlayersecuritydesignedtoprotectMicrosoftapplicationsFast,secureaccessEmpowersyoutoconnectuserstorelevantinformationonyour
networkinacostefficientmannerEaseofuseEfficientlydeploy,manage,andenablenewusagescenariosIntroducing:ISAServer2004第11页/共52页Fast,secureaccessEmpowersyoutoconnectuserstorelevantinfo.onyournetworkISAServer2004NewFeatures
ContinuedcommitmenttointegrationEnhancedarchitecture
HighspeeddatatransportUtilizeslatestWindowsandPChardwareSSLbridgingunloadsdownstreamserversWebcache
UpdatedpolicyrulesServecontentlocallyPre-fetchcontentduringlowactivityperiodsInternetaccesscontrol
User-andgroup-basedWebusagepolicyExtensiblebythirdpartiesComprehensiveauthentication
NewsupportforRADIUSandRSASecurIDUser-&group-basedaccesspolicyThirdpartyextensibility第12页/共52页SystemServiceAccountsLocalServiceandNetworkServiceNopasswordtomanageRunswithonlyslightlymorepermissionsthanAuthenticatedUserLocalServicecannotauthenticateacrossthenetwork,NetworkServiceauthenticatesasthecomputeraccountLocalSystemNopasswordtomanageBypassessecuritychecksUserAccountsRunwithlessprivilegethanLocalSystemStorespasswordasanLSAsecretCanbecomplextoconfigure第13页/共52页What’sNewWithIPSec?ManagementIPSecurityMonitorCommand-linemanagementwithNetshLogicaladdressesforlocalIPconfigurationSecurityStrongercryptographicmasterkey(Diffie-Hellman)ComputerstartupsecurityPersistentpolicyforenhancedsecurityAbilitytoexcludethenameoftheCAfromcertificaterequestsBetterdefaultexemptionhandlingInteroperabilityIPSecfunctionalityovernetworkaddresstranslation(NAT)ImprovedIPSecintegrationwithNetworkLoadBalancing第14页/共52页ISAServer2004NewFeatures
NewmanagementtoolsanduserinterfaceMulti-networkarchitectureUnlimitednetworkdefinitionsandtypesFirewallpolicyappliedtoalltrafficPernetworkroutingrelationshipsNetworktemplatesandwizardsWizardautomatesnwkroutingrelationshipsSupports5commonnetworktopologiesEasilycustomizedforsophisticatedscenariosVisualpolicyeditorUnifiedfirewall/VPNpolicyw/onerule-baseDrag/dropeditingw/scenario-drivenwizardsXML-basedconfigurationimport-exportEnhancedtrouble-shootingAllnewmonitoringdashboardReal-timelogviewerContentsensitivetaskpanesEaseofUseEfficientlydeploy,manage,andenablenewusagescenarios第15页/共52页HowToUseWindowsUpdateToconfigureAutomaticUpdates:SelectKeepmycomputeruptodateOpentheSystemapplicationinControlPanel1OntheAutomaticUpdatestab,selectthe
optionyouwant32第16页/共52页OfficeUpdateBenefitsLimitationSinglelocationforofficepatchesandupdatesEasytouseCanbeconfiguredtoupdateconsumeror
enterprisesystemsDoesnotsupportAutomaticUpdates;updatingmustbeinitiatedmanuallyOfficeUpdateWebsite:
/officeupdate第17页/共52页HowToUseOfficeUpdateGoto/officeupdate1ClickCheckforUpdates2InstalltheOfficeUpdateInstallationEngine
(ifnotalreadyinstalled)3Selecttheupdatesyouwanttoinstall4ClickStartInstallation5第18页/共52页HowToUseSUSOntheSUSserverConfiguretheSUSserverat
http://<servername>/SUSAdminOneachSUSclientConfigureAutomaticUpdatesontheclienttousetheSUSserverUseGroupPolicy,manuallyconfigureeachclient,or
usescriptsSettheSUSserversynchronizationscheduleReview,test,andapproveupdates123第19页/共52页HowToUseMBSADownloadandinstallMBSA(onceonly)1LaunchMBSA2Selectthecomputer(s)toscan3Selectrelevantoptions4ClickStartscan5ViewtheSecurityReport6第20页/共52页SoftwareUpdateServiceDeploymentBestPractices(1)RevieweachsecuritypatchDownloadandinstallthepatchTesteachsecuritypatchbeforedeploymentConfigureatestlabUseatestSUSserverConsiderusingVirtualPCsinthetestlabUseastandardacceptancetestingprocedure第21页/共52页SoftwareUpdateServiceDeploymentBestPractices(2)CompletethedeploymentPilotthedeploymentConfigureachildSUSservertoapproveupdatesConfigureaGPOsothatthepatchisdownloadedfromthepilotSUSserveronlybyspecifiedworkstationsIfthepilotfails,removeapprovalfromtheSUSserverandmanuallyuninstallthepatch第22页/共52页HowToUseSMSToDeployPatchesOpentheSMSAdministratorConsole1Right-clickAllWindowsXPComputers,andthenselectAllTasks>DistributeSoftwareUpdates3Usethewizardtocreateanewpackageandprogram4Browsetothepatchtobedeployed5Configureoptionsforhowandwhenthepatchwillbedeployedtoclients6ExpandtheSiteDatabasenode2第23页/共52页SMS–MBSAIntegrationMBSAintegrationincludedwithSMS2003andthe
SUSFeaturePackforSMS2.0ScansSMSclientsformissingsecurityupdatesusingmbsacli.exe/hfSMSdirectsclienttorunlocalMBSAscan1SMSserverparsesdatatodeterminewhichcomputersneedwhichsecurityupdates3Administratorpushesmissingupdatesonlytoclientsthatrequirethem4Clientperformsscan,returnsdatatoSMSserver2第24页/共52页MBSABenefitsScanssystemsforMissingsecuritypatchesPotentialconfigurationissuesWorkswithabroadrangeof
MicrosoftsoftwareAllowsanadministratortocentrallyscanmultiplecomputerssimultaneously MBSAisafreetool,andcanbe
downloadedfrom
/mbsa
第25页/共52页MBSAConsiderationsMBSAreportsimportantvulnerabilitiesPasswordweaknessesGuestaccountnotdisabledAuditingnotconfiguredUnnecessaryservicesinstalledIISvulnerabilitiesIEzonesettingsAutomaticUpdatesconfigurationInternetConnectionFirewallconfiguration第26页/共52页MBSA–ScanOptionsMBSAhasthreescanoptionsMBSAgraphicaluserinterface(GUI)MBSAstandardcommand-line
interface(mbsacli.exe)HFNetChkscan(mbsacli.exe/hf)第27页/共52页BusinessCaseFor
PatchManagementWhendeterminingthepotentialfinancialimpactofpoorpatchmanagement,considerDowntimeRemediationtimeQuestionabledataintegrityLostcredibilityNegativepublicrelationsLegaldefensesStolenintellectualproperty第28页/共52页“WecommendMicrosoftforprovidingenhancedsecurityguidancetoitscustomersaswellasforsolicitinguserinputaspartoftheprocessofproducingthatguidance“ClintKreitnerPresident/CEO“NISTreviewedandprovidedtechnicalcomments&advice,thatwasincorporatedinthisguidance”TimothyGranceManagerSystemsandNetwork
SecurityGroupComments第29页/共52页Securelymakee-mailavailabletooutsideemployeesExchangepublishingYouNeedTo…SecurelymakeinternalapplicationsavailableontheInternetWebandServerPublishingEnablepartnerstoaccessrelevantinformationonmynetworkIntegratedS2SVPNandFWSecureandflexibleremoteaccess,whileprotectingmycorporatenetworkIntegratedRRASVPNandFWSecurelyconnectmybranchofficestothecorporateofficeIntegratedFW,VPN,CacheControlInternetAccessandprotectmyclientsfrommaliciousInternettrafficFW,WebProxyEnsurefastaccesstothemostfrequentlyusedwebcontentCachingISADelivers第30页/共52页RelationalReportingMultiplefacttablesFullrichnessthedimensions’
attributesTransactionlevelaccessStar,snowflake,3NF…Complexrelationships:Multi-grains,many-to-many,roleplaying,indirect…RecursiveselfjoinsSlowlychangingdimensionsTheUnifiedDimensionalModel–
TheBestOfRelationalAndOLAPOLAPCubesMultidimensionalnavigationHierarchicalpresentationFriendlyentitynamesPowerfulMDXcalculationsCentralKPIframework“Actions”LanguagetranslationsMultipleperspectivesPartitionsAggregationsDistributedsources第31页/共52页VisualStudioTeamSystemChangeManagementWorkItemTrackingReportingProjectSiteVisualStudio
TeamFoundationIntegrationServicesProjectManagementProcessandArchitectureGuidanceVisualStudioIndustryPartnersDynamicCodeAnalyzerVisualStudio
TeamArchitectStaticCodeAnalyzerCodeProfilerUnitTestingCodeCoverageVisioandUMLModelingTeamFoundationClientVSProClassModelingLoadTestingManualTestingTestCaseManagementApplicationModelingLogicalInfra.ModelingDeploymentModelingVisualStudio
TeamDeveloperVisualStudio
TeamTestApplicationModelingLogicalInfra.ModelingDeploymentModelingClassModeling第32页/共52页SQLServerCatalogReportServerXMLWebServiceInterfaceReportProcessingDeliveryDeliveryTargets(E-mail,SharePoint,Custom)RenderingOutputFormats(HTML,Excel,PDF,Custom)DataProcessingDataSources(SQL,OLEDB,XML/A,ODBC,Oracle,Custom)SecuritySecurityServices(NT,Passport,Custom)OfficeCustomApplicationBrowserSQLServer2000ReportingServices
Architecture第33页/共52页CMProfileRunscustomizable
postconnectscriptScriptrunsRQCnotifier
with“resultsstring”ListenerRQSreceivesNotifier
“resultsstring”Comparesresultsto
possibleresultsRemovestime-outif
responsereceivedbut
clientoutofdateRemovesquarantinefilter
ifclientuptodateQuarantineVSAsTimerlimitstime
windowtoreceivenotifybeforeautodisconnectQ-filtersetstemporaryroutefiltertoquarantineaccessInternetRASClientRRASServerIASServerQuarantineRQC.exeandRQS.exeareintheWindowsServer2003ResourceKitQuarantineArchitecture第34页/共52页MicrosoftBIProductSuiteAnalysisServicesOLAP&DataMiningDataTransformationServicesSQLServerRelationalEngineReportingServicesManagementToolsDevToolsVisualStudio.NetExcelOWCVisioMapPointDataAnalyzerSharePointPortalServerProjectServerWindowsServerMBSBIApplications第35页/共52页CurrentArchitectureTCP/IPRTCClientAPIUserAppRTPSIPPINTT.120第36页/共52页ServerArchitectureApplicationManagedAPIsApplicationManagedAPIsWinsockStorageADDispatcherDataStoreInterfacesSPLScriptEngineRegistrar/PresenceSIPProxy第37页/共52页ServerApplicationInteractionApplication
1CRMApplication
2BillingApplication
3LoggingRequestModified
Request第38页/共52页WhatisVSTeamFoundation?SourceCodeControlWorkItemTrackingBuildAutomationProjectSiteReporting第39页/共52页TITLEAvailableTodayMicrosoft®Windows®SecurityResourceKitAssessingNetworkSecurityJune23,2004第40页/共52页EAParchitectureTLSGSS_APIKerberosPEAPIKEMD5EAPPPP802.3802.5802.11Anything…methodlayerEAPlayermedialayerMS-CHAPv2TLSSecurID第41页/共52页PartnerSolutionsOfferingsVALUEProposition:
GetmorebusinessvaluefromyourinvestmentinOfficeFinanceSarbanes-OxleyBusinessScorecardExcelAdd-inforSQLServerAnalysisServicesOperationsSixSigmaHRRecruitingSalesProposalsSolutionAcceleratorsMicrosoftProductsOfficeSolutionAcceleratorsVALUEProposition:
GetmorebusinessvaluefromyourinvestmentinOffice第42页/共52页YourPeopleEPMInvolves….YourBusinessProcesses
YourOrganizationYourSoftwareTechnology&ToolsEnterpriseProjectManagementAnorchestrationofyourpeople,processes,organizationwithtechnology第43页/共52页YourBusinessProcesses…GovernancePrioritizationBudgetingHuman
Resources…
etc…InitiativesImplementMicrosoftOfficeProject2003fortheEnterpriseDecisions第44页/共52页-CorporateGoalsandObjectivesExecutivesFinanceSalesandMarketingR&DIT/ISYourOrganization…StrategicInitiativesHRDevelopmentProjectsOperationalImprovementsOnAverage45-50%ofallProjectsarelinkedtoStrategicObjectives.第45页/共52页RepresentativeRisksAndTacticsTacticalSolutionsEnterpriseRisksEmbodyTrustworthyComputingSecureEnvironmentalRemediationUnpatchedDevicesNetworkSegmentationThroughIPSecUnmanagedDevicesSecureRemoteUserRemoteandMobileUsersTwo-FactorforRemoteAccessandAdministratorsSingle-FactorAuthenticationManagedSourceInitiativesFocusControlsAcrossKeyAssets第46页/共52页RemoteAccessSecurity
ThreatRequirementSolutionMalicious
usersTwofactorauthen
温馨提示
- 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
- 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
- 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
- 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
- 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
- 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
- 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。
最新文档
- 2024年太原客运资格证试题完整版
- 2024年益阳道路运输客运从业资格证模拟考试
- 英语高效课堂实施方案
- 校友会老乡会迎新晚会策划书策划方案
- 小学班级文化建设暨养成教育活动方案
- Unit 9 Section A I like music that I can dance to1a-3c 课件 2023-2024学年人教版九年级英语
- 小学建设“书香校园”读书活动方案
- XX学校校本培训方案
- 5.2质监局世界计量日活动方案
- 县消毒餐饮具卫生安全专项整治工作方案策划方案
- 国家开放大学电大《古代小说戏曲专题》形考作业参考答案
- 注塑成型操作人员技能评定标准A0
- 模具保养记录表
- 四年级上册语文课件小学书法入门(一)
- 29、高处作业吊篮安拆安全技术交底
- 1.《郑人买履》课件PPT
- 小学语文人教四年级上册(统编2023年更新)第三单元-四上语文9古诗三首(教案)
- 我和大树交朋友
- 节日主题班会 《国家公祭日》课件教学
- 人教版小学四年级数学上册教案全册
- GB∕T 4423-2020 铜及铜合金拉制棒
评论
0/150
提交评论