素材库合集超级绝版

素材库合集超级绝版第1页/共74页IntegratedphoneandPDAPrimarilydataviewingInteroperabilitywithOutlookandExchange.NETCompactFrameworkASP.NETmobilecontrolsMobileDeviceSolutionsComplexdocumentauthoring,editingandreadingKeyboardcentricatthedeskKeyboardandmouseinputmethodsFull.NETframeworkavailableCentrinoSolutionsWindowsMobileWindowsXPComplexdocumentauthoring,editingandactivereadingNotetakingandinkannotatingKeyboardcentricatthedesk,penandkeyboardawayfromthedeskKeyboard,mousepluspen,ink,andspeechinputmethodsFull.NETframeworkpreinstalledPen,ink,handwritingandspeechrecognitionAPI’sCentrinoSolutionsViewandsomedataentryIntegratedPDAwithphoneInteroperabilitywithOffice,ExchangeandSQLServer.NETCompactFrameworkASP.NETmobilecontrolsIntelXscaleSolutionsWindows®CEOne-waynetworkInformationconsumptionSmartPersonalObjectsSmartphonePocketPCandPocketPCPhoneNotebookPCTabletPC第2页/共74页NetworkDefenseHealthcheckupITchecks“health”ofclientNetworkAccessControlClientswhopassgetnetworkaccessClientswhodonotpassarefixedorblocked(aka“quarantined”)HealthmaintenanceQuarantinedclientscanbegivenaccesstoresourcestogethealthyFromHome

(VPN,Dialup)ReturningLaptopsConsultants

GuestsUnhealthy

Desktops第3页/共74页MicrosoftBusinessSolutionsERPPositioningProjectManagementandAccountingERPPrimarilyinUSandLatinAmericaMid-marketERPTypicallycustomizedforuniquebusinessprocessesGlobalERPMultinationalsAdvancedmanufacturersMid-marketERPRichout-of-the-boxfunctionality第4页/共74页GuidingPrinciplesProductiveIntegratedExtensibleCapableShortlearningcurveMinimaladministrativeoverheadToolsintegratedtightlyAutomatescommontasksCustomizableforyourprocessIntegrateswith3rdpartytoolsRemotelyaccessibleRobust,secure,scalable第5页/共74页StagingArchitectureDataentryTestApplicationCenterCommerceWebCommerceCommerceDataCommerceWebCommerceCommerceDataApplicationCenterApplicationCenterDataACSClusterACSClusterClustercontrollerClustercontrollerData第6页/共74页LiveCommunicationsClientRoadmapLC1.2ClientPlatformMultipartyIMP2PVoice

andVideoMPOPGroupsRoamingSIPsupportGPOpolicymanagementLC1.5ClientPlatformRollupofQFEsMPOPAdditionsFederation/ArchivingNotificationHAAdditionsLC2.0ClientPlatformNextgenerationofRTCexperiencesMorecoming!20032H04Longhorn第7页/共74页EnterpriseDeploymentUpdateInternetFirewallFirewallFirewallRuntimeServersCorporateLAN–InternalServersCrawl/SearchLoadBalancedWebInfrastructureServersDevelopmentServersTestServersBusinessDataServersBusinessUsersDatabaseandStagingServersStagingServersDatabaseServersOfflineServersIndicatesStagedDataFlow第8页/共74页Communicateandcollaborateinamoresecuremanner

withoutsacrificinginformationworkerproductivityWindowsXPSP2

Blockvirusormaliciouscodeatthe“pointofentry”

第9页/共74页AtRiskTheSoftUnderbellySecurityIssuesToday1Source:ForresterResearch2Source:InformationWeek,26November20013Source:Netcraftsummary4Source:CERT,20035Source:CSI/FBIComputerCrimeandSecuritySurvey6Source:ComputerSecurityInstitute(CSI)ComputerCrimeandSecuritySurvey20027Source:CERT,20028Source:GartnerGroup14BdevicesontheInternetby2010135Mremoteusersby2005265%increaseindynamicWebsites3From2000to2002reportedincidentsrosefrom21,756to82,0944Nearly80percentof445respondentssurveyedsaidtheInternethasbecomeafrequentpointofattack,upfrom57percentjustfouryearsago5

90%detectedsecuritybreaches685%detectedcomputerviruses695%ofallbreachesavoidablewithanalternativeconfiguration7Approximately70percentofallWebattacksoccurattheapplicationlayer8第10页/共74页ApplicationLayerAttacksIdentityTheftWebSiteDefacementUnauthorizedAccessModificationofData,LogsandRecordsTheftofProprietaryInformationServiceDisruptionImplicationsCompliance:SarbanesOxleyGrammLeachBlilelyUSPatriotActHIPAA ThePrivacyAct(CA)Basel2(EU)DataProtectionAct(EU)LitigationFileSharingPiracyHRIssuesShareholderSuitsCustomerImpact第11页/共74页TypesOfSRPRulesPathRuleComparespathoffilebeingruntoanallowedpathlistUsewhenyouhaveafolderwithmanyfilesforthesameapplicationEssentialinwhenSRPsarestrictHashRuleComparestheMD5orSHA1hashofafiletotheoneattemptedtoberunUsewhenyouwanttoallow/prohibitacertainversionofafilefrombeingrunCertificateRuleChecksfordigitalsignatureonapplication(i.e.Authenticode)Usewhenyouwanttorestrictbothwin32applicationsandActiveXcontentInternetZoneRuleControlshowInternetZonescanbeaccessedUsewheninhighsecurityenvironmentstocontrolaccesstowebapplications第12页/共74页SQLServer2005ThemesSupportability&QualityEnterpriseEnhancementsUnified&FlexibleAdministrationPatchSolutionsPrevention,Readiness,RecoveryEaseofusePatchInstallsPatchinintegratedstepIntegratedDatabaseServicesandBusinessIntelligenceFlexibleinstallmanagementAddvaluetoone-stepFailoverClusteringExpandedscriptingsupport第13页/共74页TraditionalFirewallsWideopentoadvancedattacksPerformanceversus

securitytradeoffLimitedcapacityforgrowthHardtomanageCodeRed,NimdaSSL-basedattacksSecurityiscomplexITisalreadyoverloadedBandwidthtooexpensiveToomanymovingpartsNoteasilyupgradeableDon’tscalewithbusiness第14页/共74页ChoosingtheRightTypeofAssessment

VulnerabilityScanningFocusesonknownweaknessesOfthethree,requirestheleastexpertiseGenerallyeasytoautomatePenetrationTestingFocusesonknownandunknownweaknessesRequiresadvancedtechnicalexpertiseCarriestremendouslegalburdenincertaincountries/organizationsITSecurityAuditsFocusesonsecuritypoliciesandproceduresOfthethree,requiresthemostexpertiseWhendonerightisthemosteffectivetypeofassessment第15页/共74页PerimeterSecurityEvolutionWideopentoadvancedattacksApplication-levelprotectionPerformanceversus

securitytradeoffSecurityandperformanceLimitedcapacityforgrowthExtensibilityandscalabilityHardtomanageEasiertouse第16页/共74页The

advancedapplicationlayerfirewall,VPNandWebcache

solutionthatenablescustomerstomaximizeITinvestmentsbyimprovingnetworksecurityandperformanceAdvancedprotectionApplicationlayersecuritydesignedtoprotectMicrosoftapplicationsFast,secureaccessEmpowersyoutoconnectuserstorelevantinformationonyour

networkinacostefficientmannerEaseofuseEfficientlydeploy,manage,andenablenewusagescenariosIntroducing:ISAServer2004第17页/共74页Fast,secureaccessEmpowersyoutoconnectuserstorelevantinfo.onyournetworkISAServer2004NewFeatures

ContinuedcommitmenttointegrationEnhancedarchitecture

HighspeeddatatransportUtilizeslatestWindowsandPChardwareSSLbridgingunloadsdownstreamserversWebcache

UpdatedpolicyrulesServecontentlocallyPre-fetchcontentduringlowactivityperiodsInternetaccesscontrol

User-andgroup-basedWebusagepolicyExtensiblebythirdpartiesComprehensiveauthentication

NewsupportforRADIUSandRSASecurIDUser-&group-basedaccesspolicyThirdpartyextensibility第18页/共74页SystemServiceAccountsLocalServiceandNetworkServiceNopasswordtomanageRunswithonlyslightlymorepermissionsthanAuthenticatedUserLocalServicecannotauthenticateacrossthenetwork,NetworkServiceauthenticatesasthecomputeraccountLocalSystemNopasswordtomanageBypassessecuritychecksUserAccountsRunwithlessprivilegethanLocalSystemStorespasswordasanLSAsecretCanbecomplextoconfigure第19页/共74页What’sNewWithIPSec?ManagementIPSecurityMonitorCommand-linemanagementwithNetshLogicaladdressesforlocalIPconfigurationSecurityStrongercryptographicmasterkey(Diffie-Hellman)ComputerstartupsecurityPersistentpolicyforenhancedsecurityAbilitytoexcludethenameoftheCAfromcertificaterequestsBetterdefaultexemptionhandlingInteroperabilityIPSecfunctionalityovernetworkaddresstranslation(NAT)ImprovedIPSecintegrationwithNetworkLoadBalancing第20页/共74页ISAServer2004NewFeatures

NewmanagementtoolsanduserinterfaceMulti-networkarchitectureUnlimitednetworkdefinitionsandtypesFirewallpolicyappliedtoalltrafficPernetworkroutingrelationshipsNetworktemplatesandwizardsWizardautomatesnwkroutingrelationshipsSupports5commonnetworktopologiesEasilycustomizedforsophisticatedscenariosVisualpolicyeditorUnifiedfirewall/VPNpolicyw/onerule-baseDrag/dropeditingw/scenario-drivenwizardsXML-basedconfigurationimport-exportEnhancedtrouble-shootingAllnewmonitoringdashboardReal-timelogviewerContentsensitivetaskpanesEaseofUseEfficientlydeploy,manage,andenablenewusagescenarios第21页/共74页HowToUseWindowsUpdateToconfigureAutomaticUpdates:SelectKeepmycomputeruptodateOpentheSystemapplicationinControlPanel1OntheAutomaticUpdatestab,selectthe

optionyouwant32第22页/共74页OfficeUpdateBenefitsLimitationSinglelocationforofficepatchesandupdatesEasytouseCanbeconfiguredtoupdateconsumeror

enterprisesystemsDoesnotsupportAutomaticUpdates;updatingmustbeinitiatedmanuallyOfficeUpdateWebsite:

/officeupdate第23页/共74页HowToUseOfficeUpdateGoto/officeupdate1ClickCheckforUpdates2InstalltheOfficeUpdateInstallationEngine

(ifnotalreadyinstalled)3Selecttheupdatesyouwanttoinstall4ClickStartInstallation5第24页/共74页HowToUseSUSOntheSUSserverConfiguretheSUSserverat

http://<servername>/SUSAdminOneachSUSclientConfigureAutomaticUpdatesontheclienttousetheSUSserverUseGroupPolicy,manuallyconfigureeachclient,or

usescriptsSettheSUSserversynchronizationscheduleReview,test,andapproveupdates123第25页/共74页HowToUseMBSADownloadandinstallMBSA(onceonly)1LaunchMBSA2Selectthecomputer(s)toscan3Selectrelevantoptions4ClickStartscan5ViewtheSecurityReport6第26页/共74页SoftwareUpdateServiceDeploymentBestPractices(1)RevieweachsecuritypatchDownloadandinstallthepatchTesteachsecuritypatchbeforedeploymentConfigureatestlabUseatestSUSserverConsiderusingVirtualPCsinthetestlabUseastandardacceptancetestingprocedure第27页/共74页SoftwareUpdateServiceDeploymentBestPractices(2)CompletethedeploymentPilotthedeploymentConfigureachildSUSservertoapproveupdatesConfigureaGPOsothatthepatchisdownloadedfromthepilotSUSserveronlybyspecifiedworkstationsIfthepilotfails,removeapprovalfromtheSUSserverandmanuallyuninstallthepatch第28页/共74页HowToUseSMSToDeployPatchesOpentheSMSAdministratorConsole1Right-clickAllWindowsXPComputers,andthenselectAllTasks>DistributeSoftwareUpdates3Usethewizardtocreateanewpackageandprogram4Browsetothepatchtobedeployed5Configureoptionsforhowandwhenthepatchwillbedeployedtoclients6ExpandtheSiteDatabasenode2第29页/共74页SMS–MBSAIntegrationMBSAintegrationincludedwithSMS2003andthe

SUSFeaturePackforSMS2.0ScansSMSclientsformissingsecurityupdatesusingmbsacli.exe/hfSMSdirectsclienttorunlocalMBSAscan1SMSserverparsesdatatodeterminewhichcomputersneedwhichsecurityupdates3Administratorpushesmissingupdatesonlytoclientsthatrequirethem4Clientperformsscan,returnsdatatoSMSserver2第30页/共74页MBSABenefitsScanssystemsforMissingsecuritypatchesPotentialconfigurationissuesWorkswithabroadrangeof

MicrosoftsoftwareAllowsanadministratortocentrallyscanmultiplecomputerssimultaneously MBSAisafreetool,andcanbe

downloadedfrom

/mbsa

第31页/共74页MBSAConsiderationsMBSAreportsimportantvulnerabilitiesPasswordweaknessesGuestaccountnotdisabledAuditingnotconfiguredUnnecessaryservicesinstalledIISvulnerabilitiesIEzonesettingsAutomaticUpdatesconfigurationInternetConnectionFirewallconfiguration第32页/共74页MBSA–ScanOptionsMBSAhasthreescanoptionsMBSAgraphicaluserinterface(GUI)MBSAstandardcommand-line

interface(mbsacli.exe)HFNetChkscan(mbsacli.exe/hf)第33页/共74页BusinessCaseFor

PatchManagementWhendeterminingthepotentialfinancialimpactofpoorpatchmanagement,considerDowntimeRemediationtimeQuestionabledataintegrityLostcredibilityNegativepublicrelationsLegaldefensesStolenintellectualproperty第34页/共74页“WecommendMicrosoftforprovidingenhancedsecurityguidancetoitscustomersaswellasforsolicitinguserinputaspartoftheprocessofproducingthatguidance“ClintKreitnerPresident/CEO“NISTreviewedandprovidedtechnicalcomments&advice,thatwasincorporatedinthisguidance”TimothyGranceManagerSystemsandNetwork

SecurityGroupComments第35页/共74页Securelymakee-mailavailabletooutsideemployeesExchangepublishingYouNeedTo…SecurelymakeinternalapplicationsavailableontheInternetWebandServerPublishingEnablepartnerstoaccessrelevantinformationonmynetworkIntegratedS2SVPNandFWSecureandflexibleremoteaccess,whileprotectingmycorporatenetworkIntegratedRRASVPNandFWSecurelyconnectmybranchofficestothecorporateofficeIntegratedFW,VPN,CacheControlInternetAccessandprotectmyclientsfrommaliciousInternettrafficFW,WebProxyEnsurefastaccesstothemostfrequentlyusedwebcontentCachingISADelivers第36页/共74页RelationalReportingMultiplefacttablesFullrichnessthedimensions’

attributesTransactionlevelaccessStar,snowflake,3NF…Complexrelationships:Multi-grains,many-to-many,roleplaying,indirect…RecursiveselfjoinsSlowlychangingdimensionsTheUnifiedDimensionalModel–

TheBestOfRelationalAndOLAPOLAPCubesMultidimensionalnavigationHierarchicalpresentationFriendlyentitynamesPowerfulMDXcalculationsCentralKPIframework“Actions”LanguagetranslationsMultipleperspectivesPartitionsAggregationsDistributedsources第37页/共74页VisualStudioTeamSystemChangeManagementWorkItemTrackingReportingProjectSiteVisualStudio

TeamFoundationIntegrationServicesProjectManagementProcessandArchitectureGuidanceVisualStudioIndustryPartnersDynamicCodeAnalyzerVisualStudio

TeamArchitectStaticCodeAnalyzerCodeProfilerUnitTestingCodeCoverageVisioandUMLModelingTeamFoundationClientVSProClassModelingLoadTestingManualTestingTestCaseManagementApplicationModelingLogicalInfra.ModelingDeploymentModelingVisualStudio

TeamDeveloperVisualStudio

TeamTestApplicationModelingLogicalInfra.ModelingDeploymentModelingClassModeling第38页/共74页SQLServerCatalogReportServerXMLWebServiceInterfaceReportProcessingDeliveryDeliveryTargets(E-mail,SharePoint,Custom)RenderingOutputFormats(HTML,Excel,PDF,Custom)DataProcessingDataSources(SQL,OLEDB,XML/A,ODBC,Oracle,Custom)SecuritySecurityServices(NT,Passport,Custom)OfficeCustomApplicationBrowserSQLServer2000ReportingServices

Architecture第39页/共74页CMProfileRunscustomizable

postconnectscriptScriptrunsRQCnotifier

with“resultsstring”ListenerRQSreceivesNotifier

“resultsstring”Comparesresultsto

possibleresultsRemovestime-outif

responsereceivedbut

clientoutofdateRemovesquarantinefilter

ifclientuptodateQuarantineVSAsTimerlimitstime

windowtoreceivenotifybeforeautodisconnectQ-filtersetstemporaryroutefiltertoquarantineaccessInternetRASClientRRASServerIASServerQuarantineRQC.exeandRQS.exeareintheWindowsServer2003ResourceKitQuarantineArchitecture第40页/共74页WhatisVSTeamFoundation?SourceCodeControlWorkItemTrackingBuildAutomationProjectSiteReporting第41页/共74页MicrosoftBIProductSuiteAnalysisServicesOLAP&DataMiningDataTransformationServicesSQLServerRelationalEngineReportingServicesManagementToolsDevToolsVisualStudio.NetExcelOWCVisioMapPointDataAnalyzerSharePointPortalServerProjectServerWindowsServerMBSBIApplications第42页/共74页CurrentArchitectureTCP/IPRTCClientAPIUserAppRTPSIPPINTT.120第43页/共74页ServerArchitectureApplicationManagedAPIsApplicationManagedAPIsWinsockStorageADDispatcherDataStoreInterfacesSPLScriptEngineRegistrar/PresenceSIPProxy第44页/共74页ServerApplicationInteractionApplication

1CRMApplication

2BillingApplication

3LoggingRequestModified

Request第45页/共74页TITLEAvailableTodayMicrosoft®Windows®SecurityResourceKitAssessingNetworkSecurityJune23,2004第46页/共74页EAParchitectureTLSGSS_APIKerberosPEAPIKEMD5EAPPPP802.3802.5802.11Anything…methodlayerEAPlayermedialayerMS-CHAPv2TLSSecurID第47页/共74页PartnerSolutionsOfferingsVALUEProposition:

GetmorebusinessvaluefromyourinvestmentinOfficeFinanceSarbanes-OxleyBusinessScorecardExcelAdd-inforSQLServerAnalysisServicesOperationsSixSigmaHRRecruitingSalesProposalsSolutionAcceleratorsMicrosoftProductsOfficeSolutionAcceleratorsVALUEProposition:

GetmorebusinessvaluefromyourinvestmentinOffice第48页/共74页YourPeopleEPMInvolves….YourBusinessProcesses

YourOrganizationYourSoftwareTechnology&ToolsEnterpriseProjectManagementAnorchestrationofyourpeople,processes,organizationwithtechnology第49页/共74页YourBusinessProcesses…GovernancePrioritizationBudgetingHuman

Resources…

etc…InitiativesImplementMicrosoftOfficeProject2003fortheEnterpriseDecisions第50页/共74页-CorporateGoalsandObjectivesExecutivesFinanceSalesandMarketingR&DIT/ISYourOrganization…StrategicInitiativesHRDevelopmentProjectsOperationalImprovementsOnAverage45-50%ofallProjectsarelinkedtoStrategicObjectives.第51页/共74页RepresentativeRisksAndTacticsTacticalSolutionsEnterpriseRisksEmbodyTrustworthyComputingSecureEnvironmentalRemediationUnpatchedDevicesNetworkSegmentationThroughIPSecUnmanagedDevicesSecureRemoteUserRemoteandMobileUsersTwo-FactorforRemoteAccessandAdministratorsSingle-FactorAuthenticationManagedSourceInitiativesFocusControlsAcrossKeyAssets第52页/共74页RemoteAccessSecurity

ThreatRequirementSolutionMalicious

usersTwofactorauthenticationSmartCards

forRASMalicious

softwareEnforceremotesystemsecurityconfigurationConnectionManager,customscriptsandtoolsprovidedintheWindows2003resourcekit第53页/共74页CorporateSecurityGroupOrganizationCorporateSecurityGroupThreat,Risk

Analysis,andPolicyAssessmentand

ComplianceMonitoring,IntrusionDetection,andIncidentResponseSharedServices

OperationsThreatandRisk

AnalysisPolicy

DevelopmentProduct

EvaluationDesign

ReviewStructure

StandardsSecurity

ManagementSecurity

AssessmentComplianceand

RemediationMonitoringand

IntrusionDetectionRapidResponse

andResolution

ForensicsIT

InvestigationsPhysicaland

RemoteAccessCertificate

AdministrationSecurity

ToolsInitiative

Management第54页/共74页ServerFunctionsOperationalInfrastructureServerWorkloadsFocusApplication/WebServerUnixintegrationservicesWorkloadsSolutionsApplicationPlatformInformationWorkerInfrastructureDatabaseHighPerformanceComputingSoftwareDistributionVirtualizationOperationsMgmtTerminalServerEmailCollaborationBranchOfficeMediumBusinessSmallBusinessNetworkingRemoteAccessSecurityIdentityMgmtStorage(file,portal)Print第55页/共74页WhatIsMapPointWebService?Functionalities/APIsMaps,Geocoding,ReverseGeocoding,ProximitySearch,FindAddressetc.DevelopmentToolsVisualStudio.Net,Linux,VisualBasic,Mac,Java,C#…XMLWebService

PointsofInterestDatabaseofmorethan200,000and16millionbusinesslistingsCartographicdataExtensivegeographiccoveragein19countriesinEuropeandNorthAmerica.NoUIconstraints;deviceindependent.Integration

intoabroadrangeof

differentapplications

anddevices.第56页/共74页20042005WindowsSmallBusinessServer2003SP1WindowsServer2003for64-BitExtendedSystemsWindowsServer2003ServicePack1(SP1)WindowsXPTabletEdition2005WindowsXPMediaCenterEdition2005WindowsXPServicePack2(SP2)VirtualServer2005AdditionalFeaturePacks(e.g.WindowsUpdateServices)WindowsServer:Codename“Longhorn”Beta1WindowsClient:Codename“Longhorn”Beta1WindowsServer2003Update:Codename“R2”ReleaseRoadmap第57页/共74页第二篇表格篇第58页/共74页MicrosoftPatchSeverityRatingsSecurityBulletinList:http://www.M/TechNet/Security/Current.asp

RatingDefinitionCriticalExploitationcouldallowthepropagationofanInternetwormImportantExploitationcouldresultincompromiseofuserdataortheavailabilityofprocessingresourcesModerateExploitationisserious,butismitigatedtoasignificantdegreebydefaultconfiguration,auditing,needforuseraction,ordifficultyofexploitationLowExploitationisextremelydifficultorimpactisminimal第59页/共74页PatchingTimeFramesSeverityratingRecommendedpatchingtimeframeRecommended

maximumpatchingtimeframeCriticalWithin24hoursWithintwoweeksImportantWithinonemonthWithintwomonthsModerateDependingonexpectedavailability,waitfornextservicepackorpatchrollupthatincludesthepatch,ordeploythepatchwithinfourmonthsDeploythepatchwithinsixmonthsLowDependingonexpectedavailability,waitfornextservicepackorpatchrollupthatincludesthepatch,ordeploythepatchwithinoneyearDeploythepatchwithinoneyear,orchoosenottodeployatall第60页/共74页ImprovingThePatchingExperienceYourneedMicrosoft’sresponseReducepatchfrequencyReducedfrequencyofnon-emergencypatchreleasesfromonceperweektooncepermonthReducepatchingcomplexityReducednumberofpatchinstallertechnologiesReduceriskofpatchdeploymentImprovedpatchqualityandintroduced

patchrollbackcapabilityReducepatchsizeDeveloped“deltapatching”technologyto

reducepatchsizeReducedowntimeReducedpatch-relatedrebootsImprovetoolconsistencyDevelopingconsistenttoolsImprovetoolcapabilitiesDevelopingmorecapabletools第61页/共74页ChoosingAPatch

ManagementSolutionCustomertypeScenarioSolutionConsumerAllscenariosWindowsUpdateSmallorganizationHasnoWindowsserversWindowsUpdateHasonetothreeWindows2000

ornewerserversandoneITadministratorMBSAandSUSMedium-sizedorlargeenterpriseWantsapatchmanagementsolutionwithbasiclevelofcontrolthatupdatesWindows2000andnewerversionsofWindowsMBSAandSUSWantsasingleflexiblepatchmanagementsolutionwithextendedlevelofcontroltopatch,update,anddistributeallsoftwareSMS第62页/共74页PatchManagementSolutionForMedium-SizedAndLargeOrganizationsCapabilitySUS1.0SMS2003

Supported

Platformsfor

Content

Windows2000

WindowsXP

WindowsServer2003

WindowsNT4.0

Windows98

Windows2000WindowsXP

WindowsServer2003

Supported

ContentTypes

Securityandsecurity

rolluppatches,critical

updates,andservice

packsfortheabove

operatingsystems

Allpatches,servicepacks,and

updatesfortheaboveoperating

systems;supportspatch,

update,andapplication

installationsforMicrosoftand

otherapplications

Patch

Distribution

Control

Basic

Advanced第63页/共74页OtherSessionsOfInterestWIN280MicrosoftVirtualServer2005:TechnicalOverviewMon,May24

1:30-2:45PMRoom20AWINC28Q&AWiththeVirtualServer

TeamTues,May25

1:30–2:45PMCabana13WIN383UsingMicrosoftVirtualServer2005toInstalla

2-NodeClusterofVirtual

MachinesTues,May25

3:15-4:30PMRoom31ABCWIN381AdvancedConfigurationsScenariosforVirtualServer2005Tues,May25

5:00-6:15PMRoom31ABCWINC10ConsolidatingNT4ApplicationsUsingWindowsVirtualServer2005Wed,May26

10:15-11:30AMCabana12WINC13CreatingaVirtualTestLabwithMicrosoftVirtualServer

2005Wed,May26

5:30-6:45PMCabana12第64页/共74页TheImportanceOfProactivePatchManagementAttackPatchreleasedateAttackdateNumberofdayspatchwasavailablebeforetheattackTrojan.KahtMar17,2003May,5200349SQLSlammerJul24,2002Jan24,2003184Klez-EMar29,2001Jan17,2002294NimdaOct17,2000Sept18,2001336CodeRedJun18,2001Jul16,200128第65页/共74页DREADHigh(3)Medium(2)Low(1)DamagepotentialAttackercanretrieveextremelysensitivedataandcorruptordestroydataAttackercanretrievesensitivedatabutdolittleelseAttackercanonlyretrievedatathathaslittleornopotentialforharmReproduc-abilityWorkseverytime;doesnotrequireatimingwindowTiming-dependent;worksonlywithinatimewindowRarelyworksExploitabilityBartSimpsoncoulddoitAttackermustbesomewhatknowledgeableandskilledAttackermustbeVERYknowledgeableandskilledAffectedusersMostorallusersSomeusersFewifanyusersDiscoverabiltyAttackercaneasilydiscoverthevulnerabilityAttackermightdiscoverthevulnerabilityAttackerwillhavetodigtodiscoverthevulnerability第66页/共74页MicroIssuesare88%Simpletofix.Create“Noise”Fiveissuesrepresent88%ofallupgradeissuesDefaultproperties52%Property/methodnotupgraded13%Property/methoddifferentbehavior12%ModulemethodsofCOMobjects7%Null/IsNull4%第67页/共74页AnalysisServiceandDTSMigrationWizardsNonewMDACbitsReduced