View
219
Download
0
Tags:
Embed Size (px)
Citation preview
Securing your dataSecurity with Microsoft Infrastructure and Internet Explorer
Securing your dataSecurity with Microsoft Infrastructure and Internet Explorer
Matt KestianMatt KestianStrategic Security Advisor | National Security Team | Microsoft Corporation | March
11,2005
Version 1.0Version 1.0
Microsoft Confidential – NDA Material
AgendaAgenda
Some true stories…..Some true stories…..
Phishing/Malware DemonstrationPhishing/Malware DemonstrationStrategy for securely browsing with internet Strategy for securely browsing with internet explorerexplorer
Defense in DepthDefense in DepthSecuring the perimeter Securing the perimeter
Securing the networkSecuring the network
Securing the hostsSecuring the hosts
Securing applicationsSecuring applications
Securing the dataSecuring the data
Microsoft Confidential – NDA Material
True stories from the fieldTrue stories from the field
Phishing gone high techPhishing gone high tech
Bank in Latin AmericaBank in Latin America
E-mail between two companies E-mail between two companies (actually this one is personal)(actually this one is personal)
IE Security Improvements in XP SP2IE Security Improvements in XP SP2
Microsoft Confidential – NDA Material
Post XP SP2 ObservationsPost XP SP2 Observations
StrengthsStrengthsBig security investments were worthwhileBig security investments were worthwhile
Balance of app compat and security seems goodBalance of app compat and security seems good
Opportunities to ImproveOpportunities to ImproveNeeded to consider cleanup, not just protectionNeeded to consider cleanup, not just protection
Info disclosure just as important as code executionInfo disclosure just as important as code execution
Servicing IE with the OS is difficult for some Servicing IE with the OS is difficult for some customerscustomers
Configuration management – are we doing all we Configuration management – are we doing all we can?can?
Everyone wants new features – even security prosEveryone wants new features – even security pros
IE 7 will beta this summer with even more IE 7 will beta this summer with even more phishing and malware protectionphishing and malware protection
Microsoft Confidential – NDA Material
Threat ModelingThreat Modeling
SSpoofingpoofingAn unauthorized user impersonating a valid userAn unauthorized user impersonating a valid user
TTamperingamperingAn attacker illegally modifying or destroying dataAn attacker illegally modifying or destroying data
RRepudiationepudiationAbility of a user to deny performing an actionAbility of a user to deny performing an action
IInformation Disclosurenformation DisclosureReleasing information to unauthorised usersReleasing information to unauthorised users
DDenial of Serviceenial of ServiceCausing the system to be unavailable to valid usersCausing the system to be unavailable to valid users
EElevation of Privilegelevation of PrivilegeAn attacker illegally gains a higher level of accessAn attacker illegally gains a higher level of access
Microsoft Confidential – NDA Material
Web servers
Exchange front end
DNS
IDS
IDS
Exchange
Directory
Web apps
LOB apps
SMS/MOM
DNS
DirectorySQL cluster
Disk array
Desktops
[VLAN]
[VLA
N]
[VLAN]
Attack MethodologiesAttack Methodologies
11 ReconnaissanceReconnaissance - Port Scanning - Port Scanning
network mappingnetwork mapping
22 Search for known vulnerabilitiesSearch for known vulnerabilities33 Exploit the vulnerabilitiesExploit the vulnerabilities44 Take ownership – Elevate PrivilegesTake ownership – Elevate Privileges
Download hacker tools, backdoors, rootkits, etcDownload hacker tools, backdoors, rootkits, etc
55 Perform unauthorized activitiesPerform unauthorized activities
Determine other targets and attack themDetermine other targets and attack them
66 Steal the DataSteal the Data77 Cover your tracksCover your tracks
Clear Audit TrailsClear Audit Trails
XX
XX X
Microsoft Confidential – NDA Material
Policies, Procedures, & Awareness
Policies, Procedures, & Awareness
Physical SecurityPhysical Security
PerimeterPerimeter
NetworkNetwork
HostHost
ApplicationApplication
DataData
Defense in DepthAn organizing framework for SecurityDefense in DepthAn organizing framework for Security
Layered Portfolio of CountermeasuresLayered Portfolio of Countermeasures
Reduce the chance of a single point of vulnerability Reduce the chance of a single point of vulnerability
Microsoft Confidential – NDA Material
Perimeter LayerPerimeter Layer
The Internet Branch offices Business partners Remote users Wireless
networks Internet
applications
Network perimeters include connections to:
Business Partner
Internet Services
LAN
Main Office
LAN
Internet Services
Branch Office
LAN
Wireless
Network
Remote User
Internet
Microsoft Confidential – NDA Material
Business Partner
Internet Services
LAN
Main Office
LAN
Internet Services
Branch Office
LAN
Wireless
Network
Remote User
Internet
Perimeter Layer CompromisePerimeter Layer Compromise
Attack on corporate network
Attack on remote users
Attack from business partners
Attack from a branch office
Attack on Internet services
Attack from the Internet
Network perimeter compromise may result in:
Microsoft Confidential – NDA Material
Perimeter Layer ProtectionPerimeter Layer Protection
Firewalls Blocking communication
ports Port and IP address
translation Virtual Private Networks Tunneling protocols Filter traffic- SMTP,
Spam blocking, proxy technologies
VPN quarantine
Network perimeter protection includes:
Business Partner
Internet Services
LAN
Main Office
LAN
Internet Services
Branch Office
LAN
Wireless
Network
Remote User
Internet
Microsoft Confidential – NDA Material
ISA Server 2004ISA Server 2004Application level FWApplication level FWVPN QuarantineVPN Quarantine
Sybari Antigen – Anti-Virus, Anti-Sybari Antigen – Anti-Virus, Anti-SpamSpam
LabUnmanaged guest
Microsoft Confidential – NDA Material
Network LayerNetwork Layer
Marketing
Human Resources
Finance
Sales
Wireless Network
Microsoft Confidential – NDA Material
Network Layer CompromiseNetwork Layer Compromise
Unauthorized access to systems
Sniff packets from the network
Unexpected communication
ports
Access all network traffic
Unauthorized access to wireless
networks
Microsoft Confidential – NDA Material
Security ZonesSecurity Zones
Tier RestrictionsTier Restrictions
Intra-zone Tier Intra-zone Tier Communication Communication RestrictionsRestrictions
Inter-zone Inter-zone Communication Communication RestrictionsRestrictions
Microsoft Confidential – NDA Material
Network Layer ProtectionNetwork Layer Protection
Implement mutual authentication
Segment the network (Vlan, internal FW)
Encrypt network communications
Block communication ports
Control access to network devices
Sign network packets
Multi home some servers
Implementing IPSec Policy
Microsoft Confidential – NDA Material
Host LayerHost Layer
Specific network roleSpecific network role
Operating system configurationOperating system configuration
The term “host” is used to refer to The term “host” is used to refer to both workstations and serversboth workstations and servers
Microsoft Confidential – NDA Material
Host Layer CompromiseHost Layer Compromise
Unsecured Operating
System Configuratio
n
Unmonitored Access
Exploit Operating
System Weakness
Distribute Viruses
Microsoft Confidential – NDA Material
Malicious Web Malicious Web contentcontent
Buffer overrun Buffer overrun attacksattacks
Port-based Port-based attacksattacks
Malicious e-mail Malicious e-mail attachmentsattachments
Attack VectorsAttack Vectors
Days to exploit and complexities around patching makes patching a less effective defense strategy
Microsoft Confidential – NDA Material
Windows XP Service Pack 2Windows XP Service Pack 2Windows Server 2003 Service Pack 1Windows Server 2003 Service Pack 1Microsoft Windows AntiSpywareMicrosoft Windows AntiSpywareSoftware Restriction PoliciesSoftware Restriction PoliciesFuture: Network Access ProtectionFuture: Network Access Protection
Microsoft Confidential – NDA Material
Manage configuration changes
Host Layer ProtectionHost Layer Protection
Harden operating system
Install security updates
Implement auditing
Disable or remove unnecessary services
Install and maintain antivirus software
Use Group Policy – implement templates XP and Server
Run AV and keep up to date
Implement IPSec for mutual authentication
Restrict anonymous access where able
Rename the admin account disable guest
Use Windows Firewall
Microsoft Confidential – NDA Material
Application LayerApplication Layer
Applications That Create and
Access Data
Server Applications (for example, Exchange Server or SQL Server)
Security issues specific to applicationsSecurity issues specific to applications
Functionality must be maintainedFunctionality must be maintained
Microsoft Confidential – NDA Material
Application Layer CompromiseApplication Layer Compromise
Loss of applicationLoss of application
Execution of malicious codeExecution of malicious code
Extreme use of applicationExtreme use of application
Unwanted use of applicationsUnwanted use of applications
Microsoft Confidential – NDA Material
Application Layer ProtectionApplication Layer Protection
Enable only required services and functionality
Configure application security settings
Install security updates for applications
Install and update antivirus software
Run applications with least privilege
Microsoft Confidential – NDA Material
Data LayerData Layer
DocumentsDirectoryApplicatio
ns
Microsoft Confidential – NDA Material
Data Layer CompromiseData Layer Compromise
DocumentsDirectory Applicatio
ns
View, Change, or
Modify Information
Interrogate Directory
Files
Replace or Modify
Application Files
Microsoft Confidential – NDA Material
Persistent information protectionPersistent information protectionNew “lockbox” business scenariosNew “lockbox” business scenariosDeployment, usability enhancementsDeployment, usability enhancements
Offline supportOffline supportFIPS complianceFIPS complianceSmartcard integrationSmartcard integrationTechnology Technology
InvestmentInvestmentss
Microsoft Confidential – NDA Material
Data Layer ProtectionData Layer Protection
Encrypt files with EFS
Secure SQL server according to SQL server security guidelines
Move files from the default location
Create data backup and recovery plans
Protect documents and e-mail with Windows Rights Management Services
Utilize NTFS Access control lists
Microsoft Confidential – NDA Material
Microsoft Baseline Security Analyzer (MBSA) v1.2Microsoft Baseline Security Analyzer (MBSA) v1.2Virus Cleaner ToolsVirus Cleaner ToolsSystems Management Server (SMS) 2003Systems Management Server (SMS) 2003Software Update Services (SUS) SP1Software Update Services (SUS) SP1Internet Security and Acceleration (ISA) Server 2004 Internet Security and Acceleration (ISA) Server 2004 Standard EditionStandard EditionWindows XP Service Pack 2Windows XP Service Pack 2
Patching Technology Improvements (MSI Patching Technology Improvements (MSI 3.0)3.0)Systems Management Server 2003 SP1Systems Management Server 2003 SP1Microsoft Operations Manager 2005Microsoft Operations Manager 2005Windows malicious software removal toolWindows malicious software removal tool
Windows Server 2003 Service Pack 1Windows Server 2003 Service Pack 1Windows Update Services Windows Update Services ISA Server 2004 Enterprise EditionISA Server 2004 Enterprise EditionWindows Rights Management Services SP1Windows Rights Management Services SP1Windows AntiSpywareWindows AntiSpywareSystem Center 2005System Center 2005Windows Server 2003 “R2”Windows Server 2003 “R2”Visual Studio 2005Visual Studio 2005
Vulnerability Assessment and Vulnerability Assessment and RemediationRemediationActive Protection Technologies Active Protection Technologies AntivirusAntivirus
PriorPrior
H2 04H2 04
FutureFuture
20052005
© 2005 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.