top 5 things for security what every microsoft partner should know nattorn jayanama product manager...
TRANSCRIPT
Top 5 things for securityTop 5 things for security What every Microsoft Partner should What every Microsoft Partner should knowknow
Nattorn JayanamaNattorn JayanamaProduct ManagerProduct ManagerMicrosoft ThailandMicrosoft Thailand
Top 5 Things for SecurityTop 5 Things for Security
Know the Threats & SolutionsKnow the Threats & Solutions1.1. Top 5 Cyber Threats for ThailandTop 5 Cyber Threats for Thailand
2.2. Microsoft SolutionsMicrosoft Solutions
Know the StrategyKnow the Strategy3.3. Security QualitySecurity Quality
4.4. Security ManagementSecurity Management
5.5. Security InnovationSecurity Innovation
Top 5 Cyber-Threats 2005Top 5 Cyber-Threats 2005
11stst: SPAM Email: SPAM Email
22ndnd: Spyware: Spyware
33rdrd: Malware: Malware
44thth: Phishing: Phishing
55thth: SPAM IM: SPAM IM
SPAM EmailSPAM Email ProblemProblem
SPAM or Junk mail refers to SPAM or Junk mail refers to unrequested emails or unrequested emails or advertisements.advertisements.
Email information gotten from Email information gotten from customer databases or war dialingcustomer databases or war dialing
SPAM Email SolutionSPAM Email Solution
Using Anti-SPAM at internet gateway Using Anti-SPAM at internet gateway or DMZor DMZ
Using Anti-SPAM software on clientUsing Anti-SPAM software on client
Control usage of corporate email and Control usage of corporate email and enforce email policyenforce email policy
Spyware ThreatSpyware Threat
Advertising Advertising companies use companies use spyware to spyware to extract extract personal personal information information
Stats on your Stats on your computer (OS, computer (OS, browser, etc.)browser, etc.)
Stats on your Stats on your surfing habits surfing habits (websites, etc.)(websites, etc.)
Violates Privacy Violates Privacy but is but is completely completely LEGALLEGAL
Spyware SolutionSpyware Solution
Install Anti-Spyware SolutionInstall Anti-Spyware SolutionMajor ones free of charge (Ad Aware, Major ones free of charge (Ad Aware, Spybot, MS Anti-spyware or MS Spybot, MS Anti-spyware or MS Defender)Defender)
Malware ThreatMalware Threat
MalwareMalware is a is a generic term generic term used to used to describe any describe any form of form of malicious malicious software software such as such as virus, virus, zombies, zombies, trojans, or trojans, or any any combinationcombinationss
Example of MalwareExample of Malware
Malware SolutionMalware Solution
Use combination of anti-spyware, Use combination of anti-spyware, anti-virus to scan machineanti-virus to scan machine (+ update (+ update signatures)signatures)
If directed to website, check If directed to website, check certificatecertificate
Malware SolutionMalware Solution
Run Windows Malicious Software Run Windows Malicious Software Removal Tool Removal Tool
Online for your protectionOnline for your protection
PhishingPhishing
Social EngineeringSocial Engineering
Phishing Email ExamplePhishing Email Example
Trust ModelTrust Model – – Sender claims to Sender claims to be from be from respected sourcerespected source
Very professional Very professional looklook
But notice URL But notice URL linklink – usually – usually unknown IP unknown IP addressaddress
But even URLs But even URLs can be faked!can be faked!
Phishing/Pharming Phishing/Pharming SolutionSolution
Security policy training and Security policy training and enforcementenforcement
Use anti-phishing tools for browsers Use anti-phishing tools for browsers (MSN Anti-phishing tool, IE 7)(MSN Anti-phishing tool, IE 7)
SPAM IM (SPIM) ThreatSPAM IM (SPIM) Threat
Estimated 5% to Estimated 5% to 8% of all IM 8% of all IM today is SPIMtoday is SPIM
Potentially more Potentially more dangerous that dangerous that SPAM Email:SPAM Email:
Pop-up link for Pop-up link for PhishingPhishing
Download/Upload Download/Upload malware via File malware via File TransferTransfer
Top 5 Things for SecurityTop 5 Things for Security
Know the Threats & SolutionsKnow the Threats & Solutions1.1. Top 5 Cyber Threats for ThailandTop 5 Cyber Threats for Thailand
2.2. Microsoft SolutionsMicrosoft Solutions
Know the StrategyKnow the Strategy3.3. Security QualitySecurity Quality
4.4. Security ManagementSecurity Management
5.5. Security InnovationSecurity Innovation
ISA + Antigen SolutionISA + Antigen Solution
Live Live CommunicatioCommunicatio
n Servern Server
SharePoinSharePoint Servert Server
ExchangeExchangemailbox mailbox serverserver
Exchange Exchange IMC serverIMC server
ISA Server - ISA Server - FirewallFirewall
SMTPSMTPServerServer
Live Live CommunicatiCommunicati
on Serveron Server
E-E-mailmail
IM and IM and DocumentDocument
ss
E-E-mailmail
IM and IM and DocumentsDocuments
VirusesVirusesWormsWorms
AntigenAntigenHelps block viruses and Helps block viruses and inappropriate content inappropriate content inboundinboundHelps keep viruses offHelps keep viruses offinternal serversinternal serversHelps prevent confidential Helps prevent confidential information from being sent information from being sent outout
ISA ServerISA ServerFirewall on Firewall on network edge network edge block application block application layer attackslayer attacksPre-authenticate Pre-authenticate users for network users for network accessaccess
AntigeAntigenn
AntigeAntigenn
AntigeAntigenn
AntigeAntigenn
AntigeAntigenn
AntigeAntigenn
ISA ServerISA Server20042004
ISA ServerISA Server20042004
Top 5 Things for SecurityTop 5 Things for Security
Know the Threats & SolutionsKnow the Threats & Solutions1.1. Top 5 Cyber Threats for ThailandTop 5 Cyber Threats for Thailand
2.2. Microsoft SolutionsMicrosoft Solutions
Know the StrategyKnow the Strategy3.3. Security QualitySecurity Quality
4.4. Security ManagementSecurity Management
5.5. Security InnovationSecurity Innovation
Microsoft compared to Open Source
Customer
*Capabilities that were not backported
Value of community patchesValue of community patchesValue of community patchesValue of community patches
Use Community Patch ?Use Community Patch ?
Manually roll out patchManually roll out patch
For each new patch: For each new patch: Manually roll Manually roll out ? out ?
Undo with Undo with up2date?up2date?
CAN-2004-1234CAN-2004-1234
Wait on Red Hat Patch ?Wait on Red Hat Patch ?
Use Red Hat up2dateUse Red Hat up2date
Official Red Hat patch Official Red Hat patch available 8 months available 8 months later. (259 days of risk)later. (259 days of risk)
Vuln disclosed (4/8/2004) + community patch
Red Hat Patch (12/23/2004)
28 kernel vulns patched by Red Hat up2date
None of them address CAN-2004-1234
RHEL3
Customer
Linux Distributions Customer Projects
Internally Supported
Example: Example: Customer wants latest version of OpensslCustomer wants latest version of Openssl
ImprovementsPost-RHEL3 Cutoff*
RHEL3Snapshot
2.0.27
2.1.12
2.1.16
2.1.17
2.1.25
2.1.29
2.1.30
2.2.13
2.2.17
0.9.7a
0.9.7b
0.9.7c
0.9.7d
0.9.7e
8.12.10
8.13.1
2.0.46
2.0.48
2.0.49
2.0.50
2.0.52Apache
Bind
Sendmail
Openssl
Openldap
• Entire codebase relicensed
• n/a
• LDAP recursion, URI• Support for MacOSX
• Support for linux-ia64• S/MIME compat fixes
• LDAPv3 extensions• LDAP C++ API• LDAP Sync• SASL Enhancements
8.12.11
RHEL3 CutoffTime
9.2.4
Disparity between commercial distribution packages and OSS packagesDisparity between commercial distribution packages and OSS packages(RHEL errata and OSS (RHEL errata and OSS stablestable projects as of 9/28/04) projects as of 9/28/04)
• Customer wants new functionality in the Customer wants new functionality in the latest version of Openssl (0.9.7e)latest version of Openssl (0.9.7e)
• Learns distro does not supportLearns distro does not support• Decision: Install latest version with fixed Decision: Install latest version with fixed
S/MIME compat support or continue using S/MIME compat support or continue using distro supported versiondistro supported version
Continue to use Continue to use distro supported distro supported
version, forgo version, forgo new functionalitynew functionality
Install new Install new functionality & functionality &
assume support assume support internallyinternally
*Capabilities that were not backported
2.0.44
1.3.27
9.2.2.2
9.2.3
0.9.7
0.9.6h
8.12.7
8.12.8
8.12.9
Linux Distribution ModelLinux Distribution ModelLinux Distribution ModelLinux Distribution Model
Kernel
Apache
MySQL
Mozilla
Glibc
2.4.9
Linux Distributions & Security SupportLinux Distributions & Security SupportLinux Distributions & Security SupportLinux Distributions & Security Support
1.3.23
2.2.4
3.23.54e
1.0.1
1.3.33
1.7.8
2.3.5
4.1
vendor
none
Component team does not support or distribution has customized
Component team recommends against using
1.7.8
2.6.12
1.7.8
RHEL 2.1 AS
Component team actively supports
1.3.27
2.4.21
2.0.46
2.3.2
3.23.58
1.4.2
RHEL 3.0 AS
GA: May 17, 2002 Oct 23, 2003
RHEL 4.0 AS
Feb 15, 2005
2.6.9
2.0.52
2.3.4
4.1.10a
1.0
2.0.54
1.7.8 Firefox 1.0.4 1.0.4
Hundreds of other packages
What happens when a component team “moves What happens when a component team “moves on” ?on” ?
What causes a forced upgrade ?What causes a forced upgrade ?
How will this affect “time to patch” (aka days of How will this affect “time to patch” (aka days of risk) ?risk) ?
How much difference does this How much difference does this make ?make ?
0
500
1000
1500
2000
2500
3000
3500
4000
12/03 1/04 2/04 3/04 4/04 5/04 6/04 7/04 8/04 9/04 10/04 11/04 12/04 1/05 2/05 3/05 4/05
Linux Kernel ExampleLinux Kernel Example
2.6 Kernel Patches2.6 Kernel Patches
Nu
mb
er o
f P
atch
esN
um
ber
of
Pat
ches
2.6.1
2.6.2
2.6.3
2.6.4
2.6.6
2.6.7
2.6.8
2.6.10
2.6.11
REF: bk -R prs -rv2.6.x..v2.6.x -h -d'$unless(:MERGE:){:P:\n}' | sort | wc -l
2.6.5
2.6.9
2.4 Patches 2.4 Patches per Hourper Hour
2.4 Patches 2.4 Patches per Hourper Hour
0
500
1000
1500
2000
2500
3000
3500
4000
12/03 1/04 2/04 3/04 4/04 5/04 6/04 7/04 8/04 9/04 10/04 11/04 12/04 1/05 2/05 3/05 4/05
Linux Distribution LagLinux Distribution Lag
SLES 9 devSLES 9 devpulls frompulls from
2.6.52.6.5
2.6 Kernel Patches2.6 Kernel Patches
SLES 9 SLES 9 Product Product
RTMRTM
Nu
mb
er o
f P
atch
esN
um
ber
of
Pat
ches
2.6.1
2.6.2
2.6.3
2.6.4
2.6.6
2.6.7
2.6.8
2.6.10
2.6.11
RHEL 4 dev RHEL 4 dev pulls from pulls from
2.6.92.6.9
RHEL 4 RHEL 4 Product Product
RTMRTM
bk -R prs -cYYMMDD..YYMMDD -h -d '$unless(:MERGE:){:P:\n}' | wc -l
Linux Enterprise Support Linux Enterprise Support CommitmentCommitmentLinux Enterprise Support Linux Enterprise Support CommitmentCommitment
Aug 3, 2004
20092008200720062005200420032002
RHEL 2.1
RHEL 3.0Oct 23, 2003
May 17, 2002
RHEL 4.0Feb 15, 2005
RHEL 5.0Q3-2006 ?
RHEL 6.0Q1-2008 ?
RHEL 7.0Q3-2009 ?
Feb 2006 ?
Mar 26, 2003
SLES 8
SLES 10
SLES 9
Aug 2007 ?
SLES 11
Feb 2009 ?
SLES 11
Current Future
Red Hat in 2009Red Hat in 20095 Enterprise versions in support 5 Enterprise versions in support (times)(times)
Hundreds of packages (that have)Hundreds of packages (that have)
No support by component teamsNo support by component teams
What are the implications?What are the implications?
Security Training
Security Kickoff& Register with
SWI
Security DesignBest
Practices
Security Arch & Attack SurfaceReview
Use SecurityDevelopment
Tools &Security BestDev & Test Practices
Create Security
Docsand Tools
For Product
PrepareSecurity
ResponsePlan
Security Push
Pen Testing
FinalSecurity Review
Security Servicing &ResponseExecution
Feature ListsQuality Guidelines
Arch DocsSchedules
DesignSpecifications
Testing and Verification
Development of New Code
Bug Fixes
Code Signing A Checkpoint
Express Signoff
RTM
Product SupportService Packs/QFEs Security
Updates
Requirements Design Implementation Verification ReleaseSupport
&Servicing
Microsoft SDLMicrosoft SDLSecurity Deployment LifecycleSecurity Deployment Lifecycle
ThreatModeling
FunctionalSpecifications
Traditional Microsoft Software Product Development Lifecycle Tasks and ProcessesTraditional Microsoft Software Product Development Lifecycle Tasks and Processes
Security Focus Yielding Security Focus Yielding ResultsResults
Security Development Lifecycle workingSecurity Development Lifecycle working200M Windows XP SP2 downloads200M Windows XP SP2 downloadsWindows Server 2003 SP1 1.4M downloadsWindows Server 2003 SP1 1.4M downloadsRed Hat adopting our security response Red Hat adopting our security response ratingsratings
Sou
rce:
Mic
roso
ft S
ecu
rity
Bu
lleti
n S
earc
h
Source: Secunia.com as of September 2005Source: Secunia.com as of September 2005
0
2
4
6
8
10
12
14
16
MAR APR MAY JUNE JULY AUG SEPT
Totals: IE 10, FireFox 40
List of vulnerabilities between browsers
Source: Vendor’s Public Security Bulletins as of July 2005Source: Vendor’s Public Security Bulletins as of July 2005
Source: “Source: “Security InnovationSecurity Innovation (March 2005): (March 2005): "Role Comparison Report: Web Server Role" "Role Comparison Report: Web Server Role"
Source: “Source: “Security InnovationSecurity Innovation (June 2005): (June 2005): "Role Comparison Security Report: Database Server Role" "Role Comparison Security Report: Database Server Role"
Windows or Linux for Windows or Linux for Security?Security?
Security Quality
Microsoft Linux
SDL-driven SDL-driven progressprogress
Ongoing process Ongoing process improvementimprovement
No SDL-like No SDL-like programprogram
IN DENIALIN DENIAL
Top 5 Things for SecurityTop 5 Things for Security
Know the Threats & SolutionsKnow the Threats & Solutions1.1. Top 5 Cyber Threats for ThailandTop 5 Cyber Threats for Thailand
2.2. Microsoft SolutionsMicrosoft Solutions
Know the StrategyKnow the Strategy3.3. Security QualitySecurity Quality
4.4. Security ManagementSecurity Management
5.5. Security InnovationSecurity Innovation
Anchoring in Active Anchoring in Active DirectoryDirectory
Most widely used Most widely used DirectoryDirectorySingle sign-onSingle sign-on
Group policyGroup policy
Smartcard and 2-factor Smartcard and 2-factor authenticationauthentication
Secure wireless and Secure wireless and remote accessremote access
Vast ecosystem with Vast ecosystem with >1,000 AD enabled apps>1,000 AD enabled apps
ADFS and WS-* ADFS and WS-* extend to other systemsextend to other systems
Managing SecurityManaging Security
33rdrd-Party Evidence-Party Evidence
““Total Cost of Security Patch Management”Total Cost of Security Patch Management”The The average timeaverage time required to required to successfully deploy critical patchessuccessfully deploy critical patches to Microsoft to Microsoft PCs is 56% lower than the equivalent OSS PCsPCs is 56% lower than the equivalent OSS PCs
The The average costaverage cost to to successfully deploysuccessfully deploy a patch to a single Microsoft system a patch to a single Microsoft system is lower than deployment to an equivalent OSS system:is lower than deployment to an equivalent OSS system:
The The average annual costaverage annual cost to patch a single Microsoft system is to patch a single Microsoft system is 14% lower14% lower than patching the equivalent OSS systemthan patching the equivalent OSS system
There is also There is also evidence to supportevidence to support the hypothesis that the the hypothesis that the patchingpatching of many of many OSS systems is being neglectedOSS systems is being neglected. .
Security ManagementSecurity Management
Microsoft Microsoft Baseline Baseline Security Security
Analyzer 2.0Analyzer 2.0
Microsoft Microsoft UpdateUpdate
Automatic UpdatesAutomatic Updates
Windows or Linux for Windows or Linux for Security?Security?
Security Quality
Security Management
Microsoft Linux
SDL-driven SDL-driven progressprogress
Ongoing process Ongoing process improvementimprovement
No SDL-like No SDL-like programprogram
IN DENIALIN DENIAL
AD/Group PolicyAD/Group Policy
Cert ServicesCert Services
Advanced UpdatingAdvanced Updating
Which directory?Which directory?
Certs ?Certs ?
CATCH UP MODECATCH UP MODE
Top 5 Things for SecurityTop 5 Things for Security
Know the Threats & SolutionsKnow the Threats & Solutions1.1. Top 5 Cyber Threats for ThailandTop 5 Cyber Threats for Thailand
2.2. Microsoft SolutionsMicrosoft Solutions
Know the StrategyKnow the Strategy3.3. Security QualitySecurity Quality
4.4. Security ManagementSecurity Management
5.5. Security InnovationSecurity Innovation
Direct customer connection to Microsoft Direct customer connection to Microsoft supportsupport
Unique value for technical beta feedbackUnique value for technical beta feedback
Drives up reliability and security of productsDrives up reliability and security of products
Unique capability not available on Linux/OSSUnique capability not available on Linux/OSS
Direct customer connection to Microsoft Direct customer connection to Microsoft supportsupport
Unique value for technical beta feedbackUnique value for technical beta feedback
Drives up reliability and security of productsDrives up reliability and security of products
Unique capability not available on Linux/OSSUnique capability not available on Linux/OSSDirect feedback from users to benefit allDirect feedback from users to benefit all
Helps distinguish spyware from softwareHelps distinguish spyware from software
Unique capability not available on Linux/OSSUnique capability not available on Linux/OSS
Direct feedback from users to benefit allDirect feedback from users to benefit all
Helps distinguish spyware from softwareHelps distinguish spyware from software
Unique capability not available on Linux/OSSUnique capability not available on Linux/OSS
Prefast and FxCop source code security analysisPrefast and FxCop source code security analysis
Safe C-Runtime Libraries, Stack overflow Safe C-Runtime Libraries, Stack overflow protectionprotection
Source code Annotation Language (SAL)Source code Annotation Language (SAL)
Security capabilities not available on Linux/OSSSecurity capabilities not available on Linux/OSS
Prefast and FxCop source code security analysisPrefast and FxCop source code security analysis
Safe C-Runtime Libraries, Stack overflow Safe C-Runtime Libraries, Stack overflow protectionprotection
Source code Annotation Language (SAL)Source code Annotation Language (SAL)
Security capabilities not available on Linux/OSSSecurity capabilities not available on Linux/OSS
Customer Focused Innovation – Only on MicrosoftCustomer Focused Innovation – Only on MicrosoftCustomer Focused Innovation – Only on MicrosoftCustomer Focused Innovation – Only on Microsoft
SpynetSpynet
Powerful X.509 CA integrated into Windows Powerful X.509 CA integrated into Windows ServerServer
Active Directory & Group Policy integrationActive Directory & Group Policy integration
OpenLDAP lacks key management capabilitiesOpenLDAP lacks key management capabilities
Powerful X.509 CA integrated into Windows Powerful X.509 CA integrated into Windows ServerServer
Active Directory & Group Policy integrationActive Directory & Group Policy integration
OpenLDAP lacks key management capabilitiesOpenLDAP lacks key management capabilitiesPolicy driven CERT deployment capabilityPolicy driven CERT deployment capability
Automatic, silent user experienceAutomatic, silent user experience
Capability unique to Microsoft customers Capability unique to Microsoft customers
Policy driven CERT deployment capabilityPolicy driven CERT deployment capability
Automatic, silent user experienceAutomatic, silent user experience
Capability unique to Microsoft customers Capability unique to Microsoft customers
Single provisioning of multiple credentialsSingle provisioning of multiple credentials
Single sign-on, roaming profiles, smartcard Single sign-on, roaming profiles, smartcard supportsupport
Unique integration advantage over Linux/OSS Unique integration advantage over Linux/OSS
Single provisioning of multiple credentialsSingle provisioning of multiple credentials
Single sign-on, roaming profiles, smartcard Single sign-on, roaming profiles, smartcard supportsupport
Unique integration advantage over Linux/OSS Unique integration advantage over Linux/OSS
Manageable PKI – Only on MicrosoftManageable PKI – Only on MicrosoftManageable PKI – Only on MicrosoftManageable PKI – Only on Microsoft
Dual-use AD for ID credentials and security Dual-use AD for ID credentials and security policypolicy
Enables auto-enrollment and easy CERT Enables auto-enrollment and easy CERT renewalrenewal
DeFacto standard even supported by DeFacto standard even supported by OSS/SambaOSS/Samba
Dual-use AD for ID credentials and security Dual-use AD for ID credentials and security policypolicy
Enables auto-enrollment and easy CERT Enables auto-enrollment and easy CERT renewalrenewal
DeFacto standard even supported by DeFacto standard even supported by OSS/SambaOSS/Samba
Auto Auto enrollmentenrollment
Root CA
IntegratedIntegratedCert ServerCert Server
Full 802.1x+WPA support in client and serverFull 802.1x+WPA support in client and server
Secure, transparent roaming between access Secure, transparent roaming between access pointspoints
Manageability, ease-of-use not available on LinuxManageability, ease-of-use not available on Linux
Full 802.1x+WPA support in client and serverFull 802.1x+WPA support in client and server
Secure, transparent roaming between access Secure, transparent roaming between access pointspoints
Manageability, ease-of-use not available on LinuxManageability, ease-of-use not available on LinuxSmartcard-enabled secure, private remote Smartcard-enabled secure, private remote RAS/VPNRAS/VPN
Network Access Protection capabilitiesNetwork Access Protection capabilities
Unique options leveraging RPC over HTTPSUnique options leveraging RPC over HTTPS
Smartcard-enabled secure, private remote Smartcard-enabled secure, private remote RAS/VPNRAS/VPN
Network Access Protection capabilitiesNetwork Access Protection capabilities
Unique options leveraging RPC over HTTPSUnique options leveraging RPC over HTTPS
User mobility within the networkUser mobility within the network
Single sign-onSingle sign-on
Unique capability in Microsoft clientsUnique capability in Microsoft clients
User mobility within the networkUser mobility within the network
Single sign-onSingle sign-on
Unique capability in Microsoft clientsUnique capability in Microsoft clients
Active Directory & Group Policy integrationActive Directory & Group Policy integration
Silent, transparent user experienceSilent, transparent user experience
Linux/OSS options lack policy & PKI Linux/OSS options lack policy & PKI manageabilitymanageability
Active Directory & Group Policy integrationActive Directory & Group Policy integration
Silent, transparent user experienceSilent, transparent user experience
Linux/OSS options lack policy & PKI Linux/OSS options lack policy & PKI manageabilitymanageability
Secure, Private Networking – Only on MicrosoftSecure, Private Networking – Only on MicrosoftSecure, Private Networking – Only on MicrosoftSecure, Private Networking – Only on Microsoft
SecureSecureWirelessWireless
EncryptionEncryption
RoamingRoamingProfilesProfiles
SecureSecureRemote AccessRemote Access
Keep Executive e-mail off the InternetKeep Executive e-mail off the Internet
Reduce forwarding of confidential Reduce forwarding of confidential informationinformation
Templates to centrally manage policiesTemplates to centrally manage policies
Keep Executive e-mail off the InternetKeep Executive e-mail off the Internet
Reduce forwarding of confidential Reduce forwarding of confidential informationinformation
Templates to centrally manage policiesTemplates to centrally manage policies
Safeguard financial, legal, HR content Safeguard financial, legal, HR content
Set level of access: view, print, exportSet level of access: view, print, export
View Office 2003 rights protected infoView Office 2003 rights protected info
Safeguard financial, legal, HR content Safeguard financial, legal, HR content
Set level of access: view, print, exportSet level of access: view, print, export
View Office 2003 rights protected infoView Office 2003 rights protected info
Control access to sensitive plansControl access to sensitive plans
Set level of access: view, change, print, etc.Set level of access: view, change, print, etc.
Determine length of accessDetermine length of access
Control access to sensitive plansControl access to sensitive plans
Set level of access: view, change, print, etc.Set level of access: view, change, print, etc.
Determine length of accessDetermine length of access
Rights Management Services – Only on MicrosoftRights Management Services – Only on MicrosoftRights Management Services – Only on MicrosoftRights Management Services – Only on Microsoft
Do Not Do Not ForwardForward
Protect Protect SensitiveSensitive
FilesFiles
SafeguardSafeguardIntranet Intranet ContentContent
Windows or Linux for Windows or Linux for Security?Security?
Security Quality
Security Management
Security Innovation
Microsoft Linux
SDL-driven SDL-driven progressprogress
Ongoing process Ongoing process improvementimprovement
No SDL-like No SDL-like programprogram
IN DENIALIN DENIAL
AD/Group PolicyAD/Group Policy
Cert ServicesCert Services
WUS / MUWUS / MU
Which director?Which director?
Certs ?Certs ?
CATCH UP MODECATCH UP MODE
Secure WirelessSecure Wireless
RMSRMS
Feasible PKIFeasible PKI
SELinux RolesSELinux Roles
What else?What else?
© 2004 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.