微软蓝灰风格PPT模板PPT格式课件下载.ppt
《微软蓝灰风格PPT模板PPT格式课件下载.ppt》由会员分享,可在线阅读,更多相关《微软蓝灰风格PPT模板PPT格式课件下载.ppt(26页珍藏版)》请在冰豆网上搜索。
MicrosoftSecurityStrategyStevenAdlerProductManagerMicrosoftEMEASessionAgendaFocusonCustomerChallengesMicrosoftSecurityStrategySecureWindowsInitiativeStrategicTechnologyProtectionProgramTrustworthyComputingBuildingthesecureplatform.NETFrameworkWindows.NETSummaryQuestionsTechnology,Process,PeopleWhatarethechallenges?
@#@ProductslacksecurityfeaturesProductshavebugsInsufficienttechnicalstandardsDifficulttostayup-to-dateDesignforsecurityRoles&@#@responsibilitiesVigilanceBusinesscontinuityplansStayup-to-datewithsecuritydevelopmentProblemrecognitionSkillsshortageHumanerrorProcessPeopleTechnologyTrustworthyComputingTrustworthyComputingTrustworthyComputingTrustworthyComputingStrategicTechnologyStrategicTechnologyStrategicTechnologyStrategicTechnologyProtectionProgramProtectionProgramProtectionProgramProtectionProgramSecureWindowsInitiativeSecureWindowsInitiativeSecureWindowsInitiativeSecureWindowsInitiativeMicrosoftSecurityStrategySecureWindowsInitiative“EngineeringForSecurity”Goal:
@#@EliminateEverySecurityVulnerabilityBeforeTheProductShipsPeoplePeoplePeoplePeopleProcessProcessProcessProcessTechnologyTechnologyTechnologyTechnologyIndustryYardstickSource:
@#@SecurityFocushttp:
@#@/WindowsInitiativePeoplePeopleTrain,andkeepcurrent,everydeveloper,tester,andprogramTrain,andkeepcurrent,everydeveloper,tester,andprogrammanagerinthespecifictechniquesofbuildingsecuremanagerinthespecifictechniquesofbuildingsecureproductsproductsProcessProcessMakesecurityacriticalfactorindesign,codingandtestingofMakesecurityacriticalfactorindesign,codingandtestingofeveryproductMicrosoftbuildseveryproductMicrosoftbuildsCross-groupdesign&@#@codereviewsCross-groupdesign&@#@codereviewsSecurityThreatAnalysispartofeverydesignspecSecurityThreatAnalysispartofeverydesignspecRedTeamtestingandcodereviewsRedTeamtestingandcodereviewsFocusnotconfinedtobufferoverrunsFocusnotconfinedtobufferoverrunsSecuritybugfeedbackloop&@#@codesign-offrequirementsSecuritybugfeedbackloop&@#@codesign-offrequirementsExternalreviewsandtestingbyconsultantsandpublicExternalreviewsandtestingbyconsultantsandpublicTechnologyTechnologyBuildtoolstoautomateeverythingpossibleinthequesttocodeBuildtoolstoautomateeverythingpossibleinthequesttocodethemostsecureproductsthemostsecureproductsPrefixandPrefastforbufferoverrundetectionPrefixandPrefastforbufferoverrundetectionUpdatedasnewvulnerabilitiesfoundUpdatedasnewvulnerabilitiesfoundVisualC+7.0compilerimprovementsVisualC+7.0compilerimprovementsDomain-specifictools(i.e.RPCsecuritystress)Domain-specifictools(i.e.RPCsecuritystress)SecureWindowsInitiativeExternalSecurityReviewFIPS140-1evaluationofCryptographicServiceProvider(CSP)CompletedGovernmentvalidationofbasecryptoalgorithmsinWindowsCommonCriteriaevaluationInPreparationEvaluationofWindowssourcecodeagainstInternationalsecuritycriteriaforevaluatingThirdpartyexpertreviewofkeycomponentsSourcecodelicensedtoover80universities,labs,andgovernmentagenciesGoal:
@#@HelpcustomerssecuretheirWindowsSystemsPeoplePeoplePeoplePeopleProcessProcessProcessProcessTechnologyTechnologyTechnologyTechnologyStrategicTechnologyProtectionProgramStrategicTechnologyProtectionProgram-CustomersNeedOurHelpIdidntknowwhichpatchesIneededIdidntknowwheretofindtheupdatesIdidntknowwhichmachinestoupdateWeupdatedourproductionservers,buttherogueserversgotinfectedMorethan50%ofthecustomersaffectedbyCodeRedwerenotpatchedintimeforNimdaSTPP:
@#@“GetSecure”Coming-EnterpriseSecurityToolsMicrosoftBaselineSecurityAnalyzerSMSsecuritypatchrollouttoolWindowsUpdateAuto-updateclientNow-MicrosoftSecurityToolkitServerorientedsecurityresources.Newserversecuritytoolsandupdates,WindowsUpdatebootstrapclientforWindows2000Now-SecurityAssessmentProgramOfferingAvailableimmediatelythroughMCS/PSSNow-FreeVirusSupportHotlineContactyourlocalPSSofficeGetSecureMicrosoftSecurityToolkitGetsWindowsNTand2000systemstosecurebaseline,evendisconnectednetAutomatesserverupdatesOne-buttonwizardandSMSScriptsUpdatesandPatchesIncludesallServicePacksandcriticalOSandIISpatchesthrough10/15HFNetchk:
@#@patchlevelverifierIISLockdown&@#@URLScanSTPP:
@#@“StaySecure”Ongoing-EnhancedProductSecurityProvidegreatersecurityenhancementsinthereleasesofallnewproducts,includingtheWindows.NETServerfamilySpring2002-FederatedCorporateWindowsUpdateProgramAllowsenterprisetohostandselectWindowsUpdatecontentSpring2002-Windows2000ServicePack(SP3)ProvideabilitytoinstallSP3+securityrollupwithasinglerebootJan.2002-Windows2000SecurityRollupPatchesBundleallsecurityfixesinsinglepatchesReducesrebootsandadministratorburdenCorporateUpdateServerSolutionAutomaticUpdat