微软蓝灰风格PPT模板.ppt
《微软蓝灰风格PPT模板.ppt》由会员分享,可在线阅读,更多相关《微软蓝灰风格PPT模板.ppt(26页珍藏版)》请在冰豆网上搜索。
![微软蓝灰风格PPT模板.ppt](https://file1.bdocx.com/fileroot1/2022-11/3/706fdf7f-2fa6-4e7c-b897-c3b97d09ec47/706fdf7f-2fa6-4e7c-b897-c3b97d09ec471.gif)
MicrosoftSecurityStrategyStevenAdlerProductManagerMicrosoftEMEASessionAgendaFocusonCustomerChallengesMicrosoftSecurityStrategySecureWindowsInitiativeStrategicTechnologyProtectionProgramTrustworthyComputingBuildingthesecureplatform.NETFrameworkWindows.NETSummaryQuestionsTechnology,Process,PeopleWhatarethechallenges?
ProductslacksecurityfeaturesProductshavebugsInsufficienttechnicalstandardsDifficulttostayup-to-dateDesignforsecurityRoles&responsibilitiesVigilanceBusinesscontinuityplansStayup-to-datewithsecuritydevelopmentProblemrecognitionSkillsshortageHumanerrorProcessPeopleTechnologyTrustworthyComputingTrustworthyComputingTrustworthyComputingTrustworthyComputingStrategicTechnologyStrategicTechnologyStrategicTechnologyStrategicTechnologyProtectionProgramProtectionProgramProtectionProgramProtectionProgramSecureWindowsInitiativeSecureWindowsInitiativeSecureWindowsInitiativeSecureWindowsInitiativeMicrosoftSecurityStrategySecureWindowsInitiative“EngineeringForSecurity”Goal:
EliminateEverySecurityVulnerabilityBeforeTheProductShipsPeoplePeoplePeoplePeopleProcessProcessProcessProcessTechnologyTechnologyTechnologyTechnologyIndustryYardstickSource:
SecurityFocushttp:
/WindowsInitiativePeoplePeopleTrain,andkeepcurrent,everydeveloper,tester,andprogramTrain,andkeepcurrent,everydeveloper,tester,andprogrammanagerinthespecifictechniquesofbuildingsecuremanagerinthespecifictechniquesofbuildingsecureproductsproductsProcessProcessMakesecurityacriticalfactorindesign,codingandtestingofMakesecurityacriticalfactorindesign,codingandtestingofeveryproductMicrosoftbuildseveryproductMicrosoftbuildsCross-groupdesign&codereviewsCross-groupdesign&codereviewsSecurityThreatAnalysispartofeverydesignspecSecurityThreatAnalysispartofeverydesignspecRedTeamtestingandcodereviewsRedTeamtestingandcodereviewsFocusnotconfinedtobufferoverrunsFocusnotconfinedtobufferoverrunsSecuritybugfeedbackloop&codesign-offrequirementsSecuritybugfeedbackloop&codesign-offrequirementsExternalreviewsandtestingbyconsultantsandpublicExternalreviewsandtestingbyconsultantsandpublicTechnologyTechnologyBuildtoolstoautomateeverythingpossibleinthequesttocodeBuildtoolstoautomateeverythingpossibleinthequesttocodethemostsecureproductsthemostsecureproductsPrefixandPrefastforbufferoverrundetectionPrefixandPrefastforbufferoverrundetectionUpdatedasnewvulnerabilitiesfoundUpdatedasnewvulnerabilitiesfoundVisualC+7.0compilerimprovementsVisualC+7.0compilerimprovementsDomain-specifictools(i.e.RPCsecuritystress)Domain-specifictools(i.e.RPCsecuritystress)SecureWindowsInitiativeExternalSecurityReviewFIPS140-1evaluationofCryptographicServiceProvider(CSP)CompletedGovernmentvalidationofbasecryptoalgorithmsinWindowsCommonCriteriaevaluationInPreparationEvaluationofWindowssourcecodeagainstInternationalsecuritycriteriaforevaluatingThirdpartyexpertreviewofkeycomponentsSourcecodelicensedtoover80universities,labs,andgovernmentagenciesGoal:
HelpcustomerssecuretheirWindowsSystemsPeoplePeoplePeoplePeopleProcessProcessProcessProcessTechnologyTechnologyTechnologyTechnologyStrategicTechnologyProtectionProgramStrategicTechnologyProtectionProgram-CustomersNeedOurHelpIdidntknowwhichpatchesIneededIdidntknowwheretofindtheupdatesIdidntknowwhichmachinestoupdateWeupdatedourproductionservers,buttherogueserversgotinfectedMorethan50%ofthecustomersaffectedbyCodeRedwerenotpatchedintimeforNimdaSTPP:
“GetSecure”Coming-EnterpriseSecurityToolsMicrosoftBaselineSecurityAnalyzerSMSsecuritypatchrollouttoolWindowsUpdateAuto-updateclientNow-MicrosoftSecurityToolkitServerorientedsecurityresources.Newserversecuritytoolsandupdates,WindowsUpdatebootstrapclientforWindows2000Now-SecurityAssessmentProgramOfferingAvailableimmediatelythroughMCS/PSSNow-FreeVirusSupportHotlineContactyourlocalPSSofficeGetSecureMicrosoftSecurityToolkitGetsWindowsNTand2000systemstosecurebaseline,evendisconnectednetAutomatesserverupdatesOne-buttonwizardandSMSScriptsUpdatesandPatchesIncludesallServicePacksandcriticalOSandIISpatchesthrough10/15HFNetchk:
patchlevelverifierIISLockdown&URLScanSTPP:
“StaySecure”Ongoing-EnhancedProductSecurityProvidegreatersecurityenhancementsinthereleasesofallnewproducts,includingtheWindows.NETServerfamilySpring2002-FederatedCorporateWindowsUpdateProgramAllowsenterprisetohostandselectWindowsUpdatecontentSpring2002-Windows2000ServicePack(SP3)ProvideabilitytoinstallSP3+securityrollupwithasinglerebootJan.2002-Windows2000SecurityRollupPatchesBundleallsecurityfixesinsinglepatchesReducesrebootsandadministratorburdenCorporateUpdateServerSolutionAutomaticUpdat