Security Overview for Microsoft Infrastructures

1
Security Overview for Microsoft Infrastructures
Fred Baumhardt and James Noyce Infrastructure
Solutions and Security Solutions Teams Microsoft
Security Solutions, Feb 4th, 2003
2
Agenda

• Threats How you are attacked and from where
• Application Level Attacks the new Security
  Battleground
• Overview of Microsoft Server Security
  Technologies and Tools
• Management and Operations as a Defensive
  Mechanism

3
The Three Phases of Hacking

• Information Gathering and Intelligence
• Analysis of Collected Information
• Probing and Compromise

4
Management as a Security Tool

• Detect unauthorised activity on your
  infrastructure
• Prevent misconfiguration of systems
• Ensure system vulnerabilities are captured and
  addressed

5
Security Management Tools

• Analysis
• Microsoft Baseline Security Analyser (MBSA)
• Systems Management Server (SMS)
• Software Update Services Feature Pack
• Microsoft Software Update Services (MSUS)
• Security Configuration and Analysis snap-in
• RSoP

• Management
• Group Policy Management Console (GPMC)
• Microsoft Operations Manager (MOM)
• Microsoft Audit Collection System (MACS)
• Systems Management Server (SMS)
• Software Update Services Feature Pack
• Microsoft Software Update Services (MSUS)

6
Infrastructure Tools

• Snort Free to Download even on Windows
  www.snort.org
• MBSA Scans most MS Server products and windows
  clients
• SUS Patch management solution
• MOM-MACS-SMS
• IPSEC within Windows
• IISLockdown URLScan
• ISA Server with Feature Pack1

7
MBSA Version 1.1

• The following new features are included with MBSA
  V1.1
• Exchange and Windows Media Player security update
  detection
• Full HFNetChk integration into MBSACLI.exe
• Incorporation of the latest HFNetChk engine code
• Support for Software Update Services (SUS) during
  security update scanning
• Detection for multiple SQL Server instances

8
Software Update Services

• Address Patch Management concerns
• Windows keeps itself up-to-date with the latest
  critical security updates
• IT administrators can automatically deploy
  Windows Update content
• IT administrator gains control over what patches
  are applied to a system
• Leverage Windows Update web-based infrastructure

9
System Management Server Software Update Services
Feature Pack

• Security patch inventory
• Office patch inventory
• Patch distribution
• Web reporting

10
Recommendations for Customers

• Microsofts A recommendation for which tool to
  use
• Small Business that work with a VAP should also
  consider SUS
• Official external positioning is available at
• http//www.microsoft.com/windows2000/windowsupdate
  /sus/suschoosing.asp

11
GPMC Overview

• What is the GPMC?
• New admin tool for managing Group Policy
• Set of scriptable objects for managing GP
• MMC Snap-in, built on these objects
• Standalone web release shortly after Windows .NET
  Server RTM
• GPMC Design goals
• Unify management of Group Policy
• Address key deployment issues
• Provide better UI for visualization
• Enable programmatic access to GP

12
Microsoft Operations Manager

• Operations Management event and performance
  management
• Built on Microsoft management services
• Microsoft solution manages Windows 2000,
  Exchange, SQL Server, and other Microsoft apps
• Base Management Pack
• Application Management Pack
• Heterogeneous and value-add solutions from third
  parties extend this offering

13
Security Management PackA set of Security XMPs
for MOM

• Centralizes Windows security management in MOM
• Out-of-the-box security rules, knowledge,
  response actions, reports
• Includes
• XMP for Anti-Virus Applications
• XMP for Microsoft Windows Security
• XMP for NetIQ Security Analyzer

14
Microsoft Audit Collection Services

• Client-Server application to collect security
  events in real time and store them in a SQL
  database
• MACS is NOT a security management application (No
  user interface)

15
MACS MOM

• MACS is a security event collection tool- no
  management capability
• MOM complements MACS- MOM adds management,
  alerting, support for other logs
• MACS v2 will likely be integrated with MOM v2
• MACS v1 will ship with MOM management pack

16
Services

• Security is not just about technology
• Crucial to bring in expertise and knowledge
  transfer into your organisation
• SMB can use service templates and learn from them
  such as MSA -

17
Service Offerings

• Microsoft Solution for Management
• Allows customers to prioritize, test and deploy
  Patches to their environment.
• Delivers proven best practices and infrastructure
  for managing high volumes of patch deployments
  into a Microsoft tools and technology
  environment.
• Enables customers to improve their quality of
  service while reducing total cost of ownership

18
Next Steps

• Review your systems
• Web resources
• http//www.microsoft.com/technet/security/prodtech
  /windows/secwin2k/default.asp
• http//www.microsoft.com/downloads/details.aspx?di
  splaylangenFamilyIDF937A913-F26E-49B5-A21E-20BA
  5930238D
• http//www.microsoft.com/technet/itsolutions/msm/d
  efault.asp
• http//www.microsoft.com/technet/security/issues/w
  2kccscg/default.asp
• http//www.microsoft.com/windows2000/technologies/
  security/default.asp

19
(No Transcript)