Security for Mere Mortals Security for Mere Mortals Steve Lamb Steve Lamb http://blogs.msdn.com/steve_lamb http://blogs.msdn.com/steve_lamb Technical Security Advisor Technical Security Advisor Microsoft Ltd Microsoft Ltd
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Security for Mere MortalsSecurity for Mere Mortals
Steve Lamb Steve Lamb
http://blogs.msdn.com/steve_lambhttp://blogs.msdn.com/steve_lamb
Technical Security AdvisorTechnical Security Advisor
Microsoft LtdMicrosoft Ltd
Microsoft Technical Roadshow 2005Microsoft Technical Roadshow 2005
2-days of in-depth technology information2-days of in-depth technology information
Birmingham – 24-25 MayBirmingham – 24-25 May
Harrogate – 1-2 JuneHarrogate – 1-2 June
London – 7-8 JuneLondon – 7-8 June
Register now at: Register now at: www.microsoft.com/uk/techroadshowwww.microsoft.com/uk/techroadshow
Ground Rules for this SessionGround Rules for this Session
It’s YOUR session based on your requestsIt’s YOUR session based on your requests
Interaction WILL BE rewardedInteraction WILL BE rewarded
Don’t be ShyDon’t be Shy
There are NO STUPID questionsThere are NO STUPID questions
We’re all friends here!We’re all friends here!
““You don’t put brakes on a car to go You don’t put brakes on a car to go slowerslower
– – you put them on to go you put them on to go fasterfaster more more safelysafely””
User education is keyUser education is key
As are processes and proceduresAs are processes and procedures
Mis-configuredMis-configured systems are a major threat systems are a major threat
““Good Security enables business to Good Security enables business to do do moremore with with lessless risk” risk”
Hold off the Rocket ScienceHold off the Rocket Science
Apply Technology to Support the Business PolicyApply Technology to Support the Business Policy
Learn how the business worksLearn how the business works
Don’t get in the way!Don’t get in the way!
Keep It Simple Stupid!Keep It Simple Stupid!
Why Security Policies Fail!Why Security Policies Fail!
Get a decent POLICY First!Get a decent POLICY First!
Forget the Rocket ScienceForget the Rocket ScienceStart with a mandate from the topStart with a mandate from the topDefine a realistic policy based on how users Define a realistic policy based on how users actually work!actually work!Keep it up to dateKeep it up to dateCommunicate itCommunicate itWhy?Why?Punish OffendersPunish Offenders
PhishingPhishing
ISA – Application Layer FirewallingISA – Application Layer FirewallingCurrently – most firewalls check only basic packet informationCurrently – most firewalls check only basic packet information
Real world equivalent of looking at the number and destination of a bus – Real world equivalent of looking at the number and destination of a bus – and not looking at the passengersand not looking at the passengers
XP SP2XP SP2
Windows FirewallWindows Firewall
Basic behaviorBasic behavior
Outbound TCPOutbound TCPResponse from Response from target IP onlytarget IP only
Outbound UDPOutbound UDPResponse from any Response from any IP;IP;closed after 90 closed after 90 seconds of inactivityseconds of inactivityOutboundOutboundb’cast and m’castb’cast and m’castOpen for 3 seconds Open for 3 seconds to permit reponse to permit reponse from same subnet from same subnet onlyonly
Unsolicited for appsUnsolicited for appsApplication must be Application must be on exception liston exception list
Unsolicited for Unsolicited for servicesservicesPort must be statically Port must be statically openedopened
Unsolicited RPCUnsolicited RPCFirewall must be Firewall must be configured to configured to permit inbound RPCpermit inbound RPC
Internet ExplorerInternet Explorer
Managing pop-upsManaging pop-ups
Internet ExplorerInternet Explorer
Pre-SP2 IE ActiveX warningPre-SP2 IE ActiveX warning
Internet ExplorerInternet Explorer
New IE ActiveX noticeNew IE ActiveX notice
Training and AwarenessTraining and Awareness
PEOPLE
Social Engineering:•IM and IRC downloads
Training and Awareness:•Apply procedures
Carrot not stick:•Recognise employees
Process - The GlueProcess - The Glue
No where else in society do we put so much No where else in society do we put so much faith in technology. No-one has said, “faith in technology. No-one has said, “This This door lock is so effective that we don’t need door lock is so effective that we don’t need
police protection and breaking and police protection and breaking and entering laws.” entering laws.”
Products work to a certain extent but you Products work to a certain extent but you need processes in place to leverage their need processes in place to leverage their
effectiveness.effectiveness.
SOURCE: Bruce Schneier, CTO, CounterpaneSOURCE: Bruce Schneier, CTO, Counterpane
PROCESS
Embrace ProcessEmbrace Process
TECHNOLOGY
Limit privilege
Secure weakestlink
Defend in depth
Enlist users
Detect attacks
Embrace simplicity
Be vigilant
Watch the watchers
RMSRMS
How good is YOUR Security How good is YOUR Security Knowledge?Knowledge?
http://www.microsoft.com/emea/gatekeepertest http://www.microsoft.com/emea/gatekeepertest
Guidance and ToolsGuidance and ToolsDelivering Support, Creating CommunityDelivering Support, Creating Community
Security toolsSecurity toolsSecurity Bulletin Search ToolSecurity Bulletin Search Tool
http://www.microsoft.com/technet/security/current.aspx http://www.microsoft.com/technet/security/current.aspx
Guidance and trainingGuidance and trainingSecurity Guidance CenterSecurity Guidance Center
http://www.microsoft.com/security/guidance/default.mspx http://www.microsoft.com/security/guidance/default.mspx
How Microsoft Secure our own Infastructure - ITShowcaseHow Microsoft Secure our own Infastructure - ITShowcasehttp://www.microsoft.com/itshowcasehttp://www.microsoft.com/itshowcase
E-Learning ClinicsE-Learning Clinicshttps://www.microsoftelearning.com/security/ https://www.microsoftelearning.com/security/
Community engagementCommunity engagementNewslettersNewsletters
http://www.microsoft.com/technet/security/secnews/newsletter.htm http://www.microsoft.com/technet/security/secnews/newsletter.htm
Webcasts and chatsWebcasts and chatshttp://www.microsoft.com/seminar/events/security.mspxhttp://www.microsoft.com/seminar/events/security.mspx
© 2005 Microsoft Corporation. All rights reserved. This presentation is for © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only.informational purposes only.MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.SUMMARY.
www.microsoft.com/uk/security
www.microsoft.com/uk/technet/learning
Related Documents
