Kevin Dean Technology Strategist Education Southeast Microsoft Corporation

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Kevin Dean Technology Strategist Education Southeast Microsoft Corporation"

Transcription

1 Kevin Dean Technology Strategist Education Southeast Microsoft Corporation

2 Security Exploits History The Threat landscape today Microsoft Security Development Lifecycle State of Security today Trends in Software Vulnerability Disclosures Microsoft platform for security Resources

3 What happened in the past?

4 Blaster August 2003 Sasser April 2004 Zotob August 2005 MS October 2008 Alert and prescriptive guidance Online guidance/ Webcast Free worm removal tool Days after the patch we knew of 1 st exploit Products not affected by attacks Within 1 day Within 10 days Within 38 days Within 2 hours Within 2 days Within 3 days 2 days prior Same day Within 3 days Before publicly known (MAPP) 3 times, 2x Same day Didn t need one* +11 days +4 days +2 days -11 days none none XPSP2 Vista, Server 2008

5

6 Local Area Networks First PC virus Boot sector viruses Create notoriety or cause havoc Slow propagation 16-bit DOS Internet Era Macro viruses Script viruses Key loggers Create notoriety or cause havoc Faster propagation 32-bit Windows Broadband prevalent Spyware, Spam Phishing Botnets & Rootkits War Driving Financial motivation Internet wide impact Hyper jacking Peer to Peer Social engineering Application attacks Financial motivation Targeted attacks Network device attacks 32-bit Windows 64-bit Windows

7 Number of Digital IDs Exponential Growth of IDs Identity and access management challenging Increasingly Sophisticated Malware Anti-malware alone is not sufficient 160,000 B2E mobility B2C B2B 120,000 80,000 Number of variants from over 7,000 malware families (1H07) Internet 40,000 0 mainframe client/server Pre-1980s 1980s 1990s 2000s Crime On The Rise Source: Microsoft Security Intelligence Report (January June 2007) Attacks Getting More Sophisticated Traditional defenses are inadequate National Interest Personal Gain Personal Fame Curiosity Largest segment by $ spent on defense Largest area by $ lost Vandal Largest area by volume Thief Trespasser Author Spy Fastest growing segment User GUI Applications Drivers O/S Hardware Physical Examples Spyware Rootkits Application attacks Phishing/Social engineering Script-Kiddy Amateur Expert Specialist

8

9 Release Conception Protect Microsoft customers by Reducing the of vulnerabilities Reducing the of vulnerabilities Prescriptive yet practical approach Proactive not just looking for bugs Eliminate security problems early Secure by design

10 At Microsoft, we believe that delivering secure software requires Executive commitment SDL a mandatory policy at Microsoft since 2004 Training Requirements Design Implementation Verification Release Response Core training Analyze security and privacy risk Define quality gates Threat modeling Attack surface analysis Specify tools Enforce banned functions Static analysis Dynamic/Fuzz testing Verify threat models/attack surface Response plan Final security review Release archive Response execution Ongoing Process Improvements 6 month cycle

11 Infrastructure Optimization Microsoft Security Assessment Toolkit Microsoft Windows Vista Security Whitepapers Microsoft Security Intelligence Report Learning Paths for Security Professionals Microsoft IT Showcase Security Tools & Papers Security Readiness Education and Training

12 Major sections cover Software Vulnerability Disclosures Software Vulnerability Exploits Privacy and Security Breach Notifications Malicious Software and Potentially Unwanted Software , Spam and Phishing Threats

13

14 Rogue security software infections spiked in 2H08 Microsoft products removed rogue security software from more than 10 million computers in 2H08

15 Rogue security software uses multiple social engineering techniques to persuade users to install the software Many rogues mimic genuine security software alerts

16 Further social engineering techniques are discussed in the SIR Worms and social engineering File Format Exploits Spear Phishing and Whaling Online Banking Malware Malware targeting Online Gamers Threats Targeting Music and Video Consumers See the full Security Intelligence Report for more

17

18 Operating system, Browser and Application Disclosures Industry Wide Operating system vulnerabilities 8.8% of the total Browser vulnerabilities 4.5% of the total Other vulnerabilities 86.7% of the total Industry-wide operating system, browser, and other vulnerabilities, 2H03-2H08 3,500 3,000 2,500 2,000 1,500 1, H03 1H04 2H04 1H05 2H05 1H06 2H06 1H07 Operating System Vulnerabilities Browser Vulnerabilities All Other 2H07 1H08 2H08

19 Microsoft vulnerability disclosures Microsoft vulnerability disclosures mirror the industry totals, though on a much smaller scale Vulnerability disclosures for Microsoft and non-microsoft products, 2H03-2H08 3,500 3,000 2,500 2,000 1,500 1, Non-Microsoft Microsoft 2H03 1H04 2H04 1H05 2H05 1H06 2H06 1H07 2H07 1H08 2H08

20 By half year industry wide Vulnerability disclosures in 2H08 down 3% from 1H as a whole down 12% from 2H07 Microsoft proportion only 5% of industry total Industry-wide vulnerability disclosures by half-year, 2H03-2H08 Vulnerability disclosures for Microsoft products, by full year,

21 Adjust risk management processes to ensure that operating systems and applications are protected Security Risk Management Guide for IT professionals is available complianceandpolicies/secrisk/default.mspx Free prescriptive guides for IT professionals default.mspx Participate in IT security communities Example: The Microsoft IT Pro Security Zone community Subscribe to the Microsoft Security Newsletter default.mspx

22 Browser-based exploits by operating system and software vendor On Windows XP-based machines, Microsoft vulnerabilities accounted for 40.9% of the exploits On Windows Vista-based machines, Microsoft vulnerabilities account for only 5.5% of the exploits Browser-based exploits targeting Microsoft and third-party software on computers running Windows XP, 2H08 Browser-based exploits targeting Microsoft and third-party software on computers running Windows Vista, 2H08 Microsoft, 5.5% Microsoft, 40.9% 3rd Party, 59.1% 3rd Party, 94.5%

23 Top 10 browser-based exploits on Windows XP-based machines On Windows XP-based machines Microsoft software accounted for 6 of the top 10 vulnerabilities The most commonly exploited vulnerability was disclosed and patched by Microsoft in 2006 The 10 browser-based vulnerabilities exploited most often on computers running Windows XP, 2H08 10% Microsoft Vulnerabilities Third-Party Vulnerabilities 8% 6% 4% 2% 0%

24 Top 10 browser-based exploits on Windows Vista-based machines On Windows Vista-based machines Microsoft software accounted for none of the top 10 vulnerabilities The 10 browser-based vulnerabilities exploited most often on computers running Windows Vista, 2H08 20% 15% 10% Third-Party Vulnerabilities 5% 0%

25 Exploits against common document formats Data from submissions of malicious code to Microsoft One vulnerability was the target of 91.3% of all attacks Microsoft Office file format exploits, by percentage, encountered in 2H08 CVE % CVE , 2.2% CVE , 2.6% CVE , 1.3% CVE % CVE % CVE , 91.3%

26 Always run up to date software Enable Automatic Updates in Windows Periodically check the Web sites of third-party vendors Uninstall software you don t actively use Use up-to-date anti-malware software from a known, trusted source Enable Data Execution Prevention (DEP) in compatible versions of Windows Enable Structured Exception Handling Overwrite Protection (SEHOP) in Windows Vista SP1 and Windows Server 2008 Set Internet and local intranet security settings in Internet Explorer to High Avoid browsing to Web sites that you do not trust Enable User Account Control in Windows Vista Read messages in plain text format Use the Microsoft Security Assessment Tool (MSAT)

27 Use Microsoft Update instead of Windows Update Ensure that security update MS has been applied to any affected software in your environment Keep your third-party and Microsoft software up to date If possible, upgrade your applications to the most recent versions Avoid opening attachments or clicking links to documents that arrive unexpectedly Use up-to-date anti-malware software from a known, trusted source

28

29 Inbound messages blocked by Forefront Online Security for Exchange content filters, by category, during the last six weeks of 2H08 Phishing, 1.6% Gambling, 1.1% Get Rich Quick, Stock, 0.6% 1.7% Malware, 1.8% Software, 0.5% 419 Scam, 1.9% Fraudulent Diplomas, 2.8% Financial, 3.1% Dating/Sexually Explicit Material, 5.2% Image only, 7.3% Pharmacy - sexual, 10.0% Pharmacy - non sexual, 38.6% Non-pharmacy product ads, 23.6%

30 Phishing Sites and Traffic Active phishing site numbers increased, but each site received far less traffic than 1H08 Phishing sites tracked each month in 2H08 and their target institution types, indexed to the monthly average for 2H July August September October November December Commerce Financial Social Networking Web Service

31

32

33 Use an up-to-date anti-malware product from a known, trusted source Keep your operating system up to date Consider upgrading to the most recent versions of software you use Consider disabling autorun functionality Consider using a user account which does not have administrator privileges for your daily work Use passwords for any network share you configure Avoid opening attachments or clicking links in or instant messages that are received unexpectedly

34 Use a mail client that suppresses active content and blocks unintentional of executable attachments Use a robust spam filter to guard against fraudulent and dangerous If you receive an from a bank or commerce site, visit their site using a pre-bookmarked link or by typing in the link from your monthly statement Deploy inbound and outbound authentication to protect against spoofing and forgery Online gamers are at risk from malware that tries to steal their game assets or credentials

35 Download and use the Malicious Software Removal Tool (MSRT) Support new legislation to help take legal action against criminals Use the Microsoft Security Assessment Tool Keep yourself up to date about emerging threats

36 Core improvements to the Operating Systems

37 Windows Vista Foundation Streamlined User Account Control Enhanced Auditing Security Development Lifecycle process Kernel Patch Protection Windows Service Hardening DEP & ASLR Internet Explorer 8 inclusive Mandatory Integrity Controls Make the system work well for standard users Administrators use full privilege only for administrative tasks File and registry virtualization helps applications that are not UAC compliant XML based Granular audit categories Detailed collection of audit results Simplified compliance management

38 First Year of Vulnerabilities Unfixed Fixed Windows XP Windows Vista RHEL4 reduced UbuntuLTS reduced Mac OS X 10.4 Metric Windows Vista (year 1) Windows XP (year 1) Red Hat rhel4ws reduced (year 1) Ubuntu 6.06 LTS reduced (year 1) Mac OS X 10.4 (year 1) Vulnerabilities fixed Security Updates Patch Events Weeks with at least 1 Patch Event

39 First Year of Vulnerabilities Low Medium High Windows XP SP2 Windows Vista RHEL4 reduced Ubuntu 6.06 LTS reduced Mac OS X Windows Vista in % fewer vulnerabilities than Windows XP 74% fewer vulnerabilities than the next closest (Ubuntu) 47% fewer high severity vulnerabilities than the next closest (Red Hat) Source:

40 Secure Platform Security Development Lifecycle (SDL) Windows Server Virtualization (Hypervisor) Role Management Tool OS File Integrity Data Protection Rights Management Services (RMS) Full volume encryption (Bitlocker) USB Device-connection rules with Group Policy Improved Auditing Windows Server Backup Network Protection Network Access Protection (NAP) Server and Domain Isolation with IPsec End-to-end Network Authentication Windows Firewall With Advanced Security On By Default Identity Access Read-only Domain Controller (RODC) Active Directory Federation Services (ADFS) Administrative Role Separation PKI Management Console Online Certificate Status Protocol

41 Vulnerabilities in First 90 Days Windows Server 2003-all Windows Server 2003-gui Windows Server 2008-all Windows Server 2008-gui Windows Server 2008-core Source: internal study by Jeff Jones

42 % % 8.0% 7.0% % % 9.5% % 3.0% 2.0% 1.0% 0.0% 5.9% 5.3% 5.9% 3.7% 3.3% 3.0% 4.9% 4.2% 3.1% 2.9% MSFT vulns non-msft vulns MSFT % of All Disclosures Source:

43 Secure the Platform Windows7/Server 2008 Secure the Data RMS, EFS, BitLocker (Plus features in Office, SharePoint, etc.) Secure the Network NAP Secure the Wireless Server 2008 Secure the Edge ISA/IAG Secure the Communications Forefront Server, OCS, Exchange Secure the Desktops and Servers Forefront Client Security

44 Services A well Managed Secure Infrastructure is the key! Edge Server Applications Active Directory Federation Services (ADFS) Client and Server OS Certificate Lifecycle Management Information Protection Identity & Access Management Systems Management Operations Manager 2007 Configuration Manager 2007 Data Protection Manager Mobile Device Manager 2008 SDL TWC

45 microsoft.com/security_essentials/ microsoft.com/sir microsoft.com/protect microsoft.com/forefront Malicious Software Removal Tool (MSRT) Microsoft Customer Service & Support Security incidents are FREE

46 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Andrea Valboni National Technology Officer Public Sector Microsoft Italy

Andrea Valboni National Technology Officer Public Sector Microsoft Italy Andrea Valboni National Technology Officer Public Sector Microsoft Italy CRITIS Frascati, 15 Ottobre 2008 Evolving Security Threat Landscape Trustworthy Computing Vision Addressing Security Threats Public

More information

Scott Charney Corporate Vice President, Trustworthy Computing Microsoft Corporation

Scott Charney Corporate Vice President, Trustworthy Computing Microsoft Corporation Scott Charney Corporate Vice President, Trustworthy Computing Microsoft Corporation Social: Enabling a global village Economic: Easier, faster, cheaper commerce Political: Freer exchange of ideas Loss

More information

Operating System Security

Operating System Security Operating System Security Klaus Schütz Windows OS Security Microsoft Redmond Before I start My VP love(d) me A frustrated friend 1 Agenda Evolution of Threats Client vs. Server Security Operating System

More information

Anirudh Singh Rautela Security & Privacy Initiative Lead & Product Marketing Manager Security Microsoft

Anirudh Singh Rautela Security & Privacy Initiative Lead & Product Marketing Manager Security Microsoft Anirudh Singh Rautela Security & Privacy Initiative Lead & Product Marketing Manager Security Microsoft Integrated security eases defense in depth architecture deployment Adoption of open standards allows

More information

Microsoft Security Intelligence Report volume 7 (January through June 2009)

Microsoft Security Intelligence Report volume 7 (January through June 2009) Microsoft Security Intelligence Report volume 7 (January through June 2009) Key Findings Summary Volume 7 of the Microsoft Security Intelligence Report provides an in-depth perspective on malicious and

More information

Elements to a Secure Environment Becoming Resilient Towards Modern Cyberthreats. Windows XP Support Has Ended Why It Concerns You

Elements to a Secure Environment Becoming Resilient Towards Modern Cyberthreats. Windows XP Support Has Ended Why It Concerns You Elements to a Secure Environment Becoming Resilient Towards Modern Cyberthreats Windows XP Support Has Ended Why It Concerns You Protect Detect Respond 1 02 Windows XP support has ended Windows XP support

More information

Seven for 7: Best practices for implementing Windows 7

Seven for 7: Best practices for implementing Windows 7 Seven for 7: Best practices for implementing Windows 7 The early reports are in, and it s clear that Microsoft s Windows 7 is off to a fast start thanks in part to Microsoft s liberal Windows 7 beta program

More information

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013 CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control

More information

Windows Vista: Is it secure enough for business?

Windows Vista: Is it secure enough for business? Windows Vista: Is it secure enough for business? Five years after the release of Windows XP, Microsoft s primary stated goal with Windows Vista has been to reduce security vulnerabilities and overall susceptibility

More information

Michael Nowacki, CISSP - ISSAP. Security & Management Solutions Specialist Microsoft Canada Michael.Nowacki@Microsoft.com

Michael Nowacki, CISSP - ISSAP. Security & Management Solutions Specialist Microsoft Canada Michael.Nowacki@Microsoft.com Michael Nowacki, CISSP - ISSAP Security & Management Solutions Specialist Microsoft Canada Michael.Nowacki@Microsoft.com More advanced Application-oriented More frequent Profit motivated Too many point

More information

MCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features

MCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features MCTS Guide to Microsoft Windows 7 Chapter 7 Windows 7 Security Features Objectives Describe Windows 7 Security Improvements Use the local security policy to secure Windows 7 Enable auditing to record security

More information

Security and Compliance. Robert Nottoli Principal Technology Specialist Microsoft Corporation robnotto@microsoft.com

Security and Compliance. Robert Nottoli Principal Technology Specialist Microsoft Corporation robnotto@microsoft.com Security and Compliance Robert Nottoli Principal Technology Specialist Microsoft Corporation robnotto@microsoft.com DISCLAIMER FOR DOCUMENTATION REGARDING PRE-RELEASED SOFTWARE This document supports a

More information

Protecting Your Organisation from Targeted Cyber Intrusion

Protecting Your Organisation from Targeted Cyber Intrusion Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology

More information

T21: Microsoft Windows Server and Client Security Donald E. Hester, Maze Associates

T21: Microsoft Windows Server and Client Security Donald E. Hester, Maze Associates T21: Microsoft Windows Server and Client Security Donald E. Hester, Maze Associates Microsoft Windows Server and Client Security Windows 7, Vista and Server 2008 R2 Donald E. Hester CISSP, CISA, CAP, MCT,

More information

Windows Phone 8 Security Overview

Windows Phone 8 Security Overview Windows Phone 8 Security Overview This white paper is part of a series of technical papers designed to help IT professionals evaluate Windows Phone 8 and understand how it can play a role in their organizations.

More information

Locking down a Hitachi ID Suite server

Locking down a Hitachi ID Suite server Locking down a Hitachi ID Suite server 2016 Hitachi ID Systems, Inc. All rights reserved. Organizations deploying Hitachi ID Identity and Access Management Suite need to understand how to secure its runtime

More information

Windows XP Support stops on 8. April 2014

Windows XP Support stops on 8. April 2014 Elements to a Secure Environment Becoming Resilient Towards Modern Cyberthreats 1 Windows XP Support stops on 8. April 2014 Elements to a Secure Environment Becoming Resilient Towards Modern Cyberthreats

More information

Microsoft Update Management. Sam Youness Microsoft

Microsoft Update Management. Sam Youness Microsoft Microsoft Update Management Sam Youness Microsoft Microsoft s Areas of Focus for ICS Risk Management Secure Development Device and Network Security Identity and Access Management Operational Response Get

More information

Implementing Security Update Management

Implementing Security Update Management Implementing Security Update Management Wayne Harris MCSE Senior Consultant Certified Security Solutions Business Case for Update Management When determining the potential financial impact of poor update

More information

Seqrite Antivirus for Server

Seqrite Antivirus for Server Enterprise Security Solutions by Quick Heal Seqrite Best server security with optimum performance. Product Highlights Easy installation, optimized antivirus scanning, and minimum resource utilization.

More information

Larry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping

Larry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping Larry Wilson Version 1.0 November, 2013 University Cyber-security Program Critical Asset Mapping Part 3 - Cyber-Security Controls Mapping Cyber-security Controls mapped to Critical Asset Groups CSC Control

More information

Using WMI Scripts with BitDefender Client Security

Using WMI Scripts with BitDefender Client Security Using WMI Scripts with BitDefender Client Security Whitepaper Copyright 2009 BitDefender; Table of Contents 1. Introduction... 3 2. Key Benefits... 4 3. Available WMI Script Templates... 5 4. Operation...

More information

Total Defense Endpoint Premium r12

Total Defense Endpoint Premium r12 DATA SHEET Total Defense Endpoint Premium r12 Overview: Total Defense Endpoint Premium Edition r12 offers comprehensive protection for networks, endpoints and groupware systems from intrusions, malicious

More information

Did you know your security solution can help with PCI compliance too?

Did you know your security solution can help with PCI compliance too? Did you know your security solution can help with PCI compliance too? High-profile data losses have led to increasingly complex and evolving regulations. Any organization or retailer that accepts payment

More information

Computer Security: Principles and Practice

Computer Security: Principles and Practice Computer Security: Principles and Practice Chapter 24 Windows and Windows Vista Security First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Windows and Windows Vista Security

More information

Step-by-Step Guide to Securing Windows XP Professional with Service Pack 2 in Small and Medium Businesses

Step-by-Step Guide to Securing Windows XP Professional with Service Pack 2 in Small and Medium Businesses Step-by-Step Guide to Securing Windows XP Professional with Service Pack 2 in Small and Medium Businesses 2004 Microsoft Corporation. All rights reserved. This document is for informational purposes only.

More information

isheriff CLOUD SECURITY

isheriff CLOUD SECURITY isheriff CLOUD SECURITY isheriff is the industry s first cloud-based security platform: providing fully integrated endpoint, Web and email security, delivered through a single Web-based management console

More information

Quick Heal Exchange Protection 4.0

Quick Heal Exchange Protection 4.0 Quick Heal Exchange Protection 4.0 Customizable Spam Filter. Uninterrupted Antivirus Security. Product Highlights Built-in defense keeps your business communications and sensitive information secure from

More information

Information Security Threat Trends

Information Security Threat Trends Talk @ Microsoft Security Day Sep 2005 Information Security Threat Trends Mr. S.C. Leung 梁 兆 昌 Senior Consultant 高 級 顧 問 CISSP CISA CBCP M@PISA Email: scleung@hkcert.org 香 港 電 腦 保 安 事 故 協 調 中 心 Introducing

More information

Course Description. Course Audience. Course Outline. Course Page - Page 1 of 12

Course Description. Course Audience. Course Outline. Course Page - Page 1 of 12 Course Page - Page 1 of 12 Windows 7 Enterprise Desktop Support Technician M-50331 Length: 5 days Price: $2,795.00 Course Description This five-day instructor-led course provides students with the knowledge

More information

Endpoint protection for physical and virtual desktops

Endpoint protection for physical and virtual desktops datasheet Trend Micro officescan Endpoint protection for physical and virtual desktops In the bring-your-own-device (BYOD) environment, protecting your endpoints against ever-evolving threats has become

More information

for businesses with more than 25 seats

for businesses with more than 25 seats for businesses with more than 25 seats ESET Business Solutions 1/6 Whether your business is just starting out or is established, there are a few things that you should expect from the software you use

More information

Microsoft Security Intelligence Report

Microsoft Security Intelligence Report Microsoft Security Intelligence Report Volume 16 July through December, 2013 Key Findings Summary This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY,

More information

Windows 7, Enterprise Desktop Support Technician

Windows 7, Enterprise Desktop Support Technician Course 50331D: Windows 7, Enterprise Desktop Support Technician Page 1 of 11 Windows 7, Enterprise Desktop Support Technician Course 50331D: 4 days; Instructor-Led Introduction This four-day instructor-ledcourse

More information

Windows 7, Enterprise Desktop Support Technician Course 50331: 5 days; Instructor-led

Windows 7, Enterprise Desktop Support Technician Course 50331: 5 days; Instructor-led Lincoln Land Community College Capital City Training Center 130 West Mason Springfield, IL 62702 217-782-7436 www.llcc.edu/cctc Windows 7, Enterprise Desktop Support Technician Course 50331: 5 days; Instructor-led

More information

Lectures 9 Advanced Operating Systems Fundamental Security. Computer Systems Administration TE2003

Lectures 9 Advanced Operating Systems Fundamental Security. Computer Systems Administration TE2003 Lectures 9 Advanced Operating Systems Fundamental Security Computer Systems Administration TE2003 Lecture overview At the end of lecture 9 students can identify, describe and discuss: Main factors while

More information

2014 Entry Form (Complete one for each entry.) Fill out the entry name exactly as you want it listed in the program.

2014 Entry Form (Complete one for each entry.) Fill out the entry name exactly as you want it listed in the program. 2014 Entry Form (Complete one for each entry.) Fill out the entry name exactly as you want it listed in the program. Entry Name HFA Submission Contact Phone Email Qualified Entries must be received by

More information

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems Course: Information Security Management in e-governance Day 1 Session 5: Securing Data and Operating systems Agenda Introduction to information, data and database systems Information security risks surrounding

More information

The Education Fellowship Finance Centralisation IT Security Strategy

The Education Fellowship Finance Centralisation IT Security Strategy The Education Fellowship Finance Centralisation IT Security Strategy Introduction This strategy outlines the security systems in place to optimise, manage and protect The Education Fellowship data and

More information

Certified Secure Computer User

Certified Secure Computer User Certified Secure Computer User Exam Info Exam Name CSCU (112-12) Exam Credit Towards Certification Certified Secure Computer User (CSCU). Students need to pass the online EC-Council exam to receive the

More information

Prepared for: The American Association of State Highway and Transportation Officials. Julian Soh Microsoft Corporation. Julian.Soh@microsoft.

Prepared for: The American Association of State Highway and Transportation Officials. Julian Soh Microsoft Corporation. Julian.Soh@microsoft. Prepared for: The American Association of State Highway and Transportation Officials Julian Soh Microsoft Corporation Julian.Soh@microsoft.com This is a directional view into Windows investments for businesses

More information

"Charting the Course... ... to Your Success!" MOC 50331 D Windows 7 Enterprise Desktop Support Technician Course Summary

Charting the Course... ... to Your Success! MOC 50331 D Windows 7 Enterprise Desktop Support Technician Course Summary Description Course Summary This course provides students with the knowledge and skills needed to isolate, document and resolve problems on a Windows 7 desktop or laptop computer. It will also help test

More information

Cyber Security Education & Awareness. Guide for User s

Cyber Security Education & Awareness. Guide for User s Cyber Security Education & Awareness Guide for User s Release Q1 2010 Version 1.1 CONTENTS 1. Introduction 2. Protection against Nasty Code 3. System Security Maintenance 4. Personal Firewalls 5. Wireless

More information

Endpoint protection for physical and virtual desktops

Endpoint protection for physical and virtual desktops datasheet Trend Micro officescan Endpoint protection for physical and virtual desktops In the bring-your-own-device (BYOD) environment, protecting your endpoints against ever-evolving threats has become

More information

Data Management Policies. Sage ERP Online

Data Management Policies. Sage ERP Online Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...

More information

Getting Ahead of Malware

Getting Ahead of Malware IT@Intel White Paper Intel Information Technology Security December 2009 Getting Ahead of Malware Executive Overview Since implementing our security event monitor and detection processes two years ago,

More information

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,

More information

Seqrite Endpoint Security

Seqrite Endpoint Security Enterprise Security Solutions by Quick Heal Seqrite Essential enterprise security for every connected endpoint SME Edition Product Highlights A must-have endpoint security solution that provides the best

More information

Keeping Windows 8.1 safe and secure

Keeping Windows 8.1 safe and secure Keeping Windows 8.1 safe and secure 14 IN THIS CHAPTER, YOU WILL LEARN HOW TO Work with the User Account Control. Use Windows Firewall. Use Windows Defender. Enhance the security of your passwords. Security

More information

Meng-Chow Kang, CISSP, CISA (ISC) 2 Asia Advisory Board. Chief Security Advisor Microsoft Greater China Region

Meng-Chow Kang, CISSP, CISA (ISC) 2 Asia Advisory Board. Chief Security Advisor Microsoft Greater China Region Meng-Chow Kang, CISSP, CISA (ISC) 2 Asia Advisory Board Chief Security Advisor Microsoft Greater China Region Vulnerability Disclosure, Malware, and Potentially Unwanted Software Information challenges

More information

System Security Policy Management: Advanced Audit Tasks

System Security Policy Management: Advanced Audit Tasks System Security Policy Management: Advanced Audit Tasks White Paper October 6, 2005 2005 Altiris Inc. All rights reserved. ABOUT ALTIRIS Altiris, Inc. is a pioneer of IT lifecycle management software that

More information

ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS

ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS $ ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS Boston Private Bank & Trust Company takes great care to safeguard the security of your Online Banking transactions. In addition to our robust security

More information

AVG AntiVirus. How does this benefit you?

AVG AntiVirus. How does this benefit you? AVG AntiVirus Award-winning antivirus protection detects, blocks, and removes viruses and malware from your company s PCs and servers. And like all of our cloud services, there are no license numbers to

More information

Chapter 15: Computer and Network Security

Chapter 15: Computer and Network Security Chapter 15: Computer and Network Security Complete CompTIA A+ Guide to PCs, 6e What is in a security policy Mobile device security methods and devices To perform operating system and data protection How

More information

Windows 7, Enterprise Desktop Support Technician

Windows 7, Enterprise Desktop Support Technician Windows 7, Enterprise Desktop Support Technician Course Number: 70-685 Certification Exam This course is preparation for the Microsoft Certified IT Professional (MCITP) Exam, Exam 70-685: Pro: Windows

More information

Get Started Guide - PC Tools Internet Security

Get Started Guide - PC Tools Internet Security Get Started Guide - PC Tools Internet Security Table of Contents PC Tools Internet Security... 1 Getting Started with PC Tools Internet Security... 1 Installing... 1 Getting Started... 2 iii PC Tools

More information

Computer Security Maintenance Information and Self-Check Activities

Computer Security Maintenance Information and Self-Check Activities Computer Security Maintenance Information and Self-Check Activities Overview Unlike what many people think, computers are not designed to be maintenance free. Just like cars they need routine maintenance.

More information

This white paper from Stylusinc describes how enterprises benefits by migrating to Microsoft Office 365 and how it is bringing about a sea change in

This white paper from Stylusinc describes how enterprises benefits by migrating to Microsoft Office 365 and how it is bringing about a sea change in This white paper from Stylusinc describes how enterprises benefits by migrating to Microsoft Office 365 and how it is bringing about a sea change in how enterprises look at basic things like email collaboration

More information

CA Nimsoft Monitor. Probe Guide for E2E Application Response Monitoring. e2e_appmon v2.2 series

CA Nimsoft Monitor. Probe Guide for E2E Application Response Monitoring. e2e_appmon v2.2 series CA Nimsoft Monitor Probe Guide for E2E Application Response Monitoring e2e_appmon v2.2 series Copyright Notice This online help system (the "System") is for your informational purposes only and is subject

More information

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft) 1- A (firewall) is a computer program that permits a user on the internal network to access the internet but severely restricts transmissions from the outside 2- A (system failure) is the prolonged malfunction

More information

70-685: Enterprise Desktop Support Technician

70-685: Enterprise Desktop Support Technician 70-685: Enterprise Desktop Support Technician Course Introduction Course Introduction Chapter 01 - Identifying Cause and Resolving Desktop Application Issues Identifying Cause and Resolving Desktop Application

More information

Windows 7. Qing Liu Qing.Liu@chi.frb.org Michael Stevens Michael.Stevens@chi.frb.org

Windows 7. Qing Liu Qing.Liu@chi.frb.org Michael Stevens Michael.Stevens@chi.frb.org Windows 7 Qing Liu Qing.Liu@chi.frb.org Michael Stevens Michael.Stevens@chi.frb.org 1 Overview 1. Financial Institution s Preliminary Steps 2. User Interface 3. Data Protection 4. User and Group Changes

More information

Student Tech Security Training. ITS Security Office

Student Tech Security Training. ITS Security Office Student Tech Security Training ITS Security Office ITS Security Office Total Security is an illusion security will always be slightly broken. Find strategies for living with it. Monitor our Network with

More information

Symantec Mobile Security

Symantec Mobile Security Advanced threat protection for mobile devices Data Sheet: Endpoint Management and Mobility Overview The combination of uncurated app stores, platform openness, and sizeable marketshare, make the Android

More information

Solution Recipe: Improve PC Security and Reliability with Intel Virtualization Technology

Solution Recipe: Improve PC Security and Reliability with Intel Virtualization Technology Solution Recipe: Improve PC Security and Reliability with Intel Virtualization Technology 30406_VT_Brochure.indd 1 6/20/06 4:01:14 PM Preface Intel has developed a series of unique Solution Recipes designed

More information

Interactive welcome kit. 866.603.3199 Charter-Business.com CB.016.fibCD.0210

Interactive welcome kit. 866.603.3199 Charter-Business.com CB.016.fibCD.0210 CHARTER BUSINESS FIBER INTERNET Interactive welcome kit 866.603.3199 Charter-Business.com CB.016.fibCD.0210 CHARTER BUSINESS FIBER INTERNET 2 Turn your contacts on to affordable, powerful solutions from

More information

Microsoft Security Incident Response. Roberto Arbeláez Security Program Manager for LATAM Microsoft Corporation

Microsoft Security Incident Response. Roberto Arbeláez Security Program Manager for LATAM Microsoft Corporation Microsoft Security Incident Response Roberto Arbeláez Security Program Manager for LATAM Microsoft Corporation roberto.arbelaez@microsoft.com Agenda Microsoft Security Stakeholders Threat Landscape Security

More information

Promoting Network Security (A Service Provider Perspective)

Promoting Network Security (A Service Provider Perspective) Promoting Network Security (A Service Provider Perspective) Prevention is the Foundation H S Gupta DGM (Technical) Data Networks, BSNL hsgupta@bsnl.co.in DNW, BSNL 1 Agenda Importance of Network Security

More information

10 Potential Risk Facing Your IT Department: Multi-layered Security & Network Protection. September 2011

10 Potential Risk Facing Your IT Department: Multi-layered Security & Network Protection. September 2011 10 Potential Risk Facing Your IT Department: Multi-layered Security & Network Protection September 2011 10 Potential Risks Facing Your IT Department: Multi-layered Security & Network Protection 2 It s

More information

WEBTHREATS. Constantly Evolving Web Threats Require Revolutionary Security. Securing Your Web World

WEBTHREATS. Constantly Evolving Web Threats Require Revolutionary Security. Securing Your Web World Securing Your Web World WEBTHREATS Constantly Evolving Web Threats Require Revolutionary Security ANTI-SPYWARE ANTI-SPAM WEB REPUTATION ANTI-PHISHING WEB FILTERING Web Threats Are Serious Business Your

More information

Module 3: Resolve Software Failure This module explains how to fix problems with applications that have problems after being installed.

Module 3: Resolve Software Failure This module explains how to fix problems with applications that have problems after being installed. CÔNG TY CỔ PHẦN TRƯỜNG CNTT TÂN ĐỨC TAN DUC INFORMATION TECHNOLOGY SCHOOL JSC LEARN MORE WITH LESS! 50331 - Windows 7, Enterprise Desktop Support Technician Duration: 5 days About this Course This five-day

More information

On-Site Computer Solutions values these technologies as part of an overall security plan:

On-Site Computer Solutions values these technologies as part of an overall security plan: Network Security Best Practices On-Site Computer Solutions Brian McMurtry Version 1.2 Revised June 23, 2008 In a business world where data privacy, integrity, and security are paramount, the small and

More information

Regulatory Compliance and Least Privilege Security

Regulatory Compliance and Least Privilege Security Regulatory Compliance and Least Privilege Security Whitepaper As the requirement to comply with industry and government regulations, such as PCI DSS and Government Connect (or FDDC in the States), becomes

More information

2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security

2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security 2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security For 10 years, Microsoft has been studying and analyzing the threat landscape of exploits, vulnerabilities, and malware.

More information

G/On. Basic Best Practice Reference Guide Version 6. For Public Use. Make Connectivity Easy

G/On. Basic Best Practice Reference Guide Version 6. For Public Use. Make Connectivity Easy For Public Use G/On Basic Best Practice Reference Guide Version 6 Make Connectivity Easy 2006 Giritech A/S. 1 G/On Basic Best Practices Reference Guide v.6 Table of Contents Scope...3 G/On Server Platform

More information

Kaspersky Endpoint Security 10 for Windows. Deployment guide

Kaspersky Endpoint Security 10 for Windows. Deployment guide Kaspersky Endpoint Security 10 for Windows Deployment guide Introduction Typical Corporate Network Network servers Internet Gateway Workstations Mail servers Portable media Malware Intrusion Routes Viruses

More information

Mobile Network Access Control

Mobile Network Access Control Mobile Network Access Control Extending Corporate Security Policies to Mobile Devices WHITE PAPER Executive Summary Network Access Control (NAC) systems protect corporate assets from threats posed by devices

More information

What Do You Mean My Cloud Data Isn t Secure?

What Do You Mean My Cloud Data Isn t Secure? Kaseya White Paper What Do You Mean My Cloud Data Isn t Secure? Understanding Your Level of Data Protection www.kaseya.com As today s businesses transition more critical applications to the cloud, there

More information

GFI White Paper PCI-DSS compliance and GFI Software products

GFI White Paper PCI-DSS compliance and GFI Software products White Paper PCI-DSS compliance and Software products The Payment Card Industry Data Standard () compliance is a set of specific security standards developed by the payment brands* to help promote the adoption

More information

Windows 7 Security Overview

Windows 7 Security Overview Windows 7 Security: To Protect and Serve Matthew Hartel Application Analyst White and Williams LLP hartelm@whiteandwilliams.com Tel: 215-864-7485 J. Abernethy Practice Manager Legal Applications mindshift

More information

Symantec Protection Suite Small Business Edition

Symantec Protection Suite Small Business Edition Easy-to-use, all-in-one suite designed for small businesses Overview Suite Small Business is an easyto-use, all-in-one suite that secures your critical business assets and information against today s complex

More information

1. Introduction to DirectAccess. 2. Technical Introduction. 3. Technical Details within Demo. 4. Summary

1. Introduction to DirectAccess. 2. Technical Introduction. 3. Technical Details within Demo. 4. Summary 1. Introduction to DirectAccess 2. Technical Introduction 3. Technical Details within Demo 4. Summary Section 2: Technical Introduction Solution Overview Compliant Client Compliant Client Internet

More information

Alexander De Houwer Technology Advisor Devices Win 10 Vincent Dal Technology Advisor Business Productivity

Alexander De Houwer Technology Advisor Devices Win 10 Vincent Dal Technology Advisor Business Productivity Alexander De Houwer Technology Advisor Devices Win 10 Vincent Dal Technology Advisor Business Productivity Agenda INTRODUCTION (5 slides) WINDOWS 10 (10 slides) OFFICE 2016 (11 slides) Enterprise Mobility

More information

PC Security and Maintenance

PC Security and Maintenance PC Security and Maintenance by IMRAN GHANI PC Maintenance and Security-Forecast. Major sources of danger. Important steps to protect your PC. PC Security Tools. PC Maintenance Tools. Tips. PC Security-

More information

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both. But it s

More information

Best Practice Configurations for OfficeScan (OSCE) 10.6

Best Practice Configurations for OfficeScan (OSCE) 10.6 Best Practice Configurations for OfficeScan (OSCE) 10.6 Applying Latest Patch(es) for OSCE 10.6 To find out the latest patches for OfficeScan, click here. Enable Smart Clients 1. Ensure that Officescan

More information

Top 20 Critical Security Controls

Top 20 Critical Security Controls Top 20 Critical Security Controls July 2015 Contents Compliance Guide 01 02 03 04 Introduction 1 How Rapid7 Can Help 2 Rapid7 Solutions for the Critical Controls 3 About Rapid7 11 01 INTRODUCTION The Need

More information

Network Access Control ProCurve and Microsoft NAP Integration

Network Access Control ProCurve and Microsoft NAP Integration HP ProCurve Networking Network Access Control ProCurve and Microsoft NAP Integration Abstract...2 Foundation...3 Network Access Control basics...4 ProCurve Identity Driven Manager overview...5 Microsoft

More information

Malware & Botnets. Botnets

Malware & Botnets. Botnets - 2 - Malware & Botnets The Internet is a powerful and useful tool, but in the same way that you shouldn t drive without buckling your seat belt or ride a bike without a helmet, you shouldn t venture online

More information

Quick Start. Installing the software. for Webroot Internet Security Complete, Version 7.0

Quick Start. Installing the software. for Webroot Internet Security Complete, Version 7.0 Quick Start for Webroot Internet Security Complete, Version 7.0 This Quick Start describes how to install and begin using the Webroot Internet Security Complete 2011 software. This integrated suite delivers

More information

About the Authors About the Technical Editor

About the Authors About the Technical Editor Acknowledgments p. xiii About the Authors p. xv About the Technical Editor p. xix Foreword p. xxi Planning Platform Security p. 1 Reviewing the Gore Security Principles p. 2 Planning a Secure Platform

More information

Best Practices: Corporate Online Banking Security

Best Practices: Corporate Online Banking Security Best Practices: Corporate Online Banking Security These Best Practices assume that your organization has a commercially-reasonable security infrastructure in place. These Best Practices are not comprehensive

More information

Today s Topics. Protect - Detect - Respond A Security-First Strategy. HCCA Compliance Institute April 27, 2009. Concepts.

Today s Topics. Protect - Detect - Respond A Security-First Strategy. HCCA Compliance Institute April 27, 2009. Concepts. Protect - Detect - Respond A Security-First Strategy HCCA Compliance Institute April 27, 2009 1 Today s Topics Concepts Case Study Sound Security Strategy 2 1 Security = Culture!! Security is a BUSINESS

More information

Contents. McAfee Internet Security 3

Contents. McAfee Internet Security 3 User Guide i Contents McAfee Internet Security 3 McAfee SecurityCenter... 5 SecurityCenter features... 6 Using SecurityCenter... 7 Fixing or ignoring protection problems... 16 Working with alerts... 21

More information

Symantec Endpoint Protection Small Business Edition 12.1.2 Getting Started Guide

Symantec Endpoint Protection Small Business Edition 12.1.2 Getting Started Guide Symantec Endpoint Protection Small Business Edition 12.1.2 Getting Started Guide Symantec Endpoint Protection Small Business Edition Getting Started Guide The software described in this book is furnished

More information

Securing the Cloud Infrastructure

Securing the Cloud Infrastructure EXECUTIVE STRATEGY BRIEF Microsoft recognizes that security and privacy protections are essential to building the necessary customer trust for cloud computing to reach its full potential. This strategy

More information

Cyber Essentials Scheme

Cyber Essentials Scheme Cyber Essentials Scheme Requirements for basic technical protection from cyber attacks June 2014 December 2013 Contents Contents... 2 Introduction... 3 Who should use this document?... 3 What can these

More information

Business continuity. Protecting your systems in today s world

Business continuity. Protecting your systems in today s world Business continuity Protecting your systems in today s world Introduction Lee Drake, OS-Cubed, Inc. Contact: ldrake@os-cubed.com Phone: 585-756-2444 30 years of support LOL Cat warning Warning this presentation

More information

Introduction. PCI DSS Overview

Introduction. PCI DSS Overview Introduction Manage Engine Desktop Central is part of ManageEngine family that represents entire IT infrastructure with products such as Network monitoring, Helpdesk management, Application management,

More information

WildFire Overview. WildFire Administrator s Guide 1. Copyright 2007-2015 Palo Alto Networks

WildFire Overview. WildFire Administrator s Guide 1. Copyright 2007-2015 Palo Alto Networks WildFire Overview WildFire provides detection and prevention of zero-day malware using a combination of malware sandboxing and signature-based detection and blocking of malware. WildFire extends the capabilities

More information