Kevin Dean Technology Strategist Education Southeast Microsoft Corporation

Similar documents
Andrea Valboni National Technology Officer Public Sector Microsoft Italy

Scott Charney Corporate Vice President, Trustworthy Computing Microsoft Corporation

Operating System Security

Anirudh Singh Rautela Security & Privacy Initiative Lead & Product Marketing Manager Security Microsoft

Microsoft Security Intelligence Report volume 7 (January through June 2009)

Elements to a Secure Environment Becoming Resilient Towards Modern Cyberthreats. Windows XP Support Has Ended Why It Concerns You

Seven for 7: Best practices for implementing Windows 7

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

Windows Vista: Is it secure enough for business?

Security and Compliance. Robert Nottoli Principal Technology Specialist Microsoft Corporation

Michael Nowacki, CISSP - ISSAP. Security & Management Solutions Specialist Microsoft Canada Michael.Nowacki@Microsoft.com

MCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features

Protecting Your Organisation from Targeted Cyber Intrusion

Windows Phone 8 Security Overview

T21: Microsoft Windows Server and Client Security Donald E. Hester, Maze Associates

Larry Wilson Version 1.0 November, University Cyber-security Program Critical Asset Mapping

Locking down a Hitachi ID Suite server

Microsoft Update Management. Sam Youness Microsoft

Did you know your security solution can help with PCI compliance too?

Computer Security: Principles and Practice

Windows XP Support stops on 8. April 2014

Step-by-Step Guide to Securing Windows XP Professional with Service Pack 2 in Small and Medium Businesses

Total Defense Endpoint Premium r12

Using WMI Scripts with BitDefender Client Security

Cyber Security Education & Awareness. Guide for User s

Implementing Security Update Management

Data Management Policies. Sage ERP Online

Information Security Threat Trends

Microsoft Security Intelligence Report

isheriff CLOUD SECURITY

Quick Heal Exchange Protection 4.0

The Education Fellowship Finance Centralisation IT Security Strategy

Windows 7. Qing Liu Michael Stevens

ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS

for businesses with more than 25 seats

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems

Endpoint protection for physical and virtual desktops

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

System Security Policy Management: Advanced Audit Tasks

2014 Entry Form (Complete one for each entry.) Fill out the entry name exactly as you want it listed in the program.

Certified Secure Computer User

Windows 7, Enterprise Desktop Support Technician

WEBTHREATS. Constantly Evolving Web Threats Require Revolutionary Security. Securing Your Web World

Lectures 9 Advanced Operating Systems Fundamental Security. Computer Systems Administration TE2003

Getting Ahead of Malware

AVG AntiVirus. How does this benefit you?

Windows 7, Enterprise Desktop Support Technician Course 50331: 5 days; Instructor-led

Endpoint protection for physical and virtual desktops

Student Tech Security Training. ITS Security Office

Get Started Guide - PC Tools Internet Security

Meng-Chow Kang, CISSP, CISA (ISC) 2 Asia Advisory Board. Chief Security Advisor Microsoft Greater China Region

Malware & Botnets. Botnets

Regulatory Compliance and Least Privilege Security

Course Description. Course Audience. Course Outline. Course Page - Page 1 of 12

Promoting Network Security (A Service Provider Perspective)

Prepared for: The American Association of State Highway and Transportation Officials. Julian Soh Microsoft Corporation.

10 Potential Risk Facing Your IT Department: Multi-layered Security & Network Protection. September 2011

Achieving PCI-Compliance through Cyberoam

How to Use Windows Firewall With User Account Control (UAC)

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

Computer Security Maintenance Information and Self-Check Activities

Top 20 Critical Security Controls

CA Nimsoft Monitor. Probe Guide for E2E Application Response Monitoring. e2e_appmon v2.2 series

2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security

Windows 7, Enterprise Desktop Support Technician

Securing the Cloud Infrastructure

"Charting the Course to Your Success!" MOC D Windows 7 Enterprise Desktop Support Technician Course Summary

Cyber Essentials Scheme

Network Access Control ProCurve and Microsoft NAP Integration

Symantec Endpoint Protection Small Business Edition Getting Started Guide

Quick Start. Installing the software. for Webroot Internet Security Complete, Version 7.0

On-Site Computer Solutions values these technologies as part of an overall security plan:

Interactive welcome kit Charter-Business.com CB.016.fibCD.0210

White paper. Phishing, Vishing and Smishing: Old Threats Present New Risks

70-685: Enterprise Desktop Support Technician

Solution Recipe: Improve PC Security and Reliability with Intel Virtualization Technology

Maximizing customer protections

Symantec Protection Suite Small Business Edition

HP ProLiant Essentials Vulnerability and Patch Management Pack Planning Guide

Spyware. Michael Glenn Technology Management 2004 Qwest Communications International Inc.

Transparency. Privacy. Compliance. Security. What does privacy at Microsoft mean? Are you using my data to build advertising products?

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

This white paper from Stylusinc describes how enterprises benefits by migrating to Microsoft Office 365 and how it is bringing about a sea change in

Introduction. PCI DSS Overview

Spam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning

THREAT VISIBILITY & VULNERABILITY ASSESSMENT

Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines

HIPAA DATA SECURITY & PRIVACY COMPLIANCE

Common Cyber Threats. Common cyber threats include:

Chapter 15: Computer and Network Security

PC Security and Maintenance

Alexander De Houwer Technology Advisor Devices Win 10 Vincent Dal Technology Advisor Business Productivity

Symantec Mobile Security

GFI White Paper PCI-DSS compliance and GFI Software products

Mobile Network Access Control

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

Stable and Secure Network Infrastructure Benchmarks

Today s Topics. Protect - Detect - Respond A Security-First Strategy. HCCA Compliance Institute April 27, Concepts.

Transcription:

Kevin Dean Technology Strategist Education Southeast Microsoft Corporation

Security Exploits History The Threat landscape today Microsoft Security Development Lifecycle State of Security today Trends in Software Vulnerability Disclosures Microsoft platform for security Resources

What happened in the past?

Blaster August 2003 Sasser April 2004 Zotob August 2005 MS08-067 October 2008 Alert and prescriptive guidance Online guidance/ Webcast Free worm removal tool Days after the patch we knew of 1 st exploit Products not affected by attacks Within 1 day Within 10 days Within 38 days Within 2 hours Within 2 days Within 3 days 2 days prior Same day Within 3 days Before publicly known (MAPP) 3 times, 2x Same day Didn t need one* +11 days +4 days +2 days -11 days none none XPSP2 Vista, Server 2008

Local Area Networks First PC virus Boot sector viruses Create notoriety or cause havoc Slow propagation 16-bit DOS Internet Era Macro viruses Script viruses Key loggers Create notoriety or cause havoc Faster propagation 32-bit Windows Broadband prevalent Spyware, Spam Phishing Botnets & Rootkits War Driving Financial motivation Internet wide impact Hyper jacking Peer to Peer Social engineering Application attacks Financial motivation Targeted attacks Network device attacks 32-bit Windows 64-bit Windows

Number of Digital IDs Exponential Growth of IDs Identity and access management challenging Increasingly Sophisticated Malware Anti-malware alone is not sufficient 160,000 B2E mobility B2C B2B 120,000 80,000 Number of variants from over 7,000 malware families (1H07) Internet 40,000 0 mainframe client/server Pre-1980s 1980s 1990s 2000s Crime On The Rise Source: Microsoft Security Intelligence Report (January June 2007) Attacks Getting More Sophisticated Traditional defenses are inadequate National Interest Personal Gain Personal Fame Curiosity Largest segment by $ spent on defense Largest area by $ lost Vandal Largest area by volume Thief Trespasser Author Spy Fastest growing segment User GUI Applications Drivers O/S Hardware Physical Examples Spyware Rootkits Application attacks Phishing/Social engineering Script-Kiddy Amateur Expert Specialist

Release Conception Protect Microsoft customers by Reducing the of vulnerabilities Reducing the of vulnerabilities Prescriptive yet practical approach Proactive not just looking for bugs Eliminate security problems early Secure by design

At Microsoft, we believe that delivering secure software requires Executive commitment SDL a mandatory policy at Microsoft since 2004 Training Requirements Design Implementation Verification Release Response Core training Analyze security and privacy risk Define quality gates Threat modeling Attack surface analysis Specify tools Enforce banned functions Static analysis Dynamic/Fuzz testing Verify threat models/attack surface Response plan Final security review Release archive Response execution Ongoing Process Improvements 6 month cycle

Infrastructure Optimization Microsoft Security Assessment Toolkit Microsoft Windows Vista Security Whitepapers Microsoft Security Intelligence Report Learning Paths for Security Professionals Microsoft IT Showcase Security Tools & Papers Security Readiness Education and Training

Major sections cover Software Vulnerability Disclosures Software Vulnerability Exploits Privacy and Security Breach Notifications Malicious Software and Potentially Unwanted Software Email, Spam and Phishing Threats www.microsoft.com/sir

Rogue security software infections spiked in 2H08 Microsoft products removed rogue security software from more than 10 million computers in 2H08

Rogue security software uses multiple social engineering techniques to persuade users to install the software Many rogues mimic genuine security software alerts

Further social engineering techniques are discussed in the SIR Worms and social engineering File Format Exploits Spear Phishing and Whaling Online Banking Malware Malware targeting Online Gamers Threats Targeting Music and Video Consumers See the full Security Intelligence Report for more

Operating system, Browser and Application Disclosures Industry Wide Operating system vulnerabilities 8.8% of the total Browser vulnerabilities 4.5% of the total Other vulnerabilities 86.7% of the total Industry-wide operating system, browser, and other vulnerabilities, 2H03-2H08 3,500 3,000 2,500 2,000 1,500 1,000 500 0 2H03 1H04 2H04 1H05 2H05 1H06 2H06 1H07 Operating System Vulnerabilities Browser Vulnerabilities All Other 2H07 1H08 2H08

Microsoft vulnerability disclosures Microsoft vulnerability disclosures mirror the industry totals, though on a much smaller scale Vulnerability disclosures for Microsoft and non-microsoft products, 2H03-2H08 3,500 3,000 2,500 2,000 1,500 1,000 500 0 Non-Microsoft Microsoft 2H03 1H04 2H04 1H05 2H05 1H06 2H06 1H07 2H07 1H08 2H08

By half year industry wide Vulnerability disclosures in 2H08 down 3% from 1H08 2008 as a whole down 12% from 2H07 Microsoft proportion only 5% of industry total Industry-wide vulnerability disclosures by half-year, 2H03-2H08 Vulnerability disclosures for Microsoft products, by full year, 2004-2008 3500 300 3000 250 2500 200 2000 1500 1000 150 100 500 50 0 0 2004 2005 2006 2007 2008

Adjust risk management processes to ensure that operating systems and applications are protected Security Risk Management Guide for IT professionals is available http://www.microsoft.com/technet/security/guidance/ complianceandpolicies/secrisk/default.mspx Free prescriptive guides for IT professionals http://www.microsoft.com/technet/security/guidance/ default.mspx Participate in IT security communities Example: The Microsoft IT Pro Security Zone community http://technet.microsoft.com/security Subscribe to the Microsoft Security Newsletter http://www.microsoft.com/technet/securitysecnews/ default.mspx

Browser-based exploits by operating system and software vendor On Windows XP-based machines, Microsoft vulnerabilities accounted for 40.9% of the exploits On Windows Vista-based machines, Microsoft vulnerabilities account for only 5.5% of the exploits Browser-based exploits targeting Microsoft and third-party software on computers running Windows XP, 2H08 Browser-based exploits targeting Microsoft and third-party software on computers running Windows Vista, 2H08 Microsoft, 5.5% Microsoft, 40.9% 3rd Party, 59.1% 3rd Party, 94.5%

Top 10 browser-based exploits on Windows XP-based machines On Windows XP-based machines Microsoft software accounted for 6 of the top 10 vulnerabilities The most commonly exploited vulnerability was disclosed and patched by Microsoft in 2006 The 10 browser-based vulnerabilities exploited most often on computers running Windows XP, 2H08 10% Microsoft Vulnerabilities Third-Party Vulnerabilities 8% 6% 4% 2% 0%

Top 10 browser-based exploits on Windows Vista-based machines On Windows Vista-based machines Microsoft software accounted for none of the top 10 vulnerabilities The 10 browser-based vulnerabilities exploited most often on computers running Windows Vista, 2H08 20% 15% 10% Third-Party Vulnerabilities 5% 0%

Exploits against common document formats Data from submissions of malicious code to Microsoft One vulnerability was the target of 91.3% of all attacks Microsoft Office file format exploits, by percentage, encountered in 2H08 CVE-2008-0081 1.5% CVE-2008-2244, 2.2% CVE-2006-0022, 2.6% CVE-2007-1747, 1.3% CVE-2006-6456 0.9% CVE-2007-0671 0.2% CVE-2006-2492, 91.3%

Always run up to date software Enable Automatic Updates in Windows Periodically check the Web sites of third-party vendors Uninstall software you don t actively use Use up-to-date anti-malware software from a known, trusted source Enable Data Execution Prevention (DEP) in compatible versions of Windows Enable Structured Exception Handling Overwrite Protection (SEHOP) in Windows Vista SP1 and Windows Server 2008 Set Internet and local intranet security settings in Internet Explorer to High Avoid browsing to Web sites that you do not trust Enable User Account Control in Windows Vista Read e-mail messages in plain text format Use the Microsoft Security Assessment Tool (MSAT)

Use Microsoft Update instead of Windows Update Ensure that security update MS06-027 has been applied to any affected software in your environment Keep your third-party and Microsoft software up to date If possible, upgrade your applications to the most recent versions Avoid opening attachments or clicking links to documents that arrive unexpectedly Use up-to-date anti-malware software from a known, trusted source

Inbound messages blocked by Forefront Online Security for Exchange content filters, by category, during the last six weeks of 2H08 Phishing, 1.6% Gambling, 1.1% Get Rich Quick, Stock, 0.6% 1.7% Malware, 1.8% Software, 0.5% 419 Scam, 1.9% Fraudulent Diplomas, 2.8% Financial, 3.1% Dating/Sexually Explicit Material, 5.2% Image only, 7.3% Pharmacy - sexual, 10.0% Pharmacy - non sexual, 38.6% Non-pharmacy product ads, 23.6%

Phishing Sites and Traffic Active phishing site numbers increased, but each site received far less traffic than 1H08 Phishing sites tracked each month in 2H08 and their target institution types, indexed to the monthly average for 2H08 1.4 1.2 1.0 0.8 0.6 0.4 0.2 0.0 July August September October November December Commerce Financial Social Networking Web Service

Use an up-to-date anti-malware product from a known, trusted source Keep your operating system up to date Consider upgrading to the most recent versions of software you use Consider disabling autorun functionality Consider using a user account which does not have administrator privileges for your daily work Use passwords for any network share you configure Avoid opening attachments or clicking links in e-mail or instant messages that are received unexpectedly

Use a mail client that suppresses active content and blocks unintentional of executable attachments Use a robust spam filter to guard against fraudulent and dangerous e-mail If you receive an e-mail from a bank or commerce site, visit their site using a pre-bookmarked link or by typing in the link from your monthly statement Deploy inbound and outbound e-mail authentication to protect against e-mail spoofing and forgery Online gamers are at risk from malware that tries to steal their game assets or credentials

Download and use the Malicious Software Removal Tool (MSRT) Support new legislation to help take legal action against criminals Use the Microsoft Security Assessment Tool Keep yourself up to date about emerging threats

Core improvements to the Operating Systems

Windows Vista Foundation Streamlined User Account Control Enhanced Auditing Security Development Lifecycle process Kernel Patch Protection Windows Service Hardening DEP & ASLR Internet Explorer 8 inclusive Mandatory Integrity Controls Make the system work well for standard users Administrators use full privilege only for administrative tasks File and registry virtualization helps applications that are not UAC compliant XML based Granular audit categories Detailed collection of audit results Simplified compliance management

First Year of Vulnerabilities Unfixed Fixed 400 350 300 250 200 150 100 50 0 Windows XP Windows Vista RHEL4 reduced UbuntuLTS reduced Mac OS X 10.4 Metric Windows Vista (year 1) Windows XP (year 1) Red Hat rhel4ws reduced (year 1) http://blogs.technet.com/security Ubuntu 6.06 LTS reduced (year 1) Mac OS X 10.4 (year 1) Vulnerabilities fixed 36 65 360 224 116 Security Updates 17 30 125 80 17 Patch Events 9 26 64 65 17 Weeks with at least 1 Patch Event 9 25 44 39 15

First Year of Vulnerabilities Low Medium High 300 250 200 150 100 50 0 Windows XP SP2 Windows Vista RHEL4 reduced Ubuntu 6.06 LTS reduced Mac OS X Windows Vista in 2007 20% fewer vulnerabilities than Windows XP 74% fewer vulnerabilities than the next closest (Ubuntu) 47% fewer high severity vulnerabilities than the next closest (Red Hat) Source: http://blogs.technet.com/security

Secure Platform Security Development Lifecycle (SDL) Windows Server Virtualization (Hypervisor) Role Management Tool OS File Integrity Data Protection Rights Management Services (RMS) Full volume encryption (Bitlocker) USB Device-connection rules with Group Policy Improved Auditing Windows Server Backup Network Protection Network Access Protection (NAP) Server and Domain Isolation with IPsec End-to-end Network Authentication Windows Firewall With Advanced Security On By Default Identity Access Read-only Domain Controller (RODC) Active Directory Federation Services (ADFS) Administrative Role Separation PKI Management Console Online Certificate Status Protocol

Vulnerabilities in First 90 Days 10 8 6 4 2 0 9 9 Windows Server 2003-all Windows Server 2003-gui Windows Server 2008-all Windows Server 2008-gui 6 4 3 Windows Server 2008-core Source: internal study by Jeff Jones

4000 10.0% 3500 3000 9.0% 8.0% 7.0% 2500 6.0% 2000 5.0% 9.5% 1500 1000 500 0 3179 3268 3296 2573 2815 1954 2712 1138 1391 708 631 44 66 64 88 75 87 98 168 146 4.0% 3.0% 2.0% 1.0% 0.0% 5.9% 5.3% 5.9% 3.7% 3.3% 3.0% 4.9% 4.2% 3.1% 2.9% 90 80 MSFT vulns non-msft vulns MSFT % of All Disclosures Source: http://blogs.technet.com/security

Secure the Platform Windows7/Server 2008 Secure the Data RMS, EFS, BitLocker (Plus features in Office, SharePoint, etc.) Secure the Network NAP Secure the Wireless Server 2008 Secure the Edge ISA/IAG Secure the Communications Forefront Server, OCS, Exchange Secure the Desktops and Servers Forefront Client Security

Services A well Managed Secure Infrastructure is the key! Edge Server Applications Active Directory Federation Services (ADFS) Client and Server OS Certificate Lifecycle Management Information Protection Identity & Access Management Systems Management Operations Manager 2007 Configuration Manager 2007 Data Protection Manager Mobile Device Manager 2008 SDL TWC

microsoft.com/security_essentials/ microsoft.com/sir microsoft.com/protect microsoft.com/forefront Malicious Software Removal Tool (MSRT) Microsoft Customer Service & Support Security incidents are FREE

2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information