Reliable Figuring – One year on.


97 views
Uploaded on:
Category: Medical / Health
Description
Reliable Figuring – One year on Stuart Okin Boss Security Officer – Microsoft UK Plan Update – Set the scene and What is Dependable Processing? What have we done? What are we arranging Suggestion to take action Inquiries? Leaving Messages
Transcripts
Slide 1

Reliable Computing – One year on Stuart Okin Chief Security Officer – Microsoft UK

Slide 2

Agenda Reminder – Set the scene & What is Trustworthy Computing? What have we done? What are we arranging Call to Action Questions?

Slide 3

Leaving Messages Microsoft is as carried out to Trustworthy Computing = Security, Privacy, Reliability & Business Integrity Trustworthy registering must be accomplished through organization & cooperation Trustworthy Computing is an adventure, with a long haul vision with highlights and impediments along the street

Slide 4

Setting the scene

Slide 5

Computer Crime and Security Survey 2002 CERT Threat Remains Real 90% recognized PC security ruptures 40% distinguished framework entrance all things considered; up from 25% in 2000 85% identified PC infections 95% of all breaks because of misconfiguration Source: Computer Security Institute (CSI) Computer Crime and Security Survey 2002 Source: CERT, 2002

Slide 6

An Industry-Wide Problem Why are Security breaks regular? Microsoft - Windows UPnP Oracle – Oracle 9i Buffer Overrun AOL AIM CDE/Solaris Apache – Open SSL Buffer Viruses, Worms Nimda, Code Red Slapper People will need to trust the in innovations, organizations and administrations

Slide 7

What is Trustworthy Computing?

Slide 8

Vision “Computers as Trusted as an Utility” Trust is not only security, as it includes discernment and environment Telephones - quite often there when we require them, do what we require them to do, work as promoted, and are dependably accessible. A mix of building, business practice, and regulation Computers for the most part don\'t cause trust

Slide 9

Resilient to assault Protects classification, honesty, accessibility and information Trustworthy Computing Core Tenets Security Individuals control individual information Products and Online Services stick to reasonable data standards Privacy Dependable Available when required Performs at expected levels Reliability Help clients find fitting arrangements Address issues with items and administrations Open communication with clients Business Integrity

Slide 10

What have we done?

Slide 11

Trustworthy Computing Security

Slide 12

SD 3 + Communications Security preparing for 11,000 specialists Security code surveys of old source Threat demonstrating “Blackhat” test scope Buffer invade discovery in order procedure Secure by Design Office XP: Macros off as a matter of course No specimen code introduced as a matter of course IIS and SQL Server off as a matter of course in Visual Studio.NET Secure naturally Deployment instruments: MBSA, IIS Lockdown, SUS, WU, SMS Value Pack Created STPP to react to clients PAG for Windows 2000 Security Ops Secure in Deployment TAMs call Premier Customers proactively MSRC seriousness rating framework Free infection hotline MSDN security direction for engineers www.microsoft.com/technet/security Communications Progress To Date

Slide 13

Trustworthy Computing Reliability

Slide 14

Critical Incident Mgmt High Availability “Contract” (SLA) 24x7, Onsite, Escalation MOF/ITIL Consulting Security Consulting Tools Consulting Development Consulting Platform Consulting Dedicated Support Engineering Incident Prevention Services Microsoft Services - Overview Service Management Problem & Incident Management (MS responsive) Release Mgmt W2K Config Mgmt NT4 PREMIER Performance Change Mgmt Backup/Restore “Critical Systems” Service Packages Security Business Continuity Capacity Planning Applications Privacy Legal Monitoring Virus Tools e.g. Mother Application Monitoring Firewalls Deploy Access Server SW Test Server mgmt Build Server assemble Design Others Operating System Messaging OS Mgmt SQL OS Build DataCentre Adv Svr Windows Fault Tolerant Servers Hardware (Network) Hardware Mgmt instruments Trusted Storage Clusters Performance Time/Cost

Slide 15

Trustworthy Computing Privacy Business Integrity

Slide 16

What Will It Take To Address The Business Integrity Goal? Protection, for instance: In item plan XP initiation mysterious, no PII information gathered P3P in Internet Explorer P3P support on all real web properties Conspicuous security sees in items With affiliations, sponsorships TrustE, BBBOnline – no equivalent bodies in Europe yet Computers, Freedom and Privacy 2002 By outsider reviews Through hierarchical practices Adopted Fair Information Practices, GLB consistent in 1997 European Safe Harbor Agreement on information overall Privacy preparing, Assessment and Health Index for all divisions

Slide 17

January February March Bill Gate\'s reminder 11000 prepared. Code surveys & stand down in Windows Released “Security Operations Guide for Windows 2000 Server” Guide Bill Gate\'s reminder 11000 prepared Security Guides Release expectation to Federate Passport - Trustbridge Responsible Vulnerability Disclosure Process draft (put on IETF) Release “Exchange 2000 Server Security Features” & “A/V Features and Strategies for Protecting your Exchange Environment” whitepapers MSN reports interest in a beta test of the first email affirmation and seal system MS & IBM declare WS-I Set up the Security Business Unit. Set up neighborhood security workplaces. Setup EMEA Office PSS Security Formed PSS Security shaped .Net Framework discharged January 2002 to March 2003

Slide 18

April May June Announce WS-Secure activity (OASIS Specs for June) Securing the Internet Data Center workshop complete Palladium Announced (Next Generation Secure Computing Base) Release MBSA Palladium Commonwealth Games IDC Workshops Microsoft Baseline Security Analyzer (MBSA) v1.0 discharges Join ETSI/CEN Working Party Release Software Update Services Detailed Privacy Handbook appropriated all inclusive, serves as premise for Privacy Health Index Release Prescriptive Architecture Guide for “.Net Web Applications” Windows security-push stand down closures UK Security appraisal and usage for Manchester 2002 Scott Charney contracted MS reports backing of SAML (July) April 2002 to June 2002

Slide 19

July August September SQL Server, Exchange, Office complete security pushes Notification procedure propelled by Steve B & BillG The Trustworthy Computing Academic Advisory Board is sanctioned to audit Microsoft item and approach issues OIS framed MCSE Training Push complete OTG Showcase Updated Trustworthy Computing White Paper and Bill G mail to Executives UK Train 7 accomplices in Security Assessment Services Windows XP SP1 discharges Computer Security Resource Center discharge draft - "System Admin Guidance for Windows 2000" - MS Showcase on: Smartcards, Secure remote and ISA business case and organizations MSN 8 dispatches with new progressed parental and spam control. MSN granted Truste protection strategy cert from EU A progression of new instructional classes accessible SQL Hardening preparing workshop complete Windows Media Player 9 Series beta discharges with new security and security Draft NSA Windows XP Guide New EFS whitepaper discharged MS procures XDegrees, a creator of security programming Release of “Pocket PC Security" Whitepaper MOF Operation Assessment v2 discharged Organization for Internet Safety Formed July 2002 to Sept 2002

Slide 20

October November December Announce RSA association System Management Server (SMS) Feature Packs Microsoft Baseline Security Analyzer (MBSA) v1.1 discharges Support IAAC conveyance of Benchmarking Information Assurance Severity rating framework changed "Writing Secure Code" Second Edition distributes CPE Phase 1 CC endorsement HA Launch Support ISF in survey of Windows 2000, .Net security rules for individuals (industry) Distributed more than 4800 security toolboxs to little business Microsoft Solution Management Service Offering discharged Windows 2000 achieves Common Criteria HP & Microsoft UK dispatch HA administrations WS-I discharges WS Security Resource Toolkit rendition 2 discharged MSA EDC v1.5 gives direction to outlining Enterprise DataCentre situations MS Showcase Case Study: Securing Remote Users Microsoft Audit Collection System Beta discharged Release of “Building Secure ASP.NET Applications” Guide Complete first period of 4E – CPE UK Program Oct 2002 to Dec 2002

Slide 21

January February March ISA Feature Pack discharged Announcing Windows Right Management Showcase on Technet Release of “Operating .NET-Based Applications” guide Microsoft Home User – Support Magasine CD Microsoft System Center declared CISO Council Leeds Course Windows RMS Microsoft finishes OpenHack 4 Competition Release of the Secure Windows 2000 Server Solution Guide MOM 2004 reported Government Security Program (Russia, NATO) – UK Sign Government Security Program – China Sign SANs Award: Automatic redesigns, Training, Vulnerability testing Release of “Using Windows XP Professional with Service Pack 1 in a Managed Environment” Microsoft Convenes Trustworthy Computing Academic Advisory Board MS, IBM, BEA & Tibco: WS-ReliableMessaging SQL Slammer Microsoft finishes PKI challenge Security Bulletin Notification System For Home Users Join Information Assurance Advisory Council Announcement of MS Reliability Service CISO US, CISO Finance, CISO UK committees Jan 2003 to Mar 2003

Slide 22

Where are we arranging? Short to Medium Term Improve Patch Management Quality Reduce Installers Single Microsoft Update Service Security Push/Engineering procedures “in a box” Windows 2003 Server (Secure of course) Longer term Integration of Security Products (inc ISVs) into framework Next Generation Secure Computing Base Self Healing & assault delicate frameworks Move applications to .Net Framework

Slide 23

Leaving Messages Microsoft is as dedicated to Trustwor

Recommended
View more...