PPT教学第一篇区块篇.ppt

《PPT教学第一篇区块篇.ppt》由会员分享，可在线阅读，更多相关《PPT教学第一篇区块篇.ppt（51页珍藏版）》请在三一办公上搜索。

1、,第一篇 区块篇,At Risk,The SoftUnderbelly,Security Issues Today,1 Source:Forrester Research2 Source:Information Week,26 November 20013 Source:Netcraft summary4 Source:CERT,20035 Source:CSI/FBI Computer Crime and Security Survey6 Source:Computer Security Institute(CSI)Computer Crime and Security Survey 200

2、27 Source:CERT,20028 Source:Gartner Group,14B devices on the Internet by 2010135M remote users by 2005265%increase in dynamic Web sites3From 2000 to 2002 reported incidents rose from 21,756 to 82,0944Nearly 80 percent of 445 respondents surveyed said the Internet has become a frequent point of attac

3、k,up from 57 percent just four years ago5,90%detected security breaches685%detected computer viruses695%of all breaches avoidable with an alternative configuration7Approximately 70 percent of all Web attacks occur at the application layer8,Application Layer Attacks,Identity TheftWeb Site DefacementU

4、nauthorized AccessModification of Data,Logs and RecordsTheft of Proprietary InformationService Disruption,Implications,Compliance:Sarbanes OxleyGramm Leach BlilelyUS Patriot ActHIPAAThe Privacy Act(CA)Basel 2(EU)Data Protection Act(EU)Litigation File Sharing Piracy HR Issues Shareholder Suits,Custom

5、er Impact,Types Of SRP Rules,Path RuleCompares path of file being run to an allowed path listUse when you have a folder with many files for the same applicationEssential in when SRPs are strict,Hash RuleCompares the MD5 or SHA1 hash of a file to the one attempted to be runUse when you want to allow/

6、prohibit a certain version of a file from being run,Certificate RuleChecks for digital signature on application(i.e.Authenticode)Use when you want to restrict both win32 applications and ActiveX content,Internet Zone RuleControls how Internet Zones can be accessedUse when in high security environmen

7、ts to control access to web applications,SQL Server 2005 Themes,Supportability&Quality,Enterprise Enhancements,Unified&Flexible Administration,Patch Solutions,Prevention,Readiness,RecoveryEase of use,Patch InstallsPatch in integrated step,Integrated Database Services and Business IntelligenceFlexibl

8、e install management,Add value to one-step Failover ClusteringExpanded scripting support,Live Communications Client Roadmap,LC 1.2 Client PlatformMultiparty IMP2P Voice and VideoMPOP GroupsRoamingSIP supportGPO policy management,LC 1.5 Client PlatformRoll up of QFEsMPOP AdditionsFederation/Archiving

9、 NotificationHA Additions,LC 2.0 Client PlatformNext generation of RTC experiencesMore coming!,2003,2H04,Longhorn,Integrated phone and PDAPrimarily data viewingInteroperability with Outlook and Exchange.NET Compact FrameworkASP.NET mobile controls,Mobile Device Solutions,Complex document authoring,e

10、diting and readingKeyboard centric at the deskKeyboard and mouse input methodsFull.NET framework availableCentrino Solutions,Windows Mobile,Windows XP,Complex document authoring,editing and active readingNote taking and ink annotating Keyboard centric at the desk,pen and keyboard away from the deskK

11、eyboard,mouse plus pen,ink,and speech input methodsFull.NET framework preinstalledPen,ink,handwriting and speech recognition APIsCentrino Solutions,View and some data entryIntegrated PDA with phoneInteroperability with Office,Exchange and SQL Server.NET Compact FrameworkASP.NET mobile controlsIntel

12、Xscale Solutions,Windows CE,One-way networkInformation consumption,Smart Personal Objects,Smartphone,Pocket PC and Pocket PC Phone,Notebook PC,Tablet PC,Traditional Firewalls,Wide open to advanced attacks,Performance versussecurity tradeoff,Limited capacityfor growth,Hard to manage,Code Red,NimdaSSL

13、-based attacks,Security is complexIT is already overloaded,Bandwidth too expensiveToo many moving parts,Not easily upgradeableDont scale with business,Choosing the Right Type of Assessment,Vulnerability Scanning Focuses on known weaknesses Of the three,requires the least expertise Generally easy to

14、automate,Penetration TestingFocuses on known and unknown weaknessesRequires advanced technical expertiseCarries tremendous legal burden in certain countries/organizations,IT Security Audits Focuses on security policies and procedures Of the three,requires the most expertise When done right is the mo

15、st effective type of assessment,Perimeter Security Evolution,Wide open to advanced attacks,Application-level protection,Performance versussecurity tradeoff,Security and performance,Limited capacityfor growth,Extensibility and scalability,Hard to manage,Easier to use,The advanced application layer fi

16、rewall,VPN and Web cache solution that enables customers to maximize IT investments by improving network security and performance,Advanced protectionApplication layer security designed to protect Microsoft applications,Fast,secure accessEmpowers you to connect users to relevant information on yourne

17、twork in a cost efficient manner,Ease of useEfficiently deploy,manage,and enable new usage scenarios,Introducing:ISA Server 2004,Fast,secure accessEmpowers you to connect users to relevant info.on your network,ISA Server 2004 New FeaturesContinued commitment to integration,Enhancedarchitecture,High

18、speed data transport Utilizes latest Windows and PC hardware SSL bridging unloads downstream servers,Web cache,Updated policy rules Serve content locally Pre-fetch content during low activity periods,Internet accesscontrol,User-and group-based Web usage policy Extensible by third parties,Comprehensi

19、veauthentication,New support for RADIUS and RSA SecurID User-&group-based access policy Third party extensibility,System Service Accounts,Local Service and Network ServiceNo password to manageRuns with only slightly more permissions than Authenticated User Local Service cannot authenticate across th

20、e network,Network Service authenticates as the computer account,Local System No password to manage Bypasses security checksUser AccountsRun with less privilege than Local System Stores password as an LSA secretCan be complex to configure,Whats New With IPSec?,Management IP Security Monitor Command-l

21、ine management with Netsh Logical addresses for local IP configuration,Security Stronger cryptographic master key(Diffie-Hellman)Computer startup security Persistent policy for enhanced security Ability to exclude the name of the CA from certificate requests Better default exemption handling,Interop

22、erability IPSec functionality over network address translation(NAT)Improved IPSec integration with Network Load Balancing,ISA Server 2004 New FeaturesNew management tools and user interface,Multi-networkarchitecture,Unlimited network definitions and typesFirewall policy applied to all trafficPer net

23、work routing relationships,Network templatesand wizards,Wizard automates nwk routing relationshipsSupports 5 common network topologiesEasily customized for sophisticated scenarios,Visual policy editor,Unified firewall/VPN policy w/one rule-baseDrag/drop editing w/scenario-driven wizardsXML-based con

24、figuration import-export,Enhancedtrouble-shooting,All new monitoring dashboardReal-time log viewerContent sensitive task panes,Ease of UseEfficiently deploy,manage,and enable new usage scenarios,How To Use Windows Update,To configure Automatic Updates:,Select Keep my computer up to date,Open the Sys

25、tem application in Control Panel,1,On the Automatic Updates tab,select theoption you want,3,2,Office Update,BenefitsLimitation,Single location for office patches and updatesEasy to useCan be configured to update consumer orenterprise systems,Does not support Automatic Updates;updating must be initia

26、ted manually,Office Update Web site:http:/,How To Use Office Update,Go to http:/,1,Click Check for Updates,2,Install the Office Update Installation Engine(if not already installed),3,Select the updates you want to install,4,Click Start Installation,5,How To Use SUS,On the SUS server,Configure the SU

27、S server at http:/SUSAdmin,On each SUS client,Configure Automatic Updates on the client to use the SUS server Use Group Policy,manually configure each client,oruse scripts,Set the SUS server synchronization schedule,Review,test,and approve updates,1,2,3,How To Use MBSA,Download and install MBSA(once

28、 only),1,Launch MBSA,2,Select the computer(s)to scan,3,Select relevant options,4,Click Start scan,5,View the Security Report,6,Software Update Service Deployment Best Practices(1),Software Update Service Deployment Best Practices(2),How To Use SMS To Deploy Patches,SMS MBSA Integration,MBSA integrat

29、ion included with SMS 2003 and the SUS Feature Pack for SMS 2.0Scans SMS clients for missing security updates using mbsacli.exe/hf,MBSA Benefits,Scans systems forMissing security patchesPotential configuration issuesWorks with a broad range ofMicrosoft softwareAllows an administrator to centrally sc

30、an multiple computers simultaneously MBSA is a free tool,and can bedownloaded fromhttp:/,MBSA Considerations,MBSA reports important vulnerabilities,Password weaknessesGuest account not disabledAuditing not configuredUnnecessary services installedIIS vulnerabilitiesIE zone settingsAutomatic Updates c

31、onfigurationInternet Connection Firewall configuration,MBSA Scan Options,MBSA has three scan optionsMBSA graphical user interface(GUI)MBSA standard command-lineinterface(mbsacli.exe)HFNetChk scan(mbsacli.exe/hf),Business Case ForPatch Management,When determining the potential financial impact of poo

32、r patch management,consider,DowntimeRemediation timeQuestionable data integrityLost credibilityNegative public relationsLegal defensesStolen intellectual property,“We commend Microsoft for providing enhanced security guidance to its customers as well as for soliciting user input as part of the proce

33、ss of producing that guidance“Clint KreitnerPresident/CEO,“NIST reviewed and provided technical comments&advice,that was incorporated in this guidance”Timothy GranceManagerSystems and Network Security Group,Comments,You Need To,ISA Delivers,Relational ReportingMultiple fact tablesFull richness the d

34、imensionsattributes Transaction level accessStar,snowflake,3NF Complex relationships:Multi-grains,many-to-many,role playing,indirectRecursive self joinsSlowly changing dimensions,The Unified Dimensional Model The Best Of Relational And OLAP,OLAP CubesMultidimensional navigationHierarchical presentat

35、ionFriendly entity namesPowerful MDX calculationsCentral KPI framework“Actions”Language translations Multiple perspectivesPartitionsAggregations Distributed sources,Visual Studio Team System,Change Management,Work Item Tracking,Reporting,Project Site,Visual StudioTeam Foundation,Integration Services

36、,Project Management,Process and Architecture Guidance,Visual Studio Industry Partners,Dynamic Code Analyzer,Visual StudioTeam Architect,Static Code Analyzer,Code Profiler,Unit Testing,Code Coverage,Visio and UML Modeling,Team Foundation Client,VS Pro,Class Modeling,Load Testing,Manual Testing,Test C

37、ase Management,Application Modeling,Logical Infra.Modeling,Deployment Modeling,Visual StudioTeam Developer,Visual StudioTeam Test,Application Modeling,Logical Infra.Modeling,Deployment Modeling,Class Modeling,SQL Server Catalog,Report Server,XML Web Service Interface,Report Processing,Delivery,Deliv

38、ery Targets(E-mail,SharePoint,Custom),Rendering,Output Formats(HTML,Excel,PDF,Custom),Data Processing,Data Sources(SQL,OLE DB,XML/A,ODBC,Oracle,Custom),Security,Security Services(NT,Passport,Custom),Office,Custom Application,Browser,SQL Server 2000 Reporting Services Architecture,Internet,RAS Client

39、,RRAS Server,IAS Server,Quarantine,RQC.exe and RQS.exe are in the Windows Server 2003 Resource Kit,Quarantine Architecture,Microsoft BI Product Suite,Analysis ServicesOLAP&Data Mining,Data TransformationServices,SQL ServerRelational Engine,Reporting Services,Management Tools,Dev Tools Visual Studio.

40、Net,ExcelOWCVisioMap PointData Analyzer,SharePoint PortalServerProject Server,Windows Server,MBS BI Applications,Current Architecture,TCP/IP,RTC Client API,User App,Server Architecture,Winsock,Storage,AD,Server,Application Interaction,Application1 CRM,Application2 Billing,Application3 Logging,Reques

41、t,ModifiedRequest,What is VS Team Foundation?,Source Code Control,Work Item Tracking,Build Automation,Project Site,Reporting,TITLE,Available,Today,Microsoft Windows Security Resource Kit,Assessing Network Security,June 23,2004,EAP architecture,TLS,GSS_APIKerberos,PEAP,IKE,MD5,EAP,PPP,802.3,802.5,802

42、.11,Anything,methodlayer,EAPlayer,medialayer,MS-CHAPv2,TLS,SecurID,Partner Solutions Offerings,VALUE Proposition:Get more business value from your investment in Office,FinanceSarbanes-OxleyBusiness ScorecardExcel Add-in for SQL Server Analysis Services,OperationsSix Sigma,HRRecruiting,SalesProposals

43、,Solution Accelerators,Microsoft Products,Office Solution Accelerators,VALUE Proposition:Get more business value from your investment in Office,Your People,EPM Involves.,Your BusinessProcesses,Your Organization,Your Software Technology&Tools,An orchestration of your people,processes,organization wit

44、h technology,Your Business Processes,Governance,Prioritization,Budgeting,Human Resources,etc,Initiatives,Implement Microsoft OfficeProject 2003 for the Enterprise,Decisions,-Corporate Goals and Objectives,Executives,Your Organization,Strategic Initiatives,Development Projects,Operational Improvement

45、s,On Average 45-50%of all Projects are linked to Strategic Objectives.,Representative Risks And Tactics,Tactical Solutions,Enterprise Risks,EmbodyTrustworthyComputing,Secure Environmental Remediation,Unpatched Devices,Network Segmentation Through IPSec,Unmanaged Devices,Secure Remote User,Remote and

46、 Mobile Users,Two-Factor for Remote Access and Administrators,Single-Factor Authentication,Managed Source Initiatives,Focus Controls Across Key Assets,Remote Access Security,Threat,Requirement,Solution,Malicioususers,Two factor authentication,Smart Cardsfor RAS,Malicioussoftware,Enforce remote syste

47、m security configuration,Connection Manager,custom scripts and tools provided in the Windows 2003 resource kit,Corporate Security Group Organization,Corporate Security Group,Threat,RiskAnalysis,and Policy,Assessment andCompliance,Monitoring,Intrusion Detection,and Incident Response,Shared ServicesOp

48、erations,Threat and RiskAnalysis,PolicyDevelopment,ProductEvaluation,DesignReview,StructureStandards,SecurityManagement,SecurityAssessment,Compliance andRemediation,Monitoring andIntrusion Detection,Rapid Responseand Resolution,Forensics,ITInvestigations,Physical andRemote Access,CertificateAdminist

49、ration,SecurityTools,InitiativeManagement,Staging Architecture,Data entry,Test,Application Center,Commerce Web,Commerce,Commerce Data,Commerce Web,Commerce,Commerce Data,Application,Center,Application,Center,Data,ACS Cluster,ACS Cluster,Cluster controller,Cluster controller,Data,Enterprise Deploymen

50、t Update,Internet,Firewall,Firewall,Firewall,Runtime Servers,Corporate LAN Internal Servers,Crawl/Search,Load Balanced Web,Infrastructure Servers,Development Servers,Test Servers,Business Data Servers,Business Users,Database and Staging Servers,Staging Servers,Database Servers,Offline Servers,Indica