* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download MPT SP2 v2 - Raven Computers Ltd
Survey
Document related concepts
Unix security wikipedia , lookup
Mobile security wikipedia , lookup
Buffer overflow wikipedia , lookup
Wireless security wikipedia , lookup
Distributed firewall wikipedia , lookup
Security-focused operating system wikipedia , lookup
Computer and network surveillance wikipedia , lookup
Outlook.com wikipedia , lookup
Copy protection wikipedia , lookup
Cybercrime countermeasures wikipedia , lookup
Next-Generation Secure Computing Base wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Information privacy law wikipedia , lookup
Transcript
Windows XP Service Pack 2 Steve Wheeler Windows Technology Evangelist Microsoft Presentation Team Agenda Background Business Opportunity Protection Technologies – – – – Network protection Safer Web and email experience Memory protection Improved maintenance But that’s not all… Availability Background: Security Challenges Patch management too complex Time to exploit accelerating Exploits are more sophisticated Current approach is not sufficient Days between patch and exploit 331 180 Security is our No. 1 priority but there is no silver bullet 151 25 Client Attacks Malicious e-mail attachments Port-based attacks Malicious Web content Buffer overrun attacks Protection Technologies Network Protection To help protect all computers connected to the Internet or an internal network Safer Web and Email To enable a safer Internet experience for the most common Internet tasks Memory Protection To provide system-level protection for the base operating system Improved Maintenance To ensure that updates are easier and quicker to deploy Protection Technologies Network Protection Safer Web and Email Memory Protection Improved Maintenance Windows Firewall Reduction of attack surface of a Windows XP computer More secure infrastructure for DCOM Windows Messenger Service is off by default Protection Technologies Network Protection Safer Web and Email Memory Protection Improved Maintenance Windows Firewall Reduction of attack surface of a Windows XP computer More secure infrastructure for DCOM Windows Messenger Service is off by default Protection Technologies Network Protection Windows Firewall – – Safer Web and Email – Memory Protection Improved Maintenance on by default boot time protection multiple profile support Reduction of attack surface of a Windows XP computer More secure infrastructure for DCOM Windows Messenger Service is off by default Protection Technologies Network Protection Safer Web and Email Memory Protection Improved Maintenance Windows Firewall Reduction of attack surface of a Windows XP computer More secure infrastructure for DCOM Windows Messenger Service is off by default Protection Technologies Network Protection Windows Firewall Reduction of attack surface of a Windows XP computer – Safer Web and Email – Memory Protection Improved Maintenance The RPC service runs with reduced privileges no longer accepts unauthenticated connections by default More secure infrastructure for DCOM Windows Messenger Service is off by default Protection Technologies Network Protection Safer Web and Email Memory Protection Improved Maintenance Windows Firewall Reduction of attack surface of a Windows XP computer More secure infrastructure for DCOM Windows Messenger Service is off by default Protection Technologies Network Protection Safer Web and Email Windows Firewall Reduction of attack surface of a Windows XP computer More secure infrastructure for DCOM – Memory Protection Improved Maintenance Granular configuration of launch permissions for DCOM Windows Messenger Service is off by default Protection Technologies Network Protection Safer Web and Email Memory Protection Improved Maintenance Windows Firewall Reduction of attack surface of a Windows XP computer More secure infrastructure for DCOM Windows Messenger Service is off by default Protection Technologies Network Protection Safer Web and Email Memory Protection Windows Firewall Reduction of attack surface of a Windows XP computer More secure infrastructure for DCOM Windows Messenger Service is off by default – – Improved Maintenance a tool that has been exploited by spammers spammers will not be able to use the feature to send unwanted pop-ups Protection Technologies Network Protection To help protect all computers connected to the Internet or an internal network Safer Web and Email To enable a safer Internet experience for the most common Internet tasks Memory Protection To provide system-level protection for the base operating system Improved Maintenance To ensure that updates are easier and quicker to deploy Protection Technologies Network Protection Safer Web and Email Memory Protection Improved Maintenance Blocking of un-requested popups More control over Active-X controls More control over downloads More control over attachments Protection Technologies Network Protection Safer Web and Email Memory Protection Improved Maintenance Blocking of un-requested popups More control over Active-X controls More control over downloads More control over attachments Protection Technologies Network Protection Safer Web and Email Memory Protection Improved Maintenance Blocking of un-requested popups More control over Active-X controls More control over downloads More control over attachments Protection Technologies Network Protection Safer Web and Email Memory Protection Improved Maintenance Blocking of un-requested popups More control over Active-X controls More control over downloads More control over attachments Protection Technologies Network Protection Safer Web and Email Memory Protection Improved Maintenance Blocking of un-requested popups More control over Active-X controls More control over downloads More control over attachments Protection Technologies Network Protection To help protect all computers connected to the Internet or an internal network Safer Web and Email To enable a safer Internet experience for the most common Internet tasks Memory Protection To provide system-level protection for the base operating system Improved Maintenance To ensure that updates are easier and quicker to deploy Protection Technologies Network Protection Safer Web and Email Memory Protection Improved Maintenance What is a buffer overrun? Technologies to reduce exploitation of buffer overruns What is a buffer “Buffers” are space set aside for input, such as your name when a computer asks you to type it in Information should not over-fill the buffers execution continues when input is received Function Parameters Function Return Address Frame Pointer Exception Handler Frame Locally GoodDeclared Data Variables and Buffers Data Goes Here Callee save registers What is a buffer overflow A “buffer overflow” works by filling the buffer with computer commands and forcing the commands to execute by changing the return address Function Parameters Function Return Address Overflow attack Frame Pointer Overwrites outside Buffer Exception Handler Frame Locally Declared Bad and Code Variables Buffers Data Goes Here Callee save registers Protection Technologies Network Protection Safer Web and Email Memory Protection Improved Maintenance What is a buffer overrun? Technologies to reduce exploitation of buffer overruns – Microsoft has recompiled all code changed since the release of Windows XP using the latest Visual Studio® compiler and the “/GS” flag Solution: /GS Switch Reduce Risk of Buffer Overruns XP SP2 uses a "speed Function Stack Cookie bump," or cookie, with /GS Switch overwritten, between the buffer and execution Function Parameters the return address halts Overflow attack (called the /GS switch) Function Return Address Overwrites outside If an overflow writes Cookie Buffer Frame Pointer over the return address, Exception Handler Frame it will have to overwrite the cookie Bad Code Locally Declared This is detected and the Variables and Buffers program stops Data Goes Here Callee save registers Protection Technologies Network Protection To help protect all computers connected to the Internet or an internal network Safer Web and Email To enable a safer Internet experience for the most common Internet tasks Memory Protection To provide system-level protection for the base operating system Improved Maintenance To ensure that updates are easier and quicker to deploy Protection Technologies Network Protection Safer Web and Email Memory Protection Improved Maintenance Windows Security Center Automatic Update enhancements Group Policy management of security features New Wireless LAN client SmartKey Wireless Setup Bluetooth update Protection Technologies Network Protection Safer Web and Email Memory Protection Improved Maintenance Windows Security Center Automatic Update enhancements Group Policy management of security features New Wireless LAN client SmartKey Wireless Setup Bluetooth update Protection Technologies Network Protection Safer Web and Email Memory Protection Improved Maintenance Windows Security Center Automatic Update enhancements Group Policy management of security features New Wireless LAN client SmartKey Wireless Setup Bluetooth update Protection Technologies Network Protection Safer Web and Email Memory Protection Improved Maintenance Windows Security Center Automatic Update enhancements Group Policy management of security features New Wireless LAN client SmartKey Wireless Setup Bluetooth update Protection Technologies Network Protection Safer Web and Email Memory Protection Improved Maintenance Windows Security Center Automatic Update enhancements Group Policy management of security features New Wireless LAN client SmartKey Wireless Setup Bluetooth update Protection Technologies Network Protection Safer Web and Email Memory Protection Improved Maintenance Windows Security Center Automatic Update enhancements Group Policy management of security features New Wireless LAN client SmartKey Wireless Setup Bluetooth update Protection Technologies Network Protection Safer Web and Email Memory Protection Improved Maintenance Windows Security Center Automatic Update enhancements Group Policy management of security features New Wireless LAN client SmartKey Wireless Setup Bluetooth update Protection Technologies Network Protection To help protect all computers connected to the Internet or an internal network Safer Web and Email To enable a safer Internet experience for the most common Internet tasks Memory Protection To provide system-level protection for the base operating system Improved Maintenance To ensure that updates are easier and quicker to deploy Availability Available as of August 2004 Download from http://www.microsoft.com Delivered as a critical update via Automatic Update - intelligently managed via new download service CDs available on request via the website (no cost) Diagnostic and fixing process For Windows Applications – – – For Web based applications – – Add application to firewall exceptions Check with application vendor for COM+ requirements Check with application vendor for patch Add website to trusted list Manage Security Zone settings Look at http://support.microsoft.com Read documents at http://www.microsoft.com/technet/prodtechnol/winxp pro/maintain/winxpsp2.mspx Call to Action Plan and Test! New security features will make the system secure but may break some applications In common test scenarios expect >=90% of applications to work without any configuration changes Majority of fixes are enabling pop-ups in browser applications and “listening” for firewall setup. © 2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary. Exchange Intelligent Message Filter (Exchange2003 Anti Spam) Steve Wheeler Windows Technology Evangelist Microsoft Presentation Team Agenda The Spam Problem How to Fight Spam – – – Exchange2003 Anti-Spam Features Exchange Intelligent Message Filter Outlook and OWA Client Features Deployment The Spam Problem Spam & Viruses Compared Viruses Spam Exploits Specific vulnerabilities (e.g. buffer overruns) General openness of mail system Effects Destructive Nuisance, offensive Sender motivation Kudos, Revenge $ Identification Signatures, deterministic Various, often subjective Cost Data loss Productivity loss Helpdesk Administration System resources Bandwidth Productivity loss Helpdesk Administration System resources Bandwidth Exchange Solution Exchange infrastructure 3rd Party Anti-Virus plug-ins Exchange infrastructure Exchange features Exchange plug-ins 3rd Party Anti-Spam plug-ins Enterprise Requirements For Anti-Spam False Positives: Number 1 Concern – Block at the gateway whenever possible – – Valid mail in the junk folder is as good as lost User never sees it Reduced impact on bandwidth & other system resources Administration – – – End-to-end solutions Easy to manage Balance corporate & end-user control How to Fight Spam The Taxonomy of a Message Where From (Connection – IP based) Who From (Sender) Who To (Recipient) What it’s about (Content) Taxonomy mapped to Exchange Features Where From (Connection Filtering) Global Allow and Deny lists – – Support for subscribing to 3rd party “real-time block list (RBL)” services – – – Configure individual IP or ranges by subnet mask Allow overrides Deny by design Support for multiple RBL providers Customizable NDR response per configured provider Override exception email address Integrated IP features Who From (Sender Filtering) Filter messages sent from particular email addresses or domains Filter messages with blank senders Optionally drop connection Enhanced spoof detection – message submission method is persisted Don’t resolve anonymous sender by default Blocking own domain will break list services Who To (Recipient filtering) Filter messages sent to nonexistent recipients – – No NDR – message rejected at protocol Address book mining Filter messages sent to particular email recipients (valid or invalid) Restricted Distribution Lists – – Allow only authenticated users to send to a DL Reduces impact of unsolicited email sent to internal only DLs Desirability What Its About Classification Critical legitimate mail Business Personal Order confirmations Non-critical legitimate mail Subscriptions Listserv Legitimate commercial mail Amazon.com promotions Expedia fare tracker Mail from companies with a pre-existing business relationship Spam Unsolicited product promotions Health & “pharmaceutical” Real estate & financial Scams & chain letters Pornography Destructive Viruses Easily classified at Gateway Gray area, best classified by end user Easily classified at Gateway * External communication only. All internal communication is assumed to be legitimate Microsoft Exchange Intelligent Message Filter Server-side message content filtering plug-in – Extension to Exchange2003 Server, deployed on Internet Bridgeheads Based on Microsoft SmartScreen™ technology from Microsoft Research SmartScreen tracks over 500,000 e-mail characteristics based on data from hundreds of thousands of MSN® Hotmail® volunteer subscribers IMF determines whether each incoming e-mail message is likely to be spam Microsoft Exchange Intelligent Message Filter Heuristics-based analysis of messages – Capable of adapting over time – Determines whether unsolicited commercial e-mail, spam, or legitimate e-mail. Constantly improves ability to catch unwanted messages and prevent false positives. Support for per message spam confidence level (SCL) ratings and message tagging. Outlook 2003 uses SmartScreen & SCL to enhance client-side Spam filters Microsoft Exchange Intelligent Message Filter Supports per Message tagging Administration via Exchange System Manager Console extension Filter Updates Coexistence with 3rd party solutions – Compliments not compete http://www.microsoft.com/exchange/imf Outlook2003 and OWA2003 Enhancements User specified Safe & Blocked Senders lists – – – User Lists shared by Outlook 2003 and Exchange 2003 OWA stored on the server Move to junk folder determined by: – – – Safe Senders, Safe Recipients, Blocked Senders Can optionally include Contacts and GAL Supports Safe Senders Only mode Exchange 2003 Mailbox Store based on user lists Per message SCL Client Side based on Microsoft SmartScreen Technology Block all external content by default (Web beacons) Putting It All Together 2004 Exchange Org Forest A Exchange Servers Exchange Servers Exchange 2003 Anti-Spam Server Internet ISA Server or Firewall Exchange IMF Smart Host Server SMTP Connector Exchange Org Forest B Summary There is no “silver bullet” in the war against spam. Microsoft is committed to fighting spam through on-going investments in anti-spam features & technologies. Through integration of our own products and ISV partner products, we aim to reduce spam by providing complete end to end solutions. © 2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.