收藏 分销(赏)

微软蓝灰风格PPT模板.ppt

上传人:仙人****88 文档编号:14119260 上传时间:2026-06-26 格式:PPT 页数:26 大小:1.86MB 下载积分:10 金币
下载 相关 举报
微软蓝灰风格PPT模板.ppt_第1页
第1页 / 共26页
微软蓝灰风格PPT模板.ppt_第2页
第2页 / 共26页


点击查看更多>>
资源描述
Click to edit Master title style,Click to edit Master text styles,Second level,Third level,Fourth level,Fifth level,*,Click to edit Master title style,Click to edit Master text styles,Second level,Third level,Fourth level,Fifth level,Microsoft Security Strategy,Steven Adler,Product Manager,Microsoft EMEA,Session Agenda,Focus on Customer Challenges,Microsoft Security Strategy,Secure Windows Initiative,Strategic Technology Protection Program,Trustworthy Computing,Building the secure platform,.NET Framework,Windows.NET,Summary,Questions,Technology,Process,People,What are the challenges?,Products lack security features,Products have bugs,Insufficient technical standards,Difficult to stay,up-to-date,Design for security,Roles&responsibilities,Vigilance,Business continuity plans,Stay up-to-date with security development,Problem recognition,Skills shortage,Human error,Process,People,Technology,Trustworthy Computing,Strategic Technology,Protection Program,Secure Windows Initiative,Microsoft Security Strategy,Secure Windows Initiative,“,Engineering For Security,”,Goal:Eliminate Every Security Vulnerability Before The Product Ships,People,Process,Technology,Industry Yardstick,Source:Security Focus Windows Initiative,People,Train,and keep current,every developer,tester,and program manager in the specific techniques of building secure products,Process,Make security a critical factor in design,coding and testing of every product Microsoft builds,Cross-group design&code reviews,Security Threat Analysis part of every design spec,Red Team testing and code reviews,Focus not confined to buffer overruns,Security bug feedback loop&code sign-off requirements,External reviews and testing by consultants and public,Technology,Build tools to automate everything possible in the quest to code the most secure products,Prefix and Prefast for buffer overrun detection,Updated as new vulnerabilities found,Visual C+7.0 compiler improvements,Domain-specific tools(i.e.RPC security stress),Secure Windows Initiative,External Security Review,FIPS 140-1 evaluation of Cryptographic Service Provider(CSP),Completed,Government validation of base crypto algorithms in Windows,Common Criteria evaluation,In Preparation,Evaluation of Windows source code against International security criteria for evaluating,Third party expert review of key components,Source code licensed to over 80 universities,labs,and government agencies,Goal:Help customers secure their Windows Systems,People,Process,Technology,Strategic TechnologyProtection Program,Strategic Technology Protection Program-,Customers Need Our Help,I didn,t know which patches I needed,I didn,t know where to find the updates,I didn,t know which machines to update,We updated our production servers,but the rogue servers got infected,More than 50%of the customers affected by Code Red were not patched in time for Nimda,STPP:,“,Get Secure,”,Coming,-Enterprise Security Tools,Microsoft Baseline Security Analyzer,SMS security patch rollout tool,Windows Update Auto-update client,Now,-Microsoft Security Toolkit,Server oriented security resources.,New server security tools and updates,Windows Update bootstrap client for Windows 2000,Now,-Security Assessment Program Offering,Available immediately through MCS/PSS,Now,-Free Virus Support HotlineContact your local PSS office,Get Secure,Microsoft Security Toolkit,Gets Windows NT and 2000 systems to secure baseline,even disconnected net,Automates server updates,One-button wizard and SMS Scripts,Updates and Patches,Includes,all,Service Packs and,critical,OS and IIS patches through 10/15,HFNetchk:patch level verifier,IIS Lockdown&URLScan,STPP:,“,Stay Secure,”,Ongoing,-Enhanced Product Security,Provide greater security enhancements in the releases of all new products,including theWindows.NET Server family,Spring 2002,-Federated Corporate Windows Update Program,Allows enterprise to host and selectWindows Update content,Spring 2002,-Windows 2000 Service Pack(SP3),Provide ability to install SP3+security rollupwith a single reboot,Jan.2002,-Windows 2000 Security Rollup Patches,Bundle all security fixes in single patches,Reduces reboots and administrator burden,Corporate Update Server Solution,Automatic Update(AU)client,Automatically download and install critical updates,Security patches,high impact bug fixes and new drivers when no driver is installed for a device,Checks Windows Update service or Corporate Update server once a day,New,!Install at schedule time after automatic downloads,Administrator control of configuration via registry-based policy,Support for Windows.NET Server,Windows XP and Windows 2000,Update server,Corporate hosted WU server to support download and install of critical updates through AU client,Server synchronizes with the public Windows Update service,Simple administrative model via IE,Updates are not made available to clients until the administrator approves them,Runs on Windows.NET Server and Windows 2000 Server,Trustworthy Computing,Goal:Make devices powered by computers and software as trustworthy as devices powered by electricity.,A Trust Taxonomy,Availability,At advertised levels,Suitability,Features fit function,Integrity,Against data loss or alteration,Privacy,Access authorized by end-user,Reputation,System and provider brand,Security,Resists unauthorized access,Quality,Performance criteria,Dev Practices,Methods,philosophy,Operations,Guidelines and benchmarks,Business Practices,Business model,Policies,Laws,regulations,standards,norms,Intent,Management assertions,Risks,What undermines intent,causes liability,Implementation,Steps to deliver intent,Evidence,Audit mechanisms,Goals,Means,Execution,Building the secure platform,Goal:Provide IT with a secure,integrated foundation for managing how users,business,and technologies connect.,Infrastructure(PKI,Directory),Security in depth,Network(IPSec,Wireless,VPN),Device(PDA,Laptops,PCs,Servers),Application,Management,Front End,Typical Application Architecture,Users,Back End,Authentication,Network Access,Authorization,Audit,Alerts,Front End,Secure Network Access,Users,Back End,Authorization,Authentication,Network Access,FirewallVPNWirelessIPSEC,Audit,Alerts,Front End,Flexible Authentication,Users,Back End,BasicHTTP DigestKerberosCertificates,Smartcards,Authentication,Network Access,Authorization,Audit,Alerts,Front End,Rich Access Controls,Users,Back End,Authentication,Network Access,Authorization,Audit,Alerts,Access Control Lists,Roles,Front End,System Wide Auditing,Users,Back End,Authorization,Audit,Alerts,Audit Actions,Distributed Devices,Audit Policy,Authentication,Network Access,Front End,Alert Infrastructure,Users,Back End,Authorization,Audit,Alerts,Event Forwarding,Filtering,Correlation,Authentication,Network Access,Windows Brings it Together,Active Directory,Integrated network authentication,Policy based management,PKI,Integrated PKI services and auto-enrollment,Used by IPSEC,Smartcard,Code Signing etc.,Networking,Secure network access via 802.1x support,Authenticated firewall access via Microsoft ISA server,Protected Devices,Encrypting File System,Software Restriction Policies,2002 Microsoft Corporation.All rights reserved.,
展开阅读全文

开通  VIP会员、SVIP会员  优惠大
下载10份以上建议开通VIP会员
下载20份以上建议开通SVIP会员


开通VIP      成为共赢上传

当前位置:首页 > 应用文书 > PPT模板

移动网页_全站_页脚广告1

关于我们      便捷服务       自信AI       AI导航        抽奖活动

©2010-2026 宁波自信网络信息技术有限公司  版权所有

客服电话:0574-28810668  投诉电话:18658249818

gongan.png浙公网安备33021202000488号   

icp.png浙ICP备2021020529号-1  |  浙B2-20240490  

关注我们 :微信公众号    抖音    微博    LOFTER 

客服