1、,第一篇 區(qū)塊篇,Integrated phone and PDA Primarily data viewing Interoperability with Outlook and Exchange .NET Compact Framework ASP.NET mobile controls,Mobile Device Solutions,Complex document authoring, editing and reading Keyboard centric at the desk Keyboard and mouse input methods Full .NET framework

2、 available Centrino Solutions,Windows Mobile,Windows XP,Complex document authoring, editing and active reading Note taking and ink annotating Keyboard centric at the desk, pen and keyboard away from the desk Keyboard, mouse plus pen, ink, and speech input methods Full .NET framework preinstalled Pen

3、, ink, handwriting and speech recognition APIs Centrino Solutions,View and some data entry Integrated PDA with phone Interoperability with Office, Exchange and SQL Server .NET Compact Framework ASP.NET mobile controls Intel Xscale Solutions,Windows CE,One-way network Information consumption,Smart Pe

4、rsonal Objects,Smartphone,Pocket PC and Pocket PC Phone,Notebook PC,Tablet PC,Network Defense,Health checkup IT checks “health” of client Network Access Control Clients who pass get network access Clients who do not pass are fixed or blocked (aka “quarantined”) Health maintenance Quarantined clients

5、 can be given access to resources to get healthy,From Home(VPN, Dial up),Returning Laptops,ConsultantsGuests,UnhealthyDesktops,Microsoft Business Solutions ERP Positioning,Guiding Principles,Productive,Integrated,Extensible,Capable,Short learning curve Minimal administrative overhead,Tools integrate

6、d tightly Automates common tasks,Customizable for your process Integrates with 3rd party tools,Remotely accessible Robust, secure, scalable,Staging Architecture,Data entry,Test,Application Center,Commerce Web,Commerce,Commerce Data,Commerce Web,Commerce,Commerce Data,Application,Center,Application,C

7、enter,Data,ACS Cluster,ACS Cluster,Cluster controller,Cluster controller,Data,Live Communications Client Roadmap,LC 1.2 Client Platform Multiparty IM P2P Voice and Video MPOP Groups Roaming SIP support GPO policy management,LC 1.5 Client Platform Roll up of QFEs MPOP Additions Federation/Archiving N

8、otification HA Additions,LC 2.0 Client Platform Next generation of RTC experiences More coming!,2003,2H04,Longhorn,Enterprise Deployment Update,Internet,Firewall,Firewall,Firewall,Runtime Servers,Corporate LAN Internal Servers,Crawl/Search,Load Balanced Web,Infrastructure Servers,Development Servers

9、,Test Servers,Business Data Servers,Business Users,Database and Staging Servers,Staging Servers,Database Servers,Offline Servers,Indicates Staged Data Flow,Communicate and collaborate in a more secure mannerwithout sacrificing information worker productivity,Windows XP SP2Block virus or malicious co

10、de at the “point of entry”,At Risk,The Soft Underbelly,Security Issues Today,1 Source: Forrester Research 2 Source: Information Week, 26 November 2001 3 Source: Netcraft summary 4 Source: CERT, 2003 5 Source: CSI/FBI Computer Crime and Security Survey 6 Source: Computer Security Institute (CSI) Comp

11、uter Crime and Security Survey 2002 7 Source: CERT, 2002 8 Source: Gartner Group,14B devices on the Internet by 20101 35M remote users by 20052 65% increase in dynamic Web sites3 From 2000 to 2002 reported incidents rose from 21, 756 to 82,0944 Nearly 80 percent of 445 respondents surveyed said the

12、Internet has become a frequent point of attack, up from 57 percent just four years ago5,90% detected security breaches6 85% detected computer viruses6 95% of all breaches avoidable with an alternative configuration7 Approximately 70 percent of all Web attacks occur at the application layer8,Applicat

13、ion Layer Attacks,Identity Theft Web Site Defacement Unauthorized Access Modification of Data, Logs and Records Theft of Proprietary Information Service Disruption,Implications,Compliance: Sarbanes Oxley Gramm Leach Blilely US Patriot Act HIPAA The Privacy Act (CA) Basel 2 (EU) Data Protection Act (

14、EU) Litigation File Sharing Piracy HR Issues Shareholder Suits,Customer Impact,Types Of SRP Rules,Path Rule Compares path of file being run to an allowed path list Use when you have a folder with many files for the same application Essential in when SRPs are strict,Hash Rule Compares the MD5 or SHA1

15、 hash of a file to the one attempted to be run Use when you want to allow/prohibit a certain version of a file from being run,Certificate Rule Checks for digital signature on application (i.e. Authenticode) Use when you want to restrict both win32 applications and ActiveX content,Internet Zone Rule

16、Controls how Internet Zones can be accessed Use when in high security environments to control access to web applications,SQL Server 2005 Themes,Supportability updating must be initiated manually,Office Update Web site:,How To Use Office Update,Go to ,1,Click Check for Updates,2,Install the Office Up

17、date Installation Engine (if not already installed),3,Select the updates you want to install,4,Click Start Installation,5,How To Use SUS,On the SUS server,Configure the SUS server at http:/SUSAdmin,On each SUS client,Configure Automatic Updates on the client to use the SUS server Use Group Policy, m

18、anually configure each client, oruse scripts,Set the SUS server synchronization schedule,Review, test, and approve updates,1,2,3,How To Use MBSA,Download and install MBSA (once only),1,Launch MBSA,2,Select the computer(s) to scan,3,Select relevant options,4,Click Start scan,5,View the Security Repor

19、t,6,Software Update Service Deployment Best Practices (1),Software Update Service Deployment Best Practices (2),How To Use SMS To Deploy Patches,SMS MBSA Integration,MBSA integration included with SMS 2003 and the SUS Feature Pack for SMS 2.0 Scans SMS clients for missing security updates using mbsa

20、cli.exe /hf,MBSA Benefits,Scans systems for Missing security patches Potential configuration issues Works with a broad range ofMicrosoft software Allows an administrator to centrally scan multiple computers simultaneously MBSA is a free tool, and can bedownloaded from,MBSA Considerations,MBSA report

21、s important vulnerabilities,Password weaknesses Guest account not disabled Auditing not configured Unnecessary services installed IIS vulnerabilities IE zone settings Automatic Updates configuration Internet Connection Firewall configuration,MBSA Scan Options,MBSA has three scan options MBSA graphic

22、al user interface (GUI) MBSA standard command-lineinterface (mbsacli.exe) HFNetChk scan (mbsacli.exe /hf),Business Case ForPatch Management,When determining the potential financial impact of poor patch management, consider,Downtime Remediation time Questionable data integrity Lost credibility Negati

23、ve public relations Legal defenses Stolen intellectual property,“We commend Microsoft for providing enhanced security guidance to its customers as well as for soliciting user input as part of the process of producing that guidance“ Clint Kreitner President/CEO,“NIST reviewed and provided technical c

24、omments device independent. Integration into a broad range of different applications and devices.,2004,2005,Windows Small Business Server 2003 SP1 Windows Server 2003 for 64-Bit Extended Systems Windows Server 2003 Service Pack 1 (SP1) Windows XP Tablet Edition 2005 Windows XP Media Center Edition 2

25、005 Windows XP Service Pack 2 (SP2) Virtual Server 2005 Additional Feature Packs (e.g. Windows Update Services),Windows Server: Codename “Longhorn” Beta 1 Windows Client: Codename “Longhorn” Beta 1 Windows Server 2003 Update: Codename “R2”,Release Roadmap,第二篇 表格篇,Microsoft Patch Severity Ratings,Sec

26、urity Bulletin List: http:/www.M,Patching Time Frames,Improving The Patching Experience,Choosing A PatchManagement Solution,Patch Management Solution For Medium-Sized And Large Organizations,Other Sessions Of Interest,The Importance Of Proactive Patch Management,DREAD,Micro Issues are 88%,Simple to

27、fix. Create “Noise” Five issues represent 88% of all upgrade issues,Analysis Service and DTS Migration Wizards No new MDAC bits Reduced SQL Database services downtime,Upgrade,Example Goals,Example Scope,What to plan for,Patch Management Solution For Small And Medium-sized Organizations,Elements of Y

28、our Final Report,Whats New In Setup,Default Exempt Rules In IPSec,Stored in the registry value: HKLMSYSTEMCurrentControlSetServicesIPSECNoDefaultExempt,PerformanceEnhanced Architecture,Optimized for real life usage scenarios Improvements since ISA Server 2000 Kernel-mode data pump User-mode optimiza

29、tions Up to +150% (2.5X faster) for firewall (SecureNAT) traffic Up to +250% (3.5X faster) for Web (transparent) proxy traffic 1,000,000+ concurrent connections Scale up with additional CPUs,Raw throughput performance,How? Design improvements IP Stack improvements Hardware improvements (raw thru-put

30、 measured using HTTP+NAT benchmark),IT Policy Completeness,IT Audit Score Card Example,Upgrading And MigratingSharePoint products and technologies,Other Sessions,Windows Server Family,Dedicated,第三篇 圖例篇,Corpnet,Internet,RADIUS Authentication,Federation through RADIUS proxies Can be used for centraliz

31、ed authentication services Domain membership not required Great for DMZ placement,RADIUS Server (IAS),Back-end Server,Web Client (Browser, HTTP client),ISA Server 2000 (Old)Networking Model,Fixed zones “IN” = LAT “OUT” = DMZ, Internet Packet filter only on external interfaces Single outbound policy

32、NAT always Static filtering from DMZ to Internet,InternalNetwork,Internet,DMZ 1,ISA 2000,ISA Server 2004 Networking Model,Any number of networks VPN as network Localhost as network Assigned relationships (NAT/Route) Per-Network policy Packet filtering onall interfaces Support for DoD Any topology, a

33、ny policy,ISA 2004,Rule Structure infects unprotected or unpatched systems,No Exploit,Exploit,MBSA How It Works,MSSecure.xml contains Security bulletin names Product-specific updates Version and checksum info Registry keys changed KB article numbers Etc.,Windows Download Center,MSSecure.xml,MBSAComp

34、uter,Policies, Procedures, begin integrating PM tools and business/IT requirements Improve risk response & managing a “portfolio” of projects,4,Risk,PM Maturity,Project Complexity,PM Capability,EPM Expectation,Project Management Maturity Model (PMMM),TechnologyMicrosoft Office EPM Architecture,Easil

35、y Create Enterprise Project Plans,Team Participation,Centrally Store Project, Resources, and Reporting,Project Documents, Issues, Risks, and Tasks,LOB Systems,Get More from Your IT Investments,More Productive Users,Taking a Staged Approach,Deployment Planning,Legacy App,Workflow Engine,Siebel,SAP,MS

36、-CRM,Architecture Overview,Information Bridge,Back-end Services,Client,Office Application,Smart Tag,Smart Doc,Task Pane Manager,Host Renderer,IBF - UI,IBF Engine,Metadata Cache,Metadata Designer,Metadata Web Service,Metadata,Compliant Service Adapter,Compliant Service Adapter,Compliant Service (Nati

37、ve),BizTalk EAI,Existing Web Service,XML Instance Data,Metadata,Metadata,View 2,Relationship,ServiceOp 1,UI Op 1,ServiceOp 1,UI Op 1,ServiceOp 1,UI Op 1,Web Services,.net Assembly,HTML,Winform,Actions,Ref 3,Ref 1,Ref 2,Action 1,Action 3,Action 2,View 1,Entity,Namespace,Ref 4,View 3,Entity,Entity,Entity,Namespace,Developed as a Visual Studio Add-In Complete UI t