Kurumsal Güvenlik Murat Eraydın Principal Systems Engineer Microsoft

... konulu sunumlar: "Kurumsal Güvenlik Murat Eraydın Principal Systems Engineer Microsoft"— Sunum transkripti:

1

2 Kurumsal Güvenlik Murat Eraydın Principal Systems Engineer Microsoft

3 Gündem Güvenlik neden önemli? Hacker’lar hakkında birkaç söz
Microsoft’un bakış açısı ve teknolojiler

4 Universal Risk Computer Crime and Security Survey 2002 CERT
Saldırıların %90’ı tesbit edildi Saldırıların %40’ı dışarıdan geliyor (25% in 2000) %85’i virus kaynaklı CERT %95’i yanlış konfigürasyondan kaynaklı Source: Computer Security Institute (CSI) Computer Crime and Security Survey 2002 Source: CERT, 2002

5 IT Sektörüne Getirdiği Yük
2001’de yapılan güvenlik yatırımları $8.0 milyar 24% artış < Data from IDC 2002 yılında öncelik verilen alımlar CIO Priorities Rank % Security Software 1 41% Application Integration 2 40% Windows 2000/XP Desk 3 34% Windows 2000 Server 4 32% < Industry Analysts

6 Hacker Kime Denir? hack·er1 n. Computer Science.
Bilgisayar kullanımında veya programlamasında uzman kişi; bilgisayar kurdu. Başkasının elektronik sistemine yasadışı olarak giren veya para/bilgi çalan kişi.

7 Neden Bize Saldırsınlar ki?
Eğlenmek için bile olabilir!

8 You’ve been Hacked!

9 CIA - Hacked!!

10 RSA Security!

11 The Borg Resistance is Futile
Bilgiyi çok iyi “paylaşırlar” Aşağıdaki web sitelerine herkes girebilir – iyiler ve kötüler!

12 Hacker’lar Nasıl Çalışırlar?
Target Acquisition What kind of system they run? What software? Version? Footprinting Legal databases, Edgar, WHOIS, ... Scanning Many scanners available; Retina, SolarWinds, ... Gaining Access Password required! Enumeration User list, share list Escalating Privilidge They need administrator/root access! Pilfering Beware of this! Configuration files, text files, personal information, ... Creating Backdoors Denial of Service (DOS)

13 Microsoft’un Bakış Açısı ve Teknolojileri

14 Güvenli Bilişim Ana Unsurlar
Saldırıya dayanıklı Gizlilik, bütünlük, erişilebilirlik ve bilgiyi korumak Security Privacy Kullanıcıların kontrolundeki bilgi Güvenilir Gerektiği zaman çalışan Reliability Tüm ürünlerin yüksek kalitede olması Gerektiği zaman destek alınabilmesi Business Integrity

15 Protect Detect Defend Recover Manage
Microsoft Security Protect Detect Defend Recover Manage

16 Koruma Tesbit Savunma Kurtarma Yönetme
Microsoft Security Koruma Tesbit Savunma Kurtarma Yönetme

17 Microsoft Security Protect Detect Defend Recover Manage

18 Microsoft Security: Protect
Detect Defend Recover Manage Gereksinimler Data: Control access Systems: Proper configuration Users: Role-based access Temel Teknolojiler Active Directory: Authentication, authorization, group policy MBSA: Verify patch level and security configuration ISA Server: Enterprise firewall, application gateway Windows networking: Personal firewall, VPN, IPSec

19 Active Directory Servers Users Network Devices Clients
Network üzerindeki objeler hakkında bilgi içeren “özel” bir database ADSI ve LDAP v3 ile programatik olarak erişim Users Clients Servers Network Devices

20 Group Policy Site, Domain, ou seviyesinde Her türlü kısıtlama
Control Panel CD-ROM, Floppy kullanımı Uygulama Çalıştırma(ma) Yeni Uygulamaların yüklenmesi Auto-repair Version update Patch Menu, Desktop, MyDocuments

21 IPSec Problem: IP güvenli bir protokol değil Çözüm: IPSec
Network sniffers Replay attacks Çözüm: IPSec 168 bit encryption Network yöneticisini Kullanıcı bazında Makine bazında

22 Microsoft Security: Detect
Gereksinimler Data: What data is being accessed Systems: What unexpected behavior is occurring Users: Who is breaking policy Senaryolar Business critical data in distributed applications More mobile users More non-employees with network access Temel Teknolojiler Active Directory: Group policy Windows instrumentation and eventing Windows native VPN capabilities 3rd party anti-virus and IDS solutions Protect Detect Defend Recover Manage

23 Microsoft Security: Defend
Gereksinimler Data: Clean content for viruses Systems: Close ports/block IP address in response to new threats Users: Disable compromised user accounts Senaryolar Repeated logon attempts Port scanning Polymorphic viruses Temel Teknolojiler Active Directory: Account lockout 3rd Party anti-virus software ISA Server: Enterprise firewall, application gateway Protect Detect Defend Recover Manage

24 Virtual Private Networks
Remote user or partner… …with certificate DS via Firewall Certificate is verified Intranet User access to selected documents Internet Connects through the Internet secure tunnel

25 Microsoft Security: Defend
Many of today’s attacks freely bypass packet and network-level firewalls ex. Code Red, Nimda, SSL exploits… An application gateway (AG) is required to protect against these attacks AGs use application-layer filtering to enable deep content inspection Understanding what’s in the payload is now a requirement Protect Detect Defend Recover Manage SSL SSL SSL or HTTP Internet ISA Server (“SSL bridging”) Packet/ network level FW client Web Server

26 ISA Server can secure your network from the latest threats today.
Protect Detect Defend Recover Manage Protecting IIS HTTP application filter & proxy architecture Protecting Exchange and Outlook Web Access (OWA) Exchange RPC application filter SSL bridging & HTTP application filter SMTP application filter Upgrading Proxy 2.0 Future: Built for Web Services security SSL bridging Application-layer filtering SOAP/XML application filter ISA Server can secure your network from the latest threats today.

27 Microsoft Security: Recover
Protect Detect Defend Recover Manage Gereksinimler Data: Recover compromised or infected files Systems: Minimize downtime Users: Restore configuration/preferences Senaryolar Increased complexity of configurations Labor intensive Downtime expense Temel Teknolojiler Offline folders to persist data to a server Shadow Copy to recover from infected files Automated System Recovery (ASR) to prior system state Remote Installation Services (RIS) to rapidly recover OS

28 Microsoft Security: Manage
Gereksinimler Policy to protect, detect, defend and recover Products to automate policy Centralized monitoring Senaryolar Enterprise patch/configuration management Wireless and VPN access policy Role-based access control Temel Teknolojiler SMS, Software Update Services (SUS), Windows Update Active Directory: Group policy Microsoft Operations Manager (MOM) Protect Detect Defend Recover Manage

29 Managing Security with SMS Case Study
Protect Detect Defend Recover Manage Müşteri Gereksinimi Inventory current security patch level Need to create custom patch packages Test, deploy and validate appropriate patches Microsoft Çözümü Consumer and Small Business: Windows Update Medium Business: Software Update Services Enterprises: SMS and new Value Pack Case Study: Divine 20,000 packages to 1200 servers with 3 people Installed Code Red updates on 1,200 servers in only four hours with 99.3% accuracy Divine maintained 99.95% availability on all servers during Code Red

30 Windows .NET Server Ailesi
Herşey kapalı geliyor! Sistem yöneticisi istediği servisleri kendisi açacak Yeni bir web sitesi için LockDown Wizard çalışıyor Lockdown çalışmadan WebSitesi açılmıyor Default = Deny (Windows 2000 was allow) Tüm haklar kaldırılmış olarak geliyor, yönetici kendisi Windows Update is On (Windows 2000 SP3) Windows Update sitesindeki patch’ler otomatik olarak yüklenecek Internet’e bağlı olmayan kuruluşlarda SUS kurarak yapılabilir .NET Framework Kim, ne, nerede, nasıl çalıştırabilir? Windows XP’de zaten mevcut

31 © 2001 Microsoft Corporation. All rights reserved.
This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.