What’s New in Windows Server 2012 David Tesar Technical Evangelist WSV311.
Windows XP Service Pack 2 Steve Wheeler Windows Technology Evangelist Microsoft Presentation Team.
-
date post
20-Dec-2015 -
Category
Documents
-
view
217 -
download
0
Transcript of Windows XP Service Pack 2 Steve Wheeler Windows Technology Evangelist Microsoft Presentation Team.
Windows XP Service Pack 2
Steve Wheeler
Windows Technology Evangelist
Microsoft Presentation Team
Agenda
Background Business Opportunity Protection Technologies
– Network protection– Safer Web and email experience– Memory protection– Improved maintenance
But that’s not all… Availability
Patch management too complex
Time to exploit accelerating Exploits are more
sophisticated Current approach is not
sufficient
Security is our No. 1 prioritySecurity is our No. 1 prioritybut there is no silver bulletbut there is no silver bullet
151151180180
331331
Blaster
Welchia/ Nachi
Nimda
2525
SQL Slammer
Days between patch and exploit
Background: Security Challenges
Malicious Web content
Buffer overrun attacks
Port-based attacks
Malicious e-mail attachments
Client Attacks
Protection Technologies
NetworkProtection
Safer Weband Email
MemoryProtection
ImprovedMaintenance
To help protect all computers connected to the Internet or an internal network
To enable a safer Internet experience for the most common Internet tasks
To provide system-level protection for the base operating system
To ensure that updates are easier and quicker to deploy
Protection Technologies
NetworkNetworkProtectionProtection
Safer Weband Email
MemoryProtection
ImprovedMaintenance
Windows Firewall Reduction of attack surface of a
Windows XP computer More secure infrastructure for
DCOM Windows Messenger Service is
off by default
Protection Technologies
NetworkNetworkProtectionProtection
Safer Weband Email
MemoryProtection
ImprovedMaintenance
Windows Firewall Reduction of attack surface of a
Windows XP computer More secure infrastructure for
DCOM Windows Messenger Service is
off by default
Protection Technologies
NetworkNetworkProtectionProtection
Safer Weband Email
MemoryProtection
ImprovedMaintenance
Windows Firewall– on by default– boot time protection– multiple profile support
Reduction of attack surface of a Windows XP computer
More secure infrastructure for DCOM
Windows Messenger Service is off by default
Protection Technologies
NetworkNetworkProtectionProtection
Safer Weband Email
MemoryProtection
ImprovedMaintenance
Windows Firewall Reduction of attack surface of
a Windows XP computer More secure infrastructure for
DCOM Windows Messenger Service is
off by default
Protection Technologies
NetworkNetworkProtectionProtection
Safer Weband Email
MemoryProtection
ImprovedMaintenance
Windows Firewall Reduction of attack surface of
a Windows XP computer– The RPC service runs with reduced
privileges– no longer accepts unauthenticated
connections by default
More secure infrastructure for DCOM
Windows Messenger Service is off by default
Protection Technologies
NetworkNetworkProtectionProtection
Safer Weband Email
MemoryProtection
ImprovedMaintenance
Windows Firewall Reduction of attack surface of a
Windows XP computer More secure infrastructure for
DCOM Windows Messenger Service is
off by default
Protection Technologies
NetworkNetworkProtectionProtection
Safer Weband Email
MemoryProtection
ImprovedMaintenance
Windows Firewall Reduction of attack surface of a
Windows XP computer More secure infrastructure for
DCOM– Granular configuration of launch
permissions for DCOM
Windows Messenger Service is off by default
Protection Technologies
NetworkNetworkProtectionProtection
Safer Weband Email
MemoryProtection
ImprovedMaintenance
Windows Firewall Reduction of attack surface of a
Windows XP computer More secure infrastructure for
DCOM Windows Messenger Service
is off by default
Protection Technologies
NetworkNetworkProtectionProtection
Safer Weband Email
MemoryProtection
ImprovedMaintenance
Windows Firewall Reduction of attack surface of a
Windows XP computer More secure infrastructure for
DCOM Windows Messenger Service is
off by default– a tool that has been exploited by
spammers– spammers will not be
able to use the feature to send unwanted pop-ups
Protection Technologies
NetworkProtection
Safer Weband Email
MemoryProtection
ImprovedMaintenance
To help protect all computers connected to the Internet or an internal network
To enable a safer Internet experience for the most common Internet tasks
To provide system-level protection for the base operating system
To ensure that updates are easier and quicker to deploy
Protection Technologies
NetworkProtection
Safer WebSafer Weband Emailand Email
MemoryProtection
ImprovedMaintenance
Blocking of un-requested pop-ups
More control over Active-X controls
More control over downloads More control over attachments
Protection Technologies
NetworkProtection
Safer WebSafer Weband Emailand Email
MemoryProtection
ImprovedMaintenance
Blocking of un-requested pop-ups
More control over Active-X controls
More control over downloads More control over attachments
Protection Technologies
NetworkProtection
Safer WebSafer Weband Emailand Email
MemoryProtection
ImprovedMaintenance
Blocking of un-requested pop-ups
More control over Active-X controls
More control over downloads More control over attachments
Protection Technologies
NetworkProtection
Safer WebSafer Weband Emailand Email
MemoryProtection
ImprovedMaintenance
Blocking of un-requested pop-ups
More control over Active-X controls
More control over downloads More control over attachments
Protection Technologies
NetworkProtection
Safer WebSafer Weband Emailand Email
MemoryProtection
ImprovedMaintenance
Blocking of un-requested pop-ups
More control over Active-X controls
More control over downloads More control over attachments
Protection Technologies
NetworkProtection
Safer Weband Email
MemoryProtection
ImprovedMaintenance
To help protect all computers connected to the Internet or an internal network
To enable a safer Internet experience for the most common Internet tasks
To provide system-level protection for the base operating system
To ensure that updates are easier and quicker to deploy
Protection Technologies
NetworkProtection
Safer Weband Email
MemoryMemoryProtectionProtection
ImprovedMaintenance
What is a buffer overrun? Technologies to reduce
exploitation of buffer overruns
Locally DeclaredVariables and Buffers
Data GoesHere Callee save registers
Function Parameters
Function Return Address
Frame Pointer
Exception Handler Frame
What is a buffer
Good Data
“Buffers” are space set aside for input, such as your name when a computer asks you to type it in
Information should not over-fill the buffers
executioncontinues
wheninput isreceived
Locally DeclaredVariables and Buffers
Data GoesHere Callee save registers
Function Parameters
Function Return Address
Frame Pointer
Exception Handler Frame
What is a buffer overflow
Function Return Address
Overflow attackOverwrites outside
Buffer
Bad Code
A “buffer overflow” works by filling the buffer with computer commands and forcing the commands to execute by changing the return address
Protection Technologies
NetworkProtection
Safer Weband Email
MemoryMemoryProtectionProtection
ImprovedMaintenance
What is a buffer overrun? Technologies to reduce
exploitation of buffer overruns– Microsoft has recompiled all code
changed since the release of Windows XP using the latest Visual Studio® compiler and the “/GS” flag
Locally DeclaredVariables and Buffers
Cookieoverwritten,execution
halts
Data GoesHere Callee save registers
Function Stackwith /GS Switch
Function Parameters
Function Return Address
Frame Pointer
Exception Handler Frame
Solution: /GS Switch
XP SP2 uses a "speed bump," or cookie, between the buffer and the return address (called the /GS switch)
If an overflow writes over the return address, it will have to overwrite the cookie
This is detected and the program stops
Reduce Risk of Buffer Overruns
Cookie
Overflow attackOverwrites outside
Buffer
Bad Code
Protection Technologies
NetworkProtection
Safer Weband Email
MemoryProtection
ImprovedMaintenance
To help protect all computers connected to the Internet or an internal network
To enable a safer Internet experience for the most common Internet tasks
To provide system-level protection for the base operating system
To ensure that updates are easier and quicker to deploy
Protection Technologies
NetworkProtection
Safer Weband Email
MemoryProtection
ImprovedImprovedMaintenanceMaintenance
Windows Security Center Automatic Update
enhancements Group Policy management of
security features New Wireless LAN client SmartKey Wireless Setup Bluetooth update
Protection Technologies
NetworkProtection
Safer Weband Email
MemoryProtection
ImprovedImprovedMaintenanceMaintenance
Windows Security Center Automatic Update
enhancements Group Policy management of
security features New Wireless LAN client SmartKey Wireless Setup Bluetooth update
Protection Technologies
NetworkProtection
Safer Weband Email
MemoryProtection
ImprovedImprovedMaintenanceMaintenance
Windows Security Center Automatic Update
enhancements Group Policy management of
security features New Wireless LAN client SmartKey Wireless Setup Bluetooth update
Protection Technologies
NetworkProtection
Safer Weband Email
MemoryProtection
ImprovedImprovedMaintenanceMaintenance
Windows Security Center Automatic Update
enhancements Group Policy management of
security features New Wireless LAN client SmartKey Wireless Setup Bluetooth update
Protection Technologies
NetworkProtection
Safer Weband Email
MemoryProtection
ImprovedImprovedMaintenanceMaintenance
Windows Security Center Automatic Update
enhancements Group Policy management of
security features New Wireless LAN client SmartKey Wireless Setup Bluetooth update
Protection Technologies
NetworkProtection
Safer Weband Email
MemoryProtection
ImprovedImprovedMaintenanceMaintenance
Windows Security Center Automatic Update
enhancements Group Policy management of
security features New Wireless LAN client SmartKey Wireless Setup Bluetooth update
Protection Technologies
NetworkProtection
Safer Weband Email
MemoryProtection
ImprovedImprovedMaintenanceMaintenance
Windows Security Center Automatic Update
enhancements Group Policy management of
security features New Wireless LAN client SmartKey Wireless Setup Bluetooth update
Protection Technologies
NetworkProtection
Safer Weband Email
MemoryProtection
ImprovedMaintenance
To help protect all computers connected to the Internet or an internal network
To enable a safer Internet experience for the most common Internet tasks
To provide system-level protection for the base operating system
To ensure that updates are easier and quicker to deploy
Availability
Available as of August 2004 Download from http://www.microsoft.com Delivered as a critical update via Automatic
Update - intelligently managed via new download service
CDs available on request via the website (no cost)
Diagnostic and fixing process
For Windows Applications– Add application to firewall exceptions– Check with application vendor for COM+ requirements– Check with application vendor for patch
For Web based applications– Add website to trusted list– Manage Security Zone settings
Look at http://support.microsoft.com Read documents at
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/winxpsp2.mspx
Call to Action
Plan and Test! New security features will make the system
secure but may break some applications In common test scenarios expect >=90% of
applications to work without any configuration changes
Majority of fixes are enabling pop-ups in browser applications and “listening” for firewall setup.
© 2004 Microsoft Corporation. All rights reserved.© 2004 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
Exchange Intelligent Message Filter(Exchange2003 Anti Spam)
Steve Wheeler
Windows Technology Evangelist
Microsoft Presentation Team
Agenda
The Spam Problem How to Fight Spam
– Exchange2003 Anti-Spam Features– Exchange Intelligent Message Filter– Outlook and OWA Client Features
Deployment
““Ferris Research has estimated the cost of Ferris Research has estimated the cost of
spam to a company of 10,000 workers is $1.1 spam to a company of 10,000 workers is $1.1
million. …”million. …”
http://www.cnn.com/2003/TECH/internet/11/04/spam.killer/index.html
http://www.cnn.com/2003/TECH/internet/11/04/spam.killer/index.html
““Spam fighters Spam fighters
make a good make a good
killing”killing”““Estimates vary, but IDC reckons that over Estimates vary, but IDC reckons that over
30 percent of US e-mail is spam, while 30 percent of US e-mail is spam, while
Brightmail says…over 50 percent…the Brightmail says…over 50 percent…the
world's 500 million business e-mail users are world's 500 million business e-mail users are
wasting countless hours sorting through and wasting countless hours sorting through and
deleting spams, costing companies millions deleting spams, costing companies millions
each year in lost time…”each year in lost time…”
http://www.enn.ie/frontpage/news-9380566.htmlhttp://www.enn.ie/frontpage/news-9380566.html
““No silver bullet for No silver bullet for
spamspam””““The Radicati Group says unwanted e-The Radicati Group says unwanted e-
mail cost U.S. corporations about $9 mail cost U.S. corporations about $9
billion last year in lost productivity. billion last year in lost productivity.
Within four years, the firm says, $198 Within four years, the firm says, $198
billion will be spent for servers to handle billion will be spent for servers to handle
spam..”spam..”
http://www.comnews.com/stories/articles/c1103editor.htmhttp://www.comnews.com/stories/articles/c1103editor.htm
““Spam Spam works”works”
The Spam Problem
Spam & Viruses Compared
EffectsEffects DestructiveDestructive
SpamSpam
ExploitsExploits Specific vulnerabilitiesSpecific vulnerabilities(e.g. buffer overruns)(e.g. buffer overruns)
General openness of mail General openness of mail systemsystem
VirusesViruses
Nuisance, offensiveNuisance, offensive
Sender motivationSender motivationKudos, RevengeKudos, Revenge $$
IdentificationIdentification Signatures, deterministicSignatures, deterministic Various, often subjectiveVarious, often subjective
CostCost Data lossData lossProductivity lossProductivity lossHelpdeskHelpdeskAdministrationAdministrationSystem resourcesSystem resourcesBandwidthBandwidth
Productivity lossProductivity lossHelpdeskHelpdeskAdministrationAdministrationSystem resourcesSystem resourcesBandwidthBandwidth
Exchange SolutionExchange SolutionExchange infrastructure Exchange infrastructure 33rdrd Party Anti-Virus plug-ins Party Anti-Virus plug-ins
Exchange infrastructure Exchange infrastructure Exchange featuresExchange featuresExchange plug-insExchange plug-ins33rdrd Party Anti-Spam plug-ins Party Anti-Spam plug-ins
Enterprise Requirements For Anti-Spam
False Positives: Number 1 Concern– Valid mail in the junk folder is as good as lost
Block at the gateway whenever possible– User never sees it– Reduced impact on bandwidth & other system
resources Administration
– End-to-end solutions– Easy to manage– Balance corporate & end-user control
How to Fight Spam
The Taxonomy of a Message
Where From (Connection – IP based) Who From (Sender) Who To (Recipient) What it’s about (Content)
Taxonomy mapped to Exchange Features
Where From (Connection Filtering)
Global Allow and Deny lists– Configure individual IP or ranges by subnet mask– Allow overrides Deny by design
Support for subscribing to 3rd party “real-time block list (RBL)” services– Support for multiple RBL providers– Customizable NDR response per configured provider– Override exception email address
Integrated IP features
Who From (Sender Filtering)
Filter messages sent from particular email addresses or domains
Filter messages with blank senders Optionally drop connection Enhanced spoof detection – message submission
method is persisted Don’t resolve anonymous sender by default Blocking own domain will break list services
Who To (Recipient filtering)
Filter messages sent to nonexistent recipients – No NDR – message rejected at protocol– Address book mining
Filter messages sent to particular email recipients (valid or invalid)
Restricted Distribution Lists – Allow only authenticated users to send to a DL– Reduces impact of unsolicited email sent to internal
only DLs
What Its About Classification
VirusesDestructive
Unsolicited product promotions
Health & “pharmaceutical”
Real estate & financial
Scams & chain letters
Pornography
Spam
Amazon.com promotions
Expedia fare tracker
Mail from companies with a pre-existing business relationship
Legitimate
commercial
Subscriptions
Listserv
Non-critical
legitimate mail
Business
Personal
Order confirmations
Critical legitimate mail
Desir
ab
ili
Desir
ab
ili
tyty
* External communication only. All internal communication is assumed to be legitimate
Easily Easily classified classified at Gatewayat Gateway
Gray area, Gray area, best classified best classified by end userby end user
Easily Easily classified classified at Gatewayat Gateway
Microsoft Exchange Intelligent Message Filter Server-side message content filtering plug-in
– Extension to Exchange2003 Server, deployed on Internet Bridgeheads
Based on Microsoft SmartScreen™ technology from Microsoft Research
SmartScreen tracks over 500,000 e-mail characteristics based on data from hundreds of thousands of MSN® Hotmail® volunteer subscribers
IMF determines whether each incoming e-mail message is likely to be spam
Microsoft Exchange Intelligent Message Filter Heuristics-based analysis of messages
– Determines whether unsolicited commerciale-mail, spam, or legitimate e-mail.
Capable of adapting over time– Constantly improves ability to catch unwanted messages
and prevent false positives.
Support for per message spam confidence level (SCL) ratings and message tagging.
Outlook 2003 uses SmartScreen & SCL to enhance client-side Spam filters
Microsoft Exchange Intelligent Message Filter
Supports per Message tagging
Administration via Exchange System Manager Console extension
Filter Updates Coexistence with 3rd party
solutions– Compliments not compete
http://www.microsoft.com/exchange/imf
Outlook2003 and OWA2003 Enhancements
User specified Safe & Blocked Senders lists– Safe Senders, Safe Recipients, Blocked Senders– Can optionally include Contacts and GAL– Supports Safe Senders Only mode
User Lists shared by Outlook 2003 and Exchange 2003 OWA, stored on the server
Move to junk folder determined by:– Exchange 2003 Mailbox Store based on user lists – Per message SCL– Client Side based on Microsoft SmartScreen Technology
Block all external content by default (Web beacons)
Putting It All Together 2004
Internet
ISA Server or Firewall
Exchange OrgForest B
Exchange OrgForest A
SMTPConnector
Exchange 2003 Anti-Spam Server
Exchange Servers Exchange Servers
Exchange IMF
Smart Host Server
Summary
There is no “silver bullet” in the war against spam. Microsoft is committed to fighting spam through
on-going investments in anti-spam features & technologies.
Through integration of our own products and ISV partner products, we aim to reduce spam by providing complete end to end solutions.
© 2004 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.