välkommen till forefront tour 2008!. forefront partners här idag
DESCRIPTION
Forefront Partners här idagTRANSCRIPT
Välkommentill
Forefront Tour 2008!
Forefront Partners här idag
Gartner gillar IAG2007!•Magic Quadrant for SSL VPN 3Q07
•Magic Quadrant for Endpoint Protection Platforms, 2007 *
•* Magic Quadrant for Endpoint Protection Platforms, 2007. Peter Firstbrook. Publication Date: 21 December 2007 / ID Number: G00153291
Gartner gillar Forefront Client Security
Michael Anderberg, CISSPActing Chief Security AdvisorBlog: http://michaelanderberg.seMicrosoft Sweden
Local Area NetworksFirst PC virusBoot sector virusesCreate notorietyor cause havocSlow propagation16-bit DOS
Internet EraMacro virusesScript virusesCreate notorietyor cause havocFaster propagation32-bit Windows
BroadbandprevalentSpyware, SpamPhishingBotnetsRootkits Financial motivationInternet wide impact32-bit Windows
Hyper jackingPeer to PeerSocial engineeringApplication attacksFinancial motivationTargeted attacks64-bit Windows
IT is astrategic assetUsers look to ITas a valued partner to enable new business initiatives
IT Staff manages an efficient,controlled environmentUsers have the right tools,availability, and access to info
IT Staff trained in best practices such as MOF,ITIL, etc.Users expect basic services from IT
IT staff taxed by operational challengesUsers come up with their ownIT solutions
Self-assessing and continuous improvementEasy, secure access to info from anywhereon Internet
SLAs are linkedto business objectivesClearly defined and enforced images, security, best practices
CentralAdmin and configurationof securityStandard desktop images defined,not adopted by all
IT processes undefinedComplexity dueto localized processesand minimal central control
Self provisioning and quarantine capable systems ensure compliance and high availability
Automate identity and access managementAutomatedsystem management
Multiple directories for authenticationLimited automated software distribution
Patch statusof desktopsis unknownNo unified directory for access mgmt
Basic StandardizedRationalized Dynamic
Impro
ve IT M
aturity
while Gain
ing ROI
$1320/PC Cost
$580/PC Cost
$230/PC Cost < $100/PC Cost
Public Policy
IndustryPartnerships
ConsumerAwareness
LawEnforcement
www.microsoft.com/technet/security
SecurityTools
Educationand Training
SecurityReadiness
www.microsoft.com/itshowcase
void function(char *p) { ... char buff[16]; strcpy(buff,p); ...}
void func(char *b1, size_t c1, char *b2, size_t c2) { const size_t MAX = 48; if (c1 + c2 > MAX) return; char * pBuff = new char[MAX]; memcpy(pBuff,b1,c1); memcpy(pBuff+c1,b2,c2); }
Does the code run by default?
Does that code run with elevated
rights?
Does have a network socket?
Is it written in C/C++?
Is the code in any way related to Privacy?
Is the code openly available for security researchers?
DesignThreat Modeling
Standards, best practices, and tools
Security Push
Final Security Review RTM and Deployment
Signoff
Security Response
Product Inception