1、,第一篇 区块篇,Integrated phone and PDA Primarily data viewing Interoperability with Outlook and Exchange .NET Compact Framework ASP.NET mobile controls,Mobile Device Solutions,Complex document authoring, editing and reading Keyboard centric at the desk Keyboard and mouse input methods Full .NET framework
2、 available Centrino Solutions,Windows Mobile,Windows XP,Complex document authoring, editing and active reading Note taking and ink annotating Keyboard centric at the desk, pen and keyboard away from the desk Keyboard, mouse plus pen, ink, and speech input methods Full .NET framework preinstalled Pen
3、, ink, handwriting and speech recognition APIs Centrino Solutions,View and some data entry Integrated PDA with phone Interoperability with Office, Exchange and SQL Server .NET Compact Framework ASP.NET mobile controls Intel Xscale Solutions,Windows CE,One-way network Information consumption,Smart Pe
4、rsonal Objects,Smartphone,Pocket PC and Pocket PC Phone,Notebook PC,Tablet PC,Network Defense,Health checkup IT checks “health” of client Network Access Control Clients who pass get network access Clients who do not pass are fixed or blocked (aka “quarantined”) Health maintenance Quarantined clients
5、 can be given access to resources to get healthy,From Home (VPN, Dial up),Returning Laptops,Consultants Guests,Unhealthy Desktops,Microsoft Business Solutions ERP Positioning,Guiding Principles,Productive,Integrated,Extensible,Capable,Short learning curve Minimal administrative overhead,Tools integr
6、ated tightly Automates common tasks,Customizable for your process Integrates with 3rd party tools,Remotely accessible Robust, secure, scalable,Staging Architecture,Data entry,Test,Application Center,Commerce Web,Commerce,Commerce Data,Commerce Web,Commerce,Commerce Data,Application,Center,Applicatio
7、n,Center,Data,ACS Cluster,ACS Cluster,Cluster controller,Cluster controller,Data,Live Communications Client Roadmap,LC 1.2 Client Platform Multiparty IM P2P Voice and Video MPOP Groups Roaming SIP support GPO policy management,LC 1.5 Client Platform Roll up of QFEs MPOP Additions Federation/Archivin
8、g Notification HA Additions,LC 2.0 Client Platform Next generation of RTC experiencesMore coming!,2003,2H04,Longhorn,Enterprise Deployment Update,Internet,Firewall,Firewall,Firewall,Runtime Servers,Corporate LAN Internal Servers,Crawl/Search,Load Balanced Web,Infrastructure Servers,Development Serve
9、rs,Test Servers,Business Data Servers,Business Users,Database and Staging Servers,Staging Servers,Database Servers,Offline Servers,Indicates Staged Data Flow,Communicate and collaborate in a more secure manner without sacrificing information worker productivity,Windows XP SP2 Block virus or maliciou
10、s code at the “point of entry”,At Risk,The Soft Underbelly,Security Issues Today,1 Source: Forrester Research 2 Source: Information Week, 26 November 2001 3 Source: Netcraft summary 4 Source: CERT, 2003 5 Source: CSI/FBI Computer Crime and Security Survey 6 Source: Computer Security Institute (CSI)
11、Computer Crime and Security Survey 2002 7 Source: CERT, 2002 8 Source: Gartner Group,14B devices on the Internet by 20101 35M remote users by 20052 65% increase in dynamic Web sites3 From 2000 to 2002 reported incidents rose from 21, 756 to 82,0944 Nearly 80 percent of 445 respondents surveyed said
12、the Internet has become a frequent point of attack, up from 57 percent just four years ago5,90% detected security breaches6 85% detected computer viruses6 95% of all breaches avoidable with an alternative configuration7 Approximately 70 percent of all Web attacks occur at the application layer8,Appl
13、ication Layer Attacks,Identity Theft Web Site Defacement Unauthorized Access Modification of Data, Logs and Records Theft of Proprietary Information Service Disruption,Implications,Compliance: Sarbanes Oxley Gramm Leach Blilely US Patriot Act HIPAA The Privacy Act (CA) Basel 2 (EU) Data Protection A
14、ct (EU) LitigationFile SharingPiracyHR IssuesShareholder Suits,Customer Impact,Types Of SRP Rules,Path Rule Compares path of file being run to an allowed path list Use when you have a folder with many files for the same application Essential in when SRPs are strict,Hash Rule Compares the MD5 or SHA1
15、 hash of a file to the one attempted to be run Use when you want to allow/prohibit a certain version of a file from being run,Certificate RuleChecks for digital signature on application (i.e. Authenticode) Use when you want to restrict both win32 applications and ActiveX content,Internet Zone Rule C
16、ontrols how Internet Zones can be accessed Use when in high security environments to control access to web applications,SQL Server 2005 Themes,Supportability & Quality,Enterprise Enhancements,Unified & Flexible Administration,Patch Solutions,Prevention, Readiness, Recovery Ease of use,Patch Installs
17、 Patch in integrated step,Integrated Database Services and Business Intelligence Flexible install management,Add value to one-step Failover Clustering Expanded scripting support,Traditional Firewalls,Wide open to advanced attacks,Performance versus security tradeoff,Limited capacity for growth,Hard
18、to manage,Code Red, Nimda SSL-based attacks,Security is complex IT is already overloaded,Bandwidth too expensive Too many moving parts,Not easily upgradeable Dont scale with business,Choosing the Right Type of Assessment,Vulnerability ScanningFocuses on known weaknessesOf the three, requires the lea
19、st expertiseGenerally easy to automate,Penetration Testing Focuses on known and unknown weaknesses Requires advanced technical expertise Carries tremendous legal burden in certain countries/organizations,IT Security AuditsFocuses on security policies and proceduresOf the three, requires the most exp
20、ertiseWhen done right is the most effective type of assessment,Perimeter Security Evolution,Wide open to advanced attacks,Application-level protection,Performance versus security tradeoff,Security and performance,Limited capacity for growth,Extensibility and scalability,Hard to manage,Easier to use,
21、The advanced application layer firewall, VPN and Web cache solution that enables customers to maximize IT investments by improving network security and performance,Advanced protection Application layer security designed to protect Microsoft applications,Fast, secure access Empowers you to connect us
22、ers to relevant information on your network in a cost efficient manner,Ease of use Efficiently deploy, manage, and enable new usage scenarios,Introducing: ISA Server 2004,Fast, secure access Empowers you to connect users to relevant info. on your network,ISA Server 2004 New Features Continued commit
23、ment to integration,Enhanced architecture,High speed data transportUtilizes latest Windows and PC hardware SSL bridging unloads downstream servers,Web cache,Updated policy rulesServe content locallyPre-fetch content during low activity periods,Internet access control,User- and group-based Web usage
24、policyExtensible by third parties,Comprehensive authentication,New support for RADIUS and RSA SecurIDUser- & group-based access policyThird party extensibility,System Service Accounts,Local Service and Network Service No password to manage Runs with only slightly more permissions than Authenticated
25、UserLocal Service cannot authenticate across the network, Network Service authenticates as the computer account,Local SystemNo password to manageBypasses security checks User Accounts Run with less privilege than Local System Stores password as an LSA secret Can be complex to configure,Whats New Wit
26、h IPSec?,ManagementIP Security Monitor Command-line management with NetshLogical addresses for local IP configuration,SecurityStronger cryptographic master key (Diffie-Hellman) Computer startup securityPersistent policy for enhanced securityAbility to exclude the name of the CA from certificate requ
27、ests Better default exemption handling,InteroperabilityIPSec functionality over network address translation (NAT)Improved IPSec integration with Network Load Balancing,ISA Server 2004 New Features New management tools and user interface,Multi-network architecture,Unlimited network definitions and ty
28、pes Firewall policy applied to all traffic Per network routing relationships,Network templates and wizards,Wizard automates nwk routing relationships Supports 5 common network topologies Easily customized for sophisticated scenarios,Visual policy editor,Unified firewall/VPN policy w/one rule-base Dr
29、ag/drop editing w/scenario-driven wizards XML-based configuration import-export,Enhanced trouble-shooting,All new monitoring dashboard Real-time log viewer Content sensitive task panes,Ease of Use Efficiently deploy, manage, and enable new usage scenarios,How To Use Windows Update,To configure Autom
30、atic Updates:,Select Keep my computer up to date,Open the System application in Control Panel,1,On the Automatic Updates tab, select the option you want,3,2,Office Update,BenefitsLimitation,Single location for office patches and updates Easy to use Can be configured to update consumer or enterprise
31、systems,Does not support Automatic Updates; updating must be initiated manually,Office Update Web site: http:/ To Use Office Update,Go to http:/ Check for Updates,2,Install the Office Update Installation Engine (if not already installed),3,Select the updates you want to install,4,Click Start Install
32、ation,5,How To Use SUS,On the SUS server,Configure the SUS server at http:/SUSAdmin,On each SUS client,Configure Automatic Updates on the client to use the SUS server Use Group Policy, manually configure each client, or use scripts,Set the SUS server synchronization schedule,Review, test, and approv
33、e updates,1,2,3,How To Use MBSA,Download and install MBSA (once only),1,Launch MBSA,2,Select the computer(s) to scan,3,Select relevant options,4,Click Start scan,5,View the Security Report,6,Software Update Service Deployment Best Practices (1),Software Update Service Deployment Best Practices (2),H
34、ow To Use SMS To Deploy Patches,SMS MBSA Integration,MBSA integration included with SMS 2003 and the SUS Feature Pack for SMS 2.0 Scans SMS clients for missing security updates using mbsacli.exe /hf,MBSA Benefits,Scans systems for Missing security patches Potential configuration issues Works with a
35、broad range of Microsoft software Allows an administrator to centrally scan multiple computers simultaneouslyMBSA is a free tool, and can be downloaded from http:/ Considerations,MBSA reports important vulnerabilities,Password weaknesses Guest account not disabled Auditing not configured Unnecessary
36、 services installed IIS vulnerabilities IE zone settings Automatic Updates configuration Internet Connection Firewall configuration,MBSA Scan Options,MBSA has three scan optionsMBSA graphical user interface (GUI) MBSA standard command-line interface (mbsacli.exe) HFNetChk scan (mbsacli.exe /hf),Busi
37、ness Case For Patch Management,When determining the potential financial impact of poor patch management, consider,Downtime Remediation time Questionable data integrity Lost credibility Negative public relations Legal defenses Stolen intellectual property,“We commend Microsoft for providing enhanced
38、security guidance to its customers as well as for soliciting user input as part of the process of producing that guidance“Clint Kreitner President/CEO,“NIST reviewed and provided technical comments & advice, that was incorporated in this guidance”Timothy Grance Manager Systems and Network Security G
39、roup,Comments,You Need To,ISA Delivers,Relational Reporting Multiple fact tables Full richness the dimensions attributes Transaction level access Star, snowflake, 3NF Complex relationships: Multi-grains, many-to-many, role playing, indirect Recursive self joins Slowly changing dimensions,The Unified
40、 Dimensional Model The Best Of Relational And OLAP,OLAP Cubes Multidimensional navigation Hierarchical presentation Friendly entity names Powerful MDX calculations Central KPI framework “Actions” Language translations Multiple perspectives Partitions Aggregations Distributed sources,Visual Studio Te
41、am System,Change Management,Work Item Tracking,Reporting,Project Site,Visual Studio Team Foundation,Integration Services,Project Management,Process and Architecture Guidance,Visual Studio Industry Partners,Dynamic Code Analyzer,Visual Studio Team Architect,Static Code Analyzer,Code Profiler,Unit Tes
42、ting,Code Coverage,Visio and UML Modeling,Team Foundation Client,VS Pro,Class Modeling,Load Testing,Manual Testing,Test Case Management,Application Modeling,Logical Infra. Modeling,Deployment Modeling,Visual Studio Team Developer,Visual Studio Team Test,Application Modeling,Logical Infra. Modeling,D
43、eployment Modeling,Class Modeling,SQL Server Catalog,Report Server,XML Web Service Interface,Report Processing,Delivery,Delivery Targets (E-mail, SharePoint, Custom),Rendering,Output Formats (HTML, Excel, PDF, Custom),Data Processing,Data Sources (SQL, OLE DB, XML/A, ODBC, Oracle, Custom),Security,S
44、ecurity Services (NT, Passport, Custom),Office,Custom Application,Browser,SQL Server 2000 Reporting Services Architecture,Internet,RAS Client,RRAS Server,IAS Server,Quarantine,RQC.exe and RQS.exe are in the Windows Server 2003 Resource Kit,Quarantine Architecture,What is VS Team Foundation?,Source C
45、ode Control,Work Item Tracking,Build Automation,Project Site,Reporting,Microsoft BI Product Suite,Analysis Services OLAP & Data Mining,Data Transformation Services,SQL Server Relational Engine,Reporting Services,Management Tools,Dev Tools Visual Studio .Net,Excel OWC Visio Map Point Data Analyzer,Sh
46、arePoint Portal Server Project Server,Windows Server,MBS BI Applications,Current Architecture,TCP/IP,RTC Client API,User App,Server Architecture,Winsock,Storage,AD,Server,Application Interaction,Application 1 CRM,Application 2 Billing,Application 3 Logging,Request,Modified Request,TITLE,Available,To
47、day,Microsoft Windows Security Resource Kit,Assessing Network Security,June 23, 2004,EAP architecture,TLS,GSS_API Kerberos,PEAP,IKE,MD5,EAP,PPP,802.3,802.5,802.11,Anything,method layer,EAP layer,media layer,MS-CHAPv2,TLS,SecurID,Partner Solutions Offerings,VALUE Proposition: Get more business value
48、from your investment in Office,Finance Sarbanes-Oxley Business Scorecard Excel Add-in for SQL Server Analysis Services,Operations Six Sigma,HR Recruiting,Sales Proposals,Solution Accelerators,Microsoft Products,Office Solution Accelerators,VALUE Proposition: Get more business value from your investm
49、ent in Office,Your People,EPM Involves.,Your Business Processes,Your Organization,Your Software Technology & Tools,An orchestration of your people, processes, organization with technology,Your Business Processes,Governance,Prioritization,Budgeting,Human Resources, etc ,Initiatives,Implement Microsoft Office Project 2003 for the Enterprise,Decisions,- Corporate Goals and Objectives,Executives,Your Organization,
