Professional Documents
Culture Documents
Solution Overview
Situati Faced with the daunting task of inventorying, cataloging, assessing on
, and securing each LOB application, the Microsoft IT group needed to create an organizational framework for handling the job
Program (ASAP) to inventory, assess and when necessary ensure the resolution of security vulnerabilities found in LOB applications Lower cost of recovery and lost productivity Minimize loss of data Improve customer confidence Decrease legal risks
Cost of recovery and lost productivity Loss of data Impact on consumer confidence Legal risks
Security Principles
Managing Risk
Overview Of ASAP
Wide variety of LOB applications designed by Microsoft IT or individual business unit IT teams Securing applications and data has grown in significance and complexity LOB applications function in a complex operational and legal environment with an equally complex underlying infrastructure Every organization should develop its own plan for securing applications
ASAP Deployment
Assessment Criteria
Assessment Criteria
Types of Assessments
Participants
Corpora te Security Applicat ion Review Team Risk Assessment
Audits
Operati ons IT
HOST
APPLICATION
ACCOUNT
TRUST
Architectur e Transport Network device Access control list (ACL) permission settings
Internet Informatio n Services (IIS) Simple Mail Transfer Protocol (SMTP) File Transfer Protocol (FTP) NetBIOS/R emote procedure call (RPC) Terminal
Input validation Clear text protocol Authentica tion Authorizati on Cryptograp hy Auditing and logging
Rogue trusts
Services
Building Secure Networks Intrusion Detections Systems And Network Encryption Detection systems should monitor for
Reconnaissance attacks Exploit attacks Denial of service attacks Network encryption Key tool in preventing sensitive data from being read Sensitive communication should be encrypted Industry-standard encryption methods: Secure Sockets Layer (SSL), secure shell program such as SSH, Internet Protocol Security (IPSec)
Patch management Configuration Permissions Simple Network Management Protocol community strings Antivirus software Server auditing and logging Server backup and restore
Input validation Session management Authentication and authorization Design and code review Application and server error handling Application auditing and logging Application backup and restore Private data encryption
User input validation Cookies, authentication, and access Passwords Access control lists COM+ application configuration Auditing and logging
Threat Modeling
Provides a consistent methodology for objectively evaluating threats to applications Microsoft IT uses STRIDE to identify threats
Spoofing identity Tampering with data Repudiation Information disclosure Denial of service Elevation of privilege
Architecture Modeling
Connection identification
Lessons Learned
If you wait until an application is already in production to make it secure, you are too late Good security practices take into account both the host and the application client Create clearly written and easily accessible security guideline documentation Create security checklists that include step-by-step instructions Develop a thoroughly considered policy exception tracking process Education is crucial to the success of a security program Processes and reporting are required to ensure that inventory information is maintained Security is an ongoing, always changing, concern
Policies
Applications should comply with application security policies and guidelines Applications should go through a security design review process Third-party application vendors should provide assurances that the software does not contain anything that could be used to compromise security controls Internet-facing applications should use existing methods of authentication Applications that reside on the corporate network should rely on Windows integrated authentication Applications that cannot use Windows integrated authentication should either encrypt or hash the password stores Credentials should never be stored or sent unencrypted User input should be filtered and examined at the Web server Web applications should use strong, nonpredictable session IDs Web applications should use an inactivity timeout Cookies that contain sensitive data should be marked as secure and nonpersistent
Summary
Business relies more and more on information technology to operate Securing access to critical resources ensures that they continue to function as expected Microsoft IT put policies and guidelines in place to help Microsoft development teams secure their existing applications Documenting and sharing the lessons that are learned by organizations are central to maintaining security both within and among businesses
Additional content on Microsoft IT deployments and best practices can be found on http://www.microsoft.com
This document is provided for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. 2003 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. Microsoft, Microsoft Press, Visual Studio, Visual SourceSafe, Windows and Windows NT are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.