Security Priority List - Feedback Request

Networking/Security Forums -> News // Columns // Articles

Author: secguide PostPosted: Tue Dec 27, 2005 9:53 pm    Post subject: Security Priority List - Feedback Request
    ----
Hi all:

Tony Bailey, Microsoft Security Solutions Product Manager here. I've been trying to validate a list of security priorities based on your input from my posts on security-forums. This is what I have so far - in order of priorities - would really like to hear your thoughts.
Is this accurate? Am I missing anything major? Are there duplicate items in the list that could be combined?

Thanks!

I need a way to block spyware, malware, and malicious sites

I need to be able to monitor the overall level of security of my environment and remediate any machines that are not up to security standards

I need a way to roll back patches quickly and easily, and need more info about possible problems that might be encountered

I need a way to secure email and messaging from viruses and spam

I need to be able to easily provision new users, including account setup, group additions, and mailbox configuration

I need to protect against internal threats, both inadvertent and deliberate, including leakage of confidential company info and employee workarounds

I need to provide my partners with secure access to documents over the internet

I need a way to automatically wall off untrusted or infected computers from the rest of the network

I need to secure my single Exchange Server

I need to be able to provide my users a way to securely reset their own passwords to reduce helpdesk calls

I need an easy way to configure all the components required for a remote access VPN to Windows RRAS server

I need to configure the auditing of my users’ file access and alert me of unusual activity

I need a way to roll out patches quickly and easily

I need to protect the confidentiality of email

I need a way to support smart card logon for remote access VPN connections, and help on what hardware and software is required to make it work

I need Windows Update/Microsoft Update to work for networks that use authenticating Web proxies

Author: ThePsykoLocation: California PostPosted: Wed Dec 28, 2005 6:28 pm    Post subject:
    ----
Hi Tony,

I missed your original post, but personally I would put #3 (rolling back patches) as #1. The ability to easily undo an "update gone wild" would reduce the amount of 'waiting time' before installing an update and allow me to secure my systems faster.

I would also put # 8 and 13 closer to the top. But that's just me Smile

Author: secguide PostPosted: Wed Dec 28, 2005 8:40 pm    Post subject: Security Priority List - Feedback Request
    ----
Hi:

Many thanks for the feedback. I've also received one or two comments about the priority list to rearrange a couple of items.

Do you think the items in the list would change much for a mid-size biz (500 to 5,000 PCs) to a larger org (5,000+ PCs)? Meaning, are there things missing or could be removed when moving up from mid-size to larger?

Thanks again,

Tony.

Author: PhiBerLocation: Your MBR PostPosted: Wed Dec 28, 2005 8:51 pm    Post subject:
    ----
Tony,
Here is how I would rate the priorities and why:

1. I need to be able to monitor the overall level of security of my environment and remediate any machines that are not up to security standards.

(If you cannot see your network as a whole, what good are the other security precautions? I believe remediating machines that are not up to security standards also includes patching, updating virus definitions, etcetra. The network is as secure as its weakest link).

2. I need a way to roll out patches quickly and easily.

(Why are so many machines infected with spyware and viruses? Known vulnerabilities are not patched! If everyone patched regularly, the majority of sites that contained "drive-by-installs" of spyware/trojans would be rendered useless because of a lack of vulnerabilities to exploit).

3. I need a way to secure email and messaging from viruses and spam.

4. I need a way to block spyware, malware, and malicious sites.

(Once again, the spyware/malware/malicious site risk could be mitigated by patching).

5. I need Windows Update/Microsoft Update to work for networks that use authenticating Web proxies.

(This was a problem after rolling out ISA 2004 within our network).

6. I need to be able to provide my users a way to securely reset their own passwords to reduce helpdesk calls.

Author: secguide PostPosted: Thu Dec 29, 2005 1:13 am    Post subject: Security Priority List - Feedback Request
    ----
Hi there:

Thanks - I've updated the list and you can see the current % scores (based on #'s of responses) that determine the priority:

1 I need a way to block spyware, malware, and malicious sites 16%
2 I need to be able to monitor the overall level of security of my environment and remediate any machines that are not up to security standards 13%
3 I need a way to roll out patches quickly and easily 12%
4 I need a way to roll back patches quickly and easily, and need more info about possible problems that might be encountered 10%
5 I need a way to secure email and messaging from viruses and spam 7%
7 I need a way to automatically wall off untrusted or infected computers from the rest of the network 6%
6 I need to be able to easily provision new users, including account setup, group additions, and mailbox configuration 6%
8 I need to protect against internal threats, both inadvertent and deliberate 6%
9 I need to provide my partners with secure access to documents over the internet 4%
11 I need to be able to provide my users a way to securely reset their own passwords to reduce helpdesk calls 4%
10 I need to secure my single Exchange Server 3%
14 I need to protect the confidentiality of email 3%
12 I need an easy way to configure all the components required for a remote access VPN to Windows RRAS server 2%
13 I need to configure the auditing of my users’ file access and alert me of unusual activity 2%
15 I need a way to support smart card logon for remote access VPN connections, and help on what hardware and software is required to make it work 1%
16 I need Windows Update/Microsoft Update to work for networks that use authenticating Web proxies 1%

Author: GiroLocation: England PostPosted: Thu Dec 29, 2005 10:32 am    Post subject:
    ----
Your percentages look wrong to me and you have 7 and 6 back to front.

Author: secguide PostPosted: Thu Dec 29, 2005 5:42 pm    Post subject: Security Priority List - Feedback Request
    ----
Many thanks. The % are based on #'s of responses from >700 IT pros. That said, I want to make sure I collect all input, so how would you order the items in the list?

Thanks again for taking the time.

Tony.

Author: GiroLocation: England PostPosted: Fri Dec 30, 2005 3:15 pm    Post subject:
    ----
I do not use windows so none of that affects me really and the fact im a programmer.

Author: graycatLocation: London, UK PostPosted: Fri Dec 30, 2005 4:33 pm    Post subject:
    ----
Hey, Tony. good effort on setting something like this in motion. always good to see the big MS asking for real life opinions Smile

I think a few of your points should be rolled together into a single solution (or as few as possible) per area, for example no. 3 & 4 should be combined into rolling patches out and back if needed, 10 & 14 - email security etc
ones that stand out to me are #7 - walling off / securing unwanted & infected machines, #13 - monitoring user access and changes, #3&4 - patching and possibly #9 - secure access to documents for partners.

#9 is quite ironic as we've just had to implement a windows 2003 FTP server at our head office and its security implications are still very much under discussion by us admins Smile

Overall though, I think you've got some very good points to address and I look forward to seeing MS's stance on them.

Tim.



Networking/Security Forums -> News // Columns // Articles


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group