Recomendados
Recomendados
Mais conteúdo relacionado
Mais procurados
Mais procurados (20)
Destaque
Destaque (8)
Semelhante a Office 2010'da Güvenlik
Semelhante a Office 2010'da Güvenlik (20)
Mais de Eren Caner
Mais de Eren Caner (13)
Office 2010'da Güvenlik
- 1. Kapsamlı Teknik HazırlıkMicrosoft Office 2010 Güvenliği <Name> <Event Date>
- 2. Oturuma Genel Bakış Office İstemci Güvenliğine Genel Bakış Office 2010 savunmasını ayrıntılı olarak sunma Office 2010’un Proaktif Güvenliği Geliştirilmiş Kullanıcı Güvenliği Deneyimi
- 3. Tarihsel Veri Office Güvenlik Bülten Trendi (çeyreklere göre) 30 25 20 15 10 5 0 1 2 3 4 1 2 3 4 1 2 3 4 1 2 3 4 1 2 Yeni Daha İyi Office 2007'yi Ocak 2007'den berietkileyenzayıflık % si 2004 2005 2006 2007 2008 >10x! 28% Zayıf 2x! 72% Zayıf Değil
- 4. Tehdit Alanı Uygulamalar OS Kütüphaneleri OS Transport Ağ Saldırıya Açıklık Sayısı Diagram SANS’tan alınmıştır – En Büyük Siber Güvenlik Riskleri
- 8. Güvenlik Geliştirime Yaşam Dönügüsü
- 10. Katmanlı savuma
- 12. Veri Koruma
- 13. Kurumsal Yönetim
- 15. Katmanlı Savunma Saldırı Yüzeyini Sertleştir Saldırı Alanını Daralt Kullanıcı Deneyimini Geliştir Açıkları Azalt
- 16. Saldırı Yüzeyini Sertleştir Güvenlik Mühendisliği Güvenlik Geliştirme Yaşam Döngüsü Yoğun Karmaşa İşlemleri Tehditten Korunma DEP/NX için Destek WIQ Image Parser avantajını kullanma Robust & Agile Kriptografi Saldırı Yüzeyini Sertleştir
- 17. Dosya Engelleme Kullanılmayan ya da eski dosya formatlarını engeller Kolay ilke zorlamaları Görünüm salt-okunur erişime izin verir Engelleme ve izin verme korumalı görünüm ile birbirlerine bağlıdır Saldırı Alanını Daralt Saldırı Alanını Daralt
- 18. Saldırı Alanını Daralt Office Dosya Doğrulaması İkili değer dosyaları Açılınca otomatik çalışır Dosya ‘doğruluğunu’ denetler Bilinmeyen açıklara karşı korumaya yardım eder. Kural değişimlerinde daha hızlı güncelleme sağlar Saldırı Alanını Daralt
- 19. Korumalı Görüntüleyici ‘Kum havuzu’ Word, Excel, PPT dosyaları ‘kum havuzunda’ çalışabilir Zararlı dokümanların , kullanıcı verileri ve işletim sistemine zarar vermesinin önüne geçer Kullanıcıların daha iyi güven kararları vermelerine yardım eder Açıkları Azalt
- 20. Korumalı Görüntüleyici Dosya Doğrulamasından Geçemeyen Dosyalar Dosya Engelleme ilkesine Uymayan Dosyalar Açıkları Azalt Office Korumalı Görüntüleyici Internetten indirilern Dosyalar Güvenilmeyen klasörlerdeki Dosyalar Tüm Outlook Eklentileri
- 21. Kullanıcı Deneyimini Geliştir Güven kararları vermek için daha iyi bilgi sağlar Güvenlik ve üretkenlik arasında seçim yapmaktan kaçınır Kullanıcıların güvenlikle ilgili seçeneklerini hatırlayıp, soruları tekrarlamaz Azaltılmış İletilere sahip Kullanıcı Deneyimini Geliştir
- 22. Kullanıcı Deneyimini Geliştir ‘Benim Şeylerim’... Gelen Kumhavuzunun içinde her sınıftan kötü amaçlı yazılımdan koruma Kullanıcı «etkinleştir» i tıklar Doküman tam etkinleştirilmiş halde açılır. Email eklentisi aç Dosya Doğrulama Kumhavuzu Görüntüleyici Dokümanı kaydet Dokümanı tekrar aç Güvenlik kararları verilmeden dokümana gözatPekçok senaryo burada sonlanır – okumak yeterli Güvenlik kararları ‘yapışkan’
- 24. Dokümanları Koruma Şifreleme Kurumsal Yönetim Veri Koruma Dijital İmza
- 25. Veri Koruma Veri Hakları Yönetimi Kullanıcılar İzinleri Kontrol Edebilir Hassas veride kısıtlamalar Kopyalama Engelleme İki kurumsal Yapı Arasında İş birliği Kurma İçeriğe Erişimi Engelleyebilir. Veri Koruma
- 26. Yerleşik CNG desteği sayesinde Tam Şifreleme becerisi Kuruluşlara has beceri sağlar Devlet kuruluşlarında etkili Bütünlük denetleyicileri Şifrelenmiş mesajları doğrular Etki alanında şifre karmaşıklığını zorlar GPO ile etkinleştirilir. Şifreleme Şifreleme
- 27. Zaman Damgası RFC 3161 Sertifika geçerliliğini kaybettikten sonra doküman geçerli XAdES Uluslararası Standart Zaman Damgası için Standart Dijital İmza Dijital İmza
- 28. İlkeleri tanımla ve Office’i kullanarak onları zorla Office 2003 – 300 GPO Office 2010 – 400+ GPO Grup ilkesi yönetiminde daha fazla kontrol Kurumsal Yönetim Kurumsal Yönetim
- 29. E-posta Eklerini Güvenlice Açma Demo
- 30. Demo
- 31. Demo Office 2010
- 32. Office 2010 Demo
- 33. Office 2010 Demo
- 34. Demo: Daha İyi Güven Kararları Verme
- 35. Office 2010 Demo
- 36. Office 2010 Demo
- 37. Yapışkan Güven Kararları Demo
- 38. Demo Office 2010
- 39. Office 2010 Demo
- 40. Demo
- 41. Office 2010 Demo
- 42. Office 2010 Demo
- 43. Office 2010 Demo
- 44. Özet Tehdit alanı değişiyor ! Office 2010 yeni güvenlik yatırımlarına sahip Güvenlik Mühendisliği daha iyi tehdit modellemesi yaparak , uygulama geliştirme ve testleri ile güvenli yazılım sunar. Koruma Teknolojisi katmanlı savunma ile saldırılara daha iyi direnç gösterir Çekirdek Güvenliği beraber çalışma senaryolarıyla birlikte daha iyi şifreleme seviyeleri ve veri koruması sunar
- 45. © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Notas do Editor
- See session script for talking points for this presentation
- Let’s start by giving you an idea of what the OffliceClient Security landscaping is. From a security prospective we will be discussing what Microsofts focuses were on for Office 2010. Why we are focussing on these?We will show you the present Office 2010 defense in depth story. Where Office 2007 had a pretty good depth in their defense, 2010 has significantly more depth.Office 2010 also has a great story around proactive security which we will be discussing in more detail in this session.There are also improved changes in the security user experience. A lot of users aren’t interested in the dialog boxes that open asking if you trust a document and do you want to open it. They will usually just click Yes so they can view the document. This has now changed and we will discuss how it’s changed in this session.
- Let’s set the stage by looking at the Office Security Bulletin, which looks back to when Office 2003 was shipped. You can see the trend line was looking good up until around 2 years later where there was a significant rise. This is when the fundamental landscape of security changed and attacks in the industry and world as a whole changed. Microsoft had improved operational security and defending servers, but by making the server infrastructure better the attackers decided to look elsewhere. They moved onto the client space.So in Office 2007 Microsoft made some changes. They had done a lot of work on the engineering fundamentals – raising bugs, fixing bugs, raising the security level bar as a whole. This included educating the testers and having people work on finding bugs and then raising it with Microsoft to fix. They also changed the file format. This made huge improvements and as you can see in this pie graph that 72% of the vulnerabilities did not effect Office 2007. Although this is great, there is still the 28% that needs to be worked on.One of the security engineering areas that have been worked on is the fuzzing iterations which we will talk in more detail about later in this presentation. You can see in this graph that it was introduced in Office 2007 and has increased significantly in Office 2010.
- This figure is an interpretation from the SANS Top Cyber Security Risks article shows the number of vulnerabilities in Network, OS and Applications. You can see that the number of vulnerabilities discovered in Applications is far greater than the number of vulnerabilities discovered in operating systems.On the rise are quiet attacks on desktop programs, which means that application desktops are under threat. An example; there are a number of email attacks are targeted at commonly used programs such as Adobe PDF Reader, QuickTime, Adobe Flash and Microsoft Office.Microsoft have taken these attacks seriously and have made a great investment on minimising these attacks in the Office 2010.
- Outlines what we will be discussing over the next slides.Security engineering is the overarching process for designing and developing secure software for Microsoft. On the next slide we will be discussing the following topics: Threat modelling, validation tools, secure code practices, security development lifecycle, intensive distributing fuzzing.In Office 2007 there were changes in the security engineering push which has helped move 2010 in the right direction for security. In Office 2010 Microsoft have developed a tier approach to security that we call the layered defense. This layered defense improves attack resilience and integrity protection.Microsoft have made improvements on protecting your documents in Office 2010 in their core security. These include encryption, data protection, enterprise management, and collaboration between two enterprises.
- The security development lifecycle is the overarching process for designing and developing secure software for Microsoft.The threat modelling process is a compliance measure for the SDL. It is a feature design phase that includes data flow diagrams and a set up of feature crews. Members of the crew are developers, testers, program manager for the feature and the product group. Together they think about the security threats and how to attack them. The durability of the design is then tested.The validation tools are also a compliance measure for the SDL. There are a number of security validation tools that are run for automated security testing. One of the tools is the Office automated code review tool (OACR).Secure coding practices meets the SDL through training, code reviews and follows best practices for coding. Fuzzing – In Office 2010 MS created blocks of file fuzzing. For example they take a template and make changes to the file then try to open it in word to see how it handles it. MS have created tens of millions of these iterations. Attackers use fuzzing against us to find bugs that they can exploit. The reason we use fuzzing is that we want to do what the attackers do to try find what they would find before they do and fix them.Microsoft have a distributed system built to get higher fuzz runs and more iterations.
- In Office 2007 there were changes in the security engineering push which has helped move 2010 in the right direction for security. In Office 2010 Microsoft have developed a tier approach to security that we call the layered defense. The aim for 2010 is to reduce the number of points to defend which helps to harden the attack surface.Office 2010 works with existing file block functionality and also a new file validation tool to reduce the attack surface.The impact on systems are minimised as 2010 introduces the ‘Protected viewer’ which allows files to be opened without causing harm to the system.The security changes should not impact the user’s experience in a negative way. Users will not have to think about whether to open the file as it may not be safe because it will open from within protected viewer automatically.
- Hardening the attack includes security engineering which we have spoken about earlier.Microsoft have also worked on additional areas to protect workstations from threat. They take advantage of what the operating system provides for protection by integrating Office 2010 with it.Support for DEP/NX – Malicious executable codes will be prevented from executing. In order for malware to be able to run, it would need to find a way around DEP, ASLR and GS and then find a way to break out of the protected view.Leverage WIQ Parsers – Built from more recent code rather than legacy codeRobust & Agile Cryptography – Supports different algorithms loaded on OS; password protection complexity
- In previous versions of office there’s a file block feature. In Office 2010 the file block now has improvements to the Trust Centre and also has improved the user experience on blocked file feedback through the UI. Files that are blocked are opened within the ‘sandbox’ by default.Administrators have more control and options for the security settings via group policy. They can define which file types to block and have open in the protected viewer.Scenario – there has been an alert on file type .doc circulating in email attachments that are causing harm. File block is used to block all .doc files until the issue has been addressed. While .doc files can still be opened, they are opened within the protected view with read-only access.Scenario - An IT administrator at a hospital needs to retain access to Word 2.0 documents, but doesn’t need to edit or create such documents. He’d like to eliminate the risk of a vulnerability in that old format enabling an attack. Using the new File Block controls, he can tell all Word clients to display all Word 2.0 files in the protected mode viewer, and disallow the creation or editing. He gets the best of both worlds.
- This new feature of Office 2010 scans an Office file when it is opened and validates it against well-known schema for its ‘correctness’. If the validation fails, it will open in protected viewer as read-only. File validation focuses on binary file formats that are pre Office 2007 XML format. This is because a lot of the attacks have been targeted at this type of file format.Office file validation will validate a document in binary file format against a valid documented schema file format.Any exploits will need to meet the valid documented schema format before it will get validated.To make sure the schemas are updated quicker they are updated through Windows definition updates. Because updates are sent through definition updates and are small it allows a faster process that bypasses testing and gets to the desktops quicker for protection.Show demo of a file that fails validation. Show how quickly the file opens and that the file validation is run automatically.
- The protected viewer is an new security defense for Office 2010. It’s an improvement on the MOICE feature that was developed for Office 2007. MOICE was used to convert potentially risky binary file types to XML format to try remove any exploit code that was hidden away within the file. The downside to MOICE was that some files took a long time to convert and users would get frustrated at the amount of time it took to open the files.Protected view opens your files in a ‘sandbox’ giving you a read-only view. The goal is to stop malicious code from tampering with your document, profile or other user settings. It doesn’t convert your file to a safer format but allows you to view the file within an environment that will not allow malicious code access to your system. You can then determine whether it is safe to allow it to be edited. Word, Excel, and PPT files can run within the ‘sandbox’ when opened. In Outlook, any attachments opened from the within the preview option will open in the ‘sandbox’.Users can make better trust decisions because they can view the attachments or documents before deciding whether they trust them or not.Scenario – An email that has come through has an attachment that you are unsure of. You can now open this email without worrying about malware attacking your system as it is automatically opened in the sandbox.Scenario - A secretary receives an invoice in email threatening legal action if the invoice is not paid. She opens the supposed invoice to see what it is. Unfortunately for the attacker, Office File Validation detects that the file has been tampered with, opens the file inside Protected Mode and warns the user that the file likely contains malicious content.
- This diagram shows the files that are opened in protected viewer.Files that failed file validation – When a file is opened and there are inconsistencies between the file and the well-known schema, it will open in protected view. Policies can be defined for whether or not editing will be allowed when the failure occurs.Files that do not comply with File Block Policy – Blocked files can be viewed in Protected View. This allows users to view the files but not edit them.Files from the Internet Zone – When a file is downloaded from the internet it will open in Protected View.All Outlook attachments – Attachments from Outlook will be opened by Protected Viewer, whether you are viewing it from the Outlook preview or opening the actual file. Administrators can configure if they want all attachments to open in Protected View or just those sent from senders outside their Exchange environment
- Users now can make better trust decisions as they are able to open the file within protected viewer view the contents of the document first.Untrusted files are opened within protected viewer automatically. If you want to remove it from protected view, you just click the button to enable editing.Once you have saved a file and opened and enabled for editing, Office will remember your selection and will not open that particular file in protected view again.
- Animation to show the steps when opening up an email attachment.
- You will no longer see the Outlook preview pane prompt or the open mail attachment prompt. Files are automatically opened in protected view so you can view the file first before deciding whether to trust it or not.
- Microsoft have made improvements on protecting your documents in Office 2010. There are new ways of protecting your data between organisations with information rights management.There have been improvements on encryption with enforceable domain password policies and full crypto agility support. Office 2010 introduces timestamping for digital signatures and gives administrators support for enforcing defined enterprise policies.
- Information rights management allows individuals and administrators to specify access permissions to their word documents, spreadsheets and powerpoint presentations. This restricts how their sensitive information can be accessed and used. You can prevent unauthorized users gaining access to your documents and stop authorized users from copying the content. With Office 2010 you can share your documents between two organisations and lock down the content with information rights management. You can create a virtual organisation between the two organisations that will allow you to include users from the other organisation into your rights management control.Scenario – One of the regional managers of Contoso has created a confidential document that he wants to share with only the other regional managers of Contoso. He wants to make sure that if someone gets access to this document, they will not be able to open it. He also wants to protect the integrity of the document. He can grant the regional managers access to this particular document and give them only the ability to read the document.
- Office 2010 supports full crypto agility via native CNG support. Customers can develop their own encryption algorithms within the operating system. This allows organisations to be agile. Office 2010 will give provide full crypto agility support for these custom developed encryption algorithms. This feature would be very effective in a Government organisation.Office 2010 provides integrity checks by validating encrypted cypher texts or messages before it decrypts it to make sure it hasn’t been damaged during transit. If you are part of a domain you can enable Office to use the password complexity rules of the domain when password protecting files. This is enabled through group policy.Scenario - An enterprise doing business with the US government needs to ensure they are complying with the suite-B algorithm set when password protecting documents. They configure their windows computers to use these algorithms and Office documents use these settings. Any other computer running Office can also open these documents. A few years from now, the NSA publishes the ‘Suite-C’ standard, changing the set of algorithms required. The IT admin updates the settings in his organization, and new documents are now Suite-C compliant. Plus, all the old documents can be read as well.
- The most significant change with digital signatures in Office 2010 is Timestamping. With previous office documents that were digitally signed, there would be an expiry date on the source of the digital signature. So if you had signed a document two years ago and your certificate expired a year ago, the document would become invalid.In Office 2010 there is a date stamped on the signature. Timestamping makes an expectation that when you sign a document it is valid at time. If your certificate expires after, it still shows that that particular document that was signed earlier is valid.XAdES is the standard for which the timestamps are stored within the document. As XAdES is an international standard, Office 2010 is working to conform to it as it is of importance to government departments.Scenario - An enterprise builds a document review and approval workflow using SharePoint’s workflow capabilities. When documents are signed, a time server is contacted automatically to validate that the document was signed at the time claimed, and that the signature was valid at that time. Years later, the signature will still be valid, even though the original signer’s certificate has expired. Scenario - Office XML documents are signed in the industry standard XADES-T format. Any tools looking to do, for example, bulk signature validation, can easily interoperate with any Office Open XML document.
- Office 2007 had a security guide which defined around 300 policies. In 2010, Microsoft have added another 100 or so policies. Office 2010 provides administrators more control options within the policy management than the UI. Administrators will define the policies and use Office to enforce them.
- Open Outlook Open the email from Cassie.
- Click on the PowerPoint attachment to view it from within the preview pane. Anything opened within the preview pane is opened within the protected viewer.
- Double click on the document to open it and show how it is opened within the protected viewer.
- Click on File on the top left to show that it is in Protected View.
- Andy receives an email that states that he has not paid his invoice and that there will be legal action taken if the invoice is not paid. Now he suspects this is just a spam email but really wants to open the email incase it’s legitimate and someone does try to sue him.Again with Office 2010 he can preview the email from within the outlook preview pane or open it up and it will open within the ‘sandbox’ so he can determine whether the email is fake or not.
- Open the email ‘Invoice for Plumbing work’.
- Double click on the document to open it up in protected view. Verify that the document is fake (it isn’t an invoice at all but a document with potentially harmful macros). Close the document and delete the email.
- Open the email with the subject ‘Work in progress’.
- Save the document attached ‘This has a macro in it’ to the desktop.
- Open the document from the desktop.
- Click ’Enable Editing’ to remove the document from the protected view.
- Click ’Enable Content’ to enable the macros.Close the document. The document doesn’t need to be saved as the trust decisions are saved on the profile.
- Open the document again from the desktop. The document should automatically enable the macros as it has saved the trust decision.
- Outlines what we will be discussing over the next slides.Security engineering is the overarching process for designing and developing secure software for Microsoft. On the next slide we will be discussing the following topics: Threat modelling, validation tools, secure code practices, security development lifecycle, intensive distributing fuzzing.In Office 2007 there were changes in the security engineering push which has helped move 2010 in the right direction for security. In Office 2010 Microsoft have developed a tier approach to security that we call the layered defense. This layered defense improves attack resilience and integrity protection.Microsoft have made improvements on protecting your documents in Office 2010 in their core security. These include encryption, data protection, enterprise management, and collaboration between two enterprises.