Security and Microsoft Carolyn Burke, MA, CISSP Acting Senior Security Product Manager, Microsoft...
-
Upload
loraine-ellis -
Category
Documents
-
view
215 -
download
0
Transcript of Security and Microsoft Carolyn Burke, MA, CISSP Acting Senior Security Product Manager, Microsoft...
Security and MicrosoftSecurity and Microsoft
Carolyn Burke, Carolyn Burke, MA, CISSPMA, CISSP Acting Senior Security Product Manager, Microsoft CanadaActing Senior Security Product Manager, Microsoft Canada
CEO, Integrity IncorporatedCEO, Integrity Incorporated
Welcome!!Welcome!!
Microsoft Trustworthy Computing Framework
Microsoft Trustworthy Computing Framework
SecuritySecurity The customer can expect that systems are The customer can expect that systems are resilient to attack, and that the confidentiality, resilient to attack, and that the confidentiality, integrity, and availability of the system and its integrity, and availability of the system and its data are protected.data are protected.
PrivacyPrivacy The customer is able to control their information and The customer is able to control their information and feel confident it is not only safe and used appropriately, feel confident it is not only safe and used appropriately, but in a way that provides value to them.but in a way that provides value to them.
ReliabilityReliability The customer can depend on the product to fulfill its The customer can depend on the product to fulfill its functions.functions.
Business IntegrityBusiness Integrity The vendor of a product behaves in a responsive and The vendor of a product behaves in a responsive and responsible manner.responsible manner.
GOALS
Microsoft Trustworthy Computing Framework
SecuritySecurity The customer can expect that The customer can expect that systems are resilient to attack, systems are resilient to attack, and that the confidentiality, and that the confidentiality, integrity, and availability of the integrity, and availability of the system and its data are system and its data are protected.protected.C
AI
SecuritySecurity The customer can expect that The customer can expect that systems are resilient to attack, systems are resilient to attack, and that the and that the confidentialityconfidentiality, , integrityintegrity, and , and availabilityavailability of the of the system and its data are system and its data are protected.protected.
Microsoft Trustworthy Computing Framework
Committed to improving our products and services
Security is the utmost priority
Affecting change in developing, releasing, and supporting our products
Four security components• 3D + C
Secure By Design
Secure By Default
Secure In Deployment
Communications
Microsoft Trustworthy Computing Framework
C
DDD
Microsoft Trustworthy Computing Framework
Secure by Design, Secure by Default, Secure in Deployment
Steps have been taken to protect the confidentiality, integrity, and availability of data and systems at every phase of the software development process—from design, to delivery, to maintenance.
Means
Microsoft Trustworthy Computing Framework
Means
• Secure by Design, Secure by Default, Secure in Deployment• Fair Information Principles• Availability• Manageability• Accuracy• Usability• Responsiveness• Transparency
Microsoft Trustworthy Computing FrameworkExecutionExecution
•Company policies, directives, benchmarks, and guidelines
•Contracts and undertakings with customers, including SLAs
•Corporate, industry and regulatory standards
•Government legislation, policies, and regulations
•Risk analysis
•Development practices, including architecture, coding, documentation, and testing
•Training and education
•Terms of business
•Marketing and sales practices
•Operations practices, including deployment, maintenance, sales & support, and risk management
•Enforcement of intents and dispute resolution
•Self-assessment
•Accreditation by third parties
•External audit
Intents
Implementation
Evidence
Microsoft Trustworthy Computing Framework
PolicyPolicy
ProcessingProcessing ComplexityComplexity Hardware, Hardware,
RedundancyRedundancy Machine-to-Machine Machine-to-Machine
ProcessesProcesses
IdentityIdentity
PeoplePeople
ProgrammingProgramming ToolsTools InteroperabilityInteroperability Conceptual modelsConceptual models
Fundamental problems to addressFundamental problems to address
Microsoft Trustworthy Computing Framework
Essential also to our economy and society at largeEssential also to our economy and society at large
Multi-dimensional set of issues Multi-dimensional set of issues
Hard problems that require fundamental research and Hard problems that require fundamental research and advances in engineering will remain.advances in engineering will remain.
Step up to the challenge of tackling these problemsStep up to the challenge of tackling these problems
Microsoft Trustworthy Computing FrameworkYear in review: 2003Year in review: 2003 Windows Server 2003 development team Windows Server 2003 development team
actually actually halted productionhalted production to do a to do a complete security review of the product complete security review of the product before shipping before shipping
Exchange Server 2003, Office System Exchange Server 2003, Office System 2003, Rights Management Services, 2003, Rights Management Services, Systems Management Server 2003Systems Management Server 2003
More than 11,000 engineers in the More than 11,000 engineers in the company have and continue to receive company have and continue to receive specialized training in writing secure code.specialized training in writing secure code.
Microsoft Trustworthy Computing FrameworkYear in review: 2003 HighlightsYear in review: 2003 Highlights MayMay Virus Information AllianceVirus Information Alliance AugustAugust Protect Your PC campaignProtect Your PC campaign OctoberOctober $5M million reward$5M million reward
Partnered with the U.S. Secret Service, FBI and Partnered with the U.S. Secret Service, FBI and Interpol to launch a Interpol to launch a
OctoberOctober Launch: Security Mobilization Launch: Security Mobilization DecemberDecember
patch management processes, policies and patch management processes, policies and technologiestechnologies
global security guidance education programsglobal security guidance education programs develop new safety technologies in Windows develop new safety technologies in Windows
XP, Windows Server 2003XP, Windows Server 2003
Microsoft Trustworthy Computing Framework20042004 Microsoft is fully committed to the long-term Microsoft is fully committed to the long-term
success of the Trustworthy Computing initiative:success of the Trustworthy Computing initiative: collaborate worldwide to address critical technology collaborate worldwide to address critical technology
trust issuestrust issues work to increase standardization of internal work to increase standardization of internal
development and quality assurance processes development and quality assurance processes companywidecompanywide
share practices and productize internal development share practices and productize internal development tools tools
We will work to make our products more resilient, We will work to make our products more resilient, and to develop privacy-enabling technologies. and to develop privacy-enabling technologies. And we will work to make the customer feedback And we will work to make the customer feedback loop even stronger. loop even stronger.
Security MobilizationSecurity Mobilization
What it is and Isn’tWhat it is and Isn’t
Worldwide Response Initiative Worldwide Response Initiative
Technical Response Technical Response
User ResponseUser Response
Developments since Oct 9 Security Developments since Oct 9 Security Positioning Positioning Worldwide Response Worldwide Response National Subsidiary CommunicationNational Subsidiary Communication Licensee CommunicationLicensee Communication
Partner and Customer Partner and Customer ImplicationsImplications
Microsoft Security Microsoft Security
Solutions and Solutions and ResourcesResources
Patches proliferatingPatches proliferating Time to exploit Time to exploit
decreasingdecreasing Exploits are more Exploits are more
sophisticated sophisticated Current approach is not Current approach is not
sufficientsufficient
Security is our #1 PrioritySecurity is our #1 PriorityThere is no silver bulletThere is no silver bullet
Change requires innovationChange requires innovation
151151180180
331331
Blaster
Blaster
Welchia/ Nachi
Welchia/ Nachi
NimdaNimda
2525
SQL Slammer
SQL Slammer
Days between patch Days between patch and exploitand exploit
Improving SecurityImproving SecurityResponding to the CrisisResponding to the Crisis
Security ResearchersSecurity Researchers
Discover Discover vulnerabilitiesvulnerabilities
Collaborating to fix Collaborating to fix vulnerabilitiesvulnerabilities
Disclosing Disclosing responsiblyresponsibly
Fewer researchers Fewer researchers disclosing disclosing
irresponsibly; irresponsibly; continuing to improvecontinuing to improve
Exploit CodersExploit Coders
Reverse-engineer Reverse-engineer patches & post exploit patches & post exploit
code to the Webcode to the Web
Building community Building community consensus that consensus that
disclosure is not gooddisclosure is not good
Reaching outReaching out
More industry More industry experts are speaking experts are speaking
out against exploit out against exploit codecode
Worm BuildersWorm Builders
Hack together worms Hack together worms with posted exploit code with posted exploit code
& worm toolkits& worm toolkits
Anti-VirusAnti-VirusReward ProgramReward Program
Assisting with technical Assisting with technical forensics workforensics work
Two arrests Two arrests around the around the
Blaster wormBlaster worm
What Microsoft is doingWhat Microsoft is doing
Results:Results:
The Exploit ProcessThe Exploit Process
You’ve Told UsYou’ve Told Us OurOur Action ItemsAction Items
““I can’t keep up…new I can’t keep up…new patches are released patches are released every week”every week”
““The quality of the The quality of the patching process is low patching process is low and inconsistent”and inconsistent”
““I need to know the right I need to know the right way to run a Microsoft way to run a Microsoft enterprise”enterprise”
““There are still too many There are still too many vulnerabilities in your vulnerabilities in your products”products”
Provide Guidance Provide Guidance and Trainingand Training
Mitigate Vulnerabilities Mitigate Vulnerabilities Without PatchesWithout Patches
Continue Improving Continue Improving QualityQuality
Improve the Patching Improve the Patching ExperienceExperience
Improve the Patching Improve the Patching Experience - Experience - New Patch PoliciesNew Patch Policies Extending security support to June 2004Extending security support to June 2004
Windows 2000 SP2Windows 2000 SP2 Windows NT4 Workstation SP6aWindows NT4 Workstation SP6a
Security patches on a monthly predictable Security patches on a monthly predictable release cycle release cycle
Allows for planning a Allows for planning a predictable monthly test and predictable monthly test and deployment cycle deployment cycle
Packaged as individual Packaged as individual patches that can be deployed patches that can be deployed together together
NOTE: Exceptions will be made if customers are at NOTE: Exceptions will be made if customers are at immediate risk from viruses, worms, attacks or other immediate risk from viruses, worms, attacks or other malicious activitiesmalicious activities
By late 2004: Consolidation to 2 patch installers for W2k and By late 2004: Consolidation to 2 patch installers for W2k and later, SQL 2000, Office & Exchange 2003; all patches will later, SQL 2000, Office & Exchange 2003; all patches will behave the same way behave the same way (update.exe, MSI 3.0)(update.exe, MSI 3.0)
Improved tools Improved tools consistencyconsistency
By mid-2004: Consistent results from MBSA, SUS, SMS, By mid-2004: Consistent results from MBSA, SUS, SMS, Windows Update Windows Update (will all use SUS 2.0 engine for (will all use SUS 2.0 engine for detection)detection)
Reduce patch Reduce patch complexitycomplexity
Reduce risk of Reduce risk of patch deploymentpatch deployment
Now: Increased internal testing; customer testing of patches Now: Increased internal testing; customer testing of patches before releasebefore releaseBy mid-2004: Rollback capability for W2k generation By mid-2004: Rollback capability for W2k generation products and later products and later (MSI 3.0 patches)(MSI 3.0 patches)
Reduce downtimeReduce downtimeNow:Now: Continued focus on reducing rebootsContinued focus on reducing rebootsBy late 2004: 30% of critical updates on Windows Server By late 2004: 30% of critical updates on Windows Server 2003 SP1 installed w/o rebooting 2003 SP1 installed w/o rebooting (“hot patching”)(“hot patching”)
Your NeedYour Need Our ResponseOur Response
Improve the Patching Improve the Patching Experience - Experience - Patch EnhancementsPatch Enhancements
Reduce patch sizeReduce patch sizeBy late 2004: Substantially smaller patches for W2k By late 2004: Substantially smaller patches for W2k generation and later OS & applications generation and later OS & applications (Delta patching (Delta patching technology, next generation patching installers)technology, next generation patching installers)
Improved tools Improved tools capabilitiescapabilities
May 2004: Microsoft Update (MU) hosts patches for W2k May 2004: Microsoft Update (MU) hosts patches for W2k server, and over time SQL 2000, Office & Exchange 2003server, and over time SQL 2000, Office & Exchange 2003
By mid-2004: SUS 2.0 receives content from MU & adds By mid-2004: SUS 2.0 receives content from MU & adds capabilities for targeting, basic reporting and rollbackcapabilities for targeting, basic reporting and rollback
Global Education ProgramGlobal Education Program TechNet Security SeminarsTechNet Security Seminars Monthly Security WebcastsMonthly Security Webcasts Monthly Security NewsletterMonthly Security Newsletter www.microsoft.com/eventswww.microsoft.com/events
New Prescriptive GuidanceNew Prescriptive Guidance Patterns and practicesPatterns and practices How-to configure for securityHow-to configure for security How Microsoft Secures MicrosoftHow Microsoft Secures Microsoft
Online CommunityOnline Community Security Zone for Security Zone for
IT ProfessionalsIT Professionals Authoritative Enterprise Security Authoritative Enterprise Security
GuidanceGuidance http://www.microsoft.com/technet/security/http://www.microsoft.com/technet/security/
bestprac.aspbestprac.asp
Providing Guidance and Providing Guidance and Training - Training - IT ProfessionalsIT Professionals
Make customer more resilient Make customer more resilient to attack, even when patches to attack, even when patches
are not installedare not installed
Help stop known & unknown Help stop known & unknown vulnerabilitiesvulnerabilities
Goal: Make 7 out of every 10 patches Goal: Make 7 out of every 10 patches installable on your scheduleinstallable on your schedule
Beyond PatchingBeyond Patching
Windows XP SP2 Windows XP SP2 SECURING CLIENTSSECURING CLIENTS
Improved network protectionImproved network protection Safer email and Web browsingSafer email and Web browsing Enhanced memory protectionEnhanced memory protection Beta available, RTM based on customer feedbackBeta available, RTM based on customer feedback
Windows Server 2003 SP1 Windows Server 2003 SP1 SECURING ENTERPRISESECURING ENTERPRISE
Role-based security configurationRole-based security configuration Inspected remote computersInspected remote computers Inspected internal environmentInspected internal environment RTM H2 CY04 – NOW!RTM H2 CY04 – NOW!
Delivering Security Delivering Security TechnologiesTechnologies
Security technologies for Security technologies for clientsclients
Security enhancements that protect Security enhancements that protect computers, even without patches…computers, even without patches…included in Windows XP SP2; more to included in Windows XP SP2; more to followfollow
Helps stop network-based attacks, Helps stop network-based attacks, malicious attachments and Web content, malicious attachments and Web content, and buffer overrunsand buffer overruns
Network protection:Network protection: Improved ICF, DCOM, Improved ICF, DCOM, RPC protection turned on by defaultRPC protection turned on by default
Safer browsing:Safer browsing: Pop-up blocking, Pop-up blocking, protection from accidental installation of protection from accidental installation of potentially malicious Web contentpotentially malicious Web content
Memory protection:Memory protection: Improved compiler Improved compiler checks to reduce stack overruns, checks to reduce stack overruns, hardware NX supporthardware NX support
Safer email:Safer email: Improved attachment Improved attachment blocking for Outlook Express and IMblocking for Outlook Express and IM
What it isWhat it is
What it doesWhat it does
Key FeaturesKey Features
Security technologies for Security technologies for EnterprisesEnterprises
Only clients that meet corporate Only clients that meet corporate security standards can connect…security standards can connect…included in Windows Server 2003 SP1; included in Windows Server 2003 SP1; more to follow more to follow
Protects enterprise assets from infected Protects enterprise assets from infected computerscomputers
Role-based security configuration: Role-based security configuration: Locks Locks down servers for their specific taskdown servers for their specific task
Inspected remote computers and internal Inspected remote computers and internal environment:environment: Enforce specific corporate security Enforce specific corporate security
requirements such as patch level, AV requirements such as patch level, AV signature level & firewall statesignature level & firewall state
Ensure these standards are met when Ensure these standards are met when VPN and local wired or wireless VPN and local wired or wireless connections are madeconnections are made
What it isWhat it is
What it doesWhat it does
Key FeaturesKey Features
Continue Improving QualityContinue Improving Quality Trustworthy Computing Release ProcessTrustworthy Computing Release Process
M1
M2
Mn
Beta
DesignD
evel
op
men
t
Release
Support
SecurityReview
SecurityReview
Each component team develops threat Each component team develops threat models, ensuring that design blocks models, ensuring that design blocks applicable threatsapplicable threats
Develop & Test
Develop & Test
Apply security design & coding standardsApply security design & coding standards Tools to eliminate code flaws (PREfix & Tools to eliminate code flaws (PREfix &
PREfast)PREfast) Monitor & block new attack techniquesMonitor & block new attack techniques
Security Push
Security Push
Team-wide stand downTeam-wide stand down Threat model updates, code review, test & Threat model updates, code review, test &
documentation scrubdocumentation scrub
Security Audit
Security Audit
Analysis against current threatsAnalysis against current threats Internal & 3Internal & 3rdrd party penetration testing party penetration testing
Security ResponseSecurity
Response
Fix newly discovered issuesFix newly discovered issues Root cause analysis to proactively find Root cause analysis to proactively find
and fix related vulnerabilitiesand fix related vulnerabilities
Design docs & specifications
Development, testing &
documentation
Product
Service Packs,QFEs
Critical or important vulnerabilities in the first…Critical or important vulnerabilities in the first…
33 66
……90 days90 days ……180 days180 days
88 2121
TwC release?TwC release?
YesYes
NoNo
For some widely-deployed, existing products:For some widely-deployed, existing products:
Mandatory for all new products:Mandatory for all new products:
Continue Improving QualityContinue Improving QualityContinue Improving QualityContinue Improving Quality
Bulletins sinceBulletins sinceTwC releaseTwC release
Shipped July 2002, 16 months ago (as of Nov. 2003)Shipped July 2002, 16 months ago (as of Nov. 2003)
11
Bulletins in 16 Bulletins in 16 month period prior month period prior
to TwC releaseto TwC release
66Service Pack 3Service Pack 3
Bulletins sinceBulletins sinceTwC releaseTwC release
Shipped Jan. 2003, 10 months ago (as of Nov. 2003)Shipped Jan. 2003, 10 months ago (as of Nov. 2003)
22
Service Pack 3Service Pack 3
1111
Bulletins in 10 Bulletins in 10 month period prior month period prior
to TwC releaseto TwC release
Patch InvestmentsPatch Investments Extended Support for NT4 Workstation SP6a & Extended Support for NT4 Workstation SP6a &
Windows 2000 SP2Windows 2000 SP2 Improved Patching ExperienceImproved Patching Experience
Global Education EffortGlobal Education Effort WW 500,000 customers trained by June 2004WW 500,000 customers trained by June 2004 New Security “Expert Zone”New Security “Expert Zone”
Security InnovationsSecurity Innovations Security technologies for Windows clientSecurity technologies for Windows client Security technologies for Windows serverSecurity technologies for Windows server
www.microsoft.com/security/IT
Commitment to CustomersCommitment to CustomersCommitment to CustomersCommitment to Customers
Lockdown servers, Lockdown servers, workstations and network workstations and network infrastructureinfrastructure
Lockdown servers, Lockdown servers, workstations and network workstations and network infrastructureinfrastructure
Design and deploy a Design and deploy a proactive patch proactive patch management strategymanagement strategy
Design and deploy a Design and deploy a proactive patch proactive patch management strategymanagement strategy
Centralize policy and Centralize policy and access managementaccess management
Centralize policy and Centralize policy and access managementaccess management
www.microsoft.com/technet/security/bestprac
Continue Improving QualityContinue Improving QualityMaking ProgressMaking Progress
.NET Framework (for 2002 & .NET Framework (for 2002 & 2003)2003)ASP.NET (for 2002 & 2003)ASP.NET (for 2002 & 2003)Biztalk Server 2002 SP1Biztalk Server 2002 SP1Commerce Server 2000 SP4Commerce Server 2000 SP4Commerce Server 2002 SP1Commerce Server 2002 SP1Content Management Server Content Management Server 20022002Exchange Server 2003Exchange Server 2003Host Integration Server 2002Host Integration Server 2002Identity Integration Server Identity Integration Server 20032003Live Communications Server Live Communications Server 20032003MapPoint.NETMapPoint.NET
Office 2003Office 2003Rights Mgmt Client & Rights Mgmt Client & Server 1.0Server 1.0Services For Unix 3.0Services For Unix 3.0SQL Server 2000 SP3SQL Server 2000 SP3Visual Studio .NET 2002Visual Studio .NET 2002Visual Studio .NET 2003Visual Studio .NET 2003Virtual PCVirtual PCVirtual ServerVirtual ServerWindows CE (Magneto)Windows CE (Magneto)Windows Server 2003Windows Server 2003Windows Server 2003 Windows Server 2003 ADAMADAM
2323 Products In the TwC Release Process Products In the TwC Release Process
SolutionsSolutions
Identity ManagementIdentity Management Integrated Identity Server Products and Integrated Identity Server Products and
ServicesServices Integration with Active DirectoryIntegration with Active Directory LicensingLicensing PIPEDA implications PIPEDA implications
SolutionsSolutions
Perimeter SecurityPerimeter Security ISA 2000ISA 2000 ISA 2004ISA 2004
Security SolutionsSecurity Solutions
Virus Information Alliance – Anti-VirusVirus Information Alliance – Anti-Virus
Security SolutionsSecurity Solutions
Rights ManagementRights Management
Security SolutionsSecurity Solutions
Privacy and Compliance Privacy and Compliance
ResourcesResources General
http://www.microsoft.com/security Technical Resources for IT Professionals
http://www.microsoft.com/technet/security Best Practices for Defense in Depth
http://www.microsoft.com/technet/security/bestprac.asp
How Microsoft Secures Microsoft http://www.microsoft.com/technet/
itsolutions/msit/ security/mssecbp.asp MSDN Security Development Tools
http://msdn.microsoft.com/security/downloads/tools/ default.aspx
Available NowAvailable Now 17 prescriptive books17 prescriptive books How Microsoft secures Microsoft How Microsoft secures Microsoft
Throughout 2004Throughout 2004 More prescriptive & how-to guidesMore prescriptive & how-to guides Tools & scripts to automate common Tools & scripts to automate common
taskstasks
Focused on operating a secure environment Focused on operating a secure environment Patterns & practices for defense in depthPatterns & practices for defense in depth Enterprise security checklist – the single place Enterprise security checklist – the single place
for authoritative security guidancefor authoritative security guidance
Security Guidance for IT ProsSecurity Guidance for IT ProsSecurity Guidance for IT ProsSecurity Guidance for IT Pros
ResourcesResourcesEnterprise Security GuidanceEnterprise Security Guidance Design and Deploy a Proactive Patch Management Strategy
Microsoft Guide to Security Patch Management: http://www.microsoft.com/technet/security/topics/patch
Lockdown Servers, Workstations and Network Infrastructure Microsoft Windows XP Security Guide Overview -
http://www.microsoft.com/technet/security/prodtech/winclnt/secwinxp/default.asp
Threats and Countermeasures Guides for Windows Server 2003 and Windows XP: http://www.microsoft.com/technet/security/topics/hardsys/TCG/TCGCH00.asp
Windows Server 2003 Security: http://www.microsoft.com/technet/security/prodtech/win2003/w2003hg/sgch00.asp
Securing your Network: http://msdn.microsoft.com/en‑us/dnnetsec/html/THCMCh15.asp
Perimeter Firewall Service Design: http://www.microsoft.com/technet/itsolutions/msa/msa20ik/VMHTMLPages/VMHtm57.asp
Network Access Quarantine for Windows Server 2003: http://www.microsoft.com/windowsserver2003/techinfo/overview/quarantine.mspx
Centralize Policy and Access Management Microsoft Identity and Access Management Solution:
http://www.microsoft.com/technet/security/topics/identity/idmanage Architecture, Deployment, and Management:
http://www.microsoft.com/technet/security/topics/architec
ResourcesResources
Canada - Security Academy InitiativeCanada - Security Academy Initiative
3.3. Wrap-upWrap-up
Microsoft WWMicrosoft WW
Special Announcement - TourSpecial Announcement - Tour
Our commitment to youOur commitment to you
Alignment around SecurityAlignment around Security
Values and Benefits to You!Values and Benefits to You!
Dec 2003Dec 2003 Jun 2004Jun 2004 FutureFuture20032003
Extended Extended supportsupport
Monthly Monthly patch patch releasesreleases
Baseline Baseline guidanceguidance
Community Community InvestmentsInvestments
Windows XP Windows XP SP2SP2
Patching Patching enhancementsenhancements
SMS 2003SMS 2003
SUS 2.0SUS 2.0
Microsoft Microsoft UpdateUpdate
Broad trainingBroad training
Windows Windows Server 2003 Server 2003 SP1SP1
Security Security technologiestechnologies
Next Next generation generation inspectioninspection
NGSCB NGSCB Windows Windows hardeninghardening
Continued Continued OS-level OS-level security security technologiestechnologies
Tour AnnouncementTour Announcement
TechNet / MSDN Security ForumsTechNet / MSDN Security Forums 10 cities starting in Toronto Feb 25 / 2610 cities starting in Toronto Feb 25 / 26 Be there with us.Be there with us. (dates as of Jan 28 – tentative!)(dates as of Jan 28 – tentative!)
TechNet Feb 26 Mar 09 Mar 10 Mar 16 Mar 17 Mar 24 Mar 30 Mar 31 Apr 06 Apr 07MSDN Feb 25 Mar 10 Mar 11 Mar 17 Mar 18 Mar 25 Mar 31 Apr 01 Apr 07 Apr 08
Q&AQ&A
Security and MicrosoftSecurity and Microsoft
Carolyn Burke, MA, CISSP Carolyn Burke, MA, CISSP Acting Senior Security Product Manager, Microsoft CanadaActing Senior Security Product Manager, Microsoft Canada
CEO, Integrity IncorporatedCEO, Integrity Incorporated