How Microsoft fights off 100,000 attacks per month
Here's what the company does to protect itself from the continuous onslaught
Computerworld - Microsoft Corp. has long encouraged its employees to "RAS" into the corporate network from home or from the road to access e-mail, shared files and applications.
RAS, short for Remote Access Services, is an old Microsoft term for what most people now call a client VPN.
Microsoft, of course, maintains valuable intellectual property on its internal network, including the source code to all its operating systems and applications. These are constant targets for hackers, and Microsoft tries to protect its most valuable assets with defenses in depth; they are behind firewalls and on networks segmented with IPsec. In addition, the entire network is monitored for suspicious activity, scanned for malware and so on.
What do I mean by a constant target? Last year, Microsoft IT said it was the target of more than 100,000 intrusion attempts per month. Currently, Microsoft filters out about 9 million spam and virus e-mails a day out of 10 million received. Yes, that means that roughly 90% of incoming e-mails are spam.
In that environment, you'd think that VPN connections might expose Microsoft to serious security risks. So how does Microsoft mitigate those risks while continuing to offer VPN access to remote employees and contractors? The answer to that is manifold.
The first layer of protection for the Microsoft VPN is two-factor authentication. After an infamous incident in fall 2000, Microsoft installed a certificate-based public-key infrastructure and rolled out smart cards to all employees and contractors with remote access to the network and individuals with elevated access accounts such as domain administrators.
Two-factor authentication requires that you have something physical. In this case, it means the smart card and a password.
(The intrusion incident to which I refer was reported by the Wall Street Journal and others, including Computerworld. The news reports said that crackers gained access to Microsoft's network using a stolen username and password, and were able to view, but not alter, some source code. Microsoft disagrees with the information reported.)
"Today, we require a smart card with a valid certificate and PIN, as well as network credentials and authorization to use the network remotely," said Mark Estberg, director of Microsoft's internal security. "We are 'dog-fooding' a deployment using Longhorn Server to implement the same two-factor authorization with SSL VPN from ISA/Whale [acquired by Microsoft in 2006], and with Network Access Protection for endpoint scanning. The back-end authentication and authorization is handled by integration with Active Directory and the Network Policy Server Windows Server."
You might expect Microsoft to adopt biometric security. The company has said it's evaluating it. As yet, however, it's sticking with smart cards.
- Securing Mobile App Data - Comparing Containers and App Wrappers Analysts agree that Mobile Device Management (MDM) is not enough when it comes to securing app data. Although it remains a critical component...
- PCI 3.0 Compliance In this white paper, learn how PCI-DSS 3.0 effects how you deploy and maintain PCI compliant networks using CradlePoint devices.
- Mitigating Security Risks at the Networks Edge This white paper provides strategies and best practices for distributed enterprises to protect their networks against vulnerabilities, threats, and malicious attacks.
- 5 Strategies for Modern Data Protection Read the five strategies for modern data protection that will not only help solve your current data management challenges but also ensure that...
- Business-driven data protection Setting up data protection infrastructures with your organizations' core mission or business in mind is key. In this webinar, the ARCserve team will...
- On-Demand Webinar: Mind the Gap! Watch the webinar featuring Bob Janssen, CTO and Co-Founder of RES Software, to start building a solid foundation for business and IT to... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!