How Microsoft fights off 100,000 attacks per month
Here's what the company does to protect itself from the continuous onslaught
Computerworld - Microsoft Corp. has long encouraged its employees to "RAS" into the corporate network from home or from the road to access e-mail, shared files and applications.
RAS, short for Remote Access Services, is an old Microsoft term for what most people now call a client VPN.
Microsoft, of course, maintains valuable intellectual property on its internal network, including the source code to all its operating systems and applications. These are constant targets for hackers, and Microsoft tries to protect its most valuable assets with defenses in depth; they are behind firewalls and on networks segmented with IPsec. In addition, the entire network is monitored for suspicious activity, scanned for malware and so on.
What do I mean by a constant target? Last year, Microsoft IT said it was the target of more than 100,000 intrusion attempts per month. Currently, Microsoft filters out about 9 million spam and virus e-mails a day out of 10 million received. Yes, that means that roughly 90% of incoming e-mails are spam.
In that environment, you'd think that VPN connections might expose Microsoft to serious security risks. So how does Microsoft mitigate those risks while continuing to offer VPN access to remote employees and contractors? The answer to that is manifold.
The first layer of protection for the Microsoft VPN is two-factor authentication. After an infamous incident in fall 2000, Microsoft installed a certificate-based public-key infrastructure and rolled out smart cards to all employees and contractors with remote access to the network and individuals with elevated access accounts such as domain administrators.
Two-factor authentication requires that you have something physical. In this case, it means the smart card and a password.
(The intrusion incident to which I refer was reported by the Wall Street Journal and others, including Computerworld. The news reports said that crackers gained access to Microsoft's network using a stolen username and password, and were able to view, but not alter, some source code. Microsoft disagrees with the information reported.)
"Today, we require a smart card with a valid certificate and PIN, as well as network credentials and authorization to use the network remotely," said Mark Estberg, director of Microsoft's internal security. "We are 'dog-fooding' a deployment using Longhorn Server to implement the same two-factor authorization with SSL VPN from ISA/Whale [acquired by Microsoft in 2006], and with Network Access Protection for endpoint scanning. The back-end authentication and authorization is handled by integration with Active Directory and the Network Policy Server Windows Server."
You might expect Microsoft to adopt biometric security. The company has said it's evaluating it. As yet, however, it's sticking with smart cards.
- Warning: Cloud Data at Risk Experts agree that relying on SaaS vendors to backup and restore your data is dangerous. Yet that's exactly what huge portions of the...
- The Opportunities and Challenges of the Cloud In this report F5 poses questions to IDC analysts, Sally Hudson and Phil Hochmuth, on behalf of F5's customers to better understand the...
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- The Truth About Cloud Security "Security" is the number one issue holding business leaders back from the cloud. But does the reality match the perception?
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!