当前位置:首页 >> 图片/文字技巧 >>

微软演示稿经典剪辑表格篇


第二篇

表格篇

Example Goals
Project Goal In the vulnerability scanning project, all computers running Windows 2000 Server and Windows Server 2003 on the subnets 192.168.0.0/24 and 192.168.1.0/24 will be scanned for the following vulnerabilities be remediated as stated. Vulnerability Remediation

RPC over DCOM vulnerability (MS 03-026)
Anonymous SAM enumeration

Install Microsoft security patches 03-026 and 03-39.
Configure RestrictAnonymous to: ? 2 on Windows 2000 Server ? 1 on Windows Server 2003

Guest account enabled

Disable Guest account.

Greater than 10 accounts in the Minimize the number of accounts local Administrator group on the administrators group.

Example Scope
Statement Components Target Example All servers running: * Windows 2000 Server * Windows Server 2003 All servers on the subnets: * 192.168.0.0/24 * 192.168.1.0/24 Scanning will take place from June 3rd to June 10th during non-critical business hours * * * * RPC over DCOM vulnerability (MS 03-026) Anonymous SAM enumeration Guest account enabled Greater than 10 accounts in the local Administrator group

Target area

Timeline Vulnerabilities to scan for

What to plan for…
Project Phase
Preassessment

Planning Elements
Scope Goals Timelines Ground rules Choosing technologies Perform assessment Organize results Estimate risk presented by discovered weaknesses Create a plan for remediation Identify vulnerabilities that have not been remediated Determine improvement in network security over time Create final report Present your findings Arrange for next assessment

Assessment

Preparing results

Reporting your findings

Patch Management Solution For Small And Medium-sized Organizations
Size of organization Patch management solution

Scenario

Small

Has one to three Windows 2000 or later servers and one IT administrator

MBSA and SUS

Medium or large

Wants a patch management solution with basic level of control that updates: MBSA and SUS Windows 2000, Windows XP, and Windows Server 2003 computers

Area Policy Process Technology Implementation

Key Questions What changes in the organization’s security policy will be required, either directly or indirectly? What processes and procedures will need to be created or modified to meet the recommendations? What technology will be used in the solution? How should the recommendations, technical or non-technical, be implemented, and how can users or administrators comply with the recommendations? What should be added, modified, or removed from network diagrams or documentation as a result of the changes?

Documentation

Operations

How will the daily maintenance and management of the IT systems change? Is training required?

The Importance Of Proactive Patch Management
Attack Patch release date Attack date Number of days patch was available before the attack
49 184

Trojan.Kaht SQL Slammer Klez-E Nimda Code Red

Mar 17, 2003 Jul 24, 2002

May, 5 2003 Jan 24, 2003

Mar 29, 2001
Oct 17, 2000 Jun 18, 2001

Jan 17, 2002
Sept 18, 2001 Jul 16, 2001

294
336 28

Default Exempt Rules In IPSec
Stored in the registry value:
HKLM\SYSTEM\CurrentControlSet\Services\IPSEC\NoDefaultExempt NoDefaultExempt values

0
RSVP IKE Kerberos Multicast Broadcast RSVP IKE Kerberos Multicast Broadcast

1
IKE Multicast Broadcast

2
RSVP IKE Kerberos IKE

3

IKE Multicast Broadcast

X

X

Performance
Enhanced Architecture
Optimized for real life usage scenarios Improvements since ISA Server 2000
Kernel-mode data pump User-mode optimizations Up to +150% (2.5X faster) for firewall (SecureNAT) traffic Up to +250% (3.5X faster) for Web (transparent) proxy traffic 1,000,000+ concurrent connections

Scale up with additional CPUs

Raw throughput performance
Test KM tput, 1500 MTU Results 1.65 Gbps Details 2-proc, 4 NICs

Network Computing Magazine app. layer firewall review (3/03): Full inspection performance [Mbps]
Symantec FW 7.0 Sidewinder

KM tput, 9000 MTU
HTTP Filtering

4.6 Gbps
250 Mbps @ 600 cps

4-proc, 6 NICs
2-proc, 4 NICs

67 122 127 170

How? ? Design improvements ? IP Stack improvements ? Hardware improvements (raw thru-put measured using HTTP+NAT benchmark)

Checkpoint NG FP3 ISA 2000 FP1

Microsoft Patch Severity Ratings
Rating Definition

Critical

Exploitation could allow the propagation of an Internet worm Exploitation could result in compromise of user data or the availability of processing resources
Exploitation is serious, but is mitigated to a significant degree by default configuration, auditing, need for user action, or difficulty of exploitation Exploitation is extremely difficult or impact is minimal

Important

Moderate

Low

Security Bulletin List: http://www.Microsoft.com/TechNet/Security/Current.asp

Patching Time Frames
Severity rating Critical Recommended patching time frame
Within 24 hours

Recommended maximum patching time frame
Within two weeks Within two months

Important Within one month

Moderate

Depending on expected availability, wait for next service pack or patch rollup Deploy the patch that includes the patch, or deploy the within six months patch within four months

Low

Depending on expected availability, wait for next service pack or patch rollup that includes the patch, or deploy the patch within one year

Deploy the patch within one year, or choose not to deploy at all

Improving The Patching Experience
Your need
Reduce patch frequency

Reduce patching complexity
Reduce risk of patch deployment Reduce patch size Reduce downtime Improve tool consistency Improve tool capabilities

Microsoft’s response Reduced frequency of non-emergency patch releases from once per week to once per month Reduced number of patch installer technologies Improved patch quality and introduced patch rollback capability Developed “delta patching” technology to reduce patch size

Reduced patch-related reboots Developing consistent tools Developing more capable tools

Choosing A Patch Management Solution
Customer type
Consumer Small organization All scenarios Has no Windows servers

Scenario

Solution
Windows Update Windows Update

Has one to three Windows 2000 or newer servers and one IT administrator
Wants a patch management solution with basic level of control that updates Windows 2000 and newer versions of Windows Wants a single flexible patch management solution with extended level of control to patch, update, and distribute all software

MBSA and SUS
MBSA and SUS

Medium-sized or large enterprise

SMS

Patch Management Solution For MediumSized And Large Organizations
Capability SUS 1.0 SMS 2003
Windows NT 4.0 Windows 98 Windows 2000 Windows XP Windows Server 2003 Windows 2000 Supported Windows XP Platforms for Windows Server 2003

Content

Supported Content Types

All patches, service packs, Security and security and updates for the above rollup patches, critical operating updates, and service systems; supports patch, packs for the above update, and application operating systems installations for Microsoft and other applications

Patch Distribution Control

Basic

Advanced

Policy

Passwords

Process

Password creation, reset, change, use

Technology

System enforcement, protocols, limitations, threat countermeasures

Implementation How it works on the network, settings enabled/disabled Documentation Record of what was implemented and how to do it again Operations End use, administration, problem management

IT Policy Completeness
Policy Process Techn Impleme ology ntation Docume ntation Operat ions

Passwo rd Wireles s Network Server Patch Manage ment Guest access

3

2

3

3

1

1

13

3

3

3

3

2

3

17

3

2

2

2

1

2

10

2 11

0 7

0 8

1 9

0 4

1 7

4

IT Audit Score Card Example
Password Policy Compliance Procedure 2 Processes appear out of synch with policy… Process Users are unware of what they should do….. Operations 1 Score 2

Wireless network security Procedure Process Operations Score 3 3 9 100% compliance

Elements of Your Final Report
Element Cover sheet Table of Contents Executive summary Summary of work Description Title of your report, names of the principle authors, data, and a brief abstract of the project Overall summary of the results of the project in no more than one page Scope of the project, its goals, and the methodology and technology you used to meet the goals. Detailed findings based on goals Bibliographic references

Detailed findings Reference citations

Upgrading And Migrating
SharePoint products and technologies
Tool
Spsimex.exe

Delivery Vehicle
Resource Kit

Source
SPS 2001

Target
SPS 2001

Availability
Now

Scenarios
Migrating document content from Portal site to Portal site Team Site Migration Team Site Backup Moves Portal workspaces with Categories, Content sources, keywords, best bets Folders, Documents, and metadata Folders, Documents, and metadata

Smigrate.exe Stsadm.exe Upgrade.exe

WSS RTM WSS RTM SPS 2003

STS & WinSS WinSS SPS 2001

WinSS WinSS SPS 2003

Now Now Now

Spout.exe

Web

SPS 2001 & SPS 2003 (Web Storage System) XML Intermediate file format

XML Intermediate file format SPS 2003 (SQL Server)

Now

Spin.exe

Web

Now

Upgrade
Editions
SQL 2005 Beta2 Developer Edition

Upgrade
SQL 2000 Enterprise, Standard, Developer, & Personal Editions SP3 or higher

Language
JPN

Platform
Intel X86 Intel IA64

ENU

Intel AMD64

Analysis Service and DTS Migration Wizards No new MDAC bits Reduced SQL Database services downtime

What’s New In Setup
SQL Server 2005
Ability to patch install program Ability to patch product binaries in an integrated install step

SQL Server 2000
Patch by manually creating and then updating installation media Patch with a post install step Transacted installs of files only X X Extended downtime for single-user mode operations Books Online with web refreshes 64-bit Edition Engine + CmdLine X

Transacted installs
Analysis Services multiple instance Analysis Services one-step Failover Clustering configuration Reduced server down time during upgrade Dynamic help and troubleshooting information 64-bit Edition Engine + Tools feature set Mount points with Drive letters Feature selection in clustering

Canned feature set including FTS
X

Scripted Remote and Cluster install

Other Sessions
Day
Tuesday Tuesday

Time Session

Topic

12:15 DEVPNL2 Visual Studio Team System Partners 1:30 DEV 300 Project Management

Tuesday
Tuesday

1:30
3:15

ARC 304
ARC 400 DEV 301

Bridging the Gap Between IT and Dev
Developing SOAs Software Testing

Wednesday 8:30

Thursday
Thursday Friday

1:30
3:15 9:00

DEV 302
DEV 303 ARC 312

Advanced Development
Enterprise-Class Source Control Designing for Deployment

Friday

12:15 DEVPNL5 Implementing Software Processes

http://msdn.microsoft.com/vstudio/enterprise

DREAD
High (3)
Damage potential Attacker can retrieve extremely sensitive data and corrupt or destroy data

Medium (2)
Attacker can retrieve sensitive data but do little else

Low (1)
Attacker can only retrieve data that has little or no potential for harm

Reproducability

Works every time; does not require a timing window
Bart Simpson could do it

Timing-dependent; works only within a time window
Attacker must be somewhat knowledgeable and skilled

Rarely works

Exploitability

Attacker must be VERY knowledgeable and skilled

Affected users
Discoverabilty

Most or all users
Attacker can easily discover the vulnerability

Some users
Attacker might discover the vulnerability

Few if any users
Attacker will have to dig to discover the vulnerability

Micro Issues are 88%
Simple to fix. Create “Noise” Five issues represent 88% of all upgrade issues
Default properties 52%

Property/method not upgraded
Property/method different behavior Module methods of COM objects Null/IsNull

13%
12% 7% 4%


赞助商链接
相关文章:
二级MS Office真题第6套完整解析
步骤 2:单击“插入”选项卡→“表格”组→“表格”按钮,在弹出的下拉列表中...请根据提供的素材文件“ppt 素材.docx”中的文字、图片设计制作演示文稿,并以...
office高级应用试题
要在演示文稿中插入某产品图片,下列方法正确的是( ...复制粘贴 19.在以下图标中,选项( )为设置表格边框...这篇文档有word格式吗?office高级应用试题 2018-06-...
office技巧1000例
office技巧1000例_IT/计算机_专业资料。Powerpoint 篇 选定表格中的项目表格演示文稿中最重要的对象之一,下面的这些技巧可以让用户快速的选定表格中 的项目: 如果...
Excel2007使用技巧大全(经典超全)
10W篇文档免费专享 每天抽奖多种福利 立即开通 意见...Excel2007使用技巧大全(经典超全)_经管营销_专业资料...(微软 Office 技巧大赛获奖作品) 在 Excel 表格中...
office习题
答: (1)“表格”菜单——“插入”——“表格” 、。(2) 、常用工具栏上...如果执行“常用”工具栏上的 “新建”命令,表示要新建一个新的演示文稿,并不...
Office2007 Excel表格中鲜为人知的“照相机”功能
Office2007 Excel表格中鲜为人知的“照相机”功能_电脑基础知识_IT/计算机_专业资料。Excel 中, 有一个“照相机”的功能, 但是几乎 80%使用 Excel 的人, 并不...
微软视频会议介绍
微软视频会议介绍_调查/报告_表格/模板_实用文档。微软视频会议介绍 ...3.1 在会议期间演示内容在会议期间, 演示者可以显示准备好的演示文稿, 也可以在...
Office Excel报表小技巧两招让你与众不同
原创 订阅 Office 办公离不开形形色色各种报表,千篇一律毫无生气的报表既让人...office中Excel表格使用技... 97页 2下载券 office_2007技巧186招(W... ...
如何把打印稿变成电子版
10W篇文档免费专享 每天抽奖多种福利 立即开通 ...如何把打印稿变成电子版_调查/报告_表格/模板_...“Microsoft Office/ Microsoft Office 工具/...
更多相关标签: