TechNet Security Workshop
per la PMI
Come rendere sicura l'infrastruttura IT
di una Piccola e Media Impresa
Alessandro Appiani
Nicola Pepe
In sintesi
i fondamenti







Active Directory per il controllo della rete
interna ed il security enforcement (Policy)
metodo automatico di patching delle
vulnerabilità (SUS/WUS, SMS)
desktop sicuri e sempre protetti con Windows
XP sp2
application-layer firewall (ISA) per una
pubblicazione più sicura dei servizi Internet
protezione e controlli perimetrali (fw, anti-virus)
per i servizi di comunicazione
comunicazioni verso l’esterno sempre cifrate
(SSL, VPN, PKI)
Servizi applicativi e infrastrutturali securityaware (prevenzione, controllo, ...)
Cosa vi serve per implementare
la rete sicura
Per tutti gli scenari:
 Desktop con Windows XP con
sp2



Windows XP Professional
Windows XP Service Pack 2
(gratuito)
Office 2003

in funzione delle esigenze
scenario A: Very Small (< 5 client)
check-list prodotti e tecnologie



SBS 2003 (include 5 licenze client)
Exchange Server SP1 e IMF (gratuiti)
servizio Microsoft Update (accesso web
gratuito) per aggiornamento automatico
server e client
scenario B: Small (< 60 client circa)
check-list prodotti e tecnologie

SBS 2003 (include 5 licenze client + eventuali
licenze per ulteriori client)






versione standard sufficiente se rete single-server
versione premium consigliata se rete multi-server
eventuali Windows Server 2003 aggiuntivi
(necessarie le sole licenze server)
Exchange Server SP1 e IMF (gratuiti)
servizio Microsoft Update (accesso web gratuito)
per aggiornamento automatico server e client
infrastruttura SUS/WUS (gratuito) se client
numerosi
scenario C: Medium (oltre 75 client)
check-list prodotti e tecnologie






Windows Server 2003 (con le relative licenze
client)
Exchange Server 2003 (con le relative licenze
client)
Exchange Server SP1 e IMF (gratuiti)
ISA Server 2000/2004 (licenze per processor, no
cal)
eventuali Windows Server 2003 aggiuntivi
(normalmente necessarie le sole licenze server)
infrastruttura SUS/WUS (gratuito)
PMI Security Checklist
1. Update your software
If there's a patch available, install it. It's a simple way to avoid
serious problems, yet many fail to do so.
2. Protect against viruses
Companies large and small can be crippled by viruses. Make
sure every company PC, server and laptop is fully
protected.
3. Set up a firewall
This isn't as intimidating as it sounds -- and it's the most
important thing you can do to thwart hackers.
4. Tighten in-house security
Not all threats are high-tech. A casual break-in or disgruntled
employee can cause serious damage too.
5. Strengthen passwords
If you or your employees use simple passwords and/or fail to
change them regularly, your company is vulnerable.
PMI Security Checklist
6. Backup critical data
If the thought of losing everything stored in your computers terrifies
you, there's a simple solution. Schedule regular back ups.
7. Embrace smart Web browsing
Unscrupulous sites, as well as pop-ups and animations, can be
dangerous. So can browsing from a server.
8. Safeguard wireless network
They're a great innovation, but wireless networks are more
vulnerable than cabled networks. Do all you can to reduce your
exposure.
9. Connect remote users securely
Remote access to your network may be a business necessity, but it's
also a security risk you need to closely monitor.
10. Lock down servers
Your servers are your network's command center. If your servers are
compromised, your entire network is at risk.
11. Lock down clients
A lack of stringent administrative procedures could sabotage all of
the security safeguards you've just instigated.
Per approfondire
www.microsoft.com/smallbusiness/gtm/securityguidance/hub.mspx
Altri riferimenti

Microsoft Security Center



Area Technet


www.microsoft.com/technet/security/default.mspx
Security Guidance Center (IT Pro)


www.microsoft.com/security/
www.microsoft.com/italy/security/
www.microsoft.com/security/guidance/default.mspx
Security Guidance Center (SMB)

www.microsoft.com/smallbusiness/gtm/
securityguidance/hub.mspx
Questions?
© 2004 Microsoft Corporation. All rights reserved.
This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.