TechNet Security Workshop per la PMI Come rendere sicura l'infrastruttura IT di una Piccola e Media Impresa Alessandro Appiani Nicola Pepe In sintesi i fondamenti Active Directory per il controllo della rete interna ed il security enforcement (Policy) metodo automatico di patching delle vulnerabilità (SUS/WUS, SMS) desktop sicuri e sempre protetti con Windows XP sp2 application-layer firewall (ISA) per una pubblicazione più sicura dei servizi Internet protezione e controlli perimetrali (fw, anti-virus) per i servizi di comunicazione comunicazioni verso l’esterno sempre cifrate (SSL, VPN, PKI) Servizi applicativi e infrastrutturali securityaware (prevenzione, controllo, ...) Cosa vi serve per implementare la rete sicura Per tutti gli scenari: Desktop con Windows XP con sp2 Windows XP Professional Windows XP Service Pack 2 (gratuito) Office 2003 in funzione delle esigenze scenario A: Very Small (< 5 client) check-list prodotti e tecnologie SBS 2003 (include 5 licenze client) Exchange Server SP1 e IMF (gratuiti) servizio Microsoft Update (accesso web gratuito) per aggiornamento automatico server e client scenario B: Small (< 60 client circa) check-list prodotti e tecnologie SBS 2003 (include 5 licenze client + eventuali licenze per ulteriori client) versione standard sufficiente se rete single-server versione premium consigliata se rete multi-server eventuali Windows Server 2003 aggiuntivi (necessarie le sole licenze server) Exchange Server SP1 e IMF (gratuiti) servizio Microsoft Update (accesso web gratuito) per aggiornamento automatico server e client infrastruttura SUS/WUS (gratuito) se client numerosi scenario C: Medium (oltre 75 client) check-list prodotti e tecnologie Windows Server 2003 (con le relative licenze client) Exchange Server 2003 (con le relative licenze client) Exchange Server SP1 e IMF (gratuiti) ISA Server 2000/2004 (licenze per processor, no cal) eventuali Windows Server 2003 aggiuntivi (normalmente necessarie le sole licenze server) infrastruttura SUS/WUS (gratuito) PMI Security Checklist 1. Update your software If there's a patch available, install it. It's a simple way to avoid serious problems, yet many fail to do so. 2. Protect against viruses Companies large and small can be crippled by viruses. Make sure every company PC, server and laptop is fully protected. 3. Set up a firewall This isn't as intimidating as it sounds -- and it's the most important thing you can do to thwart hackers. 4. Tighten in-house security Not all threats are high-tech. A casual break-in or disgruntled employee can cause serious damage too. 5. Strengthen passwords If you or your employees use simple passwords and/or fail to change them regularly, your company is vulnerable. PMI Security Checklist 6. Backup critical data If the thought of losing everything stored in your computers terrifies you, there's a simple solution. Schedule regular back ups. 7. Embrace smart Web browsing Unscrupulous sites, as well as pop-ups and animations, can be dangerous. So can browsing from a server. 8. Safeguard wireless network They're a great innovation, but wireless networks are more vulnerable than cabled networks. Do all you can to reduce your exposure. 9. Connect remote users securely Remote access to your network may be a business necessity, but it's also a security risk you need to closely monitor. 10. Lock down servers Your servers are your network's command center. If your servers are compromised, your entire network is at risk. 11. Lock down clients A lack of stringent administrative procedures could sabotage all of the security safeguards you've just instigated. Per approfondire www.microsoft.com/smallbusiness/gtm/securityguidance/hub.mspx Altri riferimenti Microsoft Security Center Area Technet www.microsoft.com/technet/security/default.mspx Security Guidance Center (IT Pro) www.microsoft.com/security/ www.microsoft.com/italy/security/ www.microsoft.com/security/guidance/default.mspx Security Guidance Center (SMB) www.microsoft.com/smallbusiness/gtm/ securityguidance/hub.mspx Questions? © 2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.