How Microsoft Fights Off 100,000 Attacks A Month 169
El Lobo writes to mention a ComputerWorld article about Microsoft's battles with the Hackers of the world. The software giant fights off more than 100,000 attacks every month, protecting their data-heavy internal network from the paws of your average script kiddie. The article discusses Microsoft's 'defense in depth' strategy, and discusses just some of the layers in that barrier. From the article: "The first layer of protection for the Microsoft VPN is two-factor authentication. After an infamous incident in the fall of 2000, Microsoft installed a certificate-based Public Key Infrastructure and rolled out smart cards to all employees and contractors with remote access to the network and individuals with elevated access accounts such as domain administrators. Two-factor authentication requires that you have something physical, in this case the smart card, and also know something, in this case a password."
How about the best step . . . (Score:4, Insightful)
I'm surprised... (Score:4, Insightful)
I'm surprised they don't even have a little something from RSA. Is their solution that good (jokes aside!), or are they just suffering from major Not Invented Here syndrome?
ok, sure .. .this is somehow news because (Score:4, Insightful)
Re:ok, sure .. .this is somehow news because (Score:5, Insightful)
This is simply an article about how MS, arguably the most targeted entity out there, secures their business.
Further, it appears to work very well for them, without sacrificing their employees ability to work.
Really, what are you trying to say here? Should it require 3 people and 2 keys to log into your office over VPN every day to get some work done? Somehow I thing not, but that still leaves me wondering what is your point?
Seems unlikely that they'd run Linux (Score:3, Insightful)
Re:How about the best step . . . (Score:5, Insightful)
Combined, it's all vital. But imho, saying "just cut the plug on the network" is not feasible and horribly short-sighted. MS has several web applications, update servers, search engines... what are you saying again? You propose they cut all that off, too? The damage is just as bad (if not worse) if their update servers get hacked instead of their personnel database.
Network security covers a little more than just "vital data".
Balance? (Score:5, Insightful)
Re:I'm surprised... (Score:5, Insightful)
Give MS some credit...their Marketing/PR departments aren't stupid enough to talk about everyone else products used to secure their network, but I have a hard time believing that their technical folks are stupid enough to restrict themselves to MS products. I mean I have heard people explain to me how MS Proxy is the best proxy ever, or how that other stupid MS firewall/proxy/server thing is the best for boundary protection...but I assume those people will never work in security at a decent sized company for long if at all. MS products have their uses as much as I dislike many of them...but if I ever had anyone working for me try to use an MS product for something like boundary protection I would slap them, repeatedly, in front of the whole IT department.
Re:ok, sure .. .this is somehow news because (Score:4, Insightful)
It works well in some limited instances, but I shudder to think of the possibilities if it's ever adopted on a wide scale.
100,000 is very low for automated attacks (Score:4, Insightful)
Re:Yahoo Ping Department (Score:3, Insightful)
I know everyone here always does ping yahoo.com to test DNS/network connections.
We also ping google.com somtimes too
I feel bad for them
Re:ok, sure .. .this is somehow news because (Score:1, Insightful)
Re:ok, sure .. .this is somehow news because (Score:3, Insightful)
Re:How to fend of 100,000 attacks a month (Score:3, Insightful)