Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×

How Microsoft Fights Off 100,000 Attacks A Month 169

Posted by Zonk from the more-power-to-em dept.
El Lobo writes to mention a ComputerWorld article about Microsoft's battles with the Hackers of the world. The software giant fights off more than 100,000 attacks every month, protecting their data-heavy internal network from the paws of your average script kiddie. The article discusses Microsoft's 'defense in depth' strategy, and discusses just some of the layers in that barrier. From the article: "The first layer of protection for the Microsoft VPN is two-factor authentication. After an infamous incident in the fall of 2000, Microsoft installed a certificate-based Public Key Infrastructure and rolled out smart cards to all employees and contractors with remote access to the network and individuals with elevated access accounts such as domain administrators. Two-factor authentication requires that you have something physical, in this case the smart card, and also know something, in this case a password."
This discussion has been archived. No new comments can be posted.

How Microsoft Fights Off 100,000 Attacks A Month More

How Microsoft Fights Off 100,000 Attacks A Month

Comments Filter:

  • Re:That's funny... (Score:3, Interesting)

    by mdm-adph ( 1030332 ) on Friday December 08, 2006 @01:14PM (#17163860)
    reminds me of the story from a long while back about a site touting the greatness of Windows Server Software (might have actually have been a Microsoft site) -- well, somebody gets an error message one day, and it turns out the site was running Apache on Unix.

  • what counts as an "attack"? (Score:5, Interesting)

    by Doctor Crumb ( 737936 ) on Friday December 08, 2006 @01:26PM (#17164018) Homepage
    Honestly, my own computers fight off thousands of "attacks" a month, if you lower the bar enough. Are there worms knocking on port 137? Or are these actual hackers with stolen passwords/passcards?

  • Re:How to fend of 100,000 attacks a month (Score:3, Interesting)

    by aliendisaster ( 1001260 ) on Friday December 08, 2006 @01:48PM (#17164320)
    Actually, they do...to a point:

    http://news.netcraft.com/archives/2003/08/17/wwwmi crosoftcom_runs_linux_up_to_a_point_.html [netcraft.com]
    (old article and I wasn't able to duplicate their test so it may have changed)

  • Re:Yahoo Ping Department (Score:4, Interesting)

    by binarybum ( 468664 ) on Friday December 08, 2006 @01:58PM (#17164440) Homepage
    huh, I almost always use ping www.yahoo.com when I'm testing a DNS.
        does everyone default to this for some reason that I'm not aware of? Is that what you're referring to?

  • Re:That's funny... (Score:3, Interesting)

    by slashwritr ( 1009921 ) on Friday December 08, 2006 @02:14PM (#17164678)
    I thought that those sites were actually Apple "enthusiast" sites, and they were running on Linux? This site [imagicweb.com] confirms it; the article was in 2004, though, and those sites might be on Apple servers now.

  • Remote Assistance Hole (Score:1, Interesting)

    by Anonymous Coward on Friday December 08, 2006 @02:27PM (#17164872)
    Having worked with M$ for a few months, I called tech support a few times and they all asked me to set the "Automatically accept requests" for remote desktop support, and all support people were from outside vendors outside of the country. Each time I refused to check it, but imagine all the people that did leave it checked for others to easily remotely control their machines.

  • Re:Yahoo Ping Department (Score:4, Interesting)

    by moore.dustin ( 942289 ) on Friday December 08, 2006 @02:35PM (#17164998) Homepage
    This is hilarious! I always ping yahoo.com when DNS testing too! I choose it because they have a reliable service and consistent response times.... and I never Yahoo! and I would not want to do this to a service/site I like/use :)

  • Re:I'm surprised... (Score:3, Interesting)

    by UnknowingFool ( 672806 ) on Friday December 08, 2006 @02:47PM (#17165168)
    I would think the article should be more appropriately titled: How Microsoft Implements VPN Security to Fend off 100,000 Attacks. I have no doubts that MS uses companys' solutions like routers and firewalls as part of their overall security. This article was all about VPN security.

  • 100k seems low (Score:3, Interesting)

    by xPsi ( 851544 ) on Friday December 08, 2006 @02:54PM (#17165262)
    100k attacks per month for Microsoft seems low to me. That is about 1 attack every 30 seconds. I'm not saying that this is a low number on an absolute scale, but it seems low for MS. I might have just assumed they were continuously under multiple attacks.

  • Re:How about the best step . . . (Score:2, Interesting)

    by diersing ( 679767 ) on Friday December 08, 2006 @03:09PM (#17165476)
    Thats great, as long as the people that use the vital data (executives, accounting, legal, sales, tech support, etc) don't need to get to the internet. Or do you have a kiosk set up that everyone queues up at?

    I've worked for two large (150,000+) Fortune 100 companies. One was a bank and the other... the other employeed scientest and lets just say their IP, is the lifeblood of the business. And in my experience, no one is interested is disconnecting the data, it just isn't feasible (simple, yes). With two factor authentication, an IDS, and regular auditing a good remote access system is, IMHO, safer then LAN access. If its designed and implemented well there is nothing to worry about.

    The thing you have to remember about information security is, if its not available to the users that are authorized, its considered down time and in most businesses, down time of the critical data is unacceptable.

  • Re:Over 100,000 every month (Score:5, Interesting)

    by Fred_A ( 10934 ) <fred@f r e d s h o m e . o rg> on Friday December 08, 2006 @03:37PM (#17165812) Homepage
    Actually I don't know how they count their attacks, but just attach a host to the network for a while and observe and you'll see automated attacks nonstop.
    On my LAN gateway I have had a continuous stream of background SSH and misc Windows services attacks for years plus the occasional attempt at something more creative. Taking each of these into account I could probably arrive at thousands, if not tens of thousands per month.
    I don't know how many machines MS has online but since the article doesn't really say what counts as an attack, the number seems to be ridiculously small.

  • Re:How about the best step . . . (Score:3, Interesting)

    by Oddscurity ( 1035974 ) * on Friday December 08, 2006 @03:50PM (#17165962)
    I've wondered about this update server before... does WinXP actually validate the stuff it downloads before installing it? Even if the update server is hard to compromise, some malware writer could have their malware auto-update by editing the hosts file.

  • Re:How to fend of 100,000 attacks a month (Score:5, Interesting)

    by Jerry ( 6400 ) on Friday December 08, 2006 @04:32PM (#17166472)
    A few days ago I used Netcraft to take a look at what Microsoft was using for its severs.
    There were 355 servers listed. A few are "unknow", a few more are "Solaris" and some I don't recognize, but at least 1/3rd of them are Linux.

  • Re:Balance? (Score:3, Interesting)

    by cswiger2005 ( 905744 ) <cswiger@mac.com> on Friday December 08, 2006 @05:18PM (#17167092) Homepage
    If you've run a honeynet, you'll find that you tend to see between ~300 and ~1500 or so "attacks" per IP address per day-- about 80% TCP-based, about 15% UDP-based, and about 5% ICMP-based. I'm not sure a simple ICMP ECHO_REQUEST qualifies as an "attack" (although there are plenty of security vendors who will claim it is, simply to inflate their numbers), but ICMP redirects which try to tell a host to send local traffic to a remote IP surely does qualify as a hostile attack.

    Assuming that there's about 1000 attacks per day on average, or 30K per month per IP, suggests that Microsoft only has three or four Internet-routable machines, which clearly isn't the case-- perhaps they are only counting attacks which make it through the front line of their existing firewalls, or they are aggregating a single source IP which launches the same viral payload against many destination IPs as a single "attack"...?

  • Re:How about the best step . . . (Score:3, Interesting)

    by jacksonj04 ( 800021 ) <nick@nickjackson.me> on Friday December 08, 2006 @06:13PM (#17167888) Homepage
    I don't believe so, as anyone can run a WUS server which keeps a local copy of updates for other machines on the domain to install. I've not read anything on the auth mechanisms used, but that doesn't mean there isn't something out there.

  • Re:How to fend of 100,000 attacks a month (Score:2, Interesting)

    by Anonymous Coward on Friday December 08, 2006 @08:15PM (#17169318)
    I believe this is because Akamai does load balancing for them. I was at one of their 'gatherings' and the search guys claimed they ran the whole system on windows boxes which was apparently quite the challenge as windows boxes have not been traditionally used in that manner.

Slashdot Top Deals

The hardest part of climbing the ladder of success is getting through the crowd at the bottom.

Close