How Microsoft Fights Off 100,000 Attacks A Month 169
El Lobo writes to mention a ComputerWorld article about Microsoft's battles with the Hackers of the world. The software giant fights off more than 100,000 attacks every month, protecting their data-heavy internal network from the paws of your average script kiddie. The article discusses Microsoft's 'defense in depth' strategy, and discusses just some of the layers in that barrier. From the article: "The first layer of protection for the Microsoft VPN is two-factor authentication. After an infamous incident in the fall of 2000, Microsoft installed a certificate-based Public Key Infrastructure and rolled out smart cards to all employees and contractors with remote access to the network and individuals with elevated access accounts such as domain administrators. Two-factor authentication requires that you have something physical, in this case the smart card, and also know something, in this case a password."
Re:That's funny... (Score:3, Interesting)
what counts as an "attack"? (Score:5, Interesting)
Re:How to fend of 100,000 attacks a month (Score:3, Interesting)
http://news.netcraft.com/archives/2003/08/17/wwwm
(old article and I wasn't able to duplicate their test so it may have changed)
Re:Yahoo Ping Department (Score:4, Interesting)
does everyone default to this for some reason that I'm not aware of? Is that what you're referring to?
Re:That's funny... (Score:3, Interesting)
Remote Assistance Hole (Score:1, Interesting)
Re:Yahoo Ping Department (Score:4, Interesting)
Re:I'm surprised... (Score:3, Interesting)
100k seems low (Score:3, Interesting)
Re:How about the best step . . . (Score:2, Interesting)
I've worked for two large (150,000+) Fortune 100 companies. One was a bank and the other... the other employeed scientest and lets just say their IP, is the lifeblood of the business. And in my experience, no one is interested is disconnecting the data, it just isn't feasible (simple, yes). With two factor authentication, an IDS, and regular auditing a good remote access system is, IMHO, safer then LAN access. If its designed and implemented well there is nothing to worry about.
The thing you have to remember about information security is, if its not available to the users that are authorized, its considered down time and in most businesses, down time of the critical data is unacceptable.
Re:Over 100,000 every month (Score:5, Interesting)
On my LAN gateway I have had a continuous stream of background SSH and misc Windows services attacks for years plus the occasional attempt at something more creative. Taking each of these into account I could probably arrive at thousands, if not tens of thousands per month.
I don't know how many machines MS has online but since the article doesn't really say what counts as an attack, the number seems to be ridiculously small.
Re:How about the best step . . . (Score:3, Interesting)
Re:How to fend of 100,000 attacks a month (Score:5, Interesting)
There were 355 servers listed. A few are "unknow", a few more are "Solaris" and some I don't recognize, but at least 1/3rd of them are Linux.
Re:Balance? (Score:3, Interesting)
Assuming that there's about 1000 attacks per day on average, or 30K per month per IP, suggests that Microsoft only has three or four Internet-routable machines, which clearly isn't the case-- perhaps they are only counting attacks which make it through the front line of their existing firewalls, or they are aggregating a single source IP which launches the same viral payload against many destination IPs as a single "attack"...?
Re:How about the best step . . . (Score:3, Interesting)
Re:How to fend of 100,000 attacks a month (Score:2, Interesting)