Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Security Whitepaper

Posted by michael on from the security-through-asset-classes dept.

An anonymous reader writes "Microsoft last week published a document on its Web site that describes how the company manages security on its own 300,000 node corporate network. The document is basically a dry discussion of IT risk management strategy, with lots of references to 'asset classes' and 'stakeholders,' and about five, nearly identical 'cycle of life' type diagrams showing how one risk management strategy leads to the next and so on, in a never-ending process. However, the document does open a window on how the biggest, richest software company in the world does security: from the deployment of 65,000 smart cards (let's see, at $50 a piece, that comes to....?), to MS's admission that 'there is a medium to high probability that within the next year, a successful attack will occur that could compromise the High Value and/or Highest Value data class.' According to the document, that includes things such as source code or human resources data."

3 of 269 comments (clear)

  1. Somebody hack into Windows Source Code? by Anonymous Coward · · Score: 0, Troll

    Hmm, if somebody did hack in and gain access to the window's source code, I hope they make it public, So I can look at it and learn how not to program.

    Alternatively once it was on the internet it'd be a global game of keep away, plus imagine all of the new vulnerabilities that would be discovered, there'd be a code red every 2 days! Then maybe people might start taking security seriously.

  2. they ALREADY have had a compromise in souce by twitter · · Score: 0, Troll
    Didn't those Russian hackers get ahold of some of their "highest" value data, namely the entire source tree for one of their operating system versions?

    Sure, already hacked is 100% probability of being hacked. Yep, someone in Russia got their XP source. Then M$ sold the former KGB and Communist China the whole package, despite having sworn in the anti-trust suit that such a thing constituted a national security risk. I'm not sure what they think they are gaurding, but it's true that there is a high probability that their boxes will be owned, like 1::1.

    What you and I might see as a misserable admision of failure, M$ would like to push as "Bussiness as Normal". "You can't stop the hackers" they will tell you with their hands in the air as if it's impossible to keep sensitive information to yourself. This is nonsense.

    There are many ways to do this including decoy data made from hashing the real data and keeping sensitive data off externally connected networks. The most important thing is to make sure there are no weak links in your chain. Real security involves understanding assets, training personel and proper network architecture.

    Something as easy to own an impossible to verify, like Microsoft junk, has no place in a secure environment. Even a machine used as a decoy can be owned and used against you in ways you did not expect. If Microsoft themselves can't make it work, no one can.

    --

    Friends don't help friends install M$ junk.

  3. Re:Microsoft is its (only) good customer by The+Bungi · · Score: 0, Troll
    Oh wow, "kid". that's quite the quippy comeback.

    Thanks for playing.