Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Microsoft Fights Off 100,000 Attacks A Month

Posted by ryuzaki0 on from the more-power-to-em dept.

El Lobo writes to mention a ComputerWorld article about Microsoft's battles with the Hackers of the world. The software giant fights off more than 100,000 attacks every month, protecting their data-heavy internal network from the paws of your average script kiddie. The article discusses Microsoft's 'defense in depth' strategy, and discusses just some of the layers in that barrier. From the article: "The first layer of protection for the Microsoft VPN is two-factor authentication. After an infamous incident in the fall of 2000, Microsoft installed a certificate-based Public Key Infrastructure and rolled out smart cards to all employees and contractors with remote access to the network and individuals with elevated access accounts such as domain administrators. Two-factor authentication requires that you have something physical, in this case the smart card, and also know something, in this case a password."

23 of 169 comments (clear)

  1. 100,000 a month...? by bhunachchicken · · Score: 5, Funny

    So, who's doing the other 99,999 then...? :)

    --
    THE HONOUR OF THE KNIGHTS - CC Licensed Sci-Fi Novel
    1. Re:100,000 a month...? by hotdiggitydawg · · Score: 4, Funny

      My guess would be some fella called "Windows Update"...

  2. Thanks! by moore.dustin · · Score: 5, Funny

    Thanks for passing all those protection and security measures you develop to your customers! Wait a tic...

    --
    Invexi - a Phoenix, AZ based web design and web development company.
  3. How about the best step . . . by OverlordQ · · Score: 4, Insightful

    Keeping your vital data physically disconnected from the outside Internet. I know it'll cut off people who work remotely, but if it's that important, it's worth it.

    --
    Your hair look like poop, Bob! - Wanker.
    1. Re:How about the best step . . . by bugnuts · · Score: 4, Insightful

      MS is big, and vital data are distributed in not-so-vital chunks throughout the organization and in different ways.

      Combined, it's all vital. But imho, saying "just cut the plug on the network" is not feasible and horribly short-sighted. MS has several web applications, update servers, search engines... what are you saying again? You propose they cut all that off, too? The damage is just as bad (if not worse) if their update servers get hacked instead of their personnel database.

      Network security covers a little more than just "vital data".

  4. How to fend of 100,000 attacks a month by LatexBendyMan · · Score: 5, Funny

    They probably just run linux...

    1. Re:How to fend of 100,000 attacks a month by Savage-Rabbit · · Score: 4, Funny
      They throw Beowulf clusters of naked and petrified statues of Natalie Portman as hot grits run down their pants expect in Russia where they throw you when you're not welcoming your new overlords or when old people aren't using the Internet in Korea.


      Dude.... I wanted a quiet gathering of a few friendly clichés not a whole cliché convention!
      --
      Only to idiots, are orders laws.
      -- Henning von Tresckow
    2. Re:How to fend of 100,000 attacks a month by Jerry · · Score: 4, Interesting

      A few days ago I used Netcraft to take a look at what Microsoft was using for its severs.
      There were 355 servers listed. A few are "unknow", a few more are "Solaris" and some I don't recognize, but at least 1/3rd of them are Linux.

      --

      Running with Linux for over 20 years!

  5. That's funny... by stag_beetle · · Score: 5, Funny

    I thought the first thing you were supposed to do to protect against attacks was to ensure you aren't using Microsoft products in any part of your infrastructure...

  6. I'm surprised... by pdbaby · · Score: 4, Insightful

    The article seems to say they only use Microsoft solutions to provide their security.
    I'm surprised they don't even have a little something from RSA. Is their solution that good (jokes aside!), or are they just suffering from major Not Invented Here syndrome?

    --
    Global symbol "$deity" requires explicit package name at line 2. - If only $scripture started "use strict;"
    1. Re:I'm surprised... by db32 · · Score: 4, Insightful

      Do you honestly believe they would admit to using anything other than MS? Do you remember the noise that was made about their website being protected by a company using linux servers to protect it from denial of service stuff? Do you remember the noise that was made when that linux based company signed up with their silly streaming media shit and was able to stream windows media more efficiently from linux boxes than what equivilent Windows boxes could do? (The worst part about this was that it could only stream windows media content to windows computers, and linux clients could't do anything with the streaming media from the linux server).

      Give MS some credit...their Marketing/PR departments aren't stupid enough to talk about everyone else products used to secure their network, but I have a hard time believing that their technical folks are stupid enough to restrict themselves to MS products. I mean I have heard people explain to me how MS Proxy is the best proxy ever, or how that other stupid MS firewall/proxy/server thing is the best for boundary protection...but I assume those people will never work in security at a decent sized company for long if at all. MS products have their uses as much as I dislike many of them...but if I ever had anyone working for me try to use an MS product for something like boundary protection I would slap them, repeatedly, in front of the whole IT department.

      --
      The only change I can believe in is what I find in my couch cushions.
    2. Re:I'm surprised... by Da_Weasel · · Score: 4, Informative
      Not exactly. Here is a quote from a case study that Microsoft published regarding the migration of hotmail from FreeBSD to Windows 2000.


      "The original builders of the application created a two-tier architecture built around various UNIX systems. FreeBSD, a UNIX-like system similar to the Linux operating system, was used to run the front-end Web servers that handled login, Microsoft Outlook Express, and Web-based content delivery tasks."

      ...


      "During June and July of 2000, the Hotmail site was converted from FreeBSD running Apache Web services to Windows 2000 Server running Microsoft Internet Information Services 5.0."


      You can read the case study here: http://www.microsoft.com/technet/interopmigration/ case/hotmail/default.mspx

      --
      If you must!
    3. Re:I'm surprised... by bmajik · · Score: 5, Informative

      funny you mention that - all outbound internet traffic from Microsoft's internal network goes through...

      wait for it..

      Microsoft ISA Server.

      There may be other stuff out in front of that, but I have no evidence that there is.

      I happen to dislike ISA server - because all of my traffic to the outside world goes through it, and if i notice it, its because it did something i didn't like (like forgot how to resolve hostnames - that's pretty common). I used to complain about it every day.. i'd say stuff like "ISA server makes me want to quit my job" or "maybe i could buy a 28.8 modem and get reliable fast internet access while at work). But, ISA server has gotten a lot better and the # of times a week I curse my existance has gone way down. I'll complain to co-workers that "there is no excuse for this - i've run Squid before and there are never any problems", but to be honest, i've never run a squid cluster with over 100 nodes serving over 100,000 PCs, so its not precisely apples to apples. And i've never put pre-production Squid code into a production environment -- which is exactly what we do with everything we make. My inbox has been on beta exchange for months, and over half the domain controllers here in Fargo are running Longhorn server builds.

      Same thing with wireless. We deployed WPA before most of the outside world had heard of it. Internally, it was the only way to get wireless at all. If your device didn't do WPA, you didn't get to connect.

      There are a few well-known "MS uses linux!!!!@#$!@#$ OMGZORZ!!!" stories out there, so i'll address the ones i am familiar with

      MS uses Linux to host MS.Com

      False. Microsoft.Com runs on windows servers. Microsoft has contracted with akamai to do geocaching of various web properties, and akamai uses linux to a large extent. This is why when you look at some MS.Com "machines" with tools like nmap, they'll come back as Linux boxes. they aren't MS machines, they aren't in any MS datacenter, and they aren't MS managed.

      Hotmail is all linux

      False. Hotmail was never linux. Hotmail has a distributed architecture, and at the time of acquisition, the front end machines were FreeBSD, and the back ends were Ultra enterprise 4500s. Eventually, the FE's were moved to Windows Server. My understanding is that they tried the transision using NT4 and it was miserable, and tried again with W2k and it was much much better. Eventually, all the Fe's got moved onto one of the server products (i dont remember if it was w2k or w2k3 before it was "done") and the hotmail capacity went UP.. i.e. re-writing the hotmail stuff natively for the new windows based platform has allowed hotmail to run more efficiently on less hardware, with lower management costs. The backend machines were still enormous sun boxes last time i asked about it a few years ago.. for a few reaons. 1) the investment in those was huge 2) the filesystem was completely customized for the application. I wouldn't be surprised if the back ends have also moved off of Sun machines. The back end boxes apparently did almost nothing with CPUs.. but lots and lots of disk IO. The custom filesystem is probably the biggest reason that moving back ends didn't happen earlier.

      It's important to Microsoft to run our own stuff everywhere we can, because it demonstrates to customers that the product can meet their capacity needs, and because real world use is the best test of big complex systems. There are a few things we are NOT self hosting on yet - for instance, I am in the Business Division and while we sell a variety of ERP programs (from companies we've acquired), we still use 3rd party ERP systems to run "Microsoft, the Company". Those of you with ERP experience will understnad that this is not something you transition "over nite" or "just because". It is a goal for us in the Business Division to move MS onto our ERP stuff internally - it adds additional credibility to our products when we can tell customers "it can run Microsoft, so it can probably run your stuff". And our competitors _love_ saying things like "why buy MS's version of blah, they dont even use it themselves!"

      --
      My opinions are my own, and do not necessarily represent those of my employer.
  7. Re:ok, sure .. .this is somehow news because by GeckoX · · Score: 4, Insightful

    Where did it mention that MS is doing anything groundbreaking or revolutionary here?

    This is simply an article about how MS, arguably the most targeted entity out there, secures their business.

    Further, it appears to work very well for them, without sacrificing their employees ability to work.

    Really, what are you trying to say here? Should it require 3 people and 2 keys to log into your office over VPN every day to get some work done? Somehow I thing not, but that still leaves me wondering what is your point?

    --
    No Comment.
  8. what counts as an "attack"? by Doctor+Crumb · · Score: 5, Interesting

    Honestly, my own computers fight off thousands of "attacks" a month, if you lower the bar enough. Are there worms knocking on port 137? Or are these actual hackers with stolen passwords/passcards?

  9. Balance? by Rob+T+Firefly · · Score: 4, Insightful
    The software giant fights off more than 100,000 attacks every month
    I wonder how the number of attacks on other sites enabled by botnets of compromised Windows machines compares to this. Are they taking more or less than their software dishes out to the rest of the world?
    --
    Slashdot Burying Stories About Slashdot Media Owned
  10. Yahoo Ping Department by suso · · Score: 4, Funny

    Tommorow we're going to hear from the ping department at Yahoo.

    I always wondered what they do with all those echo requests.

    1. Re:Yahoo Ping Department by Da_Weasel · · Score: 4, Funny

      They are building up a stock pile of pings. It's all part of a diabolical plan to rule the universe through their pingopoly. Soon we shall all bow before their pingy-ness-ish-ness. Those who obey their pingy commands will recieve their daily ration of echo packets, everyone else will be left wanting... MMWhhaAHahHAhahahAHahahHAh!!!!

      --
      If you must!
  11. Marketting Material by dave562 · · Score: 5, Informative
    That article wasn't very informative. It only talks about the security functionality offered by Microsoft products (specifically VPN/ISA and Exchange). It doesn't even address what kind of attacks are being launched against the company beyond the typical "Virus emails." In other words, it's just thinly disguised marketting material put out under a header that seems interesting.

    I wonder how they got to the 100,000 number. If you count port scans and IP spoofs then my home network sees thousands of attacks every month.

  12. Statistics...gotta 'luv em by djupedal · · Score: 5, Funny

    The software giant fights off more than 100,000 attacks every month, protecting their data-heavy internal network from the paws of your average script kiddie.

    If MS is using the routine fuzzy-math they tend to throw out when attempting to make the company seem more powerful and dominating than is backed up by reality, the '100,000 attacks' could be 99,999 pieces of spam email and one ping-flood.

    See, this is how MS routinely tries to brainwash Joe and Jane consumer. Toss out a statistic that is impossible to verify, along with just enough verbal imagery to impress non-tech savvy spenders and you're on your way to profitsville!

    'data-heavy internal network...' That is some pretty shiny bull-shit, by the way...data-heavy! As opposed to what? I can see those steel grey towering industrial strength routers, embedded into solid concrete bunkers, laced with 50 cm MIL spec reinforcing bar that is tied deep in bedrock, far below the cavernous data centers the brave MS engineers toil without end to feed, with miles and miles of 1 meter thick ethernet cables, snaking like giant blood veins, throbbing quietly as the beast that is MS R&D works around the clock for the good of mankind.

    Makes me proud to be an American, I 'tell ya!

  13. They use bees by Overly+Critical+Guy · · Score: 4, Funny

    Microsoft sends care packages of bees to hackers. Leaked internal memos suggest turmoil amongst executives who can't decide if they should send more bees or just pull out entirely. A study group has determined that Microsoft should begin talks with various hacker groups as a diplomatic means of ending the bloodshed, but few believe that it will stop the attacks or the need for more bees. Many mourn for the loss of the bees, who die upon losing their stingers, while others point out that these are volunteer bees and that it's to be expected.

    --
    "Sufferin' succotash."
    1. Re:They use bees by kkwst2 · · Score: 5, Funny

      African or European?

  14. Re:Over 100,000 every month by Fred_A · · Score: 4, Interesting

    Actually I don't know how they count their attacks, but just attach a host to the network for a while and observe and you'll see automated attacks nonstop.
    On my LAN gateway I have had a continuous stream of background SSH and misc Windows services attacks for years plus the occasional attempt at something more creative. Taking each of these into account I could probably arrive at thousands, if not tens of thousands per month.
    I don't know how many machines MS has online but since the article doesn't really say what counts as an attack, the number seems to be ridiculously small.

    --

    May contain traces of nut.
    Made from the freshest electrons.