It is not a new concept: The secure way is only secure if it is the easiest way. I have seen a lot of solutions which are extremely secure – in the eyes of the security people. However, the users find a lot of ways to circumvent the security measures because they are too complex to fulfill the business needs or it is simply not possible to run a business within the limits of the security policies. Do not get me wrong: Security always comes with a certain level of inconvenience – but the question is always whether we are able to find the balance between usability, the business needs and the risk management of a company.

Butler Lampson, a Technical Fellow with Microsoft Research, wrote an article on ACM called Usable Security: How to Get It which is definitely worth reading.

Roger

This is a nice feature – on this page http://www.microsoft.com/windowsazure/support/status/servicedashboard.aspx we show the current state of our Azure services. This is the kind of transparency (on the operations’ side) we need. There is much more needed with regards to process transparency but this is a great first step

Roger

To be clear upfront: This is not a “Microsoft versus Google” post. I cannot even judge how far Google pushed security with the Chrome OS. But the following article raised quite some questions how we look at security: Inside the Google Chrome OS security model. This article, like so many when security of an Operating System is to be discussed, is completely feature driven. So, we talk about Process Sandboxing, Toolchain Hardening, Kernel Hardening etc. But how relevant is this really?

Do not get me wrong: It is. But these features have to be the result of an engineering process. These features have to be designed to reduce a certain threat vector – a possible attack scenario and they have to be laid out in a way to reduce this vector. I recently had a discussion with somebody who wanted me to convince about their security software. My very first question was: How do you develop software? The answer was: We have a great CTO and good developers which engineer our software. My next question: OK, how do you do Threat Modeling? Answer: Our CTO does this since years and knows everything in and out…

To me Threat Modeling and a transparency with regards to the development process is key! Why shall I trust features? I have to know why and how they are engineered. I need process transparency – and not necessarily code transparency. There is no way I can review code. I am not a security development specialist on the one hand side nor do I have the time to look through the code anyway. The only thing I can build my trust on is the engineering and the response processes.

So, why do we not rather raise a process discussion than a feature discussion? When we had the initial press conference about SafeCode , I was asked a pretty interesting question by an analyst: As SafeCode is about sharing best practices with regards to secure development, other vendors who do not use such processes will become a target. Yes, and now? The industry has to learn that engineering and development processes are much more important than features! We use our Security Development Lifecycle – will this lead to absolutely secure code? No, not at all but to a much, much higher bar. We have great examples where we can show that this does not only reduce the number of code defects but also to a better defense framework adopting defense in depth concepts. This is what we need. Let’s shift the discussion from features to processes!

And a final comment: This discussion is even more important in the cloud!

Roger

Our EMEA Security Program Manager, Henk van Roest, started this series internally and with his consent I am publishing it here in my blog as I think it contains a lot of great information for you to use.

Use these Learning Paths to find a range of Microsoft training references and resources on security threats and appropriate countermeasures. Learning resources are organized by level (from basic to expert) and provide information on the planning, prevention, detection, and response phases of security implementation.

Threat and Vulnerability Mitigation Learning Resources:

http://technet.microsoft.com/en-gb/security/cc895218.aspx

Learn about security technologies that offer defense-in-depth protection against attacks and provide customers with central visibility and control of the security environment. These applications include defenses such as firewalls; antivirus, anti-spyware, and anti-spam software; network access protection; and others.

Security Fundamentals:

Combine Microsoft technology with tools and guidance to help build a secure foundation for your IT infrastructure. Learn about technologies intrinsic to the operating system that help make computers more resilient to attacks and provide the foundation upon which you can build your other technology investments.

http://technet.microsoft.com/en-gb/security/cc895262.aspx

Managing Updates and Safeguarding Your Systems:

The exploitation of security vulnerabilities in operating systems and application software can lead to loss of revenue and intellectual property. Having properly configured systems, using the latest software, and installing the recommended software updates can help you mitigate this threat. Use the resources in this learning path to help you manage updates and simplify the task of protecting your systems.

http://technet.microsoft.com/en-gb/security/cc513135.aspx

-----------------------------------------------------------------------------------------------------------------------------

The IT Infrastructure Threat Modelling Guide is now available.

Organizations today face an increasing number of threats to their computing environments. You need a proactive approach to assist you in your efforts to protect your organization's assets and sensitive information. This guide provides an easy-to-understand method that enables you to develop threat models for your IT environment and prioritize your investments in IT infrastructure security.

This Solution Accelerator includes a Microsoft Word document that helps IT professionals develop and implement threat models for their IT environments, and a Microsoft PowerPoint® presentation that is designed for use in a learning or lecture environment to present the concept of IT infrastructure threat modelling. These materials are designed to help IT professionals accomplish the following:

• Provide use case scenarios for each component to be threat modelled.
• Identify threats that could affect their organizations’ IT infrastructures.
• Discover and mitigate design and implementation issues that could put IT infrastructures at risk.
• Prioritize budget and planning efforts to address the most significant threats.
• Conduct security efforts for both new and existing IT infrastructure components in a more proactive and cost-effective manner.

You definitely have heard of COFEE (Computer Online Forensic Evidence Extractor) which we make freely available to Law Enforcement through Interpol and NW3C. Now, the probably unavoidable happened and the tool leaked to the Internet. There was actually an interesting statement by ArsTechnica yesterday: Chances are you won't have any use for the tool, but pirates get a thrill from having something they shouldn't, and a forensics tool only distributed to police departments around the world is pretty high up on the list of things you shouldn't have on your computer.

To make our point clear, let me quote Richard Boscovich, senior attorney, Internet Safety at Microsoft Corporation:

We have confirmed that unauthorized and modified versions of Microsoft’s COFEE tool have been improperly posted to bit torrent networks for public download.  We strongly recommend against downloading any technology purporting to be COFEE outside of authorized channels – both because any unauthorized technology may not be what it claims to be and because Microsoft has only granted legal usage rights for our COFEE technology for law enforcement purposes for which the tool was designed.                                                                                                

Note that contrary to reports, we do not anticipate the possible availability of COFEE for cybercriminals to download and find ways to ‘build around’ to be a significant concern.  COFEE was designed and provided for use by law enforcement with proper legal authority, but is essentially a collection of digital forensic tools already commonly used around the world.  Its value for law enforcement is not in secret functionality unknown to cybercriminals, its value is in the way COFEE brings those tools together in a simple and customizable format for law enforcement use in the field.

In cooperation with our partners, we will continue to work to mitigate unauthorized distribution of our technology beyond the means for which it’s been legally provided and, again, would strongly discourage people from downloading unauthorized versions of the tool.  As always, law enforcement wishing to use COFEE can safely get the latest released version of the tool free of charge through the established channels with both NW3C and INTERPOL by contacting NW3C at www.nw3c.org or INTERPOL at cofee@interpol.int.

So, to be clear: It is not “only” illegal but it is modified as well. Do you really want to install that?

Roger