Network admins get peek at Microsoft's security

The software giant has learned from online threats, its information technology manager tells Security Summit attendees.

Stay on top of the latest tech news with our free IT News Digest e-newsletter, delivered each weekday. Automatically sign up today!

By Robert Lemos
Staff Writer, CNET

SAN FRANCISCO—Microsoft's top network security manager appeared at a company road show Tuesday to let other administrators know what the software giant is doing to help keep corporate networks safe.

Speaking at Microsoft's Security Summit, a 20-city tour to showcase the software giant's latest technologies regarding Internet threats, , corporate vice president for Microsoft's Services and IT unit, highlighted improvements in the company's software and told how those improvements had been incorporated into Microsoft's own networks.

Perhaps the biggest change regarding security at Microsoft is that the issue has clout now, Devenuti said. The information technology group now has the power to hold up development or cut off someone's network access, he said.

"If a user doesn't do what I want them to do, we whack them off the network," he said. Devenuti's IT group is also one of the last Microsoft groups to sign off on a product before it is released. The group just gave the go-ahead to Microsoft's Internet Security & Accelerator (ISA) Server 2004, which is due out in the coming weeks, he said.

The significance of security in the decision-making process is only one of the changes that has happened at Microsoft since the company kicked off more than two years ago. In the past year, Microsoft has continued educating its developers, and for older versions of Windows.

The Security Summit is the company's latest education initiative. By year's end, Microsoft hopes to in how to better protect their systems.

Although Microsoft has changed under the Trustworthy Computing Initiative, many problems remain. In April, the company for Windows that fixed at least six critical flaws in the operating system. Less than three weeks later, the , taking advantage of one of the flaws on unpatched systems to spread.

Internally, Microsoft has also changed many of its practices to protect itself from threats like Sasser, Devenuti said.

Microsoft developers are now required to use virtual private networks, or VPNs, to connect to development servers in order to isolate and protect the systems from the general network. The infected the company's internal networks, because many development systems didn't have the latest patches.

Microsoft has taken a similar step in regard to its wireless networks, creating better wireless technology in Windows that makes possible a private network using an encryption technology known as 802.1x. Microsoft made the switch after the release of , a tool that can be used to recover wireless encryption keys on systems that use the default wireless security.

"That tool (AirSnort) released on the Internet fundamentally changed the security environment," Devenuti said. Microsoft plans to make such wireless security features easier for outside companies to use in Windows.

The software giant will also release for Windows XP and for Windows 2003. Those much-anticipated updates will add more security to the operating systems.

Editor's Picks

Free Newsletters, In your Inbox