{"id":1434,"date":"2007-12-13T23:39:37","date_gmt":"2007-12-13T22:39:37","guid":{"rendered":"http:\/\/www.darrenstraight.com\/blog\/2007\/12\/13\/microsoftcom-whats-the-story\/"},"modified":"2007-12-13T23:39:37","modified_gmt":"2007-12-13T22:39:37","slug":"microsoftcom-whats-the-story","status":"publish","type":"post","link":"https:\/\/www.darrenstraight.com\/blog\/2007\/12\/13\/microsoftcom-whats-the-story\/","title":{"rendered":"Microsoft.com: What’s the story?"},"content":{"rendered":"

If you’ve ever wondered how microsoft.com<\/a> uses\u00a0their technology then you’ll be interested in this post<\/a> from Jeff Alexander<\/a> an\u00a0IT Pro Evangelist for\u00a0Microsoft Australia. Though unfortunately Jeff’s blog seems to be down at the moment or better said nonexistent as visiting his blog will get the following message (The forum you requested does not exist.), I’ve still got a cached copy of the post so for the time being you can read the main points below thanks to Jeff and his information gathering from the people over at the Operations team<\/a> at Microsoft.com.<\/p>\n

At this point we still don’t use firewalls for MS.COM sites and don’t have any plans on the books to put them in place.\u00a0 Here is the short answer as to why:<\/p>\n

    \n
  1. We don’t handle HBI data so we don’t have the need for external logging capabilities.\u00a0 If we did handle HBI, we’d have firewalls.<\/li>\n
  2. We have ~650GB\/day of IIS logs just for www.microsoft.com<\/a> and update.microsoft.com (not including the 6GB\/hour for each download server).\u00a0 Just IIS logs are a challenge without trying to parse another ~650GB of firewall logs.\u00a0<\/li>\n
  3. 5+ years ago, there wasn’t a firewall solution that would scale to our needs and this forced us to focus on network, host, and application security.\u00a0 Based on the success of that work, we’ve not looked further at firewalls even though there are solutions that I believe (haven’t tested) would handled the traffic load (our non-download based web traffic alone can be in the 8-9 Gbps range and ~30 total for internal hosted traffic).<\/li>\n
  4. We also used NLB for load balancing exclusively up until July 2006 and the micro segmentation of networks required by that solution made firewalls an expensive and very complex solution.\u00a0 Again, especially at the scalability that used to be available.<\/li>\n
  5. Application security is critical since a firewall is likely going to allow traffic on the correct port and protocol through to the web servers so IIS\/ASP.NET\/Applications must deal with these requests gracefully.\u00a0 I realize there are other options\/features of firewalls\/IPS that provide other options.<\/li>\n<\/ol>\n

    In terms of how we protect the sites, we utilize (starting at the outside edge of the network and working in):<\/p>\n

      \n
    1. Cisco Guards for DoS detection and automated response<\/li>\n
    2. Router ACLs are in place to block unnecessary ports<\/li>\n
    3. NetScalers for www.microsoft.com<\/a> and MSDN\/TechNet (NLB still for update.microsoft.com) and those also provide DoS protection inherently as well as providing a few other knobs we can turn when required.<\/li>\n
    4. Windows and IIS…rock solid and secure!\u00a0 www.microsoft.com<\/a> is on Windows Server 2008\/IIS7, MSDN\/TechNet are migrating to Win2k8\/IIS7, and update.microsoft.com is on Windows Server 2003\/IIS6.\u00a0 We do all the normal shut-off-unused-services practices that line up with MS published security guidance and we utilize GFS images to ensure standardized builds of systems.<\/li>\n
    5. Automated Netmon\/Perfmon captures for attack analysis on NLB systems when SYN floods occur (event trigger).\u00a0 We’ve not yet done this for NetScaler systems, but we are noodling on how in our copious spare time :).<\/li>\n
    6. We do run AV on our servers when we can.\u00a0 At times product adoption means we don’t install it, but we do normally run AV.<\/li>\n
    7. Application security as mentioned.\u00a0 ACE is very good resource for this aspect.\u00a0 ACE is an internal team that does threat modelling for applications.<\/li>\n<\/ol>\n<\/blockquote>\n","protected":false},"excerpt":{"rendered":"

      If you’ve ever wondered how microsoft.com uses\u00a0their technology then you’ll be interested in this post from Jeff Alexander an\u00a0IT Pro Evangelist for\u00a0Microsoft Australia. Though unfortunately Jeff’s blog seems to be down at the moment or better said nonexistent as visiting his blog will get the following message (The forum you requested does not exist.), I’ve still got a cached copy<\/p>\n

      <\/div>\n
      Continue reading “Microsoft.com: What’s the story?”<\/span> <\/i> <\/a> <\/div>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-1434","post","type-post","status-publish","format-standard","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/www.darrenstraight.com\/blog\/wp-json\/wp\/v2\/posts\/1434","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.darrenstraight.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.darrenstraight.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.darrenstraight.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.darrenstraight.com\/blog\/wp-json\/wp\/v2\/comments?post=1434"}],"version-history":[{"count":0,"href":"https:\/\/www.darrenstraight.com\/blog\/wp-json\/wp\/v2\/posts\/1434\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.darrenstraight.com\/blog\/wp-json\/wp\/v2\/media?parent=1434"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.darrenstraight.com\/blog\/wp-json\/wp\/v2\/categories?post=1434"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.darrenstraight.com\/blog\/wp-json\/wp\/v2\/tags?post=1434"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}