Welcome to the Microsoft Security Newsletter - a monthly newsletter for IT professionals and developers bringing security news, guidance, updates, and community resources direct to your inbox. If you have suggestions or comments about the Microsoft Security Newsletter, please send us your feedback. To view an online version of this newsletter, please click here. If you would like to receive less technical security news, guidance and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter.
Viewpoint
|
|
By Joel Oleson, Sr. Technical Product Manager, Microsoft Office Servers
Whether you’re building a secure intranet library with sensitive documents, a DMZ-based extranet deployment, or a high-scale Internet environment, you’ll be pleased to find Microsoft Office SharePoint Server 2007 is a rock-solid platform with open authentication and membership providers and rich and flexible auditing and compliance capabilities.
|
Top Stories
|
|
In its latest research report, Symantec noted that when it comes to widely used operating systems, Microsoft is doing better overall than its leading commercial competitors. The information was a part of Symantec's 11th Internet Security Threat Report. The report covered a huge range of security and vulnerability issues over the last six months of 2006 (including operating systems), finding that Microsoft Windows had the fewest number of patches and the shortest average patch development time of the five operating systems it monitored in the last six months of 2006.
|
|
|
Microsoft Office SharePoint Server (MOSS) 2007 provides a number of new features that can help you implement effective security in your organization without adding a lot of management overhead. Even better, the features are very flexible, allowing a lot of customization that ensures users can access just the information they need.
|
|
|
Microsoft Forefront Security for SharePoint integrates multiple scan engines from industry-leading vendors and provides content controls to help businesses protect their Microsoft Office SharePoint 2007 and Microsoft Windows SharePoint Services 3.0 collaboration environments from documents containing malicious code, confidential information, and inappropriate content. Experience its features for yourself with this free trial.
|
|
|
Microsoft Forefront Server Security Management Console allows administrators to easily manage Forefront Security for Exchange Server, Forefront Security for SharePoint, and Microsoft Antigen, providing a Web-based console to centralize configuration and operation; automate the download and distribution of signature and scan engine updates; and generate comprehensive reports. Register now to download a free trial.
|
Security Guidance
|
|
By Joe Licari, Director, Microsoft Security Product Management
Learn how to safely access SharePoint portals from anywhere at any time by combining the Microsoft Intelligent Application Gateway 2007 with Microsoft Forefront Security for SharePoint.
|
|
|
Through tight integration with Exchange Server and SharePoint products and technologies, Microsoft Forefront Security for Exchange Server and Microsoft Forefront Security for SharePoint offer a number of valuable benefits, including improved manageability, performance, and security. This paper describes these benefits at a high level.
|
|
|
This document details the recommended settings to use when configuring Microsoft Forefront Security for SharePoint (FSSP). Following these recommendations should result in the best possible configuration for your system, thus preventing harm to your infrastructure.
|
|
|
This guide provides instructions for deploying Microsoft Office SharePoint Server 2007 in a Microsoft Windows Rights Management Services (RMS) with Service Pack 2 environment. It includes the necessary information for installing and configuring RMS, installing and configuring Office SharePoint Server 2007 in the newly created RMS infrastructure, and verifying that Office SharePoint Server 2007 documents can be rights-protected and consumed.
|
|
|
Explore this technical library for guidance on secure topology design checklists, planning for secure communications with a server farm, and planning for security hardening for server roles within a server farm.
|
|
|
This article provides server design checklists, including topology and logical architecture, and information on security hardening for server roles and secure configurations for Microsoft Office SharePoint Server 2007 features. These features include four environments: an internal team or department, an internal IT-hosted environment, an external secure collaboration environment, and an external anonymous access environment.
|
|
|
This chapter from the Windows SharePoint Services 3.0 technical library provides a methodical approach to building security into your solution design for Microsoft Windows SharePoint Services 3.0. Practical, secure configurations for specific server roles are explained. The guidance for each server role includes recommended secure settings for the network, the operating system, and the applications that are installed, including Internet Information Services (IIS), Microsoft ASP.NET Framework, and Microsoft SQL Server.
|
|
|
Forefront for SharePoint is designed to protect servers running Microsoft Office SharePoint Portal Server 2007 or Microsoft Windows SharePoint Services 2007. Both versions run on either the 32-bit or 64-bit version of the SharePoint server and have identical functionality. Read this user guide for installation instructions and information on Forefront Security for SharePoint Services, administration options, scan options, reporting, and much more.
|
|
|
The Microsoft Forefront Security for SharePoint MOM 2005 Management Pack supplies critical events and alerts on virus and worm activity to MOM 2005.
|
|
|
InfoPath 2007 helps protect users against potential threats posed by maliciously authored form templates. This MSDN Library article offers best practices for developers of InfoPath forms such as how to sign the CAB files of ActiveX controls, how to sign form templates sent as an attachment to an e-mail message, and how to recognize potential security issues in the XML file associated with a form.
|
This Month's Security Bulletins
Critical:
Important:
MVP Update
|
|
|
|
Adam Buenz has been involved with SharePoint since its Tahoe days across a multitude of projects, mainly within the government, healthcare, and finance spheres. He is currently employed at the 328th Armament Systems Division at Eglin Air Force Base in Fort Walton Beach, Florida, working on a long-term MOSS project. Adam runs ARB Security Solutions, where he posts Forefront for SharePoint, Microsoft Data Protection Manager 2006, and general SharePoint articles that mostly concentrate on secure deployments and sheltered knowledge management systems. His main focus is implementing secure ECM, WCM, KM, and BI systems leveraging ISA, DPM, Forefront, MIIS, and custom development.
|
|
|
By Adam Buenz, MCP, CCSP, and Microsoft MVP, Windows Server -- Windows SharePoint Services
In this article, Microsoft MVP Adam Buenz examines FSSP application architecture and how integrating FSSP into the inclusive SharePoint infrastructure can augment collaboration platform security to protect both SharePoint users and the SharePoint server farm.
|
Partners with Expertise in Security Solutions
|
|
Avoco Secure designs innovative products that enable, extend, and add value to the Microsoft platform. Avoco’s secure2trust, in conjunction with SharePoint, provides a content access and security system that will enable document collaboration and intellectual property protection in an easy-to-use and Consistent manner.
|
|
|
Citrix Systems, Inc. is the global leader and most trusted name in on-demand access. Citrix offers a solution that provides remote access to SharePoint portals without compromising security and reduces the management complexities associated with traditional VPN solutions.
|
Microsoft Product Lifecycle Information
Security Events and Training
|
|
Experience the integration of security and IT management software. Check out how Forefront and System Center work together, try the products, and get free evaluation software at a You're in Control launch event near you.
|
|
|
Get hands-on experience scanning documents for viruses and running a manual scan job with Forefront Security for SharePoint without any complex setup or installation. After completing this lab, you will be better able to scan documents for viruses and run a manual scan job.
|
|
|
Benefit from in-depth guidance on solutions for securing access to your organization's network resources. Learn about the most current scenarios for identity and access on corporate networks, as well as ways to restrict remote access. Find out about Network Access Protection (NAP), a policy enforcement platform built into Windows Vista and Windows Server "Longhorn" that allows you to better protect network assets by enforcing compliance with system health requirements. Learn how to gain more control over the authentication process and improve the overall health of your network by validating the health of each client -- remotely or onsite.
|
|
|
Get online access to content before, during, and after Tech-Ed. Webcasts give you and your peers live and on-demand access to information presented by Tech-Ed experts. Virtual labs are always available to provide hands-on product evaluation with no complex setup or installation. Watch for simulcast sessions from Tech-Ed and the Best of Tech-Ed webcasts and virtual labs, which feature top sessions and labs as selected by Tech-Ed attendees. These great training experiences are free to everyone -- including people who didn’t attend.
|
Upcoming Security Webcasts
|
|
Tuesday, April 24, 10:00 AM Pacific Time
With the increased industry emphasis on e-mail and messaging records usage in litigation, compliance is now a critical area for businesses. With Exchange Server 2007, Microsoft has added features and utilities which help Exchange administrators manage and retain messaging records. During this webcast, we will provide an overview of how Exchange Server 2007 addresses compliance and records management.
|
|
|
Thursday, April 26, 10:00 AM Pacific Time
Until now, the only option available in managed environments was to use roaming user profiles or smart cards to move a single set of certificates and private keys to whatever domain-joined computer a user is logged on to. Both solutions are very expensive from a deployment and maintenance standpoint. Credential roaming has been developed to maintain consistency between certificates and keys on multiple client computers and Active Directory.
|
Microsoft On-Demand Webcasts
For IT Professionals
| • |
|
| • |
|
| • |
|
| • |
|
| • |
|
| • |
|
| • |
|
| • |
|
| • |
|
| • |
TechNet Webcast: Information About Microsoft May Security Bulletins (Level 200)
Wednesday, May 09, 2007, 11:00 AM Pacific Time Christopher Budd, CISA, CISM, CISSP, ISSMP Security Program Manager, PSS Security, Microsoft Corporation, and Mike Reavey, Lead Security Program Manager, Microsoft Corporation
|
For Developers
|
|
|
Volume 4, No. 4  April 2007 |
|
Upcoming Chats
| • |
DHCP Enhancements in Windows Vista: NAP Enforcement and DHCPv6 -- Part 2
April 19, 10:00 AM Pacific Time
Discover all the new and improved features in the Windows Vista DHCP Client. We will discuss IPv6 support, NAP enforcements, and useful tricks, techniques, and best practices for Microsoft DHCP products. This is your chance to talk about your experiences and share what you want us to improve.
|
| • |
Windows VPN Server: Interaction with Network Infrastructure Components
April 26, 10:00 AM Pacific Time
Discuss your queries regarding the deployment and configuration of the VPN server and its interaction with other network infrastructure services. This webchat will focus on Routing and Remote Access Server (RRAS) configuration and its interoperability with DNS, NAT, Firewall, and RADIUS servers. Your feedback on our product is extremely valuable to us. |
| • |
What's New in Windows Server “Longhorn”
May 8, 10:00 AM Pacific Time
Join us as we discuss what’s new in Windows Server Code Name "Longhorn" Beta 3. Learn more about how Windows Server "Longhorn" provides more control, greater flexibility, and increased protection. Take this opportunity to ask questions about many of the product’s new technologies such as IIS 7.0, Active Directory service, Terminal Services, Server Manager, and the Server Core installation option.
|
| • |
View a listing of upcoming technical chats |
|
|
|
|
|
|
|
Additional Security Resources
|
|
|
© 2007 Microsoft Corporation. All rights reserved. Microsoft, Active Directory, Forefront, InfoPath, MSDN, SQL Server, Windows, Windows Server, and Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. All other trademarks are property of their respective owners.
To cancel your subscription to this newsletter, reply to this message with the word UNSUBSCRIBE in the Subject line. You can also unsubscribe at http://www.microsoft.com/info/unsubscribe.htm. You can manage all your Microsoft.com communication preferences at this site.
Legal Information.
This newsletter was sent by the Microsoft Corporation
1 Microsoft Way
Redmond, Washington, USA
98052 |
|
|
|
|
