Welcome to the Microsoft Security Newsletter - a
monthly newsletter for IT professionals and developers
bringing security news, guidance, updates, and community
resources direct to your inbox. If you have suggestions
or comments about the Microsoft Security Newsletter,
please
send us your feedback.
Viewpoint
|
|
By Amesh Mansukhani
A significant number of IT departments tasked
with managing security still rely on passwords
for authentication as the first line of defense.
This article discusses why user passwords are no
longer good enough and why moving to multifactor
authentication is a better way to help ensure
secure access to resources and to protect those
resources.
|
Top Stories
|
|
Microsoft Certificate Lifecycle Manager (CLM) is
a policy- and workflow-driven solution that
helps organizations manage the lifecycle of
digital certificates and smart cards.
Join the Microsoft CLM Beta Program to
participate in testing and
read this technical white paper to learn how
CLM can lower the costs associated with digital
certificates and smart cards.
|
|
|
InfoCard will soon help provide the consistent
user experience required by the identity
metasystem. On the social Web, it will pave the
way for all kinds of new innovations by
individuals and companies. For corporations,
InfoCard will make it much simpler to connect
with partners online. In this article, Keith
Brown discusses InfoCard specifically in the
domain of Web services.
|
|
|
By the end of June 2006, Microsoft will have
initiated legal actions on more than 100 cases
in Europe, Middle East and Africa. The legal
actions are linked to the Global Phishing
Enforcement Initiative (GPEI). Microsoft
launched the GPEI to coordinate and expand its
many anti-phishing efforts worldwide to fight
phishers through consumer protection,
partnerships with law enforcement, governments
and industries, and prosecution.
|
Security Guidance
|
|
By Conrad Bayer
Microsoft Certificate Lifecycle Manager (CLM) is
tightly integrated with the Active Directory
service for authentication and authorization.
Beta 1 of CLM was released in February and is
available publicly. This tip describes CLM
extended permissions, identifies where you
implement CLM extended permissions, and provides
strategies for permission assignments.
|
|
|
Microsoft Internet Security and Acceleration
(ISA) Server 2006 is the integrated edge
security gateway that helps protect your IT
environment from Internet-based threats.
Download and try the latest version of this
firewall, VPN, and web cache solution, and learn
more about how it can help you secure your
Microsoft application infrastructure and
safeguard your IT environment.
|
|
|
This in-depth reference book teaches you how to
design and implement even the most demanding
certificate-based security solutions for
wireless networking, smart card authentication,
VPNs, secure e-mail, Web SSL, EFS, and
code-signing applications using Windows Server
2003 PKI and certificate services.
|
|
|
Learn how to configure and operate a Windows
certificate authority. This guide offers
operational scenarios, custom configuration
information, sample commands, and best
practices.
|
|
|
When IP Security (IPSec) is configured to use a
certification authority (CA) for mutual
authentication, you must obtain a local computer
certificate. You can obtain this certificate
from a third-party CA, or you can install
Certificate Services in Windows to create your
own CA. This article describes how to install a
local computer certificate for use with IPSec
from a stand-alone Windows CA.
|
|
|
The Microsoft Exchange Server ActiveSync
Certificate-Based authentication tool provides
several utilities to assist an Exchange Server
administrator in configuring and validating
client certificate authentication for Exchange
Server ActiveSync.
|
|
|
This guide focuses on the essential issues and
concepts required to plan smart card
authentication, and provides information that
applies to organizations of all sizes that
require strong identity protection and data
access control.
|
|
|
This presentation will look at the standards and
technologies that enable the concept of digital
trust, and, keeping with reality, will point out
a number of outstanding legal and social issues
that may prevent your organization from
successfully adopting some principles of digital
trust.
|
|
|
How do you get the necessary messaging security
without also compromising flexibility, control,
and choice in how you run your business? Visit
the Midsize Business Center and learn how the
Microsoft multilayered security solution
provides smart and effective security measures
that contribute to overall protection for your
data and your infrastructure.
|
This Month's Security Bulletins
Critical:
Important:
MVP Update
|
|
|
|
Brian Komar is the president of IdentIT Inc., a
consulting firm specializing in Public Key
Infrastructure (PKI), Windows Rights Management
Services, Metadirectory, and smart card
management solutions. Brian and his business
partner, Paul Adare, work with Microsoft on
several ventures, which include developing
security-related courseware, writing books for
Microsoft Press, and writing PKI white papers
for the Microsoft Security team. Brian is a
frequent speaker at IT industry conferences such
as Microsoft TechEd, Microsoft IT Forum, and
Windows Connections.
|
|
|
By Brian Komar
Many organizations are considering the
deployment of smart cards on their networks.
This article focuses on the policies and
processes that help ensure that a smart card
certificate can be used for the assurance level
stated in the certificate. The article also
introduces Microsoft Certificate Lifecycle
Manager, a new product that allows management of
certificates and smart cards in a Microsoft
Certificate Services environment.
|
Partners with Expertise in Security Solutions
|
|
Raak Technologies provides products and services
that make it easy for enterprises to deploy
strong authentication solutions to their
employees, customers, and business partners. The
company's products fully support Microsoft
Certificate Lifecycle Manager and include smart
card middleware, USB tokens, and readers.
|
|
|
The Axalto Cryptoflex .NET smart card works as a
seamless companion to the Microsoft .NET
environment and service-oriented architectures.
It runs a streamlined version of the .NET
Framework to provide customizable two-factor
authentication, full cryptographic capabilities
and support for on-card applications and
services seamlessly within the Windows
environment.
|
Microsoft Product Lifecycle Information
Security Events and Training
|
|
June 11-16, Boston, MA
TechEd 2006 provides attendees with technical
training, community resources, and a chance to
connect with Microsoft partners, industry gurus,
and Microsoft experts. Learn how to build,
deploy, secure, and manage solutions using
current and upcoming Microsoft products.
Register early to secure your spot; register by
April 14 and receive 10 percent off the regular
registration rate.
|
|
|
In this lab, we demonstrate the use of Internet
Protocol security (IPsec) in Microsoft Windows
operating systems to deploy domain and server
isolation in their environments.
|
|
|
This hands-on lab provides specific details on
how to deploy and secure Microsoft Exchange
Server 2003, Microsoft Internet Security and
Acceleration Server 2004, Microsoft Windows
Rights Management Services, and other
technologies such as Certificate Services.
|
|
|
In this edition of .NET Rocks!, an Internet
audio talk show for .NET developers, Pat Hynds
checks in to share his latest insights about
ASP.NET security and tell stories from the
field.
|
|
|
For a limited time, you can get a free extra
chance to pass any Microsoft IT Professional or
Developer Certification exam, including MCSA:
Security and MCSE: Security specializations.
Register for this offer before your first exam
for two chances at success.
|
Upcoming Security Webcasts
|
|
Join this webcast as Mike Nash and his guests
discuss the growing need for digital certificate
infrastructure, the challenges associated with
this technology, and how Microsoft is making it
easier to implement.
|
|
|
Attend a pre-TechEd webcast by May 12 and be
eligible to win one of five free passes to
TechEd 2006 in Boston.
|
Microsoft On-Demand Security Webcasts
|
• |
|
|
• |
|
|
• |
|
|
• |
|
|
• |
Bonus: Attend any live webcast through June
2006 and you could win a 40-GB MP3/WMA player.
See
official rules for more details. Offer open
to residents of the United States and Canada
only.
|
|
• |
|
For IT Professionals: TechNet Webcasts
For Developers: MSDN Webcasts
|
• |
SECURITY ON THE BRAIN Webcast Series
Available on demand
These on-demand webcasts examine some of the
major security features and tools included in
Visual Studio .NET 2005 and the .NET Framework
2.0. Learn more about potential security
vulnerabilities in your applications, best
practices in writing secure applications, and
using the right tools to develop secure
applications.
|
|
|
|
Volume 3, No. 4 
April 2006 |
|
Additional Security Resources
|
|
|
© 2006 Microsoft Corporation. All rights reserved.
Microsoft, Active Directory, MSDN, Outlook, Visual C++,
Visual Studio, Windows, Windows Server, and Windows Vista
are either registered trademarks or trademarks of Microsoft
Corporation in the United States and/or other countries. The
names of actual companies and products mentioned herein may
be the trademarks of their respective owners.
Digital Signatures Help Make Microsoft Security Newsletters
More Secure
To help increase your security, Microsoft will soon begin
digitally signing all of its security newsletters with the
Internet standard, Secure Multipurpose Internet Mail
Extensions (S/MIME). This means that if you use Microsoft
Outlook, or another full-featured e-mail program, you have
an added assurance that the e-mail newsletter came from
Microsoft and has not been tampered with. However, many
Web-based e-mail programs and some other e-mail programs do
not support digital signing with S/MIME. To learn more,
please see
how digital signatures help make Microsoft security
newsletters more secure.
To cancel your subscription to this newsletter, reply to
this message with the word UNSUBSCRIBE in the Subject line.
You can also unsubscribe at
http://www.microsoft.com/info/unsubscribe.htm. You can
manage all your Microsoft.com communication preferences at
this site.
Legal
Information.
This newsletter was sent by the Microsoft Corporation
1 Microsoft Way
Redmond, Washington, USA
98052 |
|
|
|
|
