Welcome to the Microsoft Security Newsletter - a monthly newsletter for IT professionals and developers bringing security news, guidance, updates, and community resources direct to your inbox. If you have suggestions or comments about the Microsoft Security Newsletter, please send us your feedback. To view an online version of this newsletter, please click here. If you would like to receive less technical security news, guidance and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter.
Viewpoint
|
|
By John deVadoss, Senior Microsoft Application Development and Platform Marketing; Fred Chong, Microsoft Application Architecture; and Gianpaolo Carraro, Microsoft Service Delivery
Designing a hosted data architecture that reconciles the competing benefits and demands of sharing and isolation isn't a trivial task. Trust, or the lack thereof, is a key factor with respect to the adoption of the Hosted Application and the Software as a Service (SaaS) model. The patterns discussed is this article can help you identify many of the critical questions you will face and help you create the foundation layer of trust that's vital to the success of your hosted application.
|
Top Stories
|
|
Application Security, Inc. and the Ponemon Institute have conducted this inaugural study on database security to document how business and government organizations secure database resources and respond to targeted threats. Find out why, despite organizations’ awareness of these threats, inadequate protection of corporate databases is the norm rather than the exception.
|
|
|
The Malware Removal Starter Kit provides information and recommendations that you can use to effectively address and limit malware that infects computers in your small or midsize organization. The Kit also gives you the ability to discover malware by performing a thorough offline scan of your organization’s computers.
|
|
|
Professional services firms experience challenges around document collaboration and security, both within their own organizations and with client organizations. This white paper describes how infrastructure optimization affects the collaborative and compliance ecosystems of professional services firms. It also outlines scenarios that illustrate typical challenges and benefits that organizations experience, based on optimization levels and their collaboration and business requirements.
|
Security Guidance
|
|
By Devendra Tiwari, Microsoft SQL Server Product Team
User Account Control (UAC), a new feature in Windows Vista that helps administrators manage their use of elevated privileges, affects Microsoft SQL Server in terms of connectivity (SQL Server login) and in limiting access to resources on the administrators’ access control list (ACL). This article discusses the impact of UAC on SQL Server and presents tips on how to run SQL Server applications securely in Windows Vista and Windows Server 2008.
|
|
|
Infrastructure Optimization serves as a gauge for IT organizations and provides a logical roadmap to progress from reactive to proactive IT service management. Use this assessment tool to determine the status of your current core infrastructure. Your results will help you understand where your organization stands today and can help you plan for an IT environment with best-in-class management, security, and efficiency.
|
|
|
This paper covers some of the most important new security features in SQL Server 2005. It tells you how, as an administrator, you can install SQL Server securely and keep it that way even as applications and users make use of the data stored within.
|
|
|
SQL Server 2005 includes a variety of highly precise, configurable security features that can empower administrators to implement defense-in-depth that is optimized for the specific security risks of their environment. Access guidance about password policy, surface-area configuration, credentials, authenticators, and more.
|
|
|
The SQL Server 2005 Database Engine helps you protect data from unauthorized disclosure and tampering. Learn about highly granular authentication, authorization, and validation mechanisms; strong encryption; security context switching and impersonation; and integrated key management.
|
|
|
This white paper covers some of the operational and administrative tasks associated with SQL Server 2005 security and lists best practices and operational and administrative tasks that will result in a more secure SQL Server system.
|
|
|
SQL Server 2005 uses strong encryption to provide the best protection for data, a nearly inviolate barrier to exposure. Explore the encryption features in the core database engine of SQL Server 2005, and learn how they can be used to protect data stored there as well as how to allow user interaction with protected data. Also discussed are the various keys used to protect both data and other keys within a database, and how to get information about encryption objects.
|
|
|
This MSDN article presents recommendations and guidance that will help you develop a secure data access strategy. Topics covered include using Windows authentication from ASP.NET to the database, securing connection strings, storing credentials securely in a database, protecting against SQL injection attacks, and using database roles.
|
|
|
The process of securing Microsoft SQL Server 2005 Analysis Services (SSAS) occurs at multiple levels. Learn how to secure each instance of Analysis Services and its data sources to make sure that only authorized users have read or read/write permissions to selected cubes, dimensions, cells, mining models, and data sources, and to prevent unauthorized users from maliciously compromising sensitive business information.
|
This Month's Security Bulletins
Critical:
Important:
MVP Update
|
|
|
|
Aloysius Cheang is the Director of the Technology Practice in PIPC Asia, delivering complex, multidimensional strategic and information security programs for Global 500 organizations across Asia, the United States, and Europe. He specializes in information risk management and the development of information security strategies, frameworks, policies, and controls. Aloysius has led numerous IT security audits, security reviews, and security penetration testing engagements. He has also provided business continuity management and disaster recovery services, and supported clients in computer forensic and investigation. He also contributes extensively to the INFOSEC community and is a founding member and president of SIG^2, the de facto local INFOSEC community in Singapore and an affiliate of
(ISC)2.
|
|
|
By Aloysius Cheang, CISA, CISSP, GCIH, Microsoft MVP
In order to reap maximum benefits from any IT investment, the IT infrastructure must be optimized and benchmarked, and its value to business must be quantifiable. Learn how security plays an important role during the optimization process in bringing an IT infrastructure from a highly vulnerable state to an optimized state, in which a practice of continuous process improvements would ensure that the processes in place are mature and quantifiable.
|
Partners with Expertise in Security Solutions
|
|
Quest Software delivers innovative products that help organizations get more performance and productivity from their applications, databases, and infrastructure. Quest products offer comprehensive management and migration capabilities to simplify, automate, and secure your Microsoft infrastructure.
|
|
|
Protegrity is a leader in enterprise-wide data security management solutions. Protegrity’s Defiance Suite focuses on the specific data that companies around the globe need to protect, and protects it at the application, storage, file, and database level - points where data is accumulated and where most organizations are exposed.
|
Microsoft Product Lifecycle Information
Security Events and Training
|
|
See how Windows Vista is easier to deploy and less expensive to maintain than earlier version of Windows. Use these online resources to explore the improved deployment, security, management, and productivity that Windows Vista has to offer. Tune in to live webcasts to ask questions; stream or download on-demand webcasts; listen to podcasts on the go; or test-drive Windows Vista in a virtual lab.
|
|
|
Get the tools and information you need to understand how the Microsoft Forefront family of business security products can help you provide greater protection and control over the security of your network infrastructure. Tune in to these free online events to better understand the Forefront products and how they can help you improve your security for the client operating system, application servers, and the network edge.
|
Upcoming Security Webcasts
|
|
Upcoming security webcasts in a dynamic, interactive format.
|
For IT Professionals
For Developers
Microsoft On-Demand Webcasts
| • |
TechNet Webcast: SQL Server 2005 Security (Level 200)
This webcast highlights security concepts that are new to Microsoft SQL Server 2005, such as encryption and user-schema separation, and looks at how SQL Server 2005 breaks security down into several distinct areas. We discuss security from the perspective of the server, the database, and the database objects, and examine some of the different options you can use at each level to help secure your data. We also show you some of the tools you can use to monitor the security of your SQL Server 2005 implementation.
|
| • |
MSDN Webcast: SQL Server 2005: Security for Mere Mortals (Level 300)
Microsoft SQL Server 2005 includes many security enhancements, from data encryption and key management to advanced context impersonation. In this webcast, we walk you through the major improvements in the security space and show you how to get the most out of the security features in SQL Server 2005.
|
|
