Welcome to the Microsoft Security Newsletter - a monthly newsletter for IT professionals and developers bringing security news, guidance, updates, and community resources direct to your inbox. To view an online version of this newsletter, please click here. If you would like to receive less technical security news, guidance and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter.
Viewpoint
|
|
By Shawn Travers, IT Pro Evangelist, Microsoft Corporation
Anyone who has spent more than a few days working in information security has probably heard the three core tenets of security: availability, confidentiality, and integrity. This article discusses another well-known, but often overlooked concept--simplicity--and explores some of the ways that we can achieve simpler, more secure server systems.
|
Top Stories
|
|
Save time with best practices and automated tools in the 2007 Microsoft Office Security Guide. Tested guidance, customizable and prebuilt security configurations, and powerful tools let you deploy 2007 Microsoft Office system security settings across your organization--in minutes, instead of hours or days.
|
|
|
While some investigations rely on highly trained professionals using expensive tools and complex techniques, there are easier, cheaper methods that you can use for basic investigation and analysis. This article focuses on computer forensic techniques that are readily accessible to you as a mainstream administrator.
|
|
|
If you are an administrator of a Windows domain, you are probably all too aware of the constraints that are related to password policies for domain user accounts. However, with the advent of Windows Server 2008, some of those limitations will vanish. This article takes a look at how the new operating system resolves one issue: the inability to implement multiple password policies.
|
Security Guidance
|
|
The Windows Server 2003 Security Guide focuses on providing easy-to-understand guidance along with a set of tools and templates to help make Windows Server 2003 more secure in many environments.
|
|
|
The Windows Server 2008 Security Guide is designed to further enhance the security of the server computers in your organization by helping you to taking full advantage of the new and improved security technologies and features in Windows Server 2008. Use the guidance to deploy your security baseline quickly and reliably, to harden your server workloads, and to evaluate security setting recommendations to meet the requirements of your environment.
|
|
|
In Windows Server 2008, Microsoft introduces many new features and technologies that were not available in Windows Server 2003 with Service Pack 1 (SP1). These features will help to increase productivity, reduce administrative overhead, and increase the security of computers that are running this new operating system. The technical library offered here covers such topics as BitLocker Drive Encryption, using Identity Federation with Active Directory Rights Management Services, and Active Directory Certificate Services.
|
|
|
This Microsoft TechNet article describes configuration and deployment best practices for a public key infrastructure based on Windows Server 2003.
|
|
|
This white paper describes the default security settings for components of the Windows Server 2003 operating system. Read about the implications of these settings for developers and system administrators, and get answers to frequently asked questions.
|
|
|
Microsoft Baseline Security Analyzer (MBSA) is an easy-to-use tool, designed for IT professionals, that helps small-sized and medium-sized businesses to determine their security state in accordance with Microsoft security recommendations, and offers specific remediation guidance. This article describes how to use MBSA to perform a security updates scan, and how to use MBSA to check for current settings that are not secure.
|
|
|
Securing your Microsoft Systems Management Server (SMS) environment is not a task that you can complete once and then forget about. Whether you have already deployed SMS or are in the planning stages, follow these established best practices to create the most secure SMS environment possible, and then follow the guidance to maintain that environment.
|
|
|
This guide focuses explicitly on the operations that are required to create and maintain a secure Internet Security and Acceleration (ISA) Server 2006 environment. Use this guide as part of your overall security strategy for ISA Server 2006.
|
|
|
This chapter of Improving Web Application Security describes how to secure middle-tier application server computers that host business logic and data access services. The chapter focuses on the application server configuration and the associated communication channels that connect the Web server computer to the application server computer, and that connect the application server computer to the database server computer. Technologies covered include Enterprise Services, Web services, and .NET remoting.
|
This Month's Security Bulletins
Critical:
Important:
MVP Update
|
|
|
|
Jay Paloma is the Managing Consultant of Ports & Packets Information Technology Consultants, a company he organized after working as a Technology Specialist in Infrastructure and Security at Microsoft Philippines. He specializes in Microsoft network and security infrastructure, including ISA Server, Active Directory, and Exchange Server. His community involvement includes serving as President of the Philippine Windows Users Group (PHIWUG), which has heavily contributed to the technical community in the Philippines by organizing events not only in the country's capital, but also in the industrialized cities and provinces outside Manila. You can check out his blog, Security is a State of Mind, at http://msforums.ph/blogs/jpaloma.
|
|
|
By Jay Paloma, MCSE, MVP: Windows - Security
Defense in depth is the security strategy wherein network defenses are layered, so that a breach in one layer only leads the attacker to the next layer of defensive countermeasures. This article provides an overview of the different security features and enhancements in Windows Server 2008, and discusses how you can use them in your organization's defense-in-depth strategy.
|
Partners with Expertise in Security Solutions
|
|
AppSense solutions have been designed for workstations and server computers that are based on the Windows operating system, and are ideal for Windows, Terminal Services, Citrix Presentation Server, Web services, and other critical business systems. AppSense Management Suite consists of three components that provide comprehensive user profile management, secure user environments, and consistently responsive applications for a range of application delivery mechanisms.
|
|
|
McAfee is the global leader in intrusion prevention and security risk management, delivering proactive and proven solutions and services that help to secure systems and networks around the world. McAfee’s comprehensive solutions effectively block attacks and prevent disruptions, and are available for businesses of all sizes.
|
|
|
Sophos provides IT security and control solutions purpose-built for business, education, and government organizations and service providers. Sophos software and appliance solutions deliver award-winning protection from viruses, spyware, adware, hackers, spam, and phishing. They also control VoIP (Voice over Internet Protocol), IM, games, and unproductive Web browsing.
|
Microsoft Product Lifecycle Information
Security Events and Training
|
|
Windows Server 2003 provides improved network security with support for standardized 802.1x protocols, an integrated public key infrastructure (PKI), password or certificate-based access, and other services. Check out these webcasts, virtual labs, podcasts, and chats to learn how these features together create a more secure environment for doing business.
|
|
|
Prepare yourself for the next release of the Microsoft server operating system--Windows Server 2008. Tune in and learn how you can use the new features to improve your organization's networking infrastructure and security, server performance and reliability, remote resource access, and client deployment. Subject matter experts break down what these upgrades mean for your environment and how to take advantage of them.
|
|
|
Security of the desktop infrastructure is your first line of defense. Making sure that users have a well-managed and secure workstation can mitigate support costs, protect your organization's data, and keep users productive by protecting against malicious software and virus threats. Use the resources in this Learning Paths article to learn about the tools and technologies that can help to keep your desktop infrastructure secure and your end users productive.
|
Upcoming Security Webcasts
|
|
Friday, December 14, 4:00 PM India
Devasena Ravi, Consultant, Tata Consultancy Services
|
|
|
Monday, December 17, 4:00 PM India
Devendra Gandhi, Product Technology Specialist, Microsoft Corporation
|
|
|
View upcoming security webcasts in a dynamic, interactive format.
|
For IT Professionals
For Developers
Microsoft On-Demand Webcasts
|
|
|
Volume 4, No. 12  December 2007 |
|
Upcoming Chats
Windows PowerShell
December 18, 2007, 2:00 PM Eastern Time
Join PowerShell MVPs for an exciting chat about the current version of Windows PowerShell, and about the newly released Windows PowerShell 2.0 Community Technology Preview (CTP). This chat will be a public venue for asking questions about the current 1.0 version, and for discussing new features in the 2.0 CTP release. Take this opportunity to join your fellow PowerShell users to discuss your experience and to discover capabilities you may not know exist. Don't miss this great opportunity to network and to learn more about the product.
|
|
Additional Security Resources
|
|
|
© 2007 Microsoft Corporation. All rights reserved. Microsoft, Active Directory, Excel, MSDN, Visual Studio, Windows, Windows CardSpace, Windows PowerShell, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
To cancel your subscription to this newsletter, reply to this message with the word UNSUBSCRIBE in the Subject line. You can also unsubscribe at http://www.microsoft.com/info/unsubscribe.htm. You can manage all your Microsoft.com communication preferences at this site.
Legal Information.
This newsletter was sent by the Microsoft Corporation
1 Microsoft Way
Redmond, Washington, USA
98052 |
|
|
|
|
