Welcome to the Microsoft Security Newsletter - a monthly newsletter for IT professionals and developers bringing security news, guidance, updates, and community resources direct to your inbox. If you have suggestions or comments about the Microsoft Security Newsletter, please send us your feedback. To view an online version of this newsletter, please click here. If you would like to receive less technical security news, guidance and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter.
Viewpoint
|
|
By Marcus Perryman, Software Design Engineer, Microsoft Corporation
This article discusses some of the risks that "going mobile" introduces to your application, and presents some of the tools and technologies that are readily available for you to help protect your assets on the Windows Mobile platform.
|
Top Stories
|
|
Microsoft offers a wide range of powerful tools and resources to help midsize businesses protect their systems and data. Find information here about the latest security updates, recent incidents, and best practices.
|
|
|
With SharePoint tapping into more enterprise data and becoming more integral to business workflow, security becomes far more critical. Find out how these seven new features in Microsoft Office SharePoint Server (MOSS) can quickly improve security in your organization.
|
|
|
The security sessions from November's IT Tech-Ed Europe: IT Forum are now available online at IT’s Showtime! by TechNet. If you couldn't attend the November conference, take advantage of these new videos and benefit from in-depth information and advice from some of the best Microsoft and third-party security experts in the industry.
|
|
|
Windows Vista Services Hardening is an important new capability that is designed to thwart errant service behavior that much of today's malware can currently perform. This article explains how Service Hardening helps Microsoft take huge steps in changing the default behavior and security profile of Windows services.
|
Security Guidance
|
|
Due to the nature of wireless LAN networks, implementing a security infrastructure that monitors physical access to the network is difficult. This document provides step-by-step instructions on how to set up a wireless network using 802.1x and Wi-Fi Protected Access.
|
|
|
This article provides guidance on how Windows XP Professional can be configured and administered to provide support for mobile users, including the features and tools that are designed specifically for portable computer users.
|
|
|
This document provides an overview of the features of the Messaging and Security Feature Pack (MSFP) and best practices for networking, security, and device management as well as mobile messaging system deployment guidance on creating a protected communications environment and setting up and managing mobile devices.
|
|
|
This guide provides information about working with Microsoft Exchange Server 2003 and client access, and includes a chapter on understanding Outlook Mobile Access security requirements. It describes the new features for Exchange Server 2003 and Microsoft Office Outlook 2003, in addition to improvements in Outlook Web Access 2003.
|
|
|
Microsoft Exchange Server 2007 enables you to send a command to a mobile device that will perform a wipe of the device. This process, known as a remote device wipe, clears all Exchange information that is stored on the device, enabling you to clear data from a stolen device or to clear a device before assigning it to another user.
|
|
|
In Microsoft Exchange Server 2007 you can create Exchange ActiveSync mailbox policies to apply a common set of policies or security settings to a collection of users. This topic discusses Exchange ActiveSync mailbox policies and how they can be managed in your Exchange 2007 organization.
|
|
|
This article describes the benefits of wireless LANs, the support for 802.11 wireless LAN and wireless LAN security standards in Microsoft Windows, and general guidelines for wireless LANs in medium to large organizations.
|
|
|
This article discusses the security issues of IEEE 802.11 wireless networks and shows how Microsoft Windows operating systems can be used to make 802.11 wireless networks as secure as the current set of 802.11-related technologies allow.
|
|
|
This guidance discusses the challenges that midsize businesses face when considering wireless networks, and provides valuable information to design and implement an effective solution for securing a Wireless Access Point (WAP). Included is information about assessing WLAN security, developing a secure WLAN solution, and deployment and management.
|
|
|
This document provides step-by-step instructions for the main EFS-related tasks in a small-to-medium business, and also lists several important best practices for using EFS.
|
|
|
This article discusses the Windows Vista improvements for connecting to IEEE 802.11 wireless LAN networks including new support for non-broadcasting wireless networks, a new set of dialog boxes to more easily connect to or configure connections to wireless networks, and a new way to configure wireless connections at the command line using the Netsh.exe tool.
|
|
|
This guide describes how you can control the installation and usage of devices on the computers that you manage, in Microsoft Windows Server Code Name "Longhorn" and Windows Vista.
|
|
|
This article describes how to extend the Active Directory schema to support enhancements that can be configured through Group Policy settings for Windows Vista wireless and wired clients in an environment running Windows Server 2003 or Windows Server 2003 R2.
|
This Month's Security Bulletins
Critical:
Important:
MVP Update
|
|
|
|
Jim Wilson is president of JW Hedgehog, Inc., a New Hampshire-based consulting firm specializing in solutions, content creation, and mentoring for the Windows Mobile platform. Jim has worked extensively with the .NET Framework and .NET Compact Framework since the original beta release of each, and has years of SQL Server and SQL Server Compact Edition experience. Jim writes frequently for MSDN and has developed mobility curriculums for two of the industry's leading technology training organizations, DevelopMentor and PluralSight. Jim speaks regularly at PDC, Tech Ed, VSLive, Mobility & Embedded DevCon and WinDev. Jim is online at http://pluralsight.com/blogs/jimw.
|
|
|
By Jim Wilson, Microsoft Visual Developer - Device Application Development MVP
This article provides a basic understanding of Windows Mobile security and the tools necessary to test your applications with the various Windows Mobile security policies.
|
Partners with Expertise in Security Solutions
|
|
Because mobile devices share many of the same characteristics of desktop systems, there is growing interest in management solutions that can provide the same degree of assurance for asset management, inventory, and protection for mobile devices. Microsoft's partners offer a wide range of solutions that provide device management and security functionality for Windows Mobile devices. This guide describes and categorizes these solutions.
|
|
|
F-Secure Corporation protects individuals and businesses against computer viruses and other threats spreading through the Internet and mobile networks. Their award-winning products include antivirus, network encryption, desktop firewall with intrusion prevention, anti-spam, and parental control.
|
|
|
SecureWave is a pioneer in endpoint security software, providing a unique approach to policy enforcement for device and application use that overcome tomorrow's security and operational challenges today.
|
Microsoft Product Lifecycle Information
Security Events and Training
|
|
Multiple Cities - January and February 2007
Gain insight that will simplify deployment of Windows Vista, 2007 Microsoft Office system, and Microsoft Exchange Server 2007 in your organization, and learn about the tools that can help secure your computing infrastructure end to end against the latest threats with the most recent technologies from Microsoft.
|
|
|
Newly-released Microsoft Official Clinics offer best practices for IT professionals and developers to help improve network and application security. Learn the fundamentals of infrastructure security with Clinic 2801: Microsoft Security Guidance Training I.
|
Upcoming Security Webcasts
|
|
Friday, January 12, 2007, 9:30 AM Pacific Time
|
|
|
Monday, January 15, 2007, 11:00 AM Pacific Time
Ryan McGee, Senior Product Manager, Microsoft Corporation
|
|
|
Tuesday, January 16, 2007, 1:00 PM Pacific Time
Blain Barton, TechNet Presenter, Microsoft Corporation
|
|
|
Thursday, January 25, 2007, 9:00 AM Pacific Time
Marsha Murry, Chief Operating Officer, Software Management Systems, Inc, and Marcy Dome, Senior Marketing Manager, Microsoft Corporation
|
Microsoft On-Demand Security Webcasts
| • |
TechNet Webcast: Windows Mobile Platform Security Drilldown for the Enterprise (Level 300)
Join this webcast to learn about Microsoft Windows Mobile security features from the Enterprise perspective. We will cover how identified security threats are mitigated utilizing Windows Mobile platform security components. The presentation will include best practices for network and mobile security with Windows Mobile-based devices derived from our intense and extensive experience in this realm.
|
| • |
TechNet Webcast: Accessing Exchange Server from Your Mobile Device Using SP2 (Level 300)
This webcast discusses and demonstrates how Microsoft Exchange Server 2003 with advanced security features provides affordable remote and mobile access to e-mail and personal information manager information across a range of mobile devices. Explore the mobility enhancements in Exchange Server 2003 Service Pack 2, including the new always-up-to-date functionality, configuring personal identification number lock settings, remotely wiping a device, configuring soft certificates to access Exchange, and other new mobility enhancements.
|
| • |
|
For IT Professionals: TechNet Webcasts
| • |
|
| • |
|
| • |
|
| • |
|
| • |
|
| • |
|
| • |
|
| • |
|
| • |
Information About Microsoft February Security Bulletins (Level 200)
Wednesday, February 14, 2007, 11:00 AM Pacific Time Christopher Budd, CISA, CISM, CISSP, ISSMP Security Program Manager, PSS Security, Microsoft Corporation and Mike Reavey, Lead Security Program Manager, Microsoft Corporation
|
For Developers: MSDN Webcasts
|
