Welcome to the Microsoft Security Newsletter - a
monthly newsletter for IT professionals and developers
bringing security news, guidance, updates, and community
resources direct to your inbox. If you have suggestions
or comments about the Microsoft Security Newsletter,
please
send us your feedback.
Viewpoint
|
|
By Thomas Dawkins, Group Product Manager,
Microsoft Security Access and Solutions Division
Security is a top priority both for Microsoft
and our partners and, with our promise to
"protect information, control access," we look
to our trusted security partners to help us
address the changing landscape of threats and
compliance demands that impact business agility
and growth. In this Viewpoint, Thomas Dawkins
discusses the Security Solutions Competency and
its value as a tool to better prepare and
qualify partners for helping businesses to
achieve safe and secure access to critical
business information through comprehensive
security solutions.
|
Top Stories
|
|
Microsoft Forefront is a comprehensive line of business security products that
provide greater protection and control by integrating with your existing IT
infrastructure and simplifying deployment, management, and analysis. The
Microsoft Forefront products protect
client machines,
server applications, and the
network edge.
|
|
|
Microsoft has formed the Microsoft Security Response Alliance (MSRA), the latest
evolution in Microsoft's efforts to build strong alliances with partners in the
security response ecosystem. The MSRA allows Microsoft to take lessons learned
from individual alliances -- like the Global Infrastructure Alliance for
Internet Safety (GIAIS) and Virus Information Alliance (VIA) -- and use them to
build a comprehensive, consolidated alliance framework that can help meet the
security response needs of Microsoft customers.
|
|
|
Effective October 10, 2006, support for Windows
XP Service Pack 1 (SP1) will end. After this
date, Microsoft will no longer provide any
incident support or security updates. To enhance
the security of your computer and to continue
receiving updates, we recommend upgrading to
Windows XP Service Pack 2 (SP2). To learn more
about this upgrade and the free technical
support provided to download and install the
service pack, visit the
Web site.
|
|
|
Register to download free trials of Antigen e-mail and collaboration server
security products. The fully functional trial software lets you experience
Antigen antivirus, antispam, and content-filtering protection for Microsoft
Exchange, Microsoft SharePoint Portal Server, Microsoft Windows SharePoint
Services, and Microsoft Live Communications Server.
|
Security Guidance
|
|
If you are looking for a partner with proven expertise in delivering security
solutions that can help your business, here are some questions and criteria to
consider before making your decision.
|
|
|
There are many ways to enhance your Active Directory security. This article
offers a list of tips to help make your Active Directory installation more
secure.
|
|
|
Starting with the concept of defense-in-depth, this presentation will look at
the main features of the operational environment that require being secured
using active technologies. The discussion will also cover the techniques and
suggestions for securing applications, hosts, and the network itself.
|
|
|
Do you know the security status of your network? Would a visual help? The Visio
Connector for Microsoft Baseline Security Analyzer (MBSA) lets you view the
results of an MBSA scan in a clear, comprehensive Microsoft Office Visio 2003
network diagram.
|
|
|
Learn when to delegate the creation of group policy objects (GPOs), how to
regain control from rogue administrators, reduce the risk of delegating GPO
administration, and more.
|
|
|
This article outlines nine steps you can take to improve security with little
impact on your applications, administration tasks, or Web server.
|
|
|
When it comes to information security, your biggest vulnerability is not
necessarily your computers. It's your users. Stay safe by training your staff in
better security practices and making IT security an ongoing, daily habit.
|
|
|
The Anti-Cross-Site Scripting Library can be used to provide Web-based
applications comprehensive protection against Cross-Site Scripting (XSS)
attacks.
|
This Month's Security Bulletins
Critical:
Important:
MVP Update
|
|
|
|
Karl Levinson [CISSP, CCSA, MCSE] works in Washington DC for
Looking Glass Systems, an IT security consulting firm supporting large
federal and state government and commercial clients. He has fourteen years of
experience in the IT field, including work in security operations and
engineering, intrusion detection, incident response, vulnerability management,
and firewall and system hardening. Karl helped build and lead the DHS CSIRC [the
Computer Security Incident Response Center at the US Department of Homeland
Security]. He is also helping design
Looking Glass Vision, a unique next-generation appliance that manages
security information, incident response, and system policy. Author of the
Security FAQ Web site, Karl can be reached at karl.levinson@lgsystems.net.
|
|
|
So you want to get a job in information security? Or perhaps you're already
working in information security (infosec), but want to advance or switch to
another infosec discipline? This article answers the most frequent questions
about information security advancement that Security MVP Karl Levinson is asked.
|
Partners with Expertise in Security Solutions
|
|
With active participation from individuals and
chapters all over the world, the Information
Systems Security Association (ISSA) is the
largest international, not-for-profit
association specifically for security
professionals. Members include practitioners at
all levels of the security field in a broad
range of industries such as communications,
education, healthcare, manufacturing, financial
and government. The ISSA is focused on staying
at the forefront of key industry developments.
From researching the convergence trends in
physical and information security and advocating
a strong role for chief information security
officers to supporting its new educational
partnership with Microsoft, the ISSA is
committed to translating important trends into
actionable programs for its members. To learn
more about what the ISSA can do for you and your
career, please visit the
Web site.
|
|
|
To address security challenges over the long
term, software companies must collaborate more
closely; Microsoft is committed to enabling this
collaboration and is working with industry
leaders, governments, and other key stakeholders
to address the challenges of information
technology security. The SecureIT Alliance is a
Web-enabled collaboration forum between partners
to help members build innovative security
solutions and to communicate with customers
about security solutions and partnerships.
|
Microsoft Product Lifecycle Information
Security Events and Training
|
|
July 29-August 3, Las Vegas, Nevada, U.S.
Featuring some 14 tracks with 90 speakers, Black
Hat Briefings bring together a unique mix in
security: the best minds from government
agencies and global corporations with the
underground's most respected hackers. These
forums take place regularly in Las Vegas,
Amsterdam, Tokyo, and Singapore. Registration
closes July 26.
|
|
|
The IT security market is forecasted to grow by
approximately 20% a year to $52.2 billion by
2008. By enrolling in the Security Solutions
competency, you’ll be in a great position to
capitalize on this exploding market and to
establish yourself as a trusted security
services provider.
|
|
|
It's simple! No complex setup or installation is required to try out Antigen
Server running in a full-featured TechNet Virtual Lab. You get a downloadable
manual and a 90-minute block of time for each module: Antigen Servers:
Protecting SharePoint Servers and Instant Messaging, and Antigen Servers:
Protecting Exchange Server Against Viruses and Spam.
|
Upcoming Security Webcasts
|
|
If you missed Tech·Ed 2006 or want to review
some of the concepts you learned about in
Boston, check out these webcasts covering
Windows Vista, the 2007 Microsoft Office system,
management and operations, security, server
infrastructure, and more.
|
|
|
Wednesday, August 2, 2006, 6:00 PM Pacific Time.
This Microsoft Support webcast discusses
Microsoft Exchange 2003 functionality that helps
prevent spam. It describes the relevant feature,
how the feature works, and how to set up the
feature. This webcast also discusses what filter
to use to achieve the results that you want.
|
Microsoft On Demand Security Webcasts
|
• |
Client Security: Present and Future
Check out these webcasts to get an in-depth
preview of Windows Vista’s holistic approach to
security. From enhanced intrusion prevention to
improved network access protection, learn how
its new or improved security features can help
you provide a usable, manageable and secure
experience in corporate, mobile, and roaming
environments.
|
|
• |
|
|
• |
Microsoft Webcasts MP3 Player Sweepstakes
Attend any live or on-demand Microsoft webcast
within the TechNet, MSDN, MSDN Architecture,
Small Business, Microsoft Business Solutions,
Microsoft Office system, Microsoft Executive
Circle, Momentum, or Security webcast programs
and qualify to win a 30 GB Creative Zen Vision
MP3/video player. Please see the
official rules for details. This offer is
open to residents of the U.S. and Canada only.
|
For IT Professionals: TechNet Webcasts
For Developers: MSDN Webcasts
|
