Welcome to the Microsoft Security Newsletter - a
monthly newsletter for IT professionals and developers
bringing security news, guidance, updates, and community
resources direct to your inbox. If you have suggestions
or comments about the Microsoft Security Newsletter,
please
send us your feedback. To view an online version of
this newsletter, please click
here.
Viewpoint
|
|
By Ian Hameroff, CISSP, Sr. Product Manager,
Security and Access Product Marketing, Microsoft
Corporation
This article takes a closer look at the three
parts of the integrated, secure client solution
-- Microsoft Forefront Client Security, Windows
Vista, and Server and Domain Isolation -- and
how you can bring them together by using the
Active Directory directory service.
|
Top Stories
|
|
Microsoft has released a public beta of
Forefront Client Security, a new product that
helps to protect business desktops, laptops, and
server operating systems against viruses,
spyware, and other threats. Forefront Client
Security integrates with existing infrastructure
software, such as Active Directory, and
complements other Microsoft security
technologies for better protection and greater
control. Download the beta today and see how
Forefront Client Security can help you protect
your business with greater efficiency and
confidence.
|
|
|
As consumers increasingly rely on the Internet
for shopping, banking, e-government, and other
activities, privacy has become both a major
public concern and a barrier to the growth of
Internet services and e-commerce. Microsoft has
released a set of public privacy guidelines for
developing software products and services,
designed to help software developers build
solutions and applications that address
customers' privacy concerns.
|
|
|
Using data derived from several hundred million
Windows users, this report provides an in-depth
perspective on trends in the landscape of
malicious and unwanted software.
|
Security Guidance
|
|
By Fernando Cima, Senior Security Consultant,
Microsoft Security Center of Excellence
Server and Domain Isolation is a great solution
for protecting your systems and your information
against network attacks. Here are some tips
collected from successful SDI implementations
worldwide.
|
|
|
Forefront Security for Exchange Server is an
on-premise solution that provides protection for
Microsoft Exchange Server 2007 Edge, Hub, and
Mailbox roles. Read about the key features that
customers who want to protect their Exchange
2007 environments will see in the
beta of Forefront Security for Exchange
Server, and then download the beta and the
user guide.
|
|
|
Microsoft Forefront Security for SharePoint
helps businesses protect their Microsoft Office
SharePoint Portal Server 2007 and Windows
SharePoint Services 3.0 servers from viruses,
unwanted files, and inappropriate content. Learn
about the key features that customers who want
to protect their SharePoint document libraries
will see in the beta of Forefront Security for
SharePoint, and then download the
beta.
|
|
|
This guide is designed to support a Server and
Domain Isolation solution through all stages of
the IT lifecycle, starting at the initial
evaluation and approval phase, and continuing
through to deployment, testing, and management
of the completed implementation.
|
|
|
This document discusses the issues and concerns
that organizations may face when they apply the
least-privileged user account (LUA) approach to
computers that run Windows XP. This paper also
describes the high-level issues that affect
implementation of the LUA approach, and provides
useful links to other online resources that
explain these concepts in more detail.
|
|
|
A LUA bug occurs when an application -- or a
feature of an application -- works correctly
when it is run using elevated privileges but
fails to work for a LUA user when there is no
technical or business reason for requiring
elevated privileges. Learn about running with
least privilege and how to take advantage of the
benefits and how to deal with the challenges.
|
|
|
A good resource to help plan strategies to
secure administrator-level accounts in Windows
NT–based operating systems such as Windows
Server 2003 and Windows XP, this guide provides
steps you can take to secure your local and
domain-based administrator-level accounts and
groups. It also addresses the problem of
intruders who acquire administrator account
credentials and then use them to compromise the
network.
|
|
|
This guide is designed to help administrators
reduce the effect of a compromised service on a
host operating system. It describes how to
identify services that can run with lesser
privileges, and how to downgrade those
privileges methodically.
|
|
|
This guide provides instructions and
recommendations to help strengthen the security
of desktop and laptop computers that run Windows
Vista in a domain that uses Active Directory. In
addition to the solutions that the Windows Vista
Security Guide prescribes, the guide includes
tools, step-by-step procedures, recommendations,
and processes that significantly streamline the
deployment process.
|
|
|
This white paper provides guidelines and
suggested best practices for independent
software vendor (ISV) developers about how to
integrate with the new security infrastructure
of User Account Control (UAC) on Windows Vista
Beta 1.
|
|
|
Learn about Authenticated Internet Protocol
(AuthIP), an enhanced version of the Internet
Key Exchange (IKE) protocol that provides
simplified IPsec policy configuration and
maintenance in many configurations, and that
provides additional flexibility for IPsec peer
authentication.
|
This Month's Security Bulletins
Critical:
Important:
MVP Update
|
|
|
|
Microsoft Windows Security MVP Debra Littlejohn
Shinder is a technology consultant, trainer, and
writer who has authored books about computer
operating systems, networking, and security,
including Scene of the Cybercrime: Computer
Forensics Handbook, published by Syngress,
and Computer Networking Essentials,
published by Cisco Press. She is also a
technical editor, developmental editor, and
contributor to more than fifteen additional
books on subjects such as the Windows 2000 and
Windows 2003 MCSE exams, the CompTIA Security+
exam, and TruSecure's ICSA certification.
|
|
|
By Debra Littlejohn Shinder, MCSE
This article provides an overview of the basic
components that are involved in deploying secure
Windows client computers, with the main focus on
using security mechanisms that are integrated in
the Windows XP operating system and those that
are available free from Microsoft.
|
Partners with Expertise in Security Solutions
|
|
A member of the
SecureIT Alliance, SafeNet is the world's
sixth-largest information security company, with
a 20-year history and more than 5,000 customers
in 100 countries worldwide. SafeNet's enterprise
solutions consist of hardware and software–based
products such as: high-speed link encryption
devices; VPN appliances; hardware security
modules that secure and manage Public Key
Infrastructure (PKI) server keys; authentication
and single sign-on software solutions; and
Universal Serial Bus (USB) tokens and smart
cards for strong user authentication. SafeNet's
security products complement and add value to
Microsoft security solutions in the areas of
Active Directory, Certificate Services, Rights
Management, Internet Information Services (IIS)
and Internet Security and Acceleration (ISA)
Server, VPN, Encrypting File System (EFS), and
Cryptographic Application Program Interface (CAPI).
|
Microsoft Product Lifecycle Information
|
|
* After December 6, 2006, Microsoft will no
longer support Software Update Services (SUS)
1.0 and SUS 1.0 SP1. Also, SUS 1.0 and SUS 1.0
SP1 will no longer synchronize new update
content from Microsoft. We recommend that you
upgrade to
Windows Server Update Services (WSUS) before
December 6, 2006.
* Editor's Note: On November 15, 2006, Microsoft
announced that it will continue to support SUS
1.0 until July 10, 2007. Please click here
for more details.
|
Security Events and Training
|
|
Find webcasts, virtual labs, and other resources
to help you enhance your client security. Then,
preview the new and improved security features
in Windows Vista. From enhanced intrusion
prevention to improved network access
protection, Windows Vista security features can
help you provide a more usable, manageable, and
secure experience in corporate, mobile, and
roaming environments.
|
Upcoming Security Webcasts
Microsoft On-Demand Security Webcasts
|
• |
Advanced Security Measures for Clients and
Servers (Level 200)
This webcast presents advanced prescriptive
guidance about how to secure servers and clients
in medium-sized and enterprise environments. Get
in-depth information about techniques and best
practices for securing servers, and see
demonstrations of technologies and practices
that you can use to enhance security for local
and remote clients.
|
|
• |
Implementing Client Security on Windows 2000 and
Windows XP (Level 200)
Learn the requirements for securing client
computers in environments where Windows Server
2003 and Windows 2000 Server are present. This
webcast discusses the use of Group Policy and
administrative templates to secure Windows 2000
and Windows XP client installations, and shows
how to configure the Microsoft Office System and
Windows Internet Explorer for increased client
security.
|
For IT Professionals: TechNet Webcasts
For Developers: MSDN Webcasts
|
