Welcome to the Microsoft Security Newsletter - a monthly newsletter for IT professionals and developers bringing security news, guidance, updates, and community resources direct to your inbox. To view an online version of this newsletter, please click here. If you would like to receive less technical security news, guidance and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter.
Viewpoint
|
|
By Tyson Greer, CEO, Ambient Insight
It’s no longer true that what happens on the network stays on the network. IT administrators are keenly aware of the potential risks lurking in lightweight devices. This article discusses these risks and outlines a seven-stage mobile device security strategy that can help an organization of any size protect its mobile assets.
|
Top Stories
|
|
Today’s business leaders are putting a premium on providing “anywhere access,” where employees, partners, and customers can securely share and access critical business information from any device and any location, on or off the network. Read the Yankee Group report on the trend toward "anywhere access" and learn how solutions from Microsoft can help realize this vision through increases in agility, productivity, and end-to-end data protection.
|
|
|
This new study sponsored by Microsoft and conducted by the Ponemon Institute examines the perceptions of three different groups of information stakeholders on how privacy and data protection risks are being managed in their organizations. The study is based on survey results collected in September 2007 from a highly experienced group of information security, privacy/compliance, and marketing executives from the public and private sectors.
|
|
|
The Microsoft Security Intelligence Report provides an in-depth view of recent trends that Microsoft has seen in software vulnerability disclosures, in malicious software, and in potentially unwanted software like spyware, adware, and the like. In the newest version of the report, which focuses on the trends observed in the first half of 2007, a new section on software vulnerability exploits has been added. Download a key findings summary, access the full report, and participate in related webcasts today.
|
|
|
A “can’t miss” for developers, this year’s issue starts out with Michael Howard’s discussion of some practical best practices he has learned over the past five years in building secure software at Microsoft. Other topics include techniques for integrating security-related activities -- both automated and manual -- more deeply into the existing development life cycle, concrete examples of automated integration, and deep dives into the different conditions that can cause your applications to fail and how each of those conditions may additionally create security vulnerabilities.
|
|
|
Mobile workers are constantly toting all sorts of confidential information all over the place -- trains and planes, restaurants and hotels, home offices and branch offices. The cost to a company for replacing a laptop is minor compared to the cost of dealing with confidential data that's been compromised. This TechNet Magazine article explores this topic and proposes that this is the security that Windows BitLocker Drive Encryption aims to provide.
|
Security Guidance
|
|
By Chip Vollers, Sr. Product Manager, Microsoft Mobile Communications
IT managers are looking for flexible, end-to-end solutions for single-point access of line-of-business applications and company data on mobile devices. These solutions must be designed for efficient control of devices while offering reliable, low-cost, and consistent manageability that works well with an enterprise’s existing infrastructure. The following are a few key areas that IT professionals should consider when deploying mobile solutions.
|
|
|
In the Windows Server 2008 operating system, Microsoft greatly enhanced the in-the-box feature set of Terminal Services. This article focuses on the network and security design aspects of an anywhere-access solution, rather than on providing details on managing the Terminal Service components. It describes the methods and best practices for creating an anywhere-access solution based on the technology included with Windows Server 2008.
|
|
|
Learn more about this new comprehensive security and device management solution for Windows Mobile devices, which helps you more easily manage devices within the enterprise and delivers a mobile-optimized virtual private network (VPN) for security-enhanced access to the corporate network.
|
|
|
This article describes the complexities of authenticating mobile devices in relation to designing secure applications. Topics include Windows authentication, Microsoft Passport Network authentication, forms authentication, and authentication on devices that do not accept cookies.
|
|
|
The Data Encryption Toolkit for Mobile PCs shows you how to effectively use both the Encrypting File System and Windows BitLocker Drive Encryption across your organization. The Toolkit also provides you with software tools and scripts to help you centrally configure, deploy, and manage encryption settings on all your mobile PCs.
|
|
|
These MSDN Library articles provide an overview of how to use the security services in Windows Embedded CE to create a device that is more secure.
|
|
|
This guide provides best practices and procedures for implementing a mobile messaging system with Windows Mobile 6 powered devices and Microsoft Exchange Server 2007. Topics include Exchange Server 2007, creating a protected communications environment, configuring Microsoft Internet Security and Acceleration (ISA) Server 2006 or a third-party firewall, and mobile device management and configuration.
|
|
|
This guide begins by covering the essential elements of a mobile messaging system and then moves on to guidelines and resources for the deployment of a mobile messaging system, including setting up Microsoft ActiveSync technology for mobile access, creating a protected communications environment, and procedures for setting up and managing mobile devices.
|
|
|
This paper describes how trust is established on the Web through certificate authorities, how digital certificates help establish that trust, and how Secure Sockets Layer (SSL) relies on certificates to function.
|
|
|
Written for IT administrators who are responsible for securing Exchange Server 2007 deployments, this guide is designed to help IT administrators understand and manage the overall security environment where Exchange Server 2007 is installed.
|
|
|
A virtual private network can provide improved connectivity and increased productivity -- and it doesn't need to be difficult to implement and manage. Find out how you can use ISA Server 2006 to address two common VPN scenarios.
|
|
|
Follow this step-by-step guide to create your own Sender of Policy Framework (SPF) record, and receive other valuable tips for implementing the Sender ID Framework. This guide also describes the benefits of authenticated e-mail and of Sender ID implementation for both senders and recipients.
|
|
|
Because mobile devices share many of the same characteristics of desktop systems, there is growing interest in management solutions that can provide the same degree of assurance for asset management, inventory, and protection for mobile devices. Microsoft partners offer a wide range of solutions that provide device management and security functionality for Windows Mobile powered devices. This guide describes and categorizes these solutions.
|
|
|
This topic provides detailed information about the Microsoft Exchange Server 2007 transport permissions model as well as details about Transport Layer Security (TLS), domain security, and externally-secured authentication in Exchange 2007.
|
This Month's Security Bulletins
Critical:
Important:
MVP Update
|
|
|
|
Devin L. Ganger is an Exchange Server MVP and a messaging architect at 3Sharp in Redmond, WA. He is the co-author of the Exchange Server Cookbook and the forthcoming Mastering Microsoft System Center Data Protection Manager 2007. He is a frequent speaker at Exchange Connections, a contributor to Windows IT Pro magazine, and maintains a blog, (e)Mail Insecurity, about Windows security and Exchange Server topics. When he grows up, he wants to be a science fiction author and move to Mars.
|
|
|
By Devin L. Ganger, Exchange Server MVP
Microsoft Exchange Server 2007 is a big win for the security-conscious messaging administrator; however, no installed software can ever be completely secure just by installing it and then forgetting about it. Here are five best practices you can follow to get the best security value out of Exchange Server 2007.
|
Partners with Expertise in Security Solutions
|
|
Ecora Software is a leading provider of automated configuration change and compliance reporting solutions. Auditor 4.1, the company’s flagship software, is designed to reduce the high cost of compliance mandates, lower the cost of downtime, increase overall security, and improve operational efficiency of IT professionals. With built-in protection and anywhere access, Microsoft Exchange Server 2007 works with Ecora Auditor 4.1 to ensure that IT environments are compliant with internal and external policies by giving users an unprecedented view into change management.
|
|
|
Network Engines appliances are designed to ease the deployment, enhance manageability, and increase security of mission-critical software applications. With the NS-IAG family of appliances, which include Microsoft Intelligent Application Gateway (IAG) 2007, Network Engines offers sophisticated endpoint security and application access and network access control features that organizations need to provide their remote and mobile workers with secure access to network resources.
|
Microsoft Product Lifecycle Information
Security Events and Training
|
|
Implementing security and good device management is cheaper in the long run than having a data breach, which can be expensive and hurt a company's reputation. The difficulty is compounded when the devices are remote and not easily managed. Use the resources in this learning path to help you simplify the task of managing your remote devices.
|
|
|
Become familiar with the concepts of authentication, permissions, and authorization. This hands-on lab will teach you to use several tools to understand how an application runs on different security configurations. The lab takes one hour to complete.
|
|
|
Learn how to use Microsoft Office Visio 2007 drawing and diagramming software to enhance visualization and complement your existing security solutions at the Microsoft Office Visio Conference, February 5–6, 2008, at the Microsoft Conference Center in Redmond, WA. This year’s conference will provide you with demonstrations of powerful Visio solutions, an opportunity to network with Visio team leaders, and a preview of the future of Visio. Early Bird Registration rates are available through November 30; visit www.msvisioconference.com to sign up today.
|
Upcoming Security Webcasts
|
|
Windows Server 2008 helps you increase the flexibility of your server infrastructure with powerful new management tools. Learn how new virtualization tools, Web resources, and security enhancements can help you save time, reduce costs, and provide a platform for a dynamic and optimized data center with these webcasts, podcasts, and virtual labs.
|
|
|
View upcoming security webcasts in a dynamic, interactive format.
|
For IT Professionals
For Developers
Microsoft On-Demand Webcasts
|
|
|
Volume 4, No. 11  November 2007 |
|
Upcoming Chats
Windows VPN Server: Interaction with Network Infrastructure Components
November 29, 10:00 AM Pacific Time
Join us for a live Web chat to discuss your queries regarding the deployment and configuration of the VPN server and its interaction with other network infrastructure services. This Web chat will focus on Routing and Remote Access configuration and its interoperability with Domain Name System, network address translator, firewall, and Remote Authentication Dial-In User Service (RADIUS) servers. Your feedback on our product is extremely valuable to us.
Q&A with the Exchange Server MVP Experts
December 5, 10:00 AM Pacific Time
We invite you to attend a Q&A with the Microsoft Exchange Server MVPs. In this chat, Exchange Server MVPs will be on hand to answer your questions about Exchange Server, the Microsoft Office Outlook messaging and collaboration client, and Exchange Server for Windows Small Business Server. If you are thinking of upgrading to Exchange Server 2007 or have questions about Exchange Server 2003, we hope you can join us for this informative online chat.
Q&A with the Security MVP Experts
December 11, 4:00 PM Pacific Time
We invite you to attend a Q&A with the Microsoft Security MVPs. In this chat, the MVP experts will answer your questions regarding online safety issues such as phishing, spyware, and rootkits as well as server-related topics. If you have questions on how to protect your PC, please bring them to this informative chat.
|
|
Additional Security Resources
|
|
|
© 2007 Microsoft Corporation. All rights reserved. Microsoft, ActiveSync, BitLocker, MSDN, Outlook, SharePoint, Visio, Windows, Windows Mobile, Windows Server, and Windows Vista are trademarks of the Microsoft group of companies.
To cancel your subscription to this newsletter, reply to this message with the word UNSUBSCRIBE in the Subject line. You can also unsubscribe at http://www.microsoft.com/info/unsubscribe.htm. You can manage all your Microsoft.com communication preferences at this site.
Legal Information.
This newsletter was sent by the Microsoft Corporation
1 Microsoft Way
Redmond, Washington, USA
98052 |
|
|
|
|
