Welcome to the Microsoft Security Newsletter - a monthly newsletter for IT professionals and developers bringing security news, guidance, updates, and community resources direct to your inbox. If you have suggestions or comments about the Microsoft Security Newsletter, please send us your feedback. To view an online version of this newsletter, please click here. If you would like to receive less technical security news, guidance and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter.
Viewpoint
|
|
By Pat Edmonds, Senior Product Manager, Microsoft Corporation
There are distinct model differences in the ways that Windows Server and Linux are developed. One very clear example is interoperability, which by design is a key element the Microsoft development model. Learn how these model differences translate to real-world security differences to customers.
|
Top Stories
|
|
Microsoft and Novell recently announced the opening of the Microsoft and Novell Interoperability Lab in Cambridge, Massachusetts. The first priority for the lab team will be to ensure interoperability between Microsoft and Novell virtualization technologies. Additional work will include standards-based systems management, identity federation, and compatibility of office document formats. Click here for more details on this collaboration.
|
|
|
An increasingly common configuration for network hosts is to be multihomed with multiple network interfaces. A multihomed host provides enhanced connectivity because it can be simultaneously connected to multiple networks, such as an intranet or the Internet. But because they can be connected to both an intranet and the Internet, services running on multihomed hosts can be vulnerable to attack. In this article, the Cable Guy, Joseph Davies, takes a look at the weak and strong host models of multihomed hosts and then describes how these models are supported in Windows.
|
Security Guidance
|
|
By Eugene Siu, CISSP and Senior Security Consultant, Microsoft ACE Team
Web Services were invented so that developers can treat other systems on the Web as APIs exposed via Web Services. Securing Web Services, therefore, requires you to focus on both deployment and application security. This month's Security Tip offers some valuable deployment and application security tips that can help IT professionals and developers better protect their Web applications.
|
|
|
The Windows Security and Directory Services for UNIX Guide focuses on the use of Microsoft Windows Server 2003 or Windows 2000 Server Active Directory service to provide centralized authentication and authorization services for users in a network that includes both UNIX-based and Windows-based computers. The guide provides guidance in selecting the best solution to meet your authentication and authorization needs, and explains the best practices and major issues that you are likely to face as you implement the solution that is most appropriate for your organization.
|
|
|
If you are moving from CATIA V4 running on UNIX to CATIA V5 running on Windows, you must ensure that the two environments can communicate smoothly. However, there are significant differences in the way these systems approach common tasks, such as file serving, security, and the user interface. Learn about the UNIX and Windows security models and how to integrate them so that users on one operating system can securely use resources on the other.
|
|
|
This article discusses how to use the Windows Vista Boot Manager to boot Linux and provides guidance on building a dual boot system with Windows Vista BitLocker protection with Trusted Platform Module (TPM) support.
|
|
|
This paper shows how to enable interoperability between enterprise class applications based on Java 2 Enterprise Edition (J2EE) and Microsoft .NET using service interfaces, use case interoperability adapters, and use case adapter factories. It covers how to add .NET Framework applications at the Presentation or the Business tier, together with implementing interoperability at the Data tier using message queuing and shared databases.
|
|
|
This appendix, from the Web Service Security guide, provides an overview of interoperability issues that you may encounter when developing Web services secured using Simple Object Access Protocol (SOAP) message security.
|
|
|
This article discusses interoperability based on OASIS WS-Security 1.0 between Microsoft WSE 2.0 and Sun JWSDP 1.5. The walk-throughs will show you all you need to know to configure the two environments for securely signing and encrypting SOAP requests and responses using X509 certificates.
|
|
|
This article explains interoperability based on OASIS Web Services Security (WS-Security) 1.0 between Microsoft WSE 2.0 SP3 and WebLogic Platform 8.1.4. This article is accompanied by a sample application (the Math sample). The Math sample demonstrates how to securely authenticate, sign, and encrypt SOAP messages exchanged between WSE 2.0 SP3 and WebLogic Platform 8.1.4.
|
|
|
The walk-throughs in this article will show you all you need to know to configure the two environments for securely signing and encrypting SOAP requests and responses using X509 certificates.
|
|
|
Microsoft Office SharePoint Server 2007 provides enterprises with a scalable business platform for managing content and integrating line-of-business systems. If you plan to connect to data sources outside of your server farm, use this article to help you plan for single sign-on, which can be used to automatically authenticate users, rather than needing to prompt for credentials.
|
|
|
Windows NT Advanced Server provides an installable component to validate users who are connecting to the Windows NT Advanced Server from a Macintosh. The Microsoft User Authentication Module (UAM) provides a more secure logon session by sending an encrypted password, rather than a straight text password, across the network. Follow these steps to install the Microsoft User Authentication Module on a Macintosh workstation.
|
This Month's Security Bulletins
Critical:
Important:
MVP Update
|
|
|
|
Mitch Ruebush is an Architect and Mentor for Online Consulting, a Microsoft Gold Certified Partner in the mid-Atlantic region. He has been developing on, managing, and securing Windows and UNIX platforms for 14 years and has presented at DevDays, the Microsoft Security Summit, Visual Studio .NET 2002 Launch, user group meetings, and TechNet and MSDN webcasts. He prefers developing on C# and .NET, but also designs and develops solutions in C, C++, Java, VB, VB.NET, and T/SQL on Windows and Linux/UNIX. He is coauthor of MCAD/MCSD: Visual Basic .NET Windows and Web Applications Study Guide, MCAD/MCSD: Visual Basic .NET XML Web Services and Server Components Study Guide, and MCSE: Windows Server 2003 Network Security Design Study Guide for Sybex.
|
|
|
By Mitch Ruebush, Microsoft MVP - C#
Writing secure code can be hard enough when you are working on one platform, but it can become quite difficult when you have to think about communicating between two or more frameworks like Java and .NET. Mitch Ruebush discusses how you can mitigate many issues if you spend some time to plan your approach.
|
Partners with Expertise in Security Solutions
|
|
Centrify enables a secure, connected computing environment by seamlessly integrating your UNIX, Linux, Mac, Java, and Web platforms with Active Directory identity, access, and policy management services. With its patent-pending Zone technology, Centrify delivers the only solution that does not require intrusive reconfiguration of existing systems and provides the detailed administrative control needed to securely manage a diverse set of systems and applications.
|
|
|
Centeris solutions improve management and interoperability of Windows, Linux, and UNIX systems with easy-to-use software for Linux management and administration and cross-platform identity management. Its products, Likewise Admin and Likewise Identity, provide familiar Windows-based tools for system administrators to easily configure server roles and seamlessly integrate Linux and UNIX systems with Active Directory.
|
|
|
Ping Identity Corporation provides enterprise software and services for standards-based Web single sign-on and federated identity management. PingTrust builds on two open security standards that set the stage for true interoperability and a solution that scales. Supporting both .NET and Java applications, Web-based and rich clients, PingTrust can operate on the Web Services client-side, provider-side, or both sides of a Web Service transaction.
|
Microsoft Product Lifecycle Information
Security Events and Training
|
|
More than 100 million private, proprietary data records have been lost or stolen in the last two years, leading to loss of revenue and public embarrassment for many organizations. Understanding how to use technology during the collection, storage, backup, usage, retention, and destruction of proprietary data records can help mitigate information leakage. Use the resources in this learning path to help you simplify the task of protecting your data records.
|
|
|
Take advantage of these webcasts, virtual labs, and podcasts to learn how Microsoft unified communications technologies help simplify administration across the board. Discover how you can manage only one directory to support e-mail, voice mail, instant messaging, voice calls, audio conferencing, and video conferencing. We show you how to use software to unify telecommunications systems and IP networks and to streamline administration while delivering secure communications.
|
|
|
Whether deploying Windows in a Linux or UNIX environment, or vice versa, identity management can be a challenge. This Port 25 podcast explores issues related to implementing identity management solutions and focuses primarily on the importance of policies.
|
Upcoming Security Webcasts
|
|
Find upcoming security webcasts in a dynamic, interactive format.
|
For IT Professionals
For Developers
Microsoft On-Demand Webcasts
| • |
|
| • |
TechNet Webcast: UNIX Interoperability in Windows Server 2008 (Level 200)
Join this session to see how the UNIX interoperability components in Windows Server 2008 can help you integrate UNIX and Windows-based systems to reduce costs and deliver a complete solution. Among the topics explored in this session are identity management in a mixed environment and using the SUA managing identification.
|
|
|
|
Volume 4, No. 10  October 2007 |
|
Upcoming Chats
Meet the People Who Are Changing the Web at MicrosoftOctober 24, 10:00 AM Pacific Time
Here's your chance to chat with two of the most influential people on all things Web at Microsoft. Scott Guthrie, General Manager - .NET Developer Platform, and Bill Staples, Principal Product Unit Manager - Internet Information Services (IIS) Product Team, have helped shape the way Microsoft thinks and executes in the Web space. Don't miss your chance to chat and ask some questions!
|
|
Additional Security Resources
|
|
|
© 2007 Microsoft Corporation. All rights reserved. Microsoft, Active Directory, BitLocker, MSDN, SharePoint, Visual Studio, Windows, Windows NT, Windows Server, and Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
To cancel your subscription to this newsletter, reply to this message with the word UNSUBSCRIBE in the Subject line. You can also unsubscribe at http://www.microsoft.com/info/unsubscribe.htm. You can manage all your Microsoft.com communication preferences at this site.
Legal Information.
This newsletter was sent by the Microsoft Corporation
1 Microsoft Way
Redmond, Washington, USA
98052 |
|
|
|
|
