Welcome to the Microsoft Security Newsletter - a monthly newsletter for IT professionals and developers bringing security news, guidance, updates, and community resources direct to your inbox. If you have suggestions or comments about the Microsoft Security Newsletter, please send us your feedback. To view an online version of this newsletter, please click here. If you would like to receive less technical security news, guidance and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter.
Viewpoint
|
|
By Ido Dubrawsky, Security Advisor, Microsoft Communications Sector
In this month’s Viewpoint, learn how and why the hardened perimeter is giving way to a process known as “de-perimeterization” -- the slow disappearance of the perimeter network (also known as DMZ, demilitarized zone, and screened subnet) in order to accommodate the reality of today’s business networks and environment.
|
Top Stories
|
|
For as much coverage as it gets, there are still a lot of questions and misconceptions about User Account Control (UAC). Here’s a frank discussion about what UAC is, what it is not, and how it should affect the way you manage systems.
|
|
|
Businesses need to eliminate the damaging effects of malicious software (also called malware) and attackers by using comprehensive tools for scanning and blocking harmful content, files, and Web sites. Learn how Microsoft Internet Security and Acceleration (ISA) Server helps provide access protection with intrusion detection, flood mitigation, spoof detection, and other sophisticated attack detection features.
|
|
|
Choose one of several options for evaluating Microsoft Internet Security and Acceleration (ISA) Server 2006 and Microsoft Intelligent Application Gateway (IAG) 2007. Check out a demonstration toolkit, download free ISA Server 2006 trial software, or test drive products through TechNet Virtual Labs.
|
|
|
By enabling the widest possible set of interactions between clients and services, WCF security introduces a degree of complexity that is difficult to master. In this article, Juval Lowy offers a declarative security framework designed to eliminate that complexity without decreasing security or configuration flexibility for the supported scenarios.
|
Security Guidance
|
|
By Uri Lichtenfeld, IAG Product Manager, Microsoft Corporation
Having access from anywhere can drive productivity, but it is challenging for companies to create a user experience that is both easy to manage and that helps to protect against security risks. This article describes how Microsoft Intelligent Application Gateway 2007 provides tools to help companies publish applications in a more secure and user-friendly manner and achieve a better balance between access and security.
|
|
|
Increased connectivity means that domain members on an internal network are increasingly exposed to significant risks from other computers on the internal network, in addition to breaches in perimeter security. This guide presents a concept of logical isolation that embodies two solutions: server isolation to ensure that a server accepts network connections only from trusted domain members or a specific group of domain members; and domain isolation to isolate domain members from untrusted connections. These solutions can be used separately or together as part of an overall logical isolation solution.
|
|
|
This guide provides you with essential information about how to harden and securely administer computers running ISA Server 2006 Enterprise Edition or ISA Server 2006 Standard Edition. In addition to practical, specific configuration recommendations, this guide includes ISA Server deployment strategies.
|
|
|
This guide provides in-depth information about IAG 2007 functionality and how to use its various components and options. It includes step-by-step instructions on how to configure, maintain, monitor, and control IAG servers.
|
|
|
This guide provides details on advanced configuration and capabilities of IAG, including security management tools, customizing Web pages, access control, session settings, and more.
|
|
|
Windows Firewall with Advanced Security, a Microsoft Management Console (MMC) snap-in tool in Windows Vista is a stateful, host-based firewall that filters incoming and outgoing connections based on its configuration. IPsec and firewall configuration can now be done together in this snap-in. This article describes how Windows Firewall with Advanced Security works, what the common troubleshooting situations are, and which tools you can use for troubleshooting.
|
|
|
Windows Server System Reference Architecture (WSSRA) is an integrated set of service solutions based on architectural guidance for typical enterprise scenarios. This section of the WSSRA guide provides information on the design used in the CDC scenario to provide a secure firewall solution between the Internet and the perimeter networks of the CDC infrastructure.
|
|
|
This guide helps you to select a suitable firewall product for your organization's perimeter network. It presents the different classes of available firewalls and highlights their significant features. It also gives you guidance in determining your own requirements and helps you to select the most appropriate product for your perimeter firewall.
|
|
|
This white paper explains how to get replication to function properly in environments where an Active Directory forest is distributed among internal perimeter networks and external (Internet-facing) networks.
|
|
|
Most firewalls are used to control "inbound traffic" to the server; they generally do not control "outbound traffic" to clients. However, ports in your firewall for outbound traffic may be closed if a more stringent security policy is implemented on your server network. This article describes how to allocate ports for Windows Media Services and configure Windows Firewall for Windows Media Services, and it also gives firewall and registry settings for Distributed Component Object Model (DCOM).
|
This Month's Security Bulletins
Critical:
Important:
MVP Update
|
|
|
|
Chema Alonso is a computer engineer currently working on a Ph.D. at the Rey Juan Carlos University, who also works as a Security Consultant for Informática64. He presents at more than 100 speaking engagements each year and has participated in Security Days, MSDN events, DotNet Club, Training Days, TechNet events, and other IT pro events together with the local Microsoft Developer & Platform Evangelism teams. Chema also writes technical articles for specialized press outlets such as IT Magazine and PCWorld. You can contact him via his blog at http://www.elladodelmal.com.
|
|
|
By Chema Alonso, Microsoft MVP - Windows Security
This article describes how attackers take advantage of SQL injection vulnerabilities by using time-based, blind SQL injection with heavy queries. The goal is to highlight the need for establishing secure development best practices for Web applications instead of relying only on the security provided by perimeter defenses.
|
Partners with Expertise in Security Solutions
|
|
BitDefender Security for ISA Servers offers antivirus and antispyware protection for web traffic, including protection for data received through webmail. BitDefender Security for ISA Servers integrates with the Microsoft ISA Servers through two application filters (ISAPI) offering antivirus and antispyware protection for HTTP, FTP, and FTP through HTTP traffic.
|
|
|
McAfee’s Internet gateway suites, services, and appliances help you stop malicious attacks at the gateway to your network, before they harm your business-critical systems. McAfee SecurityShield for Microsoft ISA Server combines anti-virus, anti-spam, and content filtering in an integrated security solution for Microsoft ISA Servers.
|
|
|
Trend Micro can help you protect your users from viruses and malicious code by blocking them at the Internet gateway -- before they reach endpoint devices and slow your network. InterScan WebProtect for ISA is an easy-to-install addition to Microsoft ISA Server that offers high performance and simplified management via a Web-based console, and requires no additional hardware purchases.
|
Microsoft Product Lifecycle Information
Security Events and Training
|
|
After completing this lab, you will be more familiar with Remote Access with IAG 2007, Secure Remote Access with ISA 2006, use configuration, Branch Office Security with ISA 2006, BITS Caching Functionality of ISA Server, new DFS Replication (DFS-R) Functionality in Windows Server 2003 R2, Internet Access Protection with ISA 2006, and Flood Resiliency Functionality of ISA Server.
|
|
|
After completing this lab, you will be better able to create an IAG portal Web site, add Microsoft Office Outlook Web Access to the IAG portal Web site, configure endpoint policies, add a non-Web application to the SSL-based portal Web site, and configure a secure socket layer virtual private network (SSL VPN) connection using IAG Network Connector.
|
|
|
This online clinic provides students with knowledge and skills essential for the creation of applications with enhanced security. Students will learn about the need for implementing security at every stage of the development process and best practices for applying security principles. Students will also learn how to use established threat-modeling methodologies and tools with other best practices to minimize vulnerabilities and limit damage from attacks. Finally, students will learn how to implement security features to enhance security for Web applications and Web services that are built by using Microsoft ASP.NET.
|
Upcoming Security Webcasts
|
|
Wednesday, October 3, 11:00 AM Pacific Time
Kapil Tandon, Senior Product Manager, Microsoft Corporation
|
|
|
Find upcoming security webcasts in a dynamic, interactive format.
|
For IT Professionals
For Developers
Microsoft On-Demand Webcasts
| • |
TechNet Webcast: Overview of Microsoft Edge Secure Access Technologies (Level 200)
From proxy to tunneling, Microsoft Internet Security and Acceleration (ISA) Server 2006 and Intelligent Application Gateway (IAG) 2007 facilitate and secure remote access for enterprises and small businesses alike. In this webcast, we explore the architecture of both solutions in detail, analyzing each feature and describing how the technologies dive into packet flow. Learn how both ISA Server and IAG can provide secure, remote access. We examine real-world scenarios to see how ISA Server and IAG can deliver comprehensive solutions for any customer's needs.
|
| • |
TechNet Webcast: Overview of Forefront Edge Secure Access Technologies (Level 300)
From proxy to tunneling, Microsoft Forefront edge security and access products -- Microsoft Internet Security and Acceleration (ISA) Server 2006 and Intelligent Application Gateway (IAG) 2007 -- facilitate and secure remote access for enterprises and small businesses alike. In this webcast, we explore the architecture of both solutions in detail, analyzing each feature and describing how the technologies dive into packet flow. Learn how both ISA Server and IAG can provide secure, remote access. Join us as we examine real-world scenarios to see how ISA and IAG can deliver comprehensive solutions for any customer's needs.
|
| • |
|
|
