Security: The Great Debate: Security by Obscurity
Security by obscurity involves taking measures that don't remove an attack vector but instead conceal it. Some argue that this is a bad practice while others claim that as part of a larger strategy, every bit counts. The debate is quite heated, and some of our finest security experts face off, explaining security by obscurity and presenting both sides of the debate.
Security: New Elevation PowerToys for Windows Vista
Michael Murgolo is back with an update to his Elevation PowerToys. You'll find enhanced Run as Administrator functionality that works with third-party scripting tools, a way to replace a handy Windows XP feature removed from Windows Vista, and many more useful tools.
Security: Advances in BitLocker Drive Encryption
Windows Vista SP1 and Windows Server 2008 introduce important changes to BitLocker, including support for data volumes and improved protection against cryptographic attacks. Byron Hynes explores the new features, demonstrates how to use BitLocker on a server, and discusses some of the recent media coverage affecting BitLocker.
Security: Application Lockdown with Software Restriction Policies
When you want to reduce the total cost of ownership of the desktop machines in your organization, application lockdown can be a great help, letting you limit IT issues related to unsupported applications. See how you can use software restriction policies and Group Policy to control the applications being run throughout your IT infrastructure.
Security: Managing the Windows Vista Firewall
The recent update to the Windows Vista Firewall offers some impressive new features that make it a compelling choice for the corporate environment. Jesper Johansson gives a brief overview of the evolution of the Windows Firewall and delves into enhancements—such as new rules and profiles, domain isolation, and encryption—that will have administrators taking a closer look.
Security: Secure E-Mail Using Digital Certificates
Secure Multi-Purpose Internet Mail Extensions let you hide information in transit, validate senders, and authenticate messages. Learn how to secure e-mail using digital certificates and how to troubleshoot problems you may encounter on your S/MIME system. Matt Clapham and Blake Hutchinson
In the first part of this blogpost I’ve explained how you can install and what to expect during the installation of the server components of SCVMM 2008 Beta.
Now we are going through the Console installation ( not much to go through though) and I’ll show how to add a Hyper-V host to SCVMM both using the console or by using PowerShell.
First you install the console and here again it’s very straightforward. First we show you some legal license terms, do a prerequisite check and ask for the installation location/
I’ve installed this onto my Windows Server 2008 (x64) box and the install process added the .Net Framework and PowerShell feature before installing the SVMM Console. After this setup you can run the SCVMM console.
Let’s now add my Hyper-V host.
First of all you need to define which host you will add a domain joined, one in the perimeter or another host.
Fill in the Host server name and go on with the installation. As you can see SCVMM detects which kind of Virtualization technology your host machine is using in my case it was Hyper-V. In the following screens you need to define to which host group you are going to add this machine, define the default storage paths and enable the remote control capability.
In our case we will add this server to the All hosts group and enable the Remote control capability, also not the view script button. Here you have the choice either you click on install or you click on view script and you will then be able to copy the PowerShell script to add this host through PowerShell instead of using the console. Here is how this script looks like:
$Credential = get-credential
$VMHostGroup = Get-VMHostGroup -VMMServer localhost | where {$_.Path -eq "All Hosts"}
Add-VMHost -VMMServer localhost -ComputerName "hysrv02.virtual.local" -Description "" -Credential $Credential -RemoteConnectEnabled $true -RemoteConnectPort 5900 -VmPaths "e:\" -Reassociate $false -RunAsynchronously -VMHostGroup $VMHostGroup
I used the PowerShell script and it went fine, once you run the script there is a job scheduled. You can monitor all steps executed during the job by clicking onto the jobs console.
This is the actual console after adding the host, as you can see on the screenshot he detected all my virtual machines running onto this host.
In the coming days weeks I will be playing with this software more extensively and share my findings with you.
As I mentioned in me previous post System Center Virtual Machine Manager (SCVMM) 2008 Beta is available for download and as a coincidence (believe it or not but it's true) I installed the bits today to test this new management tool.
The installation process of SCVMM is very straightforward during the setup you have 4 different options you can Install in this post we will focus on the Server and Administration tool, furthermore I’ll show some screenshot's on how to add a Hyper-V host machine and how it recognize my VM’s running onto the physical box.
First I did run the Server setup process.
The install process checks if all pre-requisites are met based on the Hard- and Software Requirements.
Next you need to specify the installation path note that this is not the location where we will store the VM Library it’s just for the SCVMM program files.
Here you have the option either to use an existing SQL Server 2005 Server or to install the SQL Server Express edition, know that the express edition has some limitations compared to the full blown server.
The next step is to define the Library share, this is the location where you can store the different VM templates, offline VHD’s, ISO, scripts, etc ….
By default SCVMM will create the MSSCVMMLibrary share as shown on the above screenshot but you can easily select another share and this can be a local share or an existing share onto a file server for example.
With the installation almost done you now need to define which ports SCVMM will use for the server connection, agent connection and file transfer. If your’e firewall is enabled the install process will try to open those ports.
This concludes the installation of the server components. Now we need to install the management console to be able to manage our virtual environment, note that this can be installed onto another server.
In the part II of this blogpost I’ll go through the Console installation.
It has been announced at MMS conference during Bob Muglia his keynote System Center Virtual Machine Manager 2008 Beta is publicly available at the connect site.
System Center Virtual Machine Manager 2008 enables customers to configure and deploy new virtual machines and to centrally manage their virtualized infrastructure, whether running on Windows Server 2008 Hyper-V, Microsoft Virtual Server 2005 R2 or VMware ESX Server. When used in conjunction with the broad System Center management suite, customers can use SCVMM 2008 to effectively manage both their virtualized and physical servers and applications.
Some of the key features of SCVMM 2008 are:
- Clustering support. You will now be able to support Quick-Migration functionality
- Performance Resource Optimization, this allows Operation Manager support.
- Delegated administration.
- Support for managing Hyper-V and VMware ESX
You can download the beta from: http://connect.microsoft.com/
Speaker : Steve Riley – Senior Security Strategist – Microsoft Corporation
When : May 27th – full day event
Where : Utopolis Mechelen
Audience : IT Professionals, Security TDM's
Registration Link : https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032378435&Culture=en-US
Event Overview
It's 11:00 PM, do you know where your data is?
Long gone are the days when you knew your data was safe because it resided only in your data center. The explosive proliferation of laptops, notebooks, handheld computers, smartphones, removable drives, and Internet file storage demands that we rethink how we protect information. Because it's the information the bad guys are after, and because the information flows so freely from device to device, our obligation is to protect the information. People want to work wherever they can find a computer and an Internet connection. How can you make this work? Steve Riley will consider strategies and explore technologies to help you solve a number of thorny problems: how to classify mobile data, how to keep track of where it is, and how to control its movement.
Microsoft security intelligence report
The Microsoft Security Intelligence Report (SIR) provides an in-depth perspective on the changing threat landscape including software vulnerability disclosures and exploits, malicious software, and potentially unwanted software. Using data derived from more than 450 million Windows users, and some of the busiest online services on the Internet, this report provides an in-depth perspective on trends in software vulnerability disclosures as well as trends in the malicious and potentially unwanted software landscape, and an update on trends in software vulnerability exploits. The scope of this report has been expanded to include a focus on privacy and breach notifications, and a look at Microsoft’s work supporting law enforcement agencies worldwide in the fight against cyber criminals. The purpose of the SIR is to keep Microsoft’s customers informed of the major trends in the threat landscape and to provide valuable insights and security guidance designed to help customers improve their security posture in the face of these threats.
The fortified data center in your future: Build it now and they will come
Relax for a moment. Let your mind wander to thoughts of your corporate network—with its myriad authentication schemes, its haphazard collection of client computers in various states of (non)conformance, its proliferation of access methods, its data centers with too many ways in and out. Feel like you want to just burn it all down and start over? Well, perhaps you should—and when you do, you can implement something that’s simpler, more secure, well managed, and less expensive. Over the years, Steve Riley has hinted at this idea, advocating the demise of the traditional corporate network, with its no longer useful distinction between “inside” and “outside.” Instead, organizations should move toward using the Internet as their infrastructure, where all clients and a physically and electronically fortified data center live “live on the ‘net.” The question, then, is how to build this data center? Effective security and management are absolutely essential to realize this vision. Steve will show how combining the Microsoft ForeFront family of security products with the System Center family of management solutions provides the necessary foundation for building your data center of the future—today. Don’t delay, because your business competitors are already doing it!
Oh no, we’ve been hacked, now what? Developing an incident response process
Sooner or later, the unimaginable becomes the inevitable: your information security will get breached and your systems will get attacked. It might be a mild brief denial of service or a full-on concerted effort to wipe you off the Internet, but it will happen. There’s only one real question you need to answer: are you ready? Do you have the skills, techniques, tools, and organization to respond and recover? Fact is, most of us fail to plan for such a fateful day—leading to panic, indecision, and mistakes. Our jobs as defenders of information fall into three overarching categories of protection, detection, reaction. Mobilizing an organized team with a well-designed and tested reaction plan is the only effective way to recover from the attack and quickly return to business as usual. Steve Riley will show you how to build such a team and how to prepare it for success.
08.30 - 09.00 Welcome and Registration
09.00 - 10.30 It’s 11:00 PM, do you know where your data is?
10.30 - 10.45 Break
10.45 - 12.00 Microsoft security intelligence report
12.00 - 13.00 Lunch
13.00 - 14.30 The fortified data center in your future: Build it now and they will come
14.30 - 14.45 Break
14.45 - 16.00 Oh no, we’ve been hacked, now what? Developing an incident response process
Speaker : Steve Riley - Senior Security Strategist - Microsoft
Steve Riley is a senior strategist and worldwide security evangelist in Microsoft's Trustworthy Computing Group. Steve specializes in the process of information security, including policies, networks, and hosts.
Steve is a frequent and popular speaker at conferences worldwide, working to spread a better understanding of security science. He also spends time with individual customers to learn the security pain they face and show how some of that pain can be eliminated. Having been born with an Ethernet cable attached to his belly button, Steve grew up in networking and telecommunications. Besides lurking in the Internet's dark alleys and secret passages, he enjoys freely sharing his opinions about the intersection of technology and culture.
Learn how to streamline workflow, reduce idle time, and accelerate research and development with Windows HPC Server 2008. Join us for an inside look at this new edition of Windows Server for high performance computing (HPC) environments, which can efficiently scale to thousands of processing cores. See how the comprehensive deployment, administration, and monitoring tools help improve the productivity and reduce the complexity of your HPC environment.
http://go.microsoft.com/?linkid=8771027
24 Hours of Windows Server 2008
http://go.microsoft.com/?linkid=8550648
Tune in and learn about the new features and enhancements in Windows Server 2008 and prepare yourself to implement it in your environment. Experts explain how you can use Windows Server 2008 to improve your organization's networking infrastructure and security, server performance and reliability, remote resource access, and client deployment. Explore scenarios that focus on virtualization, Web applications, server management, Active Directory, security, and compliance.
24 Hours of SQL Server 2008
http://go.microsoft.com/?linkid=8403852
Discover how Microsoft SQL Server 2008 creates a more secure, reliable, and scalable platform for your network infrastructure and helps ensure that your data is available and secured. Join us for this webcast miniseries and see how SQL Server 2008 provides data warehousing with improved scalability, manageability, and performance. Also, learn about streamlining data integration, improvements to the reporting service architecture, data mining and analysis services design, and other performance improvements.
Windows Administration: Active Directory Backup and Restore in Windows Server 2008
Windows Server 2008 and the new Windows Server Backup utility bring many changes and welcome enhancements to backing up. Here is an in-depth guide to backing up and restoring Active Directory in the new server OS.
Windows Administration: Designing OU Structures that Work
Too many administrators underestimate the importance of having a well-designed Organizational Unit structure. Find out why having a sound OU strategy is important and determine the best OU structure for your organization.
Windows Administration: Extending the Active Directory Schema
Many applications that rely on Active Directory define their own changes to the schema. But it's important that these changes don't impact other applications. Get an overview of extending the Active Directory through the classSchema and attributeSchema objects.
System Center: Introducing System Center Mobile Device Manager
The new System Center Mobile Device Manager provides a complete set of tools for managing Windows Mobile devices through an MMC snap-in or via Windows PowerShell. Find out how this vital tool will allow you to manage mobile devices, increase security, and deliver mobile VPN capabilities.
System Center: What's New in System Center Essentials SP1
Service Pack 1 introduces significant enhancements for System Center Essentials 2007. Explore some of the key changes that will improve the user experience and streamline administration
On a regular base customers ask me when to choose for Windows Server 2008 Terminal Services instead of adding the additional functionality of Citrix XenApp (aka Presentation Server).
Citrix and Microsoft have collaborated and articulates the value that XenApp provides over and above Terminal Services to help you decide which technology is the most suitable for your project.
Citrix Presentation Server on Windows Terminal Services- A Feature Analysis
I always wondered why the IIS team didn't have any PowerShell provider or Cmdlets to manage the IIS platform through PowerShell, I know they had the AppCmd commandline tool to manage IIS from the commandline. But now the IIS team released their PowerShell provider to manage IIS servers.
Here is what you can do with the provider:
Create Websites, Applications, Application Pools, etc Change different configuration properties on the Websites, Application Pools, Virtual Directories and more Add, Change, Search and Discover Configuration Settings I've installed the provider on one of my IIS demo boxes and here is what you can do to use it:
- You can use the shortcut created by the IIS Provider install package
- You can add the snapin into your PowerShell console by typing "Add-PSSnapin -name IISProviderSnapin"
- You can add the Add-PSSnapIn IIsProviderSnapIn to your profile.ps1 script, if this doesn't exist you need to create it manually in "My Documents\WindowsPowerShell"
After doing this I want to get a list of websites on my IIS Box:
Let's do one more basic example, create a new website:
- Let's create the website directory by using the PowerShell console, here I used the mkdir alias but I also could use the new-item cmdlet
- Now by using the set-content cmdlet I create a simple default.htm page
- Finally we are going to create the website TestSite with port 83
Let's list the sites configured onto my demobox:
The IIS team created 9 how-to pages to get you started using the provider have a look at:
http://learn.iis.net/page.aspx/447/managing-iis-with-the-iis-70-powershell-provider
The IIS 7.0 PowerShell Provider can be found here:
x86: http://www.iis.net/downloads/1664/ItemPermaLink.ashx
x64: http://www.iis.net/downloads/1665/ItemPermaLink.ashx
Going through my blogs I spotted this handy tip regarding Registry settings in the child partitions of Hyper-V.
Imagine you have multiple Hyper-V hosts serving multiple guests or child partition, in my setup I always use a tool called BGInfo to put machine relevant information onto my background, now this is quite handy you always have a view on which machine you are working. Now running in a Virtual world I would also be nice to know on which physical machine you are running the VM, the following registry keys will help you find out on which machine you are running:
HKLM\Software\Microsoft\Virtual Machine\Guest\Parameters
HostName
PhysicalHostName
PhysicalHostnameFullyQualified
VirtualMachineName
If you are using the bginfo tool you can adapt the settings to always show the Physicalhostname so you will always know on which Hyper-V host you are running.
A few weeks ago I blogged about a virtual roundtable event around Windows Vista with some industry experts, Mark Russinovich led the discussion with industry experts and invited IT Pro's. The discussion was all about adopting and deploying Windows Vista into a desktop infrastructure and the panel talked about the challenges, workarounds, and tips & tricks they have learned along the way.
Video: Mark Russinovich talks real-world Windows Vista deployment
Interested to know more? Watch this session on demand here
A few weeks ago when I was presenting the Windows Server 2008 overview session at our launch event in Ghent I talked about the fact that with Windows Server 2008 and the new admx Group policy administrative templates we would be introducing something called "Starter Group Policy Objects".
Yesterday we released two of those starter GPO to let you apply Group Policies for Windows Vista and Windows XP SP2 or later.
The Starter GPO's in the Windows Vista package are based on recommended settings for the Specialized Security— Limited Functionality (SSLF) and Enterprise Client (EC) environments, as documented in the Windows Vista Security Guide (http://go.microsoft.com/fwlink/?LinkId=74028).
The Starter GPO's in the Windows XP SP 2 or later package are based on the same settings for the same environments, as documented in the Windows XP Security Guide (http://go.microsoft.com/fwlink/?LinkId=14839).
Download now: http://go.microsoft.com/fwlink/?LinkId=115690
Last weekend I heard on the news that a Belgian was arrested because he was using someone else his wireless connection, in this case the person who did it parked his car in front of a house and was using the wireless connection, moments later he gets arrested received a fine and was released shortly after that.
Now while he wasn't really the neighbor should he get a fine because one was not securing his network? Connecting by accident onto your neighbors access point is one thing but sitting in your car in front of a house is another.
On the other hand the one who let his wireless connection unsecured should be educated that this can be a dangerous situation for him.
Here is what can happen if you let you're wireless open:
http://www.nytimes.com/2006/03/05/technology/05wireless.html?ex=1299214800&en=de40126b08550e0a&ei=5090&partner=rssuserland&emc=rss
What do you think about this and are you securing you're wireless connections or are you using the one from the neighbors?