Redmond Magazine did a good interview with Stephen Toulouse, the guy who runs the Microsoft Security Response Center (MSRC). As most of you know the MSRC is the central point of control and coordination that Microsoft uses for identifying, managing, and responding to security issues across the entire spectrum of products. In the interview Steve describes the history of the MSRC, how their response has improved through some of the major security events of the last 5 years, and some of the factors around their toughest decisions such as whether or not to release an emergency patch out of band. Among other things, you will learn that Steve knows exactly how long it takes to get from his house to the Microsoft campus at 3am...
Other related resources include:
Finally, this month's security bulletins are especially critical:
Over on the Routing and Remote Access Blog, they list some of the RRAS features coming in Vista and Longhorn including routing compartments, NAP enforcement for VPN clients, IPv6, AES encryption algorithm, and some improved usability features.
One of my current projects is an architecture for an advanced technology demonstration lab. Basically a sandbox environment where the customer is going to test upcoming Microsoft and other vendor's products. The goal is to provide remote access to the lab environment so testers and pilot users can access the services. To this end, we're going to be using ISA Server 2006 to publish Exchange (OWA, ActiveSync Direct Push), SharePoint, and Terminal Services. In putting together my documentation I've collected some good links to share:
Publishing OWA and RPC/HTTP with ISA 2006
Publish Terminal Server
(www.isaserver.org is THE site for all things ISA)
Exchange 2003 Direct Push
Authentication in ISA 2006
Dowloads available for XP SP2, Server 2003 SP1 both x86 and x64.
Here's a link to a post on the IE team's blog about RC1 installation changes.