The technique of island hopping—penetrating a network through a weak link and then hopping around systems within that network—has been around for years. But it continues to take on new dimensions. In today's security-conscious IT environments, people are often the weakest link, and malicious users are finding ways to use this to their advantage (think phishing and other forms of social engineering). This combination of carbon and silicon can prove fatal to your network.
Managing AutoPlay in Your Network:http://www.microsoft.com/technet/technetmag/issues/2008/01/SecurityWatch/default.aspx
Urs
Windows' built-in security capabilities offer endpoint alternative to NAP/NACMicrosoft’s support of the IP Security (IPSec) standard was enhanced with the release of Windows Vista this year, and interest in the technology will likely grow with the introduction of Windows 2008. For smaller organizations, IPSec could prove to be a cheap alternative to other network access control (NAC) technologies, or a stepping stone to a full implementation of Microsoft's Network Access Protection (NAP) in large enterprises. Either way, it’s time for organizations to take a closer look at IPSec’s capabilities.
http://www.darkreading.com/document.asp?doc_id=141929
Microsoft has filed a patent claim for the Strider HoneyMonkey malware/exploit detection system created by our internal research unit. The claim, currently being reviewed at Peer-to-Patent. The HoneyMonkey system, first discussed in August 2005, is best described as an automated Web patrol that uses multiple Windows computers -- some unpatched and some fully updated -- to streamline the process of finding zero-day Web-based exploits. The entire system consists of a "pipeline of monkey programs" running on VMs (Virtual Machines) with different patch levels in order to detect exploit sites with different capabilities.
http://securitywatch.eweek.com/exploits_and_attacks/microsoft_files_patent_for_honeymonkey_exploit_finder_1.html
Updates are available, but users haven't installed them, says Secunia. One in five applications installed on Windows PCs are missing security patches, a Copenhagen-based vulnerability tracker has reported.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9054502&source=NLT_PM&nlid=8
Forget the Nigerian prince. Phishing scams are moving beyond the misspelled, far-fetched ruses that clog your in-box and beg for your bank codes. In the year to come, security professionals are warning of bank code-stealing exploits that are much slicker and more convincing--hidden in guises as harmless as a banner ad on a reputable Web site or a message from a friend on a social network.
http://www.forbes.com/technology/2007/12/27/phishing-hacking-virus-tech-security-cx_ag_1228phish.html?feed=rss_technology
THE ASSOCIATED PRESS/WASHINGTON - U.S. businesses faced varied threats in 2007 - including cyberattacks in Europe, theft of intellectual property in Asia, natural disasters in Latin America, terrorism on many continents - according to a year-end analysis by the U.S. State Department's Overseas Security Advisory Council.
http://www.mytelus.com/money/news/article.do?pageID=ex_business/home&articleID=2844426
The Security Vulnerability Research & Defense blog’s intent is to provide more information about Microsoft vulnerabilities, mitigations and workarounds, and active attacks.
http://blogs.technet.com/swi/
Nothing’s more critical to the health of your enterprise than a secure network, and Network Policy Server (NPS), new in Windows Server 2008, is an important tool for managing access. It lets you implement organization-wide policies, providing centralized authentication, authorization, and accounting for a variety of network access devices. Joseph Davies discusses the new features of NPS, in particular how Network Access Protection (NAP) helps enforce health requirements for your network.
http://www.microsoft.com/technet/technetmag/issues/2007/12/CableGuy/default.aspx
Bink.nu has an extensive list of new software that Microsoft will be unleashing in the marketplace. See yourself: http://blogs.technet.com/tarpara/archive/2007/12/25/microsoft-s-new-year-is-gonna-bring-a-lot-of-change.aspx
Two interesting blogs found on Microsoft SQL Server 2008 and encription:
SQL Server 2008 Encryption Keyshttp://blogs.technet.com/andrew/archive/2007/12/24/sql-server-2008-encryption-keys.aspx
SQL Server 2008 Transparent Data Encryption and Replicationhttp://blogs.technet.com/andrew/archive/2007/12/21/sql-server-2008-transparent-data-encryption-and-replication.aspx
Yes, I know, another one of these posts... I'm not sure if this will be the last post of this year, but it's definitely a good moment to say thank you to all the readers, customers and colleagues and to wish you all the best! Looking back, this was a special year in many ways and my first year as the Chief Security Advisor for Microsoft Switzerland. In my new role, I have had the opportunity to do many new things, to do things different and also to learn a lot. Again, thank you for the good time!
But, what is the new year bringing? There were a lot of studies about trends for 2008, upcoming and remaining opportunities (no, I didn't say problems) and only future will show us which ones will be the true ones. However, I'm absolutely sure that security is and will be something that should stand top on our list of priorities. Yes, we still have to solve some remaining "old" stuff, but security will also help us to do our business better, to enable new businesses and flexibility in the way we do business.
And from the blog side? As this is the "Microsoft Switzerland Security Team Blog", I will re motivate the members of the team to start to blog themselves. So, I do hope that you see many blogs with different signatures than "Urs". As usual, this is also the moment to requests more feedback and comments from the readers. Statistically, I have learned, that Swiss people do not write comments to blogs, show me that this is not true! And from the readers geo map (ClustrMap), I know that there are not only Swiss readers... ;-) Did you know, that this year, the blog had more than 900'000 hits? Yes that's amazing, you are amazing - the number almost doubled since last year! So lets break the 1M next year (or will that already happen in the remaining year?).
What else?
MERRY CHRISTMAS AND A HAPPY NEW YEAR!All the best wishes to you, your family and your friends.
FRÖHLICHE WEIHNACHTEN UND EIN GUTES NEUES JAHR!Wunderschöne und besinnliche Festtage, alles Gute und "En guete Rutsch!"
Microsoft’s Forefront team has posted a new study conducted for Microsoft by CMG Market Research measuring the perceptions of 1,274 information technology (IT) managers in the U.S. toward 12 security concerns, such as malware, temporary workers, hackers, phishing, and more. The survey found that Spyware is still the #1 security concern (24%) that survey participants didn’t feel was being adequately addressed.
The study measured levels of concern between 2006 and 2007, and found some interesting results:
Spam, government compliance, phishing, and remote access were also down more than 10 percent.
http://blogs.technet.com/forefront/archive/2007/12/18/study-it-pros-more-concerned-about-data-loss-than-spam-malware.aspx
Consumers strongly prefer to buy from companies that have not suffered data leaks, losses or theft, according to a new survey conducted for Check Point Software Technologies Ltd. The Check Point & YouGov survey of over 2100 British consumers highlighted how consumers’ trust of a company and its brand was affected by leakage or theft of personal, confidential data. It also showed how important it is to consumers that companies secure and protect their personal data, such as credit card details, addresses and other sensitive records.
http://www.securitypark.co.uk/security_article260201.html
Security firm Sophos reported that 54% of wireless users interviewed have admitted to using someone else's wireless Internet access. In a report, done by the firm on behalf of The Times, many Wi-Fi users fail to properly secure their wireless connection with passwords and encryption, allowing passers-by and neighbors to steal their connection. The report also notes that many ISPs put a clause on service that wireless customers must encrypt their connections, but the report also notes that it would be very difficult to enforce this mandate.
http://www.wirelessweek.com/News-Survey-Wireless-Users-Steal-Wi-Fi.aspx Well, what would you use to do your illigeal stuff?! ;-)
Interesting... also how that wouldbe handled outside of the US.
A federal judge in Vermont has ruled that prosecutors can't force a criminal defendant accused of having illegal images on his hard drive to divulge his PGP (Pretty Good Privacy) passphrase. U.S. Magistrate Judge Jerome Niedermeier ruled that a man charged with transporting child pornography on his laptop across the Canadian border has a Fifth Amendment right not to turn over the passphrase to prosecutors. The Fifth Amendment protects the right to avoid self-incrimination. Niedermeier tossed out a grand jury's subpoena that directed Sebastien Boucher to provide "any passwords" used with his Alienware laptop. "Compelling Boucher to enter the password forces him to produce evidence that could be used to incriminate him," the judge wrote in an order dated November 29 that went unnoticed until this week. "Producing the password, as if it were a key to a locked container, forces Boucher to produce the contents of his laptop."
http://www.news.com/8301-13578_3-9834495-38.html?part=rss&subj=news&tag=2547-1_3-0-20
Microsoft IT is regularly posting articles as best practices information about how Mirosoft's internal IT is operating their systems and services. I have picked out some interesting and security related posts:
Enabling Information Security through HBI Information ClassificationTechnical Case Study
Disclosure of High Business Impact (HBI) information might cause severe material loss to Microsoft, the information asset owner, or relying parties. By using Microsoft technologies in conjunction with a third-party solution, Microsoft Information Technology (Microsoft IT) designed and implemented a system that automatically identifies and classifies HBI information at risk, and then starts the remediation process.
Non-secure sensitive information is perhaps the greatest business risk facing many companies today. The loss or theft of HBI information is of particular concern. The loss or theft of HBI information may result in security breaches that cause losses in revenue, productivity, reputation, brand value, or even a company’s competitive advantage if the information includes key intellectual property (IP).
At Microsoft, about 100 terabytes of data is spread over 110,000 managed Microsoft® SharePoint® sites and over 30,000 file shares across the company where HBI information may reside. Microsoft must use technology to help prevent unauthorized disclosure—whether inadvertent or malicious—of this information.
This paper describes the approach, design, implementation, and benefits of such a technical solution at Microsoft. The paper also provides suggested best practices so that Microsoft customers can benefit from the lessons that the project team learned. This paper is intended for IT professionals who design and manage compliance systems, in addition to risk managers and compliance auditors.
Information Security at Microsoft OverviewTechnical White Paper
The purpose of this white paper is to share the Microsoft strategy for information security. Microsoft Information Technology (Microsoft IT) provides global IT and information security services for Microsoft. This paper focuses on how the Information Security organization within Microsoft IT helps Microsoft protect its digital assets. The goal of this paper is to offer the experience and perspective of Microsoft IT to Microsoft customers who want to improve security in their own IT environments and protection of digital assets.
Microsoft IT Deployment of System Center Data Protection Manager 2007Technical Case Study
The Microsoft Information Technology (Microsoft IT) deployment of Microsoft® System Center Data Protection Manager 2007 enabled administrators to back up more data in a shorter time frame while offering native support for Microsoft Exchange Server 2007, Microsoft Office SharePoint® Server 2007, and Microsoft SQL Server® 2005 technologies. This approach has shortened recovery times and has enabled a centralized backup approach for multiple server and application platforms.
Microsoft Corporation has operations in more than 80 countries worldwide. As more information is created through the collaborative software suites that Microsoft designs, the operations that support this global infrastructure face increasing demands. Microsoft IT supports this global infrastructure through three major data centers located in the United States, Ireland, and Singapore. These centralized data centers provide services such as document collaboration through Office SharePoint Server, Exchange Server, and numerous applications that SQL Server supports.
This case study describes Microsoft IT's deployment of Data Protection Manager 2007 to address its backup needs. This paper is intended for enterprise decision makers and chief information officers who are considering the deployment of a similar solution in their environments.
Links of ducuments, if hyperlinks in article are not working:http://technet.microsoft.com/en-us/library/bb897856.aspxhttp://technet.microsoft.com/en-us/library/bb671086.aspxhttp://technet.microsoft.com/en-us/library/bb897855.aspx
Does one OS having fewer security patches than another operating system mean that the OS with the fewer patches is the safest OS? You know, I’m not sold on that concept. As we near the first anniversary of the consumer launch of Windows Vista we’ll be seeing pundits all over the media taking a look back at the Vista’s first year. One aspect of Vista that some will undoubtedly be looking at is patches and how many have been issued for Vista (in fact, my blogging colleague Ed Bott’s already done this). Many will interpret the fact that XP has had more patches rated critical and important than Vista as an indication that Vista is safer than XP (in fact, this is the conclusion that Ed himself came to).
http://blogs.zdnet.com/hardware/?p=1036
Barracuda Networks released its annual spam report, which shows between 90 to 95 percent of all e-mail sent in 2007 is spam. This is based on an analysis of more than 1 billion daily e-mail messages sent to its more than 50,000 customers worldwide.
The above figures represent an increase from the estimated 85 to 90 percent of all e-mails being spam in 2006.
http://blogs.techrepublic.com.com/tech-news/?p=1756
Reportable and multiple privacy breaches rising at alarming rate! Personally identifiable information of customers and employees is being exposed – frequently and repeatedly – potentially putting hundreds of thousands of individuals at risk and exposing organizations to increased liability, according to a new survey report by Deloitte & Touche LLP (Deloitte & Touche) and the Ponemon Institute LLC. In the survey, a shocking 85 percent of privacy and security professionals in North America acknowledge that a reportable data breach occurred within their organization in the last year.
More than 800 North American privacy and security professionals responded to the online survey by Deloitte & Touche and the Ponemon Institute LLC, which was conducted to better understand the emerging privacy function. The survey analyzes the roles, activities and time allocation preferences of these professionals, as well as their organizational status and relationships.
Among the survey’s key findings:
http://www.deloitte.com/dtt/article/0%2C1002%2Ccid%25253D182733%2C00.html
Windows Vista Service Pack 1 (Generic Overview and entry point)http://technet2.microsoft.com/WindowsVista/en/library/90a564b9-34af-4a6b-937f-324e1862244b1033.mspx?mfr=true
Some interesting topics out of the hole documentation:
Overview of Windows Vista Service Pack 1When developing Windows Vista, Microsoft set out to provide higher levels of productivity, mobility, and security, with lower costs. After more than six months of broad availability and usage, it’s evident that these investments are improving the Windows computing experience.In addition to regular Windows Vista updates, application compatibility improvements, and device driver improvements, Windows Vista Service Pack 1 (SP1) is another way Microsoft will deliver improvements to the Windows Vista customer experience.The goal of Windows Vista SP1 is to address key feedback Microsoft has received from its customers without regressing application compatibility. Windows Vista SP1 will deliver improvements and enhancements to existing features that significantly impact customers, but it does not deliver substantial new operating system features. For example, the service pack improves the performance of the desktop shell, but it does not provide a new search user interface or a new version of Windows® Media Center.http://technet2.microsoft.com/WindowsVista/en/library/90a564b9-34af-4a6b-937f-324e1862244b1033.mspx?mfr=trueHotfixes and Security Updates included in Windows Vista Service Pack 1Windows Vista Service Pack 1 includes all previously released updates for Windows Vista. Many of these updates are available to the public on the Microsoft Download Center and Windows Update, while others are only available to specific customers or partners. It is standard practice to include all of these updates in a Service Pack and as such they are included in Windows Vista SP1.http://technet2.microsoft.com/WindowsVista/en/library/90a564b9-34af-4a6b-937f-324e1862244b1033.mspx?mfr=true
Notable Changes in Windows Vista Service Pack 1Microsoft continuously improves the Windows Vista Operating System by providing ongoing updates while working with software and hardware vendors to help them to deliver improved compatibility, reliability and performance. These updates are provided to customers directly by our hardware and software partners, as well as from Microsoft in the form of hotfixes distributed on a regular basis using Windows Update. Updates to Windows are also delivered directly to some affected customers and preinstalled by PC manufacturers.http://technet2.microsoft.com/WindowsVista/en/library/90a564b9-34af-4a6b-937f-324e1862244b1033.mspx?mfr=true
Microsoft has released the Microsoft Security Assessment Tool (MSAT) Version 3.5 is released on the Microsoft Download Center. http://www.microsoft.com/downloads/details.aspx?FamilyId=6D79DF9C-C6D1-4E8F-8000-0BE72B430212&displaylang=en.
MSAT is targeted for small to mid-sized companies to help them discover areas of security risk in their IT infrastructure through three assessments with over 240 questions. From the detailed assessment reports, guidance and best practice is provided to help companies prioritize and mitigate identified security risks.
Public information on the tool is available through the Microsoft TechNet Security Center:http://www.microsoft.com/technet/security/tools/msat/default.mspx
The 2007 Microsoft Office suite Service Pack 1 delivers important customer-requested stability and performance improvements, while incorporating further enhancements to user security. This service pack also includes all of the updates released for the 2007 Office suite prior to December of 2007. You can get a more complete description of SP1, including a list of issues that were fixed, in the Microsoft Knowledge Base article 936982: Description of the 2007 Microsoft Office suite Service Pack 1.
Office 2007 SP1 Download:http://www.microsoft.com/downloads/details.aspx?FamilyId=9EC51594-992C-4165-A997-25DA01F388F5&displaylang=en
Those entering online dating forums risk having more than their hearts stolen. A program that can mimic online flirtation and then extract personal information from its unsuspecting conversation partners is making the rounds in Russian chat forums, according to security software firm PC Tools. Robot chatters are just one type of social-engineering attack that uses trickery rather than a software flaw to access victim's valuable information. Such attacks have been on the rise and are predicted to continue to grow.
http://www.news.com/8301-13860_3-9831133-56.html
Separate studies show many users understand rules, but they break them anyway. According to the RSA study, about 35 percent of workers routinely make a conscious decision to break enterprise security policy because they want to expedite their work or increase their own productivity. Such users may choose to export sensitive data to their personal devices or access the company network via a poorly-secured public wireless hotspot, Curry observes. "They're just trying to get their work done -- in their minds, the importance of the work outweighs the security concern," Curry says. "But the compromises that occur as a result can be just as damaging as if they didn't know the policy at all."
http://www.darkreading.com/document.asp?doc_id=141002&WT.svl=news1_2%20
With the FBI's announcement of Operation Bot Roast II detailing the arrests of several bot-herders infecting computer systems on an International basis, it's become apparent that a lot of crime is going on with the click of a mouse. One of the more amazing revelations to come forward from Operation Bot Roast II was that a teenager was described in the media as a "cyber crime kingpin." Most of the people arrested were under 30. This led me to wonder if our young people are getting smarter, or cyber crime is getting a lot easier to commit? With do-it-yourself malicious software packages available for $200, cybercriminals need neither deep pockets nor programming skills to compromise a Web site or steal sensitive financial data from an infected PC. Indeed, Finjan's security research confirms that crimeware toolkits have become cybercriminals' favorite weapon. The new business model is criminal-2-criminal (C2C)--attackers selling malicious code and stolen data to other criminal elements that profit from it.