Browse by Tags

Related Posts
  • Blog Post: Immutable Laws of Security

    http://encarta.msn.com/dictionary_1861620314/immutable.html im·mu·ta·ble [ i mytəb'l ] adjective Definition: unchanging or unchangeable: not changing or not able to be changed I intent to write some security relating postings in the near future on my blog, and before I do so, it is critical that you...
  • Blog Post: Computer Forensics according to Microsoft

    As an IT Professional, have you ever been tasked with setting up a new process or technology at your company? Didn't have a clue where to start? Sure... you may have read a book on the topic a year ago, and have a general idea as to how it works, but unless you have already been involved in a setup or...
  • Blog Post: Security within Microsoft's own IT department

    In case you are curious what it is like to be in charge of Security for IT at Microsoft, you get to deal with an environment where there are: Approximately 100,000 intrusion attempts each month. Approximately 1 million infected or malicious e-mail messages received each month. Over 5,000 PCs rebuilt...
  • Blog Post: Microsoft Security Essentials Beta

    Just saw this over on the Windows Team Blog ... it looks like the Microsoft Security Essentials team is keeping busy, the first release is already very awesome, and now we have a beta available for the next version . New features in the beta of Microsoft Security Essentials include: Windows Firewall...
  • Blog Post: Securing SharePoint and Project Server 2010

    A year ago, I showed how to lock down SharePoint 2007 using the Security Configuration Wizard that was introduced with Windows Server 2003.  The last post includes information on how the tool works, but  as the Microsoft SharePoint 2010 Administration Toolkit was just released (which includes...
  • Blog Post: Data Encryption Toolkit for Mobile PCs

    If you work in an organization that utilizes laptops, and has data that you do not want to fall into the wrong hands (be they competitors or foreign agents), you will want to take a look at the new laptop Data Encryption Guide released by the TechNet Solution Accelerators Team . Data Encryption Toolkit...
  • Blog Post: SharePoint Lockdown – The Easy Way

    If you have been tasked with securing SharePoint, there  are a lot of considerations to take into account.  How do users authenticate? Does part of your farm live in an extranet or DMZ? How do you secure user-to-server communications? How do you secure server-to-server communications? ...
  • Blog Post: Nuclear Controls

    On a nuclear submarine, it takes two keys to initiate the launch of a nuclear missile (if movies like Hunt for the Red October are to be believed).  At Microsoft, it looks like we use THREE cards to allow access to our Public Key Infrastructure. Microsoft IT created security worlds with administrative...
  • Blog Post: Threats and Countermeasures Guide updated for Windows Vista

    It looks like the Threats and Countermeasures guide has been updated for Windows Vista. This guide is a reference to security settings that provide countermeasures for specific threats against current versions of the Windows® operating systems. This guide is a companion for two other publications that...
  • Blog Post: Fingerprints as authentication

    Authentication is an interesting component of network security. In order to be granted (or denied) access to a resource, a user must be uniquely identified. In other words, a user must be able to prove that they are who they say they are. This is critical in a business (and elsewhere) so that (amongst...
  • Blog Post: Security Best Practices

    By no means a comprehensive list, today's Best Practices are brought to you by the letter " security ". TechNet Security Home Assess Your Environment •The Security Risk Management Discipline module •The Assessing Network Security book •The SANS Security Policy Project Protect Your Network •The Deploying...
  • Blog Post: Phishing and Modern Browsers

    I got a rather official-looking phishing e-mail this evening, asking me to verify my Bank of America sitekey.  As I do not bank with BOA, this set off some alarm bells.  I always make sure to report phishing sites through the handy “Report unsafe website” feature of Internet Explorer 9 , so...
  • Blog Post: Windows Vista - Critical vulnerabilities on release

    The very first day of release, and Windows Vista already had 3 critical vulnerabilities. The outrage! The horror! Oh. Wait... that wasn't Vista with 3 critical vulnerabilities on the first day of release... it's RHEL 5. Nothing to see here. Move along now. (I'm going to guess that this story will not...
  • Blog Post: Action Required: Turn off RPC management of DNS on all DCs. Do it now.

    If you administer a Windows domain, or a domain with Windows DNS/DC Servers, you will want to take care of this problem before you leave for the weekend. According to the advisory here , Microsoft has received public reports of a limited attack exploiting a vulnerability in the Domain Name System (DNS...
  • Blog Post: Online Safety Resources

    With school back in session soon (if not already), The Trustworthy Computing team has released a number of useful family safety resources and brochures that would be useful to hand out at a PTA Meeting. You can also use them as supplemental materials to run your own online safety event for your school...
  • Blog Post: IT Infrastructure Threat Modeling Guide Released

    The Solution Accelerators team is at it again, releasing the IT Infrastructure Threat Modeling Guide , which provides an easy-to-understand method for developing threat models that can help prioritize investments in IT infrastructure security. This guide describes and considers the extensive methodology...
  • Blog Post: Windows Server 2008 Security Guide Released

    Not sure how I missed this, but the Windows Server 2008 Security Guide has been released! It is available online here , and for download here . As an IT professional focused on security, you know firsthand how essential your servers are to keeping your organization up and running. It’s your job to stand...
  • Blog Post: Updating passwords on SharePoint 2010

    Today’s entry in the “Sean’s simple question about why a KB article had not been updated leads to a lot of research and learning” post is courtesy of managed accounts and password changes with SharePoint 2010. History With SharePoint 2007, instructions on changing service accounts and passwords could...
  • Blog Post: New Blog: Microsoft Forefront Server Security

    It looks like the Microsoft Forefront Server Security team has a new blog up: Hello all and welcome to the new blog for the Microsoft Forefront Server Security products. Many of you may be familiar with and/or running our products under one of our previous handles. Whether you are a long time Sybari...
  • Blog Post: Layers (Defense in Depth Part 1)

    If you have spent any time working with Network security, you are familiar with the concept of Defense in Depth . In a nutshell, there is NO SILVER BULLET when it comes to network or computer security. Network security is a process, and one where the threats and countermeasures are constantly evolving...
  • Blog Post: I did it! (also known as the June TechNet Magazine)

    One of the best parts of working at Microsoft is the amazing discussions and debates that take place on our internal Discussion Lists. A few months ago, the greatest security minds at Microsoft were undergoing a hot and heavy debate on Security by Obscurity . Does it make sense to rename the Administrator...
  • Blog Post: Opening the Kimono (Ways to annoy your pentester)

    How often do you laugh so hard that Coke comes out your nose while reading a Security blog? The following post just did that for me, and I wanted to share. If you have ever been involved in a pentest , you can identify... http://layer8.itsecuritygeek.com/index/layer8/comments/ways-to-annoy-your-pentester...
  • Blog Post: CISSP® Baby!

    In my Inbox today from (ISC)2 : Congratulations! It gives me great pleasure to be the first to address you with the Certified Information Systems Security Professional (CISSP®) designation! Based upon your examination results, a review of your application and acceptance of your endorsement, the (ISC...
  • Blog Post: Should I go there?

    Below are screenshots from IE8, Safari, and Firefox 3 when visiting a phishing website that hit my email this morning. (Firefox didn't yet have the bad URL in their blacklist, so I waited until they did to take a screenshot). Does your web browser pass the "keep my grandma safe" test? Internet Explorer...
  • Blog Post: Why can I not compress AND encrypt a folder in Windows?

    Just a random bit of knowledge to share here :) If you open the Advanced Attributes of a folder (right-click on it, choose properties, then click Advanced...), you have the option at the bottom of the window to either compress the contents to save disk space, or encrypt the contents to secure data. Judging...