See all products »
Curah! curation service
Microsoft Tech Companion App
Microsoft Technical Communities
Microsoft Virtual Academy
Server and Tools Blogs
TechNet Flash Newsletter
Cloud and Datacenter
Windows Server 2012 R2
System Center 2012 R2
Microsoft SQL Server 2012 SP1
Windows 8.1 Enterprise
See all trials »
Microsoft Download Center
TechNet Evaluation Center
Microsoft Virtual Academy
Free Windows Server 2012 courses
Free Windows 8 courses
SQL Server training
MCSA: Windows 8
Windows Server Certification (MCSE)
Private Cloud Certification (MCSE)
SQL Server Certification (MCSE)
Second shot for certification
Born To Learn blog
Find technical communities in your area
For small and midsize businesses
For IT professionals
For technical support
For home users
Microsoft Premier Online
Microsoft Fix It Center
Security Bulletins & Advisories
International support solutions
Log a support ticket
Not an IT pro?
Microsoft Customer Support
Microsoft Community Forums
The Sean Blog
Data Protection Manager 2010
Daylight Savings Time
Microsoft Operations Framework
Microsoft Security Essentials
Network Access Protection
Office Communication Server
Project Server 2010
System Center Essentials
Virtual Machine Manager
Windows Home Server
Windows Live Writer
Windows Server 2008
Browse by Tags
The Sean Blog
Immutable Laws of Security
http://encarta.msn.com/dictionary_1861620314/immutable.html im·mu·ta·ble [ i mytəb'l ] adjective Definition: unchanging or unchangeable: not changing or not able to be changed I intent to write some security relating postings in the near future on my blog, and before I do so, it is critical that you...
26 Mar 2007
Computer Forensics according to Microsoft
As an IT Professional, have you ever been tasked with setting up a new process or technology at your company? Didn't have a clue where to start? Sure... you may have read a book on the topic a year ago, and have a general idea as to how it works, but unless you have already been involved in a setup or...
4 Mar 2007
Security within Microsoft's own IT department
In case you are curious what it is like to be in charge of Security for IT at Microsoft, you get to deal with an environment where there are: Approximately 100,000 intrusion attempts each month. Approximately 1 million infected or malicious e-mail messages received each month. Over 5,000 PCs rebuilt...
19 May 2008
Microsoft Security Essentials Beta
Just saw this over on the Windows Team Blog ... it looks like the Microsoft Security Essentials team is keeping busy, the first release is already very awesome, and now we have a beta available for the next version . New features in the beta of Microsoft Security Essentials include: Windows Firewall...
20 Jul 2010
Securing SharePoint and Project Server 2010
A year ago, I showed how to lock down SharePoint 2007 using the Security Configuration Wizard that was introduced with Windows Server 2003. The last post includes information on how the tool works, but as the Microsoft SharePoint 2010 Administration Toolkit was just released (which includes...
23 Jul 2010
Data Encryption Toolkit for Mobile PCs
If you work in an organization that utilizes laptops, and has data that you do not want to fall into the wrong hands (be they competitors or foreign agents), you will want to take a look at the new laptop Data Encryption Guide released by the TechNet Solution Accelerators Team . Data Encryption Toolkit...
5 Apr 2007
SharePoint Lockdown – The Easy Way
If you have been tasked with securing SharePoint, there are a lot of considerations to take into account. How do users authenticate? Does part of your farm live in an extranet or DMZ? How do you secure user-to-server communications? How do you secure server-to-server communications? ...
14 May 2009
On a nuclear submarine, it takes two keys to initiate the launch of a nuclear missile (if movies like Hunt for the Red October are to be believed). At Microsoft, it looks like we use THREE cards to allow access to our Public Key Infrastructure. Microsoft IT created security worlds with administrative...
4 Oct 2008
Threats and Countermeasures Guide updated for Windows Vista
It looks like the Threats and Countermeasures guide has been updated for Windows Vista. This guide is a reference to security settings that provide countermeasures for specific threats against current versions of the Windows® operating systems. This guide is a companion for two other publications that...
4 Oct 2008
Fingerprints as authentication
Authentication is an interesting component of network security. In order to be granted (or denied) access to a resource, a user must be uniquely identified. In other words, a user must be able to prove that they are who they say they are. This is critical in a business (and elsewhere) so that (amongst...
9 Sep 2007
Security Best Practices
By no means a comprehensive list, today's Best Practices are brought to you by the letter " security ". TechNet Security Home Assess Your Environment •The Security Risk Management Discipline module •The Assessing Network Security book •The SANS Security Policy Project Protect Your Network •The Deploying...
16 Jan 2008
Phishing and Modern Browsers
I got a rather official-looking phishing e-mail this evening, asking me to verify my Bank of America sitekey. As I do not bank with BOA, this set off some alarm bells. I always make sure to report phishing sites through the handy “Report unsafe website” feature of Internet Explorer 9 , so...
13 Jun 2011
Windows Vista - Critical vulnerabilities on release
The very first day of release, and Windows Vista already had 3 critical vulnerabilities. The outrage! The horror! Oh. Wait... that wasn't Vista with 3 critical vulnerabilities on the first day of release... it's RHEL 5. Nothing to see here. Move along now. (I'm going to guess that this story will not...
21 Mar 2007
Action Required: Turn off RPC management of DNS on all DCs. Do it now.
If you administer a Windows domain, or a domain with Windows DNS/DC Servers, you will want to take care of this problem before you leave for the weekend. According to the advisory here , Microsoft has received public reports of a limited attack exploiting a vulnerability in the Domain Name System (DNS...
13 Apr 2007
Online Safety Resources
With school back in session soon (if not already), The Trustworthy Computing team has released a number of useful family safety resources and brochures that would be useful to hand out at a PTA Meeting. You can also use them as supplemental materials to run your own online safety event for your school...
2 Sep 2010
IT Infrastructure Threat Modeling Guide Released
The Solution Accelerators team is at it again, releasing the IT Infrastructure Threat Modeling Guide , which provides an easy-to-understand method for developing threat models that can help prioritize investments in IT infrastructure security. This guide describes and considers the extensive methodology...
23 Jun 2009
Windows Server 2008 Security Guide Released
Not sure how I missed this, but the Windows Server 2008 Security Guide has been released! It is available online here , and for download here . As an IT professional focused on security, you know firsthand how essential your servers are to keeping your organization up and running. It’s your job to stand...
12 Mar 2008
Updating passwords on SharePoint 2010
Today’s entry in the “Sean’s simple question about why a KB article had not been updated leads to a lot of research and learning” post is courtesy of managed accounts and password changes with SharePoint 2010. History With SharePoint 2007, instructions on changing service accounts and passwords could...
25 Jan 2011
New Blog: Microsoft Forefront Server Security
It looks like the Microsoft Forefront Server Security team has a new blog up: Hello all and welcome to the new blog for the Microsoft Forefront Server Security products. Many of you may be familiar with and/or running our products under one of our previous handles. Whether you are a long time Sybari...
25 Apr 2007
Layers (Defense in Depth Part 1)
If you have spent any time working with Network security, you are familiar with the concept of Defense in Depth . In a nutshell, there is NO SILVER BULLET when it comes to network or computer security. Network security is a process, and one where the threats and countermeasures are constantly evolving...
1 Aug 2007
I did it! (also known as the June TechNet Magazine)
One of the best parts of working at Microsoft is the amazing discussions and debates that take place on our internal Discussion Lists. A few months ago, the greatest security minds at Microsoft were undergoing a hot and heavy debate on Security by Obscurity . Does it make sense to rename the Administrator...
13 May 2008
Opening the Kimono (Ways to annoy your pentester)
How often do you laugh so hard that Coke comes out your nose while reading a Security blog? The following post just did that for me, and I wanted to share. If you have ever been involved in a pentest , you can identify... http://layer8.itsecuritygeek.com/index/layer8/comments/ways-to-annoy-your-pentester...
17 Mar 2007
In my Inbox today from (ISC)2 : Congratulations! It gives me great pleasure to be the first to address you with the Certified Information Systems Security Professional (CISSP®) designation! Based upon your examination results, a review of your application and acceptance of your endorsement, the (ISC...
4 Oct 2008
Should I go there?
Below are screenshots from IE8, Safari, and Firefox 3 when visiting a phishing website that hit my email this morning. (Firefox didn't yet have the bad URL in their blacklist, so I waited until they did to take a screenshot). Does your web browser pass the "keep my grandma safe" test? Internet Explorer...
15 Sep 2008
Why can I not compress AND encrypt a folder in Windows?
Just a random bit of knowledge to share here :) If you open the Advanced Attributes of a folder (right-click on it, choose properties, then click Advanced...), you have the option at the bottom of the window to either compress the contents to save disk space, or encrypt the contents to secure data. Judging...
15 May 2008
© 2014 Microsoft Corporation.
Privacy & Cookies