The Sean Blog
Daylight Savings Time
Microsoft Operations Framework
Microsoft Security Essentials
Network Access Protection
Office Communication Server
Project Server 2010
System Center Essentials
Virtual Machine Manager
Windows Home Server
Windows Live Writer
Windows Server 2008
Browse by Tags
The Sean Blog
Tagged Content List
Phishing and Modern Browsers
I got a rather official-looking phishing e-mail this evening, asking me to verify my Bank of America sitekey. As I do not bank with BOA, this set off some alarm bells. I always make sure to report phishing sites through the handy “Report unsafe website” feature of Internet Explorer 9 , so...
12 Jun 2011
Updating passwords on SharePoint 2010
Today’s entry in the “Sean’s simple question about why a KB article had not been updated leads to a lot of research and learning” post is courtesy of managed accounts and password changes with SharePoint 2010. History With SharePoint 2007, instructions on changing service accounts and passwords could...
25 Jan 2011
Online Safety Resources
With school back in session soon (if not already), The Trustworthy Computing team has released a number of useful family safety resources and brochures that would be useful to hand out at a PTA Meeting. You can also use them as supplemental materials to run your own online safety event for your school...
2 Sep 2010
Securing SharePoint and Project Server 2010
A year ago, I showed how to lock down SharePoint 2007 using the Security Configuration Wizard that was introduced with Windows Server 2003. The last post includes information on how the tool works, but as the Microsoft SharePoint 2010 Administration Toolkit was just released (which includes...
23 Jul 2010
Microsoft Security Essentials Beta
Just saw this over on the Windows Team Blog ... it looks like the Microsoft Security Essentials team is keeping busy, the first release is already very awesome, and now we have a beta available for the next version . New features in the beta of Microsoft Security Essentials include: Windows Firewall...
20 Jul 2010
IT Infrastructure Threat Modeling Guide Released
The Solution Accelerators team is at it again, releasing the IT Infrastructure Threat Modeling Guide , which provides an easy-to-understand method for developing threat models that can help prioritize investments in IT infrastructure security. This guide describes and considers the extensive methodology...
23 Jun 2009
SharePoint Lockdown – The Easy Way
If you have been tasked with securing SharePoint, there are a lot of considerations to take into account. How do users authenticate? Does part of your farm live in an extranet or DMZ? How do you secure user-to-server communications? How do you secure server-to-server communications? ...
14 May 2009
Meet the Sundancers
On Friday, I blogged about “ Project Sundance ”, which is an upcoming release from the Solution Accelerators team that combines the Vista/XP/2003/2008/Office security guides with the Configuration Manager Desired Configuration Management (DCM) packs for security, along with the GPOAccelerator tool into...
15 Dec 2008
Project Sundance – Managing Your Baseline
If you are in charge of maintaining the security baseline at your company, you know that there are two key problems you face. First of all, there are a LOT of security settings to tweak within Windows. The services you harden and lock down on a Domain Controller are very different from those...
11 Dec 2008
On a nuclear submarine, it takes two keys to initiate the launch of a nuclear missile (if movies like Hunt for the Red October are to be believed). At Microsoft, it looks like we use THREE cards to allow access to our Public Key Infrastructure. Microsoft IT created security worlds with administrative...
3 Oct 2008
In my Inbox today from (ISC)2 : Congratulations! It gives me great pleasure to be the first to address you with the Certified Information Systems Security Professional (CISSP®) designation! Based upon your examination results, a review of your application and acceptance of your endorsement, the (ISC...
3 Oct 2008
Threats and Countermeasures Guide updated for Windows Vista
It looks like the Threats and Countermeasures guide has been updated for Windows Vista. This guide is a reference to security settings that provide countermeasures for specific threats against current versions of the Windows® operating systems. This guide is a companion for two other publications that...
3 Oct 2008
Should I go there?
Below are screenshots from IE8, Safari, and Firefox 3 when visiting a phishing website that hit my email this morning. (Firefox didn't yet have the bad URL in their blacklist, so I waited until they did to take a screenshot). Does your web browser pass the "keep my grandma safe" test? Internet Explorer...
15 Sep 2008
Security within Microsoft's own IT department
In case you are curious what it is like to be in charge of Security for IT at Microsoft, you get to deal with an environment where there are: Approximately 100,000 intrusion attempts each month. Approximately 1 million infected or malicious e-mail messages received each month. Over 5,000 PCs rebuilt...
19 May 2008
Microsoft Baseline Security Analyzer update released. Now with 64-bits!
I see over on Matt's blog that MBSA 2.1 has been released, with the following new features: Windows Vista and Windows Server 2008 compatibility New revised user interface 64-bit support Improved Windows Embedded support Compatibility with Microsoft Update, Windows Server Update Services 2.0 and 3.0,...
15 May 2008
Why can I not compress AND encrypt a folder in Windows?
Just a random bit of knowledge to share here :) If you open the Advanced Attributes of a folder (right-click on it, choose properties, then click Advanced...), you have the option at the bottom of the window to either compress the contents to save disk space, or encrypt the contents to secure data. Judging...
15 May 2008
I did it! (also known as the June TechNet Magazine)
One of the best parts of working at Microsoft is the amazing discussions and debates that take place on our internal Discussion Lists. A few months ago, the greatest security minds at Microsoft were undergoing a hot and heavy debate on Security by Obscurity . Does it make sense to rename the Administrator...
13 May 2008
Active Directory Security Best Practices
Because why wouldn't you? Best Practice Guide for Securing Windows Server Active Directory Installations Best Practice Guide for Securing Active Directory Installations and Day-to-Day Operations: Part 1 Best Practice Guide for Securing Active Directory Installations and Day-to-Day Operations: Part 2...
20 Apr 2008
Windows Server 2008 Security Guide Released
Not sure how I missed this, but the Windows Server 2008 Security Guide has been released! It is available online here , and for download here . As an IT professional focused on security, you know firsthand how essential your servers are to keeping your organization up and running. It’s your job to stand...
12 Mar 2008
The First Step on the Road to More Secure Software is admitting you have a Problem
GREAT post by Michael Howard over on the SDL blog about the hyperbole that usually crops up on <cough>/.</cough> whenever Jeff Jones posts his vulnerability analysis report. "This is FUD" "Yeah, but it's not an apples to apples comparison" "How can you believe this guy? He works for Microsoft...
24 Feb 2008
Security Best Practices
By no means a comprehensive list, today's Best Practices are brought to you by the letter " security ". TechNet Security Home Assess Your Environment •The Security Risk Management Discipline module •The Assessing Network Security book •The SANS Security Policy Project Protect Your Network •The Deploying...
15 Jan 2008
Books, books, and more books
With the upcoming Windows Server 2008 release, there are a TON of cool books coming out from MSPress. You can always check out the list here ( http://www.microsoft.com/mspress/hop/ ), but the books that will be lining my bookshelf upon release are: MCITP Self-Paced Training Kit (Exam 70-237): Designing...
10 Jan 2008
Windows Server 2008 - Fine Grained Password Policy Walkthrough
Back in March, I wrote about one of the important new features in Windows Server 2008, the Fine-grained password policy (also a great post for learning more about passwords in general). In any case, there has been an increase in available documentation and tools relating to FGPP (I don't know if...
6 Oct 2007
Fingerprints as authentication
Authentication is an interesting component of network security. In order to be granted (or denied) access to a resource, a user must be uniquely identified. In other words, a user must be able to prove that they are who they say they are. This is critical in a business (and elsewhere) so that (amongst...
8 Sep 2007
Layers (Defense in Depth Part 1)
If you have spent any time working with Network security, you are familiar with the concept of Defense in Depth . In a nutshell, there is NO SILVER BULLET when it comes to network or computer security. Network security is a process, and one where the threats and countermeasures are constantly evolving...
1 Aug 2007
Page 1 of 2 (36 items)
© 2013 Microsoft Corporation.
Privacy & Cookies