You may recall that I shared the results of the previous Security Newsletter Survey - here's the latest version. In case you're not familiar with the survey it comprises feedback and charts from the readers of the Microsoft Ltd (UK) Security Newsletter - I think both the charts and verbatim comments...

Be it a desktop, laptop or netbook many people I've asked this question to answer "my home one" - if that's the case for you I'd love to hear the reason why.  If you're old enough to do so please cast your mind back to your work PC circa 1995 - the vast majority of personal computers back then were desktop...

Thanks to those of you who completed August's Security Newsletter Survey and to Phil Cross for sharing the results which are as follows: Survey: (Aug 08) Security Newsletter Survey Client: Microsoft UK Date ranges: All dates ((Aug 08) Security Newsletter Survey) ...

There’s a really good (free) TechNet webcast coming up on the 17th September which will be a great resource for those of you who’d like to learn how to take advantage of Public Key Infrastructure (PKI) in your organisation. The full details of the event are as follows “To register simply click on this...

Kai Axford has posted a series of short video interviews with representatives of the FBI – they are well worth a look – particularly if you are based in the United States as they include advice regarding whom to report breaches to. Check out The Security Show – the link is to a tag hence future episodes...

I’m delighted that so many of you took the time to vote for this blog in the “Security blog” category. Congratulations to Guy Bunker who’s View from the Bunker blog beat this one into second place. Personally the best thing to come from the competition is to find some additional interesting security...

Credit to Ed Bott from ZDNet who interviewed Alexander Sotirov to get his perspective on the stories that have circulated in the press following the talk he gave with Mark Dowd at the recent BlackHat Securit conference. The talk was titled "How to Impress Girls with Browser Memory Protection Bypasses...

I was recently asked this very question and I responded with "Windows Server 2008/2003/2000 and Windows Vista/XP" provide excellent built-in Virtual Private Networking features that are standards compliant and assuming they are correctly configured can be highly secure too. There's no additional license...

I still come across Oracle enthusiasts who mistakenly believe that Oracle’s database suite is more secure than Microsoft’s SQL database suite – this is nonesense as I shall explain. The point to this post is not to gloat – it’s simply to set the record straight. Microsoft SQL Server’s suite of products...

You can read the full details here - it's free, technical and should be fun too - just add a comment to their post if you're coming along The agenda is as follows: 6pm - 6.30pm: Arrive and introductions 6.30pm - 7:30pm: Building RIA Apps 7.30pm - 8:15: Break, Pizza and drinks 8:15pm - 9:15: Security...

I enjoyed reading the Hacking Coffee Makers post on Security Focus . Thanks to Barry Dorrans for sharing it with me via Twitter Thanks to Faye Yu for the image (which isn't related to the story - it's just a nice looking coffee machine) - she's reserved some rights as explained here It reminded...

My Grandmother was wise. She asked me the question back on 25th December 1984. "What does it do?" After lunch on Christmas day like many other twelve year olds I was keen to share my excitement of the amazing things I could do with my computer. My poor old Grandmother patiently sat through a twenty...

There's a great new white paper detailing how Microsoft Manage Physical Security across our enourmous estate. Our enterprise comprises 670 sites with 150,000 active holders of access cards and 20 million physical security events each month. Our physical security arrangements enable our people to work...

Information leaks from most organisations to some extent or another. One way it does so is by employees (perhaps who are about to leave) taking it out of the door on the removable storage device of their choice. Access controls can be used to segment access to reduce who is able to gain access but...

It was great to see so many enthusiastic people @ today's HeroesHappenHere Launch tour event in Cardiff. We received great questions and I was really amused by the wonderful spoof film titles the audience came up with for the IT Pros Film Club! I have posted the slides I presented on my Skydrive...

Chris Dalby kindly streamed my session from the Microsoft UK's Heroes Happen Here Launch event . If you'd like to watch the recording then simply browse to YellowPark TV and you'll see it listed on the right hand side. There are some other excellent recordings up there and Chris informed me that there...

My focus today is to write most of the content for my sessions on our upcoming TechNet Server Launch tour which is visiting cinemas in five cities across the UK in April and May. I'm co-presenting a session with Viral titled "How to overcome the challenges of small offices and branch offices" and can...

Over the last week I've two people who are suffering pain due to corporate laptop builds that have been "secured" - meaning that an untold number of access controls have been changed and parts of the operating system have been removed to "enhance the security" of the system. A complete nightmare. The...

There's a great article on MSDN titled simply Network Access Protection which explains how you can integrate your application with Microsoft's Network Access Protection(NAP). Why would you want to do this? Well NAP is a core networking feature of Windows Server 2008, Windows Vista and Windows XP Service...

Follow this link for a list of Microsoft's partners who have integrated Network Access Protection into their products. The list is pages long - many many prominent partners.

The TechNet Virtual lab demonstrating Network Access Protection using IPSec enforcement is a great way to find out for yourself how this exciting security technology works. Bear in mind that IPSec is the most complex scenario for NAP. The lab shows you each step. Don't be shy - give it a whirl. ...

The Step-by-Step Guide: Demonstrate NAP IPSec Enforcement in a Test Lab explains exactly how to set NAP up in a lab to measure compliance (and optionally restrict network access) of clients accessing the network using IPSec to identify themselves. This is my favourite way to secure network access as...

The Step-by-Step Guide: Demonstrate NAP 802.1X Enforcement in a Test Lab explains exactly how to set NAP up in a lab to measure compliance (and optionally restrict network access) of clients accessing the network by network switches capable of port based authentication including many enterprise wireless...

The Step-by-Step Guide: Demonstrate NAP VPN Enforcement in a Test Lab explains exactly how to set NAP up in a lab to measure compliance (and optionally restrict network access) of Virtual Private Network (VPN) clients. If you haven't come across Network Access Protection then I recommend reading my...

The Step-by-Step Guide: Demonstrate NAP DHCP Enforcement in a Test Lab explains exactly how to set NAP up in a lab to measure compliance (and optionally restrict network access) of DHCP clients. It's well worth a look. If you haven't come across Network Access Protection then I recommend reading my...