See all products »
Curah! curation service
Microsoft Tech Companion App
Microsoft Technical Communities
Microsoft Virtual Academy
Server and Tools Blogs
TechNet Flash Newsletter
Cloud and Datacenter
Windows Server 2012 R2
System Center 2012 R2
Microsoft SQL Server 2012 SP1
Windows 8.1 Enterprise
See all trials »
Microsoft Download Center
TechNet Evaluation Center
Microsoft Virtual Academy
Free Windows Server 2012 courses
Free Windows 8 courses
SQL Server training
MCSA: Windows 8
Windows Server Certification (MCSE)
Private Cloud Certification (MCSE)
SQL Server Certification (MCSE)
Second shot for certification
Born To Learn blog
Find technical communities in your area
For small and midsize businesses
For IT professionals
For technical support
For home users
Microsoft Premier Online
Microsoft Fix It Center
Security Bulletins & Advisories
International support solutions
Log a support ticket
Not an IT pro?
Microsoft Customer Support
Microsoft Community Forums
Steve Lamb's Blog
Development / coding
High Performance Computing
How to Articles
Integration / LINUX
JourneyThrough: Network Access Protection
Microsoft Office Sharepoint Server (MOSS) 2007
Nothing to do with Security whatsoever
SQL Server Business Intelligence
SQL Server Reporting Services
System Center & Management in general
TechNet Conversations podcasts
Viral Content Delivery
Windows 7 / Win7
Windows Phone 7
Windows Server 2008
Browse by Tags
Steve Lamb's Blog
Security Theatre - enter the Biometric authenticated USB memory stick
I was in a meeting earlier today where my machine was connected to the projector and someone wanted me to display their presentation for them. In normal circumstances I'd expect to be passed a USB memory stick ("thumb drive") containing the PPT which I'd copy to my local disk and display as requested...
29 Sep 2006
Become a Security Insider! Join the most exciting security community in the World!
I'm the lead Technical Security Advisor for Microsoft's ITPro community in the UK. My role involves evangelising the our security technologies(most of which are built into Windows) to help ITPros deliver real world business benefits - reducing costs by enabling businesses to do more with less risk. Every...
17 Jan 2005
Thanks to everyone who joined us at the Technical Roadshow
Hundreds of you joined the TechNet team at our first roadshow of the year in Edinburgh earlier this week. I thoroughly enjoyed our discussions and look forward to meeting more of you at the next session which takes place in Birmingham on 24th and 25th May. Full details of the Roadshow can be found...
15 Apr 2005
How to get hold of Windows Vista Beta 1(code name Longhorn)
As of just a few moments ago there is content on the Windows Vista site which announces the limited availability of Beta 1. The software itself is being released to a limited number of official beta testers and hence you can't browse there and start pulling down a version to play with yourself - unless...
27 Jul 2005
The Windows Security Resource Kit Second Edition is available
Credit where it's due, John Howard's post about the Windows Server 2003 Resource Kit inspired me to make this one. The brand new "Microsoft Windows Security Resource Kit Second Edition" has just been released. It's a really good book. I was sad enough to carry it with me(and read much of it!) on a...
21 Apr 2005
I keep seeing phrases like "secure firewall friendly connection" on products - what does it really mean?
Like many of you I keep seeing and hearing statements like "secure firewall friendly connection" on numerous products. Just think about what this really means - the firewall has little chance of doing anything useful as traffic is being tunnelled through in encrypted form. This is not necessarily...
24 May 2007
IIS 7 will have even better security than IIS 6 due to it's enhanced modular architecture
IIS 6 (Windows Server 2003's web server) has a good security track record as it was developed under Microsoft's Trustworthy Computing initiative. I dare say I'm courting fate by writing about it! Unlike it's predecessor there haven't been any high priority vulnerabilities and there have been very few...
24 May 2007
The Microsoft Network Access Protection (NAP) Team have a blog at last
Thanks to Jeffrey Centex for posting about the NAP team's blog . There are some interesting posts discussing Network Access Protection (NAP) including comment from the RSA Security show.
9 May 2006
How to deal with risk?
Following on from my Effective Security Means Doing More with Less Risk post we need to consider how to deal with risk. The options are quite simple. Ignore it and hope the bad thing won't happen. Accept it as being manageable. Take steps to mitigate it thereby reducing the risk to a manageable level...
27 Mar 2007
How to dramatically reduce your system's Attack Surface - Use Security Configuration Wizard
SCW is an abbreviation for Security Configuration Wizard which is a means of turning off the features of Windows Server that aren't required by YOUR applications. SCW takes the guess work out of which services you can turn off, which network ports can be disabled, how much backward compatibility can...
31 Jan 2006
Join us tomorrow (Tues 18th Oct) to find out all about Privacy and Dispell some Myths
I'm presentating two sessions from TechEd (written by Steve Riley, Jesper Johansson and Byron Hynes) tomorrow night (Tuesday 18th October) in our office on Thames Valley Park near Reading - the event's free to attend. If you'd like to join us then browse here to book your place . The details are listed...
17 Oct 2005
News from the consumer awareness campaign - GetSafeOnline
We've been evangelising to the good people of Birmingham today - local radio, the main library, the BullRing shopping centre, the University and the Town Hall. We met the Major and showed in the demonstrations and material we're using around the City. It's been a very busy day but a great deal of...
2 Nov 2005
Free money from Microsoft - I don't think so - Ignore emails claiming to be from the Microsoft Award team
Several people have forwarded me email messages like the following which is bogus - if you receive something similar then disregard it. We don't have a "Ken Gate", nor do we send emails from "yahoo.co.uk" addresses either. From: "KEN GATE" < firstname.lastname@example.org >...
7 Nov 2007
Presentation covering Windows Security Internals
The team @ Skilldrive http://www.skilldrive.com have put together a really interesting presentation which is targetted at developers but I think it works well for IT Professionals too. If you'd like to understand how the logon process works, how Windows handles encryption and authentication & storing...
9 May 2005
How to fix the problem of: Since enabling WPA my wireless client can't connect
I recently helped a friend of mine to implement Wireless Protected Access (WPA) at his home. I made the classic mistake of telling him that it would only take a couple of minutes to set up. Enabling WPA on his wireless router was really easy - particularly so as he as the same device as I use at home...
2 Sep 2005
Teaching Security to Developers
Thanks to everyone @ VBUG Birmingham last night for making me so welcome. I was greated with lots of Halloooween pumpkins - one of which was carved with a semi-colon in it rather than a face - a C# joke apparently! I delved into how Malware gets onto machines, how it works and how to avoid it....
1 Nov 2005
I'm looking forward to debating LINUX and OpenSource Security with the community at LUGRadio this weekend
If you're into Open Source and or LINUX and plan to be in the UK this weekend perhaps you'd enjoy LURadio Live 2006 . There's sure to be plenty of lively debate and if last year's event is anything to go by there are likely to be in excess of six hundred delegates. It's a "no suits" tough talking techie...
18 Jul 2006
Have you ever sent a txt that you've later regretted? Be careful if your brand new phone can post pictures to your blog
A friend of mine has just purchased a brand new mobile phone which includes the facility to post images to his blog. In principle this seems like a really useful feature for those who what are into blogging. As blogging becomes mainstream then removing the technical barriers through such developments...
18 Sep 2006
Information is NOT Power. Effective Security enables Powerful decisions
Information is NOT Power. Timely access to accurate information can give the holder the ability to make powerful decisions. Effective Information Technology can enable the required flow of information. Inappropriate Information Security Policues, Processes, application of controls and lack of awareness...
29 Apr 2006
Are ITPROs in the UK familiar with the Term "BlackHat"?
I'm sure you're probably familiar with the term ITPro but just incase you're not then it means people who are paid for Technical work on Information systems. Is the term "BlackHat" familiar to ITPros in the UK? Please hit the "Feedback" button for this post and let me know what you think. Thanks Steve
28 Feb 2005
Update re. how to deal with Phishing on OSX
Following my recent post , James has referred me to Mactopia which confirms that IE has indeed been discontinued for OSX . I'm sure this isn't exactly ground breaking news to Mac officionados. If any of you are reading this then I'd love to hear how you deal with Phishing on Safari - several Mac users...
29 Apr 2006
Add security requirements to your functional spec and acceptance testing as the result will be more secure code and less risk
Matthew Fisher has written written an interesting article for the Industry Insider's blog which is hosted on TechNet. We're getting quite a few submissions from people like Matt who have best practise advise for you based on their practical experience. If you have something you'd like to share then browse...
20 May 2005
Ever wondered why SSL works for some sites and not others? Welcome to the Microsoft Root Certification Programme!
If you're not a crypto geek then don't be scared - read on! If this makes as much sense as boiling icecream then please let me know and I'll explain it in simpler terms - just hit the "comment" button. When you visit a website via HTTPS you're viewing HTTP content over Secure Socket Layer (SSL). This...
25 Aug 2006
Business Agility drives us to open frontiers whilst remaining secure
Anyone who's worked as an IT Professional is likely to have faced the challenge of the need to open up access to information to third parties including customers, partners and suppliers WHILST maintaining an acceptable level of information security. Your Information Security Policy SHOULD state what...
30 Mar 2006
How to minimise the pain of patching by embracing automation
Dave Sayers has written an article that takes a look at the automated patching mechanisms provided by Microsoft. Browse here to view the article for yourself. Dave looks at MBSA, SMS and WSUS in clear concise terms.
31 Mar 2006
© 2014 Microsoft Corporation.
Privacy & Cookies