You may recall that I shared the results of the previous Security Newsletter Survey - here's the latest version. In case you're not familiar with the survey it comprises feedback and charts from the readers of the Microsoft Ltd (UK) Security Newsletter - I think both the charts and verbatim comments...

It's the fourth annual GetSafeOnline campaign week whereby the team will raise the profile of consumer internet safety through a revamped GetSafeOnline website (containing a wealth of commonsense "how to" information) and a range of media activity. It's a great cause as the campaign is not trying to...

Thanks to those of you who completed August's Security Newsletter Survey and to Phil Cross for sharing the results which are as follows: Survey: (Aug 08) Security Newsletter Survey Client: Microsoft UK Date ranges: All dates ((Aug 08) Security Newsletter Survey) ...

There’s a really good (free) TechNet webcast coming up on the 17th September which will be a great resource for those of you who’d like to learn how to take advantage of Public Key Infrastructure (PKI) in your organisation. The full details of the event are as follows “To register simply click on this...

Kai Axford has posted a series of short video interviews with representatives of the FBI – they are well worth a look – particularly if you are based in the United States as they include advice regarding whom to report breaches to. Check out The Security Show – the link is to a tag hence future episodes...

I’m delighted that so many of you took the time to vote for this blog in the “Security blog” category. Congratulations to Guy Bunker who’s View from the Bunker blog beat this one into second place. Personally the best thing to come from the competition is to find some additional interesting security...

Credit to Ed Bott from ZDNet who interviewed Alexander Sotirov to get his perspective on the stories that have circulated in the press following the talk he gave with Mark Dowd at the recent BlackHat Securit conference. The talk was titled "How to Impress Girls with Browser Memory Protection Bypasses...

I was recently asked this very question and I responded with "Windows Server 2008/2003/2000 and Windows Vista/XP" provide excellent built-in Virtual Private Networking features that are standards compliant and assuming they are correctly configured can be highly secure too. There's no additional license...

I still come across Oracle enthusiasts who mistakenly believe that Oracle’s database suite is more secure than Microsoft’s SQL database suite – this is nonesense as I shall explain. The point to this post is not to gloat – it’s simply to set the record straight. Microsoft SQL Server’s suite of products...

You can read the full details here - it's free, technical and should be fun too - just add a comment to their post if you're coming along The agenda is as follows: 6pm - 6.30pm: Arrive and introductions 6.30pm - 7:30pm: Building RIA Apps 7.30pm - 8:15: Break, Pizza and drinks 8:15pm - 9:15: Security...

I enjoyed reading the Hacking Coffee Makers post on Security Focus . Thanks to Barry Dorrans for sharing it with me via Twitter Thanks to Faye Yu for the image (which isn't related to the story - it's just a nice looking coffee machine) - she's reserved some rights as explained here It reminded...

Many of the questions I've been asked recently regarding Bitlocker are covered on the excellent Windows BitLocker Drive Encryption Freuqently Asked Questions . For me the most important thing to consider is how on Earth to deal with the "the dog ate the USB key used to unlock Bitlocker" or "I can...

My Grandmother was wise. She asked me the question back on 25th December 1984. "What does it do?" After lunch on Christmas day like many other twelve year olds I was keen to share my excitement of the amazing things I could do with my computer. My poor old Grandmother patiently sat through a twenty...

There's a great new white paper detailing how Microsoft Manage Physical Security across our enourmous estate. Our enterprise comprises 670 sites with 150,000 active holders of access cards and 20 million physical security events each month. Our physical security arrangements enable our people to work...

Information leaks from most organisations to some extent or another. One way it does so is by employees (perhaps who are about to leave) taking it out of the door on the removable storage device of their choice. Access controls can be used to segment access to reduce who is able to gain access but...

It was great to see so many enthusiastic people @ today's HeroesHappenHere Launch tour event in Cardiff. We received great questions and I was really amused by the wonderful spoof film titles the audience came up with for the IT Pros Film Club! I have posted the slides I presented on my Skydrive...

If a business allows it's users to install whatever software they choose and/or make configuration changes then they run the increased risk of the security of the machine being compromised. I recommend wherever possible businesses should refrain from giving end users administrative rights over the machines...

Chris Dalby kindly streamed my session from the Microsoft UK's Heroes Happen Here Launch event . If you'd like to watch the recording then simply browse to YellowPark TV and you'll see it listed on the right hand side. There are some other excellent recordings up there and Chris informed me that there...

My focus today is to write most of the content for my sessions on our upcoming TechNet Server Launch tour which is visiting cinemas in five cities across the UK in April and May. I'm co-presenting a session with Viral titled "How to overcome the challenges of small offices and branch offices" and can...

Over the last week I've two people who are suffering pain due to corporate laptop builds that have been "secured" - meaning that an untold number of access controls have been changed and parts of the operating system have been removed to "enhance the security" of the system. A complete nightmare. The...

There's a great article on MSDN titled simply Network Access Protection which explains how you can integrate your application with Microsoft's Network Access Protection(NAP). Why would you want to do this? Well NAP is a core networking feature of Windows Server 2008, Windows Vista and Windows XP Service...

In my experience any serious conversation with a medium or large enterprise regarding NAP often quickly turns to "can I use CISCO's NAC with Microsoft's NAP" shortly followed by "how does CISCO's NAC work with Microsoft's NAP?". Having said that both technologies can be used by smaller enterprises too...

Follow this link for a list of Microsoft's partners who have integrated Network Access Protection into their products. The list is pages long - many many prominent partners.

The TechNet Virtual lab demonstrating Network Access Protection using IPSec enforcement is a great way to find out for yourself how this exciting security technology works. Bear in mind that IPSec is the most complex scenario for NAP. The lab shows you each step. Don't be shy - give it a whirl. ...

The Step-by-Step Guide: Demonstrate NAP IPSec Enforcement in a Test Lab explains exactly how to set NAP up in a lab to measure compliance (and optionally restrict network access) of clients accessing the network using IPSec to identify themselves. This is my favourite way to secure network access as...