Make it easier for your users to use secure wireless "Hotspots". A new KB tells how.
The Wi-Fi Protected Access 2 (WPA2)/Wireless Provisioning Services Information Element (WPS IE) Update for computers that are running Microsoft Windows XP with Service Pack 2 (SP2) is available. This update enhances the Windows XP wireless client software with support for the new Wi-Fi Alliance certification for wireless security. The update also makes it easier to connect to secure public spaces that are equipped with wireless Internet access. These locations are otherwise knows as "Wi-Fi hotspots."
So this guy goes into the doctor's office and says " Doctor, IPSec..." <sound of phonograph needle dragging across a record> "we interrupt this off-color, potentially UN-PC so-called comedy offering to bring you information on IPsec that is actually valuable"
If you are not evaluating IPSec deployment for your environment, chances are you will be soon. Here are some good resources for you:
Network Isolation Using Group Policy and IPSec (Part 1 of 3): Overview of Internet Protocol Security (Level 300). Wednesday, June 15, 2005 - 9:30 AM - 10:30 AM Pacific Time, presented by John Baker, TechNet Presenter, Microsoft. Data Isolation: How can it make your IT infrastructure safer, and how do you use Group Policies and Internet Protocol security (IPsec) to implement it? This three-part series presents the information and steps needed to implement data isolation using group policies and IPsec within an organization. Part one provides an overview of the nature of Internet Protocol security. Learn how IPsec can help manage the challenges to secure network communication, and the various ways you can implement IPsec to achieve different types of secure communication. Part two continues the discussion with a look at how to use IPsec to create network isolation zones. http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032275731&Culture=en-US
Network Isolation Using Group Policy and IPSec (Part 2 of 3): Understanding Network Isolation Using IPSec (Level 300). Wednesday, June 22, 2005 - 9:00 AM - 10:00 AM Pacific Time. Chris Henley, TechNet Presenter, Microsoft. Building on the overview of IPsec in part one, this webcast shows how to use IPsec to create network isolation zones. Topics include the advantages and limitations of network isolation, where network isolation fits into a defense-in-depth scheme, and how to use group policies and Active Directory groups to restrict access to specific servers. Part three offers guidance on how best to apply these concepts within the context of several network isolation scenarios. http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032275472&Culture=en-US
Using IPSec Policies as a Firewall to Block SASSER Infection
Using IPsec for network protection
IPsec works for us - how 'bout you?
IPsec Security Guidance Now Available!
Isolating Network Resources to Better Protect Against Rogue Machines, Infections and Information Theft
This article from MSNBC has really, really, big implications for the industry, Microsoft, and initiatives like OneCare Live.
<snip> FTC asks ISPs to dump spam 'zombies', Home users should be disconnected until machines fixed
The FTC said it would ask 3,000 Internet providers around the globe to make sure that their customers' computers haven't been hijacked by spammers who want to cover their tracks and pass bandwidth costs on to others.
The FTC also said it plans to identify specific zombie computers and notify their Internet providers.
Law enforcers in 25 other countries, from Bulgaria to Peru, are also participating in the campaign, the FTC said.
You have been warned.
TechNet Webcast: Architecting and Deploying Windows Update Services (Level 300). Tuesday, June 07, 2005 - 8:30 AM-9:30 AM Pacific Time. Preseneted by Corey Hynes, President/Chief Technologist, HynesITe, Inc. Windows Update Services (WSUS) provides extensive improvements over Software Update Services. Attend this webcast, presented from Tech·Ed 2005 in Orlando, Florida, to learn some common and not-so-common deployment scenarios for WSUS, and learn techniques to tackle the toughest update deployment issues…all at no cost to you! http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032274947&Culture=en-US
Thing are getting hairy out there.
You asked, we listened.
IT Pros have long wanted information they can give to users to raise their security IQ/skills. It is here.
It is called the Information Workers Security Handbook, written by The Security Business and Technology Unit (SBTU), with the assistance of the Microsoft Solutions for Security (MSS) team. This document provides plain language background information on how computer networks work and the specific security risks Information Workers they face. It also provides real-world actions your users can take to better secure their computer and help preserve the security of the network as a whole.
The document is available for download at: http://go.microsoft.com/fwlink/?LinkId=38060
Here's the kind of questions it answers for your users:I want to know more about how the Internet works.I want to know how a typical business network works.What security risks are posed by networks?I want to know more about e-mail exploits.I want to know more about remote access threats.What are the costs of security breaches to businesses and individuals?I want to know more about viruses, worms, Trojans and malicious executable programs.How do attackers crack passwords?I want to know more about unwanted e-mail (spam).What is phishing?What is social engineering?How can I protect against viruses and malware?How can I protect against spyware and adware?How can I protect against Web exploits?How can I protect against social engineers and phishers?What should I do to protect my password and log on securely?How can I protect sensitive data?
Such a deal - Pre-order the 6586 page Windows Server 2003 Reskit on Amazon and save US$74 plus free shipping. Cha-ching.
<ironic mode on> Steffen has a blog in German on TechNet. I don't speak German, and online translators I have found are woefully inadequate for technical writing. Interesting tho that his title is "Technologieberater".Online dictionary defs for "Berate" include "to scold; rebuke; censure severely or angrily". Contrast with the oft-found title FOOtechnology "Evangelist", which online sources define as "writer of Christian Gospel; Christian who converts others; and A person doing religious or charitable work in a foreign country."<ironic mode off>
Alex Marin Gasga's blog post tipped me to a handy resource for IT Pros trying to troubleshoot SMS issues. It is a donwload of flowcharts that walk you through common SMS tshooting scenarios and show you stepwise
You can find the tshooter flowcharts here.
Good news: Really useful.
Bad news: PDF format.
You knew about the free computer skills training available through the UP program, right? Help students get on the right path and master the basic skills they will need to become tomorrow's IT Pros. Hook them UP.
Free if you are:
There is free hardware available to some of the above groups too :-) Details here.
A customer recently needed help changing thier Exchange Server installation from one server for database and SMTP to front-end back-end installation architecture. These docs can help walk you through this process:
Configuring Exchange Server 2003 for Client Access - Upgrading Front-End and Back-End Servershttp://www.microsoft.com/technet/prodtechnol/exchange/guides/Ex2k3DepGuide/ee9743f1-0c5c-462f-b322-aa0994ef1f5e.mspx
Deploying the Exchange Server Architecture - Configuring a Front-End Serverhttp://www.microsoft.com/technet/prodtechnol/exchange/guides/Ex2k3DepGuide/d511119d-dad2-4a12-9819-9df64e8696ae.mspx
Using Microsoft Exchange 2000 Front-End Servers (works for 2000 and 2003)http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=AFAD8426-572E-40F8-99DA-EB7198F374C4
Planning an Exchange Server 2003 Messaging Systemhttp://www.microsoft.com/technet/prodtechnol/exchange/2003/library/messsyst.mspx
Exchange Server 2003 Deployment Guidehttp://www.microsoft.com/technet/prodtechnol/exchange/2003/library/depguide.mspx
Check out the beta of Microsoft Update (MU). No, wait, maybe is is Windows Update (WU), whatever they call it - it is a one-stop for all your updates: Windows and Office togther! More products to follow. This is a Good Thing IMO. What do you think? Leave a comment.
Update: Check out this KB Article first to make sure you have not diabled updates.
At MMS2005 we saw a demo of how Microsoft IT is using DPM. The economics pencil out as possibly of interest to larger Midmarket IT - seems likely if you have 5+ servers you will want DPM. Check out tomorrow's (level 100) webcast from Presenter: Christopher Whyte, Technical Product Manager for the Windows Server division at Microsoft.
Download SP1 of the IEAK 6 in one of 22 languages here.
Read all about IEAK 6 here.
Have feedback? Things you want in the next version of the kit? Leave feedback on this post.
Securing Windows XP Desktops Resource Guide
See also Jeff's excellent Infosec blog, and the MSRC team blog
And the Desktop Deployment Center security patching guide
Don't forget the RSS feed for security bulletins and the new security advisories page
Each month, Microsoft exec Mike Nash holds webcasts that you can view on demand here. Each one includes a nifty security checklist. Since there doesn't seem to be a pick list of just the checklists, here you go (in LIFO order)
Managing Access in the Extended Enterprise: The Checklist
E-mail Security, It’s More Than Filtering: The Checklist
Phishing: Don’t Get Hooked: The Checklist
Keeping an Eye on Spyware: The Checklist
Streamlining Patch Management: The Checklist
Social Engineering, the Human Factor: The Checklist
Information Risk Management: The Checklist
Managing Risk of Malicious Software: The Checklist
You can also hone your security expertise with Microsoft E-Learning Clinics, then test it in a risk-free environment with online Hands-On Labs.
(THE SMALL PRINT: In Internet Explorer on Windows XP SP2, you will have to temporarily allow ActiveX in order to install the ActiveX plug-in for the lab. There is also a one-time setup in which you must choose a username and password to register with the virtuallab site).
Billg is quoted today in this Business Week article on blogging at Microsoft - interesting bits below:
Q: Microsoft employees blog, and sometimes that creates great corporate benefits, but sometimes they air the company's dirty laundry. Speaking as chairman, do the benefits of employee blogging outweigh the risks?A: One of these ones we do is very video-oriented, where a guy just goes around with a cheap digital camera and videos people that are working on Visual Studio [Microsoft's software for developers]. And they put that up as a channel, and that gets incredible viewership.In fact, sometimes I do video interviews, and I'm talking with an outlet that's well less-viewed than the video on the Microsoft Web site. So I'm always saying, "Hey, why doesn't somebody interview me for that channel?" That one is watched many times a day and gets in a search engine.Q: Sounds like something you might be able to work on?A: Yeah, we're working on it. [Laughter.] But I'd say, overwhelmingly, blogging has been good. It does raise lots of issues. You used to have these spokespeople, and you could call them together in a room and say, "Make sure you don't give out the earnings before we're supposed to" and, "Don't tell everybody's salaries," or whatever it is that you wanted them to understand.Well, now you have thousands of spokespeople, where speaking off the cuff is part of the whole charm of the thing. So you'll get into issues. But even just the blogging for internal use, where our people are seeing each other's blogs, has allowed groups to work together on a better basis.Q: You've written up three test blogs. Is that something you're really seriously thinking about jumping into?A: Well, my rate has proven to be irregular so far. And basically what they've said to me is that, if I turn out at least two a month for a while, then they'll put me online. I've often thought that I might, but so far I haven't.Q: I'd think that you'd have some say in that matter.A: I've got priorities. I've got to get past the writing.
The web site starters for windows includes Telligent's Community Server blogs and forums. Check out the explainer here.
The developer community has a new way to collaborate, MSDN forums is in beta. Jim Glass blogs about the benefits here.
Hm, no reader software needed, I can get notifications when my questions are answered, it's moderated (though I must use Passport), and it's searchable - what's not to like? Oh yeah, it's DEV focus.
Think there is a market here for IT Pros? Want to see forums.microsoft.com/technet? Make comments on this post and let us know the features/functionality you want to see.
Better yet, you can post suggestions directly to the people developing the service and platform here. (Passport sign-on required)
TechWeb quotes Gordon in this article "Initially, some 14 million users have downloaded Microsoft's free anti-spyware tool, and about 40 percent of those have opted to send information in to give the company access to detailed information about malware threats. Additional upgrades of the client-side anti-spyware tool are due this summer, and a for-fee enterprise anti-spyware product is expected as early as the first half of 2006, Mangione said. "