TONYSO

Tonyso Credo: "Look for a pattern, and solve it for everything"

Browse by Tags

Related Posts
  • Blog Post: Patch Tuesday Aftermath: Do You Know Where Your VMs Are?

    It is a security best practice recommendation to ensure that all your VMs are fully patched before they are turned on in production. One way you can do this is to create a designated " maintenance host " that is off the production network, but has access to the needed software updates. Migrate your...
  • Blog Post: Windows Vista Service Pack 1 Five Language Standalone Released

    Windows Vista Service Pack 1 Five Language Standalone Released Windows Vista Service Pack 1 (SP1) is an update to Windows Vista that addresses feedback from our customers. In addition to previously released updates, SP1 contains changes focused on addressing specific reliability, performance, and...
  • Blog Post: Spot the Sucker - Don't be a Fish

    The Professional Poker Dealer's Handbook by Dan Paymar, Donna Harris, and Mason Malmuth defines fish as: a poker player who lacks many poker skills. Skilled poker players look for these "soft targets". In the poker movie Rounders the character Mike McDermott says : "Listen, here's the thing. If you...
  • Blog Post: Everything You Ever Wanted to Know About GP Settings for Windows Server 2008 and Windows Vista SP1 But Were Afraid to Ask

    Somtimes you just need the comprehensive list of things to reverse-lookup something. Some folks just like to read every page of the manual. For both groups, and IT Pros with a strong CYA sensibility, there is the Group Policy Settings Reference for Windows Server 2008 and Windows Vista SP1 . splogscreen...
  • Blog Post: Vista SP1 IT Pro Early Release

    Vista SP1 RTM was 2/4/08. All your users can get it in mid-March via Windows Update and the Microsoft Download Center. IT Pros can get it today if they are TechNet subscribers. Just log on to your TN subscription home page and check the "Top Subscriber Downloads" section. Basta. Content thee.
  • Blog Post: IPSEC - No Joke

    So this guy goes into the doctor's office and says " Doctor, IPSec..." <sound of phonograph needle dragging across a record> "we interrupt this off-color, potentially UN-PC so-called comedy offering to bring you information on IPsec that is actually valuable" If you are not evaluating IPSec...
  • Blog Post: Hyper-V Security How to: Use BitLocker to Protect Your VMs

    Windows Server 2008 Hyper-V and BitLocker Drive Encryption was recently published to the download center, but some folks are having trouble accessing it (it seems there is a lot of interest in all things Hyper-V). Here are the procedures in the doc to tide you over till your download comes through: ...
  • Blog Post: To "SIR", With Love

    The third volume of the Microsoft Security Intelligence Report (SIR) is now available. SIR Volume 3 (January through June 2007) and Key Findings Summary: http://go.microsoft.com/fwlink/?LinkID=103122&clcid=0x409 The Microsoft Security Intelligence Report (SIR) provides an in-depth perspective...
  • Blog Post: This Is Your Brain on Drugs

    Scientists in Switzerland map the human brain on hallucinogens. Measured this way, all tripper’s brains look the same, yet internally, each drug-takers experience is different and personal… Warning : clicking the link subjects you to a short commercial before vid plays. Can anyone tell me how to skip...
  • Blog Post: Cowboy Up Your Users

    Thing are getting hairy out there. You asked, we listened. IT Pros have long wanted information they can give to users to raise their security IQ/skills. It is here. It is called the Information Workers Security Handbook, written by The Security Business and Technology Unit (SBTU), with the...
  • Blog Post: Is Your DNS Secure? Have you checked it lately?

    The DNS issue in the article below affects Windows Server 2003 (standard, enterprise and datacenter editions), Windows 2000 Server (also the advanced and datacenter versions) and Windows NT Server 4.0 standard edition, Microsoft said in its advisory . Servers with Service Pack 3 installed, or that run...
  • Blog Post: Hyper-V Attack Surface Reference

    The Windows Server 2008 Security Guide includes a spreadsheet you can download that lists all the attack surfaces for Windows Server 2008. This guide was initially published before Hyper-V role RTM. When the Security Guide is updated, a new worksheet in the Attack Surface Reference Workbook will be added...
  • Blog Post: LUA Lower Now

    A new paper from the MSSC to help you LUA: Applying the Principle of Least Privilege to User Accounts on Windows XP . Blurbage: A defense-in-depth strategy, with overlapping layers of security, is the best way to counter malicious software threats, and the least-privileged user account (LUA) approach...
  • Blog Post: How Microsoft IT Does Security

    Check out new 'casts from IT Showcase on internal Microsoft security: How Microsoft IT Manages Physical Security through Strategic IT Convergence Join this session to gain a better understanding of the Microsoft Worldwide Security Operations and how they protect Microsoft assets in a manner consistent...
  • Blog Post: NAP and Microsoft IT

    TechNet edge has a good new video chat with the PM for NAP and the Microsoft IT guy who ran all of Microsoft;s internal deployment (ww) on 2 NAP servers! It's a little over 33 mins long - which is longer than many of the vids. Check it out at: http://edge.technet.com/Media/Network-Access-Protection-with...
  • Blog Post: Straight Talk About Security

    Read this great column on security management Myth 1: Security Guides Make Your System Secure Myth 2: If We Hide It the Bad Guys Won’t Find It Myth 3: The More Tweaks the Better Myth 4: Tweaks Are Necessary Read the MSRC Blog
  • Blog Post: Spread the LUA joy

    Get your friends and family, all those folks that come to you for computer help once their machines have become hopelessly hijacked and infected by spyware and malware, to learn how to run as non-admin. Aaron does a webcast you can watch (passport sign-in required) to teach them all how to use Run...
  • Blog Post: How To: Recover Your Account if You Have Been Hacked

    If you suspect that an unauthorized person has used your Windows Live ID to sign into your Windows Live Hotmail acccount, or any other Windows Live service, please read this article for further help. http://windowslivehelp.com/solutions/accounts/archive/2008/10/25/what-to-do-if-you-think-your-accounts...
  • Blog Post: Hyper-V How To: Plan for Hyper-V Security

    My article on Hyper-V Security best practices has been selected as September tip of the month. Check out Planning for Hyper-V Security . Kai Axford has a good article in the same newsletter issue: " Security in a Virtual World ." For videos and additional drill-down info, see my blog pot Hyper-V Security...
  • Blog Post: Microsoft IT featured in Trustworthy Computing Book

    I contributed Microsoft IT case studies to the MOF book "Trustworthy Computing - Reliable in Operations: Microsoft Operations Framework Case Studies". It is now available for download here . Comments welcome.
  • Blog Post: Hyper-V Common Criteria Certification

      Q: Is Hyper-V Common Criteria Certified (Common Criteria level EAL4 augmented by ALC_FLR.3)? A: Heck ya: : http://www.bsi.de/zertifiz/zert/reporte.htm#Midsize_Systems :-) Congrats to the Hyper-V team.
  • Blog Post: Sasser +1 year - are your desktops secure?

    Securing Windows XP Desktops Resource Guide See also Jeff's excellent Infosec blog , and the MSRC team blog And the Des ktop Deployment Center security patching guide Don't forget the RSS feed for security bulletins and the new security advisories page Each month, Microsoft exec Mike Nash...
  • Blog Post: List the Full Contents of the Internet Explorer History Folder

    Recently, an IT Pro wrote in looking for help in finding what web pages were visited by a user on a remote machine. Some sort of security audit perhaps? There is an nifty new scriptcenter resource to help with this. This script gets the URL and date/time of each item in the browser History . For more...
  • Blog Post: Update Tuesday Blues - not so much?

    Information Security Magazine says that despite the hole we started out in, enterprise IT Pros have things much better now that they can resource plan for update tuesdays, and that this makes the IT security world a better place. FYI we don't call them patches anymore, we call 'em updates... What...
  • Blog Post: Configure Group Policy Preference Settings

    TechNet Edge has a new screencast on configuring Group Policy Preferences , including a really cool demonstration on how to configure filtering of Group Policy Preferences Windows Server 2008 gives you 20 new Group Policy client-side extensions (CSEs) that expand the range of configurable settings in...