News

The "De-perimeterization" of Networks http://go.microsoft.com/?linkid=7374750

By Ido Dubrawsky, Security Advisor, Microsoft Communications Sector In this month's Viewpoint, learn how and why the hardened perimeter is giving way to a process known as "de-perimeterization" -- the slow disappearance of the perimeter network (also known as DMZ, demilitarized zone, and screened subnet) in order to accommodate the reality of today's business networks and environment.

The Long-Term Impact of User Account Control http://go.microsoft.com/?linkid=7374752

For as much coverage as it gets, there are still a lot of questions and misconceptions about User Account Control (UAC). Here's a frank discussion about what UAC is, what it is not, and how it should affect the way you manage systems.

ISA Server Network Protection: Protecting Against Floods and Attacks http://go.microsoft.com/?linkid=7374753

Businesses need to eliminate the damaging effects of malicious software (also called malware) and attackers by using comprehensive tools for scanning and blocking harmful content, files, and Web sites. Learn how Microsoft Internet Security and Acceleration (ISA) Server helps provide access protection with intrusion detection, flood mitigation, spoof detection, and other sophisticated attack detection features.

Evaluate Forefront Edge Security and Access Products http://go.microsoft.com/?linkid=7374754

Choose one of several options for evaluating Microsoft Internet Security and Acceleration (ISA) Server 2006 and Microsoft Intelligent Application Gateway (IAG) 2007. Check out a demonstration toolkit, download free ISA Server 2006 trial software, or test drive products through TechNet Virtual Labs.

Declarative Windows Communication Foundation (WCF) Security http://go.microsoft.com/?linkid=7374755

By enabling the widest possible set of interactions between clients and services, WCF security introduces a degree of complexity that is difficult to master. In this article, Juval Lowy offers a declarative security framework designed to eliminate that complexity without decreasing security or configuration flexibility for the supported scenarios.

Security Tip of the Month: Adding "Kick" to Your Remote Access Security Policies with Intelligent Application Gateway http://go.microsoft.com/?linkid=7374756

By Uri Lichtenfeld, IAG Product Manager, Microsoft Corporation Having access from anywhere can drive productivity, but it is challenging for companies to create a user experience that is both easy to manage and that helps to protect against security risks. This article describes how Microsoft Intelligent Application Gateway 2007 provides tools to help companies publish applications in a more secure and user-friendly manner and achieve a better balance between access and security.

Manage Updates and Safeguard Your Systems http://go.microsoft.com/?linkid=7415504

Manage updates and simplify the task of protecting your systems with these free resources.

Microsoft Security Bulletin Summary for July, 2007

http://www.microsoft.com/technet/security/bulletin/ms07-sep.mspx

Search for previous security bulletins http://go.microsoft.com/?linkid=3992478

Security Bulletin Feed http://go.microsoft.com/?linkid=3992479  RSS http://go.microsoft.com/?linkid=3992480

 

Documents

Server and Domain Isolation Using IPsec and Group Policy http://go.microsoft.com/?linkid=7374757

Increased connectivity means that domain members on an internal network are increasingly exposed to significant risks from other computers on the internal network, in addition to breaches in perimeter security. This guide presents a concept of logical isolation that embodies two solutions: server isolation to ensure that a server accepts network connections only from trusted domain members or a specific group of domain members; and domain isolation to isolate domain members from untrusted connections. These solutions can be used separately or together as part of an overall logical isolation solution.

ISA Server 2006 Security Guide http://go.microsoft.com/?linkid=7374758

This guide provides you with essential information about how to harden and securely administer computers running ISA Server 2006 Enterprise Edition or ISA Server 2006 Standard Edition. In addition to practical, specific configuration recommendations, this guide includes ISA Server deployment strategies.

Intelligent Application Gateway User Guide http://go.microsoft.com/?linkid=7374759

This guide provides in-depth information about IAG 2007 functionality and how to use its various components and options. It includes step-by-step instructions on how to configure, maintain, monitor, and control IAG servers.

Intelligent Application Gateway Advanced Configuration http://go.microsoft.com/?linkid=7374760

This guide provides details on advanced configuration and capabilities of IAG, including security management tools, customizing Web pages, access control, session settings, and more.

Windows Firewall with Advanced Security - Diagnostics and Troubleshooting http://go.microsoft.com/?linkid=7374761

Windows Firewall with Advanced Security, a Microsoft Management Console (MMC) snap-in tool in Windows Vista is a stateful, host-based firewall that filters incoming and outgoing connections based on its configuration. IPsec and firewall configuration can now be done together in this snap-in. This article describes how Windows Firewall with Advanced Security works, what the common troubleshooting situations are, and which tools you can use for troubleshooting.

Perimeter Firewall Service Design for the Centralized Data Center (CDC) Scenario http://go.microsoft.com/?linkid=7374762

Windows Server System Reference Architecture (WSSRA) is an integrated set of service solutions based on architectural guidance for typical enterprise scenarios. This section of the WSSRA guide provides information on the design used in the CDC scenario to provide a secure firewall solution between the Internet and the perimeter networks of the CDC infrastructure.

Perimeter Firewall Design Guide http://go.microsoft.com/?linkid=7374763

This guide helps you to select a suitable firewall product for your organization's perimeter network. It presents the different classes of available firewalls and highlights their significant features. It also gives you guidance in determining your own requirements and helps you to select the most appropriate product for your perimeter firewall.

Active Directory Replication over Firewalls http://go.microsoft.com/?linkid=7374764

This white paper explains how to get replication to function properly in environments where an Active Directory forest is distributed among internal perimeter networks and external (Internet-facing) networks.

Firewall Information for Windows Media Services 9 Series http://go.microsoft.com/?linkid=7374765

Most firewalls are used to control "inbound traffic" to the server; they generally do not control "outbound traffic" to clients. However, ports in your firewall for outbound traffic may be closed if a more stringent security policy is implemented on your server network. This article describes how to allocate ports for Windows Media Services and configure Windows Firewall for Windows Media Services, and it also gives firewall and registry settings for Distributed Component Object Model (DCOM)

 

Downloads

Microsoft Antigen for Exchange with Service Pack 1 Beta Software

Antigen for Exchange provides server-level protection against the latest e-mail threats.

http://www.microsoft.com/downloads/details.aspx?FamilyID=b1d3f9bc-97d4-40e1-8902-ce49ea4d579f&DisplayLang=en

Microsoft Antigen Spam Manager with Service Pack 1 Beta Software

Antigen Spam Manager helps businesses eliminate spam and other undesirable message traffic on SMTP gateway and Exchange servers.

http://www.microsoft.com/downloads/details.aspx?FamilyID=7b94e15d-3d60-4369-bb2f-5a80e750cbe5&DisplayLang=en

Microsoft Antigen for Exchange with Antigen Spam Manager with Service Pack 1 Beta Software

The Messaging Security Suite includes Antigen for Exchange, Antigen for SMTP Gateways, and Antigen Spam Manager, and provides server-level protection against the latest e-mail threats.

http://www.microsoft.com/downloads/details.aspx?FamilyID=d9c7b9e7-f0e5-4468-b29b-e388bd643a62&DisplayLang=en

Microsoft Antigen for SMTP Gateways with Antigen Spam Manager with Service Pack 1 Beta Software

The Messaging Security Suite includes Antigen for Exchange, Antigen for SMTP Gateways, and Antigen Spam Manager, and provides server-level protection against the latest e-mail threats.

http://www.microsoft.com/downloads/details.aspx?FamilyID=3075d72a-b209-4551-bc13-8eb882cbf825&DisplayLang=en

Microsoft Antigen for SMTP Gateways with Service Pack 1 Beta Software

Antigen for SMTP Gateways provides gateway protection against the latest e-mail threats.

http://www.microsoft.com/downloads/details.aspx?FamilyID=251d147e-77d3-4daa-aaa3-0e8e4fe3c60e&DisplayLang=en

Microsoft Forefront Server Security Management Console Release Candidate

Forefront Server Security Management Console allows administrators to easily manage Forefront Security for Exchange Server, Forefront Security for SharePoint, and Microsoft Antigen.

http://www.microsoft.com/downloads/details.aspx?FamilyID=f9b669c6-6f9f-4c09-8457-c00b5b6ebd7a&DisplayLang=en

Microsoft Forefront Server Security Management Console Release Candidate User Guide

Forefront Server Security Management Console allows administrators to easily manage Forefront Security for Exchange Server, Forefront Security for SharePoint, and Microsoft Antigen.

http://www.microsoft.com/downloads/details.aspx?FamilyID=ae4ce23b-9e1e-455c-87a4-36167fe43107&DisplayLang=en

Defense in Depth: Securing Windows Server 2003 Datasheet

This is Microsoft Services Defense in Depth: Securing Windows Server 2003 datasheet

http://www.microsoft.com/downloads/details.aspx?FamilyID=af323f48-8134-4eba-b2e6-1f973dcb96a8&DisplayLang=en

Software Update Management (SUM) Datasheet

This is Microsoft Services Software Update Management (SUM) datasheet.

http://www.microsoft.com/downloads/details.aspx?FamilyID=0c33ca13-fee3-4859-ae76-661a16beac5c&DisplayLang=en

The Sender ID Framework: Protecting Your Brand, Users & Infrastructure

Describes the benefits of implementing Sender ID

http://www.microsoft.com/downloads/details.aspx?FamilyID=41fd8292-23f8-4f28-830c-d6cb6deec747&DisplayLang=en

August 2007 Security Releases ISO Image

This DVD5 ISO image file contains the security updates for Windows released on Windows Update on August 14th, 2007.

http://www.microsoft.com/downloads/details.aspx?FamilyID=e4dcc3e7-36bd-4c6f-a8b6-421cb8902eaa&DisplayLang=en

Sender ID: "Implementation Tips for the Sender ID Framework—Creating Your SPF Record"

The print-ready brochure describes the benefits of authenticated e-mail and of Sender ID implementation to both senders and recipients.

http://www.microsoft.com/downloads/details.aspx?FamilyID=b7ce1cac-d884-4216-82fe-379f875663ff&DisplayLang=en

Windows: Baseline Security Desired Configuration Monitoring (DCM) Datasheet

This is Microsoft Services Windows: Baseline Security Desired Configuration Monitoring (DCM) datasheet.

http://www.microsoft.com/downloads/details.aspx?FamilyID=c186d5f0-e2f3-42a1-ab90-7bffa72036f8&DisplayLang=en

Microsoft Internet Security and Acceleration (ISA) Server 2004, and 2006 Management Pack for Operations Manager 2007

The ISA Server Management Pack monitors ISA Server events and alerts for the ISA Server versions 2004 and 2006.

http://www.microsoft.com/downloads/details.aspx?FamilyID=6bf3b468-0473-41a1-9ea1-f3bcec7aa562&DisplayLang=en

Security White Papers

Security white papers that address the specific security needs of particular industries, such as the professional services and financial services industries.

http://www.microsoft.com/downloads/details.aspx?FamilyID=4cd29b01-eed8-45f5-ab1e-ff1e1aef7b22&DisplayLang=en

Microsoft Internet Security and Acceleration (ISA) Server 2006 Supportability Update

Microsoft® Internet Security and Acceleration (ISA) Server 2006 Supportability Update provides improved troubleshooting features for ISA Server 2006 Standard Edition and Enterprise Edition.

http://www.microsoft.com/downloads/details.aspx?FamilyID=6f629eac-d8c6-4437-9d20-b47b02db413a&DisplayLang=en

ILM 2007 Password Management Collection

The Password Management Collection introduces users to the Password Change Notification Service (PCNS) in ILM 2007.

http://www.microsoft.com/downloads/details.aspx?FamilyID=ae09d2f5-8ac2-4769-ab6a-48fe35a25c63&DisplayLang=en

EST 2007 09 September 11 Enterprise Scan Tool (standalone)

Enterprise Update Scan Tool (standalone version) for detecting needed security updates for September 2007 as described in MS07-052, MS07-053.

http://www.microsoft.com/downloads/details.aspx?FamilyID=d7e0af00-47b7-46d0-9252-cc9d7db7385d&DisplayLang=en

Extended Security Update Inventory Tool

The Extended Security Update Inventory Tool is used to detect security bulletins not covered by MBSA including MS04-028, February 2005 bulletins, and future security bulletins that are exceptions to MBSA.

http://www.microsoft.com/downloads/details.aspx?FamilyID=2c93da1d-48a0-4e5c-991f-87e08954f61b&DisplayLang=en

September 2007 Security Releases ISO Image

This DVD5 ISO image file contains the security updates for Windows released on Windows Update on September 11th, 2007.

http://www.microsoft.com/downloads/details.aspx?FamilyID=08cb7697-468f-4642-857e-1b5137ecc242&DisplayLang=en

Microsoft® Windows® Malicious Software Removal Tool (KB890830)

This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month.

http://www.microsoft.com/downloads/details.aspx?FamilyID=ad724ae0-e72d-4f54-9ab3-75b8eb148356&DisplayLang=en

Update for Windows Mail Junk E-mail Filter [September 2007] (KB905866)

Install this update for Windows Mail to revise the definition files used to detect e-mail messages that should be considered junk e-mail or that may contain phishing content.

http://www.microsoft.com/downloads/details.aspx?FamilyID=aa029fde-f341-44fc-8b85-0c6f3d3c2d69&DisplayLang=en

Update for Windows Mail Junk E-mail Filter for x64-based Systems [September 2007] (KB905866)

Install this update for Windows Mail to revise the definition files used to detect e-mail messages that should be considered junk e-mail or that may contain phishing content.

http://www.microsoft.com/downloads/details.aspx?FamilyID=749e10cd-f40c-4f94-8e38-d4221ded7652&DisplayLang=en

Microsoft Forefront Server Security Management Console Release Candidate

Forefront Server Security Management Console allows administrators to easily manage Forefront Security for Exchange Server, Forefront Security for SharePoint, and Microsoft Antigen.

http://www.microsoft.com/downloads/details.aspx?FamilyID=f9b669c6-6f9f-4c09-8457-c00b5b6ebd7a&DisplayLang=en

2007 Office System Document: Digital Signing of Microsoft 2007 Office System Documents

The 2007 Microsoft Office system provides many security improvements over its predecessors, including digital document signing. This white paper introduces the reader to digital signatures: what they are and how to use them.

http://www.microsoft.com/downloads/details.aspx?FamilyID=79d06e72-4b45-4669-9eac-0eca5821e8ff&DisplayLang=en

ILM 2007 Password Management Collection

http://www.microsoft.com/downloads/details.aspx?FamilyID=ae09d2f5-8ac2-4769-ab6a-48fe35a25c63&DisplayLang=en

Update for Outlook 2007 Junk Email Filter (KB937833)

This update provides the Junk E-mail Filter in Microsoft Office Outlook 2007 with a more current definition of which e-mail messages should be considered junk e-mail. This update was released in September 2007.

http://www.microsoft.com/downloads/details.aspx?FamilyID=1b9f8df9-ee04-415e-954f-6ba45b6e72c8&DisplayLang=en

Update for Outlook 2003 Junk Email Filter (KB936677)

This update provides the Junk E-mail Filter in Microsoft Office Outlook 2003 with a more current definition of which e-mail messages should be considered junk e-mail. This update was released in September 2007.

http://www.microsoft.com/downloads/details.aspx?FamilyID=3431b2b0-5313-4acb-8daa-4fb9e638f901&DisplayLang=en

Windows BitLocker Drive Encryption Design and Deployment Guides

BitLocker design and deployment guidance.

http://www.microsoft.com/downloads/details.aspx?FamilyID=41ba0cf0-57d6-4c38-9743-b7f4ddbe25cd&DisplayLang=en

Podcasts: How Microsoft IT Manages Physical Security through Strategic IT Convergence

The purpose of World Wide Security Operations is to protect Microsoft’s assets in a manner consistent with corporate culture.

http://www.microsoft.com/downloads/details.aspx?FamilyID=b72ea3fb-6905-48b6-a987-cc4c032de7e1&DisplayLang=en

 

Events/WebCasts 

Microsoft Security Webcast Series: Upcoming and On-Demand

Security Webcast Calendar http://go.microsoft.com/fwlink/?LinkId=37910

Find security webcasts listed in an easy-to-use calendar format.

Upcoming Security Webcasts

http://www.microsoft.com/events/security/upcoming.mspx

Register for the following Webcasts on the link above

TechNet Webcast: Windows Firewall with Advanced Security (Level 200)

Wednesday, October 3, 2007 11:30 A.M.-1:00 P.M. Pacific Time

TechNet Webcast: Message Security, Active Protection, and Compliance with Exchange Server 2007 (Level 200)

Friday, October 5, 2007 9:30 A.M.-11:00 A.M. Pacific Time

TechNet Webcast: Information About Microsoft October Security Bulletins (Level 200)

Wednesday, October 10, 2007 11:00 A.M.-12:00 P.M. Pacific Time

TechNet Webcast: Managing Messaging and Collaboration Security with the Forefront Server Security Management Console (Level 200)

Friday, October 19, 2007 11:30 A.M.-12:30 P.M. Pacific Time

Microsoft Webcast: Improve and Simplify Mobile Device Security and Management (Level 100)

Wednesday, October 24, 2007 10:30 A.M.-11:30 P.M. Pacific Time

On-Demand Security Webcasts

http://www.microsoft.com/events/security/ondemand.mspx