Technical RollUp

Premier Field Engineering - Technical Rollup Mails

November 2008 - Technical Rollup Mail - Security

November 2008 - Technical Rollup Mail - Security

  • Comments 1
  • Likes

 NEWS

 

Download the Urgent Security Update for Windows http://www.microsoft.com/protect/computer/updates/bulletins/200810_oob.mspx

Microsoft released an out-of-band security update on October 23 for all currently supported versions of Microsoft Windows. Download and install the update from Microsoft Update today.

 

Restore Infected PCs with the Malware Removal Starter Kit! https://partner.microsoft.com/40011132?campaign_type=ms_com_webpage&campaign=securityhomepage&landing_page=SolutionAcc_securitysuite_MSPP

You’ll get free, tested guidance and tools to help you combat malware attacks and restore infected systems—so your customers can safely get back to work.

 

Microsoft Seeks to End Lottery Fraud http://www.microsoft.com/security/lottery/default.mspx Our new effort to end lottery scams includes a reporting system for victims of identity theft, partnerships with other companies, and providing analyzed data to global law enforcement agencies.

 

Microsoft Security Assessment Tool http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=10773471&s1=3be15275-38db-4726-9c6c-235b08032b7c

Wouldn't it be great if you had a report created for your business that detailed specific actions you should take to further secure your IT environment? Wouldn't it be great if that report was built from an assessment of your current security requirements cross-checked against an assessment of your current security investments? Wouldn't it be great if there was a free tool to do this? Guess what? The Microsoft Security Assessment Tool (MSAT) is that free tool. We've just released a new version (v4) with a new UI and a new extended report. Download MSAT here.

 

Online Identity Theft: Changing the Game - Protecting Personal Information on the Internet http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=10773473&s1=3be15275-38db-4726-9c6c-235b08032b7c

Identity theft is not only a threat faced by consumers but also a significant concern for organisations as they handle growing volumes of personally identifiable information (PII) and use it in more diverse ways. This paper outlines a set of near-term tactics for mitigating online identity theft as well as a longer-range strategic vision for fundamentally 'changing the game' with regard to how people assert their identity on the Internet and how such identity claims are verified by other parties during an online interaction or transaction.

 

Security Development Lifecycle: Three New Programmes http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=10773474&s1=3be15275-38db-4726-9c6c-235b08032b7c

As part of its commitment to make the Security Development Lifecycle (SDL) available to every developer, Microsoft is delivering three new SDL programmes and tools in November 2008: the SDL Pro Network, the SDL Optimisation Model, and the Microsoft SDL Threat Modelling Tool. These offerings will enable the industry to create more secure and privacy-enhanced technology for an online world. Learn more about these programmes or watch a demo about the SDL Threat Modelling Tool.

 

Microsoft Security Bulletin Summary for October, 2008

http://www.microsoft.com/technet/security/bulletin/ms08-oct.mspx

 

Search for previous security bulletins http://go.microsoft.com/?linkid=3992478

 

Security Bulletin Feed http://go.microsoft.com/?linkid=3992479 RSS http://go.microsoft.com/?linkid=3992480

 

 

Microsoft Internet Security and Acceleration Server

Internet Security and Acceleration (ISA) Server TechCenter

http://technet.microsoft.com/en-gb/forefront/edgesecurity/default.aspx

Please note that if you have feedback on documentation or wish to request new documents - email isadocs@microsoft.com

 

Forefront Edge Security Community

http://technet.microsoft.com/en-gb/forefront/edgesecurity/bb687298.aspx

 

Forefront TMG (ISA Server) Product Team Blog

The ISA Server Product Team Blog (http://blogs.technet.com/isablog/) is updated on a regular basis. Latest entries include:

 

Using a Client Certificate when Bridging SSL traffic from ISA Server

http://blogs.technet.com/isablog/archive/2008/10/22/using-a-client-certificate-when-bridging-ssl-traffic-from-isa-server.aspx

 

A Preview of Exciting Things to Come

http://blogs.technet.com/isablog/archive/2008/10/19/a-preview-of-exciting-things-to-come.aspx

 

ISA Server wins Readers' Choice award

http://blogs.technet.com/isablog/archive/2008/10/07/isa-server-wins-readers-choice-award.aspx

 

Unable to “Check Out” a Document in MOSS 2007 Published Through ISA Server 2006

http://blogs.technet.com/isablog/archive/2008/10/02/unable-to-check-out-a-document-in-moss-2007-published-through-isa-server-2006.aspx

 

 

Intelligent Application Gateway 2007

Intelligent Application Gateway 2007 Technical Resources

http://technet.microsoft.com/en-gb/forefront/edgesecurity/bb687299.aspx

 

Forefront Edge Security Community

http://technet.microsoft.com/en-gb/forefront/edgesecurity/bb687298.aspx

 

Intelligent Application Gateway Product Team Blog

The IAG Product Team Blog (http://blogs.technet.com/edgeaccessblog) is updated on a regular basis. Latest entries include:

 

Publishing SharePoint with IAG 2007 – Part 1: What is SharePoint AAM and why do we need it?

http://blogs.technet.com/edgeaccessblog/archive/2008/10/12/publishing-sharepoint-with-iag-2007-part-1-what-is-sharepoint-aam-and-why-do-we-need-it.aspx

 

Publishing SharePoint with IAG 2007 – Part 2: Common Questions

http://blogs.technet.com/edgeaccessblog/archive/2008/10/13/publishing-sharepoint-with-iag-2007-part-2-common-questions.aspx

 

Publishing SharePoint with IAG 2007 – Part 3: SharePoint Topologies

http://blogs.technet.com/edgeaccessblog/archive/2008/10/13/publishing-sharepoint-with-iag-2007-part-3-sharepoint-topologies.aspx

 

 

DOCUMENTS

 

White Paper: Managing a Public Key Infrastructure Using Active Directory Certificate Services and Identity Lifecycle Manager (ILM) http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=10773472&s1=3be15275-38db-4726-9c6c-235b08032b7c

This white paper, from Oxford Computer Group explores many of the business drivers for a Microsoft-centric Certificate and Card Management System (CCMS), a term coined to describe the conjoined capabilities of Active Directory Certificate Services and Identity Lifecycle Manager. It explores the challenges and opportunities of implementing a CCMS solution from the perspectives of design, implementation, operations, etc.

 

Patterns & Practices Security Engineering Update http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=10773476&s1=3be15275-38db-4726-9c6c-235b08032b7c

Check out J. D. Meier's overview of the patterns & practices approach to security engineering, which covers - among other topics - the security frame used to perform security code and design inspections.

 

Security Tip of the Month: Planning for Hyper-V Security http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=10773477&s1=3be15275-38db-4726-9c6c-235b08032b7c

How do you know who is accessing what in your IT environment? This vital question is often faced by security administrators, and many IT organisations have challenges identifying and understanding patterns of client access to enterprise resources. This article offers some quick tips and tools to help you understand which users or system accounts have access to which resources, and when.

 

Windows Vista Security Guide http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=10773479&s1=3be15275-38db-4726-9c6c-235b08032b7c

This guide provides you with specific recommendations and automated tools to help strengthen the security of desktop and laptop computers running Windows Vista in a domain with the Active Directory service. You'll also learn how to use the GPOAccelerator tool that accompanies the guide to help you automatically deploy security settings in minutes instead of hours.

 

WFAS Design and Deployment Guide http://www.microsoft.com/downloads/info.aspx?na=22&p=121&SrcDisplayLang=en&SrcCategoryId=&SrcFamilyId=&u=%2fdownloads%2fdetails.aspx%3fFamilyID%3de4a6d0d6-c8c3-414a-ad61-abce6889449d%26DisplayLang%3den

This guide helps you design and deploy Windows Firewall with Advanced Security settings and rules that meet your goals for network security.

 

Full Volume Encryption using Windows BitLocker Drive Encryption Datasheet http://www.microsoft.com/downloads/info.aspx?na=22&p=130&SrcDisplayLang=en&SrcCategoryId=&SrcFamilyId=&u=%2fdownloads%2fdetails.aspx%3fFamilyID%3d7abb19b9-385f-450a-ba25-aa505ca8935c%26DisplayLang%3den

The Full Volume Encryption using Windows BitLocker Drive Encryption offering capitalizes on the Microsoft Solution Framework (MSF) to envision, plan, develop, stabilize (test), and deploy BitLocker in your environment.

 

Understanding the Servicing Models for Major Microsoft Software http://www.microsoft.com/downloads/info.aspx?na=22&p=138&SrcDisplayLang=en&SrcCategoryId=&SrcFamilyId=&u=%2fdownloads%2fdetails.aspx%3fFamilyID%3d0e39a542-2c07-41e4-868b-6f39762bcbed%26DisplayLang%3den

Understanding the Servicing Models for Major Microsoft Software describes the business and technical reasoning in, and the processes comprising the evaluation and delivery of code changes within security update packages.

 

Network Access Protection with IPsec Enforcement Datasheet http://www.microsoft.com/downloads/info.aspx?na=22&p=137&SrcDisplayLang=en&SrcCategoryId=&SrcFamilyId=&u=%2fdownloads%2fdetails.aspx%3fFamilyID%3d3d551f59-6318-4244-b3b0-463d33a4e2e3%26DisplayLang%3den

Network Access Protection is designed to protect both remote and local users from viruses, worms, and malicious software by helping to verify and directly update any computer attempting to access the network while restricting the network access of non-compliant clients

 

Enterprise Data Security Optimization Datasheet http://www.microsoft.com/downloads/info.aspx?na=22&p=136&SrcDisplayLang=en&SrcCategoryId=&SrcFamilyId=&u=%2fdownloads%2fdetails.aspx%3fFamilyID%3deb91333a-c26b-4a0d-9251-80a494df9e5c%26DisplayLang%3den

This offering integrates multiple data-protection technologies and “always on” persistent protection to provide comprehensive coverage of the data stored on desktops and servers, as well as data in transit.

 

 

DOWNLOADS

 

UrlScan v3.0 Released to the Web http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=10773475&s1=3be15275-38db-4726-9c6c-235b08032b7c

UrlScan version 3.0 is a security tool that restricts the types of HTTP requests that Internet Information Services (IIS) 6.0 will process. UrlScan screens all incoming requests to the server by filtering the requests by rules that are set by the administrator. Filtering the requests helps secure the server by ensuring that only valid requests are processed.

 

Data Encryption Toolkit for Mobile PCs http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=10773480&s1=3be15275-38db-4726-9c6c-235b08032b7c

Benefit from tested guidance and powerful tools to help you protect your most vulnerable information - the data residing on your laptops. This toolkit shows you how to use two key encryption technologies: BitLocker Drive Encryption, which is included with specific versions of Windows Vista, and the Encrypting File System, which is included with Windows XP Professional and Windows Vista.

 

Security Compliance Management Toolkit http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=10773481&s1=3be15275-38db-4726-9c6c-235b08032b7c

This toolkit provides you with best practices to plan, deploy, monitor and remediate a security baseline for your organisation. It also offers a proven method that you can use to effectively monitor the compliance state of a security baseline for Windows Vista, Windows XP Service Pack 2 (SP2) and Windows Server 2003 SP2.

 

Podcast: BitLocker Drive Encryption http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=10773482&s1=3be15275-38db-4726-9c6c-235b08032b7c

In this podcast, Paul Cooke, Director in the Windows Client division specialising in security, discusses BitLocker Drive Encryption, and how it has been extended in Windows Vista SP1.

 

Podcast: Advanced Group Policy Podcast http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=10773483&s1=3be15275-38db-4726-9c6c-235b08032b7c

Learn how to effectively use the new Group Policy objects in Windows Vista to improve manageability and strengthen security with this podcast by Derek Melber, author, IT consultant and Microsoft MVP for Group Policy.

 

October 2008 Security Release ISO Image http://www.microsoft.com/downloads/info.aspx?na=22&p=60&SrcDisplayLang=en&SrcCategoryId=7&SrcFamilyId=&u=%2fdownloads%2fdetails.aspx%3fFamilyID%3d0a678ca9-5953-44cd-a781-9990d49e5c21%26DisplayLang%3den

This DVD5 ISO image file contains the security updates for Windows released on Windows Update on October 14th, 2008.

 

Enterprise Library 4.1--October 2008 http://www.microsoft.com/downloads/info.aspx?na=22&p=60&SrcDisplayLang=en&SrcCategoryId=&SrcFamilyId=&u=%2fdownloads%2fdetails.aspx%3fFamilyID%3d1643758b-2986-47f7-b529-3e41584b6ce5%26DisplayLang%3den

Microsoft Enterprise Library is a collection of reusable application blocks designed to assist software developers with common enterprise development challenges. This release includes: Caching, Cryptography, Data Access, Exception Handling, Logging, Policy Injection, Security, Validation, and Unity.

 

Data Encryption Toolkit http://www.microsoft.com/downloads/info.aspx?na=22&p=84&SrcDisplayLang=en&SrcCategoryId=&SrcFamilyId=&u=%2fdownloads%2fdetails.aspx%3fFamilyID%3d1a99576a-fe67-418f-88b1-81e2055fe977%26DisplayLang%3den

This toolkit is intended to help you secure the data on your organization’s mobile PCs--in a cost-effective way--using Encrypting File System (EFS) and Microsoft BitLocker Drive Encryption (BitLocker) technologies.

 

 

EVENTS/WEBCASTS

 

Visit TechNet Spotlight: http://www.microsoft.com/technetspotlight     

Video on Demand, Video Downloads, PowerPoint Presentations, Audio and more

 

Microsoft Security Webcast Series: Upcoming and On-Demand

 

Security Webcast Calendar http://go.microsoft.com/fwlink/?LinkId=37910  

Find security webcasts listed in an easy-to-use calendar format.

 

Upcoming Security Webcasts

http://www.microsoft.com/events/security/upcoming.mspx  

 

Register for the following Webcasts on the link above

 

How Microsoft does IT: Managing Network Access Protection (Level 300)

Tuesday, November 11, 2008 9:30 AM Pacific Time

Network Access Protection (NAP) is a powerful new Windows Server 2008 feature that can help protect networks from malicious software (malware) and other threats. This webcast explains how organizations can use NAP to institute requirements for accessing a network, create policies that check for compliance with those requirements, and update and manage devices that are not in compliance. Join us to learn how Microsoft IT manages NAP within Microsoft and how organizations can leverage this feature to report on health policy compliance, and to take action to address identified risks.

 

On-Demand Security Webcasts

http://www.microsoft.com/events/security/ondemand.mspx  

 

 

New or updated KB’s

 

Microsoft Internet Security and Acceleration Server

Error 0x80072020 installing ISA Configuration Storage Server

http://support.microsoft.com/kb/958895

 

 

AOB

 

Security Help and Support for IT Professionals http://go.microsoft.com/?linkid=9480842 

TechNet Troubleshooting and Support Page  http://go.microsoft.com/?linkid=9480843 

Microsoft Security Glossary http://go.microsoft.com/?linkid=9480844 

TechNet Security Center http://go.microsoft.com/?linkid=9480845 

MSDN Security Developer Center http://go.microsoft.com/?linkid=9480846 

Midsize Business Security Center http://go.microsoft.com/?linkid=9480847 

Sign-Up for the Microsoft Security Notification Service http://go.microsoft.com/?linkid=9480848 

Security Bulletin Search Page http://go.microsoft.com/?linkid=9480849 

Home Users: Protect Your PC http://go.microsoft.com/?linkid=9480850 

MCSE/MCSA: Security Certifications http://go.microsoft.com/?linkid=9480851 

Subscribe to TechNet http://go.microsoft.com/?linkid=9480852 

Register for TechNet Flash IT Newsletter http://go.microsoft.com/?linkid=9480853 

Register for the UK MSDN Flash Newsletter http://go.microsoft.com/?linkid=9480854

 

 

 

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment