An Introduction to Hyper-V in Windows Server 2008 http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=11343487&s1=68628015-2ccc-cbc7-31b9-0e76c3415474
By Rajiv Arunkundram, Senior Product Manager, Windows Server The introduction of Hyper-V makes virtualization an even more compelling solution for IT environments. Get an overview of today’s virtualization market and see how Hyper-V improves the manageability, reliability, and security of virtualization.
CIO Article: Can Mozilla Support Claims of Firefox Being the Most Secure Web Browser? http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=11343488&s1=68628015-2ccc-cbc7-31b9-0e76c3415474
In an article from an upcoming series in CIO Magazine, Jeff Jones from the Microsoft Trustworthy Computing (TwC) group addresses browser security and “the safest Web browser.”
Evaluate Microsoft Forefront Security for Office Communications Server Beta 3 http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=11343489&s1=68628015-2ccc-cbc7-31b9-0e76c3415474
Microsoft Forefront Security for Office Communications Server provides fast and effective protection against IM-based malware by including multiple scanning engines from industry-leading security partners, and it helps reduce corporate liability by blocking IM messages containing inappropriate content.
Analyst Report: The Microsoft Security Development Lifecycle (SDL) and the Org Chart http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=11343490&s1=68628015-2ccc-cbc7-31b9-0e76c3415474
Examine how Microsoft uses defense-in-depth at an organization level to ensure that there are many opportunities to detect and remove software vulnerabilities. You'll see how security responsibilities are assigned, from the individual developer to the global security team.
Analyst Report: The SDL Threat Modeling Process http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=11343491&s1=68628015-2ccc-cbc7-31b9-0e76c3415474
Security doesn't start with coding, it starts with secure design. In this article, you'll see how Microsoft uses threat modeling to ensure secure design and prevent vulnerabilities that could not be fixed with simple coding changes.
Secure Your Desktops with Newly Released Microsoft Assessment and Planning Toolkit 3.2 http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=11343492&s1=68628015-2ccc-cbc7-31b9-0e76c3415474
Antivirus and anti-malware protection is key to the security of your business desktops and laptops. Use the newly released Microsoft Assessment and Planning (MAP) Toolkit 3.2 to assess if they are vulnerable to viruses and malware. This free toolkit also helps you migrate to Windows Vista, the 2007 Microsoft Office system, Windows Server 2008, Windows Server 2008 Hyper-V, Microsoft Virtual Server 2005 R2, Microsoft SQL Server 2008, Microsoft Application Virtualization 4.5 (formerly SoftGrid), Microsoft Online Services, and Microsoft Forefront.
Microsoft Security Bulletin Summary for February, 2009
Download Microsoft Forefront Threat Management Gateway Beta 2 http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=11431803&s1=68628015-2ccc-cbc7-31b9-0e76c3415474
Try the next generation of Microsoft Internet Security & Acceleration (ISA) Server and experience key features that include Web anti-malware, HTTPS inspection and the Network Inspection System.
Download the Security Development Lifecycle Optimization Model http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=11431804&s1=68628015-2ccc-cbc7-31b9-0e76c3415474
The Microsoft SDL Optimization Model is a strategic framework which facilitates consistent and cost-effective implementation of the SDL in development organizations outside of Microsoft. Self-assess your current state of security in development and create a strategy and roadmap to progressively attain measurable security improvements with the Security Development Lifecycle Optimization Model.
Microsoft Security Response Center Blog Alerts
The Microsoft Security Response Center (MSRC) blog provides a real-time way for the MSRC to communicate with customers. Topics include day-to-day, "behind the scenes" information to help customers understand Microsoft security response efforts; updates during the early stages of security incidents; and regular postings for the bulletin release cycle.
RSS: MSRC Blog http://blogs.technet.com/msrc/rss.xml
Windows Live Alert: MSRC Blog http://signup.alerts.msn.com/alerts/login.do?PINID=32551266&returnurl=http://blogs.technet.com/msrc
Microsoft Forefront Threat Management Gateway Beta 2 Now Available! http://go.microsoft.com/fwlink/?LinkID=141234&clcid=0x409
Try the next generation of Microsoft Internet Security & Acceleration (ISA) Server and experience key features that include Web antimalware, HTTPS inspection and the Network Inspection System.
Forefront Edge Security TechCenter http://technet.microsoft.com/en-gb/forefront/edgesecurity/default.aspx
Please note that if you have feedback on documentation or wish to request new documents - email email@example.com
Forefront Edge Security Community http://technet.microsoft.com/en-gb/forefront/edgesecurity/bb687298.aspx
New Community Contributed Content includes: http://technet.microsoft.com/en-gb/library/dd316279.aspx
Troubleshooting Forms Base Authentication using Secure LDAP Authentication on ISA Server 2006
Forefront TMG (ISA Server) Product Team Blog
The ISA Server Product Team Blog (http://blogs.technet.com/isablog/) is updated on a regular basis. Latest entries include:
How-to get NLB to work with Forefront TMG Beta2 when running in Hyper-V. http://blogs.technet.com/isablog/archive/2009/02/23/how-to-get-nlb-to-work-with-forefront-tmg-beta2-when-running-in-hyper-v.aspx
Caching Comments from Yahoo's Mark Nottingham http://blogs.technet.com/isablog/archive/2009/02/23/caching-comments-from-yahoo-s-mark-nottingham.aspx
ISA Server Build Numbers http://blogs.technet.com/isablog/archive/2009/02/25/isa-server-build-numbers.aspx
AD Marker method used for automatic detection for Firewall clients http://blogs.technet.com/isablog/archive/2009/02/25/ad-marker-method-used-for-automatic-detection-for-firewall-clients.aspx
Forefront TMG Beta 2: Virtualization Ready http://blogs.technet.com/isablog/archive/2009/02/27/forefront-tmg-beta-2-virtualization-ready.aspx
Cannot Browse a HTTPs Site Published by ISA Server 2006 without using TLS 1.0 on Internet Explorer
Try Intelligent Application Gateway (IAG) SP2 http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=11345324&s1=68628015-2ccc-cbc7-31b9-0e76c3415474
IAG SP2 improves overall IAG scalability, interoperability, and functionality. It also has the ability to run as a virtual machine on Hyper-V for lower TCO, deployment flexibility, and simplified disaster recovery. Download the fully functional trial version which can be used in the production environment without an evaluation appliance.
Intelligent Application Gateway 2007 Technical Resources http://technet.microsoft.com/en-gb/forefront/edgesecurity/bb687299.aspx
Intelligent Application Gateway Product Team Blog
The IAG Product Team Blog (http://blogs.technet.com/edgeaccessblog) is updated on a regular basis. Latest entries include:
Enabling SharePoint bookmarking for SharePoint AAM Optimizer in IAG SP1 http://blogs.technet.com/edgeaccessblog/archive/2009/02/08/enabling-sharepoint-bookmarking-for-sharepoint-aam-optimizer-in-iag-sp1.aspx
Protect Your Network from Conficker http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=11343493&s1=68628015-2ccc-cbc7-31b9-0e76c3415474
Starting in November 2008, the Microsoft Malware Protection Center (MMPC) began detecting variants of the Conficker worm. Learn how to help protect your systems from Conficker -- and how to recover systems that have been infected by this worm -- which seeks to propagate itself through network-based attacks.
Planning for Hyper-V Security http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=11343494&s1=68628015-2ccc-cbc7-31b9-0e76c3415474
Securing the virtualization server involves all the measures you take to secure any Windows Server 2008 server role, plus a few extra to help secure the virtual machines, configuration files, and data. This month’s tip offers best practices to improve the security of your virtualization servers configured with the Hyper-V role, many of which apply to other virtualization servers as well.
Security in a Virtual World http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=11343495&s1=68628015-2ccc-cbc7-31b9-0e76c3415474
As with any new technology, there are plenty of myths out there about protecting virtual servers. This article addresses the top-three virtual security myths and offers a few observations for those considering the virtual route.
Hyper-V Security Guide: Beta Release http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=11343496&s1=68628015-2ccc-cbc7-31b9-0e76c3415474
This security guide provides IT professionals like you with guidance, instructions, and recommendations to address your key security concerns about server virtualization: hardening Hyper-V, virtual machine management and delegation, and protecting virtual machines. The beta release is available now for your review through March 6. After joining the Beta review program, bookmark this link <http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=11343416&s1=68628015-2ccc-cbc7-31b9-0e76c3415474> to the program site to get the latest information about upcoming events.
Microsoft Application Virtualization 4.5 Security Configuration Roles http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=11343497&s1=68628015-2ccc-cbc7-31b9-0e76c3415474
Learn about Microsoft Application Virtualization 4.5 Security Configuration Roles, which can be used to help protect and harden your Application Virtualization environment on Windows Server 2003 and 2008 by closing or disabling unnecessary ports and services reducing the overall attack surface.
Security Considerations with Forefront Edge Virtual Deployments http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=11343498&s1=68628015-2ccc-cbc7-31b9-0e76c3415474
This article provides specific guidelines for deploying Microsoft Internet Security and Acceleration (ISA) Server and Microsoft Forefront Threat Management Gateway within hardware virtualization.
How Do I: Get Started with Code Access Security? http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=11343499&s1=68628015-2ccc-cbc7-31b9-0e76c3415474
Watch this video to learn the basics of Code Access Security, the integrated security model in the Microsoft .NET Framework, particularly how Code Access Security works conceptually and how to implement it with a simple application.
How Do I: Learn More About Encryption? http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=11343500&s1=68628015-2ccc-cbc7-31b9-0e76c3415474
In this video, you can learn the basics behind encryption algorithms and practices used to create cryptographic schemes. Learn more about symmetric and asymmetric encryption algorithms, the SHA256 hash encryption algorithms, and how to implement in a simple application.
New Video on TechNet Edge: MSAT Interview http://co1piltwb.partners.extranet.microsoft.com/mcoeredir/mcoeredirect.aspx?linkId=11343501&s1=68628015-2ccc-cbc7-31b9-0e76c3415474
View this short Microsoft Silverlight video to see two experts from TwC discuss the Microsoft Security Assessment Tool (MSAT) and how it helps IT professionals solve a common security problem -- establishing a baseline for security in your enterprise and managing an action plan for resolution of security challenges.
Microsoft Forefront Security for SharePoint with Service Pack 2
Forefront Security for SharePoint with Service Pack 2 helps business protect their Microsoft Office SharePoint Server 2007 and Windows SharePoint Services 3.0 collaboration environments by eliminating documents containing malicious code, confidential information, and inappropriate content.
MSDN TV: Thinking About Security - Secure by Design, Secure by Default, Secure in Deployment and Communications
In this episode, Michael Howard outlines a simple, yet effective way of thinking about how to build secure applications using SD3+C.
MSDN TV: Matt's Top 10 Tips for Securely Testing
Matt Clapham outlines the top 10 tips testers should know to securely test applications.
Microsoft Forefront Server Security Management Console Trial Version
Forefront Server Security Management Console allows administrators to easily manage Forefront Security for Exchange Server, Forefront Security for SharePoint, and Microsoft Antigen.
Microsoft Forefront Server Security v11 Beta 2 Privacy Statement
Microsoft Forefront Codename "Stirling" Beta Privacy Statement
Improving Microsoft Dynamics CRM Performance and Securing Data with Microsoft SQL Server 2008
This paper provides an overview, benchmark results, and recommendations for implementing selected Microsoft SQL Server 2008 features that can improve the performance of Microsoft Dynamics CRM 4.0 and secure the CRM database.
Microsoft SQL Server 2008 Privacy Statement
Read the Privacy Statement document for Microsoft SQL Server 2008.
Planning Guide for Microsoft Advanced Group Policy Management
This guide provides administrators with an in-depth description of the processes, procedures, and decisions for planning the deployment of Microsoft Advanced Group Policy Management (AGPM) in a production environment.
Immunity, Inc. White Paper - A Bounds Check on the Microsoft Exploitability Index
A third-party evaluation on Microsoft's Exploitability Index
Domain Name System Security Extensions
This guide provides an overview of Domain Name System (DNS) Security Extensions (DNSSEC) and information about how to deploy DNSSEC on the Windows Server 2008 R2 and Windows 7 operating systems.
Microsoft Office Communications Server 2007 R2 Client Group Policy Documentation
This download package contains the Communicator.adm file and a Group Policies Spreadsheet that lists the Group Policy settings for Office Communications Server 2007 R2 clients.
Microsoft Online Services Sign In
Use this Sign In application to access Microsoft Online Services.
Microsoft Forefront Security for Exchange Server with Service Pack 1
Help protect your Exchange server from viruses and other malware.
Forefront Threat Management Gateway Beta 2
Microsoft Forefront Threat Management Gateway is a comprehensive secure Web gateway that helps protect your corporate assets and employees from Web threats. It also delivers easy-to-use, unified perimeter security to protect networks from attack.
Update for Windows Mail Junk E-mail Filter [February 2009] (KB905866)
Install this update for Windows Mail to revise the definition files that are used to detect e-mail messages that should be considered junk e-mail or that may contain phishing content.
Update for Windows Mail Junk E-mail Filter for x64-based Systems [February 2009] (KB905866)
February 2009 Security Release ISO Image
This DVD5 ISO image file contains the security updates for Windows released on Windows Update on February 10th, 2009.
Forefront Security for Office Communications Server 2007 Beta 3
Microsoft Forefront Security for Office Communications Server provides fast, effective protection against malware and out-of-policy content for instant messaging environments.
Microsoft® Windows® Malicious Software Removal Tool (KB890830) x64
This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month.
Microsoft® Windows® Malicious Software Removal Tool (KB890830)
Windows Live ID Sign-in Assistant 6.5 (Beta)
The Windows Live ID Sign-in Assistant 6.5 (Beta) installs the Windows Live ID online provider for Windows 7. This provider enables linking a Windows Live ID to a Windows 7 user account
Microsoft Dynamic IP Restrictions for IIS 7.0 - Beta (x86)
The Dynamic IP Restrictions Extension for IIS provides IT Professionals and Hosters a configurable module that helps mitigate or block Denial of Service Attacks or cracking of passwords through brute-force by temporarily blocking Internet Protocol (IP) addresses of HTTP clients.
Microsoft Dynamic IP Restrictions for IIS 7.0 - Beta (x64)
Identity Lifecycle Management (ILM) Datasheet
This offering uses Microsoft Identity Integration Server (MIIS) 2003 and best practices to simplify digital identity management and maintain data integrity.
Security, Identity, and Access Management Datasheet
This offering provides an end-to-end security solution that allows you to move toward a dynamic IT infrastructure while ensuring better security integration, manageability, and efficiency.
Security Compliance Management Toolkit Series
Monitor the Security Compliance State of Your IT Environment for Computers Running Windows
This toolkit series provides IT professionals with an end-to-end solution to help your organization plan, deploy, and monitor security baselines of Windows® operating systems and 2007 Microsoft® Office applications.
SDL Threat Modeling Tool 3.1
Defense in Depth: Securing Windows Server 2003 Datasheet
This is Microsoft Services Defense in Depth: Securing Windows Server 2003 datasheet
Creating a Systemized Approach to Regulatory Compliance at Microsoft
Detailed discussion of some of the processes and tools that the Microsoft Information Technology (Microsoft IT) group currently uses to systemize the approach of supporting regulatory compliance activities at Microsoft.
Visit TechNet Spotlight: www.microsoft.com/technetspotlight
Video on Demand, Video Downloads, PowerPoint Presentations, Audio and more
Microsoft Security Webcast Series: Upcoming and On-Demand
Security Webcast Calendar http://go.microsoft.com/fwlink/?LinkId=37910
Find security webcasts listed in an easy-to-use calendar format.
Upcoming Security Webcasts
Register for the following Webcasts on the link above
TechNet Webcast: Information About Microsoft March Security Bulletins (Level 200)
Wednesday, March 11, 2009 11:00 A.M.-12:30 P.M. Pacific Time
IT Manager Webcast: How Microsoft Does IT: Rapid Deployment of Applications on the Microsoft Extranet (Level 200)
Thursday, March 12, 2009 11:00 A.M.-12:00 P.M. Pacific Time
On-Demand Security Webcasts
Microsoft Internet Security and Acceleration Server
FIX: An incorrect result is returned when you test a Web publishing rule by using the Traffic Simulator feature in ISA Server 2006 with Service Pack 1
FIX: The IP address is reversed in a diagnostic log event when you use the Traffic Simulator feature to test a Web publishing rule in ISA Server 2006 with Service Pack 1
FIX: The access rule for a URL set does not work as expected in ISA Server 2006 with Service Pack 1 if the URL set contains adjacent IP addresses as the hosts
Description of the ISA Server 2006 hotfix package: July 15, 2008
The log query returns no results in the Japanese version of ISA Server 2006 Management Console when the logging filter contains a string parameter and the logging is not live
SMTP traffic between an Edge Transport server and an internal Hub Transport server is blocked if the Hub server is published by using ISA Server 2006 and if SMTP filtering is enabled
Microsoft Intelligent Application Gateway 2007
Endpoint detection fails when a client computer connects to IAG