Motivations, Risks and Rewards of the BYOD Trend Bring Your Own Device (BYOD) policies can easily backfire on businesses, unless closely monitored to maintain benefits for employees and the company. In this three-part blog series, TwC Director Jeff Jones takes a close look at the BYOD trend, the forces that are driving it, and the pros and cons of supporting BYOD within an IT organization.
Threat Modeling from the Front Lines Threat modelling is a systematic way to find design-level security and privacy weaknesses in a system. In this article, Principal Cybersecurity Architect Michael Howard summarizes the key lessons he has learned while building threat models.
Identity and Access Management: Access Is a Privilege Explore why privileged-access lifecycle management is a process and technology framework that can make your access controls more efficient and effective.
Microsoft Security Bulletin Summary for August, 2012
Security Bulletin Overview for August 2012
Microsoft Security Response Center (MSRC) Blog Post http://go.microsoft.com/?linkid=9683067
Windows Media Video (WMV) http://go.microsoft.com/?linkid=9683068
Windows Media Audio (WMA) http://go.microsoft.com/?linkid=9683069
iPod Video (MP4) http://go.microsoft.com/?linkid=9683070
MP3 Audio http://go.microsoft.com/?linkid=9683071
High Quality WMV (2.5 Mbps) http://go.microsoft.com/?linkid=9683072
Zune Video (WMV) http://go.microsoft.com/?linkid=9683073
Microsoft Product Lifecycle Information
Find information about your particular products on the Microsoft Product Lifecycle Web site http://go.microsoft.com/?linkid=9669804
See a List of Supported Service Packs http://go.microsoft.com/?linkid=9669805
Microsoft provides free software updates for security and nonsecurity issues for all supported service packs.
Follow the Microsoft Security Response team on Twitter http://go.microsoft.com/?linkid=9739346 @MSFTSecResponse for the latest information on the threat landscape
Forefront TMG and ISA Server
Forefront Security TechCenter
Please note that if you have feedback on documentation or wish to request new documents - email firstname.lastname@example.org
Forefront Threat Management Gateway 2010 homepage
Forefront TMG (ISA Server) Product Team Blog
The ISA Server Product Team Blog (http://blogs.technet.com/isablog/) is updated on a regular basis. Latest entries include:
Support Tip: Solving the mystery of frequent occurrences of ISA Event ID 14197
Support Tip: Troubleshooting WPAD and TMG/ISA
Support Tip: Adding an ISA Server 2004/2006 Replica Configuration Storage Server fails with Error Code 0x80072108
TMG services will not start and Event ID 21235 is logged
Support Tip: Site to site IPSEC tunnel Between TMG 2010 on VMware and Cisco
Getting error 12202 intermittently (Authentication Failure) while accessing published resources (SharePoint/Exchange) through TMG 2010
Troubleshooting "The operation failed 0x80000400 " while joining TMG server to an EMS Array
Troubleshooting why ISA server does not cache the response of a web server
FIX: The Forefront Threat Management Gateway Firewall service (Wspsrv.exe) may crash frequently for a published website secured by SSL after you install Service Pack 2
An enterprise node is incorrectly added in the Forefront TMG 2010 MMC after you run repair on Forefront TMG 2010 SP1 Update 1
Sent Items delayed when publishing Outlook Anywhere through TMG
Forefront Unified Access Gateway & Intelligent Application Gateway 2007
Forefront Unified Access Gateway 2010 Technical Resources
For comments, feedback, and requests, contact the Forefront UAG User Assistance team at email@example.com.
Forefront Unified Access Gateway Product Team Blog
The UAG Product Team Blog (http://blogs.technet.com/edgeaccessblog) is updated on a regular basis. Latest entries include:
Forefront Unified Access Gateway 2010 Service Pack 2 is available for download
Example XML\HTML code for UAG AppWrap process to provide a “Cover-up” page for Custom Form Login SSO.
KB: Browser returns error code 37 when accessing an Apache site via Unified Access Gateway using HTTP 1.0
Other TechNet Blogs
Supported security products for UAG endpoint detection.
UAG DA Clients do not connect to the Internal network and on UAG server we get a Getting "A client certificate was not provided" warning
Forefront Edge on the Wiki
The home of community-generated content about Microsoft technologies — that anyone can edit! Read the latest wiki articles about TMG and UAG.
TMG - http://social.technet.microsoft.com/wiki/contents/articles/tags/tmg/default.aspx.
UAG - http://social.technet.microsoft.com/wiki/contents/articles/tags/UAG/default.aspx
The latest entries include:
Forefront UAG: About Publishing Remote Desktop Services (RDS)
Forefront Unified Access Gateway (UAG) Service Pack 2
Forefront Unified Access Gateway (UAG) Service Pack Two (SP2) provides a number of new features, including support for more devices; AD FS 2.0 multi-namespace support; integration of Unified Access Gateway SP1 Update1 and Security Update for Unified Access Gateway 2010 Service Pack 1 Update 1.
For a full description of the Forefront UAG SP2 features, see What’s New in SP2.
Description of Forefront Unified Access Gateway 2010 Service Pack 2
Browser returns error code 37 when accessing an Apache site via Unified Access Gateway using HTTP 1.0
Security Tip of the Month: Social Engineering Advice for IT Professionals IT professionals are accustomed to thinking about the technical aspects of security. However, as the most recent edition of the Security Intelligence Report has shown, the human element—the techniques that attackers use to trick typical users into helping them—has become just as important for attackers as the technical element. This article outlines effective technical safeguards, programs, and processes you can implement to help defend against social engineering in your organization.
Infrastructure Planning and Design Guides for Security Streamline and clarify your security infrastructure design processes with concise planning guidance from IPD Guides for Security. Each guide addresses a unique security infrastructure technology or scenario, provides critical architectural decisions to be addressed, available options, as well as a means to validate design decisions to ensure that solutions meet requirements of both business and IT stakeholders.
Threat Modeling and Agile Development Practices Examine how to effectively perform threat modeling for projects that demand rapid development processes. Before we dive into the details on threat modeling, let's briefly review how threat modeling fits into the SDL.
The SDL and Threat Modeling Threat Modeling is a core element of the Microsoft Security Development Lifecycle (SDL). Able to plug in to any issue-tracking system, the SDL Threat Modeling Tool makes threat modeling easier for developers of all skill levels by providing guidance on creating and analyzing threat models. Download the tool and check out these tips to help you get started with the tool.
Using the BinScope Binary Analyzer The BinScope Binary Analyzer is a free Microsoft tool that can help both developers and IT professionals in auditing the security of applications that they are developing or deploying/managing. Learn how to configure and use BinScope to analyze an application within Visual Studio.
Conficker Clean Up Tips Even a conscientious IT department that follows responsible practices for quickly installing security updates, installing and monitoring antimalware and intrusion detection systems, and controlling access to file shares can still encounter outbreaks of a threat such as Conficker. Microsoft provides information to help IT administrators deal with Conficker infections at www.microsoft.com/conficker.This list provides additional tips that may help advanced users who possess a good understanding of computer security and Windows administration find computers that are infected with Conficker in order to minimize their attack surface.
Security Webcast Calendar http://go.microsoft.com/fwlink/?LinkId=37910
Find security webcasts listed in an easy-to-use calendar format.
Upcoming Security Webcasts
On-Demand Security Webcasts
Visit TechNet Spotlight: www.microsoft.com/technetspotlight
Video on Demand, Video Downloads, PowerPoint Presentations, Audio and more.