This week Microsoft released a major update of Forefront TMG 2010 and many TMG Admins are very excited with the new features that were announced in the Forefront TMG team blog, such as the support for Kerberos authentication in an array scenario, the improved error pages and the new site activity report. These are already three reasons to apply SP2 on your TMG, but instead of only adding two other features I’m going to give you five more reasons to apply this update. Here are those:
1. Forefront TMG 2010 SP2 makes TMG startup operation ten times faster.
2. Do you remember KB2498831? No need to run that script anymore, with TMG 2010 SP2 a new option was added in the screen to allow you to do that as shown below:
3. Performance improved for cloud migration.
4. Improvement in the E-Mail Protection feature
5. Account lockout enhancements for FBA.
That’s it…go grab TMG 2010 SP2 and remember: in order to apply TMG 2010 SP2 you need TMG 2010 SP1 + Update 1.
If you are following my blog for a long time you probably read the post TMG E-Mail Protection Feature x Exchange 2010 SP1 (first published more than an year ago) when we were dealing with a major E-Mail protection issue on TMG. Due the nature of the integration between Forefront TMG and E-Mail Protection feature (Forefront for Exchange and Exchange Edge) I also wrote this presentation to assist you while troubleshooting this feature.
The good news is that Forefront TMG 2010 SP2 brings to you the following fixes that will alleviate lots of the issues that were present in the past with this integration:
Go get SP2 and enjoy it!!
One of the presentations that I delivered this year at TechED Brazil was about On-Premise Security while Migrating to the Cloud. There are many reasons to migrate to the cloud and during this presentation I emphasized the three core elements below:
While those core elements sounds very good, we must also be alert for the new challenges that comes with this adoption, such as:
New Threat Landscape
The presentation was really focus on the second bullet (on-premise security). Some of the reasons why this is still an important point to address include:
The misconception that the migration to the cloud means offloading your security to the cloud provider is just plain wrong. You need to be diligent because at the end of the day it is your data that could get compromise if you relax the on-premise security. You should adopt a defense in depth approach. All the elements from the endpoint to the cloud must be secure, not only the hosts, but the path and the remote clients. Here is a typical example of how this will look like:
There are five key elements in this diagram
In summary the path to the cloud requires a lot of planning to make sure that your users can have a seamless experience while you keep your data secure.
I want to give you a quick update in a new blog that our friends from the TechNet Wiki put out there. A lot of IT PROs (and DEVs) out there still don’t know the full potential of the TechNet Wiki and I think this blog will clarify a lot of that. So, start reading the post below:
Once you finish that, take a look on the interview that I gave to the WikiNinja Ed Price and understand why I think this platform rocks:
…and if you still having questions about how to contribute, watch the interview that I gave to David Tesar last March.
Enjoy the TechNet Wiki!
Last week I was in Brazil and I had a chance to participate in the biggest Microsoft event in Latin America, TechED Brazil. One of the sessions that I delivered there was SIA301 (more info in Portuguese in this post), where I co-presented with Alberto Oliveira, a Microsoft Forefront MVP.
We divided the session in two main parts, first we talked about the current security landscape and some major security threats. In the second part we talked about Windows Security. One of the things that we covered in the Windows Security part was the Threats and Countermeasure Guide. The team that I work for at Microsoft is responsible to maintain this content available here. I also want to use this opportunity to bring awareness that our team is reviewing this content and you have a chance to give feedback about it, please read this post and make sure to participate on that.
During this presentation we talked about the fact that SPAM is still a big threat, mainly because of the social engineering behind many phishing e-mails. One of the videos that we showed in this presentation which is related to this subject was the recent case that Microsoft took down the Rustock botnet. You can watch the video below:
Another subject that we covered was the importance of thinking of security right in the beginning of the project, when you are writing the code for your application. For that we presented the SDL concept and demonstrated the SDL Threat Modeling Tool. In this video you can see a demo about this tool and also how to use it.
Throughout the next few days I will be posting more about TechED Brazil and the content that I delivered there. Stay tune!
Consider a scenario where a client migrated from on-premise Exchange to Exchange Online and after this migration the users are experiencing issues while sending e-mail. During high peak times Outlook clients can’t send e-mails. Messages are getting stuck in the Outbox . When this issue was happening the event 31212 also was showing up on TMG:
One important point here to add is that when this issue was happening users were able to browse HTTP sites, but not HTTPS.
For this scenario we most likely will need:
When analyzing data of this nature you need to add to perfmon the core OS subsystems (memory, network, processor and disk), as well as the core Forefront TMG components. The diagram below shows an interesting trend where the Memory Pool for SSL Requests (black line in the diagram below) starts to decrease, it increases again to 100% and suddenly drops to zero.
This is exactly the time that users start to experience issues with Outlook getting messages stuck in the Outbox.
This problem happens because TMG was running out of memory pool for SSL requests. In order to fix that you need to change the registry key ProxyVmvmAlloc1pSize to a higher value (default is 1024). You can follow the guidelines from KB842438 (also applies to TMG) in order to adjust this value or you can install Forefront TMG 2010 SP2 (just released) that changes this value to 4096. For this particular case we noticed that after changing this value to 4096 the users didn’t experience this problem anymore and the server’s perfmon start looking way better even under heavy load, as shown below:
There are a couple of key takeaways regarding this scenario that I want to call out:
Planning is definitely the key for a success migration, but in order to have a good planning you really need to know your own environment, your traffic profile and your plan to grow. In order to reduce the impact during the cloud migration you should be able to determine that and perform a migration in different waves (not all users nor all applications at the same time).
Long time ago I wrote this post about how IAG 2007 Can Mitigate Against SQL Injection Attacks, this post was also presented during TechED Brazil 2008, where I showed live this demo. Today I’m here to challenge you, here it is the deal:
The first one that write this article, post it on the TechNet Wiki and send me a message via Twitter saying: @yuridiogenes, here it goes the UAG and SQL Injection article [link_to_the_article_at_TNWIKI] #TNWIKI , will receive by mail a signed copy of the UAG Deployment Guide book.
Make sure to:
Are you in?
Remember, I will give the book to the first person that tweet me the phrase that I previously mention. There is no timeline for that, first one will get it…so run and do it!
This week was all about the new SIR 2011 version, lots of buzz about Microsoft findings and interesting perspective on that. I use the SIR report findings in many situations, recently when I was presenting at TechEd Brazil I had at least two slides where the content came from SIR Report 2010. The graphic below shows a summary of how SIR report gather data to produce this great piece of content.
If you didn’t download the report yet, go ahead and do it now using one of the following versions:
Security Intelligence Report v11 (Full Report)
Key findings summary in different languages
Also take some time to watch the video below about the new SIR Report and some of the findings: