Securing Your Infrastructure : Security

The 10 dumbest mistakes network managers make | Security Central - InfoWorld

chrisr — Wed, 08 Jul 2009 15:51:19 GMT

Verizon Business conducted a study on common mistakes made by network managers. Over the years I have seen a lot of these mistakes in both large and small companies

The 10 dumbest mistakes network managers make | Security Central - InfoWorld

Microsoft Forefront Server Security Blog : Introducing the Forefront Security for Exchange capacity planning tool

chrisr — Wed, 08 Jul 2009 15:44:11 GMT

The Forefront Security Development Team launched a new capacity planning tool. The Forefront Security for Exchange Server capacity planning tool helps you understand what hardware, architecture, and configuration settings will produce recommended system performance and message throughput results for comprehensive protection of your Exchange Servers. The tool is an Excel spreadsheet with built in workflow and can be used to help plan your Forefront Security for Exchange Server 10 SP1/SP2 deployment.

Microsoft Forefront Server Security Blog : Introducing the Forefront Security for Exchange capacity planning tool

Forefront Server for Exchange v2 features | Media | TechNet Edge

chrisr — Tue, 06 Jan 2009 22:28:52 GMT

Mike Chan, Product Manager for Forefront Server for Exchange (FSE), gives details around some of the new features in the next version of FSE and Stirling. This is a good video on the Forefront and EHF.

Forefront Server for Exchange v2 features | Media | TechNet Edge

Start Now

chrisr — Thu, 31 Jan 2008 22:04:00 GMT

In talking security to various organizations, I often find varying opinions and methods of securing the environment. One thing that does come across in a number of discussions is how security is veiwed. Often security is veiwed a necessary evil that IT people avoid or ignore in the deployment of IT systems. IT people outside the security organization often do not involve security because of the fear of security of stopping a project becasuse of security issue. This thinking is often brought on by the security organization themselves. The security organization views themselves as simply as a approving/disapproving organization. If project does not meet certain published or in some cases unplublished standards, the project is blocked and is sent back to the drawing table. This is a poor way of running security as it builds resistance between the groups and delays projects.

My view of security has always been one of as enabler which I developed in my years in the military. The "Start Now" title to my blog is how I feel security should be involved in a project. Security should be a core part of the project from inception and every team member needs to take responsibility for developing/deploying a secure system. By involving security from the start, the security team is better understand the project have input into the overall development rather than a simple barrier to pass. Systems deployed with this type of security involvement are much more secure by the simple fact the system is designed as a secure system and not "patched up" at the end to pass the security "test".

Now that you understand my view of security, my blogs will focus around how to securely build and deploy systems.