Browse by Tags
All Tags »
Security (RSS)
The Solution Accelerators team is at it again, releasing the IT Infrastructure Threat Modeling Guide , which provides an easy-to-understand method for developing threat models that can help prioritize investments in IT infrastructure security. This guide
Read More...
If you have been tasked with securing SharePoint, there are a lot of considerations to take into account. How do users authenticate? Does part of your farm live in an extranet or DMZ? How do you secure user-to-server communications? How do
Read More...
On Friday, I blogged about “ Project Sundance ”, which is an upcoming release from the Solution Accelerators team that combines the Vista/XP/2003/2008/Office security guides with the Configuration Manager Desired Configuration Management (DCM) packs for
Read More...
If you are in charge of maintaining the security baseline at your company, you know that there are two key problems you face. First of all, there are a LOT of security settings to tweak within Windows. The services you harden and lock down
Read More...
On a nuclear submarine, it takes two keys to initiate the launch of a nuclear missile (if movies like Hunt for the Red October are to be believed). At Microsoft, it looks like we use THREE cards to allow access to our Public Key Infrastructure.
Read More...
In my Inbox today from (ISC)2 : Congratulations! It gives me great pleasure to be the first to address you with the Certified Information Systems Security Professional (CISSP®) designation! Based upon your examination results, a review of your application
Read More...
It looks like the Threats and Countermeasures guide has been updated for Windows Vista. This guide is a reference to security settings that provide countermeasures for specific threats against current versions of the Windows® operating systems. This guide
Read More...
Below are screenshots from IE8, Safari, and Firefox 3 when visiting a phishing website that hit my email this morning. (Firefox didn't yet have the bad URL in their blacklist, so I waited until they did to take a screenshot). Does your web browser pass
Read More...
In case you are curious what it is like to be in charge of Security for IT at Microsoft, you get to deal with an environment where there are: Approximately 100,000 intrusion attempts each month. Approximately 1 million infected or malicious e-mail messages
Read More...
I see over on Matt's blog that MBSA 2.1 has been released, with the following new features: Windows Vista and Windows Server 2008 compatibility New revised user interface 64-bit support Improved Windows Embedded support Compatibility with Microsoft Update,
Read More...
Just a random bit of knowledge to share here :) If you open the Advanced Attributes of a folder (right-click on it, choose properties, then click Advanced...), you have the option at the bottom of the window to either compress the contents to save disk
Read More...
One of the best parts of working at Microsoft is the amazing discussions and debates that take place on our internal Discussion Lists. A few months ago, the greatest security minds at Microsoft were undergoing a hot and heavy debate on Security by Obscurity
Read More...
Because why wouldn't you? Best Practice Guide for Securing Windows Server Active Directory Installations Best Practice Guide for Securing Active Directory Installations and Day-to-Day Operations: Part 1 Best Practice Guide for Securing Active Directory
Read More...
Not sure how I missed this, but the Windows Server 2008 Security Guide has been released! It is available online here , and for download here . As an IT professional focused on security, you know firsthand how essential your servers are to keeping your
Read More...
GREAT post by Michael Howard over on the SDL blog about the hyperbole that usually crops up on <cough>/.</cough> whenever Jeff Jones posts his vulnerability analysis report. "This is FUD" "Yeah, but it's not an apples to apples comparison"
Read More...
