August 2007 - Technical Rollup Mail - Security
News
Microsoft Launches Malware Protection Center https://www.microsoft.com/security/portal/
Get the latest information about malware and potentially unwanted software on the Microsoft Malware Protection Center Portal. Browse the MMPC’s malware encyclopedia, download the latest virus/spyware definitions, submit malware samples, and find links to additional content.
Securing a Better Future for Electronic Medical Records https://www.microsoft.com/business/peopleready/business/relationships/insight/digitalrecords.mspx
For reasons both technical and cultural, the manila file folder has remained the platform of choice for caregivers and their patients -- until now. Learn the healthcare industry is taking advantage of plentiful wireless connections and sophisticated mobile technologies running smoothly on handheld devices. New security enhancements for those devices help ensure patient confidentiality and usher health records into the digital era.
A Powerful New Tool for Certificate Management https://www.microsoft.com/technet/technetmag/issues/2007/06/Certificate/default.aspx
Certificates are a key component in your infrastructure -- when one expires, productivity can come to a halt. If you rely on a Microsoft PKI environment, the new Identity Lifecycle Manager Certificate Management (ILM-CM) solution can help keep things running smoothly. Find out how this tool can help you improve authentication processes and reduce certificate management costs.
Microsoft Security Bulletin Summary for July, 2007
https://www.microsoft.com/technet/security/bulletin/ms07-jul.mspx
Search for previous security bulletins https://go.microsoft.com/?linkid=3992478
Security Bulletin Feed https://go.microsoft.com/?linkid=3992479 RSS https://go.microsoft.com/?linkid=3992480
Documents
Six Easy Pieces for Computer Security https://www.microsoft.com/technet/community/columns/sectip/st0707.mspx
By Mike Danseglio, Senior Group Program Manager, Security & Compliance Solution Accelerators, Microsoft Corporation
This article presents six easy steps that every company should take to enhance computer security in terms of getting the proverbial biggest bang for the security buck. Each suggestion is described in some detail with links to more in-depth treatments, templates, and tools.
Security Guidelines for Professional Services Firms https://www.microsoft.com/midsizebusiness/security/professionalservices.mspx
When it comes to security, professional services companies are hampered by tight IT budgets, an ever-increasing amount of content, and a lack of dedicated security personnel. Protecting data at services firms may require a melding of technology and services to get the job done. This article offers some guidelines to help midsize professional service firms.
Key Steps to Protecting a Financial Services Company https://www.microsoft.com/midsizebusiness/security/financialservices.mspx
Few organizations face more or greater security threats than financial services companies. Here are the first and most important steps every financial services business should take to safeguard its customers, protect its assets, and comply with regulations.
How to Evaluate Your Supply Chain's Security https://www.microsoft.com/midsizebusiness/businessvalue/supplychainsecurity.mspx
Is your IT network's security at risk from outside partners and suppliers? Learn how you can help protect your business.
Government Security Computer Checklist https://www.microsoft.com/industry/government/security/checklist.mspx
This checklist outlines the seven security matters that every government organization should address in attempting to protect its computer systems.
Government's Big Security Challenge: Keeping Data Private https://www.microsoft.com/midsizebusiness/security/government.mspx
The realm of government IT security is expanding into the realm of secure and reliable communications in times of citizen crisis. IT teams must guard against security failures that will erode public trust. This article outlines the key components that comprise the ever-growing task list of government IT teams and provides three areas those teams should focus on when it comes to security -- both now and in the future.
Security Guidance Center for Education https://www.microsoft.com/education/security.mspx
Get the prescriptive technical guidance, tools, training, and updates you need to plan and manage a security strategy that’s right for your school or university.
Inspect Your Gadget https://msdn2.microsoft.com/en-us/security/bb498012.aspx
Today, the Windows Vista Sidebar hosts Gadgets built from HTML, JavaScript, and potentially ActiveX controls. Because Gadgets are HTML, they are subject to Cross-site Scripting style bugs. These bugs are extremely serious because script in the Sidebar is capable of running arbitrary code in the context of the locally logged-on user. This article outlines some of the secure programming best practices that should be considered when building Windows Vista Sidebar Gadgets.
Downloads
Network Access Protection Policies in Windows Server 2008
A network administrator configures Network Access Protection (NAP) health policies and enforcement behavior on a computer running Microsoft® Windows Server® 2008 (now in beta testing) and the Network Policy Server (NPS) service. NAP health policies and enforcement behavior settings consist of connection request policies, network policies, health policies, and Network Access Protection settings, each of which play a role in determining the health state of a computer and limiting the access of noncompliant computers. This paper describes the different settings of NPS for NAP in the Beta 3 release of Windows Server 2008 and how the different settings are related to create a customized health determination and enforcement solution.
Introduction to Network Access Protection
Network Access Protection (NAP) is a platform that provides policy enforcement components to help ensure that computers connecting to or communicating on a network meet administrator-defined requirements for system health. NAP is supported by Microsoft® Windows Server® 2008 (now in beta testing), Windows Vista™, and Windows® XP Service Pack 3 (which includes the NAP Client for Windows XP, now in beta testing). Administrators can use a combination of policy validation and network access limitation components to control network access or communication. Administrators can also choose to limit the access of computers that do not meet requirements to a restricted network. The restricted network contains resources needed to update computers so that they meet the health requirements for unlimited network access and normal communication. NAP includes an application programming interface (API) for developers and vendors to create complete solutions for health state validation, limitation of network access or communication, and ongoing health compliance. This paper describes the scenarios for NAP, the components of NAP, and how NAP works for the different enforcement methods included with Windows Server 2008, Windows Vista, and Windows XP Service Pack 3.
Network Access Protection Platform Architecture
The Network Access Protection (NAP) platform is a policy enforcement technology that allows third-party software vendors and system integrators to create complete solutions for validating and enforcing system health requirements for network access or communication. NAP is supported by Microsoft® Windows Server® 2008 (now in beta testing), Windows Vista™, and Windows® XP Service Pack 3 (which includes the NAP Client for Windows XP, now in beta testing). This white paper describes the architecture of the NAP platform and the details of how NAP works for enforcement methods that are provided with Windows Server 2008, Windows Vista, and Windows XP Service Pack 3.
Internet Protocol Security Enforcement in the Network Access Protection Platform
Network Access Protection (NAP) is a platform for Microsoft® Windows Server® 2008 (now in beta testing), Windows Vista™, and Windows® XP Service Pack 3 (which includes the NAP Client for Windows XP, now in beta testing), that provides policy enforcement components to help ensure that computers connecting to or communicating on a network meet administrator-defined requirements for system health. Internet Protocol security (IPsec) is a set of Internet Engineering Task Force (IETF) standards that provides cryptographic protection for IP-based traffic. This document provides an overview of the Network Access Protection platform and IPsec and how IPsec enforcement in the Network Access Protection platform works to provide system health policy enforcement for IPsec-protected communication.
Windows BitLocker Drive Encryption Design and Deployment Guides
The Windows BitLocker Design and Deployment guides describe the various aspects of planning for deploying Windows BitLocker Drive Encryption for Windows Vista® Enterprise and Windows Vista® Ultimate computers in an enterprise environment. The document is organized in two guides, and you should carefully consider each guide before you deploy BitLocker Drive Encryption.
Windows BitLocker Drive Encryption Design Guide
This guide provides a systematic approach when planning for BitLocker deployment and highlights the main decision points. This guide is intended for use by an infrastructure specialist or system architect. It assumes that you have a good understanding of how BitLocker and TPM work on a functional level.
Windows BitLocker Drive Encryption Deployment Guide
This guide provides detailed instructions on how to prepare Windows Vista images for BitLocker and how to deploy BitLocker in an enterprise environment. This guide is intended for use by a deployment specialist or deployment team. It assumes that you have a good understanding of how automated Windows deployment, Active Directory Domain Services (AD DS) schema extension, and Group Policy works.
About BitLocker
BitLocker is a data protection feature available in Windows Vista® Enterprise and Windows Vista® Ultimate for client computers, and in Windows Server® 2008. BitLocker addresses the threats of data theft and of exposure from lost, stolen, or inappropriately decommissioned personal computers by providing a closely integrated solution in Windows Vista.
Data on a lost or stolen computer is vulnerable to unauthorized access, either by running a software attack tool against it or by transferring the computer’s hard disk to a different computer. BitLocker helps mitigate unauthorized data access by enhancing Windows Vista file and system protections. BitLocker also helps render data inaccessible when BitLocker-protected computers are decommissioned or recycled.
Microsoft Forefront Client Security Installation Tool
This tool is used to upgrade an evaluation version of Microsoft® Forefront™ Client Security to a full retail version of Microsoft® Forefront™ Client Security.
Events/WebCasts
Microsoft Security Webcast Series: Upcoming and On-Demand
Security Webcast Calendar https://go.microsoft.com/fwlink/?LinkId=37910
Find security webcasts listed in an easy-to-use calendar format.
Security Program Guide
Learn Security On the Job https://go.microsoft.com/?linkid=4526354
Learning Paths for security - Microsoft training references and resources https://go.microsoft.com/?linkid=4526355
Upcoming Security Webcasts
Microsoft Webcast: Windows Server 2008 Security Enhancements (Level 200) https://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032345405&EventCategory=4&culture=en-US&CountryCode=US
Thursday, August 9, 11:00 A.M. Pacific Time
Ward Ralston, Senior Technical Product Manager, Microsoft Corporation
•TechNet Webcast: Windows Server 2008 Technical Overview (Part 2 of 2) (Level 200) https://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032345407&EventCategory=4&culture=en-US&CountryCode=US
Friday, August 10, 11:30 A.M. Pacific Time
Michael Murphy, IT Pro Evangelist, Microsoft Corporation
•TechNet Webcast: Group Policy in Windows Vista (Level 200) https://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032345446&EventCategory=4&culture=en-US&CountryCode=US
Monday, August 13, 9:30 A.M. Pacific Time
John Baker, IT Pro Evangelist, Microsoft Corporation
•TechNet Webcast: Painless Data Protection (Level 200) https://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032345409&EventCategory=4&culture=en-US&CountryCode=US
Monday, August 13, 1:00 P.M. Pacific Time
Bryan Von Axelson, IT Pro Evangelist, Microsoft Corporation
•TechNet Webcast: Information About Microsoft August Security Bulletins (Level 200) https://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032344688&EventCategory=4&culture=en-US&CountryCode=US
Wednesday, August 15, 11:00 A.M. Pacific Time
Christopher Budd, Security Program Manager, Microsoft Corporation, and Mike Reavey, Group Manager MSRC, Microsoft Corporation
For Developers
•
Explore Web Development with ASP.NET 2.0 https://www.microsoft.com/events/series/msdnwebdev.aspx?tab=webcasts
Various dates in July and on-demand
Tune in and learn about the improvements in Microsoft ASP.NET 2.0 and see how you can use ASP.NET 2.0 to create faster, more secure Web applications with fewer lines of code.
Microsoft On-Demand Webcasts
•
Microsoft Webcast: Optimize Your Identity and Access Management Infrastructure https://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en-US&EventID=1032308881&CountryCode=US
Due to security issues, privacy concerns, and regulatory compliance, identity and access management projects have become one of the top IT priorities in organizations across all industries. Join this webcast as we explain conceptual identity and access management projects and solutions in the context of an IT infrastructure optimization model that would allow your organization to plan and deploy these solutions in a phased manner. We also evaluate Microsoft and partner identity and access management solutions against the same framework.
Comments
- Anonymous
January 01, 2003
PingBack from http://usher.wpbloggers.com/?p=356