Welcome to the Microsoft Security Newsletter - a monthly newsletter for IT professionals and developers bringing security news, guidance, updates, and community resources direct to your inbox. To view an online version of this newsletter, please click here. If you would like to receive less technical security news, guidance and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter. Featured Article | | By Rajiv Arunkundram, Senior Product Manager, Windows Server
The introduction of Hyper-V makes virtualization an even more compelling solution for IT environments. Get an overview of today's virtualization market and see how Hyper-V improves the manageability, reliability, and security of virtualization. |
Top Stories | | In an article from an upcoming series in CIO Magazine, Jeff Jones from the Microsoft Trustworthy Computing (TwC) group addresses browser security and "the safest Web browser." | | | Microsoft Forefront Security for Office Communications Server provides fast and effective protection against IM-based malware by including multiple scanning engines from industry-leading security partners, and it helps reduce corporate liability by blocking IM messages containing inappropriate content. | | | Examine how Microsoft uses defense-in-depth at an organization level to ensure that there are many opportunities to detect and remove software vulnerabilities. You'll see how security responsibilities are assigned, from the individual developer to the global security team. | | | Security doesn't start with coding, it starts with secure design. In this article, you'll see how Microsoft uses threat modeling to ensure secure design and prevent vulnerabilities that could not be fixed with simple coding changes. | | | Antivirus and anti-malware protection is key to the security of your business desktops and laptops. Use the newly released Microsoft Assessment and Planning (MAP) Toolkit 3.2 to assess if they are vulnerable to viruses and malware. This free toolkit also helps you migrate to Windows Vista, the 2007 Microsoft Office system, Windows Server 2008, Windows Server 2008 Hyper-V, Microsoft Virtual Server 2005 R2, Microsoft SQL Server 2008, Microsoft Application Virtualization 4.5 (formerly SoftGrid), Microsoft Online Services, and Microsoft Forefront. |
Security Guidance | | Starting in November 2008, the Microsoft Malware Protection Center (MMPC) began detecting variants of the Conficker worm. Learn how to help protect your systems from Conficker -- and how to recover systems that have been infected by this worm -- which seeks to propagate itself through network-based attacks. | | | Securing the virtualization server involves all the measures you take to secure any Windows Server 2008 server role, plus a few extra to help secure the virtual machines, configuration files, and data. This month's tip offers best practices to improve the security of your virtualization servers configured with the Hyper-V role, many of which apply to other virtualization servers as well. | | | As with any new technology, there are plenty of myths out there about protecting virtual servers. This article addresses the top-three virtual security myths and offers a few observations for those considering the virtual route. | | | This security guide provides IT professionals like you with guidance, instructions, and recommendations to address your key security concerns about server virtualization: hardening Hyper-V, virtual machine management and delegation, and protecting virtual machines. The beta release is available now for your review through March 6. After joining the Beta review program, bookmark this link to the program site to get the latest information about upcoming events. | | | Learn about Microsoft Application Virtualization 4.5 Security Configuration Roles, which can be used to help protect and harden your Application Virtualization environment on Windows Server 2003 and 2008 by closing or disabling unnecessary ports and services reducing the overall attack surface. | | | This article provides specific guidelines for deploying Microsoft Internet Security and Acceleration (ISA) Server and Microsoft Forefront Threat Management Gateway within hardware virtualization. | | | Watch this video to learn the basics of Code Access Security, the integrated security model in the Microsoft .NET Framework, particularly how Code Access Security works conceptually and how to implement it with a simple application. | | | In this video, you can learn the basics behind encryption algorithms and practices used to create cryptographic schemes. Learn more about symmetric and asymmetric encryption algorithms, the SHA256 hash encryption algorithms, and how to implement in a simple application. | | | View this short Microsoft Silverlight video to see two experts from TwC discuss the Microsoft Security Assessment Tool (MSAT) and how it helps IT professionals solve a common security problem -- establishing a baseline for security in your enterprise and managing an action plan for resolution of security challenges. |
This Month's Security Bulletins Critical: Important:
Community / MVP Update | | Ronald Beekelaar, MCSE and MCT, is an independent consultant and trainer who specializes in Windows Server security and network infrastructure consultancy and training. He is also a well-known expert in virtual machine technology (VMware/Virtual PC/Virtual Server/Hyper-V). He has created many virtual machine-based hands-on labs for Microsoft Learning and for other groups within Microsoft, which are often used at Microsoft conferences, in Microsoft training engagements, in partner offerings, and online. | | | Want to use hardware more efficiently, securely, and cost-effectively? In this video, Microsoft Virtual Machine MVP Ronald Beekelaar covers how to manage virtual systems effectively, the challenges involved, and their role in implementing cost-effective IT solutions. |
Microsoft Product Lifecycle Information
Security Events and Training | | Browse the sessions in the Security, Identity, and Access track for sessions on "Getting Started with the Microsoft Forefront Code Name 'Stirling' Virtual Machines in Hyper-V," "Security Best Practices for Hyper-V and Server Virtualization," and much more. Register by February 27 and save $200. | | | Join this virtual lab to learn how to add security to the applications built with Microsoft Visual Studio by signing the messages that you create and by verifying the messages that you receive. You can also learn to use Microsoft Visual Studio Team Foundation Server to track bugs. | | | Join this virtual lab to learn how to create Signing Key Project in Visual Studio 2008 and sign XML with a Digital Signature. |
Upcoming Security Webcasts | | Tuesday, February 24, 1:00 PM Pacific Time
Uri Lichtenfeld, Product Manager, Microsoft Corporation | | | Thursday, February 26, 8:00 AM Pacific Time
Martin Pichardo, Technology Solution Professional, Microsoft Corporation | | | Friday, March 6, 8:00 AM Pacific Time
Security is of paramount concern for all organizations, and it is no different for a virtual solution. In this webcast, we look at the four main solutions from the previous webcasts and cover some best practices for ensuring that your virtual environment is secure. | | | Wednesday, March 11, 8:00 AM Pacific Time
The best overall virtualization solution for an organization could be a combination of all the products, technologies, and practices we have seen so far in this webcast series. This begs the question of management. With all these technologies, how will an IT department cope with enforcing company policy? In this webcast, we look at the management side of virtualization in more detail, covering how polices can be managed centrally. | | | Find out about upcoming security webcasts using a dynamic, interactive format. | For IT Professionals For Developers Microsoft On-Demand Webcasts | • | TechNet Webcast: Selecting the Right Candidates for Virtualization (Level 300) In this webcast, we look at the first steps for creating a virtual environment. Following up on the first webcast in the series, Virtualization in a Nutshell, where we discussed virtualization technologies, we now examine the specifics that you need to consider. Virtualization is an ideal solution to help reduce costs in an organization. However, virtualization is not just a case of taking an application or system and creating virtual environments on a single system. You need to consider compatibility, supportability, licensing, and -- above all -- the long-term benefits to the business. All these factors play key parts when considering virtualization, and we analyze what makes a good candidate for virtualization and what does not. We also cover the software and hardware requirements for the main types of virtualization. At the end of this webcast, the webcast series splits into more in-depth discussions about the different virtualization types as we follow four scenario companies through their virtualization efforts. |
|
