| Happy New Year! That may sound a bit premature (or extremely late, if you're a "glass-is-half-empty" person), but at Microsoft we begin our fiscal year every July. Each new year brings new challenges, and this year is no exception. My name is Kai Axford and I have spent the last nine years at Microsoft serving as a TechNet presenter and, more recently, as a Security Evangelist for the Microsoft Trustworthy Computing team. I've traveled the globe to speak with you and understand your pain points. I've been fortunate to have met many of you and consider you not just my customers but also my friends. I've also worked hard to champion your pains to our product teams. Because of this commitment, I have been asked to take on a new role this year, which will have as one of its many responsibilities the oversight of this very newsletter. If you've heard me speak at a conference, via webcast, or in a user group, you know that I'm a big fan of the phrase "So what?" Why should I care about this? What problem does this solve for me? How can this get me home in time for dinner with my family? So what does having a "security professional" as the editor of this newsletter bring to the table? It means that I'll focus on delivering content that is relevant to you and your job. It means that I'll be reviewing not only the articles submitted, but also the people submitting them to ensure that you receive security information that matters. It means we're going to roll up our sleeves and get into the details. I'll be honest; I'm probably going to ruffle a few feathers at Microsoft to do it. It also means I'd like to start covering some of the "soft topics" that relate to the industry—such as how do I get a job in the field of IT security, or how do I talk to my CFO about the business of security—that will help you professionally. We're always confident of our technical skills, but we sometimes struggle in these areas. Finally, I'm also going to ask you for some help. One thing I've learned over the years is that I'm never the smartest guy in the room. I know that many reading this are true subject matter experts in their field. I'm asking you to help make this newsletter valuable by submitting articles. I'm asking all of you for feedback and for ways to improve this product. We're certainly not a community of "shrinking violets." I know that everyone here has an idea on how to improve this newsletter, so let's hear it. Feel free to contact me through my blog at http://blogs.technet.com/kaiaxford or directly at kaiax@microsoft.com. I see this as your security newsletter. Let's work together in this new year to make it a valuable resource. Best regards, Kai Axford, CISSP, MCSE Sr. Security Strategist, Microsoft Trustworthy Computing
Top Stories | | The Microsoft Assessment and Planning (MAP) Toolkit is a powerful inventory, assessment, and reporting tool that can securely assess IT environments for various platform migrations and virtualization without the use of any software agents. When you use the MAP Toolkit to assess the security of your client infrastructure, you also receive a PC security assessment report, a security readiness report, and a security readiness proposal. | | | Meet the program manager behind the proactive, open-source security tool called !exploitable. It's the only tool of its kind that increases efficiency, reduces cost, and improves security by providing automated crash analysis and security risk assessment. !exploitable Crash Analyzer puts crash analysis that previously required the help of a security expert into a tool that every developer and tester can use. | | | Does your organization waste valuable resources on security issues? Meet your business-critical needs and elevate the security of Microsoft products with these new security baselines. The security baselines combine best-practice guidance and tools to help you plan, deploy, and monitor the security of Windows 7 and Internet Explorer 8.0. This Beta launches in mid-July 2009. Sign-up now to receive notification updates so that you will get the first look at this new release of security baselines for Windows 7 and Internet Explorer 8. Members, bookmark this link. | | | Make protecting your Exchange Server 2007 environments easier by downloading the latest release of Microsoft Forefront Security for Exchange Server. New features include visibility of all actively published engines, alerts and notifications about new engine availability, and rollup of software fixes. | | | Help better protect your Microsoft Office SharePoint Server 2007 and Windows SharePoint Services 3.0 collaboration environments from malware and inappropriate content by downloading the latest release of Microsoft Forefront Security for SharePoint. New features include visibility of all actively published engines, alerts and notifications about new engine availability, and rollup of software fixes. |
Security Guidance | | The Microsoft SDL – Developer Starter Kit offers 14 modules of content, labs, and training to help you establish a standardized approach to rolling out the Microsoft SDL in your organization, build a customized SDL training program for your development teams, or enrich your existing development practices. | | | Referred to as the SDL-LOB process for short, this mainstream approach to the SDL defines standards and best practices for securing the line-of-business applications that support your business. Get actionable guidance on requirements plus design, implementation, verification, and release processes. | | | The Microsoft SDL Process Template for Microsoft Visual Studio Team System is a downloadable template that directly integrates the Security Development Lifecycle v4.1 into your software development. It generates a detailed Final Security Review report that provides an up-to-the-minute overview of security issues, testing results, and status for all security requirements associated with a project. | | | The Microsoft SDL Process Template for Visual Studio Team System was created to ease adoption of the SDL by automatically integrating the policy, processes, and tools of SDL v4.1 into Visual Studio Team System 2008. In this video, learn how to install the SDL Process Template, and then see how to begin using the template in your next project. | | | Using end-to-end application scenarios, this guide shows you how to design and implement authentication and authorization in Windows Communication Foundation. You will learn how to improve the security of your Windows Communication Foundation services through prescriptive guidance including practices at a glance, guidelines, a Q&A, and step-by-step how-to articles. |
This Month's Security Bulletins Critical: Important:
Community / MVP Update | | Jesper Johansson, ISSAP, CISSP, and MSCE, is a well-known authority on information security in general and Windows security in particular. He is currently a principal software security architect, managing programs and projects related to application security, secure software development practices, and security training. He has delivered presentations on information security on five continents, has spoken at most major security events, and has written many articles on security. | | | In this first part of a two-part series, Jesper Johansson delves into the concept of identity—what defines an identity, who gets to control the information, and how do we ensure that it is properly secured? In part two, he covers additional principles that successful digital identity systems must meet. |
Microsoft Product Lifecycle Information
Security Events and Training | | Learn about the Core Infrastructure Optimization (Core IO) model, which can help you improve the current state of your IT infrastructure in terms of cost, security, and agility. | | | In this latest podcast, we focus on how Microsoft security and security management in a platform solution opens your business to new opportunities. If improving security is critical, but you believe security is tied to overwhelming administrative costs or have other security concerns, download the podcast to hear a thorough presentation on security as a business enabler. |
Upcoming Security Webcasts | | Upcoming security webcasts in a dynamic, interactive format. | For IT Professionals For Developers Now On Demand | • | Podcast: Closing the Network Backdoor — Using Forefront Threat Management Gateway Beta 2 to Create a Safe Web Experience As employees surf the Web, they can accidentally bring in malware or visit sites that are restricted by your corporate policy. Current security solutions may not be able to detect these issues as more and more Web applications encrypt themselves. In this podcast, we describe how Web 2.0 evolves the threat landscape from the network to the content and application layers, and we explain how the Microsoft Forefront Threat Management Gateway Beta 2 can help make sure Web traffic, whether encrypted or unencrypted, stays safe and in accordance to your Web usage policies. |
| |  | Volume 6, No. 7  July 2009 | | Additional Security Resources | | | © 2009 Microsoft Corporation. All rights reserved. Microsoft, BitLocker, Forefront, Internet Explorer, MSDN, SharePoint, Visual Studio, Windows, Windows Mobile, Windows Server, and Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. To cancel your subscription to this newsletter, reply to this message with the word UNSUBSCRIBE in the Subject line. You can also unsubscribe at http://www.microsoft.com/info/unsubscribe.htm. You can manage all your Microsoft.com communication preferences at this site. Legal Information. This newsletter was sent by the Microsoft Corporation One Microsoft Way Redmond, Washington, USA 98052 | | | | |
