Welcome to the Microsoft Security Newsletter - a monthly newsletter for IT professionals and developers bringing security news, guidance, updates, and community resources direct to your inbox. To view an online version of this newsletter, please click here. If you would like to receive less technical security news, guidance and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter. Featured Article | | Microsoft Office Groove 2007 and Office SharePoint Server 2007 both provide powerful collaboration capabilities. Compare them with one another, and find out how you can integrate them to provide an easy, flexible, and secure collaboration solution that will support users at different locations. |
Top Stories | | Need an integrated identity management solution with powerful self-service capabilities for Office users, rich administrative tools and enhanced automation for IT professionals, and .NET and Windows Server–based extensibility for developers? Microsoft Identity Lifecycle Manager (ILM) "2" delivers unique workflow-driven solutions to manage user accounts, passwords, groups, and distribution lists as well as certificate-based credentials such as smart cards, using identity-based policies that can span across Windows and heterogeneous environments. | | | Microsoft Intelligent Application Gateway (IAG) 2007 with Application Optimizers provides secure socket layer (SSL) virtual private network (VPN), a Web application firewall, and endpoint security management that enable access control, authorization, and content inspection for a variety of line-of-business applications. Download the trial virtual machine and you'll automatically be registered to receive valuable resources delivered at strategic intervals throughout the software evaluation period. Please be advised—this virtual machine will expire on May 15, 2009. |
Security Guidance | | This article outlines how to use IPv6, IPsec, NAP, and group policy to build a replacement for "clunky" VPN gateways and provides a brief rundown of the parts you'd configure on managed clients to achieve this. | | | Learn how Office Groove 2007 can aid IT professionals with improving security and operational effectiveness at a very low cost. Topics include auditing capabilities, implementing securities, handling data, and identity securities. | | | Apply a methodical approach to building security into your solution design for Office SharePoint Server 2007. This topic explains practical configurations for specific server roles, offering guidance for each server role including recommended security settings for the network, the operating system, and the applications that are installed. | | | Get the guidance you need to help you plan security for internal departments, internal IT-hosted environments, external secure collaboration environments, and external anonymous access environments. These articles provide design checklists (including topology and logical architecture), security hardening recommendations for server roles, and security configurations for Office SharePoint Server 2007 features. | | | In the first part of a two-part series on the standard procedures and tools for maintaining SharePoint security accounts, Pav Cherny explores the architectural details and the complicated process of accomplishing password changes. | | | Support for interforest collaboration might become necessary for a variety of reasons including organizational mergers and acquisitions, collaboration between isolated forests within an organization, and shared applications that are accessed from an application forest. Collaboration between domains in different forests can range from simply sharing e-mail to providing access to data and resources. This article presents best practices for establishing more secure collaboration with other forests with Active Directory and Windows Server 2003. | | | Troubleshooting enforcement behaviors in the Network Access Protection platform can be challenging. Learn how NAP health policy evaluation works and how you can troubleshoot the most common issues. |
This Month's Security Bulletins Critical:
Community / MVP Update Security MVP of the Month: Dana Epp Dana Epp researches software security and focuses on strong authentication and identity assurance solutions at Scorpion Software Corp. As a computer security software architect, Dana has spent the last 15 years focusing on software development with a particular emphasis on security engineering. He has brought to market various computer security products including secure operating systems, firewalls, VPNs, authentication devices, and intrusion prevention systems (IPS). His latest research has been on identity and access control for Windows environments, focusing on strong authentication for small and midsized business. He is the author of the popular security blog " Dana Epp's Rambling at the Sanctuary." MVP Article of the Month: Safeguarding Remote Access in a Connected WorldBy Dana Epp, Microsoft MVP, Enterprise Security and Developer Security Enhanced productivity through remote access provides many benefits to a business, but it also creates exposure to new risks. In this article, Dana Epp provides tips and tricks that may help you mitigate these risks by weighing each risk and applying the appropriate technical safeguards to reduce risks to an acceptable level.
Microsoft Product Lifecycle Information
Security Events and Training | | Tech-Ed 2009 features 20 technical tracks that offer practical insights from Microsoft and industry experts. Learn how Microsoft Forefront products, identity-based access technologies, and Windows security solutions can help you respond more quickly to viruses and other security threats. | | | Learn how to help keep your security environment operational and effective even during a disaster. Use the resources in this learning path to help you lock down your infrastructure and harden security to prevent PC and desktop disruption. |
Upcoming Security Webcasts | | Monday, January 26, 8:00 AM Pacific Time
Please join us for an overview of solutions that enhance security, help set policies, and allows easy backup of Microsoft SharePoint Portal Server 2003 and Office SharePoint Server 2007. In this 100 to 200 level session, we will discuss various scenarios to enhance your SharePoint deployment. | | | Tuesday, February 3, 11:00 AM Pacific Time
Spend an hour with the Microsoft Intelligent Application Gateway (IAG) 2007 product management team as they walk through the updates in the new service pack release. Attend this webcast to learn about the IAG product and the changes in this important update. | | | Find out about upcoming security webcasts by using a dynamic, interactive format. | For IT Professionals For Developers Microsoft On-Demand Webcasts | • | TechNet Webcast: Secure Collaboration in an Interconnected World with Rights Management Services and Active Directory Federation Services (Level 200) In this session, we look at how organizations can enable their users to collaborate securely with people in other companies by using Windows Server 2008 Rights Management Services (RMS) in conjunction with Active Directory Federation Services (ADFS). By applying access policies and user permissions directly to the information, you can be sure that any documents you protect will only be accessible by authorized users, whether inside or outside your organization. Join us to learn how to make your information more secure regardless of location -- even if it travels beyond your corporate boundaries. | | • | TechNet Webcast: ISA Server 2006 in Under an Hour (Level 200) Microsoft Internet Security and Acceleration (ISA) Server 2006 is an integrated network security solution that enables greater protection in key scenarios, such as branch office security, Internet access, and application publishing. In this session, we discuss these main scenarios, the product road map, and the key features and functionality of ISA Server 2006. |
|
