Thursday, January 15, 2009

Microsoft Security Newsletter - Volume 6, Issue 1

Microsoft Security Newsletter
Welcome to the Microsoft Security Newsletter - a monthly newsletter for IT professionals and developers bringing security news, guidance, updates, and community resources direct to your inbox. To view an online version of this newsletter, please click here. If you would like to receive less technical security news, guidance and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter.
Featured Article
Microsoft Office Groove 2007 and Office SharePoint Server 2007 both provide powerful collaboration capabilities. Compare them with one another, and find out how you can integrate them to provide an easy, flexible, and secure collaboration solution that will support users at different locations.

Top Stories
Need an integrated identity management solution with powerful self-service capabilities for Office users, rich administrative tools and enhanced automation for IT professionals, and .NET and Windows Server–based extensibility for developers? Microsoft Identity Lifecycle Manager (ILM) "2" delivers unique workflow-driven solutions to manage user accounts, passwords, groups, and distribution lists as well as certificate-based credentials such as smart cards, using identity-based policies that can span across Windows and heterogeneous environments.
Microsoft Intelligent Application Gateway (IAG) 2007 with Application Optimizers provides secure socket layer (SSL) virtual private network (VPN), a Web application firewall, and endpoint security management that enable access control, authorization, and content inspection for a variety of line-of-business applications. Download the trial virtual machine and you'll automatically be registered to receive valuable resources delivered at strategic intervals throughout the software evaluation period. Please be advised—this virtual machine will expire on May 15, 2009.

Security Guidance
This article outlines how to use IPv6, IPsec, NAP, and group policy to build a replacement for "clunky" VPN gateways and provides a brief rundown of the parts you'd configure on managed clients to achieve this.
Learn how Office Groove 2007 can aid IT professionals with improving security and operational effectiveness at a very low cost. Topics include auditing capabilities, implementing securities, handling data, and identity securities.
Apply a methodical approach to building security into your solution design for Office SharePoint Server 2007. This topic explains practical configurations for specific server roles, offering guidance for each server role including recommended security settings for the network, the operating system, and the applications that are installed.
Get the guidance you need to help you plan security for internal departments, internal IT-hosted environments, external secure collaboration environments, and external anonymous access environments. These articles provide design checklists (including topology and logical architecture), security hardening recommendations for server roles, and security configurations for Office SharePoint Server 2007 features.
In the first part of a two-part series on the standard procedures and tools for maintaining SharePoint security accounts, Pav Cherny explores the architectural details and the complicated process of accomplishing password changes.
Support for interforest collaboration might become necessary for a variety of reasons including organizational mergers and acquisitions, collaboration between isolated forests within an organization, and shared applications that are accessed from an application forest. Collaboration between domains in different forests can range from simply sharing e-mail to providing access to data and resources. This article presents best practices for establishing more secure collaboration with other forests with Active Directory and Windows Server 2003.
Troubleshooting enforcement behaviors in the Network Access Protection platform can be challenging. Learn how NAP health policy evaluation works and how you can troubleshoot the most common issues.

This Month's Security Bulletins
Critical:

Community / MVP Update
Security MVP of the Month: Dana Epp  
Security MVP of the Month: Dana Epp
Dana Epp researches software security and focuses on strong authentication and identity assurance solutions at Scorpion Software Corp. As a computer security software architect, Dana has spent the last 15 years focusing on software development with a particular emphasis on security engineering. He has brought to market various computer security products including secure operating systems, firewalls, VPNs, authentication devices, and intrusion prevention systems (IPS). His latest research has been on identity and access control for Windows environments, focusing on strong authentication for small and midsized business. He is the author of the popular security blog "Dana Epp's Rambling at the Sanctuary."

MVP Article of the Month: Safeguarding Remote Access in a Connected World
By Dana Epp, Microsoft MVP, Enterprise Security and Developer Security
Enhanced productivity through remote access provides many benefits to a business, but it also creates exposure to new risks. In this article, Dana Epp provides tips and tricks that may help you mitigate these risks by weighing each risk and applying the appropriate technical safeguards to reduce risks to an acceptable level.

Microsoft Product Lifecycle Information
Find information about your particular products on the Microsoft Product Support Lifecycle Web site.
See a List of Supported Service Packs: Microsoft provides free software updates for security and nonsecurity issues for all supported service packs.

Security Events and Training
Tech-Ed 2009 features 20 technical tracks that offer practical insights from Microsoft and industry experts. Learn how Microsoft Forefront products, identity-based access technologies, and Windows security solutions can help you respond more quickly to viruses and other security threats.
Learn how to help keep your security environment operational and effective even during a disaster. Use the resources in this learning path to help you lock down your infrastructure and harden security to prevent PC and desktop disruption.

Upcoming Security Webcasts
Monday, January 26, 8:00 AM Pacific Time
Please join us for an overview of solutions that enhance security, help set policies, and allows easy backup of Microsoft SharePoint Portal Server 2003 and Office SharePoint Server 2007. In this 100 to 200 level session, we will discuss various scenarios to enhance your SharePoint deployment.
Tuesday, February 3, 11:00 AM Pacific Time
Spend an hour with the Microsoft Intelligent Application Gateway (IAG) 2007 product management team as they walk through the updates in the new service pack release. Attend this webcast to learn about the IAG product and the changes in this important update.
Find out about upcoming security webcasts by using a dynamic, interactive format.
For IT Professionals
TechNet Webcast: Introducing Operations Manager 2007 R2 (Level 300)
Thursday, January 15, 10:00 AM Pacific Time
Sacha Dawes, Senior Technical Product Manager, Microsoft Corporation
TechNet Webcast: Failover Cluster Troubleshooting with Windows Server 2008 R2 (Level 300)
Thursday, January 29, 12:00 PM Pacific Time
Elden Christensen, Senior Program Manager Lead, Microsoft Corporation
TechNet Labcast: Desktop Deployment: Planning, Deploying, and Managing the 2007 Office System (Part 1 of 2) (Level 200)
Monday, February 2, 7:00 AM Central Time
Dennis Wakefield, Senior Technical Trainer, Entirenet, LLC.
TechNet Labcast: Desktop Deployment: Planning, Deploying, and Managing the 2007 Office System (Part 2 of 2) (Level 200)
Monday, February 2, 11:00 AM Central Time
Dennis Wakefield, Senior Technical Trainer, Entirenet, LLC.
TechNet Webcast: Information about Microsoft February Security Bulletins (Level 200)
Wednesday, February 11, 11:00 AM Pacific Time
Adrian Stone, Senior Security Program Manager Lead, Microsoft Corporation
For Developers
MSDN Webcast: SharePoint Products and Technologies for Internet Site Development: Site Customization with Silverlight 2.0 (Level 200)
Thursday, January 15, 11:00 AM Pacific Time
Sahil Malik, Founder and Principal, Winsmarts
MSDN Webcast: Web Performance Testing with Fiddler and neXpert (Level 200)
Friday, January 23, 12:00 PM Pacific Time
Eric Mattingly, Performance Engineer, Microsoft Corporation
Microsoft On-Demand Webcasts
TechNet Webcast: Secure Collaboration in an Interconnected World with Rights Management Services and Active Directory Federation Services (Level 200)
In this session, we look at how organizations can enable their users to collaborate securely with people in other companies by using Windows Server 2008 Rights Management Services (RMS) in conjunction with Active Directory Federation Services (ADFS). By applying access policies and user permissions directly to the information, you can be sure that any documents you protect will only be accessible by authorized users, whether inside or outside your organization. Join us to learn how to make your information more secure regardless of location -- even if it travels beyond your corporate boundaries.
TechNet Webcast: ISA Server 2006 in Under an Hour (Level 200)
Microsoft Internet Security and Acceleration (ISA) Server 2006 is an integrated network security solution that enables greater protection in key scenarios, such as branch office security, Internet access, and application publishing. In this session, we discuss these main scenarios, the product road map, and the key features and functionality of ISA Server 2006.

Security Newsletter
Volume 6, No. 1

January 2009
In This Issue:
Featured Article
Top Stories
Security Guidance
This Month's Security Bulletins
Community / MVP Update
Microsoft Product Lifecycle Information
Security Events and Training
Upcoming Security Webcasts
Security Program Guide
Security Awareness Materials
Guidance, samples, and templates for creating a security-awareness program in your organization.
Learn Security On the Job
Learning Paths for Security - Microsoft Training References and Resources
Upcoming Chats
NAP with NPS Open Forum
January 22, 1:00 PM Pacific Time
View a listing of upcoming technical chats
Free In-Person Events
TechNet Events
Security Blogs
Michael Howard RSS
Eric Lippert RSS
Eric Fitzgerald RSS
Steve Lamb RSS
MSRC Blog RSS
ACE Team RSS
Jeff Jones RSS
Windows Vista Security RSS
Solution Accelerators - Security & Compliance RSS
Kai Axford RSS
Security Vulnerability Research & Defense RSS
Steve Riley RSS
Security Development Lifecycle (SDL) RSS
Security Newsgroups
General Security issues/questions
Open with newsreader
Virus issues/questions
Open with newsreader
ISA Server
Open with newsreader
Windows 2000: Security
Open with newsreader
Window Vista: Security
Open with newsreader
SQL Server: Security
Open with newsreader
Windows Server: Security
Open with newsreader
Other Security Newsgroups
Community Web Sites
IT Pro Security Community
Security Newsgroups
Related Communities
Additional Security Resources
Security Help and Support for IT Professionals
TechNet Troubleshooting and Support Page
Microsoft Security Glossary
TechNet Security Center
MSDN Security Developer Center
Midsize Business Security Center
Sign-Up for the Microsoft Security Notification Service
Security Bulletin Search Page
Home Users: Protect Your PC
MCSE/MCSA: Security Certifications
Subscribe to TechNet
Register for TechNet Flash IT Newsletter
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Active Directory, Forefront, Groove, MSDN, SharePoint, Silverlight, Windows, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

To cancel your subscription to this newsletter, reply to this message with the word UNSUBSCRIBE in the Subject line. You can also unsubscribe at http://www.microsoft.com/info/unsubscribe.htm. You can manage all your Microsoft.com communication preferences at this site.

Legal Information.

This newsletter was sent by the Microsoft Corporation
One Microsoft Way
Redmond, Washington, USA
98052

Sign up for other newsletters | Unsubscribe | Update your profile
© 2009 Microsoft Corporation Terms of Use | Trademarks | Privacy Statement
Microsoft

Your cOmment"s Here! Hover Your cUrsOr to leave a cOmment.


Subscribe to: Post Comments (Atom)