Welcome to the Microsoft Security Newsletter - a monthly newsletter for IT professionals and developers bringing security news, guidance, updates, and community resources direct to your inbox. To view an online version of this newsletter, please click here. If you would like to receive less technical security news, guidance and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter. Want to receive more frequent updates on news and featured resources? Subscribe to the Featured Security and Privacy Content RSS feed. Have an idea for a future article, or looking for guidance around a specific topic that you have not seen in this newsletter (or on TechNet or MSDN)? E-mail secaware@microsoft.com. Security Viewpoint | | By John Steer, Security Architect, Microsoft Application Consulting & Engineering (ACE) Team
Security is a foundational component that needs to be integrated from the ground up in the development lifecycle. This article provides insight into impersonation and access control lists (ACLs) from a developer's perspective. |
Top Stories | | First provided in Visual Studio .NET 2002, the Visual C++ compiler's GS switch, which is on by default, is one of the built-in defenses designed to mitigate the buffer overrun attacks. Learn what Microsoft's VC++ compiler team is proactively working on to refine and enhance the abilities of the GS switch. | | | Join Scott Charney, Corporate Vice President of Microsoft's Trustworthy Computing Group, as he discusses the trusted Internet experience of the future and the need for technological innovation, global public policy, and societal shifts around the issues of privacy and security. | | | Watch this quick video to learn about features and improvements in the Windows 7 Release Candidate (RC) in areas like performance, networking, security, and PC management—then download the Release Candidate and take a test drive. | | | By delivering simplified management and providing critical visibility into threats, vulnerabilities, and configuration risks, Forefront codename "Stirling" helps you protect your business with greater confidence and efficiency. |
Security Guidance | | Download the Microsoft Assessment and Planning (MAP) Toolkit, and assess your PCs' virus and spyware vulnerability, and readiness for implementing Forefront Client Security. | | | With the introduction of transparent data encryption (TDE) in SQL Server 2008, users now have the choice between cell-level encryption as in SQL Server 2005, full database-level encryption by using TDE, or the file-level encryption options provided by Windows. This white paper compares TDE with these other encryption methods for application developers and database administrators. | | | SQL Server includes a variety of precise, configurable security features. These features empower administrators to implement defense-in-depth that is optimized for the specific security risks of their environment. Get up to speed on security for the SQL Server Database Engine. | | | Policy-Based Management is a system for managing one or more instances of SQL Server 2008. Learn monitoring and enforcement best practices and policy-based management scenarios, then get a tutorial on administering servers using Policy-Based Management. | | | Learn how to install and configure Forefront Security for Exchange Server using Windows PowerShell, fight spam with connection and content filtering, and configure multiple scanning engines and scanning policies. | | | Get the necessary information and resources that you need before you start the installation and configuration of ISA Server 2006. With this information, your deployment of ISA Server 2006 will be more efficient. The information in this document focuses on a few of the many features in ISA Server 2006, to enable you to quickly prepare for deployment. |
This Month's Security Bulletins Critical:
Community / MVP Update | | Susan Bradley is a Certified Public Accountant (CPA) with CITP, MCP, and GSEC technical certifications. She has been a Small Business Server (SBS) owner since the 4.0 days and supports public SBS newsgroups as a contributor to the Center for Internet Security and a member of the Computer Security Institute. |
Microsoft Product Lifecycle Information
Security Events and Training MSDN Virtual Lab Series: Microsoft SDL - Developer Starter Kit | | Learn how to operate the desired configuration management (DCM) feature in Microsoft System Center Configuration Manager 2007 Service Pack 1 (SP1) for security baseline compliance monitoring. | | | Examine the reporting capabilities of the desired configuration management (DCM) feature in Microsoft System Center Configuration Manager 2007 Service Pack 1 (SP1), which includes a reporting feature that allows IT specialists either to use built-in reports or customize reports to meet their needs. |
Upcoming Security Webcasts | | Thursday, June 4, 1:00 PM Pacific Time
Heath Madison, Director of Management and Security, Advaiya, Inc., and Eric Zinn, Enterprise Solutions Specialist, Advaiya, Inc. | | | Upcoming security webcasts in a dynamic, interactive format. | For IT Professionals | • | | | • | | | • | | | • | | | • | | | • | | | • | | | • | | | • | | | • | | | • | | | • | | | • | | | • | | For Developers Microsoft On-Demand Webcasts | • | TechNet Webcast: Security for Exchange and SharePoint - what's not in the box? (Level 200) Done implementing Microsoft Office SharePoint Server or Microsoft Exchange Server? There's more you can do! Spend an hour with us walking through the Identity and Security products and solutions that help make deployments more secure. We'll spend time discussing Microsoft Forefront Security, the Intelligent Application Gateway, Internet Security and Acceleration Server, Rights Management Services and Identity Lifecycle Manager. | | • | TechNet Webcast: Virtualization with Centralized, Policy-Based Management (Level 300) The best overall virtualization solution for an organization could be a combination of all the products, technologies, and practices we have seen so far in this webcast series. This begs the question of management. With all these technologies, how will an IT department cope with enforcing company policy? In this webcast, we look at the management side of virtualization in more detail, covering how polices can be managed centrally. |
|
