Entries tagged with security - TechNet Edge

Forefront Stirling screencast and interview

extreme — Wed, 24 Sep 2008 06:59:00 GMT

Nic Sagez gives us a brief into to Stirling and then gives a screencast demo of a security compromise within an organization which has a Forefront Stirling infrastructure. The breakdown of the scenario is as follows:

User "Don" browses to a phishing site and installs a program
Hacker gains control of the client machine, disables Forefront Client Security (FCS) and User Account Control, sends a piece of malware using Don's email account
We (an administrator) access the main Stirling Console and view the Security Assessment summary report. We can see TMG detected the port scan and the automatic action and alert was taken.
We refresh the console again and see Stirling has reported the user has been compromised and another action happens automatically.
08:36 - We go back to the main console and then to the client to show how NAP remediated the client by turning back on FCS.
09:30 - We go back to the main console and see the security checks summary report and drill down into granular information about the client's vulnerability. Directly from the console, we are able to turn back on UAC.

After the scenario-relevant part of the screencast is complete, we also see:

11:19 - Create a security policy in the Stirling management console using things such as NAP, Internet Explorer, and Exchange.
15:25 - Bind this policy with target groups
15:53 - Show an enterprise security report generated by Stirling

Download the Beta software or VHDs
Learn more about Forefront Stirling

Internet Explorer 8 Beta 2 More Secure and Private Browsing

RaidDawg — Tue, 16 Sep 2008 03:41:00 GMT

In this screencast I talk about how IE 8 is more secure, how IE 8 provides many teachable moments in helping protect everyone while they browse. Overall IE 8 has increased security, privacy and control of your data and information through its improved SmartScreen®Filter (a next generation of phishing and malware detection), domain name highlighting and InPrivate™ Browsing. What makes IE 8 fantastic is that it balances security and privacy with functionality, especially with its enhanced deletion of browsing history. Lastly with IE 8’s cross site scripting filter (XSS), we are helping to provide a security solution in the browser from a vulnerability that is detected on the server which is raising IE 8’s security measures well beyond the traditional boundary of browser security.

To view the other parts:

Faster and Easier: Screencast: Faster and Easier IE 8
More Reliable and Standards based: Screencast: More Reliable and Interoperable

To full the full screencast, all 3 parts combined (about 45 minutes): IE 8 Full Screencast

To learn more more and to download Internet Explorer 8 please visit: www.microsoft.com/ie8

(Note: IE 8 is supported on Windows XP SP2/SP3, Server 2003 SP2, Server 2008, Vista RTM & Vista SP1.)

TechNet Radio: September 2008 Security Bulletins

erickingfrog — Tue, 09 Sep 2008 19:58:00 GMT

In this episode of TechNet Radio, we feature the September 2008 Security Bulletins. We also have our 'Tip of the Week' with Chris Avis, and we introduce a new monthly segment—The TechNet Webcast Series Calendar with Shomik Ghosh.

Screencast: Network Access Protection Part 2

jeffadude — Mon, 01 Sep 2008 01:20:00 GMT

Hello again,

In my previous post on Network Access Protection I showed you how to configure the server and get the switch going for 802.1x authentication. In this Screencast I'm going to look at what happens at the client end so you can see how to configure a Windows Vista client and then look at some of the events that get logged when a client moves in and out of health.

Enjoy!

Feature of the Week: URLScan 3.0 for IIS 7.0

Joey — Thu, 28 Aug 2008 07:01:00 GMT

Back in April there were reports that surfaced stating that web sites running on Internet Information Services (IIS) had been compromised by an automated attack that used vulnerabilities in web pages that did not follow security for best practices. These websites were taken advantage of via SQL injection attacks. While the only way to completely prevent SQL injection attacks is by following proper development best practices, URL Scan 3.0 is an updated IIS feature that will allow server administrators to help mitigate SQL injection attacks until the web application can be updated to protect against SQL injection. This post will provide more details on the latest version of this technology.

URL Scan 3.0

Who’s it for? IT Professionals and Website Administrators.

When does it ship? URL Scan 3.0 was released to the Web on 8/21/08 and can be downloaded from the following locations:

· 32 Bit: http://www.iis.net/go/1697

· 64 Bit: http://www.iis.net/go/1698

(Wow looking at those nice clean URL’s makes me want to post about another new IIS feature. I guess more on that later.)

What does it do? When installed and configured on a server running IIS 5.1 or higher, URLScan can scan incoming http requests and if the request contains content that is undesirable (like a SQL injection attack), that request can be rejected. By filtering these requests, URLScan helps prevent unwanted requests from potentially damaging the web application or even the web server.

How is URLScan different than the request filtering module that ships with IIS 7? The request filtering module does not have the ability to filter based on query strings like URLScan 3.0 does. Also you cannot specify rules applying to multiple parts of an HTTP request.

So didn’t URLScan exist before? Yes. URLScan 2.5 was originally released as part of the IIS Lockdown Tool and if you are using URLSCan 2.5, you can use your existing configuration file with URLScan 3.0 and everything will function fine. Plus you get the added URLScan 3.0 features!

What are the new URLScan 3.0 features? While the configuration format of URLScan 3.0 is the same as it’s predecessor, there are a number of new sections in the configuration to support the following new features:

· Deny rules can be independently applied to a query string, all headers, a particular header, a URL or a combination of the above.

· Configuration change notifications are propagated to the IIS worker processes so configuration changes don’t require worker process restarts.

· The global DENYQUERYSTRING section of the configuration file allows you to add deny rules for query strings and include an option to check the un-escaped version of the query string.

· The global ALWAYSALLOWEDQUERYSTRINGS section allows for the specification of safe query strings that will bypass all query string checks. (This feature was not in the previously released URLScan 3.0 beta).

· Descriptive configuration errors are now available in W3C formatted logging. This feature was also not available in the beta.

· Escape sequences like (%0A%0D) can now be used in deny rules allowing to deny CTRLF and other sequences involving non-printable characters.

How can URLScan be setup? URLScan can be setup up either as a global filter or a site level filter. A global filter is triggered for every HTTP request sent to the server. Site level filters are only invoked for HTTP requests sent to particular sites on a IIS server. Starting with URLScan 3.0 site filters can be used in conjunction with global filters.

Where can I get more information?

URLScan 3.0 FAQ

Using URLScan

Common URLScan Scenarios

Interview with Mark Russinovich: the future of Sysinternals, Security, Windows

extreme — Mon, 25 Aug 2008 20:35:00 GMT

I was able to get some time to chat with Mark Russinovich in his office and ask about the future of the sysinternals tools, security, and windows (beyond Windows 7). Here's how it breaks down:

What surprises Mark has had since he joined Microsoft
How much time he spends on Sysinternal tools and other things
02:53 - His interaction and stories with Bill Gates
06:16 - What the future of sysinteral / winternal tools looks like
- 08:21 - considerations for integration with Netmon 3
- 09:25 - Security monitoring (i.e. AD, WMI, other objects)
12:14 - A day where we don't have to go into so much depth to fix software/computer problems
17:06 - What the future of security holds
24:57 - Problems with behavioral based security mechanisms versus whitelisting / blacklisting
27:10 - With talks of things like Midori, do we need to scrap the entire Windows code base and start over?
- MinWin
- The limitations of Windows now and the future of Windows
34:03 - Should Microsoft make their own PC hardware?

If you decide to tune in for "Over the Edge" at 36:18, you'll find out about:

What he likes to do in his free time
What country he was born in
What languages he speaks
What books he reads and recommends
If he considers himself an IT Pro or Developer
Awards he's receieved
Famous Paintings

See other interviews with Mark done on Channel 9:
Mark Russinovich: From Winternals to Microsoft, On Windows Security, Windows CoreArch
Mark Russinovich: On Working at Microsoft, Windows Server 2008 Kernel, MinWin vs ServerCore, HyperV,

Screencast: Network Access Protection with 802.1x (Part 1)

jeffadude — Wed, 20 Aug 2008 07:01:00 GMT

One of the most important features of Windows Server 2008 is Network Access Protection. In it’s simplest terms NAP

What advice they give to Microsoft IT Professionals who are focused on security

What they would like to see from security 5-10 years in the future

TechNet Radio: Hyper-V

erickingfrog — Tue, 08 Jul 2008 15:58:00 GMT

In this episode of TechNet Radio, we learn about Hyper-V with Senior Product Managers Rajiv Arunkundram and Arun Jayendran. We also have our July 2008 Security Bulletin.

TechNet Radio: NAP Deployment from a Customer Perspective

erickingfrog — Tue, 17 Jun 2008 16:40:00 GMT

Hear Microsoft customers talk about how they deployed Network Access Protection (NAP) within their organizations. In this TechNet Radio session, Kevin Remde and Jeff Sigman talk with Chris Boscolo of Napera Networks, Alex Chalmers of Ball State University, and Pattabhi Attaluri of Avenda Systems.

Laura Chappell on Network Forensics

AdamBomb — Mon, 16 Jun 2008 07:01:00 GMT

I've long been a fan of Laura Chappell's work in the security field, and was really excited that she took time out of her busy TechEd schedule to show me some of the latest and greatest tools and utilities she uses to perform her work. We also talked a little bit about the new certification announcement from Wireshark University.

BitLocker Drive Encryption Interview with PM Russ Humphries....

loper — Tue, 10 Jun 2008 21:11:00 GMT

If you are reading this you have probably been waiting a LONG time for me to get this posted. You can check out my blog for why it has taken so long.

The interview is with Russ Humphries, a Program Manager in our Security Technologies group. He speaks fairly candidly about BitLocker and I think it is a pretty good interview for my first one.

It is a long interview though so clear about 45 mins to watch the whole thing. I will keep them shorter in the future.

Let me know what you think!

Cheers!

TechNet Radio: Microsoft Forefront Codename “Stirling” Overview (Part 2 of 2)

erickingfrog — Tue, 10 Jun 2008 18:06:00 GMT

In the second part of our overview on Microsoft Forefront codename “Stirling,” we cover the next-generation versions of Forefront Client Security, Forefront Security for Exchange Server, Forefront Security for SharePoint, and Microsoft Internet Security & Acceleration Server (ISA), which is to be renamed the Forefront Threat Management Gateway. We also have our June 2008 Security Bulletin.

SecurityGuy 001 - Interview with MSRC Leader Mike Reavey

SecurityGuy — Thu, 05 Jun 2008 17:11:00 GMT

Mike Reavey is the Group Manager for the Microsoft Security Response Center (MSRC), where he has worked since joining Microsoft about five years ago. In this interview, I talk to Mike about what got him interested in security and why he is pursuing a security career at Microsoft. We additionally discuss how the MSRC interaction with customers drives change in the security response process.

Mike is a contributor to the MSRC Blog, where you can here more from the MSRC team on current security issues.

Regards ~ Jeff

TechNet Radio: Microsoft Forefront Codename “Stirling” Overview (Part 1 of 2)

erickingfrog — Tue, 03 Jun 2008 16:56:00 GMT

Microsoft Forefront codename “Stirling” is an integrated security system that delivers comprehensive, coordinated protection across endpoints, messaging, and collaboration applications. It also provide the network edge that is easier to manage and control. By delivering simplified management and providing critical visibility into threats, vulnerabilities, and configuration risks, “Stirling” helps you reduce costs and achieve greater insight into your enterprise security state. Attend this session to get an overview of this new security system from Microsoft.

Vista 30, Rootkits 0

KingCobra — Wed, 28 May 2008 18:21:00 GMT

I’m glad to see some positive press on Windows Vista. Security is a tough business and when you’re on the desktops of millions of computers, everything is magnified to the Nth degree. A couple of recent articles and postings are getting a lot of attention. See “Vista's Despised UAC Nails Rootkits, Tests Find” by John E. Dunn. This of course got picked up on the popular site Neowin.

Since a lot of you aren’t yet running Windows Vista, here’s a quick refresh on the tech. In Windows Vista, there are two types of user accounts: standard user accounts and administrator accounts. Standard users are equivalent to the standard user account in previous versions of Windows. Standard users have limited administrative privileges and user rights—they cannot install or uninstall applications that install into %systemroot%, change system settings, or perform other administrative tasks. However, standard users can perform these tasks if they are able to provide valid administrative credentials when prompted. With UAC enabled, members of the local Administrators group run with the same access token as standard users. Only when a member of the local Administrators group gives approval can a process use the administrator’s full access token. This process is the basis of the principle of Admin Approval Mode.

See the TechNet article, “Understanding and Configuring User Account Control in Windows Vista” for a detailed review of UAC. If you want to see it in action, see the four minute video.

TechNet Radio: Leveraging the Windows Live Platform for Your Organization

erickingfrog — Tue, 13 May 2008 21:27:00 GMT

Listen to TechNet Radio and learn how you can leverage the benefits of the Windows Live platform for your organization. We discuss Windows Live ID; Microsoft Silverlight Streaming; and the Windows Live Admin Center, which allows you to manage a slice of Windows Live. We also have our May 2008 Security Bulletin.

TechNet Radio: Get More Security and Control with Mobile Device Manager

erickingfrog — Tue, 06 May 2008 16:55:00 GMT

In this TechNet Radio session, learn how you can improve secure access to corporate data and line-of-business (LOB) applications and simplify management of Windows Mobile powered devices with Microsoft System Center Mobile Device Manager. We explain how System Center Mobile Device Manager provides integration into Active Directory, rich inventory and reporting tools, secure virtual private network (VPN) access, and more.

TechNet Radio: How Microsoft IT Uses System Center Configuration Manager 2007 to Extend Network Hea

erickingfrog — Tue, 29 Apr 2008 17:21:00 GMT

In this TechNet Radio session, you learn how Microsoft System Center Configuration Manager 2007 ensures that computers connecting to or communicating on the network meet the organization's requirements for system health. By implementing System Center Operations Manager 2007, Microsoft IT is able to enforce security and compliance, as well as target policies to specific forest and domains within Microsoft.

Windows Server 2008 Security Guide PM interview - Part 2

extreme — Tue, 08 Apr 2008 06:59:00 GMT

In part 2 of this interview, we cover:

Reasoning behind why the specific account lockout and password policy settings were chosen in the guide
General tips (using the appendix when you have a problem and check out the Threats and countermeasures guide)
How to the guide helps implement the granular AD auditing capabilities in WS 2008.
Demo of the security solution accelerator

For part 1, click here.
You can download the Windows Server 2008 security guide here.

Windows Server 2008 Security Guide PM interview

extreme — Wed, 02 Apr 2008 18:01:00 GMT

In part 1 of 2 for this interview with the program managers of the security guides Jose Maldonado and Vlad Pigin, and test lead Bora Gaurav we cover a number of topics including:

What the differences are between the 2003 security guide and the new Server 2008 security guide
What are some of the "deal killers" for most people to be able to run in the specialized security limited functionality (SSLF) mode versus the Enterprise Client mode (EC)
Briefly go through the basic steps to implement
- Establish an acceptable security baseline (EC or SSLF)
- Run the GPO accelerator tool to deploy the baseline
- Deploy the server roles (if you haven't already done this)
- Secure the individual roles using SCW / GPO accelerator tool / guide & checklist
How to implement the guide using a different OU structure than mentioned in the guide.

You can download the Windows Server 2008 security guide here.

NAP clickthrough

AdamBomb — Mon, 31 Mar 2008 22:26:00 GMT

Jeff Wettlaufer is the Sr. Technical Product Manager for System Center Configuration Manager. He has put together a video demonstration of the integration between Windows Server 2008, Configuration Manager and Forefront. In this video, a Windows Vista machine works through remediation, demonstrating the 3 different policies and their enforcement capabilities. In this video, the Windows Vista box is verified and remediated for Automatic Updates, Firewall Config, Forefront Anti Spyware presence and a Windows Update. Check it out!

TechNet Radio: SQL 2008 Part 2 of 2: Management, Troubleshooting and Throttling

erickingfrog — Tue, 11 Mar 2008 19:46:00 GMT

Listen to this two-part series as Bryan von Axelson talks with industry experts Kimberly Tripp and Paul S. Randal about what’s new in SQL 2008. Part two focuses on Management, Troubleshooting and Throttling. We also have our monthly Security Bulletin.

TechNet Radio: SQL 2008 Part 1 of 2: Security and Availability

erickingfrog — Tue, 04 Mar 2008 08:00:00 GMT

Listen to this two-part series as Bryan von Axelson talks with industry experts Kimberly Tripp and Paul S. Randall about what’s new in SQL 2008. Part One focuses on Security and Availability.

Participants:

Eric Ostrowski - Your Show Host and TechNet Radio Producer

Bryan Von Axelson – IT Pro Evangelist

Kimberly L. Tripp - Kimberly L. Tripp is a SQL Server MVP and a Microsoft Regional Director and has worked with computers since 1985. Her career with database technologies began with IBM in 1988 and with Microsoft SQL Server in 1990. Since 1995, Kimberly has worked as a Speaker, Writer, Trainer and Consultant for her own company SYSolutions, Inc. (aka SQLskills.com). Kimberly is a writer/editor for SQL Server Magazine; was a founding writer for T-SQL Solutions magazine; was a technical contributor for the SQL Server 2000 Resource Kit; and co-authored the MSPress title SQL Server 2000 High Availability Kimberly has presented lectures and seminars at Microsoft TechEd and other SQL Server-related events since 1996 and is consistently top-rated both on quality of technical content and presentation style.

Paul S. Randal - Paul S. Randal is the Managing Director of SQLskills.com, which he runs with his wife Kimberly L. Tripp. Paul started in the industry in 1994 working for DEC on the VMS file system and its check/repair tools (the equivalent of chkdsk for NTFS. In 1999 he moved to Microsoft to work on SQL Server, specifically on DBCC. For SQL Server 2000, he concentrated on index fragmentation - well, removing it! In 2007, after 8.5 years on the SQL Server team, Paul left Microsoft to join Kimberly running SQLskills.com and pursuing his new-found passion for presenting and consulting. Paul regularly presents at conferences and user groups around the world on high-availability, disaster recovery, database maintenance, and Storage Engine internals.