Entries tagged with security - TechNet Edge

Internet Explorer 8 Beta 2 More Secure and Private Browsing

RaidDawg — Wed, 27 Aug 2008 19:00:00 GMT

In this screencast I talk about how IE 8 is more secure, how IE 8 provides many teachable moments in helping protect everyone while they browse. Overall IE 8 has increased security, privacy and control of your data and information through its improved SmartScreen®Filter (a next generation of phishing and malware detection), domain name highlighting and InPrivate™ Browsing. What makes IE 8 fantastic is that it balances security and privacy with functionality, especially with its enhanced deletion of browsing history. Lastly with IE 8’s cross site scripting filter (XSS), we are helping to provide a security solution in the browser from a vulnerability that is detected on the server which is raising IE 8’s security measures well beyond the traditional boundary of browser security.

To view the other parts:

Faster and Easier: Screencast: Faster and Easier IE 8
More Reliable and Standards based: Screencast: More Reliable and Interoperable

To full the full screencast, all 3 parts combined (about 45 minutes): IE 8 Full Screencast

To learn more more and to download Internet Explorer 8 please visit: www.microsoft.com/ie8

(Note: IE 8 is supported on Windows XP SP2/SP3, Server 2003 SP2, Server 2008, Vista RTM & Vista SP1.)

Interview with Mark Russinovich: the future of Sysinternals, Security, Windows

extreme — Mon, 25 Aug 2008 20:35:00 GMT

I was able to get some time to chat with Mark Russinovich in his office and ask about the future of the sysinternals tools, security, and windows (beyond Windows 7). Here's how it breaks down:

What surprises Mark has had since he joined Microsoft
How much time he spends on Sysinternal tools and other things
02:53 - His interaction and stories with Bill Gates
06:16 - What the future of sysinteral / winternal tools looks like
- 08:21 - considerations for integration with Netmon 3
- 09:25 - Security monitoring (i.e. AD, WMI, other objects)
12:14 - A day where we don't have to go into so much depth to fix software/computer problems
17:06 - What the future of security holds
24:57 - Problems with behavioral based security mechanisms versus whitelisting / blacklisting
27:10 - With talks of things like Midori, do we need to scrap the entire Windows code base and start over?
- MinWin
- The limitations of Windows now and the future of Windows
34:03 - Should Microsoft make their own PC hardware?

If you decide to tune in for "Over the Edge" at 36:18, you'll find out about:

What he likes to do in his free time
What country he was born in
What languages he speaks
What books he reads and recommends
If he considers himself an IT Pro or Developer
Awards he's receieved
Famous Paintings

See other interviews with Mark done on Channel 9:
Mark Russinovich: From Winternals to Microsoft, On Windows Security, Windows CoreArch
Mark Russinovich: On Working at Microsoft, Windows Server 2008 Kernel, MinWin vs ServerCore, HyperV,

Screencast: Network Access Protection with 802.1x (Part 1)

jeffadude — Wed, 20 Aug 2008 07:01:00 GMT

One of the most important features of Windows Server 2008 is Network Access Protection. In it’s simplest terms NAP

What advice they give to Microsoft IT Professionals who are focused on security

What they would like to see from security 5-10 years in the future

TechNet Radio: Hyper-V

erickingfrog — Tue, 08 Jul 2008 15:58:00 GMT

In this episode of TechNet Radio, we learn about Hyper-V with Senior Product Managers Rajiv Arunkundram and Arun Jayendran. We also have our July 2008 Security Bulletin.

TechNet Radio: NAP Deployment from a Customer Perspective

erickingfrog — Tue, 17 Jun 2008 16:40:00 GMT

Hear Microsoft customers talk about how they deployed Network Access Protection (NAP) within their organizations. In this TechNet Radio session, Kevin Remde and Jeff Sigman talk with Chris Boscolo of Napera Networks, Alex Chalmers of Ball State University, and Pattabhi Attaluri of Avenda Systems.

Laura Chappell on Network Forensics

AdamBomb — Mon, 16 Jun 2008 07:01:00 GMT

I've long been a fan of Laura Chappell's work in the security field, and was really excited that she took time out of her busy TechEd schedule to show me some of the latest and greatest tools and utilities she uses to perform her work. We also talked a little bit about the new certification announcement from Wireshark University.

BitLocker Drive Encryption Interview with PM Russ Humphries....

loper — Tue, 10 Jun 2008 21:11:00 GMT

If you are reading this you have probably been waiting a LONG time for me to get this posted. You can check out my blog for why it has taken so long.

The interview is with Russ Humphries, a Program Manager in our Security Technologies group. He speaks fairly candidly about BitLocker and I think it is a pretty good interview for my first one.

It is a long interview though so clear about 45 mins to watch the whole thing. I will keep them shorter in the future.

Let me know what you think!

Cheers!

TechNet Radio: Microsoft Forefront Codename “Stirling” Overview (Part 2 of 2)

erickingfrog — Tue, 10 Jun 2008 18:06:00 GMT

In the second part of our overview on Microsoft Forefront codename “Stirling,” we cover the next-generation versions of Forefront Client Security, Forefront Security for Exchange Server, Forefront Security for SharePoint, and Microsoft Internet Security & Acceleration Server (ISA), which is to be renamed the Forefront Threat Management Gateway. We also have our June 2008 Security Bulletin.

SecurityGuy 001 - Interview with MSRC Leader Mike Reavey

SecurityGuy — Thu, 05 Jun 2008 17:11:00 GMT

Mike Reavey is the Group Manager for the Microsoft Security Response Center (MSRC), where he has worked since joining Microsoft about five years ago. In this interview, I talk to Mike about what got him interested in security and why he is pursuing a security career at Microsoft. We additionally discuss how the MSRC interaction with customers drives change in the security response process.

Mike is a contributor to the MSRC Blog, where you can here more from the MSRC team on current security issues.

Regards ~ Jeff

TechNet Radio: Microsoft Forefront Codename “Stirling” Overview (Part 1 of 2)

erickingfrog — Tue, 03 Jun 2008 16:56:00 GMT

Microsoft Forefront codename “Stirling” is an integrated security system that delivers comprehensive, coordinated protection across endpoints, messaging, and collaboration applications. It also provide the network edge that is easier to manage and control. By delivering simplified management and providing critical visibility into threats, vulnerabilities, and configuration risks, “Stirling” helps you reduce costs and achieve greater insight into your enterprise security state. Attend this session to get an overview of this new security system from Microsoft.

Vista 30, Rootkits 0

KingCobra — Wed, 28 May 2008 18:21:00 GMT

I’m glad to see some positive press on Windows Vista. Security is a tough business and when you’re on the desktops of millions of computers, everything is magnified to the Nth degree. A couple of recent articles and postings are getting a lot of attention. See “Vista's Despised UAC Nails Rootkits, Tests Find” by John E. Dunn. This of course got picked up on the popular site Neowin.

Since a lot of you aren’t yet running Windows Vista, here’s a quick refresh on the tech. In Windows Vista, there are two types of user accounts: standard user accounts and administrator accounts. Standard users are equivalent to the standard user account in previous versions of Windows. Standard users have limited administrative privileges and user rights—they cannot install or uninstall applications that install into %systemroot%, change system settings, or perform other administrative tasks. However, standard users can perform these tasks if they are able to provide valid administrative credentials when prompted. With UAC enabled, members of the local Administrators group run with the same access token as standard users. Only when a member of the local Administrators group gives approval can a process use the administrator’s full access token. This process is the basis of the principle of Admin Approval Mode.

See the TechNet article, “Understanding and Configuring User Account Control in Windows Vista” for a detailed review of UAC. If you want to see it in action, see the four minute video.

TechNet Radio: Leveraging the Windows Live Platform for Your Organization

erickingfrog — Tue, 13 May 2008 21:27:00 GMT

Listen to TechNet Radio and learn how you can leverage the benefits of the Windows Live platform for your organization. We discuss Windows Live ID; Microsoft Silverlight Streaming; and the Windows Live Admin Center, which allows you to manage a slice of Windows Live. We also have our May 2008 Security Bulletin.

TechNet Radio: Get More Security and Control with Mobile Device Manager

erickingfrog — Tue, 06 May 2008 16:55:00 GMT

In this TechNet Radio session, learn how you can improve secure access to corporate data and line-of-business (LOB) applications and simplify management of Windows Mobile powered devices with Microsoft System Center Mobile Device Manager. We explain how System Center Mobile Device Manager provides integration into Active Directory, rich inventory and reporting tools, secure virtual private network (VPN) access, and more.

TechNet Radio: How Microsoft IT Uses System Center Configuration Manager 2007 to Extend Network Hea

erickingfrog — Tue, 29 Apr 2008 17:21:00 GMT

In this TechNet Radio session, you learn how Microsoft System Center Configuration Manager 2007 ensures that computers connecting to or communicating on the network meet the organization's requirements for system health. By implementing System Center Operations Manager 2007, Microsoft IT is able to enforce security and compliance, as well as target policies to specific forest and domains within Microsoft.

Windows Server 2008 Security Guide PM interview - Part 2

extreme — Tue, 08 Apr 2008 06:59:00 GMT

In part 2 of this interview, we cover:

Reasoning behind why the specific account lockout and password policy settings were chosen in the guide
General tips (using the appendix when you have a problem and check out the Threats and countermeasures guide)
How to the guide helps implement the granular AD auditing capabilities in WS 2008.
Demo of the security solution accelerator

For part 1, click here.
You can download the Windows Server 2008 security guide here.

Windows Server 2008 Security Guide PM interview

extreme — Wed, 02 Apr 2008 18:01:00 GMT

In part 1 of 2 for this interview with the program managers of the security guides Jose Maldonado and Vlad Pigin, and test lead Bora Gaurav we cover a number of topics including:

What the differences are between the 2003 security guide and the new Server 2008 security guide
What are some of the "deal killers" for most people to be able to run in the specialized security limited functionality (SSLF) mode versus the Enterprise Client mode (EC)
Briefly go through the basic steps to implement
- Establish an acceptable security baseline (EC or SSLF)
- Run the GPO accelerator tool to deploy the baseline
- Deploy the server roles (if you haven't already done this)
- Secure the individual roles using SCW / GPO accelerator tool / guide & checklist
How to implement the guide using a different OU structure than mentioned in the guide.

You can download the Windows Server 2008 security guide here.

NAP clickthrough

AdamBomb — Mon, 31 Mar 2008 22:26:00 GMT

Jeff Wettlaufer is the Sr. Technical Product Manager for System Center Configuration Manager. He has put together a video demonstration of the integration between Windows Server 2008, Configuration Manager and Forefront. In this video, a Windows Vista machine works through remediation, demonstrating the 3 different policies and their enforcement capabilities. In this video, the Windows Vista box is verified and remediated for Automatic Updates, Firewall Config, Forefront Anti Spyware presence and a Windows Update. Check it out!

TechNet Radio: SQL 2008 Part 2 of 2: Management, Troubleshooting and Throttling

erickingfrog — Tue, 11 Mar 2008 19:46:00 GMT

Listen to this two-part series as Bryan von Axelson talks with industry experts Kimberly Tripp and Paul S. Randal about what’s new in SQL 2008. Part two focuses on Management, Troubleshooting and Throttling. We also have our monthly Security Bulletin.

TechNet Radio: SQL 2008 Part 1 of 2: Security and Availability

erickingfrog — Tue, 04 Mar 2008 08:00:00 GMT

Listen to this two-part series as Bryan von Axelson talks with industry experts Kimberly Tripp and Paul S. Randall about what’s new in SQL 2008. Part One focuses on Security and Availability.

Participants:

Eric Ostrowski - Your Show Host and TechNet Radio Producer

Bryan Von Axelson – IT Pro Evangelist

Kimberly L. Tripp - Kimberly L. Tripp is a SQL Server MVP and a Microsoft Regional Director and has worked with computers since 1985. Her career with database technologies began with IBM in 1988 and with Microsoft SQL Server in 1990. Since 1995, Kimberly has worked as a Speaker, Writer, Trainer and Consultant for her own company SYSolutions, Inc. (aka SQLskills.com). Kimberly is a writer/editor for SQL Server Magazine; was a founding writer for T-SQL Solutions magazine; was a technical contributor for the SQL Server 2000 Resource Kit; and co-authored the MSPress title SQL Server 2000 High Availability Kimberly has presented lectures and seminars at Microsoft TechEd and other SQL Server-related events since 1996 and is consistently top-rated both on quality of technical content and presentation style.

Paul S. Randal - Paul S. Randal is the Managing Director of SQLskills.com, which he runs with his wife Kimberly L. Tripp. Paul started in the industry in 1994 working for DEC on the VMS file system and its check/repair tools (the equivalent of chkdsk for NTFS. In 1999 he moved to Microsoft to work on SQL Server, specifically on DBCC. For SQL Server 2000, he concentrated on index fragmentation - well, removing it! In 2007, after 8.5 years on the SQL Server team, Paul left Microsoft to join Kimberly running SQLskills.com and pursuing his new-found passion for presenting and consulting. Paul regularly presents at conferences and user groups around the world on high-availability, disaster recovery, database maintenance, and Storage Engine internals.

TechNet Radio: How Microsoft IT Secures Mobile Devices

erickingfrog — Tue, 26 Feb 2008 00:00:00 GMT

Join this session and find out how Microsoft IT is empowering the mobile workforce via the deployment of the Windows Mobile platform. Microsoft IT fully integrates Windows Mobile features and applications, with both established hardware and infrastructure, and future plans support master security policy migrations, such as complete two-factor authentication operations.

Network Access Protection with Microsoft's IT

AdamBomb — Tue, 15 Jan 2008 03:27:00 GMT

After months of cajoling, I was finally able to convince Jeff Sigman from the NAP team and Brent Atkison from MSIT to sit still for 30 minutes to talk about why we created NAP, and how we went about deploying it worldwide at Microsoft. Ah, who am I kidding. Jeff's been asking me for months to put his blue anime hair up on the web. Here you go Jeff. Persistance pays off.
Network Access Protection is a new feature in Windows Server 2008 that allows you to enforce computer health requirements before allowing machines to communicate on the network. It's the answer to the question "do I trust that this machine is patched and won't infect other machines on my network?"
These guys have done some pretty impressive stuff. The NAP team worked with a list of partners as long as your arm to make sure NAP will play nicely with whatever switch hardware you've invested in. Brent shares some impressive sizing guidelines for implementing NAP: Microsoft turned reporting and deferred enforcement on 120,000 machines worldwide, using a very small number of servers. Very small. Less than 3. Total help desk calls as a result? Also a very small number. Oh, and he did that deployment using beta builds of Longhorn Server 2008.
(this video was originally posted to Channel9 back before Edge existed, but since it's really IT content, not dev, I wanted to put it up over where it belongs)

Rafal Lukawiecki Security chat at IT Forum

extreme — Mon, 03 Dec 2007 17:30:00 GMT

I had a chance to sit down and talk with Rafal Lukawiecki from Project Botticelli Ltd at IT forum in the speaker's lounge right after sitting in on the security panel discussion (SEC01-PAN) he was a part of which included other well-known security professionals such as Mark Russinovich and Steve Riley.

Rafal was amongst the top scoring speakers and has a deep knowledge in various areas such as computer security / cryptography. With this in mind, we discussed things such as Windows Server 2008 Suite B encryption algorithms, IPv6, what he feels the largest security problems are today, where he sees the future of security headed, and what changes he would like to see with Microsoft products.

What changes would you like to see from Microsoft around security?

Steve Riley talks security

AdamBomb — Fri, 16 Nov 2007 06:45:00 GMT

If you’ve ever been to a TechEd event, hopefully you were able to catch on of Steve’s security sessions. If you haven’t, here’s a short glimpse in to what you’re missing. We talk about the death of the DMZ, some of the Vista security improvements, and Steve’s suggestion for the top thing you can do to make your network more secure.