Entries tagged with security - TechNet Edge

Forefront TMG RTM Overview Interview

David Tesar — Wed, 18 Nov 2009 07:59:00 GMT

With the RTM of Forefront Threat Management Gateway (TMG), David Cross tells us about what's new and gives some real-world examples of how Microsoft IT has benefited from TMG over ISA 2006. He also discusses the following:

Why TMG only utilizes Microsoft signatures with the GAPA / NIS capabilities
How TMG protects non-Microsoft & unmanaged clients
URL filtering capabilities
How TMG can help you save costs
How to migrate from 32-bit ISA 2006 servers to the (only 64-bit) TMG server
The differences between UAG and TMG

Download TMG RTM
Learn more about TMG

How Microsoft IT Used OSD as Part of the Windows 7 Deployment

Microsoft IT Showcase — Tue, 17 Nov 2009 06:37:00 GMT

Microsoft IT will talk about how they leveraged the Operating System Deployment feature within System Center Configuration Manager to deploy Windows 7 within the Enterprise. Learn how Microsoft IT customized the solution that has been engineered for extensibility and how you can do the same.

MSRC Monthly Security Bulletin Webcast - November 2009

Trustworthy Computing — Sat, 14 Nov 2009 00:20:00 GMT

The Microsoft Security Response Center (MSRC) holds a monthly webcast to discuss the security bulletins that we released on the second Tuesday of that month. To attend live and ask questions, register at http://www.microsoft.com/technet/security.

In this edition, Jerry Bryant and Adrian Stone present information about the November 2009 Security Bulletins and answer customer questions live. See the MSRC blog for a transcript of the questions and answers that were addressed during the live session: http://blogs.technet.com/msrc

For more information about the MSRC, please visit:
http://www.microsoft.com/security/msrc/default.mspx

Unified Access Gateway Demo, Screencast, and PM Interview

David Tesar — Fri, 13 Nov 2009 17:05:00 GMT

Meir Mendelovich, UAG Program Manager, at TechEd EMEA 09 tells us about some of the capabilities of UAG and then demos Direct Access and walks through the UAG Direct Access configuration via a screencast.

Learn more about UAG

November 2009 Security Bulletin Overview

Trustworthy Computing — Tue, 10 Nov 2009 18:27:00 GMT

This is a basic overview of the security bulletins released by the Microsoft Security Response Center (MSRC) in November 2009. For bulletin details, please visit:

http://www.microsoft.com/technet/security
or
http://www.microsoft.com/security

Other resources:

Microsoft Update: http://update.microsoft.com

Video on how to install updates on Vista >>

This video is brought to you by the Trustworthy Computing security response communications team.

Forefront Protection 2010 for Exchange and Business Ready Security

David Tesar — Mon, 09 Nov 2009 17:00:00 GMT

Joe Licari lets us know about the Forefront announcements at TechEd EMEA, what Business Ready Security means to you, specific cost saving examples, and what is coming out by the end of the year from Forefront.

Learn more about or download the released version of Forefront Protection 2010 for Exchange

Learn more about Business Ready Security

Microsoft Security Intelligence Report (SIR) v7

Trustworthy Computing — Tue, 03 Nov 2009 19:10:00 GMT

The Microsoft Security Intelligence Report (SIR) is a comprehensive and wide-ranging study of the evolving threat landscape, and addresses such topics as software vulnerability disclosures and exploits, malicious software (malware), and potentially unwanted software.

Volume 7 of the Security Intelligence Report (SIR v7) covers the first half of 2009 (January through June). It includes data derived from more than 450 million computers worldwide, each running Windows. It also draws data from some of the busiest services on the Internet, such as Windows Live Hotmail and Bing.

The research is extensive and we encourage you to download the report.

Dogfooding: Deployment & Product Influence

Jossie Tirado — Tue, 03 Nov 2009 18:33:00 GMT

Steven Michalove, from Microsoft Information Security, concludes the dogfooding series where a product is tested on the enterprise, formally known as First & Best Program. For more information on the other phases of dogfooding a product in IT see Evaluating Risk and Security Related Features.

Steven describes how his team evaluates how to the deployment of a new technology will look like on the enterprise. Not only that but his team has the ability to influence a product by looking at what risk might look like in the future so those are considered on the development of the technology.

Read more on blog article Dogfooding: Product Influence or follow the ACE blog.

Dogfooding Security-Related Features

Jossie Tirado — Tue, 27 Oct 2009 05:13:00 GMT

Yale Li and Price Oden, from Microsoft Information Security, explain the second phase of dogfooding a product on the enterprise, formally known as First & Best Program. This second step consists of doing a security assessment on specific features in the product. For the first phase go here.

With this assessment the organization may decide what are the strategies around those features, or opportunities. It is a very detailed step on the dogfooding process, where they go all the way back to design and functional specification documents. They describe how this worked for BitLocker To Go^TM.

Read more on blog article Dogfooding: Phase 2 or follow the ACE blog.

Introduccion a Microsoft Forefront Unified Access Gateway 2010 (UAG)

hektor — Mon, 26 Oct 2009 10:03:00 GMT

En este screencast realizado por Raúl Moros (MVP de Microsoft Forefront), nos muestra una introducción al funcionamiento de UAG (Unified Access Gateway) en un entorno seguro.

Dogfooding: Evaluating Risk

Jossie Tirado — Wed, 21 Oct 2009 01:06:00 GMT

Don Nguyen and Mike Lange, from Microsoft Information Security, explain the first phase of dogfooding a product on the enterprise, formally known as First &Best Program. This first step consists of a risk assessment or design review on the product.

This phase is important as it allows them to look at the current policies as they are related to the technology already in place. Is it time to update the policies? Adjust the new technology? They describe how this worked for SQL 2008.

Read more on blog article Dogfooding: Phase 1 or follow the ACE blog.

MSRC Monthly Security Bulletin Webcast - October 2009

Trustworthy Computing — Tue, 20 Oct 2009 21:13:00 GMT

The Microsoft Security Response Center (MSRC) holds a monthly webcast to discuss the security bulletins that we released on the second Tuesday of that month. To attend live and ask questions, register at http://www.microsoft.com/technet/security.

In this edition, Jerry Bryant and Adrian Stone present information about the October 2009 Security Bulletins and answer customer questions live. See the MSRC blog for a transcript of the questions and answers that were addressed during the live session: http://blogs.technet.com/msrc

For more information about the MSRC, please visit:
http://www.microsoft.com/security/msrc/default.mspx

Digitální podpis dokumentu v MS Word (CZ)

Karel Florian (KFL) — Wed, 14 Oct 2009 09:15:00 GMT

Screencast se zabývá ochranou dokumentů v MS Office, resp. v MS Word, především pak podepisováním dokumentů digitálním podpisem.

Autorem screencastu je Peter Belko (MVP).

October 2009 Security Bulletin Overview

Trustworthy Computing — Tue, 13 Oct 2009 18:29:00 GMT

This is a basic overview of the security bulletins released by the Microsoft Security Response Center (MSRC) in October 2009. For bulletin details, please visit:

http://www.microsoft.com/technet/security
or
http://www.microsoft.com/security

Other resources mentioned in the video:

Microsoft Update: http://update.microsoft.com

Video on how to install updates on Vista >>

This video is brought to you by the Trustworthy Computing security response communications team.

Microsoft Information Security & Dogfooding

Jossie Tirado — Mon, 12 Oct 2009 07:14:00 GMT

Mark Smith, from Microsoft Information Security, provides a glimpse at how Microsoft “dogfoods” its products. When launching a new product naturally there’s a concern about how a product will perform. Ever wonder about the process?

This is part of a series of videos around Information Security and Dogfooding. We will discuss some success stories and some of the processes involved in running products on the enterprise before they are ready for release.

To learn more at the Information Security blog.

Instalación de System Center Configuration Manager 2007

hektor — Fri, 02 Oct 2009 12:13:00 GMT

Este video realizado por Gastón Gardonio (Ingeniero de Soporte de Microsoft) nos detalla la instalación de System Center Configuration Manager 2007. Además podremos ver los requerimientos del SCCM 2007, aspectos de la migración de SMS 2003 a SCCM 2007 y características de la nueva versión. También nos comenta en detalle que modificaciones se hacen en el Active Directory y como realizarlas.

Configuracion e instalación del cliente de SCCM 2007

hektor — Fri, 02 Oct 2009 12:12:00 GMT

Este video realizado por Gastón Gardonio (Ingeniero de Soporte de Microsoft) nos detalla la instalación del cliente de System Center Configuration Manager 2007 y cómo llevar a cabo sus configuraciones iniciales.

How Microsoft Uses Risk Tracker to Reduce Risk

Jossie Tirado — Wed, 30 Sep 2009 12:59:00 GMT

Sarah Pickard from Microsoft Information Security gives a hands-on demonstration on how the business uses the Risk Tracker application. Built using CISF (Connected Information Security Framework) this application captures and tracks high level security risks to effectively reduce risk at Microsoft.

She explains how this application helps an organization to manage, track, report, associate, as well as assign risk to an entity.

To learn more about this application and stay up to date on the latest news, read the following blogs from Information Security and previous posts from the Security Tools Team blog.

To see an overview of what the Risk Tracker application is watch the video: Risk Tracker: Reducing Risks at Microsoft.

Risk Tracker sample application download

Hyper-V: delegare l’amministrazione delle macchine virtuali

PierGiorgio Malusardi — Wed, 30 Sep 2009 08:49:00 GMT

Una delle domande più frequenti che mi vengono fatte, ultimamente, è come fare a delegare l'amministrazione di una o più macchine virtuali, in esecuzione su un host Hyper-V (o solo di alcune operazioni), senza dare però accesso in amministrazione all'host stesso.

Usando System Center Virtual Machine Manager, l'operazione è banale ed eseguibile dalla console di amministrazione.

Usando i tool nativi di amministrazione di Hyper-V (Hyper-V Manager per esempio) la cosa è un po' più complessa.

Nel video qui a fianco trovate come fare.

Buona visione.

Giorgio

Microsoft Security Essentials (MSE) released

David Tesar — Tue, 29 Sep 2009 07:30:00 GMT

MSE, a free consumer anti-malware program, has released their final version to the public today! Already As an IT Pro, what can you expect from MSE and how does it compare to the Forefront equivalent? For businesses, Forefront Client Security is the current released client anti-malware product and Forefront Endpoint Protection (FEP) 2010 is the next version slated to be released in H2 2010.

Similarities between MSE and FCS/FEP:

Same core protection engine which includes protection from viruses, spyware, and rootkits.
Uses the same telemetry data and global security response team
Updates signatures through Microsoft Update
Includes real-time threat signature updates “Dynamic Signature Service” (not included with FCS, but will be included with FEP)

Additional Business value from FCS/FEP, which MSE doesn’t have:

Management – FCS/FEP have extensive management capabilities with things like a management console and central location to distribute policies. There is zero management with MSE.
Supported Operating systems – FCS supports server operating systems from Windows Server 2003 to Windows Server 2008 R2 as well as Windows 2000 clients.
NAP integration – FCS/FEP integrates with Network Access Protection in your environment to quarantine and remediate clients to have access to your network.
Reporting - are provided with key information on the security state of your environment as well as a snapshot of top trends and issues. Administrators can use this data to take action against threats or to communicate the details of the system’s security status to management.
Dynamic Response - FEP will have a significant enhanced capability over FCS which will enable it to share security assessments with the rest of the Forefront Protection Suite and dynamically take actions to remediate threats.

Download MSE
Watch a video demo of MSE in action and other MSE videos
Watch the setup-install-configuration screen-shot video walk through (12 min)

Risk Tracker: Reducing Risks at Microsoft

Jossie Tirado — Wed, 16 Sep 2009 16:47:00 GMT

Sarah Pickard and Mark Curphey from Microsoft Information Security talk about the release of the Risk Tracker application. Built using CISF (Connected Information Security Framework) this application captures and tracks high level security risks to effectively reduce risk at Microsoft.

They explain how the business uses this application and how it will help organizations manage, track, report, associate, as well as assign risk to an entity.

To learn more about this framework and stay up to date on the latest news, read the following blogs from Information Security and previous posts from the Security Tools Team blog.

Risk Tracker sample application download

CISF: Build Custom Security Solutions

Jossie Tirado — Wed, 16 Sep 2009 16:46:00 GMT

Mark Curphey and Marius Grigoriu, from Microsoft Information Security, talk about the release of the first version of Connected Information Security Framework (CISF). A software development framework comprising of API’s and reusable components that is designed to create bespoke or custom information security and risk management solutions like Risk Tracker.

Microsoft’s IT Information Security Tools Team designs and develops CISF to “engineer the security delta” meaning as a way to rapidly meet business requirements and create functionality that doesn’t exist or is not yet available in their product range.

They explain benefits found on this framework including:

Building information security applications cheaper, faster, and better
Migrate applications efficiently and effectively to their products when they become available

To learn more about this framework and stay up to date on the latest news, read the following blogs from Information Security and previous posts from the Security Tools Team blog.

CISF CTP download

BinScope Overview and Demo

Jeff Jones — Wed, 16 Sep 2009 11:33:00 GMT

This brief video gives a brief overview of the BinScope Binary Analyzer and then walks through how to configure and use BinScope to analyze an application within Visual Studio. The walkthrough demonstrates integration with TFS and the SDL Process Template, showing easy creation of work items from detected problems.

Download BinScope here and begin leveraging the verification capabilities of BinScope immediately

Learn more about the Microsoft Security Development Lifecycle (SDL) and tools Microsoft has published at the SDL Tool Repository site.

MiniFuzz Overview and Demo

Jeff Jones — Wed, 16 Sep 2009 11:33:00 GMT

This brief video gives a brief overview of the MiniFuzz File Fuzzer and then walks through how to configure and use MiniFuzz to perform fuzz testing on an application. The walkthrough launches MiniFuzz as an add-on to Visual Studio and demonstrates integration with TFS, showing automatic creation of work items from detected crashes.

Download MiniFuzz here to get started with this easy to use file fuzzing tool

Learn more about the Microsoft Security Development Lifecycle (SDL) and tools Microsoft has published at the SDL Tool Repository site.

MSRC Monthly Security Bulletin Webcast - September 2009

Trustworthy Computing — Fri, 11 Sep 2009 02:55:00 GMT

The Microsoft Security Response Center (MSRC) holds a monthly webcast to discuss the security bulletins that we released on the second Tuesday of that month. To attend live and ask questions, register at http://www.microsoft.com/technet/security.

In this edition, Jerry Bryant and Adrian Stone present information about the September 2009 Security Bulletins and answer customer questions live. See the MSRC blog for a transcript of the questions and answers that were addressed during the live session: http://blogs.technet.com/msrc

For more information about the MSRC, please visit:
http://www.microsoft.com/security/msrc/default.mspx