Entries tagged with security - TechNet Edge

Microsoft Security Intelligence Report (SIR) v7

Trustworthy Computing — Tue, 03 Nov 2009 19:10:00 GMT

The Microsoft Security Intelligence Report (SIR) is a comprehensive and wide-ranging study of the evolving threat landscape, and addresses such topics as software vulnerability disclosures and exploits, malicious software (malware), and potentially unwanted software.

Volume 7 of the Security Intelligence Report (SIR v7) covers the first half of 2009 (January through June). It includes data derived from more than 450 million computers worldwide, each running Windows. It also draws data from some of the busiest services on the Internet, such as Windows Live Hotmail and Bing.

The research is extensive and we encourage you to download the report.

Dogfooding: Deployment & Product Influence

Jossie Tirado — Tue, 03 Nov 2009 18:33:00 GMT

Steven Michalove, from Microsoft Information Security, concludes the dogfooding series where a product is tested on the enterprise, formally known as First & Best Program. For more information on the other phases of dogfooding a product in IT see Evaluating Risk and Security Related Features.

Steven describes how his team evaluates how to the deployment of a new technology will look like on the enterprise. Not only that but his team has the ability to influence a product by looking at what risk might look like in the future so those are considered on the development of the technology.

Read more on blog article Dogfooding: Product Influence or follow the ACE blog.

Dogfooding Security-Related Features

Jossie Tirado — Tue, 27 Oct 2009 05:13:00 GMT

Yale Li and Price Oden, from Microsoft Information Security, explain the second phase of dogfooding a product on the enterprise, formally known as First & Best Program. This second step consists of doing a security assessment on specific features in the product. For the first phase go here.

With this assessment the organization may decide what are the strategies around those features, or opportunities. It is a very detailed step on the dogfooding process, where they go all the way back to design and functional specification documents. They describe how this worked for BitLocker To Go^TM.

Read more on blog article Dogfooding: Phase 2 or follow the ACE blog.

Introduccion a Microsoft Forefront Unified Access Gateway 2010 (UAG)

hektor — Mon, 26 Oct 2009 10:03:00 GMT

En este screencast realizado por Raúl Moros (MVP de Microsoft Forefront), nos muestra una introducción al funcionamiento de UAG (Unified Access Gateway) en un entorno seguro.

Dogfooding: Evaluating Risk

Jossie Tirado — Wed, 21 Oct 2009 01:06:00 GMT

Don Nguyen and Mike Lange, from Microsoft Information Security, explain the first phase of dogfooding a product on the enterprise, formally known as First &Best Program. This first step consists of a risk assessment or design review on the product.

This phase is important as it allows them to look at the current policies as they are related to the technology already in place. Is it time to update the policies? Adjust the new technology? They describe how this worked for SQL 2008.

Read more on blog article Dogfooding: Phase 1 or follow the ACE blog.

MSRC Monthly Security Bulletin Webcast - October 2009

Trustworthy Computing — Tue, 20 Oct 2009 21:13:00 GMT

The Microsoft Security Response Center (MSRC) holds a monthly webcast to discuss the security bulletins that we released on the second Tuesday of that month. To attend live and ask questions, register at http://www.microsoft.com/technet/security.

In this edition, Jerry Bryant and Adrian Stone present information about the October 2009 Security Bulletins and answer customer questions live. See the MSRC blog for a transcript of the questions and answers that were addressed during the live session: http://blogs.technet.com/msrc

For more information about the MSRC, please visit:
http://www.microsoft.com/security/msrc/default.mspx

Digitální podpis dokumentu v MS Word (CZ)

Karel Florian (KFL) — Wed, 14 Oct 2009 09:15:00 GMT

Screencast se zabývá ochranou dokumentů v MS Office, resp. v MS Word, především pak podepisováním dokumentů digitálním podpisem.

Autorem screencastu je Peter Belko (MVP).

October 2009 Security Bulletin Overview

Trustworthy Computing — Tue, 13 Oct 2009 18:29:00 GMT

This is a basic overview of the security bulletins released by the Microsoft Security Response Center (MSRC) in October 2009. For bulletin details, please visit:

http://www.microsoft.com/technet/security
or
http://www.microsoft.com/security

Other resources mentioned in the video:

Microsoft Update: http://update.microsoft.com

Video on how to install updates on Vista >>

This video is brought to you by the Trustworthy Computing security response communications team.

Microsoft Information Security & Dogfooding

Jossie Tirado — Mon, 12 Oct 2009 07:14:00 GMT

Mark Smith, from Microsoft Information Security, provides a glimpse at how Microsoft “dogfoods” its products. When launching a new product naturally there’s a concern about how a product will perform. Ever wonder about the process?

This is part of a series of videos around Information Security and Dogfooding. We will discuss some success stories and some of the processes involved in running products on the enterprise before they are ready for release.

To learn more at the Information Security blog.

Instalación de System Center Configuration Manager 2007

hektor — Fri, 02 Oct 2009 12:13:00 GMT

Este video realizado por Gastón Gardonio (Ingeniero de Soporte de Microsoft) nos detalla la instalación de System Center Configuration Manager 2007. Además podremos ver los requerimientos del SCCM 2007, aspectos de la migración de SMS 2003 a SCCM 2007 y características de la nueva versión. También nos comenta en detalle que modificaciones se hacen en el Active Directory y como realizarlas.

Configuracion e instalación del cliente de SCCM 2007

hektor — Fri, 02 Oct 2009 12:12:00 GMT

Este video realizado por Gastón Gardonio (Ingeniero de Soporte de Microsoft) nos detalla la instalación del cliente de System Center Configuration Manager 2007 y cómo llevar a cabo sus configuraciones iniciales.

How Microsoft Uses Risk Tracker to Reduce Risk

Jossie Tirado — Wed, 30 Sep 2009 12:59:00 GMT

Sarah Pickard from Microsoft Information Security gives a hands-on demonstration on how the business uses the Risk Tracker application. Built using CISF (Connected Information Security Framework) this application captures and tracks high level security risks to effectively reduce risk at Microsoft.

She explains how this application helps an organization to manage, track, report, associate, as well as assign risk to an entity.

To learn more about this application and stay up to date on the latest news, read the following blogs from Information Security and previous posts from the Security Tools Team blog.

To see an overview of what the Risk Tracker application is watch the video: Risk Tracker: Reducing Risks at Microsoft.

Risk Tracker sample application download

Hyper-V: delegare l’amministrazione delle macchine virtuali

PierGiorgio Malusardi — Wed, 30 Sep 2009 08:49:00 GMT

Una delle domande più frequenti che mi vengono fatte, ultimamente, è come fare a delegare l'amministrazione di una o più macchine virtuali, in esecuzione su un host Hyper-V (o solo di alcune operazioni), senza dare però accesso in amministrazione all'host stesso.

Usando System Center Virtual Machine Manager, l'operazione è banale ed eseguibile dalla console di amministrazione.

Usando i tool nativi di amministrazione di Hyper-V (Hyper-V Manager per esempio) la cosa è un po' più complessa.

Nel video qui a fianco trovate come fare.

Buona visione.

Giorgio

Microsoft Security Essentials (MSE) released

David Tesar — Tue, 29 Sep 2009 07:30:00 GMT

MSE, a free consumer anti-malware program, has released their final version to the public today! Already As an IT Pro, what can you expect from MSE and how does it compare to the Forefront equivalent? For businesses, Forefront Client Security is the current released client anti-malware product and Forefront Endpoint Protection (FEP) 2010 is the next version slated to be released in H2 2010.

Similarities between MSE and FCS/FEP:

Same core protection engine which includes protection from viruses, spyware, and rootkits.
Uses the same telemetry data and global security response team
Updates signatures through Microsoft Update
Includes real-time threat signature updates “Dynamic Signature Service” (not included with FCS, but will be included with FEP)

Additional Business value from FCS/FEP, which MSE doesn’t have:

Management – FCS/FEP have extensive management capabilities with things like a management console and central location to distribute policies. There is zero management with MSE.
Supported Operating systems – FCS supports server operating systems from Windows Server 2003 to Windows Server 2008 R2 as well as Windows 2000 clients.
NAP integration – FCS/FEP integrates with Network Access Protection in your environment to quarantine and remediate clients to have access to your network.
Reporting - are provided with key information on the security state of your environment as well as a snapshot of top trends and issues. Administrators can use this data to take action against threats or to communicate the details of the system’s security status to management.
Dynamic Response - FEP will have a significant enhanced capability over FCS which will enable it to share security assessments with the rest of the Forefront Protection Suite and dynamically take actions to remediate threats.

Download MSE
Watch a video demo of MSE in action and other MSE videos
Watch the setup-install-configuration screen-shot video walk through (12 min)

Risk Tracker: Reducing Risks at Microsoft

Jossie Tirado — Wed, 16 Sep 2009 16:47:00 GMT

Sarah Pickard and Mark Curphey from Microsoft Information Security talk about the release of the Risk Tracker application. Built using CISF (Connected Information Security Framework) this application captures and tracks high level security risks to effectively reduce risk at Microsoft.

They explain how the business uses this application and how it will help organizations manage, track, report, associate, as well as assign risk to an entity.

To learn more about this framework and stay up to date on the latest news, read the following blogs from Information Security and previous posts from the Security Tools Team blog.

Risk Tracker sample application download

CISF: Build Custom Security Solutions

Jossie Tirado — Wed, 16 Sep 2009 16:46:00 GMT

Mark Curphey and Marius Grigoriu, from Microsoft Information Security, talk about the release of the first version of Connected Information Security Framework (CISF). A software development framework comprising of API’s and reusable components that is designed to create bespoke or custom information security and risk management solutions like Risk Tracker.

Microsoft’s IT Information Security Tools Team designs and develops CISF to “engineer the security delta” meaning as a way to rapidly meet business requirements and create functionality that doesn’t exist or is not yet available in their product range.

They explain benefits found on this framework including:

Building information security applications cheaper, faster, and better
Migrate applications efficiently and effectively to their products when they become available

To learn more about this framework and stay up to date on the latest news, read the following blogs from Information Security and previous posts from the Security Tools Team blog.

CISF CTP download

BinScope Overview and Demo

Jeff Jones — Wed, 16 Sep 2009 11:33:00 GMT

This brief video gives a brief overview of the BinScope Binary Analyzer and then walks through how to configure and use BinScope to analyze an application within Visual Studio. The walkthrough demonstrates integration with TFS and the SDL Process Template, showing easy creation of work items from detected problems.

Download BinScope here and begin leveraging the verification capabilities of BinScope immediately

Learn more about the Microsoft Security Development Lifecycle (SDL) and tools Microsoft has published at the SDL Tool Repository site.

MiniFuzz Overview and Demo

Jeff Jones — Wed, 16 Sep 2009 11:33:00 GMT

This brief video gives a brief overview of the MiniFuzz File Fuzzer and then walks through how to configure and use MiniFuzz to perform fuzz testing on an application. The walkthrough launches MiniFuzz as an add-on to Visual Studio and demonstrates integration with TFS, showing automatic creation of work items from detected crashes.

Download MiniFuzz here to get started with this easy to use file fuzzing tool

Learn more about the Microsoft Security Development Lifecycle (SDL) and tools Microsoft has published at the SDL Tool Repository site.

MSRC Monthly Security Bulletin Webcast - September 2009

Trustworthy Computing — Fri, 11 Sep 2009 02:55:00 GMT

The Microsoft Security Response Center (MSRC) holds a monthly webcast to discuss the security bulletins that we released on the second Tuesday of that month. To attend live and ask questions, register at http://www.microsoft.com/technet/security.

In this edition, Jerry Bryant and Adrian Stone present information about the September 2009 Security Bulletins and answer customer questions live. See the MSRC blog for a transcript of the questions and answers that were addressed during the live session: http://blogs.technet.com/msrc

For more information about the MSRC, please visit:
http://www.microsoft.com/security/msrc/default.mspx

September 2009 Security Bulletin Overview

Trustworthy Computing — Tue, 08 Sep 2009 17:25:00 GMT

This is a basic overview of the security bulletins released by the Microsoft Security Response Center (MSRC) in September 2009 for end users. For bulletin details, please visit:

http://www.microsoft.com/technet/security
or
http://www.microsoft.com/security

Other resources mentioned in the video:

Microsoft Update: http://update.microsoft.com

Video on how to install updates on Vista >>

This video is brought to you by the Trustworthy Computing security response communications team.

Windows 7: How to use Bitlocker-to-go

James O'Neill — Sun, 06 Sep 2009 23:26:00 GMT

In this video we have a look at Bitlocker to go - how it is configured, how key recovery works and what the user interface looks like for down-level operating systems.

DirectAccess is Key to Microsoft IT Remote Access Strategy

Microsoft IT Showcase — Wed, 02 Sep 2009 07:01:00 GMT

Microsoft IT has leveraged DirectAccess as its future in preferred remote access technology. DirectAccess is a new feature in Windows 7 and Window Server 2008 R2. With DirectAccess, users are always connected to the corporate network whenever they are connected to the Internet, and without having to use a VPN. This seamless and ubiquitous access method has resulted both significant end user and business benefits for Microsoft.

ACE from the Field: Laura A. Robinson on the Realities of Security

Jossie Tirado — Tue, 01 Sep 2009 16:54:00 GMT

We’ve invited Talhah Mir, from Microsoft Information Security, to interview folks from the ACE Team that currently work on the field for a weekly video series.

Laura has worked with and for enterprise customers in financial services, bio-pharma, energy and other industries, focusing on security since the mid-nineties. Over the last fifteen years, she has been passionate about understanding both the functional and security needs of businesses and developing a workable balance between the two. Listen to her thoughts around cloud computing and its future in the enterprise.

See more stories on www.msinfosec.com

Windows 7 Security Overview

Trustworthy Computing — Thu, 20 Aug 2009 07:01:00 GMT

Built upon the security foundations of Windows Vista, Windows 7 introduces the right security enhancements to give users the confidence that Microsoft is helping keep them protected. Businesses will benefit from enhancements that help protect company sensitive information, that provide stronger protections against malware and that help secure anywhere access to corporate resources and data. In this session we will discuss the core security features of Windows 7 and explore their usage scenarios.

Paul A. Cooke - CISSP
Director, Microsoft

For more information, visit:
http://www.microsoft.com/endtoendtrust

FPE vs FOPE and Exchange 2010

David Tesar — Wed, 19 Aug 2009 07:01:00 GMT

Mike Chan, PM for the Forefront team, breaks down the differences between security protection for Forefront Protection for Exchange (FPE), Forefront Online Protection for Exchange (FOPE), and the built-in protection which exists in Exchange 2010. We start out with a brief history of the messaging products and then dig into the details of differences between FPE, FOPE, and Exchange 2010 on the whiteboard at [4:22]. Should you run FPE alone or FPE and FOPE? Watch and decide.

Download the RC for FPE
Visit the FPE homepage