Welcome to the Microsoft Security Newsletter - a monthly newsletter for IT professionals and developers bringing security news, guidance, updates, and community resources direct to your inbox. If you have suggestions or comments about the Microsoft Security Newsletter, please send us your feedback. To view an online version of this newsletter, please click here. If you would like to receive less technical security news, guidance and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter.
Viewpoint
|
|
By Steve Riley, Senior Security Strategist, Microsoft Trustworthy Computing
Protecting your data is so important that it deserves the bulk of your attention. Attackers constantly improve their tactics as their motives become more sinister. This article discusses how, by adjusting your tactics, you can be certain that you are doing your part to keep your information secure.
|
Top Stories
|
|
Announced this month, the new Microsoft Forefront solution, codename "Stirling," is a single product that will deliver unified security management and reporting with comprehensive, coordinated protection across client, server applications, and network edge. "Stirling" acts as a distributed system, sharing and correlating information to identify complex threats, and dynamically responding to protect the organization.
|
|
|
Learn about the new features and functionality of Windows Server 2008. Windows Server 2008 provides powerful improvements to networking, advanced security features, remote application access, centralized server role management, performance and reliability monitoring tools, failover clustering, deployment, and the file system.
|
|
|
A multifaceted approach to data privacy management involves a combination of people, processes, and technology solutions. This paper focuses on the important role technology plays in helping enterprises responsibly protect and manage personal information, mitigate risk, achieve compliance, and promote trust and accountability.
|
Security Guidance
|
|
By Jeff Williams, CIPP, CISSP and Director, Microsoft Malware Protection Center
Data protection policies need to be well thought out and consider not only the systems in direct control of the business, but also the credentials by which employees can access those systems remotely. In this month's tip, learn why, beyond policy, awareness is a key element to the protection of data in your business.
|
|
|
Every day the news has reports of both minor and significant data losses. It's ridiculous that important data is lost so often, but the reality is that information is lost because people simply fail to protect it. This article focuses specifically on steps IT professionals can take to secure their company's data during its entire lifecycle.
|
|
|
The Data Encryption Toolkit for Mobile PCs provides tested guidance and powerful tools to help you protect your organization's most vulnerable data. The toolkit is divided into four components: an executive overview, the security analysis, the planning and implementation guide, and the Microsoft Encrypting File System Assistant.
|
|
|
This white paper from the Microsoft Antimalware Team explores the technical methods used by both hardware- and software-based key loggers, how keystroke loggers are integrated with specific malware threats, the user experience associated with various key loggers installed, and the social and legal appropriateness of various use scenarios.
|
|
|
This document describes how Microsoft Internet Security and Acceleration (ISA) Server handles personally identifiable information (PII). As an administrator, you should be aware of these guidelines to help you comply with legal or corporate guidelines as required.
|
|
|
This document is a public version of the extensive internal privacy guidelines for developers Microsoft published to help protect customer privacy. These guidelines are based on our internal guidelines and our experience incorporating privacy into the development process.
|
|
|
This overview explains the steps to take when deploying a Platform for Privacy Preferences (P3P) privacy scheme on a Web site beginning with the Web site's natural-language privacy policy.
|
|
|
Online accounts, computer files, personal information, and company information are more secure when you use strong passwords to help protect them. Offer this tool to your co-workers to help them gauge the strength of their passwords.
|
|
|
The need for security and enhanced privacy is increasing as electronic forms of identification replace face-to-face and paper-based ones. This TechNet guide provides details about smart cards as a key component of its PKI support, enhancing software-only solutions, such as client authentication, interactive logon, and secure e-mail as well as serving as a point of convergence for public key certificates and associated keys.
|
This Month's Security Bulletins
|
|
In May 2007, Microsoft announced updates to the layout of our Security Bulletins and to the Advanced Notification Service (ANS). The Security Bulletin layout was changed based on customers' feedback that they need to quickly determine the bulletins severity and application to their environment. The ANS changes will provide customers with additional details for the upcoming bulletins to aid in deployment planning. These changes were implemented in June 2007.
|
Critical:
Important:
Moderate:
MVP Update
|
|
|
|
Tony is a Security Consultant with BT INS, based in Houston, TX. He has more than nine years of computer networking and administration experience, focusing the last five years on security. Tony works with customers to align business needs with technology and ensure that information security is a tool, rather than a roadblock for business. Tony is also the writer and editor of the About.com site for Internet / Network Security and writes frequently for many technical publications and Web sites. Tony is coauthor of Hacker's Challenge 3, and author of Essential Computer Security and was also a contributing author on other books including Winternals, Combating Spyware in the Enterprise, Emerging Threat Analysis, Botnets, and PCI Compliance.
|
|
|
By Tony Bradley, CISSP-ISSAP, Microsoft MVP, Windows Security
One of the major areas of concern for many network and security administrators today is information leakage. Classified information, however, extends beyond the personally identifiable information stored on a network. Microsoft Security MVP Tony Bradley outlines the various angles an organization should consider when approaching data privacy.
|
Partners with Expertise in Security Solutions
|
|
CREDANT Technologies is the market leader in mobile data protection solutions. CREDANT's secure mobility solutions reduce the cost of compliance, enabling business processes to quickly and safely "go mobile." Mobile Guardian, for example, is the only centrally managed mobile data protection solution that provides strong authentication, intelligent encryption, usage controls, and key management that guarantees data recovery.
|
|
|
The PGP Universal product family secures all types of confidential data, wherever and however organizations use it. Built on mature cryptographic technology, PGP Universal allows enterprises to comply with regulatory, business partner, and customer security requirements while protecting their intellectual property. Using PGP Universal, enterprises deploy one key infrastructure and later add new encryption capabilities and devices without changing that infrastructure.
|
Microsoft Product Lifecycle Information
Security Events and Training
|
|
Join your TechNet Events team for a free, half-day pit stop and learn how to keep your most critical systems up and running safely. We'll kick off by covering the fresh reliability and recovery features in the new Windows Vista. We'll also examine the upcoming Windows Server 2008 and discuss the latest enhancements to Active Directory and Group Policy that make it easier to manage large and complex networks. Finally, we'll explore how the new Forefront Client Security solution protects against malware threats and defends you before, during, and after an outbreak.
|
|
|
This month's Learning Path for Security will show you how to reduce and control the challenges and complexities of enterprisewide identity and access management. Gain more control by providing a single view of a user's identity across the enterprise through the automation of common tasks. Learn how to use an integrated approach with smart cards, certificate and password management, and user provisioning. Bonus: Take part in any TechNet or MSDN virtual lab or labcast through June 30, and you could win a digital SLR camera package. Click here for details.
|
Upcoming Security Webcasts
TechNet 2007 Microsoft Office System Webcast Series
Watch the TechNet 2007 Microsoft Office system webcast series and learn all about improved security and control features, enhanced privacy and asset protection, and streamlined deployment and management. These webcasts let you focus on what matters to you.
Microsoft On-Demand Webcasts
| • |
TechNet Webcast: Protecting Privacy on the Microsoft Platform (Level 300)
In the era of proliferating privacy regulations worldwide, encryption requirements are everywhere. However, "encryption" does not necessarily mean protection: If we hand over the keys to a robber, then he is going to enter our house despite the lock on the doors. In this webcast, we discuss various encryption approaches that organizations have proposed or implemented, and distinguish between those that merely satisfy a simple "checkmark" on a privacy auditor's list, and those that actually provide the protection that was intended by the regulations.
|
For IT Professionals
For Developers
|
|
|
Volume 4, No. 6  June 2007 |
|
Upcoming Chats
| • |
Learn How to Protect Your PC: Chat with the Security MVP Experts
June 21, 4:00 PM Pacific Time
We invite you to attend a Q&A with Microsoft Security MVPs. MVP experts will answer your questions about online safety issues such as phishing, spyware, and rootkits, as well as server-related topics. If you have questions on how to protect your PC, please bring them to this informative chat.
|
| • |
Get Ready for Data Protection Manager 2007 Beta 2
June 26, 8:30 AM Pacific Time
Join this chat to discuss the new features in System Center Data Protection Manager 2007 Beta 2, including the protection of virtual servers, Microsoft SharePoint products and technologies, and Windows desktops, along with disaster recovery capabilities. |
|
|
|
|
|
|
|
Additional Security Resources
|
|
|
© 2007 Microsoft Corporation. All rights reserved. Microsoft, Active Directory, Forefront, MSDN, SharePoint, SQL Server, Windows, and Windows Server, and Visual Studio are trademarks of the Microsoft Group of companies. All other trademarks are property of their respective owners.
To cancel your subscription to this newsletter, reply to this message with the word *** in the Subject line. You can also *** at http://www.microsoft.com/info/***.htm. You can manage all your Microsoft.com communication preferences at this site.
Legal Information.
This newsletter was sent by the Microsoft Corporation
1 Microsoft Way
Redmond, Washington, USA
98052 |
|
|
|
|
Back to newsletter list
