Welcome to the Microsoft Security Newsletter - a monthly newsletter for IT professionals and developers bringing security news, guidance, updates, and community resources direct to your inbox. To view an online version of this newsletter, please click here. If you would like to receive less technical security news, guidance and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter.
Viewpoint
|
|
By Kai Axford, CISSP, Senior Security Strategist, Microsoft Trustworthy Computing Group
Security—you hear about it every day. Being responsible for information security can be a daunting task, so where do you begin? From the design of acceptable use policies to preventing insiders from stealing data, the job can be a challenging one. Read and learn as Kai Axford discusses each layer of Defense in Depth and shows you how to mitigate the new risks in security. This article might leave you rethinking the methods that you’re currently using.
|
Top Stories
|
|
This toolkit provides you with best practices for planning, deploying, monitoring, and remediating a security baseline for your organization. The toolkit offers a proven method that you can use to effectively monitor the compliance state of a security baseline for the Windows Vista, Windows XP with Service Pack 2 (SP2), and Windows Server 2003 with SP2 operating systems.
|
|
|
Microsoft Forefront Client Security and Network Access Protection together provide an additional defense-in-depth layer against malicious attacks and give administrators a significant degree of control over the security and health of networked computers. This kit includes a Forefront Client Security system health agent (SHA) and system health validator (SHV) Deployment Guide, SHV and SHA components for 32-bit and 64-bit platforms, and supplementary materials.
|
|
|
Download the 120-day trial software to see firsthand how Microsoft System Center Mobile Device Manager 2008 with the Windows Mobile 6.1 operating system can help to improve mobile device security, simplify management, and lower costs.
|
|
|
Microsoft Forefront Security for Office Communications Server provides fast and effective protection against IM-based malware by including multiple scanning engines from industry-leading security partners and helps reduce corporate liability by blocking IM messages containing inappropriate content. Download the beta and try it for yourself.
|
Security Guidance
|
|
Get an overview of the different security features and enhancements in Windows Server 2008 and learn how you can use them in your organization's defense-in-depth strategy.
|
|
|
When you want to reduce the total cost of ownership of the workstations in your organization, application lockdown can be a great help, helping you to limit IT issues related to unsupported applications. See how you can use software restriction policies and Group Policy to control the applications that are run throughout your IT infrastructure.
|
|
|
Security policy settings are among the settings that are contained in Group Policy objects (GPOs) in Windows Vista. Learn about the new security policy settings for Windows Vista and about those that have changed from Windows XP.
|
|
|
The physical security of your server computers is an important but often overlooked part of the entire security checklist. Read this article for reminders on how to help prevent unauthorized personnel from gaining access to the physical computers, as well as for tips and tricks.
|
|
|
Learn about the hardening requirements for an extranet environment in which a Microsoft Office SharePoint Server 2007 server farm is placed inside a perimeter network and content is available from the Internet or from the corporate network.
|
|
|
The Microsoft System Center Configuration Manager 2007 Network Access Protection (NAP) feature provides a set of tools and resources that can enforce compliance of software updates on client computers to help protect the integrity of your enterprise network. Get detailed information about planning, configuring, managing, monitoring, and troubleshooting NAP.
|
|
|
The query string is a potential vehicle for attack on pages that have security holes. The QueryString module presented in this article requires no coding in source pages and automatically checks the posted query string against a given schema that is saved in a separate XML file. This means there’s one more built-in barrier against attackers but with zero impact on existing code.
|
|
|
Intended for merchants who accept payment cards, financial institutions that process payment card transactions, and service providers—third-party companies that provide payment card processing or data storage services—this guide is designed to help organizations meet Payment Card Industry Data Security Standard (PCI DSS) requirements.
|
This Month's Security Bulletins
Critical:
Important:
Moderate:
Community / MVP Update
|
|
Alberto Oliveira is an experienced information security consultant with more than 10 years in the industry. He holds numerous certifications including MCSA/MCSE Security 2000 and 2003, MCT, MCP in Microsoft Internet Security and Acceleration (ISA) Server 2000 and ISA Server 2004, CompTIA professional Security+, and Symantec SCTA. Alberto currently works for Microsoft Gold Certified Partner Lanlink and is an active member in the TechNet forums. He also participates in sessions related to security and ISA Server at numerous events.
|
|
|
By Alberto Oliveira, Microsoft Forefront MVP and Yuri Diogenes, Security Support Engineer, Microsoft ISA and IAG Team
Achieving security without sacrificing usability, flexibility, and connectivity from anywhere is one of the biggest challenges that companies face today. This article looks at in-depth defense strategy from the perspective of the most important layers of security and indicates which products Microsoft provides to help make networks, applications, and data more secure.
|
Microsoft Product Lifecycle Information
Security Events and Training
|
|
In this edition of TechNet radio, learn how to improve the security of access to corporate data and line-of-business applications and how to simplify the management of Windows Mobile devices. You’ll hear explanations about how System Center Mobile Device Manager 2008 provides features such as integration into the Active Directory service, rich inventory and reporting tools, more secure virtual private network (VPN) access, and more. WMA | MP3 High | MP3 Low
|
Upcoming Security Webcasts
|
|
Join InformationWeek mobility expert Eric Zeman and Microsoft mobility expert Chip Vollers for a webcast about the strategies, insights, and tools your enterprise needs to efficiently and effectively deploy and manage mobile devices and to provide access to line-of-business applications—without putting your corporate data at risk.
|
|
|
Find upcoming security webcasts in a dynamic, interactive format.
|
For IT Professionals
For Developers
Microsoft On-Demand Webcasts
|
Back to newsletter list
