By Kai Axford, CISSP, Senior Security Strategist, Microsoft Trustworthy Computing Group
Security—you hear about it every day. Being responsible for information security can be a daunting task, so where do you begin? From the design of acceptable use policies to preventing insiders from stealing data, the job can be a challenging one. Read and learn as Kai Axford discusses each layer of Defense in Depth and shows you how to mitigate the new risks in security. This article might leave you rethinking the methods that you’re currently using.

This toolkit provides you with best practices for planning, deploying, monitoring, and remediating a security baseline for your organization. The toolkit offers a proven method that you can use to effectively monitor the compliance state of a security baseline for the Windows Vista, Windows XP with Service Pack 2 (SP2), and Windows Server 2003 with SP2 operating systems.

Microsoft Forefront Client Security and Network Access Protection together provide an additional defense-in-depth layer against malicious attacks and give administrators a significant degree of control over the security and health of networked computers. This kit includes a Forefront Client Security system health agent (SHA) and system health validator (SHV) Deployment Guide, SHV and SHA components for 32-bit and 64-bit platforms, and supplementary materials.

Download the 120-day trial software to see firsthand how Microsoft System Center Mobile Device Manager 2008 with the Windows Mobile 6.1 operating system can help to improve mobile device security, simplify management, and lower costs.

Microsoft Forefront Security for Office Communications Server provides fast and effective protection against IM-based malware by including multiple scanning engines from industry-leading security partners and helps reduce corporate liability by blocking IM messages containing inappropriate content. Download the beta and try it for yourself.

Get an overview of the different security features and enhancements in Windows Server 2008 and learn how you can use them in your organization's defense-in-depth strategy.

When you want to reduce the total cost of ownership of the workstations in your organization, application lockdown can be a great help, helping you to limit IT issues related to unsupported applications. See how you can use software restriction policies and Group Policy to control the applications that are run throughout your IT infrastructure.

Security policy settings are among the settings that are contained in Group Policy objects (GPOs) in Windows Vista. Learn about the new security policy settings for Windows Vista and about those that have changed from Windows XP.

The physical security of your server computers is an important but often overlooked part of the entire security checklist. Read this article for reminders on how to help prevent unauthorized personnel from gaining access to the physical computers, as well as for tips and tricks.

Learn about the hardening requirements for an extranet environment in which a Microsoft Office SharePoint Server 2007 server farm is placed inside a perimeter network and content is available from the Internet or from the corporate network.

The Microsoft System Center Configuration Manager 2007 Network Access Protection (NAP) feature provides a set of tools and resources that can enforce compliance of software updates on client computers to help protect the integrity of your enterprise network. Get detailed information about planning, configuring, managing, monitoring, and troubleshooting NAP.

The query string is a potential vehicle for attack on pages that have security holes. The QueryString module presented in this article requires no coding in source pages and automatically checks the posted query string against a given schema that is saved in a separate XML file. This means there’s one more built-in barrier against attackers but with zero impact on existing code.

Intended for merchants who accept payment cards, financial institutions that process payment card transactions, and service providers—third-party companies that provide payment card processing or data storage services—this guide is designed to help organizations meet Payment Card Industry Data Security Standard (PCI DSS) requirements.

•

MS08-030: Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (951376)

•

MS08-031: Cumulative Security Update for Internet Explorer (950759)

•

MS08-033: Vulnerabilities in DirectX Could Allow Remote Code Execution (951698)

•

MS08-034: Vulnerability in WINS Could Allow Elevation of Privilege (948745)

•

MS08-035: Vulnerability in Active Directory Could Allow Denial of Service (953235)

•

MS08-036: Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service (950762)

•

MS08-032: Cumulative Security Update of ActiveX Kill Bits (950760)

Alberto Oliveira is an experienced information security consultant with more than 10 years in the industry. He holds numerous certifications including MCSA/MCSE Security 2000 and 2003, MCT, MCP in Microsoft Internet Security and Acceleration (ISA) Server 2000 and ISA Server 2004, CompTIA professional Security+, and Symantec SCTA. Alberto currently works for Microsoft Gold Certified Partner Lanlink and is an active member in the TechNet forums. He also participates in sessions related to security and ISA Server at numerous events.

By Alberto Oliveira, Microsoft Forefront MVP and Yuri Diogenes, Security Support Engineer, Microsoft ISA and IAG Team
Achieving security without sacrificing usability, flexibility, and connectivity from anywhere is one of the biggest challenges that companies face today. This article looks at in-depth defense strategy from the perspective of the most important layers of security and indicates which products Microsoft provides to help make networks, applications, and data more secure.

•

See a List of Supported Service Packs: Microsoft provides free software updates for security and nonsecurity issues for all supported service packs.

In this edition of TechNet radio, learn how to improve the security of access to corporate data and line-of-business applications and how to simplify the management of Windows Mobile devices. You’ll hear explanations about how System Center Mobile Device Manager 2008 provides features such as integration into the Active Directory service, rich inventory and reporting tools, more secure virtual private network (VPN) access, and more. WMA | MP3 High | MP3 Low

Join InformationWeek mobility expert Eric Zeman and Microsoft mobility expert Chip Vollers for a webcast about the strategies, insights, and tools your enterprise needs to efficiently and effectively deploy and manage mobile devices and to provide access to line-of-business applications—without putting your corporate data at risk.

Find upcoming security webcasts in a dynamic, interactive format.

•

TechNet Webcast: Compliance and Archiving in Communications Server 2007 (Level 200)
Monday, June 16, 8:00 AM Pacific Time
Byron Spurlock, Consultant - Microsoft Consulting Services, Microsoft Corporation

•

TechNet Webcast: Forefront Security for SharePoint Content Filtering Drill-Down (Level 300)
Tuesday, June 17, 1:00 PM Pacific Time
Noelle Mendez-Villamil, Senior Product Manager, Microsoft Corporation

•

TechNet Webcast: IAG 2007 in Under an Hour (Level 300)
Monday, June 16, 11:30 AM Pacific Time
Uri Lichtenfeld, Product Manager, Microsoft Corporation

•

TechNet Webcast: Forefront Client Security Deployment (Part 2 of 2) (Level 300)
Monday, June 16, 1:00 PM Pacific Time
Chris Avis, IT Pro Evangelist, Microsoft Corporation

•

TechNet Webcast: A Technical Introduction to Forefront Security for Communications Server (Level 300)
Thursday, June 19, 11:30 AM Pacific Time
Kelli Cook, Product Manager, Microsoft Corporation

•

TechNet Webcast: New Identity and Access Technologies in Windows Server 2008 (Level 200)
Thursday, June 19, 9:30 AM Pacific Time
Brjann Brekkan, Technical Product Manager, Microsoft Corporation

•

TechNet Webcast: Protecting Sensitive Data with Active Directory Rights Management Services in Windows Server 2008 (Level 300)
Friday, June 20, 11:30 AM Pacific Time
Cristian Mora Aguilar, Technical Product Manager, Microsoft Corporation

•

TechNet Webcast: How Microsoft IT Uses Forefront Client Security (Level 300)
Wednesday, June 18, 1:00 PM Pacific Time
Shawn Travers, IT Pro Evangelist, Microsoft Corporation

•

TechNet Webcast: Troubleshooting Forefront Client Security in Large Enterprises (Level 300)
Friday, June 20, 1:00 PM Pacific Time
Shawn Travers, IT Pro Evangelist, Microsoft Corporation

•

TechNet Webcast: Information About Microsoft July Security Bulletins (Level 200)
Wednesday, July 09, 11:00 AM Pacific Time
Bill Sisk, Security Response Communications Manager, Microsoft Corporation and Adrian Stone, Lead Security Program Manager, Microsoft Corporation

•

MSDN Webcast: Introduction to SharePoint Products and Technologies for .NET Developers: User Management (Level 200)
Tuesday, June 17, 9:00 AM Pacific Time
Robert L. Bogue, Microsoft MVP for SharePoint Server, Thor Projects LLC

•

MSDN Webcast: ADO.NET Data Services Overview (Part 1 of 2) (Level 100)
Tuesday, June 17, 11:00 AM Pacific Time
Rob Bagby, Developer Evangelist, Microsoft Corporation

•

MSDN Webcast: ADO.NET Data Services Overview (Part 2 of 2) (Level 100)
Tuesday, June 24, 11:00 AM Pacific Time
Rob Bagby, Developer Evangelist, Microsoft Corporation

•

TechNet Webcast: 2008 Defense in Depth Security Series
This eight-part webcast series will walk you through each layer of Defense in Depth and will teach you how to apply these principles to your organization’s IT strategy and environment.