Monday, August 30, 2010

Location of Identity Theft Talk

I did a webcast on Identity Theft last week, and people have asked can I view it again. The Webinar was recorded and is available for playback by clicking here.

“Arming Your Company (and yourself) Against Identity Theft” was the first in a four-part Webinar series introduced by Global Knowledge.

Be sure to watch for the remaining three parts of this Webinar Series devoted to the subject of Cyber Security:

Part Two: Cyber Security - Risk Management 9/22 - To register for this Webinar, go here.

Part Three: Cyber Security - Physical Security 10/27

Part Four: Cyber Security - Patch Management 11/17

Thursday, August 19, 2010

Free e-book: Introducing Windows Server 2008 R2

Learn about the features of Windows Server 2008 R2 in the areas of virtualization, management, the web application platform, scalability and reliability, and interoperability with Windows 7. Sign in to download Introducing Windows Server 2008 R2, written by industry experts Charlie Russel and Craig Zacker along with the Windows Server team at Microsoft.

To download the book click here.


Online talk on Identity Theft

I will be presenting a talk on Identity Theft on 8/25/2010 at 12:00 PM ET.

You can  attend this free webinar by going here

Hardly a day goes by without hearing about someone becoming a victim of identity theft or learning about another corporate data breach. Corporations and individuals are constantly under attack by cyber criminals. Since 2005 more than 300 million records containing sensitive information have been involved in security breaches in the US alone!

Global Knowledge is introducing an exclusive four part Webinar series devoted to the subject of Cyber Security, based on our recently announced hands-on cyber security course entitled Cyber Security Foundations.

In Part One, "Arming Your Company (and yourself) Against Identity Theft" we will examine the following topics:

  • Understanding what information cyber criminals are after
  • How they obtain this information
  • How to protect your company and yourself from being victim
  • How to recognize if information has been stolen

Be sure to watch for the remaining three parts of this Webinar Series:

  • Part Two: Cyber Security - Risk Management
  • Part Three: Cyber Security - Physical Security
  • Part Four: Cyber Security - Patch Management

You can  attend this free webinar by going here

The presenter is  Jayson Ferron, CEHI, CISM, CISSP, CWSP, MCITP, MCSE, MCT, MVP NSA-IAM,

Jay Ferron brings more than 20 years of experience in security, networking, virtualization, and high performance computing. A multi-faceted author, trainer, speaker, and designer, Jay has led the development of Windows and UNIX security designs, network infrastructures, enterprise designs and installations for numerous Fortune 500 companies as well as government and health agencies.

Jay is the author of more than 15 courseware books and papers for Microsoft and other vendors on security, networking, and virtualization technologies. In his current work at Global Knowledge, he is building a unique cyber security program that provides a global perspective of the challenges of designing a secure system.


Saturday, August 14, 2010

Microsoft Security Intelligence Report Volume 8

Microsoft post a report on the state of security that is very telling on the state of security and trends affecting users.

The Microsoft Security Intelligence Report (SIR) is a comprehensive and wide-ranging study of the evolving threat landscape, and addresses such topics as software vulnerability disclosures and exploits, malicious software (malware), and potentially unwanted software. An example to the kind of date has been taken from the latest report, shows trends in malware.


Volume 8 of the Microsoft® Security Intelligence Report provides in-depth perspectives on malicious and potentially unwanted software, software exploits, security breaches, and software vulnerabilities in both Microsoft and third party software. Microsoft developed these perspectives based on detailed analysis over the past several years, with a focus on the second half of 2009 (2H09)1.
This document summarizes the key findings of the report. The full Security Intelligence Report also includes deep analysis of trends found in more than 26 countries/regions around the world and offers strategies, mitigations, and countermeasures that can be used to manage the threats that are documented in the report.
The full Security Intelligence Report, as well as previous volumes of the report and related videos, can be downloaded from

For any security profession this is a great resource.

Get the full report here.


Monday, August 9, 2010

Improving Your Image – repost from Springboard Site.

This is a repost of an article that I think people need to follow. I am ask a lot of times what the best way to image a computer. I have share the stage with Jeremy Chapman at Tech•Ed taking about this and referenced this content before, so now i adding it to my blog.

I have learned much of what I know but talking with the folks at Microsoft when it come to Imaging  using the free tools an now Jeremy (the product manager) has started a group of articles to help other understand the process.

Jeremy Chapman

Improving Your Image: Sector-Based, File-Based, and Simper - What Makes the Most Sense?
By Jeremy Chapman, Senior Product Manager, Microsoft Corporate
After spending a few weeks on the road speaking at Tech•Ed and other events, I was struck by the fact that many IT pros haven't used any of the Microsoft tools for imaging and deployment. All in all, it seemed as though half of the room at my sessions had never seen or heard everything about file-based imaging and tools like ImageX and the Microsoft Deployment Toolkit or System Center Configuration Manager. The other half may have heard about the tools, but had never used them.

I get a lot of feedback from people that we are "selling" the Microsoft tools for imaging when we should be talking about the sector-based ones that people are using for Windows XP now. This is interesting feedback because the tools we are talking about-the Windows Automated Installation Kit, the Microsoft Deployment Toolkit, etc.-are free to download and use. In any regard, I have spent a lot of time with people who are using heavily-scripted solutions and thick sector-based images for their Windows XP environments. Some organizations even get down to one or two Windows XP managed images by customizing Hardware Abstraction Layer (HAL)-swapping with sysprep.inf-a practice that Microsoft hasn't supported, but one that is well known in the deployment community.
So what is the right way to do this? What are the pros and cans of each scenario? What is it that makes the sector-based solutions so attractive? These questions boil down to a couple of factors:

1. Image size - network bandwidth consumed + multicast support

2. Hardware coverage

3. Speed to lay down the image

4. Ease of use and familiarity - especially if you have to have a UI

5. Ease of creation - automating daily/weekly/monthly builds

6. Post-creation image management

All of these factors (and others) contribute to the decision about which tool(s) to use for imaging and deployment.
Then there is the question about when to use the System Preparation (Sysprep) Tool. In November, Mark Russinovich discussed in his blog the use of sysprep.inf or sysprep.exe. While his blog post referenced the fact that duplicate SIDs do not cause the issues they were once thought to cause, this made many question the use of the Sysprep tool overall. For those who hadn't been using Sysprep, their decision appeared to be validated. This sparked a lively philosophical debate among extremely knowledgeable individuals in our internal and MVP deployment communities that was very fun to watch and participate in. The fact is, however, that Sysprep is a necessary tool for imaging and deploying Windows client operating systems. Mark even clarified this in the April 29th Springboard Series Virtual Roundtable on Windows 7 Deployment and noted this in his blog:
"Note that Sysprep resets other machine-specific state that, if duplicated, can cause problems for certain applications like Windows Server Update Services (WSUS), so Microsoft's support policy will still require cloned systems to be made unique with Sysprep."
Based on these recent events, and a general desire in the IT pro community to know the pros and cons of file-based and sector-based imaging, I am going to help the Springboard Series with a series of blog posts on the topic of sector-based imaging versus file-based imaging. I hope to answer the question I pose in the title "Sector-Based, File-Based, and Sysprep. What Makes the Most Sense?" No combination is perfect or applies to all scenarios, but if you've had questions about which you should be using, keep checking the Springboard Series blog or sign up for automatic updates on new blog posts via RSS.


Microsoft out-of-band security update to .LNK Issue

Microsoft is releasing an out-of-band security update to address the .LNK vulnerability described in Microsoft Security Advisory 2286198. MS10-046 addresses one vulnerability in Windows, which has a maximum severity rating of Critical and an Exploitability Index rating of 1. The security vulnerability affects all supported editions of Windows, including Windows XP, Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2.

It is recommended that customers deploy the update as soon as possible to help protect their computers from criminal attacks. The security update protects against attempts to exploit the vulnerability by several malware families

This alert is to provide you with an overview of the new security bulletin released (out-of-band) on August 2, 2010.


Microsoft is releasing one new security bulletin (out-of-band) for newly discovered vulnerabilities:

Bulletin Identifier

Microsoft Security Bulletin MS10-046

Bulletin Title

Vulnerability in Windows Shell Could Allow Remote Code Execution (2286198)

Executive Summary

This security update resolves a publicly disclosed vulnerability in Windows Shell. The vulnerability could allow remote code execution if the icon of a specially crafted shortcut is displayed. The security update addresses the vulnerability by correcting validation of shortcut icon references. This security update also addresses the vulnerability first described in Microsoft Security Advisory 2286198.

Affected Software

This security update is rated Critical for all supported editions of Windows.

CVE, Exploitability Index Rating

CVE-2010-2568: Shortcut Icon Loading Vulnerability (EI = 1)

Attack Vectors

  • A maliciously crafted shortcut file.
  • Common delivery mechanisms: a maliciously crafted Web page, an e-mail attachment, an instant message, a peer-to-peer file share, a network share, or a USB thumb drive.

Mitigating Factors

  • Users would have to be persuaded to visit a malicious Web site.
  • Exploitation only gains the same user rights as the logged-on account. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • Blocking outbound SMB connections on the perimeter firewall reduces the risk of remote exploitation using file shares.

Restart Requirement

The update will require a restart.

Bulletins Replaced by This Update


Publicly Disclosed?

Yes—this vulnerability was publicly disclosed prior to release. More information is contained in Microsoft Security Advisory 2286198.
Yes—this vulnerability has been exploited in the wild at release.

Full Details


EasyBCD a tool for managing you bootloader

EasyBCD extends and revamps the Windows Vista/Windows 7 BCD bootloader, and with EasyBCD, almost anything is possible.

Setting up and configuring a dual-boot between Windows 7, Windows Vista, older versions of Windows such as XP & 2003, Linux, Ubuntu, BSD, and Mac OS X is a breeze. You just point & click and EasyBCD does the rest.


EasyBCD is geared for users of all kinds. Whether you just want to add an entry to your old XP partition or want to create a duplicate for testing purposes;Boot into XP/Vista/7/Ubuntu/OS X and more!

  • Boot from USB, Network, ISO images, Virtual Hard disks (VHD), WinPE, and more!
  • Repair the Windows bootloader, change your boot drive, create a bootable USB, and more!
  • Rename entries, set default boot target, change BCD timeout, hide the boot menu, and more!
  • Create your own custom boot sequence, hide drives on boot, backup and restore configurations, and more!

This is much easer to work with then using the command line tools built-in to windows.

Download EasyBCD here


Technorati Tags: ,

Microsoft Baseline Security Analyzer 2.2

To easily assess the security state of Windows machines, Microsoft offers the free Microsoft Baseline Security Analyzer (MBSA) scan tool. MBSA includes a graphical and command line interface that can perform local or remote scans of Microsoft Windows systems.
MBSA 2.2 builds on the previous MBSA 2.1.1 version that a supports Windows 7 and Windows Server 2008 R2 and corrects minor issues reported by customers. As with the previous MBSA versions, MBSA 2.2 includes 64-bit installation, security update and vulnerability assessment (VA) checks and support for the latest Windows Update Agent (WUA) and Microsoft Update technologies. More information on the capabilities of MBSA is available on the MBSA Web site.
MBSA 2.2 runs on Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003, Windows XP and Windows 2000 systems and will scan for missing security updates, rollups and service packs using Microsoft Update technologies. MBSA will also scan for common security misconfigurations (also called Vulnerability Assessment checks) using a known list of less secure settings and configurations for all versions of Windows, Internet Information Server (IIS) 5.0, 6.0 and 6.1, SQL Server 2000 and 2005, Internet Explorer (IE) 5.01 and later, and Office 2000, 2002 and 2003 only.
To assess missing security updates, MBSA will only scan for missing security updates, update rollups and service packs available from Microsoft Update. MBSA will not scan or report missing non-security updates, tools or drivers.

Get MBSA 2.2 here.


Wednesday, August 4, 2010

Presentation at DACS meeting on Office 2010


Microsoft’s Office Suite is one of the industry’s longest lasting “killer app”. Even with competition from and Google Docs, it proves to be like a fine wine, improving with age. Microsoft is taking notice of what their competitors are offering and addresses them with new features and enhancements to the applications you’ve come to know so well.

Lucky for us, Jay Ferron will be returning to the Danbury Computer Society (DACS) stage August 3rd to show us all of Microsoft Office’s newest features and enhancements for 2010. You may remember Jay from a previous presentation he gave us on the then-new Microsoft Vista and Office 2007.

Jay is a self-proclaimed geek who has authored; Architecting Microsoft Server Virtualization Solutions with Hyper-V™, System Center Virtual Machine Manager, and assorted articles on Microsoft Technologies published in Smart Computing Magazine.

He is also involved with the American Red Cross National Headquarters Emergency response team dealing with computing and communications in a disaster.

Microsoft Office 2010 has improved the capabilities for the user to not only include graphics and video into files, but to edit them as well! While this may not be as powerful as a stand-alone professional editor, it also doesn’t require purchasing an expensive suite to do most of the changes people do make and it is easier to use.

Office 2010 is also Microsoft’s latest foray into integrating with Cloud computing! Office combines the power of the desktop applications with the accessibility of an online storage site and availability to open these same files with their online office cloud applications! This means you never have to be far away from your documents, nor are your collaborators even if they do not have Office 2010 installed on their systems.

Even the ribbon interface introduced with Office 2007 has seen some improvement. The layout and controls are better laid out and, even better, are customizable!

So, if you’ve held off on upgrading your Office, now may be the time to jump. With numerous improvements from interfaces to integration and collaboration to graphics you’ll be pressed not to find a new feature you like!

Danbury Area Computer Society (DACS) is a registered nonprofit and has been serving the region since 1990. Members receive an award-winning newsletter, members-only workshops and events, and access to volunteer phone support.

As a reminder, our General Meetings are free and open to the public so invite anyone you know who would be interested in this topic.

DACS meetings are held at the Danbury Hospital auditorium. (Click here for directions.) Activities begin at 6:30 p.m. with registration and casual networking. The meeting starts at 7:00 p.m. with a question and answer period (Ask DACS), followed by announcements and a short break. The featured evening presentation begins at 8:00.

Cross post off WWW.DACS.ORG


Technorati Tags: ,,

Tuesday, August 3, 2010

Microsoft Security Compliance Manager

Download Microsoft Security Compliance Manager


About This Solution Accelerator

The Microsoft Security Compliance Manager provides centralized security baseline management features, a baseline portfolio, customization capabilities, and security baseline export flexibility to accelerate your organization’s ability to efficiently manage the security and compliance process for the most widely used Microsoft technologies.

Take advantage of the experience of Microsoft security professionals, and reduce the time and money required to harden your environment. This end-to-end Solution Accelerator will help you plan, deploy, operate, and manage your security baselines for Windows® client and server operating systems, and Microsoft applications. Access the complete database of Microsoft recommended security settings, customize your baselines, and then choose from multiple formats—including XLS, Group Policy objects (GPOs), Desired Configuration Management (DCM) packs, or Security Content Automation Protocol (SCAP)—to export the baselines to your environment to automate the security baseline deployment and compliance verification process. Use the Microsoft Security Compliance Manager to achieve a secure, reliable, and centralized IT environment that will help you better balance your organization’s needs for security and functionality.

Description: MSCM graphic_top.png

Key Features & Benefits

  • Centralized Management and Baseline Portfolio: The centralized management console of the Microsoft Security Compliance Manager provides you with a unified, end-to-end user experience to plan, customize, and export security baselines. The tool gives you full access to a complete portfolio of recommended baselines for Windows® client and server operating systems, and Microsoft applications. Additionally, the Microsoft Security Compliance Manager enables you to quickly update the latest Microsoft baseline releases and take advantage of baseline version control.
  • Security Baseline Customization: Customizing, comparing, merging, and reviewing your baselines just got easier. Now you can use the new customization capabilities of the Microsoft Security Compliance Manager to duplicate any of the recommended baselines from Microsoft—for Windows client and server operating systems, and Microsoft applications—and quickly modify security settings to meet the standards of your organization’s environment.
  • Multiple Export Capabilities: Export baselines in formats like XLS, Group Policy objects (GPOs), Desired Configuration Management (DCM) packs, or Security Content Automation Protocol (SCAP) to enable automation of deployment and monitoring baseline compliance.

Included in the Download

The Microsoft Security Compliance Manager download includes the following components:

  • Microsoft_Security_Compliance_Manager_Setup.exe – The Microsoft Security Compliance Manager allows you to view, update, and export security baselines.
  • LocalGPO.msi – This tool is designed to manage local group policies of a computer such as applying a security baseline and exporting the local Group Policy.

Launch the download of the Microsoft Security Compliance Manager.

This is a cross post of a Microsoft article that I feel is important to share.

Windows® Server 2008 R2 Security Baseline beta

For any security professional one of the the key tenets is base lining you system. Microsoft has made this easer with a new set of tools.  The beta 2 version of the Windows® Server 2008 R2 Security Baseline is now available for you to download... and it now includes a setting pack!

What is a setting pack?
Since the release of the Security Compliance Manager (SCM) tool, one of the most frequent requests has been to add all of the available Group Policy settings to the Microsoft security baselines so that you can access them in the SCM tool. While our baselines include hundreds of settings, there are hundreds of additional settings available in Group Policy. In response to this request, the team created setting packs. The setting packs include the basic information required by the SCM tool to define custom baselines that you can use to create GPO backups, DCM configuration packs, and SCAP content. You can learn more about setting packs on the program description page. Use the links provided in this message to join the program or go directly to the program description page.
Meet your business-critical needs and elevate the security of Windows Server 2008 R2 with this updated beta 2 security baseline and the new setting pack. It combines best-practice guidance with the Security Compliance Manager (SCM) tool to help you plan, deploy, and monitor the security of your Windows Server 2008 R2 servers.

Preview this new security baseline, and get the knowledge to effectively deploy and monitor your security baseline for Windows Server 2008 R2 faster and easier.

This beta 2 security baseline for Windows Server 2008 R2 is formatted for easy import using SCM. You must first join the program

and then use the Download link found in the upper left hand corner of the Connect page. You will find detailed instructions about how to import the download file into SCM on the here