Tuesday, January 25, 2011

Win a copy of Windows 7 Ultimate in our “Best Windows Story” Contest!

Microsoft is  giving away a copy of Windows 7 Ultimate to the ten (10) best Windows stories from IT Professionals. Stories can be related to how Windows 7 saved your company money, solving your application compatibility issues, deployment, management of your installations, and virtually anything else. The more compelling your story, the better chance you have to win.

Go HERE to learn more


Technorati Tags:

Windows 7and Server 2008r2 New Security Features


With the introduction of Windows 7 and Server 2008 r2 there are new security features that an auditor or IT professional should be aware of. As you roll out the new operating system, what are the issues and benefits that your company will see? What are the risks, benefits and issues that need to be planned for?

In this session I will be covering these important issues with the use of lecture, demos and group discussions.

If these are questions that you and your organization are asking, then we invite you to attend our session, “Windows 7 and Server 2008r2 New Security Features.”


The educational session will introduce attendees to the key issues surrounding deploying these new operating systems and using features that help reduce risk for enterprises and organizations.


· Windows 7 new features

o Demo of new features

o Tricks and demos

o Hard drive encryption

o Bitlocker to go

· Server 2008 R2

o New group polices

o New Audit and logging features

o NAP – Network Access Protection

o Direct Access

o Hyper-v (Server virtualization)

· Deployment Issues

o XP to Windows 7

o Discussion

o MDT 2010

o XP Mode

· Analysis of Windows Event Logs


● Audit and risk professionals whose organizations are considering Windows 7 and Server 2008 r2 Security Risks.

● Information Security professionals interested in learning about Windows 7, and Server 2008 r2 deployment issues, new features and benefits.

This Session is being offered to the

ISACA- Connecticut Chapter on January 31 from 8:30 AM - 4:30 PM

To register for this event click here

and again for the

ISACA – New England Chapter 

February 18  from  8:30 AM - 4:30 PM

2 Financial Center
60 South Street
Boston, MA 02111

To register for this event click Here


Monday, January 24, 2011

Security Webinar Securing Communications

In this session, I will cover the following topics by applying what you have learned in the first of three-part webinar series devoted to the subject of Protecting Your Network by using Cryptography to solve some IT issues.


  • Applying Cryptography to OSI Model
  • Securing Services with the use of Cryptography
    • Web Servers
    • Mail Servers
  • Right Managements for protecting data
  • Network Traffic
  • VPN in the following modes
    • Gateway-to-Gateway VPN
    • Host-to-Gateway VPN
  • Securing Network traffic with IPsec
  • Wireless Weaknesses
  • Securing wireless with Cryptography
    • We will explore WEP, WPA, and WPA2
  • Steganography

To attend this session on February 23, 2011 Time - Noon - 1 PM ET

Click Here

Part Three:  will be Disaster Recovery – April 27, 2011

Speaking at DOD Cyber Crime Conference 2011


On Wednesday Jan 26 I will be presenting 3 sessions, they are;

Presentation Title: Security for the Network Administrator

Date and Time: 01/26/2011, 0830-1020

Location: Great Hall D

Track: Information Assurance

Description: You are a new system administrator and have been trained to maintain that system. But have you been trained to secure it? Many network administrators are assigned the task of securing a network, but they have no idea how to do that.
Do you understand the “Big Picture” and how your actions could compromise the security of your vital data and systems? Most administrators are living in a silo of information and don’t have a real view of the big picture. This results from network administrators thinking “It’s Not My Job”. While true from an evaluation point of view, this can lead to major security issues.
During this presentation, we will help you break out of the silo and get the big picture. We’ll help you identify security issues and how and where to report them.


Presentation Title: Securing the Weakest Link

Date and Time: 01/26/2011, 1320-1420

Location: Great Hall D

Track: Information Assurance

Description: Network security issues are something organizations are faced with everyday. You can implement technologies such as IDS/IPS and firewalls to help lock down your network. However, have you considered how to protect your networks against non-technical intrusions such as social engineering?
This session will explore 10 things you can do now to help protect and defend your data, network, and personnel against social engineering attacks.
During this presentation, we’ll discuss the following topics:
-How Easy It is to Gain Information That Can Put You at Risk
-How Social Engineering Can Also Be Done via Technology
-Case Studies and Examples of Techniques That Work to Social Engineer Users

Presentation Title: Understand the Security Concerns Associated with Virtualization

Date and Time: 01/26/2011, 1500-1600

Location: Great Hall D

Track: Information Assurance

Description: Many organizations realize the benefits of implementing virtualization. In fact, by implementing virtualization, you can reduce the physical number of host computers. But does it reduce or add risk to your infrastructure?
The goal of this session is to take a look at all of the issues and identify areas of concern as a cyber specialist.


7 Overlooked Network Security Threats for 2011

Here is a link to a great article on network security.

Threat Area
Worst Case Scenarios

1. Insider Threat
Enterprise data including backups destroyed, valuable secrets lost, and users locked out of systems for days or even weeks.

2. Tool Bloat Backlash
Decision-makers become fed up with endless requests for security products and put a freeze on any further security tools.

3. Mobile Device Security
A key user's phone containing a password management application is lost. The application itself is not password-protected.

4. Low Tech Threats
A sandbox containing a company's plan for its next generation of cell phone chips is inadvertently exposed to the public Internet.

5. Risk Management
A firm dedicates considerable resources to successfully defend its brochure-like, ecommerce-less web site from attack, but allows malware to creep into the software of its medical device product.

6. SLA Litigation
Although the network administrator expressed reservations, a major customer was promised an unattainable service level for streaming content. The customer has defected to the competition and filed a lawsuit.

7. Treacheries of Scale
A firm moves from a decentralized server model to a private cloud. When the cloud's server farm goes offline, all users are affected instead of users in a single region.

To read the full article go here


Security Webinar Authentication and Cryptography

Brief Overview:

I will be presenting a session on  "Authentication and Cryptography," I will examine the following topics:

  • Verifying who is a user and to what they have access
  • Different ways a user can be validated to computer and network resources
  • How Cryptograph is used to protect data
  • Symmetric and Symmetric Encryption
  • What are hashes?

In our webinar session on February 23, 2011, we will discuss Using Encryption to Protect Your Data. In the last webinar of this series entitled Disaster Recovery, we will take this information from theory and show you how to use this technology.


In this session we will cover:

  • Identification:
    • Something a user knows
    • Something a user possesses
    • Something a user is or does
  • Issues
    • Distribution
    • Cost
    • Tracking
  • Elements
  • Password Protocols
  • Hashes
  • Kerberos
  • Cryptography Benefits
    • Confidentiality
      • Encryption
    • Integrity
      • Message digests
    • Authentication
      • Public-key cryptography
    • Non-repudiation
      • Digital signatures
  • Symmetric Encryption
  • Asymmetric Process
  • Digital Signatures
  • Certificate Authorities
  • Models
  • Lifecycle
  • Distribution

To attend this session on  2/9/2011 at  Time: 12:00 PM ET

Click Here

Then on February 23, 2011, I will discuss Using Encryption to Protect Your Data. In the last webinar of this series entitled Disaster Recovery, we will take this information from theory and show you how to use this technology.

Other session that you may want to look at include

Cyber Security Part One: Identity Theft

Understanding Cyber Security Physical Security

Understanding Cyber Security Risk Management


Friday, January 21, 2011

Active Directory Federation Services 2.0 RTW Update

Active Directory Federation Services 2.0 helps IT enable users to collaborate across organizational boundaries and easily access applications on-premises and in the cloud, while maintaining application security. Through a claims-based infrastructure, IT can enable a single sign-on experience for end-users to applications without requiring a separate account or password, whether applications are located in partner organizations or hosted in the cloud.

The Windows Server 2008 R2 setup package for AD FS 2.0 was updated on 1/5/2011. This updated package contains hotfixes that will prevent the errors described in the following support articles from occurring whenever AD FS 2.0 is installed on a server running the Windows Server 2008 R2 operating system:

Get the update here


Tuesday, January 18, 2011

Windows Upgrade Starter to Home Premium Deal

The current deal is if you buy a netbook with starter you can upgrade to Home Premium  for only 19.95 !  You just need to purchase Windows anytime upgrade at the same time !

Windows Anytime Upgrade?

With Windows Anytime Upgrade: Windows 7 Starter to Home Premium, your customers can upgrade their new netbook PC safely, quickly, and easily. Then they can customize it with themes and photos and enjoy entertainment anywhere. By taking advantage of this offer, customers get everything in Windows 7 Starter, plus more:

  • Live Preview See lots of open programs and windows at a glance with live taskbar previews.
  • Netflix – Customers can watch what they want in one place. With Windows Media Center and a Netflix account, they can stream thousands of movies and TV shows directly from Netflix.
  • Internet TV – Use Windows Media Center to find and watch a variety of TV shows on the Internet.
  • Remote Media Streaming – Customers can go on the road without taking all their entertainment. They can enjoy music, photos, and videos from their home PC with remote media streaming in Windows Media Player.
  • Desktop Personalization – Help your customers make their PC look the way they want. They can personalize their desktop with their own photos, themes, and sounds.

* For Internet TV, you’ll need Internet access. Free Internet TV content varies by geography. Some content may require additional fees. Internet TV is not available in all countries.


Offer is good Nov 7 to April 2 while supplies last

Thursday, January 13, 2011

Cell Phone a Security Nightmare?

Is a cell a phone was just a phone?

The current cells phone today is smart phones with more power that you desktop that 7 years old. Think of what you keep on your phone, Mail Contact, Schedules, and other data what would happen if that device was lost or stolen or compromised and theft or you competing got that information

Here are some simple things to do.

Don't Lose Your Phone - Know where you phone is at all times and do not leave it out at bars and public places, Keep it with you. Do not leave it in you parked car.

Lock you phone and set a password (a strong one not 1111, 1234 etc.)

Here's how to find time-out settings on various smartphone OSs:

    • Android: now supports PINs and passwords
    • BlackBerry: enable the password, and set the security time-out options.
    • Windows Phones: can set or change the password, and also set the screen time-out.

Remote wipe means that if your phone is lost or stolen, you can remotely clear all of your data--including e-mail, contacts, texts, and documents--off of the handset, thus keeping that information out of the wrong hands. Check with you Company or Phone provide about this service

Trojan Horses, Malware, and Viruses and Third-Party Apps

  • Software protection: like Lookout that can protect the Phone and the anti-viruses manufacture have software as well.
  • Third-Party Apps can become an issue, once an apps is installed it can access to your personal data and location. You need to think or ask what the app does and what information will it share?

List of State Breach Disclosure Laws

I found this resource list, it show the State Breach Disclosure Laws, you can search this site for your state and what you need to do or what your legal responsibilities are.

Click Here 

Wednesday, January 12, 2011

Microsoft Security Essentials free to small Businesses.

Microsoft Security Essentials will become free to use for organizations with up to 10 PCs.

Originally released last year for single-PC use at home, Microsoft Security Essentials was designed as a comprehensive security solution in a lightweight package.

Microsoft Security Essentials can be downloaded, installed and put to work with just a few clicks. Upon installation, it scans the PC to make sure it’s clean from the start. Once Microsoft Security Essentials is working, it downloads updates and schedules scans on its own.

Over the past year, the product has won awards and certifications from a number of independent agencies, such as ICSA Labs, West Coast Labs and PC Advisor, and last January, PC Advisor named Microsoft Security Essentials to its list of the “Best Free Software.”

This is a full-featured, top-tier security solution that Microsoft is offering to small businesses for free. You don’t need a credit card. It requires no registration, no trials, no renewals. It doesn’t collect any credit card information. It runs well on older hardware. It’s easy to use, easy to get, and it’s from a trusted source. Basically, Microsoft Security Essentials just works.”

But if the product is so successful, why offer it for free? According to Microsoft’s internal research, although 80 percent of PC owners in the U.S. say they have the most up-to-date antivirus protection, in reality only half that many actually do. Often they have signed up for free trials or subscription-based services that have lapsed. Others are just using outdated versions of security software on older hardware.

Microsoft Security Essentials is now available in 74 markets worldwide and 25 languages. To learn more about Microsoft Security Essentials and download the product for free, visit http://www.microsoft.com/security_essentials/.


Copy-and-Paste Coming to Windows Phone 7

A series of Windows Phone 7 updates are coming over the next few months, including adding the copy-and-paste feature and improving the phone’s performance when loading or switching between applications.

Microsoft also is working to make Windows Phone 7 available from Sprint and Verizon in the first half of 2011, and more languages will become available later this year.


New Microsoft Touch Mouse Announced



Microsoft Touch Mouse is the new multitouch mouse for Windows 7 that will let you click, flick, scroll and swipe so it’s easy and fun to interact with your PC.

Designed to enhance your Windows 7 usage, the Touch Mouse combines the virtues of a mouse with the rich natural language of gesture to offer a more intuitive way to navigate your PC. Touch Mouse also features BlueTrack Technology so you can track virtually anywhere, anytime.1

Top Features and Benefits

· New! Multitouch surface lets you use natural gestures to snap, navigate and control content with a touch of a finger.

· New! Flick scrolling functionality lets you quickly scroll and pan through windows and documents.

· New! Improved task switching on Windows 7 gives you superior mouse performance and experience on the PC.

· BlueTrack Technology allows you to ditch your mouse pad and mouse on virtually any surface,1 including granite, marble, carpet and wood.

· Snap-in Nano transceiver gives you the option to leave the transceiver plugged into the computer or conveniently store it in the bottom of the mouse.

· 2.4GHz wireless technology gives you a confident wireless connection.

· Ambidextrous design for use with either hand.

See the Difference

Touch Mouse Gestures — Easy as 1, 2, 3

Touch Mouse lets you do everything you’re used to doing with a mouse, such as point and click, but also adds gestures with one, two or three fingers to amplify the Windows 7 operating system by creating simple shortcuts to the tasks you want to do most. clip_image002

Shorter Shortcuts for Windows 7

With the Touch Mouse, you can use your mouse to do tasks that normally involve the keyboard.


Availability and Pricing

Touch Mouse will be available in June 2011 for the estimated retail price of $79.95 (U.S.).2 It will be available for presale starting today at Amazon.com and the Microsoft Store online.

Touch Mouse is backed by a worldwide three-year limited hardware warranty. The limited warranty and license agreement are available at http://www.microsoft.com/hardware/warranty.

Some information in this fact sheet relates to pre-release products, which may be substantially modified before they are commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

1 BlueTrack Technology does not work on clear glass or mirrored surfaces.

2 Estimated retail price. Actual retail price may vary.


Technorati Tags:

Data Encryption Toolkit for Mobile PCs

Get tested guidance and powerful tools to help you protect your organization's most vulnerable data. The strategies outlined in this toolkit are easy to understand, and the guidance shows you how to optimize two key encryption technologies already available to you in Windows XP, Windows Vista, or Windows 7: the Encrypting File System (EFS) and BitLocker Drive Encryption.

Click here

Technorati Tags:

Data Security in Windows Azure

Data Security in Windows Azure: Part 1
Explore the various methods and tools for securing your application data in Windows Azure including methods for securing Azure Storage accounts and data during the transition to the cloud. This video also covers protocols for securing requests to, and responses from, Azure Storage, platform-provided methods for ensuring data integrity, and cryptographic pubic key distribution between Azure roles and Azure Fabric Controller.

Data Security in Windows Azure: Part 2
Learn how to make your Azure Storage container and blob items URL-addressable in a secure fashion, including the setup of permission structure on the URLs, generating hashes to secure individual items and containers, expiration and revocation of storage hashes and keys, and auditing access to the store.

How to Configure SQL Azure Security
Familiarize yourself with security within SQL Azure with demonstrations on the creation of logins, databases and users and information about sys.sql_logins and sys.databases, which allow the display of logins and databases from the master database

How to Configure the SQL Azure Firewall
The Microsoft SQL Azure service prevents access to your SQL Azure server with the SQL Azure firewall. You can use the SQL Azure portal or master database to review and edit your firewall configuration. This topic describes how you can define firewall settings to specify which clients should have access to your SQL Azure server. For more information, see SQL Azure Firewall.

How to Configure the SQL Azure Firewall
The Microsoft SQL Azure service prevents access to your SQL Azure server with the SQL Azure firewall. You can use the SQL Azure portal or master database to review and edit your firewall configuration. This topic describes how you can define firewall settings to specify which clients should have access to your SQL Azure server. For more information, see SQL Azure Firewall.

Technorati Tags:

Microsoft Security Resources

New Version of Microsoft Security Compliance Manager (SCM) Version Now Available
Now updated to work reliably behind corporate proxy servers; Microsoft SCM v.1.1.2 also features security baselines for Windows 7, Microsoft Office 2010, Windows Server 2008 R2, and Windows Internet Explorer 8. Download the latest version of this free tool and starting moving toward more effective security and compliance processes for some of the most widely-used Microsoft products.

Securing Client Access Servers in Exchange Server 2010
Learn how to manage security and authentication related options available for a computer running Microsoft Exchange Server 2010 that has the Client Access server role installed.

Hardening SQL Server for SharePoint Environments
Get a summary of hardening recommendations then specific details on how to configure a SQL Server instance to listen on a non-default port, how to configure and test a SQL client alias, and much more.

BranchCache Security Guide
Get comprehensive guidance on how to manage the security of the Microsoft BranchCache feature introduced in Windows Server 2008 R2 and Windows 7.

Securing Windows Server
Get a consolidated view of the feature overviews, step-by-step-guides, and configuration tips for the various security and protection technologies in Windows Server 2008 and Windows Server 2008 R2 from authorization and information protection to security management and network security.

Windows Server 2008 and Windows Server 2008 R2 IT Compliance Management
Download the IT Compliance Management Series to access free tools and guidance to help you configure Windows Server 2008 and Windows Server 2008 R2 to address specific IT governance, risk, and compliance (GRC) requirements.

Security Tip of the Month: Using the Enhanced Mitigation Experience Toolkit to Safeguard Against Zero Days
There have been a number of zero-day vulnerabilities circulating around the Internet recently. Find out how the Enhanced Mitigation Experience Toolkit (EMET) can help you manage security mitigations for your systems.

And do not forget for the Home user if they get Virus, Malware or failed security up date they get free support by calling 1-866 PCSAFETY


Find Free Windows 7 Online Clinics

Acquire hands-on experience with Windows 7. Whether you are an IT professional, information worker, or home and office user, free online clinics can help you master various tasks with Windows 7.


Windows 7 Development Boot Camp

For the Win: Windows 7 Development Boot Camp
January and February 2011
Web and cloud may be all the rage, but many developers are still doing hardcore client development. If you are among them, this Boot Camp is for you. In this full-day event, we will explore how to maximize your impact on the Windows client. Interactive sessions will include topics from throughout the Windows development platform. We will look at application compatibility and transitioning your applications to Windows 7, integrating with the Windows Taskbar, developing for Internet Explorer 9, utilizing the cool functionality in the Sensors and Location Platform so that your application better responds to its current environment, and leveraging multi-touch capabilities.
Click on your desired city below to register:

Cross Post from Microsoft


Technorati Tags:

Bulk exam vouchers with free exam retakes

Save 15% on Microsoft Certification For Your IT Team
Organizations with more certified staff see a 10% increase in on-time and on-budget deployments. Microsoft Certification can help ensure your IT team has the qualifications to deploy, use, and manage Windows 7. Learn how you can save 15% when you purchase a 10-pack of Microsoft Certification exam vouchers with free exam retakes for your team.


Technorati Tags:

New Springboard Resources

Deploying the Core Optimized Desktop Using the Microsoft Deployment Toolkit (MDT)
Get step-by-step guidance on how to use MDT 2010 to automate the installation and configuration of the core Optimized Desktop technologies: Windows 7, the Microsoft Desktop Optimization Pack (MDOP), Forefront, and Microsoft Office 2010. Guidance on deploying the core Optimized Desktop using System Center Configuration Manager 2007 R2 is also available.

Local P2V Migration Using MDT 2010 and Sysinternals Disk2VHD
Find out how to use MDT 2010 and Sysinternals Disk2VHD to redeliver users' old desktops as fully functional virtual machines. Following these steps can provide a safety net by enabling continued access to users' previous computing environment during Windows 7 deployment.

Updated: Windows 7 Application Compatibility List for IT Professionals
Download this Microsoft Office Excel-based spreadsheet for a list of software applications that have met Windows 7 Logo Program testing requirements for compatibility with 32-bit and 64-bit Windows 7. This list includes applications with the following compatibility statuses: "Compatible," "Free Update Required," "Paid Update Required," "Future Compatibility," and "Not Compatible." These statuses are based upon the software publishers' statements of compatibility.

Go to Springboard site for Lots of great information click here


Phishing how to protect yourself

Phishing is  method that criminals use to steal you identity online. It uses email and fraudulent websites that are designed to steal your personal data or information such as credit card numbers, passwords, account data, or other information.

Phishing send millions of fraudulent email messages with links to fraudulent websites that appear to come from websites you trust, like your bank or credit card company, and request that you provide personal information. Criminals can use this information for many different types of fraud, such as to steal money from your account, to open new accounts in your name, or to obtain official documents using your identity.

Prevent ID theft from phishing scams do the following to help protect yourself from phishing scams:

  • Don't click links in email messages.


  • Type addresses directly into your browser or use your personal bookmarks.


  • Check the site's security certificate before you enter personal or financial information into a website.


  • Don't enter personal or financial information into pop-up windows.


  • Keep your computer software current with the latest security updates.

If you suspect that you've responded to a phishing scam with personal or financial information, do the following;

  • Change the passwords or PINs on all your online accounts that you think could be compromised.


  • Place a fraud alert on your credit reports. Check with your bank or financial advisor if you're not sure how to do this.


  • Contact the bank or the online merchant directly. Do not follow the link in the fraudulent email.


  • If you know of any accounts that were accessed or opened fraudulently, close those accounts.


  • Routinely review your bank and credit card statements monthly for unexplained charges or inquiries that you didn't initiate.

How do I report a possible phishing scam?

  • Internet Explorer. While you are on a suspicious site, click the Safety button or menu in Internet Explorer 8 and point to SmartScreen Filter. Then click Report Unsafe Website and use the webpage that is displayed to report the website.


  • Windows Live Hotmail. If you receive a suspicious email that asks for personal information, click the check box next to the message in your Hotmail inbox. Click Mark as and then point to Phishing scam.



The Bottom Line THINK if you not sure do not respond even better do not open the email….

Technorati Tags: ,