Year: 2010

For a limited time, you can download the 10-chapter e-book Introducing Microsoft SQL Server 2008 R2, by Ross Mistry and Stacia Misner. Learn all about the powerful new database administration and business intelligence development enhancements available with this new edition of SQL Server 2008–sign up to download this free e-book offer.

This Thursday night  I will be at the;

NYACC (New York Amateur Computer Club Inc) General Meeting Thursday   September 9, 2010  at  7PM
NYU Silver Building   See front desk for room number
32 Waverly Place (just east of Washington Square Park)

Windows 7
Presented by Jayson Ferron
President Association of PC User Groups
Get an understanding of what’s new, what improvements are in the OS and its hardware requirements. See the new User interface, Security features, and much more.

The Start menu features integrated desktop search which can help you find and launch almost anything on your PC. Just type in a word, a name, or a phrase, and Quick Search can find the right file for you. But more than that, the new start menu makes it very easy for you to navigate across all of the installed applications on your PC.

Learn new desktop tricks that make it easier to work with multiple documents.

—

The New York Amateur Computer Club was established in March 1975 with the mission to further education in diverse areas of personal computing. The presentations at monthly meetings cover various platform computing systems and range from in-depth technical subjects to general overviews with broad appeal.

General meetings are always held on the second Thursday of each month and start promptly at 7 PM with announcements followed by a period of Questions and Answers called Random Access in which members and visitors are encouraged to ask technical questions or ask for advice on purchasing or using software, hardware, and related issues. There is a short break before the main presentation to enable attendees to meet and greet each other and to buttonhole people to get more detailed answers to specific questions. As an alternate to the main meeting, if a few people are interested, a new- or prospective-user group meeting is held to assist beginners.

The general meetings are open without charge to the public.

We meet at New York University (NYU) in the Silver Building (the main administration building) each second Thursday of the month. The website of the club, www.nyacc.org has the latest information regarding meeting location and subject of the main presentation. Room location is always available at the main floor security desk of the building. NYU requires some form of photo ID (driver’s license, school ID, Corporate card, etc) to enter the building.

On the following topics

• Securing the Weakest Link
• Security for the Network Administrator
• Understand the Security Concerns Associated with Virtualization

Stay Tune for more information as the event draws closer.

Information on the conference is here at http://www.dodcybercrime.com/

UNIQUENESS OF THE CYBER CRIME CONFERENCE

This conference focuses on all aspects of computer crime and incident response including intrusion investigations, cyber crime law, digital forensics, information assurance, as well as the research, development, testing, and evaluation of digital forensic tools.

The goal is to prepare attendees for the new crimes of today and the near future. Speakers will discuss new approaches and new perspectives with the current movers and shakers in cyber crime.

I did a webcast on Identity Theft last week, and people have asked can I view it again. The Webinar was recorded and is available for playback by clicking here.

“Arming Your Company (and yourself) Against Identity Theft” was the first in a four-part Webinar series introduced by Global Knowledge.

Be sure to watch for the remaining three parts of this Webinar Series devoted to the subject of Cyber Security:

Part Two: Cyber Security – Risk Management 9/22 – To register for this Webinar, go here.

Part Three: Cyber Security – Physical Security 10/27

Part Four: Cyber Security – Patch Management 11/17

Learn about the features of Windows Server 2008 R2 in the areas of virtualization, management, the web application platform, scalability and reliability, and interoperability with Windows 7. Sign in to download Introducing Windows Server 2008 R2, written by industry experts Charlie Russel and Craig Zacker along with the Windows Server team at Microsoft.

To download the book click here.

I will be presenting a talk on Identity Theft on 8/25/2010 at 12:00 PM ET.

You can  attend this free webinar by going here

Hardly a day goes by without hearing about someone becoming a victim of identity theft or learning about another corporate data breach. Corporations and individuals are constantly under attack by cyber criminals. Since 2005 more than 300 million records containing sensitive information have been involved in security breaches in the US alone!

Global Knowledge is introducing an exclusive four part Webinar series devoted to the subject of Cyber Security, based on our recently announced hands-on cyber security course entitled Cyber Security Foundations.

In Part One, "Arming Your Company (and yourself) Against Identity Theft" we will examine the following topics:

• Understanding what information cyber criminals are after
• How they obtain this information
• How to protect your company and yourself from being victim
• How to recognize if information has been stolen

Be sure to watch for the remaining three parts of this Webinar Series:

• Part Two: Cyber Security – Risk Management
• Part Three: Cyber Security – Physical Security
• Part Four: Cyber Security – Patch Management

You can  attend this free webinar by going here

The presenter is  Jayson Ferron, CEHI, CISM, CISSP, CWSP, MCITP, MCSE, MCT, MVP NSA-IAM,

Jay Ferron brings more than 20 years of experience in security, networking, virtualization, and high performance computing. A multi-faceted author, trainer, speaker, and designer, Jay has led the development of Windows and UNIX security designs, network infrastructures, enterprise designs and installations for numerous Fortune 500 companies as well as government and health agencies.

Jay is the author of more than 15 courseware books and papers for Microsoft and other vendors on security, networking, and virtualization technologies. In his current work at Global Knowledge, he is building a unique cyber security program that provides a global perspective of the challenges of designing a secure system.

Microsoft post a report on the state of security that is very telling on the state of security and trends affecting users.

The Microsoft Security Intelligence Report (SIR) is a comprehensive and wide-ranging study of the evolving threat landscape, and addresses such topics as software vulnerability disclosures and exploits, malicious software (malware), and potentially unwanted software. An example to the kind of date has been taken from the latest report, shows trends in malware.

Volume 8 of the Microsoft® Security Intelligence Report provides in-depth perspectives on malicious and potentially unwanted software, software exploits, security breaches, and software vulnerabilities in both Microsoft and third party software. Microsoft developed these perspectives based on detailed analysis over the past several years, with a focus on the second half of 2009 (2H09)1.
This document summarizes the key findings of the report. The full Security Intelligence Report also includes deep analysis of trends found in more than 26 countries/regions around the world and offers strategies, mitigations, and countermeasures that can be used to manage the threats that are documented in the report.
The full Security Intelligence Report, as well as previous volumes of the report and related videos, can be downloaded from www.microsoft.com/sir.

For any security profession this is a great resource.

Get the full report here.

This is a repost of an article that I think people need to follow. I am ask a lot of times what the best way to image a computer. I have share the stage with Jeremy Chapman at Tech•Ed taking about this and referenced this content before, so now i adding it to my blog.

I have learned much of what I know but talking with the folks at Microsoft when it come to Imaging  using the free tools an now Jeremy (the product manager) has started a group of articles to help other understand the process.

Improving Your Image: Sector-Based, File-Based, and Simper – What Makes the Most Sense?
By Jeremy Chapman, Senior Product Manager, Microsoft Corporate
After spending a few weeks on the road speaking at Tech•Ed and other events, I was struck by the fact that many IT pros haven’t used any of the Microsoft tools for imaging and deployment. All in all, it seemed as though half of the room at my sessions had never seen or heard everything about file-based imaging and tools like ImageX and the Microsoft Deployment Toolkit or System Center Configuration Manager. The other half may have heard about the tools, but had never used them.

I get a lot of feedback from people that we are "selling" the Microsoft tools for imaging when we should be talking about the sector-based ones that people are using for Windows XP now. This is interesting feedback because the tools we are talking about-the Windows Automated Installation Kit, the Microsoft Deployment Toolkit, etc.-are free to download and use. In any regard, I have spent a lot of time with people who are using heavily-scripted solutions and thick sector-based images for their Windows XP environments. Some organizations even get down to one or two Windows XP managed images by customizing Hardware Abstraction Layer (HAL)-swapping with sysprep.inf-a practice that Microsoft hasn’t supported, but one that is well known in the deployment community.
So what is the right way to do this? What are the pros and cans of each scenario? What is it that makes the sector-based solutions so attractive? These questions boil down to a couple of factors:

1. Image size – network bandwidth consumed + multicast support

2. Hardware coverage

3. Speed to lay down the image

4. Ease of use and familiarity – especially if you have to have a UI

5. Ease of creation – automating daily/weekly/monthly builds

6. Post-creation image management

All of these factors (and others) contribute to the decision about which tool(s) to use for imaging and deployment.
Then there is the question about when to use the System Preparation (Sysprep) Tool. In November, Mark Russinovich discussed in his blog the use of sysprep.inf or sysprep.exe. While his blog post referenced the fact that duplicate SIDs do not cause the issues they were once thought to cause, this made many question the use of the Sysprep tool overall. For those who hadn’t been using Sysprep, their decision appeared to be validated. This sparked a lively philosophical debate among extremely knowledgeable individuals in our internal and MVP deployment communities that was very fun to watch and participate in. The fact is, however, that Sysprep is a necessary tool for imaging and deploying Windows client operating systems. Mark even clarified this in the April 29th Springboard Series Virtual Roundtable on Windows 7 Deployment and noted this in his blog:
"Note that Sysprep resets other machine-specific state that, if duplicated, can cause problems for certain applications like Windows Server Update Services (WSUS), so Microsoft’s support policy will still require cloned systems to be made unique with Sysprep."
Based on these recent events, and a general desire in the IT pro community to know the pros and cons of file-based and sector-based imaging, I am going to help the Springboard Series with a series of blog posts on the topic of sector-based imaging versus file-based imaging. I hope to answer the question I pose in the title "Sector-Based, File-Based, and Sysprep. What Makes the Most Sense?" No combination is perfect or applies to all scenarios, but if you’ve had questions about which you should be using, keep checking the Springboard Series blog or sign up for automatic updates on new blog posts via RSS.

Microsoft is releasing an out-of-band security update to address the .LNK vulnerability described in Microsoft Security Advisory 2286198. MS10-046 addresses one vulnerability in Windows, which has a maximum severity rating of Critical and an Exploitability Index rating of 1. The security vulnerability affects all supported editions of Windows, including Windows XP, Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2.

It is recommended that customers deploy the update as soon as possible to help protect their computers from criminal attacks. The security update protects against attempts to exploit the vulnerability by several malware families

This alert is to provide you with an overview of the new security bulletin released (out-of-band) on August 2, 2010.

NEW SECURITY BULLETIN OVERVIEW

Microsoft is releasing one new security bulletin (out-of-band) for newly discovered vulnerabilities:

EasyBCD extends and revamps the Windows Vista/Windows 7 BCD bootloader, and with EasyBCD, almost anything is possible.

Setting up and configuring a dual-boot between Windows 7, Windows Vista, older versions of Windows such as XP & 2003, Linux, Ubuntu, BSD, and Mac OS X is a breeze. You just point & click and EasyBCD does the rest.

EasyBCD is geared for users of all kinds. Whether you just want to add an entry to your old XP partition or want to create a duplicate for testing purposes;Boot into XP/Vista/7/Ubuntu/OS X and more!

• Boot from USB, Network, ISO images, Virtual Hard disks (VHD), WinPE, and more!
• Repair the Windows bootloader, change your boot drive, create a bootable USB, and more!
• Rename entries, set default boot target, change BCD timeout, hide the boot menu, and more!
• Create your own custom boot sequence, hide drives on boot, backup and restore configurations, and more!

This is much easer to work with then using the command line tools built-in to windows.

Download EasyBCD here