Year: 2010

To easily assess the security state of Windows machines, Microsoft offers the free Microsoft Baseline Security Analyzer (MBSA) scan tool. MBSA includes a graphical and command line interface that can perform local or remote scans of Microsoft Windows systems.
MBSA 2.2 builds on the previous MBSA 2.1.1 version that a supports Windows 7 and Windows Server 2008 R2 and corrects minor issues reported by customers. As with the previous MBSA versions, MBSA 2.2 includes 64-bit installation, security update and vulnerability assessment (VA) checks and support for the latest Windows Update Agent (WUA) and Microsoft Update technologies. More information on the capabilities of MBSA is available on the MBSA Web site.
MBSA 2.2 runs on Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003, Windows XP and Windows 2000 systems and will scan for missing security updates, rollups and service packs using Microsoft Update technologies. MBSA will also scan for common security misconfigurations (also called Vulnerability Assessment checks) using a known list of less secure settings and configurations for all versions of Windows, Internet Information Server (IIS) 5.0, 6.0 and 6.1, SQL Server 2000 and 2005, Internet Explorer (IE) 5.01 and later, and Office 2000, 2002 and 2003 only.
To assess missing security updates, MBSA will only scan for missing security updates, update rollups and service packs available from Microsoft Update. MBSA will not scan or report missing non-security updates, tools or drivers.

Get MBSA 2.2 here.

 

 

Microsoft’s Office Suite is one of the industry’s longest lasting “killer app”. Even with competition from OpenOffice.org and Google Docs, it proves to be like a fine wine, improving with age. Microsoft is taking notice of what their competitors are offering and addresses them with new features and enhancements to the applications you’ve come to know so well.

Lucky for us, Jay Ferron will be returning to the Danbury Computer Society (DACS) stage August 3rd to show us all of Microsoft Office’s newest features and enhancements for 2010. You may remember Jay from a previous presentation he gave us on the then-new Microsoft Vista and Office 2007.

Jay is a self-proclaimed geek who has authored; Architecting Microsoft Server Virtualization Solutions with Hyper-V™, System Center Virtual Machine Manager, and assorted articles on Microsoft Technologies published in Smart Computing Magazine.

He is also involved with the American Red Cross National Headquarters Emergency response team dealing with computing and communications in a disaster.

Microsoft Office 2010 has improved the capabilities for the user to not only include graphics and video into files, but to edit them as well! While this may not be as powerful as a stand-alone professional editor, it also doesn’t require purchasing an expensive suite to do most of the changes people do make and it is easier to use.

Office 2010 is also Microsoft’s latest foray into integrating with Cloud computing! Office combines the power of the desktop applications with the accessibility of an online storage site and availability to open these same files with their online office cloud applications! This means you never have to be far away from your documents, nor are your collaborators even if they do not have Office 2010 installed on their systems.

Even the ribbon interface introduced with Office 2007 has seen some improvement. The layout and controls are better laid out and, even better, are customizable!

So, if you’ve held off on upgrading your Office, now may be the time to jump. With numerous improvements from interfaces to integration and collaboration to graphics you’ll be pressed not to find a new feature you like!

Danbury Area Computer Society (DACS) is a registered nonprofit and has been serving the region since 1990. Members receive an award-winning newsletter, members-only workshops and events, and access to volunteer phone support.

As a reminder, our General Meetings are free and open to the public so invite anyone you know who would be interested in this topic.

DACS meetings are held at the Danbury Hospital auditorium. (Click here for directions.) Activities begin at 6:30 p.m. with registration and casual networking. The meeting starts at 7:00 p.m. with a question and answer period (Ask DACS), followed by announcements and a short break. The featured evening presentation begins at 8:00.

Cross post off WWW.DACS.ORG

 

Download Microsoft Security Compliance Manager

 

About This Solution Accelerator

The Microsoft Security Compliance Manager provides centralized security baseline management features, a baseline portfolio, customization capabilities, and security baseline export flexibility to accelerate your organization’s ability to efficiently manage the security and compliance process for the most widely used Microsoft technologies.

Take advantage of the experience of Microsoft security professionals, and reduce the time and money required to harden your environment. This end-to-end Solution Accelerator will help you plan, deploy, operate, and manage your security baselines for Windows® client and server operating systems, and Microsoft applications. Access the complete database of Microsoft recommended security settings, customize your baselines, and then choose from multiple formats—including XLS, Group Policy objects (GPOs), Desired Configuration Management (DCM) packs, or Security Content Automation Protocol (SCAP)—to export the baselines to your environment to automate the security baseline deployment and compliance verification process. Use the Microsoft Security Compliance Manager to achieve a secure, reliable, and centralized IT environment that will help you better balance your organization’s needs for security and functionality.

Key Features & Benefits

• Centralized Management and Baseline Portfolio: The centralized management console of the Microsoft Security Compliance Manager provides you with a unified, end-to-end user experience to plan, customize, and export security baselines. The tool gives you full access to a complete portfolio of recommended baselines for Windows® client and server operating systems, and Microsoft applications. Additionally, the Microsoft Security Compliance Manager enables you to quickly update the latest Microsoft baseline releases and take advantage of baseline version control.
• Security Baseline Customization: Customizing, comparing, merging, and reviewing your baselines just got easier. Now you can use the new customization capabilities of the Microsoft Security Compliance Manager to duplicate any of the recommended baselines from Microsoft—for Windows client and server operating systems, and Microsoft applications—and quickly modify security settings to meet the standards of your organization’s environment.
• Multiple Export Capabilities: Export baselines in formats like XLS, Group Policy objects (GPOs), Desired Configuration Management (DCM) packs, or Security Content Automation Protocol (SCAP) to enable automation of deployment and monitoring baseline compliance.

Included in the Download

The Microsoft Security Compliance Manager download includes the following components:

• Microsoft_Security_Compliance_Manager_Setup.exe – The Microsoft Security Compliance Manager allows you to view, update, and export security baselines.
• LocalGPO.msi – This tool is designed to manage local group policies of a computer such as applying a security baseline and exporting the local Group Policy.

Launch the download of the Microsoft Security Compliance Manager.

This is a cross post of a Microsoft article that I feel is important to share.

For any security professional one of the the key tenets is base lining you system. Microsoft has made this easer with a new set of tools.  The beta 2 version of the Windows® Server 2008 R2 Security Baseline is now available for you to download… and it now includes a setting pack!

What is a setting pack?
Since the release of the Security Compliance Manager (SCM) tool, one of the most frequent requests has been to add all of the available Group Policy settings to the Microsoft security baselines so that you can access them in the SCM tool. While our baselines include hundreds of settings, there are hundreds of additional settings available in Group Policy. In response to this request, the team created setting packs. The setting packs include the basic information required by the SCM tool to define custom baselines that you can use to create GPO backups, DCM configuration packs, and SCAP content. You can learn more about setting packs on the program description page. Use the links provided in this message to join the program or go directly to the program description page.
Meet your business-critical needs and elevate the security of Windows Server 2008 R2 with this updated beta 2 security baseline and the new setting pack. It combines best-practice guidance with the Security Compliance Manager (SCM) tool to help you plan, deploy, and monitor the security of your Windows Server 2008 R2 servers.

Preview this new security baseline, and get the knowledge to effectively deploy and monitor your security baseline for Windows Server 2008 R2 faster and easier.

This beta 2 security baseline for Windows Server 2008 R2 is formatted for easy import using SCM. You must first join the program

and then use the Download link found in the upper left hand corner of the Connect page. You will find detailed instructions about how to import the download file into SCM on the here

Have you downloaded the Windows 7 and Windows Server 2008 R2 SP Beta yet?

Changes specific to Windows Server 2008 R2

Dynamic Memory

Dynamic Memory allows for memory on a host machine to be pooled and dynamically distributed to virtual machines as necessary. Memory is dynamically added or removed based on current workloads, and is done so without service interruption.

Virtual machines running a wide variety of operating systems can use Dynamic Memory; for a complete list, see the “Dynamic Memory Evaluation Guide” at http://go.microsoft.com/fwlink/?LinkId=192444. The guide also discusses Dynamic Memory settings and usage in detail.

Microsoft RemoteFX

Businesses are increasingly looking to leverage the efficiency and cost savings that can come from a virtualized desktop infrastructure. With the addition of Microsoft RemoteFX in Windows Server 2008 R2 SP1, a new set of remote user experience capabilities that enable a media-rich user environment for virtual desktops, session-based desktops and remote applications is introduced. Harnessing the power of virtualized graphics resources, RemoteFX can be deployed to a range of thick and thin client devices, enabling cost-effective, local-like access to graphics-intensive applications and a broad array of end user peripherals, improving productivity of remote users.

RemoteFX can function independently from specific graphics stacks and supports any screen content, including today’s most advanced applications and rich content (including Silverlight and Adobe Flash), ensuring that end users maintain a rich, local-like desktop experience even in a virtualized thin-client environment.

RemoteFX also adds mainstream USB device support to virtual desktop computing, including support for USB drives, cameras and PDAs connected to the client device. RemoteFX also provides a platform for hardware and software partners to enhance RemoteFX capabilities in a variety of possible host, client and network configurations.

Enhancements to scalability and high availability when using DirectAccess

DirectAccess is a new feature in the Windows 7 and Windows Server 2008 R2 operating systems that gives users the experience of being seamlessly connected to their corporate network any time they have Internet access. In Windows Server 2008 R2 SP1, improvements have been made to enhance scalability and high availability when using DirectAccess, through the addition of support for 6to4 and ISATAP addresses when using DirectAccess in conjunction with Network Load Balancing (NLB).

Support for Managed Service Accounts (MSAs) in secure branch office scenarios

SP1 enables enhanced support for managed service accounts (MSAs) to be used on domain-member services located in perimeter networks (also known as DMZs or extranets).

Support for increased volume of authentication traffic on domain controllers connected to high-latency networks

As a greater volume of IT infrastructure migrates to cloud-based services, there is a need for higher thresholds of authentication traffic to domain controllers located on high-latency networks (such as the public Internet). SP1 allows for more granular control of the maximum number of possible concurrent connections to a domain controller, enabling a greater degree of performance tuning for service providers.

Enhancements to Failover Clustering with Storage

SP1 enables enhanced support for how Failover Clustering works with storage that is not visible for all cluster nodes. In SP1, improvements have been made to the Cluster Validation and multiple Failover Cluster Manager wizards to allow workloads to use disks that are shared between a subset of cluster nodes.

Changes specific to Windows 7

Additional support for communication with third-party federation services

Additional support has been added to allow Windows 7 clients to effectively communicate with third-party identity federation services (those supporting the WS-Federation passive profile protocol). This change enhances platform interoperability, and improves the ability to communicate identity and authentication information between organizations.

Improved HDMI audio device performance

A small percentage of users have reported issues in which the connection between computers running Windows 7 and HDMI audio devices can be lost after system reboots. Updates have been incorporated into SP1 to ensure that connections between Windows 7 computers and HDMI audio devices are consistently maintained.

Corrected behavior when printing mixed-orientation XPS documents

Prior to the release of SP1, some customers have reported difficulty when printing mixed-orientation XPS documents (documents containing pages in both portrait and landscape orientation) using the XPS Viewer, resulting in all pages being printed entirely in either portrait or landscape mode. This issue has been addressed in SP1, allowing users to correctly print mixed-orientation documents using the XPS Viewer.

Changes common to both client and server platforms

Change to behavior of “Restore previous folders at logon” functionality

SP1 changes the behavior of the “Restore previous folders at logon” function available in the Folder Options Explorer dialog. Prior to SP1, previous folders would be restored in a cascaded position based on the location of the most recently active folder. That behavior changes in SP1 so that all folders are restored to their previous positions.

Enhanced support for additional identities in RRAS and IPsec

Support for additional identification types has been added to the Identification field in the IKEv2 authentication protocol. This allows for a variety of additional forms of identification (such as E-mail ID or Certificate Subject) to be used when performing authentication using the IKEv2 protocol.

Support for Advanced Vector Extensions (AVX)

There has always been a growing need for ever more computing power and as usage models change, processors instruction set architectures evolve to support these growing demands. Advanced Vector Extensions (AVX) is a 256 bit instruction set extension for processors. AVX is designed to allow for improved performance for applications that are floating point intensive. Support for AVX is a part of SP1 to allow applications to fully utilize the new instruction set and register extensions.

The Windows 7 and Windows Server 2008 R2 SP1 Beta helps keep your PCs and servers on the latest support level, provides ongoing improvements to the Windows Operating System (OS), by including previous updates delivered over Windows Update as well as continuing incremental updates to the Windows 7 and Windows Server 2008 R2 platforms based on customer feedback, and is easy for organizations to deploy a single set of updates.

The public beta is best suited for IT pros, tech enthusiasts and developers who need to test the service pack in their organization or with the software they are developing.

In order to download and install the Windows 7 and Windows Server 2008 R2 SP1 Beta you must currently have a Release to Manufacturing (RTM) version of Windows 7 and Windows Server 2008 R2 already installed. The Beta is available in English, French, German, Japanese and Spanish.

To learn more about piloting, deploying and managing Windows 7, visit the Springboard Series on TechNet.

 

This is a Post made up of information from the Microsoft Site and Notes about SP1.

Announced today was  Microsoft Security Essentials Beta a no-cost light weight anti-malware service. It’s designed to keep computers e protected from viruses, spyware, and other malicious software.

New features in the beta of Microsoft Security Essentials include:

Windows Firewall integration – Manage firewall setting in during setup of Microsoft Security Essentials

Integrated with Internet Explorer to provide Enhanced protection for web-based threats –

The beta includes a updated anti-malware engine offers enhanced detection and cleanup capabilities.

Network inspection system – Protection against network-based exploits is now built in to Microsoft Security Essentials.

To get on the beta, click

 

I wrote an article for Global Knowledge about fast growing issue of  Identity theft.

In the article I gave 15 Simple steps to prevent becoming a victim, here they are:

1. Think security. If you are not sure about something, do not open or install it.
2. If asked to download a file, and you are not sure what it does, do not download it.
3. Get an anti-spyware program, keep it updated, and use it.
4. Do not open e-mails from people you do not know.
5. Do not open attachments if you are not positive you know what they are.
6. If an e-mail offers something too good to be true, it probably is a scam.
7. Use anti-virus software; update it at least once a day or more.
8. Patch your computer’s operating system (all vendors have updates).
9. Patch you applications (word, games, mail programs, etc.).
10. Be smart; know what services run on your computer, and what ports are open.
11. Stay away from peer-to-peer sharing software programs.
12. Think! Computer Security is about what you do as well as what you don’t do.
13. If your computer has a Trojan or worm, you can try to fix it BUT it probably has more than one Trojan or worm. It’s better to rebuild if you want to be truly secure.
14. Wipe out the hard drive when disposing of computers with utilities such as Active KillDisk (Free) WipeDisk, or BCwipe.
15. Think before you click.

To read the full acticle go here

 

Visit the Windows 7 Test Drive site, check out our new content on IE8, MDOP and virtualization, try out the online resources, and then tell us about your experience in a short 2-minute survey to enter the prize drawing. Winners will be drawn from the completed survey entries once a week for seven weeks. Come back once a week through August 15 to enter and increase your chances to win.

Enter here

You can also download a free e-book on Deploying Windows® 7 Essential Guidance from the Windows 7 Resource Kit and Microsoft® TechNet Magazine

 

Get  the free E-book here

This was posted about a session a friend did at TechEd and I thought I would share it here

Paula Januszkiewicz  talked with David Tesar about how hacking can help in efficient IT administration and then we also got into topics such as a world without passwords and web security.

Watch her session at TechEd

As a Security pro this is great news, these docs can help you secure your Microsoft infrastructure

The Infrastructure Planning and Design team is working on two new guides and would like your feedback: Microsoft Forefront™ Identity Manager (FIM) 2010 and Active Directory® Certificate Services (AD CS). Get the betas by visiting the Connect Web site at http://go.microsoft.com/fwlink/?LinkId=186024.

The Infrastructure Planning and Design guide for Microsoft Forefront Identity Manager (FIM) 2010 provides actionable guidance for designing a FIM 2010 infrastructure. Follow this guide’s step-by-step process to determine the FIM components necessary for fulfilling your organization’s identity-management needs, and design an infrastructure with the right deployment topology for meeting your performance and availability requirements.

The Infrastructure Planning and Design guide for Active Directory Certificate Services (AD CS) outlines the critical infrastructure design elements that are key to a successful implementation of Active Directory Certificate Services. Using this guide will result in a certificate services design that is optimized to meet the needs of your organization at the lowest cost.

The two guides can be used together to design a FIM certificate-brokering service that is integrated with AD CS to deliver identity-managed certificate services.

The Microsoft Operations Framework (MOF) team is working on related guidance: the MOF Reliability Workbook for Active Directory Certificate Services. It provides knowledge, specific tasks, and schedules needed to keep Active Directory Certificate Services running smoothly.

Reduce time and planning costs by following the processes in these IPD guides to design a successful deployment of FIM and AD CS, and use the MOF Reliability Workbook to optimize monitoring and maintenance activities.

This is a repost of a Microsoft announcement