“…There are a number of auditing enhancements in Windows Server® 2008 R2 and Windows® 7 that increase the level of detail in security auditing logs and simplify the deployment and management of auditing policies. These enhancements include:
- Global Object Access Auditing. In Windows Server 2008 R2 and Windows 7, administrators can define computer-wide system access control lists (SACLs) for either the file system or registry. The specified SACL is then automatically applied to every single object of that type. This can be useful both for verifying that all critical files, folders, and registry settings on a computer are protected, and for identifying when an issue with a system resource occurs.
- “Reason for access” reporting. This list of access control entries (ACEs) provides the privileges on which the decision to allow or deny access to the object was based. This can be useful for documenting the permissions, such as group memberships, that allow or prevent the occurrence of a particular auditable event.
- Advanced audit policy settings. These 53 new settings can be used in place of the nine basic auditing settings under Local Policies\Audit Policy to allow administrators to more specifically target the types of activities they want to audit and eliminate the unnecessary auditing activities that can make audit logs difficult to manage and decipher…”
For more details on what’s new and improved in security auditing in Windows Server 2008 R2, check out:
http://technet.microsoft.com/en-us/library/dd56062...).aspx
HTH,
Tom
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)
“…REDMOND, Wash. — Nov. 2, 2009 — Microsoft Corp. today released the seventh volume of the Microsoft Security Intelligence Report (SIRv7), which indicates that worm infections in the enterprise rose by nearly 100 percent during the first half of 2009 over the preceding six months. Rogue security software remains a major threat to customers; however, 20 percent fewer customers were affected by rogue infections during the past six months.
In addition, the Zlob family of trojans, considered a top threat two years ago, has drastically declined due to Microsoft’s work to aggressively clean customer machines and customers’ diligence in applying software updates…”
For more information about top threats seen on the network today, check out:
http://www.microsoft.com/downloads/details.aspx?Fa...ang=en
HTH,
Tom
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)
“This document contains both the Design Guide and the Deployment Guide for DirectAccess in Windows Server® 2008 R2. These guides help you to design and deploy DirectAccess servers, DirectAccess clients, and infrastructure servers on your intranet.
Use the Design Guide to answer the “What,” “Why,” and “When” questions a deployment design team might ask before deploying DirectAccess in a production environment.
Use the Deployment Guide to answer the “How” questions a deployment team might ask when implementing a DirectAccess design..”
These documents will get you off to a good start.
Check them out at:
http://www.microsoft.com/downloads/details.aspx?di...c7198f
HTH,
Tom
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)
Before you try your hands at making DirectAccess work in your own lab, it’s a good idea to watch someone else make it work – especially in the case of DirectAccess, where there are a lot of moving parts and issues that you need to be aware of before you embark on your DirectAccess quest.
While not a detailed end to end “how to”, this webcast will show you some of the important components of the solution.
Check it out at:
http://edge.technet.com/Media/DirectAccess-Configu...-of-5/
HTH,
Tom
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)
Ben Bernstein and Stephen Bowie tell us what the value is for Unified Access Gateway (UAG) with Direct Access (DA).
After this, we do a whiteboard of UAG + DA architecture, including explaining how it works with multiple UAG servers. Here’s how the rest of the interview breaks down:
- How UAG supports legacy IPv4 clients (Marker 3 @ 8:02)
- How does the client know to connect to the proper DNS server and not the one from the local ISP? (Marker 4 @ 13:17)
- How do we know it’s securely talking to the proper DNS server? (Marker 5 @ 15:01)
- What other components on UAG enable DA? (Marker 6 @ 16:10)
- Additional value add for UAG with DA (Marker 7 @ 17:55)
Check out this fantastic insightful video over at TechNet edge:
http://edge.technet.com/Media/Direct-Access-and-UA...nin1.0
HTH,
Tom
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)
“…There are a number of auditing enhancements in Windows Server® 2008 R2 and Windows® 7 that increase the level of detail in security auditing logs and simplify the deployment and management of auditing policies. These enhancements include:
- Global Object Access Auditing. In Windows Server 2008 R2 and Windows 7, administrators can define computer-wide system access control lists (SACLs) for either the file system or registry. The specified SACL is then automatically applied to every single object of that type. This can be useful both for verifying that all critical files, folders, and registry settings on a computer are protected, and for identifying when an issue with a system resource occurs.
- “Reason for access” reporting. This list of access control entries (ACEs) provides the privileges on which the decision to allow or deny access to the object was based. This can be useful for documenting the permissions, such as group memberships, that allow or prevent the occurrence of a particular auditable event.
- Advanced audit policy settings. These 53 new settings can be used in place of the nine basic auditing settings under Local Policies\Audit Policy to allow administrators to more specifically target the types of activities they want to audit and eliminate the unnecessary auditing activities that can make audit logs difficult to manage and decipher…”
For details on these new features, check out the article at:
http://technet.microsoft.com/en-us/library/dd56062...).aspx
HTH,
Tom
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)
“…Once you have updated the Windows Server® 2008 operating system with the Hyper-V™ technology release bits and enabled the Hyper-V role, you are ready to run virtual machines (VMs) on your server, now called a virtualization server (also called a “host”).
How does this change your security? Not much. Hyper-V is designed to be fairly transparent. You secure your VMs the same way that you secure physical machines. For example, if you run antivirus software on the physical machine, run it on the VM (not the host). If you segment the physical server to a particular network, do the same to the VM.
Securing the virtualization server itself involves all the measures you take to safeguard any Windows Server 2008 server role, plus a few extra to help secure the VMs, configuration files, and data. For more information on helping to secure Windows Server 2008 workloads, see the “Windows Server 2008 Security Guide.”
Microsoft recommends the following best practices to improve the security of your Hyper-V virtualization servers. Many of these practices apply to your other virtualization servers as well…”
Check out the rest of this article over at:
http://technet.microsoft.com/en-us/library/cc974516.aspx
HTH,
Tom
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)
“…In the October edition of TechNet magazine, I answered the question, “What’s New in Group Policy for Windows 7 and Windows Server 2008 R2.”
Besides “what’s new,” people oftentimes want to know how to get “more secure” using the Group Policy infrastructure that they already use.
Let’s take a look at five policy setting areas and learn how they can deliver settings you might use to help make your world more secure…
Check out the rest of this very useful and interesting article over at:
http://technet.microsoft.com/en-us/library/ee780891.aspx
HTH,
Tom
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)
“The Microsoft Security Intelligence Report (SIR) is a comprehensive and wide-ranging study of the evolving threat landscape, and addresses such topics as software vulnerability disclosures and exploits, malicious software (malware), and potentially unwanted software.
Volume 7 of the Security Intelligence Report (SIR v7) covers the first half of 2009 (January through June). It includes data derived from more than 450 million computers worldwide, each running Windows. It also draws data from some of the busiest services on the Internet, such as Windows Live Hotmail and Bing.
The research is extensive and we encourage you to download the report…”
Check out this webcast on the report over at:
http://edge.technet.com/Media/Microsoft-Security-I...IR-v7/
HTH,
Tom
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)
“Mike Chan, PM for the Forefront team, breaks down the differences between security protection for Forefront Protection for Exchange (FPE), Forefront Online Protection for Exchange (FOPE), and the built-in protection which exists in Exchange 2010.
We start out with a brief history of the messaging products and then dig into the details of differences between FPE, FOPE, and Exchange 2010 on the whiteboard at [4:22].
Should you run FPE alone or FPE and FOPE?
Watch and decide…”
Check out this great webcast at:
http://edge.technet.com/Media/FPE-vs-FOPE-and-Exch...front/
HTH,
Tom
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)
“…There are a number of auditing enhancements in Windows Server® 2008 R2 and Windows® 7 that increase the level of detail in security auditing logs and simplify the deployment and management of auditing policies. These enhancements include: 
