I notice that a lot of small and midsized businesses do not take advantage of the security benefits of putting together a Public Key Infrastructure or PKI. A PKI allows you to take advantage of digital certificates, which can be used in securing your network in a number of ways. Certificates can be used for IPsec server and domain isolation, can be used to secure your network using NAP with HRA and IPsec enforcement, can be used to secure your email messages, can be used to secure connections to your Web sites, and also can be used to encrypt files on your hard disk. And that’s just a small sample of the things you can do with digital certificates.

However, in order to gain these benefits, you need to setup a PKI. The good news is that it’s really not that hard. I found a great article to get the small and medium sized business admin up to speed on putting together a PKI. As they explain:

“After you complete these steps, your network will include an enterprise root CA and you will have access to all of the certificate templates available by using the Certificate Templates snap-in. In addition, client autoenrollment will strengthen authentication for your wireless users by requiring them to use digital certificates during the authentication process. Autoenrollment can make this requirement virtually transparent to users by enabling them to automatically request certificates, retrieve issued certificates, and renew expiring certificates. You can also broaden the protection the Windows Server 2003 PKI provides to your network by expanding your use of the PKI to support additional applications such as digital signatures, IPSec, and so on, that were mentioned earlier“

I think you’ll get a lot out of this article and you’ll learn key PKI concepts without having to deal with the sometimes arcane terminology used in the PKI business. Check it out at:

http://technet.microsoft.com/en-us/library/cc700804.aspx

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

A couple of years ago there was information on the www.microsoft.com site about a Forefront Security product for Office Communications Server (OCS). Then for some reason, all references to this product disappeared. I thought that maybe Microsoft decided to ditch the Forefront for OCS product and move on to something else. Well, the good news is that I was wrong!

A beta version of Forefront for OCS is now available. Some features included with it include:

• Multiple anti-malware scanning engines provide better protection
• Keyword filtering and file blocking reduce liability
• Integration with Office Communications Server
• Integration with multiple server roles
• Provides protection for federated connections and public IM users
• Localization

For more information, check out the Forefront Team Blog at:

http://blogs.technet.com/forefront/archive/2008/06...e.aspx

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

The SMS Extended Security Update Inventory tool is a scan tool built for the sole purpose of helping customers determine SMS client computers that may need security updates that are not detectable using the existing SMS Security Update Inventory Tool built on MBSA. Like the SMS Software Update Inventory tool, this tool also has the instructions for locating each applicable update, downloading it from Microsoft, and deploying it using SMS . The SMS Extended Security Update Inventory Tool is built on Enterprise Scan Tool (EST) detection technology. For more information about the exact detection capabilities of EST and how it differs from MBSA, see Microsoft Knowledge Base Article 894193 (http://support.microsoft.com/kb/894193). For more information on the SMS Extended Security Update Inventory Tool, please see the included user guide and release notes.

For more information, check out:

http://www.microsoft.com/downloads/details.aspx?Fa...ang=en

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

It never hurts to help our end users get smarter. While user education is far from a panacea, it is an important part of a strong defense in depth plan. To this end, Microsoft has provided us with the Windows Defender Support and Training page. Check it out at:

http://www.microsoft.com/windows/products/winfamil...t.mspx

There you will find demos, tutorials and information that helps users of all kinds to get up to speed with the Windows Defender anti-malware solution.

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

Windows Vista confirms what most Microsoft security professionals think of the Windows browser service:

:)

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)