Join the Microsoft IAG team to learn everything you need to know about remote access and how the Microsoft Intelligent Application Gateway (IAG) provides a highly customizable and easy-to-use solution for secure remote access for all users. We go through key customer scenarios, IAG features and functionality, and the future road map. The IAG product stands out in the secure sockets layer (SSL) virtual private network (VPN) market for its focus on strong policy management, end point security, and application optimization. The IAG 2007 SSL VPN gateway is the most secure SSL VPN solution on the market today. Make sure you’re up to speed on this exceptional product so that secure remote access is not just a dream, but a reality, for your organization.

http://msevents.microsoft.com/cui/WebCastEventDeta...ode=US

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

About 2 months ago we released the beta for UrlScan v3.0 to address customer concerns with automated SQL injection attacks and we have been busy since refining it with the help of our customers, community and MVPs. You can download the bits at the links below.

UrlScan v3.0 RTW for x86

UrlScan v3.0 RTW for x64

For more information on UrlScan features and configuration options, check out the IIS Security Blog at http://blogs.iis.net/nazim/archive/2008/08/19/urls...d.aspx

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

While this tip is aimed at end users who lack a security admin’s sophistication regarding network security issues, it’s worth reading even for the most seasoned security specialist. Why? Because many of us in the security industry forget that the Internet is a public place, and everything you put on the Internet, especially on social networking sites, can come back to haunt you some day.

My best advice for you is to use social networking sites as a way to promote yourself with good personal “image” management. Don’t use them for “socializing”; use them to promote yourself and your career. In that way, you’re less likely to say something stupid that will get you into hot water some day in the future.

http://blogs.msdn.com/securitytipstalk/archive/200...k.aspx

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

As most serious students of network security and security administrators know, the value of the ”many eyes” theory of open source security is more apparent than real. In this excellent article by Pat Edmonds, he shows how a codified and repeatable collection of security processes, carried out by incentivized and responsible individuals, trumps the “many eyes” approach of secure application development.

Check out this interesting article at http://technet.microsoft.com/en-us/library/cc512608.aspx

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

Are you deploying or migrating to Microsoft SQL Server 2008? Microsoft System Center Data Protection Manager 2007 is designed for the database administrator or the IT generalist. Data Protection Manager 2007 uses wizards and workflows to help ensure that you can protect your organization’s data, and it doesn’t require an advanced degree, training, or certification in storage and backup technologies. Attend this webcast to learn more.

Head on over to http://msevents.microsoft.com/CUI/WebCastEventDeta...ode=US to register for and view the event.

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

While not a security article, I found this article timely as I was in the process last week of trying to migrate a number of Virtual PC 2007 machines to Hyper-V. In this article Tarek Majdalani give you the step by steps, complete with screenshots!

http://elmajdal.net/win2k8/Migrate_A_Virtual_Machi...V.aspx

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

Given the recent problems the city of San Francisco has had with a criminal network admin, what have you done to protect yourself from getting into a similar situation? I found an interesting article at TechRepublic that can help you with this problem at http://blogs.techrepublic.com.com/security/?p=569&...l.e036

The key take home messages from this article include:

• Use the principle of least privilege. Restrict network admins to only those resource they actually manage and no more
• Everyone on the IT team doesn’t need to have access to the domain admin passwords
• Daily checks of addition to admin-level groups should be performed and compared with previous days’ lists
• Every admin activity on the network should be logged
• When a member of the IT team leaves the company, the employee to be escorted to his desk to collect his belongings, badges and keys. However, before that, an account admin should be removing his accounts, by disabling them first and subsequently removing them.

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

Got an MP3 player? Put it to better use then just listening to tunes. Use it to learn something :)

In this podcast, Brandon Baker, Senior Development Lead on the Microsoft Hyper-V team. Will talk about some security best practices on how to lock down a Hyper-V host.

Download the podcast at http://download.microsoft.com/download/5/c/b/5cb19...st.wma

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

Check out this video of Steve Riley talking about virtualization and security. You’re guaranteed to learn a thing or two from this video!

http://www.microsoft.com/emea/spotlight/sessionh.a...id=991

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

“The increasing use of virtual machines—for purposes ranging from support of older operating system environments to power savings—has created new challenges for IT.

In particular, virtual machines may be left offline (stored in a non-operating state) for extended periods of time, which conserves resources when the server capacities of the virtual machines are not needed or frees up physical computing resources for other purposes.

However, offline machines do not automatically receive operating system, antivirus, or application updates that would keep them compliant with current IT policy. An out-of-date virtual machine may pose a risk to the IT environment. If deployed and started, the out-of-date virtual machine might be vulnerable to attack or could be capable of attacking other network resources.

Therefore, IT groups must take measures to ensure that offline virtual machines remain up-to-date and compliant. At present, these measures involve temporarily bringing the virtual machine online, applying the necessary updates, and then storing it again.

In the future, image updating solutions may be able to update virtual machines while they remain offline. Until such solutions become available, the Offline Virtual Machine Servicing Tool, a Solution Accelerator from Microsoft, provides a way to automate the process of updating virtual machines. This tool is now available as a free download from the Microsoft® Download Center.”

For more information about the Offline Virtual Machine Servicing Tool and how to use it to secure your virtual environment, check out http://technet.microsoft.com/en-us/library/cc501231.aspx

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)