Speaking of security in a virtualized environment, Microsoft has published some useful security tips for planning Hyper-V security at http://technet.microsoft.com/en-us/library/cc974516.aspx

Here’s a short list of the security tips provided in that article:

• Use a Server Core installation for the parent partition (host OS)
• Do not run any applications in the parent partition (host OS)
• Do not give virtual machine administrators permissions on the parent partition (host OS)
• Ensure that virtual machines are fully updated before they are turned on in a production environment
• Use a dedicated Network Interface Card (NIC) for management of the virtualization server (host OS)
• Use Windows BitLocker™ Drive Encryption to help protect VM resources

These are some excellent suggestions that all Hyper-V admins can quickly put into place. Check out the full article for details of the implementation

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

“Imagine a more trusted, privacy enhanced Internet experience where devices and software enable people to make more effective choices and take control over who, and what, to trust online.

It is not an overstatement to say that the Internet has transformed the way we live. Social networking represents the new town square; blogging has turned citizens into journalists; and e-commerce sites have spurred global competition in the marketplace. But with people of all ages flocking online, and with the proliferation of high-profile, targeted attacks on individual or organizational information, assets and identities, more and more people consider the lack of security and privacy on the Internet to be at an unacceptable level.”

Check out http://www.microsoft.com/mscorp/twc/endtoendtrust/...t.mspx to read Scott Charney’s full article about end to end trust and Microsoft’s end to end trust white paper.

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

Kai Axford put together a great article on security myths in a virtual world. It’s come to Kai’s and my attention that some admins who are new, and not so new to virtualization, thinks that there might be some magic security sauce to virtualization. Like most such beliefs (such as the belief that “hardware” firewalls are more secure than “non-hardware” firewalls), these are not true.

Kai points out three common myths about security in a virtual world:

Myth #1: “I only have to patch my host OS / Kernel.”

While you do need to keep the host OS secure so that taking down the host OS doesn’t take down all the guests running on that host, the fact is that the guests also have to be secured, just as they would be if they were running in a non-virtualized environment. There’s nothing inherent in a virtualized environment that would making updating guests any less important than if they weren’t virtualized

Myth #2: “If I just protect my host machine, it will protect my VMs.”

This is a corollary of myth #1. Yes, the host machine must be secured, but the guests also need to be able to defend themselves. Apply the same security requirements to your virtual machines are you would to your physical machines. Examine all points of inbound and outbound access to and from those virtual machines and make sure you have accounted for them and secured them

Myth #3: “Virtual hard disk files are secure by default.”

Not sure where this one came from. It would be like saying “all physical computers are secure by default”. If ten people sent their workstations for you to work on in your lab, would you connect them to your network because you had a belief that they were secure by default? Of course not. The same is true for virtual machines. Don’t trust them and don’t connect them to your network if you know that they’ve fallen out of your hands at any time.

Check out Kai’s excellent article for full coverage on this subject at:

http://technet.microsoft.com/en-us/library/cc974514.aspx

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

Sysinternals security utilities are a group of cool utilities put together by the Sysinternals group. Check out the great collection of security utilities:

AccessChk
This tool shows you the accesses the user or group you specify has to files, Registry keys or Windows services.

AccessEnum
This simple yet powerful security tool shows you who has what access to directories, files and Registry keys on your systems. Use it to find holes in your permissions.

Autologon
Bypass password screen during logon.

Autoruns
See what programs are configured to startup automatically when your system boots and you login. Autoruns also shows you the full list of Registry and file locations where applications can configure auto-start settings.

LogonSessions
List active logon sessions

NewSID
Learn about the computer SID problem everybody has been talking about and get a free computer SID changer, NewSID.

Process Explorer
Find out what files, registry keys and other objects processes have open, which DLLs they have loaded, and more. This uniquely powerful utility will even show you who owns each process.

PsExec
Execute processes with limited-user rights.

PsLoggedOn
Show users logged on to a system.

PsLogList
Dump event log records.

PsTools
The PsTools suite includes command-line utilities for listing the processes running on local or remote computers, running processes remotely, rebooting computers, dumping event logs, and more.

RootkitRevealer
Scan your system for rootkit-based malware

SDelete
Securely overwrite your sensitive files and cleanse your free space of previously deleted files using this DoD-compliant secure delete program.

ShareEnum
Scan file shares on your network and view their security settings to close security holes.

ShellRunas
Launch programs as a different user via a convenient shell context-menu entry.

Sigcheck
Dump file version information and verify that images on your system are digitally signed.

Download these utilities at:

http://technet.microsoft.com/en-us/sysinternals/25...9.aspx

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

Lost or stolen laptops, it happens all the time. Have you decided what your incident response is for these circumstances?

Steve Riley provides some useful information in how to deal with the lost or stolen laptop scenario over at http://technet.microsoft.com/en-us/library/cc512577.aspx

Check it out!

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

Great article by Jesper Johansson at http://technet.microsoft.com/en-us/library/cc512587.aspx

Here are the key take home messages:

• You can’t clean a compromised system by patching it.
• You can’t clean a compromised system by removing the back doors
• You can’t clean a compromised system by using some “vulnerability remover.”
• You can’t clean a compromised system by using a virus scanner
• You can’t clean a compromised system by reinstalling the operating system over the existing installation
• You can’t trust any data copied from a compromised system
• You can’t trust the event logs on a compromised system
• You may not be able to trust your latest backup
• The only way to clean a compromised system is to flatten and rebuild

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

The number of Group Policy settings has increased from approximately 1,700 in Microsoft Windows Server 2003 with Service Pack 1 to approximately 3,000 in Windows Vista and Microsoft Windows Server code-name “Longhorn”. This webcast examines the most significant enhancements and provides a good explanation of how to use the new Group Policy settings. We discuss the new and updated features and show how these improve upon Group Policy management operations in previous versions of Windows. We also cover the Quality of Service policies introduced in Windows Vista.

Check out this Webcast at:

http://msevents.microsoft.com/cui/WebCastEventDeta...ode=US

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

This spreadsheet lists the policy settings for computer and user configurations included in the administrative template files (admx/adml) delivered with Windows Vista (RTM build 6000). The policy settings included in this spreadsheet cover Windows Vista, Microsoft Windows Server 2003, Windows XP Professional, and Windows 2000. These files are used to expose policy settings when you edit Group Policy objects (GPOs) using Group Policy Object Editor (also known as GPEdit).

Download the Group Policy Settings reference spreadsheet at:

http://www.microsoft.com/downloads/details.aspx?Fa...ang=en

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)