Most security professionals realize that their biggest concern regarding outsourcing is security. Whenever you cede control of critical information to untrusted individuals, you put yourself in the position for something bad to happen. Check out this article in the Consumerist magazine on how outsourced call centers are costing customers (not companies) millions of dollars in identity theft.

http://consumerist.com/5069018/how-outsourced-call...-theft

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

The latest issue of the MS Security Report has some very interesting information about the underground marketplace for malicious code. The figure below gives you a taste of what you’ll learn.

For the full report, head on over to http://www.microsoft.com/downloads/details.aspx?Fa...ang=en and download it.

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

Every day, adversaries attempt to invade your networks and infect your systems with viruses, spyware and other malware. All too often, these attacks succeed, and frequently without you knowing about it. In other cases, employees can open the door to malware by visiting infected Web sites, opening e-mail attachments, or running macros that contain viruses.

Once inside a computer, a malware outbreak can spread with alarming speed via company networks to compromise or destroy mission-critical data or personal information, and leave vital infrastructure open to new attacks. Some of the stealthiest malware even allows intruders to secretly conduct their nefarious business over long periods—using your computers!

After you have been exposed to malware, and have not been able to restore infected computers, what should you do? Is there a way to fix the problem without completely rebuilding the computers from scratch?

The Malware Removal Starter Kit, a Solution Accelerator from Microsoft, provides tested guidance to help IT Generalists combat malware attacks against small- and medium-sized organizations. Using the Windows Preinstallation Environment (Windows PE) in combination with free anti-malware programs, the kit provides you with a low-cost, effective strategy and tool recommendations that you can use to vanquish malware attacks.

Download the kit at:

http://www.microsoft.com/downloads/details.aspx?Fa...ang=en

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

Security Assessment Tool 2.0 released in 2006. Security issues have evolved since 2004 so additional questions and answers were needed to ensure you had a comprehensive toolset to become more aware of the evolving security threat landscape that could impact your organization.

The tool employs a holistic approach to measuring your security posture by covering topics across people, process, and technology. Findings are coupled with prescriptive guidance and recommended mitigation efforts, including links to more information for additional industry guidance. These resources may assist you in keeping you aware of specific tools and methods that can help change the security posture of your IT environment.

There are two assessments that define the Microsoft Security Assessment Tool:

• Business Risk Profile Assessment
• Defense in Depth Assessment (UPDATED)

The questions identified in the survey portion of the tool and the associated answers are derived from commonly accepted best practices around security, both general and specific. The questions and the recommendations that the tool offers are based on standards such as ISO 17799 and NIST-800.x, as well as recommendations and prescriptive guidance from Microsoft’s Trustworthy Computing Group and additional security resources valued in the industry.

After completing an Assessment, you will gain access to a detailed report of your results. You may also compare your results with those of your peers (by industry and company size), provided that you upload your results anonymously to the secure MSAT Web server. When you upload your data the application will simultaneously retrieve the most recent data available. To be able to provide this comparative data, we need customers such as you to upload their information.

For more information and download links, check out:

http://www.microsoft.com/downloads/details.aspx?Fa...ang=en

All information is kept strictly confidential and no personally identifiable information whatsoever will be sent. For more information on Microsoft’s privacy policy, please visit: http://www.microsoft.com/info/privacy.mspx.

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

Microsoft customers are often targets of lottery fraud (also known as lottery scams), which use fake e-mail messages that claim that the recipient has won “The Microsoft Lottery.”

There is no Microsoft lottery and if you receive this kind of e-mail it has been sent by criminals in an attempt to steal money from you.

Lottery fraud is a form Advance Fee Fraud (AFF), a crime that tricks victims into paying money in advance for a fictitious gift or cash prize.

These frauds usually start with an e-mail message that says that you’ve won a prize or a lottery (perhaps one from a foreign country) that you might not remember entering.

In order to access the fictitious prize, criminals might ask you to pay a sum of money in advance to cover costs such as tax fees, courier services, United Nations clearance checks, attorney fees, and many others. These criminals often seem believable, and their methods are very creative. They use well-known company brands and personalities such as Microsoft and Bill Gates to lend credibility and authenticity to their e-mails.

For more information, check out:

http://www.microsoft.com/security/lottery/whatis.mspx

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

On Thursday, October 23, 2008, Microsoft released an Out-Of-Band Security Bulletin (MS08-067). To meet the customer demand for information relating to this release, Microsoft conducted three customer webcasts. Two of these webcasts were conducted on Thursday, October 23^rd and the other on Friday, October 24^th. The link below will direct you to a collection of all questions answered during the three webcasts.

Here is the link to the full Q&A so you can see all of the answers that were provided for these great questions:

http://blogs.technet.com/msrc/archive/2008/10/27/m...a.aspx

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

Deployment Cookbook: Microsoft Data Protection Manager and Virtual Machine Manager

This step-by-step guide covers installing Microsoft Virtual Server and System Center Virtual Machine Manager; converting a workload to a virtual machine; installing Microsoft System Center Data Protection Manager; and backing up a running virtual machine.

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

After completing this lab, you will be better able to configure the PKI necessary for SSTP, configure RRAS to accept remote VPN connections, and configure and test an SSTP-based VPN connection.

Register for this virtual lab at http://msevents.microsoft.com/CUI/WebCastEventDeta...ode=US

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

The stand-alone version of Hyper-V is now available and is called Microsoft Hyper-V Server 2008. So now if you want to work with Hyper-V and does not have a copy of Windows Server 2008, then download Microsoft Hyper-V Server 2008, which is absolutely free, easy to install and easy to configure.

Check out this great article by Tarek Majdalani at http://www.elmajdal.net/Win2k8/Installing_Microsof...8.aspx

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

Check out J. D. Meier’s overview of the patterns & practices approach to security engineering, which covers—among other topics—the security frame used to perform security code and design inspections.

http://blogs.msdn.com/jmeier/archive/2008/09/09/pa...g.aspx

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)