Check out what Bill Jensen, senior product manager for the Forefront Threat Management Gateway firewall as to say about using the TMG to secure employee Web use. Bill focuses on three key features:

• Web Antimalware
• Outbound HTTPS (SSL) Inspection
• Network Inspection System (advanced IPS)

What’s great about this blog post is that Bill let’s the cat out of the bag and tells us that URL filtering will be available in future versions iterations of the TMB Beta process. The RTM version will include URL filtering, so don’t worry about that.

And if you want to improve your server consolidation plan, how about getting rid of that Edge Exchange Server you’re using now and putting it on the firewall? That’s right. You can put the Edge Exchange Server on the TMG firewall machine and have it neatly integrated with the TMG firewall console - a twofer at its best!

Check out Bill’s post over at http://blogs.technet.com/forefront/archive/2009/02...y.aspx

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer

Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

Security is of paramount concern for all organizations, and it is no different for a virtual solution. In this webcast, we look at the four  main solutions from the previous webcasts and cover some best practices for ensuring your virtual environment is secure.

Presenter: Chris Avis, IT Pro Evangelist, Microsoft Corporation

Register for this Webcast that is scheduled to run on March 6, 2009 at http://msevents.microsoft.com/CUI/WebCastEventDeta...399053

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer

Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

Kai is an incredible security speaker and is a part of Microsoft Trustworthy Computing (TWC) group.  Kai has a ton of knowledge around security strategies and technologies, and we’re was very happy he agreed to a quick interview.  Kai talked about preventing corporate espionage, and some the obvious but overlooked  ways to prevent it.  The conversation was very technology agnostic and we chatted about internal espionage as well.

This is a Webcast you won’t want to miss! Kai talks about things you typically don’t discuss around the IT cooler, but they are things that can nail you even when you have the best of technology solutions in place.

Check it out at http://edge.technet.com/Media/Interview-Kai-Axford...onage/

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer

Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

Paul Cooke took time out to provide a tour and demo of AppLocker.

AppLocker is a new feature in Windows7 that allows you to manage what applications are allowed to run on a managed machine with multiple techniques, including white listing and black listing applications.  It goes way beyond what is available today using Software Restriction Policies.

One of the slick features is the ability to use a machine as a reference - configure a machine with just the apps you want users to run, and AppLocker will automatically build a policy from that machine you can deploy across your org.  Very Cool.

Check out this interesting Webcast at http://edge.technet.com/Media/Using-AppLocker-in-Win7/

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer

Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

Windows® SteadyState™ 2.5 is now available on Windows XP and Windows Vista. Whether you manage computers in a school computer lab or an Internet café, a library, or even in your home, Windows SteadyState helps make it easy for you to keep your computers running the way you want them to, no matter who uses them.

Windows SteadyState runs on genuine copies of Windows XP Professional, Windows XP Home Edition, Windows XP Tablet PC Edition, Windows Vista Business, Windows Vista Ultimate, Windows Vista Home Basic, Windows Vista Home Premium, and Windows Vista Starter. And, Windows SteadyState is offered free of charge to Windows Genuine Advantage customers!

Windows SteadyState Features Windows SteadyState includes the following features to help you manage your shared computers:

• Getting Started – Provides the initial steps to help you during your first time use of Windows SteadyState.
• Windows Disk Protection – Help protect the Windows partition, which contains the Windows operating system and other programs, from being modified without administrator approval.Windows SteadyState allows you to set Windows Disk Protection to remove all changes upon restart, to remove changes at a certain date and time, or to not remove changes at all. If you choose to use Windows Disk Protection to remove changes, any changes made by shared users when they are logged on to the computer are removed when the computer is restarted
• User Restrictions and Settings – The user restrictions and settings can help to enhance and simplify the user experience. Restrict user access to programs, settings, Start menu items, and options in Windows. You can also lock shared user accounts to prevent changes from being retained from one session to the next.
• User Account Manager – Create and delete user accounts. You can use Windows SteadyState to create user accounts on alternative drives that will retain user data and settings even when Windows Disk Protection is turned on. You can also import and export user settings from one computer to another—saving valuable time and resources.
• Computer Restrictions – Control security settings, privacy settings, and more, such as preventing users from creating and storing folders in drive C and from opening Microsoft Office documents from Internet Explorer®.
• Schedule Software Updates – Update your shared computer with the latest software and security updates when it is convenient for you and your shared users.

Get Windows SteadyState 2.5 now at http://www.microsoft.com/downloads/details.aspx?Fa...ang=en

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer

Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

Mike Reavey is the Group Manager for the Microsoft Security Response Center (MSRC), where he has worked since joining Microsoft about five years ago.  In this interview, Jeff Jones talks to Mike about what got him interested in security and why he is pursuing a security career at Microsoft.  Mike additionally  discusses how the MSRC interaction with customers drives change in the security response process.

Mike is a contributor to the MSRC Blog, where you can here more from the MSRC team on current security issues.

Check out the video at http://edge.technet.com/Media/Interview-with-MSRC-...eavey/

Enjoy!

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer

Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

Spend an hour with the Microsoft Intelligent Application Gateway (IAG) 2007 product management team as they walk through the updates in the new service pack 2 release. Attend this webcast to learn about the IAG product and the changes in this important update.

This Webcast runs today! Check it out at http://msevents.microsoft.com/CUI/WebCastEventDeta...401066

If you can’t make it today, the Webcast will be archived and you can view it later.

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer

Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

Cumulative Security Update for Internet Explorer (961260)

This security update resolves two privately reported vulnerabilities. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts  are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This security update is rated Critical for Internet Explorer 7 running on supported editions of Windows XP and Windows Vista. For Internet Explorer 7 running on supported editions of Windows Server 2003 and Windows Server 2008, this security update is rated Moderate. For more information, see the subsection, Affected and Non-Affected Software, in this section.

The security update addresses these vulnerabilities by modifying the way that Internet Explorer handles the error resulting in the exploitable condition.

http://www.microsoft.com/technet/security/Bulletin...2.mspx

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer

Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

In this webcast, they provide an overview of what static code analysis is and typical coding errors that static analysis can and cannot detect. They also look at the recently released CAT.NET tool and how it helps with the detection of security flaws.

Check out this Webcast at http://msevents.microsoft.com/CUI/WebCastEventDeta...402660

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer

Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

“This security update resolves two privately reported vulnerabilities in Microsoft Exchange Server. The first vulnerability could allow remote code execution if a specially crafted TNEF message is sent to a Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could take complete control of the affected system with Exchange Server service account privileges. The second vulnerability could allow denial of service if a specially crafted MAPI command is sent to a Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could cause the Microsoft Exchange System Attendant service and other services that use the EMSMDB32 provider to stop responding.

This security update is rated Critical for all supported editions of Microsoft Exchange 2000 Server, Microsoft Exchange Server 2003, Microsoft Exchange Server 2007, and Microsoft Exchange Server MAPI Client. For more information, see the subsection, Affected and Non-Affected Software, in this section.”

http://www.microsoft.com/technet/security/Bulletin...3.mspx

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer

Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)