Have you heard about Microsoft App-V? This is a very cool solution for providing applications over the network. App-V does this via application streaming. It loads the application on the client workstations in a sandbox, so you never have to worry about .dll hell and other application conflicts on the client computer.

In addition, when you use App-V to stream applications to workstations, you can update the application once at the application streaming server and those functionality and security updates are automatically streamed to the clients.

One other great thing about App-V that makes it a good solution over other application virtualization solutions, is that the application can be cached on the users’ workstations, so they can continue to work if the client computer is disconnected from the network.

While App-V is a great why to make your applications more secure due to the ease of centralized application deployment and updates, you still have to worry about securing the App-V server. To help you with this, Microsoft has provided you an SCW update that includes the App-V roles.

Check it out at http://www.microsoft.com/downloads/details.aspx?Fa...ang=en

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer

Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

“Virtualization of server workloads has become an increasingly popular method for making more efficient use of computer hardware and the supporting infrastructure. Virtualization provides many advantages to the data center administrator, while necessarily changing the way they create and manage their deployments. Server application virtualization is a more difficult undertaking due to the complexity of properly allocating the hardware across multiple server workloads. Combining applications which cannot coexist on a single machine across multiple Child partitions within the same host presents unique sizing and security challenges as well. Likewise, resulting network virtualization and the potential for multiple simultaneous server failures when the Parent partition fails presents unique security and availability problems….”

This article cover fascinating details on what you need to consider when virtualizing a network security edge infrastructure. This a big difference between approach security for virtualized servers versus virtualizing network security devices, such as the Forefront Edge security products. This paper will provide you the details that give you the heads-up on virtualizing edge security devices.

Check it out at:

http://technet.microsoft.com/en-us/library/cc891502.aspx

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer

Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

Windows Server 2008 offers rich capabilities for securing your IT Infrastructure and proving tools to ease with compliance mandates. This session discusses the Windows security and compliance features such as Network Access Protection, Right Management Services, and Active Directory Federation Service subsystem. In addition we will discuss why auditing is important and how to configure an audit policy with Windows Server 2008.

http://www.microsoft.com/emea/spotlight/sessionh.a...id=884

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer

Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

If you have a small or medium sized network and started the process of doing a security review, you might be overwhelmed by the amount of security information out there. What should you do first? Lock down file shares? NTFS permissions? Put together a PKI? Clean up your Active Directory? Figure out how to best audit file and Web access? Deploy AV and AM software?

Network and computer security is a very deep and wide subject and its impossible to do everything at once. That’s why we always say that security is a process - a daily process of thinking about security issues, planning to implement security improvements, implementing them, and then monitoring their effectiveness.

But the first step is to get past the temptation to throw up our hands in frustration. Get help you get started, check out this nice short article called Six Easy Pieces for Computer Security. This article will help you get started on your security journey of a thousand miles

http://technet.microsoft.com/en-us/library/cc512641.aspx

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer

Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

Virtualization is a great thing. It enables high availability, business continuity and server consolidation scenarios that we never thought possible in our hardware bound days. But one thing I find that doesn’t get enough attention when people start moving to virtualized solutions is security.

This isn’t a good thing, since the host operating system is a single point of failure for potentially dozens of virtualized instances on a single machine. Because of this, and more reasons, security is even more important in a virtualized environment as it is in a purely physical environment.

To get you up to speed on virtualization, here’s a nice article on planning for Hyper-V security:

http://technet.microsoft.com/en-us/library/cc974516.aspx

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer

Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

As a security admin, you’ve probably heard of the ISA or TMG firewall. You might have even heard about Forefront Security for Exchange or SharePoint. But did you know that ISA, TMG and Forefront Security for Exchange were all part of the family of Microsoft security products? This family of products all belong to the “Forefront” family of security products.

Here’s a great article in Enterprise Networking magazine that goes over the strong case for why you should give the entire Forefront suite a look. There are compelling reasons for you to adopt one of more of these products. And moving forward, with the inclusion of “Stirling”, Forefront could be the most compelling, most comprehensive network security offering ever released.

Check out the article at:

http://www.enterprisenetworkingplanet.com/_feature...nt.htm

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer

Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

With the public launch of Beta 2 for TMG today, Ori Yosef, TMG Program Manager, tells us briefly about some of the new capabilities in TMG, why the team decided to focus on these features, where he thinks TMG is strong against the competitors, and reasons why you might consider upgrading to TMG over ISA 2006.

Check out the fantastic Webcast at: http://edge.technet.com/Media/Forefront-Threat-Man...video/

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer

Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

Mike Chan tells us about the new capabilities in the next version of FSOCS (Beta 3 launched 1/23/09) such as keyword control and protection against 3rd party instant messaging content like MSN messenger, AOL, and Yahoo IM.  He explains why you should use FSOCS even though you have other lines of defense such as client anti-virus, integration with Stirling, and whiteboards how FSOCS 3rd party instant messaging content works.

See this interview with Mike at http://edge.technet.com/Media/Forefront-Security-f...rview/

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer

Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

Even though a fix came out last year for the Conficker worm, people are getting infected because they’re not updating their operating systems. If you’re not sure how to protect yourself from Confiker, check out this article from the MS security support team

http://technet.microsoft.com/en-us/security/dd4524...0.aspx

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer

Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

“The Microsoft® Assessment and Planning Toolkit (MAP) makes it easy for you to assess your current IT infrastructure and determine the right Microsoft technologies for your IT needs.

MAP is a powerful inventory, assessment, and reporting tool that can securely run in small or large IT environments without requiring the installation of agent software on any computers or devices. The data and analysis provided by this Solution Accelerator can significantly simplify the planning process for migrating to Windows Vista®, Microsoft Office 2007, Windows Server® 2008, Windows Server 2008 Hyper-V, Virtual Server 2005 R2, SQL Server 2008 and Microsoft Application Virtualization 4.5 (formerly SoftGrid), Microsoft SQL Server 2008, Microsoft Online Services, Forefront/NAP.”

Download the Microsoft Assessment and Planning Toolkit at:

http://technet.microsoft.com/en-us/library/bb977556.aspx

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer

Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)