I’m happy to report that my wife, Deb Shinder, has been named Security MVP of the Month. Yay!

Part of being security MVP of the month is writing an article for Microsoft, which they place in the TechNet library.

Deb’s article this month is Securing the Client Infrastructure. In this article she discusses:

• Client security basics
• Multifactor authentication
• Secure application development
• Web browser security
• Operating system security
• Remote access clients

It’s a great article that bubbles up the most important aspects and considerations for client security for networks of all sizes.

Check it out at:

http://technet.microsoft.com/en-us/library/dd939975.aspx

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer

Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

It’s often said that security is inversely proportional to functionality. The more secure you make a solution, the more inconvenient it will be to work with it.

Probably nowhere is this principle more obvious than when working with Internet Explorer security. In the past we were used to going where we wanted to, when we wanted to, and nothing got in our way. Of course, we also got malware, viruses, trojans, bots, and drive-bys. But most of the time I we didn’t realize what hit us until later – so we never saw the browser as the source of our frustration.

Microsoft has gone a long way at improving the security of their flagship browser, Internet Explorer. With the release of Internet Explorer on Windows Vista and the upcoming Windows 7, you now have access to the most secure browser available today. That’s not just me blowing smoke, its strongly supported by the evidence, much of which has been covered in this blog in the past.

Nevertheless, in order to get the most of your browsing experience, and to help your users get the most out of their browsing experience, you need to understand how security is implemented in Internet Explorer 8 and how to configure it to get the best balance of security and usability. This is where this article Internet Explorer 8 Enhanced Security Configuration comes in. You can find it at:

http://technet.microsoft.com/en-us/library/dd88324...).aspx

Here you’ll find discussions about:

If you have a few minutes, give it a look. I’m confident that you’ll find a tip or two in there that you’ll be able to use.

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer

Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

Nice blog post on slipstreaming the Forefront Client Security (FCS) client installation.

Craig Wiand gives you the details at:

http://blogs.technet.com/fcsnerds/archive/2009/04/...n.aspx

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer

Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

Windows 7 is your new friend and she’s a very chatty friend. By that I mean that Windows 7 wants to talk to you a lot and let you know what’s going on.

This level of transparency sometimes makes you think that working with previous versions of Windows was like working with a Black Box :)

However, you might not always want to deal with all the messages that Windows 7 wants to give you. There are a number of ways that Windows 7 can share system and security messages with you, such as tray balloons and tray icons. You might want some applications to give you notifications but not others.

The good news is that you can have it the way you like. Configure the types of notifications you get and what applications give you notifications. Have it your way.

Check out Tip: Turn Off Security Messages and Other System Notifications in Windows 7 TechNet magazine over at:

http://technet.microsoft.com/en-us/magazine/dd4920...8.aspx

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer

Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

This step-by-step guide provides the instructions that you need to set up AppLocker in a test lab environment. Microsoft recommends that you do not use this guide in a production environment. Step-by-step guides are not intended to be used to deploy Windows 7 or Windows Server 2008 R2 operating system features without additional documentation and should be used with discretion as a stand-alone document.

The purpose of this guide is to help administrators become familiar with AppLocker. Each scenario provides basic information and procedures that administrators can use to start configuring and deploying AppLocker in their network environments.

Get your lab humming with AppLocker! Check out the step by step guide to get started at:

http://technet.microsoft.com/en-us/library/dd72368...ecnews

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer

Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

This step-by-step guide provides the instructions you need to use BitLocker Drive Encryption in a Windows 7 test environment.

You first use the steps provided in this guide in a test lab environment. Step-by-step guides are not necessarily meant to be used to deploy Windows 7 operating system features without accompanying documentation (such as those listed in the Additional resources section) and should be used with discretion as a stand-alone document.

Learn about BitLocker in Windows 7 in your test lab by checking out this step by step guide at:

http://technet.microsoft.com/en-us/library/dd83556...ecnews

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer

Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

This document describes the various aspects of deploying BitLocker Drive Encryption on computers running Windows 7 Enterprise or Windows 7 Ultimate in an organizational environment.

This guide is intended for use by a deployment specialist or deployment team. It assumes that you have a good understanding of automated Windows deployment, Active Directory Domain Services (AD DS) schema extensions, and Group Policy.

There is no single recommended method to deploy Windows 7 with BitLocker, and most deployments of Windows 7 in large organizations differ based on environmental-specific requirements.

Check it out at:

http://technet.microsoft.com/en-us/library/dd87554...ecnews

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer

Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

Wondering if Windows 7 is just a rehash of security measures employed with Windows Vista?

Think again.

Check out this site at Microsoft.com and see all the new stuff you’ll get with Windows 7

http://technet.microsoft.com/en-us/library/dd57108...ecnews

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer

Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

“…This white paper describes how the Microsoft concern for security, as defined in the Trustworthy Computing initiative, has driven key features in the design, deployment, and operation of the Microsoft Online Services environment.

…The Business Productivity Online Suite is a set of subscription-based enterprise software services hosted by Microsoft and sold with partners. The services operate within a complete ecosystem of features and capabilities designed to meet and in many cases to exceed the security and availability goals that you have for your business applications.

…Service security must be proactively designed in to all aspects of the online experience, from the software itself to the supporting infrastructure, from the day-to-day best practices for your own information workers to the buildings housing the data centers. The security architecture for the Business Productivity Online Suite embodies the key principles of the company’s Trustworthy Computing Initiative: security created by design, by default, and by deployment. Developed for global enterprises, Microsoft’s multi-faceted security program applies a common set of security policies to manage risk and mitigate threats to customer data. Microsoft seeks to improve security by working to standardize the way it tests, implements, and monitor policies for all of its customers. In turn, each Business Productivity Online Suite customer benefits from Microsoft’s experience with the security concerns of customers all over the world — and from the practices Microsoft applies to address them…”

Download this white paper at:

http://www.microsoft.com/downloads/details.aspx?Fa...ang=en

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer

Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

Eric Lawrence, Security Program Manager on the Internet Explorer 8 team, shows how to take advantage of IE8 security improvements to help protect your Web applications and visitors.

This session is part of the IE8 Firestarter event held on 3/26/09 in Redmond.

Check out this informative Webcast over at:

http://channel9.msdn.com/posts/gioker84/Trustworth...rer-8/

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer

Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)