The last blog entry pointed to the Vista Kernel article by Mark Russinovich. That was a nice overview of the security features. For a more comprehensive article that provides even more information on why Vista is the most secure client operating system on which to run your applications, check out this article The Advantages of Running Applications on Windows Vista at http://msdn.microsoft.com/en-us/library/bb188739.aspx
That article is great and discusses a great number of topics and technologies that enhance the security provided by the Vista client. Many Windows admins most likely take advantage of only a fraction of the security technologies available in Vista. That’s a shame, as the article shows the tremendous number of options available to you. And when you pair Vista with Windows Server 2008, well, it doesn’t get much more secure than that for client/server communications.
Make sure to check the front page of this site on a regular basis! I recently showed you how to put together a simple proof of concept of domain isolation. Next week I’ll show you how to put together a simple DHCP NAP enforcement solution. While the DHCP NAP enforcement solution is the least impressive in terms of security, it’s the most simple and will allow you to dip your toes into the NAP waters before we get into more interesting NAP scenarios, such as NAP with Heath Certificate enforcement and NAP with the Terminal Services gateway.
HTH,
Tom
Thomas W Shinder, M.D.
Site: http://www.isaserver.org/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW BOOK! Go to http://tinyurl.com/2gpoo8
Email: tshinder@isaserver.org
MVP — Microsoft Firewalls (ISA)
Why is Windows Vista the most secure client operating system available on the market today? You need look no further than the Windows Vista Kernel.
Check out this article by Mark Russinovich on the Windows Vista Kernel to see why its worth upgrading just to gain the significant security advantages you’ll see with Windows Vista over Windows XP.
http://technet.microsoft.com/en-us/library/cc748650.aspx
HTH,
Tom
Thomas W Shinder, M.D.
Site: http://www.isaserver.org/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW BOOK! Go to http://tinyurl.com/2gpoo8
Email: tshinder@isaserver.org
MVP — Microsoft Firewalls (ISA)
We all know that at one time in the past that Microsoft was considered the laughing stock of computer and software security. While it’s debatable that Microsoft was really much worse than any other software vendor, the fact is that Microsoft’s large installed base made it the focal point for hackers and malware. Exploits at the time were high viability events that got a lot of media coverage.
That’s seems like a hundred years ago to most of us in the Microsoft security community. While security is always a work in progress, Microsoft has gone from what many thought of as the least secure software company in the world, to what many consider the most secure software company in the world.
It didn’t happen overnight, and it wasn’t magic or the “power of money”. What enabled Microsoft to turn so quickly from unsecure to secure was Bill Gates’ mandate that attention to secure software development would be job one and then the implementation of the Microsoft Security Development Lifecycle or SDL.
The SDL provides processes and procedures that programmers and application developers can use to insure that software is built with security in mind. Security isn’t “bolted on” afterward. Instead, security considerations, threat modeling and fuzz testing is done throughout development so as to minimize the risk of “surprises”.
The SDL is part of all software development at Microsoft now and the results of it’s implementation are astounding. All you need to do is check the reductions in security issues with Windows Vista versus previous Windows client versions or Windows Server 2008 compared to previous Windows Server versions.
Microsoft has put together a new landing page for the SDL. You can find it at http://msdn.microsoft.com/en-us/security/cc448177.aspx and get more information about the SDL. Then, when you’re considering purchasing software from Microsoft or another vendor, ask the other vendor for information on their SDL and details on how they implement it, like the information on the Microsoft SDL page.
HTH,
Tom
Thomas W Shinder, M.D.
Site: http://www.isaserver.org/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW BOOK! Go to http://tinyurl.com/2gpoo8
Email: tshinder@isaserver.org
MVP — Microsoft Firewalls (ISA)
Server Core is a whole new version of Windows. It is a Windows operating system without Windows. What do I mean ? it means a Windows without the Windows shell and very limited graphical user interface (GUI) functionality. So does it have a GUI functionality ? The answer is yes, but limited. Server Core interface is a command prompt. In this article, I’m going to install Server Core, then will be showing you the limited GUIs that are available with Server Core.
Read more at:
Installing Windows Server 2008 Server Core
HTH,
Tom
Thomas W Shinder, M.D.
Site: http://www.isaserver.org/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW BOOK! Go to http://tinyurl.com/2gpoo8
Email: tshinder@isaserver.org
MVP — Microsoft Firewalls (ISA)
Ratproxy is a semi-automated, largely passive web application security audit tool. It is meant to complement active crawlers and manual proxies more commonly used for this task, and is optimized specifically for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex web 2.0 environments. The approach taken with ratproxy offers several important advantages over more traditional methods:
- No risk of disruptions. In the default operating mode, tool does not generate a high volume of attack-simulating traffic, and as such may be safely employed against production systems at will, for all types of ad hoc, post-release audits. Active scanners may trigger DoS conditions or persistent XSSes, and hence are poorly suited for live platforms.
- Low effort, high yield. Compared to active scanners or fully manual proxy-based testing, ratproxy assessments take very little time or bandwidth to run, and proceed in an intuitive, distraction-free manner - yet provide a good insight into the inner workings of a product, and the potential security vulnerabilities therein. They also afford a consistent and predictable coverage of user-accessible features.
- Preserved control flow of human interaction. By silently following the browser, the coverage in locations protected by nonces, during other operations valid only under certain circumstances, or during dynamic events such as cross-domain Referer data disclosure, is greatly enhanced. Brute-force crawlers and fuzzers usually have no way to explore these areas in a reliable manner.
- WYSIWYG data on script behavior. Javascript interfaces and event handlers are explored precisely to a degree they are used in the browser, with no need for complex guesswork or simulations. Active scanners often have a significant difficulty exploring JSON responses, XMLHttpRequest() behavior, UI-triggered event data flow, and the like.
- Easy process integration. The proxy can be transparently integrated into an existing manual security testing or interface QA processes without introducing a significant setup or operator training overhead.
For more information, check out:
http://code.google.com/p/ratproxy/wiki/RatproxyDoc
HTH,
Tom
Thomas W Shinder, M.D.
Site: http://www.isaserver.org/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW BOOK! Go to http://tinyurl.com/2gpoo8
Email: tshinder@isaserver.org
MVP — Microsoft Firewalls (ISA)
Security white papers that address the specific security needs of particular industries, such as the professional services and financial services industries.
The Microsoft US National Security Team is composed of strategic security advisors who work with Microsoft customers, partners, MS internal constituencies and the information security industry to promote the adoption of security processes and technologies. The NST also focuses on driving vertical security solutions for a wide range of industries. To this end, the NST has produced a number of white papers that address the specific security needs of particular industries, such as the professional services and financial services industries.
The papers include the following titles:
- Electronic Signature Assurance and the Digital Chain-of-Evidence.docx
- Enabling Secure Collaboration for Professional Services Firms.doc
- Establishing the Foundation of Authenticity for Electronically Stored Information.docx
- Information Protection Strategies For Financial Services.docx
- Optimizing Branch Office Security and Productivity in the Financial Services Sector.doc
- Secure Software Development for the Financial Services Industry.docx
- Securing the Retail Store-Securing the Data.docx
Download these White Papers at:
http://www.microsoft.com/downloads/details.aspx?Fa...ang=en
HTH,
Tom
Thomas W Shinder, M.D.
Site: http://www.isaserver.org/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW BOOK! Go to http://tinyurl.com/2gpoo8
Email: tshinder@isaserver.org
MVP — Microsoft Firewalls (ISA)
There are two things you need to do in order to secure you email interactions:
- Enforce Rights Management on Email communications
- Use S/MIME to secure email in transit
Rights Management allows you to control who is allowed to read a specific piece of email. The problem with typical email communications is that once someone receives the message, he can do whatever he wants with it. Print it, forward it, copy it, and more. This clearly isn’t a secure solution. Fortunately, you can use Windows Server 2008 Rights Management Services to project your email communications.
The second thing you need to do to secure you email communication is to encrypt them. The typical email communization today is like a postcard send through snail mail. Anyone with a network sniffer can easily read the contents of your email. Obviously, this is not a secure solution.
You can use certificates and S/MIME encryption to secure your email. However, its not obvious how you do this. Here’s a great article by Matt Clapham and Blake Hutchinson that shows you how to do it:
http://technet.microsoft.com/en-us/magazine/cc5103...).aspx
HTH,
Tom
Thomas W Shinder, M.D.
Site: http://www.isaserver.org/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW BOOK! Go to http://tinyurl.com/2gpoo8
Email: tshinder@isaserver.org
MVP — Microsoft Firewalls (ISA)
Microsoft has been until fire for years regarding security issues with their software. In the last five years they’ve made tremendous strides so that it can be argued that Microsoft software is most likely the most secure software in production today. They stay on top of security issues and regularly enable updates through their worldwide Microsoft Update site, so that the core OS and Microsoft products are regularly updated.
So, given how secure Microsoft software is these days, where is the weak link in the security chain? You guess it — it’s the third party software you run on your Windows machines. Not all third party software vendors are as in touch with security issues as Microsoft, and you might not even think about security problems with your third party software. Are there new versions you need to install to fix security problem? Maybe.
But how do you find out? One tool that’s useful in this regard is the Secunia Software Inspector. There are two versions — a free version for personal use and a commercial version you can use in the organization. I recommend that you take a look at the personal version and if you like what you see, consider testing out the business edition.
Download the free Secunia Personal edition at:
https://psi.secunia.com/
HTH,
Tom
Thomas W Shinder, M.D.
Site: http://www.isaserver.org/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW BOOK! Go to http://tinyurl.com/2gpoo8
Email: tshinder@isaserver.org
MVP — Microsoft Firewalls (ISA)
Designed to help IT pros navigate the ever-changing security threat landscape, these pages map online resources to specific challenges involved with planning and evaluating an organization’s core IT infrastructure.
I’ve found this extremely useful in evaluating what technologies I have at hand in implementing my Microsoft defense in depth infrastructures.
Check it out at:
http://technet.microsoft.com/en-us/security/cc4519...7.aspx
HTH,
Tom
Thomas W Shinder, M.D.
Site: http://www.isaserver.org/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW BOOK! Go to http://tinyurl.com/2gpoo8
Email: tshinder@isaserver.org
MVP — Microsoft Firewalls (ISA)
