Phishing and Modern Browsers

I got a rather official-looking phishing e-mail this evening, asking me to verify my Bank of America sitekey.  As I do not bank with BOA, this set off some alarm bells.  I always make sure to report phishing sites through the handy “Report unsafe website” feature of Internet Explorer 9, so that the site can…

9

Updating passwords on SharePoint 2010

Today’s entry in the “Sean’s simple question about why a KB article had not been updated leads to a lot of research and learning” post is courtesy of managed accounts and password changes with SharePoint 2010. History With SharePoint 2007, instructions on changing service accounts and passwords could be found in the appropriately named KB…

4

Online Safety Resources

With school back in session soon (if not already), The Trustworthy Computing team has released a number of useful family safety resources and brochures that would be useful to hand out at a PTA Meeting. You can also use them as supplemental materials to run your own online safety event for your school, Cub Scouts,…

1

Securing SharePoint and Project Server 2010

A year ago, I showed how to lock down SharePoint 2007 using the Security Configuration Wizard that was introduced with Windows Server 2003.  The last post includes information on how the tool works, but  as the Microsoft SharePoint 2010 Administration Toolkit was just released (which includes the Security Configuration Wizard (SCW) manifests for SharePoint 2010…

1

Microsoft Security Essentials Beta

Just saw this over on the Windows Team Blog… it looks like the Microsoft Security Essentials team is keeping busy, the first release is already very awesome, and now we have a beta available for the next version. New features in the beta of Microsoft Security Essentials include: Windows Firewall integration – During setup, Microsoft…

0

IT Infrastructure Threat Modeling Guide Released

The Solution Accelerators team is at it again, releasing the IT Infrastructure Threat Modeling Guide, which provides an easy-to-understand method for developing threat models that can help prioritize investments in IT infrastructure security. This guide describes and considers the extensive methodology that exists for Microsoft Security Development Lifecycle (SDL) threat modeling and uses it to…

5

SharePoint Lockdown – The Easy Way

If you have been tasked with securing SharePoint, there  are a lot of considerations to take into account.  How do users authenticate? Does part of your farm live in an extranet or DMZ? How do you secure user-to-server communications? How do you secure server-to-server communications?  How do you scan for viruses?  How do you harden…

2

Meet the Sundancers

On Friday, I blogged about “Project Sundance”, which is an upcoming release from the Solution Accelerators team that combines the Vista/XP/2003/2008/Office security guides with the Configuration Manager Desired Configuration Management (DCM) packs for security, along with the GPOAccelerator tool into one package.  Boy, that rolled right off the tongue.  There’s a reason why I’m not…

0

Project Sundance – Managing Your Baseline

If you are in charge of maintaining the security baseline at your company, you know that there are two key problems you face.  First of all, there are a LOT of security settings to tweak within Windows.  The services you harden and lock down on a Domain Controller are very different from those that you…

5

Nuclear Controls

On a nuclear submarine, it takes two keys to initiate the launch of a nuclear missile (if movies like Hunt for the Red October are to be believed).  At Microsoft, it looks like we use THREE cards to allow access to our Public Key Infrastructure. Microsoft IT created security worlds with administrative card sets composed…

0