November 2007 - Technical Rollup Mail - Security
News
*Are you using the NEW SUPPORTABILITY FEATURES for ISA Server 2004 and 2006?*
In addition to the following features listed below, ISA Server 2004 Service Pack 3 and the ISA Server 2006 Supportability Update provide a new diagnostic logging feature.
• Improved log viewer functionality, including an enhanced details pane view, text colouring, and new log filtering functionality.
• Updated ISA Server Microsoft Management Console (MMC) snap-in functionality that provides access to troubleshooting tools and options available directly from the ISA Server Management console.
• Integration with the Microsoft ISA Server Best Practices Analyzer Tool. For more information, see https://go.microsoft.com/fwlink/?LinkId=79754.
Traditionally, ISA Server logs provide basic information about incoming and outbound traffic traversing the ISA Server computer. For example - whether traffic is allowed or denied, and the name of firewall policy rules handling the traffic. Diagnostic logging traces the flow of specific packets, and captures additional data about traffic flowing through the ISA Server computers. It reports on the progress of packets, and provides information about traffic handling and rule matching issues. Diagnostic logging output appears in a new ISA Server Diagnostics section of the Windows Event Viewer. Diagnostic logging tracks the behavior of the following ISA Server policy components:
· Firewall policy rules
· Network rules
· Web Chaining rules
· Cache rules
· Rule authentication
For easier log viewing, ISA Server provides the Diagnostic Log Viewer to filter and view the most relevant events. The Diagnostic Log Viewer is a separate tool available from the Microsoft Download Center. It enables you to output diagnostic events at the command line, in a display window, or in HTML format.
For further information see or request the Internet TRM.
Microsoft and Novell Open Interoperability Lab https://www.microsoft.com/presspass/press/2007/sep07/09-11MSNovellLabsPR.mspx
Microsoft and Novell recently announced the opening of the Microsoft and Novell Interoperability Lab in Cambridge, Massachusetts. The first priority for the lab team will be to ensure interoperability between Microsoft and Novell virtualization technologies. Additional work will include standards-based systems management, identity federation, and compatibility of office document formats. Click here for more details on this collaboration.
Strong and Weak Host Models https://www.microsoft.com/technet/technetmag/issues/2007/09/CableGuy/
An increasingly common configuration for network hosts is to be multihomed with multiple network interfaces. A multihomed host provides enhanced connectivity because it can be simultaneously connected to multiple networks, such as an intranet or the Internet. But because they can be connected to both an intranet and the Internet, services running on multihomed hosts can be vulnerable to attack. In this article, the Cable Guy, Joseph Davies, takes a look at the weak and strong host models of multihomed hosts and then describes how these models are supported in Windows.
When It Comes to Protection from Vulnerabilities, Process Trumps “Many Eyes” https://www.microsoft.com/technet/community/columns/secmgmt/sm1007.mspx
By Pat Edmonds, Senior Product Manager, Microsoft Corporation
There are distinct model differences in the ways that Windows Server and Linux are developed. One very clear example is interoperability, which by design is a key element the Microsoft development model. Learn how these model differences translate to real-world security differences to customers.
Documents
Security Tip of the Month: Securing the Gateway to Your Enterprise: Web Services https://www.microsoft.com/technet/community/columns/sectip/st1007.mspx
By Eugene Siu, CISSP and Senior Security Consultant, Microsoft ACE Team
Web Services were invented so that developers can treat other systems on the Web as APIs exposed via Web Services. Securing Web Services, therefore, requires you to focus on both deployment and application security. This month's Security Tip offers some valuable deployment and application security tips that can help IT professionals and developers better protect their Web applications.
Windows Security and Directory Services for UNIX Guide v1.0 https://www.microsoft.com/technet/solutionaccelerators/cits/interopmigration/unix/usecdirw/00wsdsu.mspx
The Windows Security and Directory Services for UNIX Guide focuses on the use of Microsoft Windows Server 2003 or Windows 2000 Server Active Directory service to provide centralized authentication and authorization services for users in a network that includes both UNIX-based and Windows-based computers. The guide provides guidance in selecting the best solution to meet your authentication and authorization needs, and explains the best practices and major issues that you are likely to face as you implement the solution that is most appropriate for your organization.
CATIA UNIX to Windows Migration: Windows-UNIX Interoperability and Data Sharing https://www.microsoft.com/technet/solutionaccelerators/cits/interopmigration/unix/catia/catiac08.mspx
If you are moving from CATIA V4 running on UNIX to CATIA V5 running on Windows, you must ensure that the two environments can communicate smoothly. However, there are significant differences in the way these systems approach common tasks, such as file serving, security, and the user interface. Learn about the UNIX and Windows security models and how to integrate them so that users on one operating system can securely use resources on the other.
Windows Vista Boot Manager and Dual Booting with BitLocker Protection with TPM Support https://port25.technet.com/archive/2006/10/13/Using-Vista_2700_s-Boot-Manager-to-Boot-Linux-and-Dual-Booting-with-BitLocker-Protection-with-TPM-Support.aspx
This article discusses how to use the Windows Vista Boot Manager to boot Linux and provides guidance on building a dual boot system with Windows Vista BitLocker protection with Trusted Platform Module (TPM) support.
Application Interoperability: Microsoft .NET and J2EE https://download.microsoft.com/download/7/2/6/7269f183-639a-4e99-bd84-cc3e6515af86/PnP_J2EE_Interop_V1.pdf
This paper shows how to enable interoperability between enterprise class applications based on Java 2 Enterprise Edition (J2EE) and Microsoft .NET using service interfaces, use case interoperability adapters, and use case adapter factories. It covers how to add .NET Framework applications at the Presentation or the Business tier, together with implementing interoperability at the Data tier using message queuing and shared databases.
WSE 3.0 Security: Interoperability Considerations https://msdn2.microsoft.com/en-us/library/aa480548.aspx
This appendix, from the Web Service Security guide, provides an overview of interoperability issues that you may encounter when developing Web services secured using Simple Object Access Protocol (SOAP) message security.
WS-Security Interoperability Using WSE 2.0 and Sun JWSDP 1.5 https://msdn2.microsoft.com/en-us/library/ms998284.aspx
This article discusses interoperability based on OASIS WS-Security 1.0 between Microsoft WSE 2.0 and Sun JWSDP 1.5. The walk-throughs will show you all you need to know to configure the two environments for securely signing and encrypting SOAP requests and responses using X509 certificates.
Web Services Security Interoperability Using WSE 2.0 SP3 and WebLogic Workshop 8.1.4 https://msdn2.microsoft.com/en-us/library/ms998291.aspx
This article explains interoperability based on OASIS Web Services Security (WS-Security) 1.0 between Microsoft WSE 2.0 SP3 and WebLogic Platform 8.1.4. This article is accompanied by a sample application (the Math sample). The Math sample demonstrates how to securely authenticate, sign, and encrypt SOAP messages exchanged between WSE 2.0 SP3 and WebLogic Platform 8.1.4.
Web Services Security Interoperability Using WSE 2.0 and Systinet Server 5.0 for Java https://msdn2.microsoft.com/en-us/library/ms998278.aspx
The walk-throughs in this article will show you all you need to know to configure the two environments for securely signing and encrypting SOAP requests and responses using X509 certificates.
Interoperability with Microsoft Office SharePoint Server 2007 https://technet2.microsoft.com/Office/f/?en-us/library/3c78e886-5d20-44cb-b4e4-f823c4c019281033.mspx
Microsoft Office SharePoint Server 2007 provides enterprises with a scalable business platform for managing content and integrating line-of-business systems. If you plan to connect to data sources outside of your server farm, use this article to help you plan for single sign-on, which can be used to automatically authenticate users, rather than needing to prompt for credentials.
How to Install Microsoft Authentication on a Macintosh https://support.microsoft.com/default.aspx?scid=kb;en-us;101747&sd=tech
Windows NT Advanced Server provides an installable component to validate users who are connecting to the Windows NT Advanced Server from a Macintosh. The Microsoft User Authentication Module (UAM) provides a more secure logon session by sending an encrypted password, rather than a straight text password, across the network. Follow these steps to install the Microsoft User Authentication Module on a Macintosh workstation.
Downloads
TechNet Security Series Seminar 1 - 28 Sep 07
The first TechNet Security Series Seminar happened on Friday 28 September 2007. Here are the presentations that were made during this seminar, now available for download:
Session 1: Advanced Security Measures for Clients and Servers
Session 2: Security Enhancements in SQL 2005
Session 3: Security Considerations for Wireless Environments
Panel Questions
Video Title: Technet Security - Restricted Groups Demo 1
TechNet Security - Session 1 - Restricted Groups Demo for 28th Sept 07
To watch this video:click here.
High-Res Format: https://go.microsoft.com/?linkid=7514175
Video Title: TechNet Security – DNS in the DMZ Zone Demo 2
TechNet Security – Session 1 – DNS in the DMZ Zone Demo for 28th Sept 07
To watch this video, click here.
High-Res Format: https://go.microsoft.com/?linkid=7514177
Update for Outlook 2003 Junk Email Filter (KB936677) 
This update provides the Junk E-mail Filter in Microsoft Office Outlook 2003 with a more current definition of which e-mail messages should be considered junk e-mail. This update was released in September 2007.
You can get specific information about this update in Microsoft Knowledge Base article Description of the Update for Outlook 2003 Junk Email Filter (KB936643).
Note: Users of Indonesian, Malay, Urdu, and Vietnamese language versions of Microsoft Office Outlook 2003 can download and install office2003-KB936677-FullFile-ENU.exe. Refer to the Instructions section below for details.
Microsoft Forefront Server Security Management Console Trial Version
Forefront Server Security Management Console allows administrators to easily manage Forefront Security for Exchange Server, Forefront Security for SharePoint and Microsoft Antigen, providing a web-based console to centralize configuration and operation, automate the download and distribution of signature and scan engine updates, and generate comprehensive reports. Forefront Server Security Management Console also allows administrators to rapidly respond to outbreaks and update protection across enterprise deployments, improving organizational agility in responding to new threats. Through integration with Windows Server 2003 and Microsoft SQL Server, Forefront Server Security Management Console helps maintain reliability and performance of messaging and collaboration protection.
Microsoft® Windows® Malicious Software Removal Tool (KB890830) x64
The Microsoft Windows Malicious Software Removal Tool checks Windows Vista, Windows XP, Windows 2000, and Windows Server 2003 computers for and helps remove infections by specific, prevalent malicious software—including Blaster, Sasser, and Mydoom. When the detection and removal process is complete, the tool displays a report describing the outcome, including which, if any, malicious software was detected and removed. The tool creates a log file named mrt.log in the %WINDIR%\debug folder.
Note that x64 version of this tool will only run on Vista x64, Windows XP x64 and Windows 2003 x64 computers.
This tool is not a replacement for an anti-virus product. To help protect your computer, you should use an anti-virus product.
Microsoft will release an updated version of this tool on the second Tuesday of each month. New versions will be made available through this web page, Windows Update, and the Malicious Software Removal Tool Web site on Microsoft.com.
To have the newest versions automatically delivered and installed as soon as they are released, set the Automatic Updates feature to Automatic. The version of this tool delivered by Windows Update runs on your computer once a month, in the background. If an infection is found, the tool will display a status report the next time you start your computer. If you would like to run this tool more than once a month, run the version that is available from this Web page or use the version on the Malicious Software Removal Tool Web site.
Please review KB890830 for the list of malicious software that the current version of the tool is capable of removing as well as usage instructions. Also, please be aware that this tool reports anonymous information back to Microsoft in the event that an infection is found or an error is encountered. The above KB article contains information on how to disable this functionality and what specific information is sent to Microsoft.
It is strongly recommended that you review KB891716 before you consider deploying this tool in an enterprise environment.
The user must be an administrator to run this tool. This tool will not run on any version of Windows 98, Windows ME, or Windows NT 4.0.
Note that this download is now a multi-lingual tool. For all supported languages, the same tool will show the correct language depending on the language of the operating system.
Visio 2007 Connector for Microsoft Baseline Security Analyzer (MBSA) 2.1
The Visio 2007 Connector for Microsoft Baseline Security Analyzer (MBSA) 2.1 lets you view the results of an MBSA scan in a clear, comprehensive Visio 2007 network diagram. You must have both Microsoft Office Visio 2007 Professional and MBSA 2.1, a free security tool from Microsoft, for this connector to work properly.
Microsoft Forefront Client Security BPA
The FCS Best Practices Analyzer Tool is designed for administrators who want to determine the overall health of their Forefront computers and to diagnose current problems. The tool scans the configuration settings of the computer and reports issues that do not conform to the recommended best practices.
Configure Terminal Services Clients as Network Access Protection (NAP) Enforcement Clients for TS Gateway
The Terminal Services NAP client configuration command (Tsgqecclientconfig.cmd) helps configure Terminal Services clients as NAP enforcement clients for TS Gateway.
This command performs the following tasks to configure the Terminal Services client as a NAP enforcement client for TS Gateway:
- Adds the TS Gateway server name that you specify to the list of trusted TS Gateway servers on the client.
- Starts the Network Access Protection Agent service and sets the service startup type to Automatic.
- Enables the TS Gateway Quarantine Enforcement client.
For more information and complete step-by-step instructions for configuring TS Gateway servers and Terminal Services clients for NAP, see the "TS Gateway Server Step-By-Step Setup Guide" (https://go.microsoft.com/fwlink/?LinkID=85872).
Events/WebCasts
Microsoft Security Webcast Series: Upcoming and On-Demand
Security Webcast Calendar https://go.microsoft.com/fwlink/?LinkId=37910
Find security webcasts listed in an easy-to-use calendar format.
Security Program Guide
Learn Security On the Job https://go.microsoft.com/?linkid=4526354
Learning Paths for security - Microsoft training references and resources https://go.microsoft.com/?linkid=4526355
Upcoming Security Webcasts
Support Webcast: Microsoft Security Intelligence Report: Latest Trends in Vulnerabilities, Malware, and Potentially Unwanted Software https://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032353490&EventCategory=4&culture=en-US&CountryCode=US
Wednesday, November 7, 10:00 AM Pacific Time
TechNet Webcast: Information About Microsoft November Security Bulletins (Level 200) https://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032344694&EventCategory=4&culture=en-US&CountryCode=US
Wednesday, November 14, 11:00 AM Pacific Time
Christopher Budd, Security Program Manager, Microsoft Corporation, and Mike Reavey, Group Manager MSRC, Microsoft Corporation
Microsoft On-Demand Webcasts
TechNet Webcast: Security Integration Between Windows and IBM Mainframes (Level 200) https://msevents.microsoft.com/cui/webcasteventdetails.aspx?eventid=1032268825&eventcategory=3&culture=en-us&countrycode=us
This webcast introduces the mainframe professional to security on the Windows Server operating system. Join this webcast to learn how to integrate security, including end-user single sign-on between Windows and IBM OS/390 and zSeries Operating Systems.
TechNet Webcast: UNIX Interoperability in Windows Server 2008 (Level 200) https://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032345760&EventCategory=4&culture=en-US&CountryCode=US
Join this session to see how the UNIX interoperability components in Windows Server 2008 can help you integrate UNIX and Windows-based systems to reduce costs and deliver a complete solution. Among the topics explored in this session are identity management in a mixed environment and using the SUA managing identification.